CoCalc -- apparmorfs.c

GitHub Repository: torvalds/linux
Path: blob/master/security/apparmor/apparmorfs.c
²⁶³⁷⁸ views
1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6
 *
7
 * Copyright (C) 1998-2008 Novell/SUSE
8
 * Copyright 2009-2010 Canonical Ltd.
9
 */
10

11
#include <linux/ctype.h>
12
#include <linux/security.h>
13
#include <linux/vmalloc.h>
14
#include <linux/init.h>
15
#include <linux/seq_file.h>
16
#include <linux/uaccess.h>
17
#include <linux/mount.h>
18
#include <linux/namei.h>
19
#include <linux/capability.h>
20
#include <linux/rcupdate.h>
21
#include <linux/fs.h>
22
#include <linux/fs_context.h>
23
#include <linux/poll.h>
24
#include <linux/zstd.h>
25
#include <uapi/linux/major.h>
26
#include <uapi/linux/magic.h>
27

28
#include "include/apparmor.h"
29
#include "include/apparmorfs.h"
30
#include "include/audit.h"
31
#include "include/cred.h"
32
#include "include/crypto.h"
33
#include "include/ipc.h"
34
#include "include/label.h"
35
#include "include/policy.h"
36
#include "include/policy_ns.h"
37
#include "include/resource.h"
38
#include "include/policy_unpack.h"
39
#include "include/task.h"
40

41
/*
42
 * The apparmor filesystem interface used for policy load and introspection
43
 * The interface is split into two main components based on their function
44
 * a securityfs component:
45
 *   used for static files that are always available, and which allows
46
 *   userspace to specify the location of the security filesystem.
47
 *
48
 *   fns and data are prefixed with
49
 *      aa_sfs_
50
 *
51
 * an apparmorfs component:
52
 *   used loaded policy content and introspection. It is not part of  a
53
 *   regular mounted filesystem and is available only through the magic
54
 *   policy symlink in the root of the securityfs apparmor/ directory.
55
 *   Tasks queries will be magically redirected to the correct portion
56
 *   of the policy tree based on their confinement.
57
 *
58
 *   fns and data are prefixed with
59
 *      aafs_
60
 *
61
 * The aa_fs_ prefix is used to indicate the fn is used by both the
62
 * securityfs and apparmorfs filesystems.
63
 */
64

65

66
/*
67
 * support fns
68
 */
69

70
struct rawdata_f_data {
71
	struct aa_loaddata *loaddata;
72
};
73

74
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
75
#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
76

77
static void rawdata_f_data_free(struct rawdata_f_data *private)
78
{
79
	if (!private)
80
		return;
81

82
	aa_put_loaddata(private->loaddata);
83
	kvfree(private);
84
}
85

86
static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
87
{
88
	struct rawdata_f_data *ret;
89

90
	if (size > SIZE_MAX - sizeof(*ret))
91
		return ERR_PTR(-EINVAL);
92

93
	ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
94
	if (!ret)
95
		return ERR_PTR(-ENOMEM);
96

97
	return ret;
98
}
99
#endif
100

101
/**
102
 * mangle_name - mangle a profile name to std profile layout form
103
 * @name: profile name to mangle  (NOT NULL)
104
 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
105
 *
106
 * Returns: length of mangled name
107
 */
108
static int mangle_name(const char *name, char *target)
109
{
110
	char *t = target;
111

112
	while (*name == '/' || *name == '.')
113
		name++;
114

115
	if (target) {
116
		for (; *name; name++) {
117
			if (*name == '/')
118
				*(t)++ = '.';
119
			else if (isspace(*name))
120
				*(t)++ = '_';
121
			else if (isalnum(*name) || strchr("._-", *name))
122
				*(t)++ = *name;
123
		}
124

125
		*t = 0;
126
	} else {
127
		int len = 0;
128
		for (; *name; name++) {
129
			if (isalnum(*name) || isspace(*name) ||
130
			    strchr("/._-", *name))
131
				len++;
132
		}
133

134
		return len;
135
	}
136

137
	return t - target;
138
}
139

140

141
/*
142
 * aafs - core fns and data for the policy tree
143
 */
144

145
#define AAFS_NAME		"apparmorfs"
146
static struct vfsmount *aafs_mnt;
147
static int aafs_count;
148

149

150
static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
151
{
152
	seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
153
	return 0;
154
}
155

156
static void aafs_free_inode(struct inode *inode)
157
{
158
	if (S_ISLNK(inode->i_mode))
159
		kfree(inode->i_link);
160
	free_inode_nonrcu(inode);
161
}
162

163
static const struct super_operations aafs_super_ops = {
164
	.statfs = simple_statfs,
165
	.free_inode = aafs_free_inode,
166
	.show_path = aafs_show_path,
167
};
168

169
static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
170
{
171
	static struct tree_descr files[] = { {""} };
172
	int error;
173

174
	error = simple_fill_super(sb, AAFS_MAGIC, files);
175
	if (error)
176
		return error;
177
	sb->s_op = &aafs_super_ops;
178

179
	return 0;
180
}
181

182
static int apparmorfs_get_tree(struct fs_context *fc)
183
{
184
	return get_tree_single(fc, apparmorfs_fill_super);
185
}
186

187
static const struct fs_context_operations apparmorfs_context_ops = {
188
	.get_tree	= apparmorfs_get_tree,
189
};
190

191
static int apparmorfs_init_fs_context(struct fs_context *fc)
192
{
193
	fc->ops = &apparmorfs_context_ops;
194
	return 0;
195
}
196

197
static struct file_system_type aafs_ops = {
198
	.owner = THIS_MODULE,
199
	.name = AAFS_NAME,
200
	.init_fs_context = apparmorfs_init_fs_context,
201
	.kill_sb = kill_anon_super,
202
};
203

204
/**
205
 * __aafs_setup_d_inode - basic inode setup for apparmorfs
206
 * @dir: parent directory for the dentry
207
 * @dentry: dentry we are setting the inode up for
208
 * @mode: permissions the file should have
209
 * @data: data to store on inode.i_private, available in open()
210
 * @link: if symlink, symlink target string
211
 * @fops: struct file_operations that should be used
212
 * @iops: struct of inode_operations that should be used
213
 */
214
static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
215
			       umode_t mode, void *data, char *link,
216
			       const struct file_operations *fops,
217
			       const struct inode_operations *iops)
218
{
219
	struct inode *inode = new_inode(dir->i_sb);
220

221
	AA_BUG(!dir);
222
	AA_BUG(!dentry);
223

224
	if (!inode)
225
		return -ENOMEM;
226

227
	inode->i_ino = get_next_ino();
228
	inode->i_mode = mode;
229
	simple_inode_init_ts(inode);
230
	inode->i_private = data;
231
	if (S_ISDIR(mode)) {
232
		inode->i_op = iops ? iops : &simple_dir_inode_operations;
233
		inode->i_fop = &simple_dir_operations;
234
		inc_nlink(inode);
235
		inc_nlink(dir);
236
	} else if (S_ISLNK(mode)) {
237
		inode->i_op = iops ? iops : &simple_symlink_inode_operations;
238
		inode->i_link = link;
239
	} else {
240
		inode->i_fop = fops;
241
	}
242
	d_instantiate(dentry, inode);
243
	dget(dentry);
244

245
	return 0;
246
}
247

248
/**
249
 * aafs_create - create a dentry in the apparmorfs filesystem
250
 *
251
 * @name: name of dentry to create
252
 * @mode: permissions the file should have
253
 * @parent: parent directory for this dentry
254
 * @data: data to store on inode.i_private, available in open()
255
 * @link: if symlink, symlink target string
256
 * @fops: struct file_operations that should be used for
257
 * @iops: struct of inode_operations that should be used
258
 *
259
 * This is the basic "create a xxx" function for apparmorfs.
260
 *
261
 * Returns a pointer to a dentry if it succeeds, that must be free with
262
 * aafs_remove(). Will return ERR_PTR on failure.
263
 */
264
static struct dentry *aafs_create(const char *name, umode_t mode,
265
				  struct dentry *parent, void *data, void *link,
266
				  const struct file_operations *fops,
267
				  const struct inode_operations *iops)
268
{
269
	struct dentry *dentry;
270
	struct inode *dir;
271
	int error;
272

273
	AA_BUG(!name);
274
	AA_BUG(!parent);
275

276
	if (!(mode & S_IFMT))
277
		mode = (mode & S_IALLUGO) | S_IFREG;
278

279
	error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
280
	if (error)
281
		return ERR_PTR(error);
282

283
	dir = d_inode(parent);
284

285
	inode_lock(dir);
286
	dentry = lookup_noperm(&QSTR(name), parent);
287
	if (IS_ERR(dentry)) {
288
		error = PTR_ERR(dentry);
289
		goto fail_lock;
290
	}
291

292
	if (d_really_is_positive(dentry)) {
293
		error = -EEXIST;
294
		goto fail_dentry;
295
	}
296

297
	error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
298
	if (error)
299
		goto fail_dentry;
300
	inode_unlock(dir);
301

302
	return dentry;
303

304
fail_dentry:
305
	dput(dentry);
306

307
fail_lock:
308
	inode_unlock(dir);
309
	simple_release_fs(&aafs_mnt, &aafs_count);
310

311
	return ERR_PTR(error);
312
}
313

314
/**
315
 * aafs_create_file - create a file in the apparmorfs filesystem
316
 *
317
 * @name: name of dentry to create
318
 * @mode: permissions the file should have
319
 * @parent: parent directory for this dentry
320
 * @data: data to store on inode.i_private, available in open()
321
 * @fops: struct file_operations that should be used for
322
 *
323
 * see aafs_create
324
 */
325
static struct dentry *aafs_create_file(const char *name, umode_t mode,
326
				       struct dentry *parent, void *data,
327
				       const struct file_operations *fops)
328
{
329
	return aafs_create(name, mode, parent, data, NULL, fops, NULL);
330
}
331

332
/**
333
 * aafs_create_dir - create a directory in the apparmorfs filesystem
334
 *
335
 * @name: name of dentry to create
336
 * @parent: parent directory for this dentry
337
 *
338
 * see aafs_create
339
 */
340
static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
341
{
342
	return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
343
			   NULL);
344
}
345

346
/**
347
 * aafs_remove - removes a file or directory from the apparmorfs filesystem
348
 *
349
 * @dentry: dentry of the file/directory/symlink to removed.
350
 */
351
static void aafs_remove(struct dentry *dentry)
352
{
353
	struct inode *dir;
354

355
	if (!dentry || IS_ERR(dentry))
356
		return;
357

358
	dir = d_inode(dentry->d_parent);
359
	inode_lock(dir);
360
	if (simple_positive(dentry)) {
361
		if (d_is_dir(dentry))
362
			simple_rmdir(dir, dentry);
363
		else
364
			simple_unlink(dir, dentry);
365
		d_delete(dentry);
366
		dput(dentry);
367
	}
368
	inode_unlock(dir);
369
	simple_release_fs(&aafs_mnt, &aafs_count);
370
}
371

372

373
/*
374
 * aa_fs - policy load/replace/remove
375
 */
376

377
/**
378
 * aa_simple_write_to_buffer - common routine for getting policy from user
379
 * @userbuf: user buffer to copy data from  (NOT NULL)
380
 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
381
 * @copy_size: size of data to copy from user buffer
382
 * @pos: position write is at in the file (NOT NULL)
383
 *
384
 * Returns: kernel buffer containing copy of user buffer data or an
385
 *          ERR_PTR on failure.
386
 */
387
static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
388
						     size_t alloc_size,
389
						     size_t copy_size,
390
						     loff_t *pos)
391
{
392
	struct aa_loaddata *data;
393

394
	AA_BUG(copy_size > alloc_size);
395

396
	if (*pos != 0)
397
		/* only writes from pos 0, that is complete writes */
398
		return ERR_PTR(-ESPIPE);
399

400
	/* freed by caller to simple_write_to_buffer */
401
	data = aa_loaddata_alloc(alloc_size);
402
	if (IS_ERR(data))
403
		return data;
404

405
	data->size = copy_size;
406
	if (copy_from_user(data->data, userbuf, copy_size)) {
407
		aa_put_loaddata(data);
408
		return ERR_PTR(-EFAULT);
409
	}
410

411
	return data;
412
}
413

414
static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
415
			     loff_t *pos, struct aa_ns *ns)
416
{
417
	struct aa_loaddata *data;
418
	struct aa_label *label;
419
	ssize_t error;
420

421
	label = begin_current_label_crit_section();
422

423
	/* high level check about policy management - fine grained in
424
	 * below after unpack
425
	 */
426
	error = aa_may_manage_policy(current_cred(), label, ns, mask);
427
	if (error)
428
		goto end_section;
429

430
	data = aa_simple_write_to_buffer(buf, size, size, pos);
431
	error = PTR_ERR(data);
432
	if (!IS_ERR(data)) {
433
		error = aa_replace_profiles(ns, label, mask, data);
434
		aa_put_loaddata(data);
435
	}
436
end_section:
437
	end_current_label_crit_section(label);
438

439
	return error;
440
}
441

442
/* .load file hook fn to load policy */
443
static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
444
			    loff_t *pos)
445
{
446
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
447
	int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
448

449
	aa_put_ns(ns);
450

451
	return error;
452
}
453

454
static const struct file_operations aa_fs_profile_load = {
455
	.write = profile_load,
456
	.llseek = default_llseek,
457
};
458

459
/* .replace file hook fn to load and/or replace policy */
460
static ssize_t profile_replace(struct file *f, const char __user *buf,
461
			       size_t size, loff_t *pos)
462
{
463
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
464
	int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
465
				  buf, size, pos, ns);
466
	aa_put_ns(ns);
467

468
	return error;
469
}
470

471
static const struct file_operations aa_fs_profile_replace = {
472
	.write = profile_replace,
473
	.llseek = default_llseek,
474
};
475

476
/* .remove file hook fn to remove loaded policy */
477
static ssize_t profile_remove(struct file *f, const char __user *buf,
478
			      size_t size, loff_t *pos)
479
{
480
	struct aa_loaddata *data;
481
	struct aa_label *label;
482
	ssize_t error;
483
	struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
484

485
	label = begin_current_label_crit_section();
486
	/* high level check about policy management - fine grained in
487
	 * below after unpack
488
	 */
489
	error = aa_may_manage_policy(current_cred(), label, ns,
490
				     AA_MAY_REMOVE_POLICY);
491
	if (error)
492
		goto out;
493

494
	/*
495
	 * aa_remove_profile needs a null terminated string so 1 extra
496
	 * byte is allocated and the copied data is null terminated.
497
	 */
498
	data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
499

500
	error = PTR_ERR(data);
501
	if (!IS_ERR(data)) {
502
		data->data[size] = 0;
503
		error = aa_remove_profiles(ns, label, data->data, size);
504
		aa_put_loaddata(data);
505
	}
506
 out:
507
	end_current_label_crit_section(label);
508
	aa_put_ns(ns);
509
	return error;
510
}
511

512
static const struct file_operations aa_fs_profile_remove = {
513
	.write = profile_remove,
514
	.llseek = default_llseek,
515
};
516

517
struct aa_revision {
518
	struct aa_ns *ns;
519
	long last_read;
520
};
521

522
/* revision file hook fn for policy loads */
523
static int ns_revision_release(struct inode *inode, struct file *file)
524
{
525
	struct aa_revision *rev = file->private_data;
526

527
	if (rev) {
528
		aa_put_ns(rev->ns);
529
		kfree(rev);
530
	}
531

532
	return 0;
533
}
534

535
static ssize_t ns_revision_read(struct file *file, char __user *buf,
536
				size_t size, loff_t *ppos)
537
{
538
	struct aa_revision *rev = file->private_data;
539
	char buffer[32];
540
	long last_read;
541
	int avail;
542

543
	mutex_lock_nested(&rev->ns->lock, rev->ns->level);
544
	last_read = rev->last_read;
545
	if (last_read == rev->ns->revision) {
546
		mutex_unlock(&rev->ns->lock);
547
		if (file->f_flags & O_NONBLOCK)
548
			return -EAGAIN;
549
		if (wait_event_interruptible(rev->ns->wait,
550
					     last_read !=
551
					     READ_ONCE(rev->ns->revision)))
552
			return -ERESTARTSYS;
553
		mutex_lock_nested(&rev->ns->lock, rev->ns->level);
554
	}
555

556
	avail = sprintf(buffer, "%ld\n", rev->ns->revision);
557
	if (*ppos + size > avail) {
558
		rev->last_read = rev->ns->revision;
559
		*ppos = 0;
560
	}
561
	mutex_unlock(&rev->ns->lock);
562

563
	return simple_read_from_buffer(buf, size, ppos, buffer, avail);
564
}
565

566
static int ns_revision_open(struct inode *inode, struct file *file)
567
{
568
	struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
569

570
	if (!rev)
571
		return -ENOMEM;
572

573
	rev->ns = aa_get_ns(inode->i_private);
574
	if (!rev->ns)
575
		rev->ns = aa_get_current_ns();
576
	file->private_data = rev;
577

578
	return 0;
579
}
580

581
static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
582
{
583
	struct aa_revision *rev = file->private_data;
584
	__poll_t mask = 0;
585

586
	if (rev) {
587
		mutex_lock_nested(&rev->ns->lock, rev->ns->level);
588
		poll_wait(file, &rev->ns->wait, pt);
589
		if (rev->last_read < rev->ns->revision)
590
			mask |= EPOLLIN | EPOLLRDNORM;
591
		mutex_unlock(&rev->ns->lock);
592
	}
593

594
	return mask;
595
}
596

597
void __aa_bump_ns_revision(struct aa_ns *ns)
598
{
599
	WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
600
	wake_up_interruptible(&ns->wait);
601
}
602

603
static const struct file_operations aa_fs_ns_revision_fops = {
604
	.owner		= THIS_MODULE,
605
	.open		= ns_revision_open,
606
	.poll		= ns_revision_poll,
607
	.read		= ns_revision_read,
608
	.llseek		= generic_file_llseek,
609
	.release	= ns_revision_release,
610
};
611

612
static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
613
			     const char *match_str, size_t match_len)
614
{
615
	struct aa_ruleset *rules = profile->label.rules[0];
616
	struct aa_perms tmp = { };
617
	aa_state_t state = DFA_NOMATCH;
618

619
	if (profile_unconfined(profile))
620
		return;
621
	if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
622
		state = aa_dfa_match_len(rules->file->dfa,
623
					 rules->file->start[AA_CLASS_FILE],
624
					 match_str + 1, match_len - 1);
625
		if (state) {
626
			struct path_cond cond = { };
627

628
			tmp = *(aa_lookup_condperms(current_fsuid(),
629
						    rules->file, state, &cond));
630
		}
631
	} else if (rules->policy->dfa) {
632
		if (!RULE_MEDIATES(rules, *match_str))
633
			return;	/* no change to current perms */
634
		/* old user space does not correctly detect dbus mediation
635
		 * support so we may get dbus policy and requests when
636
		 * the abi doesn't support it. This can cause mediation
637
		 * regressions, so explicitly test for this situation.
638
		 */
639
		if (*match_str == AA_CLASS_DBUS &&
640
		    !RULE_MEDIATES_v9NET(rules))
641
			return; /* no change to current perms */
642
		state = aa_dfa_match_len(rules->policy->dfa,
643
					 rules->policy->start[0],
644
					 match_str, match_len);
645
		if (state)
646
			tmp = *aa_lookup_perms(rules->policy, state);
647
	}
648
	aa_apply_modes_to_perms(profile, &tmp);
649
	aa_perms_accum_raw(perms, &tmp);
650
}
651

652

653
/**
654
 * query_data - queries a policy and writes its data to buf
655
 * @buf: the resulting data is stored here (NOT NULL)
656
 * @buf_len: size of buf
657
 * @query: query string used to retrieve data
658
 * @query_len: size of query including second NUL byte
659
 *
660
 * The buffers pointed to by buf and query may overlap. The query buffer is
661
 * parsed before buf is written to.
662
 *
663
 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
664
 * the security confinement context and <KEY> is the name of the data to
665
 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
666
 *
667
 * Don't expect the contents of buf to be preserved on failure.
668
 *
669
 * Returns: number of characters written to buf or -errno on failure
670
 */
671
static ssize_t query_data(char *buf, size_t buf_len,
672
			  char *query, size_t query_len)
673
{
674
	char *out;
675
	const char *key;
676
	struct label_it i;
677
	struct aa_label *label, *curr;
678
	struct aa_profile *profile;
679
	struct aa_data *data;
680
	u32 bytes, blocks;
681
	__le32 outle32;
682

683
	if (!query_len)
684
		return -EINVAL; /* need a query */
685

686
	key = query + strnlen(query, query_len) + 1;
687
	if (key + 1 >= query + query_len)
688
		return -EINVAL; /* not enough space for a non-empty key */
689
	if (key + strnlen(key, query + query_len - key) >= query + query_len)
690
		return -EINVAL; /* must end with NUL */
691

692
	if (buf_len < sizeof(bytes) + sizeof(blocks))
693
		return -EINVAL; /* not enough space */
694

695
	curr = begin_current_label_crit_section();
696
	label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
697
	end_current_label_crit_section(curr);
698
	if (IS_ERR(label))
699
		return PTR_ERR(label);
700

701
	/* We are going to leave space for two numbers. The first is the total
702
	 * number of bytes we are writing after the first number. This is so
703
	 * users can read the full output without reallocation.
704
	 *
705
	 * The second number is the number of data blocks we're writing. An
706
	 * application might be confined by multiple policies having data in
707
	 * the same key.
708
	 */
709
	memset(buf, 0, sizeof(bytes) + sizeof(blocks));
710
	out = buf + sizeof(bytes) + sizeof(blocks);
711

712
	blocks = 0;
713
	label_for_each_confined(i, label, profile) {
714
		if (!profile->data)
715
			continue;
716

717
		data = rhashtable_lookup_fast(profile->data, &key,
718
					      profile->data->p);
719

720
		if (data) {
721
			if (out + sizeof(outle32) + data->size > buf +
722
			    buf_len) {
723
				aa_put_label(label);
724
				return -EINVAL; /* not enough space */
725
			}
726
			outle32 = __cpu_to_le32(data->size);
727
			memcpy(out, &outle32, sizeof(outle32));
728
			out += sizeof(outle32);
729
			memcpy(out, data->data, data->size);
730
			out += data->size;
731
			blocks++;
732
		}
733
	}
734
	aa_put_label(label);
735

736
	outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
737
	memcpy(buf, &outle32, sizeof(outle32));
738
	outle32 = __cpu_to_le32(blocks);
739
	memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
740

741
	return out - buf;
742
}
743

744
/**
745
 * query_label - queries a label and writes permissions to buf
746
 * @buf: the resulting permissions string is stored here (NOT NULL)
747
 * @buf_len: size of buf
748
 * @query: binary query string to match against the dfa
749
 * @query_len: size of query
750
 * @view_only: only compute for querier's view
751
 *
752
 * The buffers pointed to by buf and query may overlap. The query buffer is
753
 * parsed before buf is written to.
754
 *
755
 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
756
 * the name of the label, in the current namespace, that is to be queried and
757
 * DFA_STRING is a binary string to match against the label(s)'s DFA.
758
 *
759
 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
760
 * but must *not* be NUL terminated.
761
 *
762
 * Returns: number of characters written to buf or -errno on failure
763
 */
764
static ssize_t query_label(char *buf, size_t buf_len,
765
			   char *query, size_t query_len, bool view_only)
766
{
767
	struct aa_profile *profile;
768
	struct aa_label *label, *curr;
769
	char *label_name, *match_str;
770
	size_t label_name_len, match_len;
771
	struct aa_perms perms;
772
	struct label_it i;
773

774
	if (!query_len)
775
		return -EINVAL;
776

777
	label_name = query;
778
	label_name_len = strnlen(query, query_len);
779
	if (!label_name_len || label_name_len == query_len)
780
		return -EINVAL;
781

782
	/**
783
	 * The extra byte is to account for the null byte between the
784
	 * profile name and dfa string. profile_name_len is greater
785
	 * than zero and less than query_len, so a byte can be safely
786
	 * added or subtracted.
787
	 */
788
	match_str = label_name + label_name_len + 1;
789
	match_len = query_len - label_name_len - 1;
790

791
	curr = begin_current_label_crit_section();
792
	label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
793
	end_current_label_crit_section(curr);
794
	if (IS_ERR(label))
795
		return PTR_ERR(label);
796

797
	perms = allperms;
798
	if (view_only) {
799
		label_for_each_in_ns(i, labels_ns(label), label, profile) {
800
			profile_query_cb(profile, &perms, match_str, match_len);
801
		}
802
	} else {
803
		label_for_each(i, label, profile) {
804
			profile_query_cb(profile, &perms, match_str, match_len);
805
		}
806
	}
807
	aa_put_label(label);
808

809
	return scnprintf(buf, buf_len,
810
		      "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
811
		      perms.allow, perms.deny, perms.audit, perms.quiet);
812
}
813

814
/*
815
 * Transaction based IO.
816
 * The file expects a write which triggers the transaction, and then
817
 * possibly a read(s) which collects the result - which is stored in a
818
 * file-local buffer. Once a new write is performed, a new set of results
819
 * are stored in the file-local buffer.
820
 */
821
struct multi_transaction {
822
	struct kref count;
823
	ssize_t size;
824
	char data[];
825
};
826

827
#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
828

829
static void multi_transaction_kref(struct kref *kref)
830
{
831
	struct multi_transaction *t;
832

833
	t = container_of(kref, struct multi_transaction, count);
834
	free_page((unsigned long) t);
835
}
836

837
static struct multi_transaction *
838
get_multi_transaction(struct multi_transaction *t)
839
{
840
	if  (t)
841
		kref_get(&(t->count));
842

843
	return t;
844
}
845

846
static void put_multi_transaction(struct multi_transaction *t)
847
{
848
	if (t)
849
		kref_put(&(t->count), multi_transaction_kref);
850
}
851

852
/* does not increment @new's count */
853
static void multi_transaction_set(struct file *file,
854
				  struct multi_transaction *new, size_t n)
855
{
856
	struct multi_transaction *old;
857

858
	AA_BUG(n > MULTI_TRANSACTION_LIMIT);
859

860
	new->size = n;
861
	spin_lock(&file->f_lock);
862
	old = (struct multi_transaction *) file->private_data;
863
	file->private_data = new;
864
	spin_unlock(&file->f_lock);
865
	put_multi_transaction(old);
866
}
867

868
static struct multi_transaction *multi_transaction_new(struct file *file,
869
						       const char __user *buf,
870
						       size_t size)
871
{
872
	struct multi_transaction *t;
873

874
	if (size > MULTI_TRANSACTION_LIMIT - 1)
875
		return ERR_PTR(-EFBIG);
876

877
	t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
878
	if (!t)
879
		return ERR_PTR(-ENOMEM);
880
	kref_init(&t->count);
881
	if (copy_from_user(t->data, buf, size)) {
882
		put_multi_transaction(t);
883
		return ERR_PTR(-EFAULT);
884
	}
885

886
	return t;
887
}
888

889
static ssize_t multi_transaction_read(struct file *file, char __user *buf,
890
				       size_t size, loff_t *pos)
891
{
892
	struct multi_transaction *t;
893
	ssize_t ret;
894

895
	spin_lock(&file->f_lock);
896
	t = get_multi_transaction(file->private_data);
897
	spin_unlock(&file->f_lock);
898

899
	if (!t)
900
		return 0;
901

902
	ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
903
	put_multi_transaction(t);
904

905
	return ret;
906
}
907

908
static int multi_transaction_release(struct inode *inode, struct file *file)
909
{
910
	put_multi_transaction(file->private_data);
911

912
	return 0;
913
}
914

915
#define QUERY_CMD_LABEL		"label\0"
916
#define QUERY_CMD_LABEL_LEN	6
917
#define QUERY_CMD_PROFILE	"profile\0"
918
#define QUERY_CMD_PROFILE_LEN	8
919
#define QUERY_CMD_LABELALL	"labelall\0"
920
#define QUERY_CMD_LABELALL_LEN	9
921
#define QUERY_CMD_DATA		"data\0"
922
#define QUERY_CMD_DATA_LEN	5
923

924
/**
925
 * aa_write_access - generic permissions and data query
926
 * @file: pointer to open apparmorfs/access file
927
 * @ubuf: user buffer containing the complete query string (NOT NULL)
928
 * @count: size of ubuf
929
 * @ppos: position in the file (MUST BE ZERO)
930
 *
931
 * Allows for one permissions or data query per open(), write(), and read()
932
 * sequence. The only queries currently supported are label-based queries for
933
 * permissions or data.
934
 *
935
 * For permissions queries, ubuf must begin with "label\0", followed by the
936
 * profile query specific format described in the query_label() function
937
 * documentation.
938
 *
939
 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
940
 * <LABEL> is the name of the security confinement context and <KEY> is the
941
 * name of the data to retrieve.
942
 *
943
 * Returns: number of bytes written or -errno on failure
944
 */
945
static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
946
			       size_t count, loff_t *ppos)
947
{
948
	struct multi_transaction *t;
949
	ssize_t len;
950

951
	if (*ppos)
952
		return -ESPIPE;
953

954
	t = multi_transaction_new(file, ubuf, count);
955
	if (IS_ERR(t))
956
		return PTR_ERR(t);
957

958
	if (count > QUERY_CMD_PROFILE_LEN &&
959
	    !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
960
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
961
				  t->data + QUERY_CMD_PROFILE_LEN,
962
				  count - QUERY_CMD_PROFILE_LEN, true);
963
	} else if (count > QUERY_CMD_LABEL_LEN &&
964
		   !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
965
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
966
				  t->data + QUERY_CMD_LABEL_LEN,
967
				  count - QUERY_CMD_LABEL_LEN, true);
968
	} else if (count > QUERY_CMD_LABELALL_LEN &&
969
		   !memcmp(t->data, QUERY_CMD_LABELALL,
970
			   QUERY_CMD_LABELALL_LEN)) {
971
		len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
972
				  t->data + QUERY_CMD_LABELALL_LEN,
973
				  count - QUERY_CMD_LABELALL_LEN, false);
974
	} else if (count > QUERY_CMD_DATA_LEN &&
975
		   !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
976
		len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
977
				 t->data + QUERY_CMD_DATA_LEN,
978
				 count - QUERY_CMD_DATA_LEN);
979
	} else
980
		len = -EINVAL;
981

982
	if (len < 0) {
983
		put_multi_transaction(t);
984
		return len;
985
	}
986

987
	multi_transaction_set(file, t, len);
988

989
	return count;
990
}
991

992
static const struct file_operations aa_sfs_access = {
993
	.write		= aa_write_access,
994
	.read		= multi_transaction_read,
995
	.release	= multi_transaction_release,
996
	.llseek		= generic_file_llseek,
997
};
998

999
static int aa_sfs_seq_show(struct seq_file *seq, void *v)
1000
{
1001
	struct aa_sfs_entry *fs_file = seq->private;
1002

1003
	if (!fs_file)
1004
		return 0;
1005

1006
	switch (fs_file->v_type) {
1007
	case AA_SFS_TYPE_BOOLEAN:
1008
		seq_printf(seq, "%s\n", str_yes_no(fs_file->v.boolean));
1009
		break;
1010
	case AA_SFS_TYPE_STRING:
1011
		seq_printf(seq, "%s\n", fs_file->v.string);
1012
		break;
1013
	case AA_SFS_TYPE_U64:
1014
		seq_printf(seq, "%#08lx\n", fs_file->v.u64);
1015
		break;
1016
	default:
1017
		/* Ignore unprintable entry types. */
1018
		break;
1019
	}
1020

1021
	return 0;
1022
}
1023

1024
static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1025
{
1026
	return single_open(file, aa_sfs_seq_show, inode->i_private);
1027
}
1028

1029
const struct file_operations aa_sfs_seq_file_ops = {
1030
	.owner		= THIS_MODULE,
1031
	.open		= aa_sfs_seq_open,
1032
	.read		= seq_read,
1033
	.llseek		= seq_lseek,
1034
	.release	= single_release,
1035
};
1036

1037
/*
1038
 * profile based file operations
1039
 *     policy/profiles/XXXX/profiles/ *
1040
 */
1041

1042
#define SEQ_PROFILE_FOPS(NAME)						      \
1043
static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1044
{									      \
1045
	return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show);    \
1046
}									      \
1047
									      \
1048
static const struct file_operations seq_profile_ ##NAME ##_fops = {	      \
1049
	.owner		= THIS_MODULE,					      \
1050
	.open		= seq_profile_ ##NAME ##_open,			      \
1051
	.read		= seq_read,					      \
1052
	.llseek		= seq_lseek,					      \
1053
	.release	= seq_profile_release,				      \
1054
}									      \
1055

1056
static int seq_profile_open(struct inode *inode, struct file *file,
1057
			    int (*show)(struct seq_file *, void *))
1058
{
1059
	struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1060
	int error = single_open(file, show, proxy);
1061

1062
	if (error) {
1063
		file->private_data = NULL;
1064
		aa_put_proxy(proxy);
1065
	}
1066

1067
	return error;
1068
}
1069

1070
static int seq_profile_release(struct inode *inode, struct file *file)
1071
{
1072
	struct seq_file *seq = (struct seq_file *) file->private_data;
1073
	if (seq)
1074
		aa_put_proxy(seq->private);
1075
	return single_release(inode, file);
1076
}
1077

1078
static int seq_profile_name_show(struct seq_file *seq, void *v)
1079
{
1080
	struct aa_proxy *proxy = seq->private;
1081
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1082
	struct aa_profile *profile = labels_profile(label);
1083
	seq_printf(seq, "%s\n", profile->base.name);
1084
	aa_put_label(label);
1085

1086
	return 0;
1087
}
1088

1089
static int seq_profile_mode_show(struct seq_file *seq, void *v)
1090
{
1091
	struct aa_proxy *proxy = seq->private;
1092
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1093
	struct aa_profile *profile = labels_profile(label);
1094
	seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1095
	aa_put_label(label);
1096

1097
	return 0;
1098
}
1099

1100
static int seq_profile_attach_show(struct seq_file *seq, void *v)
1101
{
1102
	struct aa_proxy *proxy = seq->private;
1103
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1104
	struct aa_profile *profile = labels_profile(label);
1105
	if (profile->attach.xmatch_str)
1106
		seq_printf(seq, "%s\n", profile->attach.xmatch_str);
1107
	else if (profile->attach.xmatch->dfa)
1108
		seq_puts(seq, "<unknown>\n");
1109
	else
1110
		seq_printf(seq, "%s\n", profile->base.name);
1111
	aa_put_label(label);
1112

1113
	return 0;
1114
}
1115

1116
static int seq_profile_hash_show(struct seq_file *seq, void *v)
1117
{
1118
	struct aa_proxy *proxy = seq->private;
1119
	struct aa_label *label = aa_get_label_rcu(&proxy->label);
1120
	struct aa_profile *profile = labels_profile(label);
1121
	unsigned int i, size = aa_hash_size();
1122

1123
	if (profile->hash) {
1124
		for (i = 0; i < size; i++)
1125
			seq_printf(seq, "%.2x", profile->hash[i]);
1126
		seq_putc(seq, '\n');
1127
	}
1128
	aa_put_label(label);
1129

1130
	return 0;
1131
}
1132

1133
SEQ_PROFILE_FOPS(name);
1134
SEQ_PROFILE_FOPS(mode);
1135
SEQ_PROFILE_FOPS(attach);
1136
SEQ_PROFILE_FOPS(hash);
1137

1138
/*
1139
 * namespace based files
1140
 *     several root files and
1141
 *     policy/ *
1142
 */
1143

1144
#define SEQ_NS_FOPS(NAME)						      \
1145
static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file)     \
1146
{									      \
1147
	return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private);   \
1148
}									      \
1149
									      \
1150
static const struct file_operations seq_ns_ ##NAME ##_fops = {	      \
1151
	.owner		= THIS_MODULE,					      \
1152
	.open		= seq_ns_ ##NAME ##_open,			      \
1153
	.read		= seq_read,					      \
1154
	.llseek		= seq_lseek,					      \
1155
	.release	= single_release,				      \
1156
}									      \
1157

1158
static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1159
{
1160
	struct aa_label *label;
1161

1162
	label = begin_current_label_crit_section();
1163
	seq_printf(seq, "%s\n", str_yes_no(label->size > 1));
1164
	end_current_label_crit_section(label);
1165

1166
	return 0;
1167
}
1168

1169
static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1170
{
1171
	struct aa_label *label;
1172
	struct aa_profile *profile;
1173
	struct label_it it;
1174
	int count = 1;
1175

1176
	label = begin_current_label_crit_section();
1177

1178
	if (label->size > 1) {
1179
		label_for_each(it, label, profile)
1180
			if (profile->ns != labels_ns(label)) {
1181
				count++;
1182
				break;
1183
			}
1184
	}
1185

1186
	seq_printf(seq, "%s\n", str_yes_no(count > 1));
1187
	end_current_label_crit_section(label);
1188

1189
	return 0;
1190
}
1191

1192
static int seq_ns_level_show(struct seq_file *seq, void *v)
1193
{
1194
	struct aa_label *label;
1195

1196
	label = begin_current_label_crit_section();
1197
	seq_printf(seq, "%d\n", labels_ns(label)->level);
1198
	end_current_label_crit_section(label);
1199

1200
	return 0;
1201
}
1202

1203
static int seq_ns_name_show(struct seq_file *seq, void *v)
1204
{
1205
	struct aa_label *label = begin_current_label_crit_section();
1206
	seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1207
	end_current_label_crit_section(label);
1208

1209
	return 0;
1210
}
1211

1212
static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
1213
{
1214
	seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
1215
	return 0;
1216
}
1217

1218
static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
1219
{
1220
	seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
1221
	return 0;
1222
}
1223

1224
SEQ_NS_FOPS(stacked);
1225
SEQ_NS_FOPS(nsstacked);
1226
SEQ_NS_FOPS(level);
1227
SEQ_NS_FOPS(name);
1228
SEQ_NS_FOPS(compress_min);
1229
SEQ_NS_FOPS(compress_max);
1230

1231

1232
/* policy/raw_data/ * file ops */
1233
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1234
#define SEQ_RAWDATA_FOPS(NAME)						      \
1235
static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1236
{									      \
1237
	return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show);    \
1238
}									      \
1239
									      \
1240
static const struct file_operations seq_rawdata_ ##NAME ##_fops = {	      \
1241
	.owner		= THIS_MODULE,					      \
1242
	.open		= seq_rawdata_ ##NAME ##_open,			      \
1243
	.read		= seq_read,					      \
1244
	.llseek		= seq_lseek,					      \
1245
	.release	= seq_rawdata_release,				      \
1246
}									      \
1247

1248
static int seq_rawdata_open(struct inode *inode, struct file *file,
1249
			    int (*show)(struct seq_file *, void *))
1250
{
1251
	struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1252
	int error;
1253

1254
	if (!data)
1255
		/* lost race this ent is being reaped */
1256
		return -ENOENT;
1257

1258
	error = single_open(file, show, data);
1259
	if (error) {
1260
		AA_BUG(file->private_data &&
1261
		       ((struct seq_file *)file->private_data)->private);
1262
		aa_put_loaddata(data);
1263
	}
1264

1265
	return error;
1266
}
1267

1268
static int seq_rawdata_release(struct inode *inode, struct file *file)
1269
{
1270
	struct seq_file *seq = (struct seq_file *) file->private_data;
1271

1272
	if (seq)
1273
		aa_put_loaddata(seq->private);
1274

1275
	return single_release(inode, file);
1276
}
1277

1278
static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1279
{
1280
	struct aa_loaddata *data = seq->private;
1281

1282
	seq_printf(seq, "v%d\n", data->abi);
1283

1284
	return 0;
1285
}
1286

1287
static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1288
{
1289
	struct aa_loaddata *data = seq->private;
1290

1291
	seq_printf(seq, "%ld\n", data->revision);
1292

1293
	return 0;
1294
}
1295

1296
static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1297
{
1298
	struct aa_loaddata *data = seq->private;
1299
	unsigned int i, size = aa_hash_size();
1300

1301
	if (data->hash) {
1302
		for (i = 0; i < size; i++)
1303
			seq_printf(seq, "%.2x", data->hash[i]);
1304
		seq_putc(seq, '\n');
1305
	}
1306

1307
	return 0;
1308
}
1309

1310
static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
1311
{
1312
	struct aa_loaddata *data = seq->private;
1313

1314
	seq_printf(seq, "%zu\n", data->compressed_size);
1315

1316
	return 0;
1317
}
1318

1319
SEQ_RAWDATA_FOPS(abi);
1320
SEQ_RAWDATA_FOPS(revision);
1321
SEQ_RAWDATA_FOPS(hash);
1322
SEQ_RAWDATA_FOPS(compressed_size);
1323

1324
static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
1325
{
1326
	if (slen < dlen) {
1327
		const size_t wksp_len = zstd_dctx_workspace_bound();
1328
		zstd_dctx *ctx;
1329
		void *wksp;
1330
		size_t out_len;
1331
		int ret = 0;
1332

1333
		wksp = kvzalloc(wksp_len, GFP_KERNEL);
1334
		if (!wksp) {
1335
			ret = -ENOMEM;
1336
			goto cleanup;
1337
		}
1338
		ctx = zstd_init_dctx(wksp, wksp_len);
1339
		if (ctx == NULL) {
1340
			ret = -ENOMEM;
1341
			goto cleanup;
1342
		}
1343
		out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
1344
		if (zstd_is_error(out_len)) {
1345
			ret = -EINVAL;
1346
			goto cleanup;
1347
		}
1348
cleanup:
1349
		kvfree(wksp);
1350
		return ret;
1351
	}
1352

1353
	if (dlen < slen)
1354
		return -EINVAL;
1355
	memcpy(dst, src, slen);
1356
	return 0;
1357
}
1358

1359
static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1360
			    loff_t *ppos)
1361
{
1362
	struct rawdata_f_data *private = file->private_data;
1363

1364
	return simple_read_from_buffer(buf, size, ppos,
1365
				       RAWDATA_F_DATA_BUF(private),
1366
				       private->loaddata->size);
1367
}
1368

1369
static int rawdata_release(struct inode *inode, struct file *file)
1370
{
1371
	rawdata_f_data_free(file->private_data);
1372

1373
	return 0;
1374
}
1375

1376
static int rawdata_open(struct inode *inode, struct file *file)
1377
{
1378
	int error;
1379
	struct aa_loaddata *loaddata;
1380
	struct rawdata_f_data *private;
1381

1382
	if (!aa_current_policy_view_capable(NULL))
1383
		return -EACCES;
1384

1385
	loaddata = __aa_get_loaddata(inode->i_private);
1386
	if (!loaddata)
1387
		/* lost race: this entry is being reaped */
1388
		return -ENOENT;
1389

1390
	private = rawdata_f_data_alloc(loaddata->size);
1391
	if (IS_ERR(private)) {
1392
		error = PTR_ERR(private);
1393
		goto fail_private_alloc;
1394
	}
1395

1396
	private->loaddata = loaddata;
1397

1398
	error = decompress_zstd(loaddata->data, loaddata->compressed_size,
1399
				RAWDATA_F_DATA_BUF(private),
1400
				loaddata->size);
1401
	if (error)
1402
		goto fail_decompress;
1403

1404
	file->private_data = private;
1405
	return 0;
1406

1407
fail_decompress:
1408
	rawdata_f_data_free(private);
1409
	return error;
1410

1411
fail_private_alloc:
1412
	aa_put_loaddata(loaddata);
1413
	return error;
1414
}
1415

1416
static const struct file_operations rawdata_fops = {
1417
	.open = rawdata_open,
1418
	.read = rawdata_read,
1419
	.llseek = generic_file_llseek,
1420
	.release = rawdata_release,
1421
};
1422

1423
static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1424
{
1425
	int i;
1426

1427
	for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1428
		if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1429
			/* no refcounts on i_private */
1430
			aafs_remove(rawdata->dents[i]);
1431
			rawdata->dents[i] = NULL;
1432
		}
1433
	}
1434
}
1435

1436
void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1437
{
1438
	AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1439

1440
	if (rawdata->ns) {
1441
		remove_rawdata_dents(rawdata);
1442
		list_del_init(&rawdata->list);
1443
		aa_put_ns(rawdata->ns);
1444
		rawdata->ns = NULL;
1445
	}
1446
}
1447

1448
int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1449
{
1450
	struct dentry *dent, *dir;
1451

1452
	AA_BUG(!ns);
1453
	AA_BUG(!rawdata);
1454
	AA_BUG(!mutex_is_locked(&ns->lock));
1455
	AA_BUG(!ns_subdata_dir(ns));
1456

1457
	/*
1458
	 * just use ns revision dir was originally created at. This is
1459
	 * under ns->lock and if load is successful revision will be
1460
	 * bumped and is guaranteed to be unique
1461
	 */
1462
	rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1463
	if (!rawdata->name)
1464
		return -ENOMEM;
1465

1466
	dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1467
	if (IS_ERR(dir))
1468
		/* ->name freed when rawdata freed */
1469
		return PTR_ERR(dir);
1470
	rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1471

1472
	dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1473
				      &seq_rawdata_abi_fops);
1474
	if (IS_ERR(dent))
1475
		goto fail;
1476
	rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1477

1478
	dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1479
				      &seq_rawdata_revision_fops);
1480
	if (IS_ERR(dent))
1481
		goto fail;
1482
	rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1483

1484
	if (aa_g_hash_policy) {
1485
		dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
1486
					      rawdata, &seq_rawdata_hash_fops);
1487
		if (IS_ERR(dent))
1488
			goto fail;
1489
		rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1490
	}
1491

1492
	dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
1493
				rawdata,
1494
				&seq_rawdata_compressed_size_fops);
1495
	if (IS_ERR(dent))
1496
		goto fail;
1497
	rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
1498

1499
	dent = aafs_create_file("raw_data", S_IFREG | 0444,
1500
				      dir, rawdata, &rawdata_fops);
1501
	if (IS_ERR(dent))
1502
		goto fail;
1503
	rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1504
	d_inode(dent)->i_size = rawdata->size;
1505

1506
	rawdata->ns = aa_get_ns(ns);
1507
	list_add(&rawdata->list, &ns->rawdata_list);
1508
	/* no refcount on inode rawdata */
1509

1510
	return 0;
1511

1512
fail:
1513
	remove_rawdata_dents(rawdata);
1514

1515
	return PTR_ERR(dent);
1516
}
1517
#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1518

1519

1520
/** fns to setup dynamic per profile/namespace files **/
1521

1522
/*
1523
 *
1524
 * Requires: @profile->ns->lock held
1525
 */
1526
void __aafs_profile_rmdir(struct aa_profile *profile)
1527
{
1528
	struct aa_profile *child;
1529
	int i;
1530

1531
	if (!profile)
1532
		return;
1533

1534
	list_for_each_entry(child, &profile->base.profiles, base.list)
1535
		__aafs_profile_rmdir(child);
1536

1537
	for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1538
		struct aa_proxy *proxy;
1539
		if (!profile->dents[i])
1540
			continue;
1541

1542
		proxy = d_inode(profile->dents[i])->i_private;
1543
		aafs_remove(profile->dents[i]);
1544
		aa_put_proxy(proxy);
1545
		profile->dents[i] = NULL;
1546
	}
1547
}
1548

1549
/*
1550
 *
1551
 * Requires: @old->ns->lock held
1552
 */
1553
void __aafs_profile_migrate_dents(struct aa_profile *old,
1554
				  struct aa_profile *new)
1555
{
1556
	int i;
1557

1558
	AA_BUG(!old);
1559
	AA_BUG(!new);
1560
	AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1561

1562
	for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1563
		new->dents[i] = old->dents[i];
1564
		if (new->dents[i]) {
1565
			struct inode *inode = d_inode(new->dents[i]);
1566

1567
			inode_set_mtime_to_ts(inode,
1568
					      inode_set_ctime_current(inode));
1569
		}
1570
		old->dents[i] = NULL;
1571
	}
1572
}
1573

1574
static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1575
					  struct aa_profile *profile,
1576
					  const struct file_operations *fops)
1577
{
1578
	struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1579
	struct dentry *dent;
1580

1581
	dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1582
	if (IS_ERR(dent))
1583
		aa_put_proxy(proxy);
1584

1585
	return dent;
1586
}
1587

1588
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1589
static int profile_depth(struct aa_profile *profile)
1590
{
1591
	int depth = 0;
1592

1593
	rcu_read_lock();
1594
	for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1595
		depth++;
1596
	rcu_read_unlock();
1597

1598
	return depth;
1599
}
1600

1601
static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1602
{
1603
	char *buffer, *s;
1604
	int error;
1605
	int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1606

1607
	s = buffer = kmalloc(size, GFP_KERNEL);
1608
	if (!buffer)
1609
		return ERR_PTR(-ENOMEM);
1610

1611
	for (; depth > 0; depth--) {
1612
		strcpy(s, "../../");
1613
		s += 6;
1614
		size -= 6;
1615
	}
1616

1617
	error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1618
	if (error >= size || error < 0) {
1619
		kfree(buffer);
1620
		return ERR_PTR(-ENAMETOOLONG);
1621
	}
1622

1623
	return buffer;
1624
}
1625

1626
static const char *rawdata_get_link_base(struct dentry *dentry,
1627
					 struct inode *inode,
1628
					 struct delayed_call *done,
1629
					 const char *name)
1630
{
1631
	struct aa_proxy *proxy = inode->i_private;
1632
	struct aa_label *label;
1633
	struct aa_profile *profile;
1634
	char *target;
1635
	int depth;
1636

1637
	if (!dentry)
1638
		return ERR_PTR(-ECHILD);
1639

1640
	label = aa_get_label_rcu(&proxy->label);
1641
	profile = labels_profile(label);
1642
	depth = profile_depth(profile);
1643
	target = gen_symlink_name(depth, profile->rawdata->name, name);
1644
	aa_put_label(label);
1645

1646
	if (IS_ERR(target))
1647
		return target;
1648

1649
	set_delayed_call(done, kfree_link, target);
1650

1651
	return target;
1652
}
1653

1654
static const char *rawdata_get_link_sha256(struct dentry *dentry,
1655
					 struct inode *inode,
1656
					 struct delayed_call *done)
1657
{
1658
	return rawdata_get_link_base(dentry, inode, done, "sha256");
1659
}
1660

1661
static const char *rawdata_get_link_abi(struct dentry *dentry,
1662
					struct inode *inode,
1663
					struct delayed_call *done)
1664
{
1665
	return rawdata_get_link_base(dentry, inode, done, "abi");
1666
}
1667

1668
static const char *rawdata_get_link_data(struct dentry *dentry,
1669
					 struct inode *inode,
1670
					 struct delayed_call *done)
1671
{
1672
	return rawdata_get_link_base(dentry, inode, done, "raw_data");
1673
}
1674

1675
static const struct inode_operations rawdata_link_sha256_iops = {
1676
	.get_link	= rawdata_get_link_sha256,
1677
};
1678

1679
static const struct inode_operations rawdata_link_abi_iops = {
1680
	.get_link	= rawdata_get_link_abi,
1681
};
1682
static const struct inode_operations rawdata_link_data_iops = {
1683
	.get_link	= rawdata_get_link_data,
1684
};
1685
#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1686

1687
/*
1688
 * Requires: @profile->ns->lock held
1689
 */
1690
int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1691
{
1692
	struct aa_profile *child;
1693
	struct dentry *dent = NULL, *dir;
1694
	int error;
1695

1696
	AA_BUG(!profile);
1697
	AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1698

1699
	if (!parent) {
1700
		struct aa_profile *p;
1701
		p = aa_deref_parent(profile);
1702
		dent = prof_dir(p);
1703
		if (!dent) {
1704
			error = -ENOENT;
1705
			goto fail2;
1706
		}
1707
		/* adding to parent that previously didn't have children */
1708
		dent = aafs_create_dir("profiles", dent);
1709
		if (IS_ERR(dent))
1710
			goto fail;
1711
		prof_child_dir(p) = parent = dent;
1712
	}
1713

1714
	if (!profile->dirname) {
1715
		int len, id_len;
1716
		len = mangle_name(profile->base.name, NULL);
1717
		id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1718

1719
		profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1720
		if (!profile->dirname) {
1721
			error = -ENOMEM;
1722
			goto fail2;
1723
		}
1724

1725
		mangle_name(profile->base.name, profile->dirname);
1726
		sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1727
	}
1728

1729
	dent = aafs_create_dir(profile->dirname, parent);
1730
	if (IS_ERR(dent))
1731
		goto fail;
1732
	prof_dir(profile) = dir = dent;
1733

1734
	dent = create_profile_file(dir, "name", profile,
1735
				   &seq_profile_name_fops);
1736
	if (IS_ERR(dent))
1737
		goto fail;
1738
	profile->dents[AAFS_PROF_NAME] = dent;
1739

1740
	dent = create_profile_file(dir, "mode", profile,
1741
				   &seq_profile_mode_fops);
1742
	if (IS_ERR(dent))
1743
		goto fail;
1744
	profile->dents[AAFS_PROF_MODE] = dent;
1745

1746
	dent = create_profile_file(dir, "attach", profile,
1747
				   &seq_profile_attach_fops);
1748
	if (IS_ERR(dent))
1749
		goto fail;
1750
	profile->dents[AAFS_PROF_ATTACH] = dent;
1751

1752
	if (profile->hash) {
1753
		dent = create_profile_file(dir, "sha256", profile,
1754
					   &seq_profile_hash_fops);
1755
		if (IS_ERR(dent))
1756
			goto fail;
1757
		profile->dents[AAFS_PROF_HASH] = dent;
1758
	}
1759

1760
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1761
	if (profile->rawdata) {
1762
		if (aa_g_hash_policy) {
1763
			dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
1764
					   profile->label.proxy, NULL, NULL,
1765
					   &rawdata_link_sha256_iops);
1766
			if (IS_ERR(dent))
1767
				goto fail;
1768
			aa_get_proxy(profile->label.proxy);
1769
			profile->dents[AAFS_PROF_RAW_HASH] = dent;
1770
		}
1771
		dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
1772
				   profile->label.proxy, NULL, NULL,
1773
				   &rawdata_link_abi_iops);
1774
		if (IS_ERR(dent))
1775
			goto fail;
1776
		aa_get_proxy(profile->label.proxy);
1777
		profile->dents[AAFS_PROF_RAW_ABI] = dent;
1778

1779
		dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
1780
				   profile->label.proxy, NULL, NULL,
1781
				   &rawdata_link_data_iops);
1782
		if (IS_ERR(dent))
1783
			goto fail;
1784
		aa_get_proxy(profile->label.proxy);
1785
		profile->dents[AAFS_PROF_RAW_DATA] = dent;
1786
	}
1787
#endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1788

1789
	list_for_each_entry(child, &profile->base.profiles, base.list) {
1790
		error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1791
		if (error)
1792
			goto fail2;
1793
	}
1794

1795
	return 0;
1796

1797
fail:
1798
	error = PTR_ERR(dent);
1799

1800
fail2:
1801
	__aafs_profile_rmdir(profile);
1802

1803
	return error;
1804
}
1805

1806
static struct dentry *ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
1807
				  struct dentry *dentry, umode_t mode)
1808
{
1809
	struct aa_ns *ns, *parent;
1810
	/* TODO: improve permission check */
1811
	struct aa_label *label;
1812
	int error;
1813

1814
	label = begin_current_label_crit_section();
1815
	error = aa_may_manage_policy(current_cred(), label, NULL,
1816
				     AA_MAY_LOAD_POLICY);
1817
	end_current_label_crit_section(label);
1818
	if (error)
1819
		return ERR_PTR(error);
1820

1821
	parent = aa_get_ns(dir->i_private);
1822
	AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1823

1824
	/* we have to unlock and then relock to get locking order right
1825
	 * for pin_fs
1826
	 */
1827
	inode_unlock(dir);
1828
	error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1829
	mutex_lock_nested(&parent->lock, parent->level);
1830
	inode_lock_nested(dir, I_MUTEX_PARENT);
1831
	if (error)
1832
		goto out;
1833

1834
	error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR,  NULL,
1835
				     NULL, NULL, NULL);
1836
	if (error)
1837
		goto out_pin;
1838

1839
	ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1840
				    dentry);
1841
	if (IS_ERR(ns)) {
1842
		error = PTR_ERR(ns);
1843
		ns = NULL;
1844
	}
1845

1846
	aa_put_ns(ns);		/* list ref remains */
1847
out_pin:
1848
	if (error)
1849
		simple_release_fs(&aafs_mnt, &aafs_count);
1850
out:
1851
	mutex_unlock(&parent->lock);
1852
	aa_put_ns(parent);
1853

1854
	return ERR_PTR(error);
1855
}
1856

1857
static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1858
{
1859
	struct aa_ns *ns, *parent;
1860
	/* TODO: improve permission check */
1861
	struct aa_label *label;
1862
	int error;
1863

1864
	label = begin_current_label_crit_section();
1865
	error = aa_may_manage_policy(current_cred(), label, NULL,
1866
				     AA_MAY_LOAD_POLICY);
1867
	end_current_label_crit_section(label);
1868
	if (error)
1869
		return error;
1870

1871
	parent = aa_get_ns(dir->i_private);
1872
	/* rmdir calls the generic securityfs functions to remove files
1873
	 * from the apparmor dir. It is up to the apparmor ns locking
1874
	 * to avoid races.
1875
	 */
1876
	inode_unlock(dir);
1877
	inode_unlock(dentry->d_inode);
1878

1879
	mutex_lock_nested(&parent->lock, parent->level);
1880
	ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1881
				     dentry->d_name.len));
1882
	if (!ns) {
1883
		error = -ENOENT;
1884
		goto out;
1885
	}
1886
	AA_BUG(ns_dir(ns) != dentry);
1887

1888
	__aa_remove_ns(ns);
1889
	aa_put_ns(ns);
1890

1891
out:
1892
	mutex_unlock(&parent->lock);
1893
	inode_lock_nested(dir, I_MUTEX_PARENT);
1894
	inode_lock(dentry->d_inode);
1895
	aa_put_ns(parent);
1896

1897
	return error;
1898
}
1899

1900
static const struct inode_operations ns_dir_inode_operations = {
1901
	.lookup		= simple_lookup,
1902
	.mkdir		= ns_mkdir_op,
1903
	.rmdir		= ns_rmdir_op,
1904
};
1905

1906
static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1907
{
1908
	struct aa_loaddata *ent, *tmp;
1909

1910
	AA_BUG(!mutex_is_locked(&ns->lock));
1911

1912
	list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1913
		__aa_fs_remove_rawdata(ent);
1914
}
1915

1916
/*
1917
 *
1918
 * Requires: @ns->lock held
1919
 */
1920
void __aafs_ns_rmdir(struct aa_ns *ns)
1921
{
1922
	struct aa_ns *sub;
1923
	struct aa_profile *child;
1924
	int i;
1925

1926
	if (!ns)
1927
		return;
1928
	AA_BUG(!mutex_is_locked(&ns->lock));
1929

1930
	list_for_each_entry(child, &ns->base.profiles, base.list)
1931
		__aafs_profile_rmdir(child);
1932

1933
	list_for_each_entry(sub, &ns->sub_ns, base.list) {
1934
		mutex_lock_nested(&sub->lock, sub->level);
1935
		__aafs_ns_rmdir(sub);
1936
		mutex_unlock(&sub->lock);
1937
	}
1938

1939
	__aa_fs_list_remove_rawdata(ns);
1940

1941
	if (ns_subns_dir(ns)) {
1942
		sub = d_inode(ns_subns_dir(ns))->i_private;
1943
		aa_put_ns(sub);
1944
	}
1945
	if (ns_subload(ns)) {
1946
		sub = d_inode(ns_subload(ns))->i_private;
1947
		aa_put_ns(sub);
1948
	}
1949
	if (ns_subreplace(ns)) {
1950
		sub = d_inode(ns_subreplace(ns))->i_private;
1951
		aa_put_ns(sub);
1952
	}
1953
	if (ns_subremove(ns)) {
1954
		sub = d_inode(ns_subremove(ns))->i_private;
1955
		aa_put_ns(sub);
1956
	}
1957
	if (ns_subrevision(ns)) {
1958
		sub = d_inode(ns_subrevision(ns))->i_private;
1959
		aa_put_ns(sub);
1960
	}
1961

1962
	for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1963
		aafs_remove(ns->dents[i]);
1964
		ns->dents[i] = NULL;
1965
	}
1966
}
1967

1968
/* assumes cleanup in caller */
1969
static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1970
{
1971
	struct dentry *dent;
1972

1973
	AA_BUG(!ns);
1974
	AA_BUG(!dir);
1975

1976
	dent = aafs_create_dir("profiles", dir);
1977
	if (IS_ERR(dent))
1978
		return PTR_ERR(dent);
1979
	ns_subprofs_dir(ns) = dent;
1980

1981
	dent = aafs_create_dir("raw_data", dir);
1982
	if (IS_ERR(dent))
1983
		return PTR_ERR(dent);
1984
	ns_subdata_dir(ns) = dent;
1985

1986
	dent = aafs_create_file("revision", 0444, dir, ns,
1987
				&aa_fs_ns_revision_fops);
1988
	if (IS_ERR(dent))
1989
		return PTR_ERR(dent);
1990
	aa_get_ns(ns);
1991
	ns_subrevision(ns) = dent;
1992

1993
	dent = aafs_create_file(".load", 0640, dir, ns,
1994
				      &aa_fs_profile_load);
1995
	if (IS_ERR(dent))
1996
		return PTR_ERR(dent);
1997
	aa_get_ns(ns);
1998
	ns_subload(ns) = dent;
1999

2000
	dent = aafs_create_file(".replace", 0640, dir, ns,
2001
				      &aa_fs_profile_replace);
2002
	if (IS_ERR(dent))
2003
		return PTR_ERR(dent);
2004
	aa_get_ns(ns);
2005
	ns_subreplace(ns) = dent;
2006

2007
	dent = aafs_create_file(".remove", 0640, dir, ns,
2008
				      &aa_fs_profile_remove);
2009
	if (IS_ERR(dent))
2010
		return PTR_ERR(dent);
2011
	aa_get_ns(ns);
2012
	ns_subremove(ns) = dent;
2013

2014
	  /* use create_dentry so we can supply private data */
2015
	dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
2016
			   &ns_dir_inode_operations);
2017
	if (IS_ERR(dent))
2018
		return PTR_ERR(dent);
2019
	aa_get_ns(ns);
2020
	ns_subns_dir(ns) = dent;
2021

2022
	return 0;
2023
}
2024

2025
/*
2026
 * Requires: @ns->lock held
2027
 */
2028
int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
2029
		    struct dentry *dent)
2030
{
2031
	struct aa_ns *sub;
2032
	struct aa_profile *child;
2033
	struct dentry *dir;
2034
	int error;
2035

2036
	AA_BUG(!ns);
2037
	AA_BUG(!parent);
2038
	AA_BUG(!mutex_is_locked(&ns->lock));
2039

2040
	if (!name)
2041
		name = ns->base.name;
2042

2043
	if (!dent) {
2044
		/* create ns dir if it doesn't already exist */
2045
		dent = aafs_create_dir(name, parent);
2046
		if (IS_ERR(dent))
2047
			goto fail;
2048
	} else
2049
		dget(dent);
2050
	ns_dir(ns) = dir = dent;
2051
	error = __aafs_ns_mkdir_entries(ns, dir);
2052
	if (error)
2053
		goto fail2;
2054

2055
	/* profiles */
2056
	list_for_each_entry(child, &ns->base.profiles, base.list) {
2057
		error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
2058
		if (error)
2059
			goto fail2;
2060
	}
2061

2062
	/* subnamespaces */
2063
	list_for_each_entry(sub, &ns->sub_ns, base.list) {
2064
		mutex_lock_nested(&sub->lock, sub->level);
2065
		error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
2066
		mutex_unlock(&sub->lock);
2067
		if (error)
2068
			goto fail2;
2069
	}
2070

2071
	return 0;
2072

2073
fail:
2074
	error = PTR_ERR(dent);
2075

2076
fail2:
2077
	__aafs_ns_rmdir(ns);
2078

2079
	return error;
2080
}
2081

2082
/**
2083
 * __next_ns - find the next namespace to list
2084
 * @root: root namespace to stop search at (NOT NULL)
2085
 * @ns: current ns position (NOT NULL)
2086
 *
2087
 * Find the next namespace from @ns under @root and handle all locking needed
2088
 * while switching current namespace.
2089
 *
2090
 * Returns: next namespace or NULL if at last namespace under @root
2091
 * Requires: ns->parent->lock to be held
2092
 * NOTE: will not unlock root->lock
2093
 */
2094
static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
2095
{
2096
	struct aa_ns *parent, *next;
2097

2098
	AA_BUG(!root);
2099
	AA_BUG(!ns);
2100
	AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
2101

2102
	/* is next namespace a child */
2103
	if (!list_empty(&ns->sub_ns)) {
2104
		next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
2105
		mutex_lock_nested(&next->lock, next->level);
2106
		return next;
2107
	}
2108

2109
	/* check if the next ns is a sibling, parent, gp, .. */
2110
	parent = ns->parent;
2111
	while (ns != root) {
2112
		mutex_unlock(&ns->lock);
2113
		next = list_next_entry(ns, base.list);
2114
		if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
2115
			mutex_lock_nested(&next->lock, next->level);
2116
			return next;
2117
		}
2118
		ns = parent;
2119
		parent = parent->parent;
2120
	}
2121

2122
	return NULL;
2123
}
2124

2125
/**
2126
 * __first_profile - find the first profile in a namespace
2127
 * @root: namespace that is root of profiles being displayed (NOT NULL)
2128
 * @ns: namespace to start in   (NOT NULL)
2129
 *
2130
 * Returns: unrefcounted profile or NULL if no profile
2131
 * Requires: profile->ns.lock to be held
2132
 */
2133
static struct aa_profile *__first_profile(struct aa_ns *root,
2134
					  struct aa_ns *ns)
2135
{
2136
	AA_BUG(!root);
2137
	AA_BUG(ns && !mutex_is_locked(&ns->lock));
2138

2139
	for (; ns; ns = __next_ns(root, ns)) {
2140
		if (!list_empty(&ns->base.profiles))
2141
			return list_first_entry(&ns->base.profiles,
2142
						struct aa_profile, base.list);
2143
	}
2144
	return NULL;
2145
}
2146

2147
/**
2148
 * __next_profile - step to the next profile in a profile tree
2149
 * @p: current profile in tree (NOT NULL)
2150
 *
2151
 * Perform a depth first traversal on the profile tree in a namespace
2152
 *
2153
 * Returns: next profile or NULL if done
2154
 * Requires: profile->ns.lock to be held
2155
 */
2156
static struct aa_profile *__next_profile(struct aa_profile *p)
2157
{
2158
	struct aa_profile *parent;
2159
	struct aa_ns *ns = p->ns;
2160

2161
	AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2162

2163
	/* is next profile a child */
2164
	if (!list_empty(&p->base.profiles))
2165
		return list_first_entry(&p->base.profiles, typeof(*p),
2166
					base.list);
2167

2168
	/* is next profile a sibling, parent sibling, gp, sibling, .. */
2169
	parent = rcu_dereference_protected(p->parent,
2170
					   mutex_is_locked(&p->ns->lock));
2171
	while (parent) {
2172
		p = list_next_entry(p, base.list);
2173
		if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2174
			return p;
2175
		p = parent;
2176
		parent = rcu_dereference_protected(parent->parent,
2177
					    mutex_is_locked(&parent->ns->lock));
2178
	}
2179

2180
	/* is next another profile in the namespace */
2181
	p = list_next_entry(p, base.list);
2182
	if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2183
		return p;
2184

2185
	return NULL;
2186
}
2187

2188
/**
2189
 * next_profile - step to the next profile in where ever it may be
2190
 * @root: root namespace  (NOT NULL)
2191
 * @profile: current profile  (NOT NULL)
2192
 *
2193
 * Returns: next profile or NULL if there isn't one
2194
 */
2195
static struct aa_profile *next_profile(struct aa_ns *root,
2196
				       struct aa_profile *profile)
2197
{
2198
	struct aa_profile *next = __next_profile(profile);
2199
	if (next)
2200
		return next;
2201

2202
	/* finished all profiles in namespace move to next namespace */
2203
	return __first_profile(root, __next_ns(root, profile->ns));
2204
}
2205

2206
/**
2207
 * p_start - start a depth first traversal of profile tree
2208
 * @f: seq_file to fill
2209
 * @pos: current position
2210
 *
2211
 * Returns: first profile under current namespace or NULL if none found
2212
 *
2213
 * acquires first ns->lock
2214
 */
2215
static void *p_start(struct seq_file *f, loff_t *pos)
2216
{
2217
	struct aa_profile *profile = NULL;
2218
	struct aa_ns *root = aa_get_current_ns();
2219
	loff_t l = *pos;
2220
	f->private = root;
2221

2222
	/* find the first profile */
2223
	mutex_lock_nested(&root->lock, root->level);
2224
	profile = __first_profile(root, root);
2225

2226
	/* skip to position */
2227
	for (; profile && l > 0; l--)
2228
		profile = next_profile(root, profile);
2229

2230
	return profile;
2231
}
2232

2233
/**
2234
 * p_next - read the next profile entry
2235
 * @f: seq_file to fill
2236
 * @p: profile previously returned
2237
 * @pos: current position
2238
 *
2239
 * Returns: next profile after @p or NULL if none
2240
 *
2241
 * may acquire/release locks in namespace tree as necessary
2242
 */
2243
static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2244
{
2245
	struct aa_profile *profile = p;
2246
	struct aa_ns *ns = f->private;
2247
	(*pos)++;
2248

2249
	return next_profile(ns, profile);
2250
}
2251

2252
/**
2253
 * p_stop - stop depth first traversal
2254
 * @f: seq_file we are filling
2255
 * @p: the last profile written
2256
 *
2257
 * Release all locking done by p_start/p_next on namespace tree
2258
 */
2259
static void p_stop(struct seq_file *f, void *p)
2260
{
2261
	struct aa_profile *profile = p;
2262
	struct aa_ns *root = f->private, *ns;
2263

2264
	if (profile) {
2265
		for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2266
			mutex_unlock(&ns->lock);
2267
	}
2268
	mutex_unlock(&root->lock);
2269
	aa_put_ns(root);
2270
}
2271

2272
/**
2273
 * seq_show_profile - show a profile entry
2274
 * @f: seq_file to file
2275
 * @p: current position (profile)    (NOT NULL)
2276
 *
2277
 * Returns: error on failure
2278
 */
2279
static int seq_show_profile(struct seq_file *f, void *p)
2280
{
2281
	struct aa_profile *profile = (struct aa_profile *)p;
2282
	struct aa_ns *root = f->private;
2283

2284
	aa_label_seq_xprint(f, root, &profile->label,
2285
			    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2286
	seq_putc(f, '\n');
2287

2288
	return 0;
2289
}
2290

2291
static const struct seq_operations aa_sfs_profiles_op = {
2292
	.start = p_start,
2293
	.next = p_next,
2294
	.stop = p_stop,
2295
	.show = seq_show_profile,
2296
};
2297

2298
static int profiles_open(struct inode *inode, struct file *file)
2299
{
2300
	if (!aa_current_policy_view_capable(NULL))
2301
		return -EACCES;
2302

2303
	return seq_open(file, &aa_sfs_profiles_op);
2304
}
2305

2306
static int profiles_release(struct inode *inode, struct file *file)
2307
{
2308
	return seq_release(inode, file);
2309
}
2310

2311
static const struct file_operations aa_sfs_profiles_fops = {
2312
	.open = profiles_open,
2313
	.read = seq_read,
2314
	.llseek = seq_lseek,
2315
	.release = profiles_release,
2316
};
2317

2318

2319
/** Base file system setup **/
2320
static struct aa_sfs_entry aa_sfs_entry_file[] = {
2321
	AA_SFS_FILE_STRING("mask",
2322
			   "create read write exec append mmap_exec link lock"),
2323
	{ }
2324
};
2325

2326
static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2327
	AA_SFS_FILE_STRING("mask", "read trace"),
2328
	{ }
2329
};
2330

2331
static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2332
	AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2333
	{ }
2334
};
2335

2336
static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2337
	AA_SFS_FILE_BOOLEAN("xattr", 1),
2338
	{ }
2339
};
2340
static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2341
	AA_SFS_FILE_BOOLEAN("change_hat",	1),
2342
	AA_SFS_FILE_BOOLEAN("change_hatv",	1),
2343
	AA_SFS_FILE_BOOLEAN("unconfined_allowed_children",	1),
2344
	AA_SFS_FILE_BOOLEAN("change_onexec",	1),
2345
	AA_SFS_FILE_BOOLEAN("change_profile",	1),
2346
	AA_SFS_FILE_BOOLEAN("stack",		1),
2347
	AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap",	1),
2348
	AA_SFS_FILE_BOOLEAN("post_nnp_subset",	1),
2349
	AA_SFS_FILE_BOOLEAN("computed_longest_left",	1),
2350
	AA_SFS_DIR("attach_conditions",		aa_sfs_entry_attach),
2351
	AA_SFS_FILE_BOOLEAN("disconnected.path",            1),
2352
	AA_SFS_FILE_BOOLEAN("kill.signal",		1),
2353
	AA_SFS_FILE_STRING("version", "1.2"),
2354
	{ }
2355
};
2356

2357
static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
2358
	AA_SFS_FILE_BOOLEAN("change_profile", 1),
2359
	{ }
2360
};
2361

2362
static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2363
	AA_SFS_FILE_BOOLEAN("v5",	1),
2364
	AA_SFS_FILE_BOOLEAN("v6",	1),
2365
	AA_SFS_FILE_BOOLEAN("v7",	1),
2366
	AA_SFS_FILE_BOOLEAN("v8",	1),
2367
	AA_SFS_FILE_BOOLEAN("v9",	1),
2368
	{ }
2369
};
2370

2371
#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
2372
static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2373
	AA_SFS_DIR("versions",			aa_sfs_entry_versions),
2374
	AA_SFS_FILE_BOOLEAN("set_load",		1),
2375
	/* number of out of band transitions supported */
2376
	AA_SFS_FILE_U64("outofband",		MAX_OOB_SUPPORTED),
2377
	AA_SFS_FILE_U64("permstable32_version",	3),
2378
	AA_SFS_FILE_STRING("permstable32", PERMS32STR),
2379
	AA_SFS_FILE_U64("state32",	1),
2380
	AA_SFS_DIR("unconfined_restrictions",   aa_sfs_entry_unconfined),
2381
	{ }
2382
};
2383

2384
static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2385
	AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2386
	AA_SFS_FILE_STRING("move_mount", "detached"),
2387
	{ }
2388
};
2389

2390
static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2391
	AA_SFS_FILE_BOOLEAN("profile",		1),
2392
	AA_SFS_FILE_BOOLEAN("pivot_root",	0),
2393
	AA_SFS_FILE_STRING("mask", "userns_create"),
2394
	{ }
2395
};
2396

2397
static struct aa_sfs_entry aa_sfs_entry_dbus[] = {
2398
	AA_SFS_FILE_STRING("mask", "acquire send receive"),
2399
	{ }
2400
};
2401

2402
static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2403
	AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2404
	AA_SFS_FILE_BOOLEAN("data",		1),
2405
	AA_SFS_FILE_BOOLEAN("multi_transaction",	1),
2406
	{ }
2407
};
2408

2409
static struct aa_sfs_entry aa_sfs_entry_query[] = {
2410
	AA_SFS_DIR("label",			aa_sfs_entry_query_label),
2411
	{ }
2412
};
2413

2414
static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
2415
	AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
2416
	{ }
2417
};
2418

2419
static struct aa_sfs_entry aa_sfs_entry_features[] = {
2420
	AA_SFS_DIR("policy",			aa_sfs_entry_policy),
2421
	AA_SFS_DIR("domain",			aa_sfs_entry_domain),
2422
	AA_SFS_DIR("file",			aa_sfs_entry_file),
2423
	AA_SFS_DIR("network_v8",		aa_sfs_entry_network),
2424
	AA_SFS_DIR("network_v9",		aa_sfs_entry_networkv9),
2425
	AA_SFS_DIR("mount",			aa_sfs_entry_mount),
2426
	AA_SFS_DIR("namespaces",		aa_sfs_entry_ns),
2427
	AA_SFS_FILE_U64("capability",		VFS_CAP_FLAGS_MASK),
2428
	AA_SFS_DIR("rlimit",			aa_sfs_entry_rlimit),
2429
	AA_SFS_DIR("caps",			aa_sfs_entry_caps),
2430
	AA_SFS_DIR("ptrace",			aa_sfs_entry_ptrace),
2431
	AA_SFS_DIR("signal",			aa_sfs_entry_signal),
2432
	AA_SFS_DIR("dbus",			aa_sfs_entry_dbus),
2433
	AA_SFS_DIR("query",			aa_sfs_entry_query),
2434
	AA_SFS_DIR("io_uring",			aa_sfs_entry_io_uring),
2435
	{ }
2436
};
2437

2438
static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2439
	AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2440
	AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2441
	AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2442
	AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2443
	AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2444
	AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2445
	AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
2446
	AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
2447
	AA_SFS_DIR("features", aa_sfs_entry_features),
2448
	{ }
2449
};
2450

2451
static struct aa_sfs_entry aa_sfs_entry =
2452
	AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2453

2454
/**
2455
 * entry_create_file - create a file entry in the apparmor securityfs
2456
 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2457
 * @parent: the parent dentry in the securityfs
2458
 *
2459
 * Use entry_remove_file to remove entries created with this fn.
2460
 */
2461
static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2462
				    struct dentry *parent)
2463
{
2464
	int error = 0;
2465

2466
	fs_file->dentry = securityfs_create_file(fs_file->name,
2467
						 S_IFREG | fs_file->mode,
2468
						 parent, fs_file,
2469
						 fs_file->file_ops);
2470
	if (IS_ERR(fs_file->dentry)) {
2471
		error = PTR_ERR(fs_file->dentry);
2472
		fs_file->dentry = NULL;
2473
	}
2474
	return error;
2475
}
2476

2477
static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2478
/**
2479
 * entry_create_dir - recursively create a directory entry in the securityfs
2480
 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2481
 * @parent: the parent dentry in the securityfs
2482
 *
2483
 * Use entry_remove_dir to remove entries created with this fn.
2484
 */
2485
static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2486
				   struct dentry *parent)
2487
{
2488
	struct aa_sfs_entry *fs_file;
2489
	struct dentry *dir;
2490
	int error;
2491

2492
	dir = securityfs_create_dir(fs_dir->name, parent);
2493
	if (IS_ERR(dir))
2494
		return PTR_ERR(dir);
2495
	fs_dir->dentry = dir;
2496

2497
	for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2498
		if (fs_file->v_type == AA_SFS_TYPE_DIR)
2499
			error = entry_create_dir(fs_file, fs_dir->dentry);
2500
		else
2501
			error = entry_create_file(fs_file, fs_dir->dentry);
2502
		if (error)
2503
			goto failed;
2504
	}
2505

2506
	return 0;
2507

2508
failed:
2509
	entry_remove_dir(fs_dir);
2510

2511
	return error;
2512
}
2513

2514
/**
2515
 * entry_remove_file - drop a single file entry in the apparmor securityfs
2516
 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2517
 */
2518
static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2519
{
2520
	if (!fs_file->dentry)
2521
		return;
2522

2523
	securityfs_remove(fs_file->dentry);
2524
	fs_file->dentry = NULL;
2525
}
2526

2527
/**
2528
 * entry_remove_dir - recursively drop a directory entry from the securityfs
2529
 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2530
 */
2531
static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2532
{
2533
	struct aa_sfs_entry *fs_file;
2534

2535
	for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2536
		if (fs_file->v_type == AA_SFS_TYPE_DIR)
2537
			entry_remove_dir(fs_file);
2538
		else
2539
			entry_remove_file(fs_file);
2540
	}
2541

2542
	entry_remove_file(fs_dir);
2543
}
2544

2545
/**
2546
 * aa_destroy_aafs - cleanup and free aafs
2547
 *
2548
 * releases dentries allocated by aa_create_aafs
2549
 */
2550
void __init aa_destroy_aafs(void)
2551
{
2552
	entry_remove_dir(&aa_sfs_entry);
2553
}
2554

2555

2556
#define NULL_FILE_NAME ".null"
2557
struct path aa_null;
2558

2559
static int aa_mk_null_file(struct dentry *parent)
2560
{
2561
	struct vfsmount *mount = NULL;
2562
	struct dentry *dentry;
2563
	struct inode *inode;
2564
	int count = 0;
2565
	int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2566

2567
	if (error)
2568
		return error;
2569

2570
	inode_lock(d_inode(parent));
2571
	dentry = lookup_noperm(&QSTR(NULL_FILE_NAME), parent);
2572
	if (IS_ERR(dentry)) {
2573
		error = PTR_ERR(dentry);
2574
		goto out;
2575
	}
2576
	inode = new_inode(parent->d_inode->i_sb);
2577
	if (!inode) {
2578
		error = -ENOMEM;
2579
		goto out1;
2580
	}
2581

2582
	inode->i_ino = get_next_ino();
2583
	inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2584
	simple_inode_init_ts(inode);
2585
	init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2586
			   MKDEV(MEM_MAJOR, 3));
2587
	d_instantiate(dentry, inode);
2588
	aa_null.dentry = dget(dentry);
2589
	aa_null.mnt = mntget(mount);
2590

2591
	error = 0;
2592

2593
out1:
2594
	dput(dentry);
2595
out:
2596
	inode_unlock(d_inode(parent));
2597
	simple_release_fs(&mount, &count);
2598
	return error;
2599
}
2600

2601

2602

2603
static const char *policy_get_link(struct dentry *dentry,
2604
				   struct inode *inode,
2605
				   struct delayed_call *done)
2606
{
2607
	struct aa_ns *ns;
2608
	struct path path;
2609
	int error;
2610

2611
	if (!dentry)
2612
		return ERR_PTR(-ECHILD);
2613

2614
	ns = aa_get_current_ns();
2615
	path.mnt = mntget(aafs_mnt);
2616
	path.dentry = dget(ns_dir(ns));
2617
	error = nd_jump_link(&path);
2618
	aa_put_ns(ns);
2619

2620
	return ERR_PTR(error);
2621
}
2622

2623
static int policy_readlink(struct dentry *dentry, char __user *buffer,
2624
			   int buflen)
2625
{
2626
	char name[32];
2627
	int res;
2628

2629
	res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2630
		       d_inode(dentry)->i_ino);
2631
	if (res > 0 && res < sizeof(name))
2632
		res = readlink_copy(buffer, buflen, name, strlen(name));
2633
	else
2634
		res = -ENOENT;
2635

2636
	return res;
2637
}
2638

2639
static const struct inode_operations policy_link_iops = {
2640
	.readlink	= policy_readlink,
2641
	.get_link	= policy_get_link,
2642
};
2643

2644

2645
/**
2646
 * aa_create_aafs - create the apparmor security filesystem
2647
 *
2648
 * dentries created here are released by aa_destroy_aafs
2649
 *
2650
 * Returns: error on failure
2651
 */
2652
static int __init aa_create_aafs(void)
2653
{
2654
	struct dentry *dent;
2655
	int error;
2656

2657
	if (!apparmor_initialized)
2658
		return 0;
2659

2660
	if (aa_sfs_entry.dentry) {
2661
		AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2662
		return -EEXIST;
2663
	}
2664

2665
	/* setup apparmorfs used to virtualize policy/ */
2666
	aafs_mnt = kern_mount(&aafs_ops);
2667
	if (IS_ERR(aafs_mnt))
2668
		panic("can't set apparmorfs up\n");
2669
	aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2670

2671
	/* Populate fs tree. */
2672
	error = entry_create_dir(&aa_sfs_entry, NULL);
2673
	if (error)
2674
		goto error;
2675

2676
	dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2677
				      NULL, &aa_fs_profile_load);
2678
	if (IS_ERR(dent))
2679
		goto dent_error;
2680
	ns_subload(root_ns) = dent;
2681

2682
	dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2683
				      NULL, &aa_fs_profile_replace);
2684
	if (IS_ERR(dent))
2685
		goto dent_error;
2686
	ns_subreplace(root_ns) = dent;
2687

2688
	dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2689
				      NULL, &aa_fs_profile_remove);
2690
	if (IS_ERR(dent))
2691
		goto dent_error;
2692
	ns_subremove(root_ns) = dent;
2693

2694
	dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2695
				      NULL, &aa_fs_ns_revision_fops);
2696
	if (IS_ERR(dent))
2697
		goto dent_error;
2698
	ns_subrevision(root_ns) = dent;
2699

2700
	/* policy tree referenced by magic policy symlink */
2701
	mutex_lock_nested(&root_ns->lock, root_ns->level);
2702
	error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2703
				aafs_mnt->mnt_root);
2704
	mutex_unlock(&root_ns->lock);
2705
	if (error)
2706
		goto error;
2707

2708
	/* magic symlink similar to nsfs redirects based on task policy */
2709
	dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2710
					 NULL, &policy_link_iops);
2711
	if (IS_ERR(dent))
2712
		goto dent_error;
2713

2714
	error = aa_mk_null_file(aa_sfs_entry.dentry);
2715
	if (error)
2716
		goto error;
2717

2718
	/* TODO: add default profile to apparmorfs */
2719

2720
	/* Report that AppArmor fs is enabled */
2721
	aa_info_message("AppArmor Filesystem Enabled");
2722
	return 0;
2723

2724
dent_error:
2725
	error = PTR_ERR(dent);
2726
error:
2727
	aa_destroy_aafs();
2728
	AA_ERROR("Error creating AppArmor securityfs\n");
2729
	return error;
2730
}
2731

2732
fs_initcall(aa_create_aafs);
2733

2734
Product

Resources

Company
