2 * AppArmor security module
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/policy.h"
34 #include "include/policy_ns.h"
35 #include "include/resource.h"
36 #include "include/policy_unpack.h"
39 * aa_mangle_name - mangle a profile name to std profile layout form
40 * @name: profile name to mangle (NOT NULL)
41 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
43 * Returns: length of mangled name
45 static int mangle_name(const char *name, char *target)
49 while (*name == '/' || *name == '.')
53 for (; *name; name++) {
56 else if (isspace(*name))
58 else if (isalnum(*name) || strchr("._-", *name))
65 for (; *name; name++) {
66 if (isalnum(*name) || isspace(*name) ||
67 strchr("/._-", *name))
78 * aa_simple_write_to_buffer - common routine for getting policy from user
79 * @userbuf: user buffer to copy data from (NOT NULL)
80 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
81 * @copy_size: size of data to copy from user buffer
82 * @pos: position write is at in the file (NOT NULL)
84 * Returns: kernel buffer containing copy of user buffer data or an
87 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
92 struct aa_loaddata *data;
94 AA_BUG(copy_size > alloc_size);
97 /* only writes from pos 0, that is complete writes */
98 return ERR_PTR(-ESPIPE);
100 /* freed by caller to simple_write_to_buffer */
101 data = kvmalloc(sizeof(*data) + alloc_size);
103 return ERR_PTR(-ENOMEM);
104 kref_init(&data->count);
105 data->size = copy_size;
109 if (copy_from_user(data->data, userbuf, copy_size)) {
111 return ERR_PTR(-EFAULT);
117 static ssize_t policy_update(int binop, const char __user *buf, size_t size,
118 loff_t *pos, struct aa_ns *ns)
121 struct aa_loaddata *data;
122 struct aa_profile *profile = aa_current_profile();
123 const char *op = binop == PROF_ADD ? OP_PROF_LOAD : OP_PROF_REPL;
124 /* high level check about policy management - fine grained in
127 error = aa_may_manage_policy(profile, ns, op);
131 data = aa_simple_write_to_buffer(buf, size, size, pos);
132 error = PTR_ERR(data);
134 error = aa_replace_profiles(ns ? ns : profile->ns, profile,
136 aa_put_loaddata(data);
142 /* .load file hook fn to load policy */
143 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
146 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
147 int error = policy_update(PROF_ADD, buf, size, pos, ns);
154 static const struct file_operations aa_fs_profile_load = {
155 .write = profile_load,
156 .llseek = default_llseek,
159 /* .replace file hook fn to load and/or replace policy */
160 static ssize_t profile_replace(struct file *f, const char __user *buf,
161 size_t size, loff_t *pos)
163 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
164 int error = policy_update(PROF_REPLACE, buf, size, pos, ns);
171 static const struct file_operations aa_fs_profile_replace = {
172 .write = profile_replace,
173 .llseek = default_llseek,
176 /* .remove file hook fn to remove loaded policy */
177 static ssize_t profile_remove(struct file *f, const char __user *buf,
178 size_t size, loff_t *pos)
180 struct aa_loaddata *data;
181 struct aa_profile *profile;
183 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
185 profile = aa_current_profile();
186 /* high level check about policy management - fine grained in
189 error = aa_may_manage_policy(profile, ns, OP_PROF_RM);
194 * aa_remove_profile needs a null terminated string so 1 extra
195 * byte is allocated and the copied data is null terminated.
197 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
199 error = PTR_ERR(data);
201 data->data[size] = 0;
202 error = aa_remove_profiles(ns ? ns : profile->ns, profile,
204 aa_put_loaddata(data);
211 static const struct file_operations aa_fs_profile_remove = {
212 .write = profile_remove,
213 .llseek = default_llseek,
217 * query_data - queries a policy and writes its data to buf
218 * @buf: the resulting data is stored here (NOT NULL)
219 * @buf_len: size of buf
220 * @query: query string used to retrieve data
221 * @query_len: size of query including second NUL byte
223 * The buffers pointed to by buf and query may overlap. The query buffer is
224 * parsed before buf is written to.
226 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
227 * the security confinement context and <KEY> is the name of the data to
228 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
230 * Don't expect the contents of buf to be preserved on failure.
232 * Returns: number of characters written to buf or -errno on failure
234 static ssize_t query_data(char *buf, size_t buf_len,
235 char *query, size_t query_len)
239 struct aa_profile *profile;
240 struct aa_data *data;
245 return -EINVAL; /* need a query */
247 key = query + strnlen(query, query_len) + 1;
248 if (key + 1 >= query + query_len)
249 return -EINVAL; /* not enough space for a non-empty key */
250 if (key + strnlen(key, query + query_len - key) >= query + query_len)
251 return -EINVAL; /* must end with NUL */
253 if (buf_len < sizeof(bytes) + sizeof(blocks))
254 return -EINVAL; /* not enough space */
256 profile = aa_current_profile();
258 /* We are going to leave space for two numbers. The first is the total
259 * number of bytes we are writing after the first number. This is so
260 * users can read the full output without reallocation.
262 * The second number is the number of data blocks we're writing. An
263 * application might be confined by multiple policies having data in
266 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
267 out = buf + sizeof(bytes) + sizeof(blocks);
271 data = rhashtable_lookup_fast(profile->data, &key,
275 if (out + sizeof(outle32) + data->size > buf + buf_len)
276 return -EINVAL; /* not enough space */
277 outle32 = __cpu_to_le32(data->size);
278 memcpy(out, &outle32, sizeof(outle32));
279 out += sizeof(outle32);
280 memcpy(out, data->data, data->size);
286 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
287 memcpy(buf, &outle32, sizeof(outle32));
288 outle32 = __cpu_to_le32(blocks);
289 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
294 #define QUERY_CMD_DATA "data\0"
295 #define QUERY_CMD_DATA_LEN 5
298 * aa_write_access - generic permissions and data query
299 * @file: pointer to open apparmorfs/access file
300 * @ubuf: user buffer containing the complete query string (NOT NULL)
301 * @count: size of ubuf
302 * @ppos: position in the file (MUST BE ZERO)
304 * Allows for one permissions or data query per open(), write(), and read()
305 * sequence. The only queries currently supported are label-based queries for
306 * permissions or data.
308 * For permissions queries, ubuf must begin with "label\0", followed by the
309 * profile query specific format described in the query_label() function
312 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
313 * <LABEL> is the name of the security confinement context and <KEY> is the
314 * name of the data to retrieve.
316 * Returns: number of bytes written or -errno on failure
318 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
319 size_t count, loff_t *ppos)
327 buf = simple_transaction_get(file, ubuf, count);
331 if (count > QUERY_CMD_DATA_LEN &&
332 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
333 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT,
334 buf + QUERY_CMD_DATA_LEN,
335 count - QUERY_CMD_DATA_LEN);
342 simple_transaction_set(file, len);
347 static const struct file_operations aa_fs_access = {
348 .write = aa_write_access,
349 .read = simple_transaction_read,
350 .release = simple_transaction_release,
351 .llseek = generic_file_llseek,
354 static int aa_fs_seq_show(struct seq_file *seq, void *v)
356 struct aa_fs_entry *fs_file = seq->private;
361 switch (fs_file->v_type) {
362 case AA_FS_TYPE_BOOLEAN:
363 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
365 case AA_FS_TYPE_STRING:
366 seq_printf(seq, "%s\n", fs_file->v.string);
369 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
372 /* Ignore unpritable entry types. */
379 static int aa_fs_seq_open(struct inode *inode, struct file *file)
381 return single_open(file, aa_fs_seq_show, inode->i_private);
384 const struct file_operations aa_fs_seq_file_ops = {
385 .owner = THIS_MODULE,
386 .open = aa_fs_seq_open,
389 .release = single_release,
392 static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
393 int (*show)(struct seq_file *, void *))
395 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
396 int error = single_open(file, show, proxy);
399 file->private_data = NULL;
406 static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
408 struct seq_file *seq = (struct seq_file *) file->private_data;
410 aa_put_proxy(seq->private);
411 return single_release(inode, file);
414 static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
416 struct aa_proxy *proxy = seq->private;
417 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
418 seq_printf(seq, "%s\n", profile->base.name);
419 aa_put_profile(profile);
424 static int aa_fs_seq_profname_open(struct inode *inode, struct file *file)
426 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profname_show);
429 static const struct file_operations aa_fs_profname_fops = {
430 .owner = THIS_MODULE,
431 .open = aa_fs_seq_profname_open,
434 .release = aa_fs_seq_profile_release,
437 static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
439 struct aa_proxy *proxy = seq->private;
440 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
441 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
442 aa_put_profile(profile);
447 static int aa_fs_seq_profmode_open(struct inode *inode, struct file *file)
449 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profmode_show);
452 static const struct file_operations aa_fs_profmode_fops = {
453 .owner = THIS_MODULE,
454 .open = aa_fs_seq_profmode_open,
457 .release = aa_fs_seq_profile_release,
460 static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
462 struct aa_proxy *proxy = seq->private;
463 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
465 seq_printf(seq, "%s\n", profile->attach);
466 else if (profile->xmatch)
467 seq_puts(seq, "<unknown>\n");
469 seq_printf(seq, "%s\n", profile->base.name);
470 aa_put_profile(profile);
475 static int aa_fs_seq_profattach_open(struct inode *inode, struct file *file)
477 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profattach_show);
480 static const struct file_operations aa_fs_profattach_fops = {
481 .owner = THIS_MODULE,
482 .open = aa_fs_seq_profattach_open,
485 .release = aa_fs_seq_profile_release,
488 static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
490 struct aa_proxy *proxy = seq->private;
491 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
492 unsigned int i, size = aa_hash_size();
495 for (i = 0; i < size; i++)
496 seq_printf(seq, "%.2x", profile->hash[i]);
499 aa_put_profile(profile);
504 static int aa_fs_seq_hash_open(struct inode *inode, struct file *file)
506 return single_open(file, aa_fs_seq_hash_show, inode->i_private);
509 static const struct file_operations aa_fs_seq_hash_fops = {
510 .owner = THIS_MODULE,
511 .open = aa_fs_seq_hash_open,
514 .release = single_release,
518 static int aa_fs_seq_show_ns_level(struct seq_file *seq, void *v)
520 struct aa_ns *ns = aa_current_profile()->ns;
522 seq_printf(seq, "%d\n", ns->level);
527 static int aa_fs_seq_open_ns_level(struct inode *inode, struct file *file)
529 return single_open(file, aa_fs_seq_show_ns_level, inode->i_private);
532 static const struct file_operations aa_fs_ns_level = {
533 .owner = THIS_MODULE,
534 .open = aa_fs_seq_open_ns_level,
537 .release = single_release,
540 static int aa_fs_seq_show_ns_name(struct seq_file *seq, void *v)
542 struct aa_ns *ns = aa_current_profile()->ns;
544 seq_printf(seq, "%s\n", ns->base.name);
549 static int aa_fs_seq_open_ns_name(struct inode *inode, struct file *file)
551 return single_open(file, aa_fs_seq_show_ns_name, inode->i_private);
554 static const struct file_operations aa_fs_ns_name = {
555 .owner = THIS_MODULE,
556 .open = aa_fs_seq_open_ns_name,
559 .release = single_release,
562 static int rawdata_release(struct inode *inode, struct file *file)
564 /* TODO: switch to loaddata when profile switched to symlink */
565 aa_put_loaddata(file->private_data);
570 static int aa_fs_seq_raw_abi_show(struct seq_file *seq, void *v)
572 struct aa_proxy *proxy = seq->private;
573 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
575 if (profile->rawdata->abi) {
576 seq_printf(seq, "v%d", profile->rawdata->abi);
579 aa_put_profile(profile);
584 static int aa_fs_seq_raw_abi_open(struct inode *inode, struct file *file)
586 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_abi_show);
589 static const struct file_operations aa_fs_seq_raw_abi_fops = {
590 .owner = THIS_MODULE,
591 .open = aa_fs_seq_raw_abi_open,
594 .release = aa_fs_seq_profile_release,
597 static int aa_fs_seq_raw_hash_show(struct seq_file *seq, void *v)
599 struct aa_proxy *proxy = seq->private;
600 struct aa_profile *profile = aa_get_profile_rcu(&proxy->profile);
601 unsigned int i, size = aa_hash_size();
603 if (profile->rawdata->hash) {
604 for (i = 0; i < size; i++)
605 seq_printf(seq, "%.2x", profile->rawdata->hash[i]);
608 aa_put_profile(profile);
613 static int aa_fs_seq_raw_hash_open(struct inode *inode, struct file *file)
615 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_hash_show);
618 static const struct file_operations aa_fs_seq_raw_hash_fops = {
619 .owner = THIS_MODULE,
620 .open = aa_fs_seq_raw_hash_open,
623 .release = aa_fs_seq_profile_release,
626 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
629 struct aa_loaddata *rawdata = file->private_data;
631 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
635 static int rawdata_open(struct inode *inode, struct file *file)
637 struct aa_proxy *proxy = inode->i_private;
638 struct aa_profile *profile;
640 if (!policy_view_capable(NULL))
642 profile = aa_get_profile_rcu(&proxy->profile);
643 file->private_data = aa_get_loaddata(profile->rawdata);
644 aa_put_profile(profile);
649 static const struct file_operations aa_fs_rawdata_fops = {
650 .open = rawdata_open,
651 .read = rawdata_read,
652 .llseek = generic_file_llseek,
653 .release = rawdata_release,
656 /** fns to setup dynamic per profile/namespace files **/
657 void __aa_fs_profile_rmdir(struct aa_profile *profile)
659 struct aa_profile *child;
665 list_for_each_entry(child, &profile->base.profiles, base.list)
666 __aa_fs_profile_rmdir(child);
668 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
669 struct aa_proxy *proxy;
670 if (!profile->dents[i])
673 proxy = d_inode(profile->dents[i])->i_private;
674 securityfs_remove(profile->dents[i]);
676 profile->dents[i] = NULL;
680 void __aa_fs_profile_migrate_dents(struct aa_profile *old,
681 struct aa_profile *new)
685 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
686 new->dents[i] = old->dents[i];
688 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
689 old->dents[i] = NULL;
693 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
694 struct aa_profile *profile,
695 const struct file_operations *fops)
697 struct aa_proxy *proxy = aa_get_proxy(profile->proxy);
700 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
707 /* requires lock be held */
708 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
710 struct aa_profile *child;
711 struct dentry *dent = NULL, *dir;
715 struct aa_profile *p;
716 p = aa_deref_parent(profile);
718 /* adding to parent that previously didn't have children */
719 dent = securityfs_create_dir("profiles", dent);
722 prof_child_dir(p) = parent = dent;
725 if (!profile->dirname) {
727 len = mangle_name(profile->base.name, NULL);
728 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
730 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
731 if (!profile->dirname)
734 mangle_name(profile->base.name, profile->dirname);
735 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
738 dent = securityfs_create_dir(profile->dirname, parent);
741 prof_dir(profile) = dir = dent;
743 dent = create_profile_file(dir, "name", profile, &aa_fs_profname_fops);
746 profile->dents[AAFS_PROF_NAME] = dent;
748 dent = create_profile_file(dir, "mode", profile, &aa_fs_profmode_fops);
751 profile->dents[AAFS_PROF_MODE] = dent;
753 dent = create_profile_file(dir, "attach", profile,
754 &aa_fs_profattach_fops);
757 profile->dents[AAFS_PROF_ATTACH] = dent;
760 dent = create_profile_file(dir, "sha1", profile,
761 &aa_fs_seq_hash_fops);
764 profile->dents[AAFS_PROF_HASH] = dent;
767 if (profile->rawdata) {
768 dent = create_profile_file(dir, "raw_sha1", profile,
769 &aa_fs_seq_raw_hash_fops);
772 profile->dents[AAFS_PROF_RAW_HASH] = dent;
774 dent = create_profile_file(dir, "raw_abi", profile,
775 &aa_fs_seq_raw_abi_fops);
778 profile->dents[AAFS_PROF_RAW_ABI] = dent;
780 dent = securityfs_create_file("raw_data", S_IFREG | 0444, dir,
782 &aa_fs_rawdata_fops);
785 profile->dents[AAFS_PROF_RAW_DATA] = dent;
786 d_inode(dent)->i_size = profile->rawdata->size;
787 aa_get_proxy(profile->proxy);
790 list_for_each_entry(child, &profile->base.profiles, base.list) {
791 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile));
799 error = PTR_ERR(dent);
802 __aa_fs_profile_rmdir(profile);
807 void __aa_fs_ns_rmdir(struct aa_ns *ns)
810 struct aa_profile *child;
816 list_for_each_entry(child, &ns->base.profiles, base.list)
817 __aa_fs_profile_rmdir(child);
819 list_for_each_entry(sub, &ns->sub_ns, base.list) {
820 mutex_lock(&sub->lock);
821 __aa_fs_ns_rmdir(sub);
822 mutex_unlock(&sub->lock);
825 if (ns_subns_dir(ns)) {
826 sub = d_inode(ns_subns_dir(ns))->i_private;
829 if (ns_subload(ns)) {
830 sub = d_inode(ns_subload(ns))->i_private;
833 if (ns_subreplace(ns)) {
834 sub = d_inode(ns_subreplace(ns))->i_private;
837 if (ns_subremove(ns)) {
838 sub = d_inode(ns_subremove(ns))->i_private;
842 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
843 securityfs_remove(ns->dents[i]);
848 /* assumes cleanup in caller */
849 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
856 dent = securityfs_create_dir("profiles", dir);
858 return PTR_ERR(dent);
859 ns_subprofs_dir(ns) = dent;
861 dent = securityfs_create_dir("raw_data", dir);
863 return PTR_ERR(dent);
864 ns_subdata_dir(ns) = dent;
866 dent = securityfs_create_file(".load", 0640, dir, ns,
867 &aa_fs_profile_load);
869 return PTR_ERR(dent);
871 ns_subload(ns) = dent;
873 dent = securityfs_create_file(".replace", 0640, dir, ns,
874 &aa_fs_profile_replace);
876 return PTR_ERR(dent);
878 ns_subreplace(ns) = dent;
880 dent = securityfs_create_file(".remove", 0640, dir, ns,
881 &aa_fs_profile_remove);
883 return PTR_ERR(dent);
885 ns_subremove(ns) = dent;
887 dent = securityfs_create_dir("namespaces", dir);
889 return PTR_ERR(dent);
891 ns_subns_dir(ns) = dent;
896 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name)
899 struct aa_profile *child;
900 struct dentry *dent, *dir;
905 AA_BUG(!mutex_is_locked(&ns->lock));
908 name = ns->base.name;
910 /* create ns dir if it doesn't already exist */
911 dent = securityfs_create_dir(name, parent);
915 ns_dir(ns) = dir = dent;
916 error = __aa_fs_ns_mkdir_entries(ns, dir);
921 list_for_each_entry(child, &ns->base.profiles, base.list) {
922 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns));
928 list_for_each_entry(sub, &ns->sub_ns, base.list) {
929 mutex_lock(&sub->lock);
930 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL);
931 mutex_unlock(&sub->lock);
939 error = PTR_ERR(dent);
942 __aa_fs_ns_rmdir(ns);
948 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
951 * __next_ns - find the next namespace to list
952 * @root: root namespace to stop search at (NOT NULL)
953 * @ns: current ns position (NOT NULL)
955 * Find the next namespace from @ns under @root and handle all locking needed
956 * while switching current namespace.
958 * Returns: next namespace or NULL if at last namespace under @root
959 * Requires: ns->parent->lock to be held
960 * NOTE: will not unlock root->lock
962 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
964 struct aa_ns *parent, *next;
966 /* is next namespace a child */
967 if (!list_empty(&ns->sub_ns)) {
968 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
969 mutex_lock(&next->lock);
973 /* check if the next ns is a sibling, parent, gp, .. */
976 mutex_unlock(&ns->lock);
977 next = list_next_entry(ns, base.list);
978 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
979 mutex_lock(&next->lock);
983 parent = parent->parent;
990 * __first_profile - find the first profile in a namespace
991 * @root: namespace that is root of profiles being displayed (NOT NULL)
992 * @ns: namespace to start in (NOT NULL)
994 * Returns: unrefcounted profile or NULL if no profile
995 * Requires: profile->ns.lock to be held
997 static struct aa_profile *__first_profile(struct aa_ns *root,
1000 for (; ns; ns = __next_ns(root, ns)) {
1001 if (!list_empty(&ns->base.profiles))
1002 return list_first_entry(&ns->base.profiles,
1003 struct aa_profile, base.list);
1009 * __next_profile - step to the next profile in a profile tree
1010 * @profile: current profile in tree (NOT NULL)
1012 * Perform a depth first traversal on the profile tree in a namespace
1014 * Returns: next profile or NULL if done
1015 * Requires: profile->ns.lock to be held
1017 static struct aa_profile *__next_profile(struct aa_profile *p)
1019 struct aa_profile *parent;
1020 struct aa_ns *ns = p->ns;
1022 /* is next profile a child */
1023 if (!list_empty(&p->base.profiles))
1024 return list_first_entry(&p->base.profiles, typeof(*p),
1027 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1028 parent = rcu_dereference_protected(p->parent,
1029 mutex_is_locked(&p->ns->lock));
1031 p = list_next_entry(p, base.list);
1032 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1035 parent = rcu_dereference_protected(parent->parent,
1036 mutex_is_locked(&parent->ns->lock));
1039 /* is next another profile in the namespace */
1040 p = list_next_entry(p, base.list);
1041 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1048 * next_profile - step to the next profile in where ever it may be
1049 * @root: root namespace (NOT NULL)
1050 * @profile: current profile (NOT NULL)
1052 * Returns: next profile or NULL if there isn't one
1054 static struct aa_profile *next_profile(struct aa_ns *root,
1055 struct aa_profile *profile)
1057 struct aa_profile *next = __next_profile(profile);
1061 /* finished all profiles in namespace move to next namespace */
1062 return __first_profile(root, __next_ns(root, profile->ns));
1066 * p_start - start a depth first traversal of profile tree
1067 * @f: seq_file to fill
1068 * @pos: current position
1070 * Returns: first profile under current namespace or NULL if none found
1072 * acquires first ns->lock
1074 static void *p_start(struct seq_file *f, loff_t *pos)
1076 struct aa_profile *profile = NULL;
1077 struct aa_ns *root = aa_current_profile()->ns;
1079 f->private = aa_get_ns(root);
1082 /* find the first profile */
1083 mutex_lock(&root->lock);
1084 profile = __first_profile(root, root);
1086 /* skip to position */
1087 for (; profile && l > 0; l--)
1088 profile = next_profile(root, profile);
1094 * p_next - read the next profile entry
1095 * @f: seq_file to fill
1096 * @p: profile previously returned
1097 * @pos: current position
1099 * Returns: next profile after @p or NULL if none
1101 * may acquire/release locks in namespace tree as necessary
1103 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
1105 struct aa_profile *profile = p;
1106 struct aa_ns *ns = f->private;
1109 return next_profile(ns, profile);
1113 * p_stop - stop depth first traversal
1114 * @f: seq_file we are filling
1115 * @p: the last profile writen
1117 * Release all locking done by p_start/p_next on namespace tree
1119 static void p_stop(struct seq_file *f, void *p)
1121 struct aa_profile *profile = p;
1122 struct aa_ns *root = f->private, *ns;
1125 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
1126 mutex_unlock(&ns->lock);
1128 mutex_unlock(&root->lock);
1133 * seq_show_profile - show a profile entry
1134 * @f: seq_file to file
1135 * @p: current position (profile) (NOT NULL)
1137 * Returns: error on failure
1139 static int seq_show_profile(struct seq_file *f, void *p)
1141 struct aa_profile *profile = (struct aa_profile *)p;
1142 struct aa_ns *root = f->private;
1144 if (profile->ns != root)
1145 seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true));
1146 seq_printf(f, "%s (%s)\n", profile->base.hname,
1147 aa_profile_mode_names[profile->mode]);
1152 static const struct seq_operations aa_fs_profiles_op = {
1156 .show = seq_show_profile,
1159 static int profiles_open(struct inode *inode, struct file *file)
1161 if (!policy_view_capable(NULL))
1164 return seq_open(file, &aa_fs_profiles_op);
1167 static int profiles_release(struct inode *inode, struct file *file)
1169 return seq_release(inode, file);
1172 static const struct file_operations aa_fs_profiles_fops = {
1173 .open = profiles_open,
1175 .llseek = seq_lseek,
1176 .release = profiles_release,
1180 /** Base file system setup **/
1181 static struct aa_fs_entry aa_fs_entry_file[] = {
1182 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1187 static struct aa_fs_entry aa_fs_entry_domain[] = {
1188 AA_FS_FILE_BOOLEAN("change_hat", 1),
1189 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1190 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1191 AA_FS_FILE_BOOLEAN("change_profile", 1),
1192 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1193 AA_FS_FILE_STRING("version", "1.2"),
1197 static struct aa_fs_entry aa_fs_entry_versions[] = {
1198 AA_FS_FILE_BOOLEAN("v5", 1),
1202 static struct aa_fs_entry aa_fs_entry_policy[] = {
1203 AA_FS_DIR("versions", aa_fs_entry_versions),
1204 AA_FS_FILE_BOOLEAN("set_load", 1),
1208 static struct aa_fs_entry aa_fs_entry_features[] = {
1209 AA_FS_DIR("policy", aa_fs_entry_policy),
1210 AA_FS_DIR("domain", aa_fs_entry_domain),
1211 AA_FS_DIR("file", aa_fs_entry_file),
1212 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
1213 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
1214 AA_FS_DIR("caps", aa_fs_entry_caps),
1218 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
1219 AA_FS_FILE_FOPS(".access", 0640, &aa_fs_access),
1220 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level),
1221 AA_FS_FILE_FOPS(".ns_name", 0640, &aa_fs_ns_name),
1222 AA_FS_FILE_FOPS("profiles", 0440, &aa_fs_profiles_fops),
1223 AA_FS_DIR("features", aa_fs_entry_features),
1227 static struct aa_fs_entry aa_fs_entry =
1228 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
1231 * aafs_create_file - create a file entry in the apparmor securityfs
1232 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1233 * @parent: the parent dentry in the securityfs
1235 * Use aafs_remove_file to remove entries created with this fn.
1237 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
1238 struct dentry *parent)
1242 fs_file->dentry = securityfs_create_file(fs_file->name,
1243 S_IFREG | fs_file->mode,
1246 if (IS_ERR(fs_file->dentry)) {
1247 error = PTR_ERR(fs_file->dentry);
1248 fs_file->dentry = NULL;
1253 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir);
1255 * aafs_create_dir - recursively create a directory entry in the securityfs
1256 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1257 * @parent: the parent dentry in the securityfs
1259 * Use aafs_remove_dir to remove entries created with this fn.
1261 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
1262 struct dentry *parent)
1264 struct aa_fs_entry *fs_file;
1268 dir = securityfs_create_dir(fs_dir->name, parent);
1270 return PTR_ERR(dir);
1271 fs_dir->dentry = dir;
1273 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1274 if (fs_file->v_type == AA_FS_TYPE_DIR)
1275 error = aafs_create_dir(fs_file, fs_dir->dentry);
1277 error = aafs_create_file(fs_file, fs_dir->dentry);
1285 aafs_remove_dir(fs_dir);
1291 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1292 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1294 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
1296 if (!fs_file->dentry)
1299 securityfs_remove(fs_file->dentry);
1300 fs_file->dentry = NULL;
1304 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1305 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1307 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
1309 struct aa_fs_entry *fs_file;
1311 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1312 if (fs_file->v_type == AA_FS_TYPE_DIR)
1313 aafs_remove_dir(fs_file);
1315 aafs_remove_file(fs_file);
1318 aafs_remove_file(fs_dir);
1322 * aa_destroy_aafs - cleanup and free aafs
1324 * releases dentries allocated by aa_create_aafs
1326 void __init aa_destroy_aafs(void)
1328 aafs_remove_dir(&aa_fs_entry);
1332 #define NULL_FILE_NAME ".null"
1333 struct path aa_null;
1335 static int aa_mk_null_file(struct dentry *parent)
1337 struct vfsmount *mount = NULL;
1338 struct dentry *dentry;
1339 struct inode *inode;
1341 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
1346 inode_lock(d_inode(parent));
1347 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
1348 if (IS_ERR(dentry)) {
1349 error = PTR_ERR(dentry);
1352 inode = new_inode(parent->d_inode->i_sb);
1358 inode->i_ino = get_next_ino();
1359 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
1360 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
1361 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
1362 MKDEV(MEM_MAJOR, 3));
1363 d_instantiate(dentry, inode);
1364 aa_null.dentry = dget(dentry);
1365 aa_null.mnt = mntget(mount);
1372 inode_unlock(d_inode(parent));
1373 simple_release_fs(&mount, &count);
1378 * aa_create_aafs - create the apparmor security filesystem
1380 * dentries created here are released by aa_destroy_aafs
1382 * Returns: error on failure
1384 static int __init aa_create_aafs(void)
1386 struct dentry *dent;
1389 if (!apparmor_initialized)
1392 if (aa_fs_entry.dentry) {
1393 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
1397 /* Populate fs tree. */
1398 error = aafs_create_dir(&aa_fs_entry, NULL);
1402 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry,
1403 NULL, &aa_fs_profile_load);
1405 error = PTR_ERR(dent);
1408 ns_subload(root_ns) = dent;
1410 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry,
1411 NULL, &aa_fs_profile_replace);
1413 error = PTR_ERR(dent);
1416 ns_subreplace(root_ns) = dent;
1418 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry,
1419 NULL, &aa_fs_profile_remove);
1421 error = PTR_ERR(dent);
1424 ns_subremove(root_ns) = dent;
1426 mutex_lock(&root_ns->lock);
1427 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy");
1428 mutex_unlock(&root_ns->lock);
1433 error = aa_mk_null_file(aa_fs_entry.dentry);
1437 /* TODO: add default profile to apparmorfs */
1439 /* Report that AppArmor fs is enabled */
1440 aa_info_message("AppArmor Filesystem Enabled");
1445 AA_ERROR("Error creating AppArmor securityfs\n");
1449 fs_initcall(aa_create_aafs);