Loading...
1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#include <linux/security.h>
16#include <linux/vmalloc.h>
17#include <linux/module.h>
18#include <linux/seq_file.h>
19#include <linux/uaccess.h>
20#include <linux/namei.h>
21
22#include "include/apparmor.h"
23#include "include/apparmorfs.h"
24#include "include/audit.h"
25#include "include/context.h"
26#include "include/policy.h"
27
28/**
29 * aa_simple_write_to_buffer - common routine for getting policy from user
30 * @op: operation doing the user buffer copy
31 * @userbuf: user buffer to copy data from (NOT NULL)
32 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
33 * @copy_size: size of data to copy from user buffer
34 * @pos: position write is at in the file (NOT NULL)
35 *
36 * Returns: kernel buffer containing copy of user buffer data or an
37 * ERR_PTR on failure.
38 */
39static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
40 size_t alloc_size, size_t copy_size,
41 loff_t *pos)
42{
43 char *data;
44
45 BUG_ON(copy_size > alloc_size);
46
47 if (*pos != 0)
48 /* only writes from pos 0, that is complete writes */
49 return ERR_PTR(-ESPIPE);
50
51 /*
52 * Don't allow profile load/replace/remove from profiles that don't
53 * have CAP_MAC_ADMIN
54 */
55 if (!aa_may_manage_policy(op))
56 return ERR_PTR(-EACCES);
57
58 /* freed by caller to simple_write_to_buffer */
59 data = kvmalloc(alloc_size);
60 if (data == NULL)
61 return ERR_PTR(-ENOMEM);
62
63 if (copy_from_user(data, userbuf, copy_size)) {
64 kvfree(data);
65 return ERR_PTR(-EFAULT);
66 }
67
68 return data;
69}
70
71
72/* .load file hook fn to load policy */
73static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
74 loff_t *pos)
75{
76 char *data;
77 ssize_t error;
78
79 data = aa_simple_write_to_buffer(OP_PROF_LOAD, buf, size, size, pos);
80
81 error = PTR_ERR(data);
82 if (!IS_ERR(data)) {
83 error = aa_replace_profiles(data, size, PROF_ADD);
84 kvfree(data);
85 }
86
87 return error;
88}
89
90static const struct file_operations aa_fs_profile_load = {
91 .write = profile_load,
92 .llseek = default_llseek,
93};
94
95/* .replace file hook fn to load and/or replace policy */
96static ssize_t profile_replace(struct file *f, const char __user *buf,
97 size_t size, loff_t *pos)
98{
99 char *data;
100 ssize_t error;
101
102 data = aa_simple_write_to_buffer(OP_PROF_REPL, buf, size, size, pos);
103 error = PTR_ERR(data);
104 if (!IS_ERR(data)) {
105 error = aa_replace_profiles(data, size, PROF_REPLACE);
106 kvfree(data);
107 }
108
109 return error;
110}
111
112static const struct file_operations aa_fs_profile_replace = {
113 .write = profile_replace,
114 .llseek = default_llseek,
115};
116
117/* .remove file hook fn to remove loaded policy */
118static ssize_t profile_remove(struct file *f, const char __user *buf,
119 size_t size, loff_t *pos)
120{
121 char *data;
122 ssize_t error;
123
124 /*
125 * aa_remove_profile needs a null terminated string so 1 extra
126 * byte is allocated and the copied data is null terminated.
127 */
128 data = aa_simple_write_to_buffer(OP_PROF_RM, buf, size + 1, size, pos);
129
130 error = PTR_ERR(data);
131 if (!IS_ERR(data)) {
132 data[size] = 0;
133 error = aa_remove_profiles(data, size);
134 kvfree(data);
135 }
136
137 return error;
138}
139
140static const struct file_operations aa_fs_profile_remove = {
141 .write = profile_remove,
142 .llseek = default_llseek,
143};
144
145/** Base file system setup **/
146
147static struct dentry *aa_fs_dentry __initdata;
148
149static void __init aafs_remove(const char *name)
150{
151 struct dentry *dentry;
152
153 dentry = lookup_one_len(name, aa_fs_dentry, strlen(name));
154 if (!IS_ERR(dentry)) {
155 securityfs_remove(dentry);
156 dput(dentry);
157 }
158}
159
160/**
161 * aafs_create - create an entry in the apparmor filesystem
162 * @name: name of the entry (NOT NULL)
163 * @mask: file permission mask of the file
164 * @fops: file operations for the file (NOT NULL)
165 *
166 * Used aafs_remove to remove entries created with this fn.
167 */
168static int __init aafs_create(const char *name, int mask,
169 const struct file_operations *fops)
170{
171 struct dentry *dentry;
172
173 dentry = securityfs_create_file(name, S_IFREG | mask, aa_fs_dentry,
174 NULL, fops);
175
176 return IS_ERR(dentry) ? PTR_ERR(dentry) : 0;
177}
178
179/**
180 * aa_destroy_aafs - cleanup and free aafs
181 *
182 * releases dentries allocated by aa_create_aafs
183 */
184void __init aa_destroy_aafs(void)
185{
186 if (aa_fs_dentry) {
187 aafs_remove(".remove");
188 aafs_remove(".replace");
189 aafs_remove(".load");
190
191 securityfs_remove(aa_fs_dentry);
192 aa_fs_dentry = NULL;
193 }
194}
195
196/**
197 * aa_create_aafs - create the apparmor security filesystem
198 *
199 * dentries created here are released by aa_destroy_aafs
200 *
201 * Returns: error on failure
202 */
203int __init aa_create_aafs(void)
204{
205 int error;
206
207 if (!apparmor_initialized)
208 return 0;
209
210 if (aa_fs_dentry) {
211 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
212 return -EEXIST;
213 }
214
215 aa_fs_dentry = securityfs_create_dir("apparmor", NULL);
216 if (IS_ERR(aa_fs_dentry)) {
217 error = PTR_ERR(aa_fs_dentry);
218 aa_fs_dentry = NULL;
219 goto error;
220 }
221
222 error = aafs_create(".load", 0640, &aa_fs_profile_load);
223 if (error)
224 goto error;
225 error = aafs_create(".replace", 0640, &aa_fs_profile_replace);
226 if (error)
227 goto error;
228 error = aafs_create(".remove", 0640, &aa_fs_profile_remove);
229 if (error)
230 goto error;
231
232 /* TODO: add support for apparmorfs_null and apparmorfs_mnt */
233
234 /* Report that AppArmor fs is enabled */
235 aa_info_message("AppArmor Filesystem Enabled");
236 return 0;
237
238error:
239 aa_destroy_aafs();
240 AA_ERROR("Error creating AppArmor securityfs\n");
241 return error;
242}
243
244fs_initcall(aa_create_aafs);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AppArmor security module
4 *
5 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
10
11#include <linux/ctype.h>
12#include <linux/security.h>
13#include <linux/vmalloc.h>
14#include <linux/init.h>
15#include <linux/seq_file.h>
16#include <linux/uaccess.h>
17#include <linux/mount.h>
18#include <linux/namei.h>
19#include <linux/capability.h>
20#include <linux/rcupdate.h>
21#include <linux/fs.h>
22#include <linux/fs_context.h>
23#include <linux/poll.h>
24#include <linux/zstd.h>
25#include <uapi/linux/major.h>
26#include <uapi/linux/magic.h>
27
28#include "include/apparmor.h"
29#include "include/apparmorfs.h"
30#include "include/audit.h"
31#include "include/cred.h"
32#include "include/crypto.h"
33#include "include/ipc.h"
34#include "include/label.h"
35#include "include/policy.h"
36#include "include/policy_ns.h"
37#include "include/resource.h"
38#include "include/policy_unpack.h"
39#include "include/task.h"
40
41/*
42 * The apparmor filesystem interface used for policy load and introspection
43 * The interface is split into two main components based on their function
44 * a securityfs component:
45 * used for static files that are always available, and which allows
46 * userspace to specificy the location of the security filesystem.
47 *
48 * fns and data are prefixed with
49 * aa_sfs_
50 *
51 * an apparmorfs component:
52 * used loaded policy content and introspection. It is not part of a
53 * regular mounted filesystem and is available only through the magic
54 * policy symlink in the root of the securityfs apparmor/ directory.
55 * Tasks queries will be magically redirected to the correct portion
56 * of the policy tree based on their confinement.
57 *
58 * fns and data are prefixed with
59 * aafs_
60 *
61 * The aa_fs_ prefix is used to indicate the fn is used by both the
62 * securityfs and apparmorfs filesystems.
63 */
64
65
66/*
67 * support fns
68 */
69
70struct rawdata_f_data {
71 struct aa_loaddata *loaddata;
72};
73
74#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
75#define RAWDATA_F_DATA_BUF(p) (char *)(p + 1)
76
77static void rawdata_f_data_free(struct rawdata_f_data *private)
78{
79 if (!private)
80 return;
81
82 aa_put_loaddata(private->loaddata);
83 kvfree(private);
84}
85
86static struct rawdata_f_data *rawdata_f_data_alloc(size_t size)
87{
88 struct rawdata_f_data *ret;
89
90 if (size > SIZE_MAX - sizeof(*ret))
91 return ERR_PTR(-EINVAL);
92
93 ret = kvzalloc(sizeof(*ret) + size, GFP_KERNEL);
94 if (!ret)
95 return ERR_PTR(-ENOMEM);
96
97 return ret;
98}
99#endif
100
101/**
102 * mangle_name - mangle a profile name to std profile layout form
103 * @name: profile name to mangle (NOT NULL)
104 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
105 *
106 * Returns: length of mangled name
107 */
108static int mangle_name(const char *name, char *target)
109{
110 char *t = target;
111
112 while (*name == '/' || *name == '.')
113 name++;
114
115 if (target) {
116 for (; *name; name++) {
117 if (*name == '/')
118 *(t)++ = '.';
119 else if (isspace(*name))
120 *(t)++ = '_';
121 else if (isalnum(*name) || strchr("._-", *name))
122 *(t)++ = *name;
123 }
124
125 *t = 0;
126 } else {
127 int len = 0;
128 for (; *name; name++) {
129 if (isalnum(*name) || isspace(*name) ||
130 strchr("/._-", *name))
131 len++;
132 }
133
134 return len;
135 }
136
137 return t - target;
138}
139
140
141/*
142 * aafs - core fns and data for the policy tree
143 */
144
145#define AAFS_NAME "apparmorfs"
146static struct vfsmount *aafs_mnt;
147static int aafs_count;
148
149
150static int aafs_show_path(struct seq_file *seq, struct dentry *dentry)
151{
152 seq_printf(seq, "%s:[%lu]", AAFS_NAME, d_inode(dentry)->i_ino);
153 return 0;
154}
155
156static void aafs_free_inode(struct inode *inode)
157{
158 if (S_ISLNK(inode->i_mode))
159 kfree(inode->i_link);
160 free_inode_nonrcu(inode);
161}
162
163static const struct super_operations aafs_super_ops = {
164 .statfs = simple_statfs,
165 .free_inode = aafs_free_inode,
166 .show_path = aafs_show_path,
167};
168
169static int apparmorfs_fill_super(struct super_block *sb, struct fs_context *fc)
170{
171 static struct tree_descr files[] = { {""} };
172 int error;
173
174 error = simple_fill_super(sb, AAFS_MAGIC, files);
175 if (error)
176 return error;
177 sb->s_op = &aafs_super_ops;
178
179 return 0;
180}
181
182static int apparmorfs_get_tree(struct fs_context *fc)
183{
184 return get_tree_single(fc, apparmorfs_fill_super);
185}
186
187static const struct fs_context_operations apparmorfs_context_ops = {
188 .get_tree = apparmorfs_get_tree,
189};
190
191static int apparmorfs_init_fs_context(struct fs_context *fc)
192{
193 fc->ops = &apparmorfs_context_ops;
194 return 0;
195}
196
197static struct file_system_type aafs_ops = {
198 .owner = THIS_MODULE,
199 .name = AAFS_NAME,
200 .init_fs_context = apparmorfs_init_fs_context,
201 .kill_sb = kill_anon_super,
202};
203
204/**
205 * __aafs_setup_d_inode - basic inode setup for apparmorfs
206 * @dir: parent directory for the dentry
207 * @dentry: dentry we are seting the inode up for
208 * @mode: permissions the file should have
209 * @data: data to store on inode.i_private, available in open()
210 * @link: if symlink, symlink target string
211 * @fops: struct file_operations that should be used
212 * @iops: struct of inode_operations that should be used
213 */
214static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
215 umode_t mode, void *data, char *link,
216 const struct file_operations *fops,
217 const struct inode_operations *iops)
218{
219 struct inode *inode = new_inode(dir->i_sb);
220
221 AA_BUG(!dir);
222 AA_BUG(!dentry);
223
224 if (!inode)
225 return -ENOMEM;
226
227 inode->i_ino = get_next_ino();
228 inode->i_mode = mode;
229 simple_inode_init_ts(inode);
230 inode->i_private = data;
231 if (S_ISDIR(mode)) {
232 inode->i_op = iops ? iops : &simple_dir_inode_operations;
233 inode->i_fop = &simple_dir_operations;
234 inc_nlink(inode);
235 inc_nlink(dir);
236 } else if (S_ISLNK(mode)) {
237 inode->i_op = iops ? iops : &simple_symlink_inode_operations;
238 inode->i_link = link;
239 } else {
240 inode->i_fop = fops;
241 }
242 d_instantiate(dentry, inode);
243 dget(dentry);
244
245 return 0;
246}
247
248/**
249 * aafs_create - create a dentry in the apparmorfs filesystem
250 *
251 * @name: name of dentry to create
252 * @mode: permissions the file should have
253 * @parent: parent directory for this dentry
254 * @data: data to store on inode.i_private, available in open()
255 * @link: if symlink, symlink target string
256 * @fops: struct file_operations that should be used for
257 * @iops: struct of inode_operations that should be used
258 *
259 * This is the basic "create a xxx" function for apparmorfs.
260 *
261 * Returns a pointer to a dentry if it succeeds, that must be free with
262 * aafs_remove(). Will return ERR_PTR on failure.
263 */
264static struct dentry *aafs_create(const char *name, umode_t mode,
265 struct dentry *parent, void *data, void *link,
266 const struct file_operations *fops,
267 const struct inode_operations *iops)
268{
269 struct dentry *dentry;
270 struct inode *dir;
271 int error;
272
273 AA_BUG(!name);
274 AA_BUG(!parent);
275
276 if (!(mode & S_IFMT))
277 mode = (mode & S_IALLUGO) | S_IFREG;
278
279 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
280 if (error)
281 return ERR_PTR(error);
282
283 dir = d_inode(parent);
284
285 inode_lock(dir);
286 dentry = lookup_one_len(name, parent, strlen(name));
287 if (IS_ERR(dentry)) {
288 error = PTR_ERR(dentry);
289 goto fail_lock;
290 }
291
292 if (d_really_is_positive(dentry)) {
293 error = -EEXIST;
294 goto fail_dentry;
295 }
296
297 error = __aafs_setup_d_inode(dir, dentry, mode, data, link, fops, iops);
298 if (error)
299 goto fail_dentry;
300 inode_unlock(dir);
301
302 return dentry;
303
304fail_dentry:
305 dput(dentry);
306
307fail_lock:
308 inode_unlock(dir);
309 simple_release_fs(&aafs_mnt, &aafs_count);
310
311 return ERR_PTR(error);
312}
313
314/**
315 * aafs_create_file - create a file in the apparmorfs filesystem
316 *
317 * @name: name of dentry to create
318 * @mode: permissions the file should have
319 * @parent: parent directory for this dentry
320 * @data: data to store on inode.i_private, available in open()
321 * @fops: struct file_operations that should be used for
322 *
323 * see aafs_create
324 */
325static struct dentry *aafs_create_file(const char *name, umode_t mode,
326 struct dentry *parent, void *data,
327 const struct file_operations *fops)
328{
329 return aafs_create(name, mode, parent, data, NULL, fops, NULL);
330}
331
332/**
333 * aafs_create_dir - create a directory in the apparmorfs filesystem
334 *
335 * @name: name of dentry to create
336 * @parent: parent directory for this dentry
337 *
338 * see aafs_create
339 */
340static struct dentry *aafs_create_dir(const char *name, struct dentry *parent)
341{
342 return aafs_create(name, S_IFDIR | 0755, parent, NULL, NULL, NULL,
343 NULL);
344}
345
346/**
347 * aafs_remove - removes a file or directory from the apparmorfs filesystem
348 *
349 * @dentry: dentry of the file/directory/symlink to removed.
350 */
351static void aafs_remove(struct dentry *dentry)
352{
353 struct inode *dir;
354
355 if (!dentry || IS_ERR(dentry))
356 return;
357
358 dir = d_inode(dentry->d_parent);
359 inode_lock(dir);
360 if (simple_positive(dentry)) {
361 if (d_is_dir(dentry))
362 simple_rmdir(dir, dentry);
363 else
364 simple_unlink(dir, dentry);
365 d_delete(dentry);
366 dput(dentry);
367 }
368 inode_unlock(dir);
369 simple_release_fs(&aafs_mnt, &aafs_count);
370}
371
372
373/*
374 * aa_fs - policy load/replace/remove
375 */
376
377/**
378 * aa_simple_write_to_buffer - common routine for getting policy from user
379 * @userbuf: user buffer to copy data from (NOT NULL)
380 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
381 * @copy_size: size of data to copy from user buffer
382 * @pos: position write is at in the file (NOT NULL)
383 *
384 * Returns: kernel buffer containing copy of user buffer data or an
385 * ERR_PTR on failure.
386 */
387static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
388 size_t alloc_size,
389 size_t copy_size,
390 loff_t *pos)
391{
392 struct aa_loaddata *data;
393
394 AA_BUG(copy_size > alloc_size);
395
396 if (*pos != 0)
397 /* only writes from pos 0, that is complete writes */
398 return ERR_PTR(-ESPIPE);
399
400 /* freed by caller to simple_write_to_buffer */
401 data = aa_loaddata_alloc(alloc_size);
402 if (IS_ERR(data))
403 return data;
404
405 data->size = copy_size;
406 if (copy_from_user(data->data, userbuf, copy_size)) {
407 aa_put_loaddata(data);
408 return ERR_PTR(-EFAULT);
409 }
410
411 return data;
412}
413
414static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
415 loff_t *pos, struct aa_ns *ns)
416{
417 struct aa_loaddata *data;
418 struct aa_label *label;
419 ssize_t error;
420
421 label = begin_current_label_crit_section();
422
423 /* high level check about policy management - fine grained in
424 * below after unpack
425 */
426 error = aa_may_manage_policy(current_cred(), label, ns, mask);
427 if (error)
428 goto end_section;
429
430 data = aa_simple_write_to_buffer(buf, size, size, pos);
431 error = PTR_ERR(data);
432 if (!IS_ERR(data)) {
433 error = aa_replace_profiles(ns, label, mask, data);
434 aa_put_loaddata(data);
435 }
436end_section:
437 end_current_label_crit_section(label);
438
439 return error;
440}
441
442/* .load file hook fn to load policy */
443static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
444 loff_t *pos)
445{
446 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
447 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
448
449 aa_put_ns(ns);
450
451 return error;
452}
453
454static const struct file_operations aa_fs_profile_load = {
455 .write = profile_load,
456 .llseek = default_llseek,
457};
458
459/* .replace file hook fn to load and/or replace policy */
460static ssize_t profile_replace(struct file *f, const char __user *buf,
461 size_t size, loff_t *pos)
462{
463 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
464 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
465 buf, size, pos, ns);
466 aa_put_ns(ns);
467
468 return error;
469}
470
471static const struct file_operations aa_fs_profile_replace = {
472 .write = profile_replace,
473 .llseek = default_llseek,
474};
475
476/* .remove file hook fn to remove loaded policy */
477static ssize_t profile_remove(struct file *f, const char __user *buf,
478 size_t size, loff_t *pos)
479{
480 struct aa_loaddata *data;
481 struct aa_label *label;
482 ssize_t error;
483 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
484
485 label = begin_current_label_crit_section();
486 /* high level check about policy management - fine grained in
487 * below after unpack
488 */
489 error = aa_may_manage_policy(current_cred(), label, ns,
490 AA_MAY_REMOVE_POLICY);
491 if (error)
492 goto out;
493
494 /*
495 * aa_remove_profile needs a null terminated string so 1 extra
496 * byte is allocated and the copied data is null terminated.
497 */
498 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
499
500 error = PTR_ERR(data);
501 if (!IS_ERR(data)) {
502 data->data[size] = 0;
503 error = aa_remove_profiles(ns, label, data->data, size);
504 aa_put_loaddata(data);
505 }
506 out:
507 end_current_label_crit_section(label);
508 aa_put_ns(ns);
509 return error;
510}
511
512static const struct file_operations aa_fs_profile_remove = {
513 .write = profile_remove,
514 .llseek = default_llseek,
515};
516
517struct aa_revision {
518 struct aa_ns *ns;
519 long last_read;
520};
521
522/* revision file hook fn for policy loads */
523static int ns_revision_release(struct inode *inode, struct file *file)
524{
525 struct aa_revision *rev = file->private_data;
526
527 if (rev) {
528 aa_put_ns(rev->ns);
529 kfree(rev);
530 }
531
532 return 0;
533}
534
535static ssize_t ns_revision_read(struct file *file, char __user *buf,
536 size_t size, loff_t *ppos)
537{
538 struct aa_revision *rev = file->private_data;
539 char buffer[32];
540 long last_read;
541 int avail;
542
543 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
544 last_read = rev->last_read;
545 if (last_read == rev->ns->revision) {
546 mutex_unlock(&rev->ns->lock);
547 if (file->f_flags & O_NONBLOCK)
548 return -EAGAIN;
549 if (wait_event_interruptible(rev->ns->wait,
550 last_read !=
551 READ_ONCE(rev->ns->revision)))
552 return -ERESTARTSYS;
553 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
554 }
555
556 avail = sprintf(buffer, "%ld\n", rev->ns->revision);
557 if (*ppos + size > avail) {
558 rev->last_read = rev->ns->revision;
559 *ppos = 0;
560 }
561 mutex_unlock(&rev->ns->lock);
562
563 return simple_read_from_buffer(buf, size, ppos, buffer, avail);
564}
565
566static int ns_revision_open(struct inode *inode, struct file *file)
567{
568 struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL);
569
570 if (!rev)
571 return -ENOMEM;
572
573 rev->ns = aa_get_ns(inode->i_private);
574 if (!rev->ns)
575 rev->ns = aa_get_current_ns();
576 file->private_data = rev;
577
578 return 0;
579}
580
581static __poll_t ns_revision_poll(struct file *file, poll_table *pt)
582{
583 struct aa_revision *rev = file->private_data;
584 __poll_t mask = 0;
585
586 if (rev) {
587 mutex_lock_nested(&rev->ns->lock, rev->ns->level);
588 poll_wait(file, &rev->ns->wait, pt);
589 if (rev->last_read < rev->ns->revision)
590 mask |= EPOLLIN | EPOLLRDNORM;
591 mutex_unlock(&rev->ns->lock);
592 }
593
594 return mask;
595}
596
597void __aa_bump_ns_revision(struct aa_ns *ns)
598{
599 WRITE_ONCE(ns->revision, READ_ONCE(ns->revision) + 1);
600 wake_up_interruptible(&ns->wait);
601}
602
603static const struct file_operations aa_fs_ns_revision_fops = {
604 .owner = THIS_MODULE,
605 .open = ns_revision_open,
606 .poll = ns_revision_poll,
607 .read = ns_revision_read,
608 .llseek = generic_file_llseek,
609 .release = ns_revision_release,
610};
611
612static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
613 const char *match_str, size_t match_len)
614{
615 struct aa_ruleset *rules = list_first_entry(&profile->rules,
616 typeof(*rules), list);
617 struct aa_perms tmp = { };
618 aa_state_t state = DFA_NOMATCH;
619
620 if (profile_unconfined(profile))
621 return;
622 if (rules->file->dfa && *match_str == AA_CLASS_FILE) {
623 state = aa_dfa_match_len(rules->file->dfa,
624 rules->file->start[AA_CLASS_FILE],
625 match_str + 1, match_len - 1);
626 if (state) {
627 struct path_cond cond = { };
628
629 tmp = *(aa_lookup_fperms(rules->file, state, &cond));
630 }
631 } else if (rules->policy->dfa) {
632 if (!RULE_MEDIATES(rules, *match_str))
633 return; /* no change to current perms */
634 state = aa_dfa_match_len(rules->policy->dfa,
635 rules->policy->start[0],
636 match_str, match_len);
637 if (state)
638 tmp = *aa_lookup_perms(rules->policy, state);
639 }
640 aa_apply_modes_to_perms(profile, &tmp);
641 aa_perms_accum_raw(perms, &tmp);
642}
643
644
645/**
646 * query_data - queries a policy and writes its data to buf
647 * @buf: the resulting data is stored here (NOT NULL)
648 * @buf_len: size of buf
649 * @query: query string used to retrieve data
650 * @query_len: size of query including second NUL byte
651 *
652 * The buffers pointed to by buf and query may overlap. The query buffer is
653 * parsed before buf is written to.
654 *
655 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
656 * the security confinement context and <KEY> is the name of the data to
657 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
658 *
659 * Don't expect the contents of buf to be preserved on failure.
660 *
661 * Returns: number of characters written to buf or -errno on failure
662 */
663static ssize_t query_data(char *buf, size_t buf_len,
664 char *query, size_t query_len)
665{
666 char *out;
667 const char *key;
668 struct label_it i;
669 struct aa_label *label, *curr;
670 struct aa_profile *profile;
671 struct aa_data *data;
672 u32 bytes, blocks;
673 __le32 outle32;
674
675 if (!query_len)
676 return -EINVAL; /* need a query */
677
678 key = query + strnlen(query, query_len) + 1;
679 if (key + 1 >= query + query_len)
680 return -EINVAL; /* not enough space for a non-empty key */
681 if (key + strnlen(key, query + query_len - key) >= query + query_len)
682 return -EINVAL; /* must end with NUL */
683
684 if (buf_len < sizeof(bytes) + sizeof(blocks))
685 return -EINVAL; /* not enough space */
686
687 curr = begin_current_label_crit_section();
688 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
689 end_current_label_crit_section(curr);
690 if (IS_ERR(label))
691 return PTR_ERR(label);
692
693 /* We are going to leave space for two numbers. The first is the total
694 * number of bytes we are writing after the first number. This is so
695 * users can read the full output without reallocation.
696 *
697 * The second number is the number of data blocks we're writing. An
698 * application might be confined by multiple policies having data in
699 * the same key.
700 */
701 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
702 out = buf + sizeof(bytes) + sizeof(blocks);
703
704 blocks = 0;
705 label_for_each_confined(i, label, profile) {
706 if (!profile->data)
707 continue;
708
709 data = rhashtable_lookup_fast(profile->data, &key,
710 profile->data->p);
711
712 if (data) {
713 if (out + sizeof(outle32) + data->size > buf +
714 buf_len) {
715 aa_put_label(label);
716 return -EINVAL; /* not enough space */
717 }
718 outle32 = __cpu_to_le32(data->size);
719 memcpy(out, &outle32, sizeof(outle32));
720 out += sizeof(outle32);
721 memcpy(out, data->data, data->size);
722 out += data->size;
723 blocks++;
724 }
725 }
726 aa_put_label(label);
727
728 outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
729 memcpy(buf, &outle32, sizeof(outle32));
730 outle32 = __cpu_to_le32(blocks);
731 memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
732
733 return out - buf;
734}
735
736/**
737 * query_label - queries a label and writes permissions to buf
738 * @buf: the resulting permissions string is stored here (NOT NULL)
739 * @buf_len: size of buf
740 * @query: binary query string to match against the dfa
741 * @query_len: size of query
742 * @view_only: only compute for querier's view
743 *
744 * The buffers pointed to by buf and query may overlap. The query buffer is
745 * parsed before buf is written to.
746 *
747 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
748 * the name of the label, in the current namespace, that is to be queried and
749 * DFA_STRING is a binary string to match against the label(s)'s DFA.
750 *
751 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
752 * but must *not* be NUL terminated.
753 *
754 * Returns: number of characters written to buf or -errno on failure
755 */
756static ssize_t query_label(char *buf, size_t buf_len,
757 char *query, size_t query_len, bool view_only)
758{
759 struct aa_profile *profile;
760 struct aa_label *label, *curr;
761 char *label_name, *match_str;
762 size_t label_name_len, match_len;
763 struct aa_perms perms;
764 struct label_it i;
765
766 if (!query_len)
767 return -EINVAL;
768
769 label_name = query;
770 label_name_len = strnlen(query, query_len);
771 if (!label_name_len || label_name_len == query_len)
772 return -EINVAL;
773
774 /**
775 * The extra byte is to account for the null byte between the
776 * profile name and dfa string. profile_name_len is greater
777 * than zero and less than query_len, so a byte can be safely
778 * added or subtracted.
779 */
780 match_str = label_name + label_name_len + 1;
781 match_len = query_len - label_name_len - 1;
782
783 curr = begin_current_label_crit_section();
784 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
785 end_current_label_crit_section(curr);
786 if (IS_ERR(label))
787 return PTR_ERR(label);
788
789 perms = allperms;
790 if (view_only) {
791 label_for_each_in_ns(i, labels_ns(label), label, profile) {
792 profile_query_cb(profile, &perms, match_str, match_len);
793 }
794 } else {
795 label_for_each(i, label, profile) {
796 profile_query_cb(profile, &perms, match_str, match_len);
797 }
798 }
799 aa_put_label(label);
800
801 return scnprintf(buf, buf_len,
802 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
803 perms.allow, perms.deny, perms.audit, perms.quiet);
804}
805
806/*
807 * Transaction based IO.
808 * The file expects a write which triggers the transaction, and then
809 * possibly a read(s) which collects the result - which is stored in a
810 * file-local buffer. Once a new write is performed, a new set of results
811 * are stored in the file-local buffer.
812 */
813struct multi_transaction {
814 struct kref count;
815 ssize_t size;
816 char data[];
817};
818
819#define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction))
820
821static void multi_transaction_kref(struct kref *kref)
822{
823 struct multi_transaction *t;
824
825 t = container_of(kref, struct multi_transaction, count);
826 free_page((unsigned long) t);
827}
828
829static struct multi_transaction *
830get_multi_transaction(struct multi_transaction *t)
831{
832 if (t)
833 kref_get(&(t->count));
834
835 return t;
836}
837
838static void put_multi_transaction(struct multi_transaction *t)
839{
840 if (t)
841 kref_put(&(t->count), multi_transaction_kref);
842}
843
844/* does not increment @new's count */
845static void multi_transaction_set(struct file *file,
846 struct multi_transaction *new, size_t n)
847{
848 struct multi_transaction *old;
849
850 AA_BUG(n > MULTI_TRANSACTION_LIMIT);
851
852 new->size = n;
853 spin_lock(&file->f_lock);
854 old = (struct multi_transaction *) file->private_data;
855 file->private_data = new;
856 spin_unlock(&file->f_lock);
857 put_multi_transaction(old);
858}
859
860static struct multi_transaction *multi_transaction_new(struct file *file,
861 const char __user *buf,
862 size_t size)
863{
864 struct multi_transaction *t;
865
866 if (size > MULTI_TRANSACTION_LIMIT - 1)
867 return ERR_PTR(-EFBIG);
868
869 t = (struct multi_transaction *)get_zeroed_page(GFP_KERNEL);
870 if (!t)
871 return ERR_PTR(-ENOMEM);
872 kref_init(&t->count);
873 if (copy_from_user(t->data, buf, size)) {
874 put_multi_transaction(t);
875 return ERR_PTR(-EFAULT);
876 }
877
878 return t;
879}
880
881static ssize_t multi_transaction_read(struct file *file, char __user *buf,
882 size_t size, loff_t *pos)
883{
884 struct multi_transaction *t;
885 ssize_t ret;
886
887 spin_lock(&file->f_lock);
888 t = get_multi_transaction(file->private_data);
889 spin_unlock(&file->f_lock);
890
891 if (!t)
892 return 0;
893
894 ret = simple_read_from_buffer(buf, size, pos, t->data, t->size);
895 put_multi_transaction(t);
896
897 return ret;
898}
899
900static int multi_transaction_release(struct inode *inode, struct file *file)
901{
902 put_multi_transaction(file->private_data);
903
904 return 0;
905}
906
907#define QUERY_CMD_LABEL "label\0"
908#define QUERY_CMD_LABEL_LEN 6
909#define QUERY_CMD_PROFILE "profile\0"
910#define QUERY_CMD_PROFILE_LEN 8
911#define QUERY_CMD_LABELALL "labelall\0"
912#define QUERY_CMD_LABELALL_LEN 9
913#define QUERY_CMD_DATA "data\0"
914#define QUERY_CMD_DATA_LEN 5
915
916/**
917 * aa_write_access - generic permissions and data query
918 * @file: pointer to open apparmorfs/access file
919 * @ubuf: user buffer containing the complete query string (NOT NULL)
920 * @count: size of ubuf
921 * @ppos: position in the file (MUST BE ZERO)
922 *
923 * Allows for one permissions or data query per open(), write(), and read()
924 * sequence. The only queries currently supported are label-based queries for
925 * permissions or data.
926 *
927 * For permissions queries, ubuf must begin with "label\0", followed by the
928 * profile query specific format described in the query_label() function
929 * documentation.
930 *
931 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
932 * <LABEL> is the name of the security confinement context and <KEY> is the
933 * name of the data to retrieve.
934 *
935 * Returns: number of bytes written or -errno on failure
936 */
937static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
938 size_t count, loff_t *ppos)
939{
940 struct multi_transaction *t;
941 ssize_t len;
942
943 if (*ppos)
944 return -ESPIPE;
945
946 t = multi_transaction_new(file, ubuf, count);
947 if (IS_ERR(t))
948 return PTR_ERR(t);
949
950 if (count > QUERY_CMD_PROFILE_LEN &&
951 !memcmp(t->data, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
952 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
953 t->data + QUERY_CMD_PROFILE_LEN,
954 count - QUERY_CMD_PROFILE_LEN, true);
955 } else if (count > QUERY_CMD_LABEL_LEN &&
956 !memcmp(t->data, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
957 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
958 t->data + QUERY_CMD_LABEL_LEN,
959 count - QUERY_CMD_LABEL_LEN, true);
960 } else if (count > QUERY_CMD_LABELALL_LEN &&
961 !memcmp(t->data, QUERY_CMD_LABELALL,
962 QUERY_CMD_LABELALL_LEN)) {
963 len = query_label(t->data, MULTI_TRANSACTION_LIMIT,
964 t->data + QUERY_CMD_LABELALL_LEN,
965 count - QUERY_CMD_LABELALL_LEN, false);
966 } else if (count > QUERY_CMD_DATA_LEN &&
967 !memcmp(t->data, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
968 len = query_data(t->data, MULTI_TRANSACTION_LIMIT,
969 t->data + QUERY_CMD_DATA_LEN,
970 count - QUERY_CMD_DATA_LEN);
971 } else
972 len = -EINVAL;
973
974 if (len < 0) {
975 put_multi_transaction(t);
976 return len;
977 }
978
979 multi_transaction_set(file, t, len);
980
981 return count;
982}
983
984static const struct file_operations aa_sfs_access = {
985 .write = aa_write_access,
986 .read = multi_transaction_read,
987 .release = multi_transaction_release,
988 .llseek = generic_file_llseek,
989};
990
991static int aa_sfs_seq_show(struct seq_file *seq, void *v)
992{
993 struct aa_sfs_entry *fs_file = seq->private;
994
995 if (!fs_file)
996 return 0;
997
998 switch (fs_file->v_type) {
999 case AA_SFS_TYPE_BOOLEAN:
1000 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
1001 break;
1002 case AA_SFS_TYPE_STRING:
1003 seq_printf(seq, "%s\n", fs_file->v.string);
1004 break;
1005 case AA_SFS_TYPE_U64:
1006 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
1007 break;
1008 default:
1009 /* Ignore unpritable entry types. */
1010 break;
1011 }
1012
1013 return 0;
1014}
1015
1016static int aa_sfs_seq_open(struct inode *inode, struct file *file)
1017{
1018 return single_open(file, aa_sfs_seq_show, inode->i_private);
1019}
1020
1021const struct file_operations aa_sfs_seq_file_ops = {
1022 .owner = THIS_MODULE,
1023 .open = aa_sfs_seq_open,
1024 .read = seq_read,
1025 .llseek = seq_lseek,
1026 .release = single_release,
1027};
1028
1029/*
1030 * profile based file operations
1031 * policy/profiles/XXXX/profiles/ *
1032 */
1033
1034#define SEQ_PROFILE_FOPS(NAME) \
1035static int seq_profile_ ##NAME ##_open(struct inode *inode, struct file *file)\
1036{ \
1037 return seq_profile_open(inode, file, seq_profile_ ##NAME ##_show); \
1038} \
1039 \
1040static const struct file_operations seq_profile_ ##NAME ##_fops = { \
1041 .owner = THIS_MODULE, \
1042 .open = seq_profile_ ##NAME ##_open, \
1043 .read = seq_read, \
1044 .llseek = seq_lseek, \
1045 .release = seq_profile_release, \
1046} \
1047
1048static int seq_profile_open(struct inode *inode, struct file *file,
1049 int (*show)(struct seq_file *, void *))
1050{
1051 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
1052 int error = single_open(file, show, proxy);
1053
1054 if (error) {
1055 file->private_data = NULL;
1056 aa_put_proxy(proxy);
1057 }
1058
1059 return error;
1060}
1061
1062static int seq_profile_release(struct inode *inode, struct file *file)
1063{
1064 struct seq_file *seq = (struct seq_file *) file->private_data;
1065 if (seq)
1066 aa_put_proxy(seq->private);
1067 return single_release(inode, file);
1068}
1069
1070static int seq_profile_name_show(struct seq_file *seq, void *v)
1071{
1072 struct aa_proxy *proxy = seq->private;
1073 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1074 struct aa_profile *profile = labels_profile(label);
1075 seq_printf(seq, "%s\n", profile->base.name);
1076 aa_put_label(label);
1077
1078 return 0;
1079}
1080
1081static int seq_profile_mode_show(struct seq_file *seq, void *v)
1082{
1083 struct aa_proxy *proxy = seq->private;
1084 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1085 struct aa_profile *profile = labels_profile(label);
1086 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
1087 aa_put_label(label);
1088
1089 return 0;
1090}
1091
1092static int seq_profile_attach_show(struct seq_file *seq, void *v)
1093{
1094 struct aa_proxy *proxy = seq->private;
1095 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1096 struct aa_profile *profile = labels_profile(label);
1097 if (profile->attach.xmatch_str)
1098 seq_printf(seq, "%s\n", profile->attach.xmatch_str);
1099 else if (profile->attach.xmatch->dfa)
1100 seq_puts(seq, "<unknown>\n");
1101 else
1102 seq_printf(seq, "%s\n", profile->base.name);
1103 aa_put_label(label);
1104
1105 return 0;
1106}
1107
1108static int seq_profile_hash_show(struct seq_file *seq, void *v)
1109{
1110 struct aa_proxy *proxy = seq->private;
1111 struct aa_label *label = aa_get_label_rcu(&proxy->label);
1112 struct aa_profile *profile = labels_profile(label);
1113 unsigned int i, size = aa_hash_size();
1114
1115 if (profile->hash) {
1116 for (i = 0; i < size; i++)
1117 seq_printf(seq, "%.2x", profile->hash[i]);
1118 seq_putc(seq, '\n');
1119 }
1120 aa_put_label(label);
1121
1122 return 0;
1123}
1124
1125SEQ_PROFILE_FOPS(name);
1126SEQ_PROFILE_FOPS(mode);
1127SEQ_PROFILE_FOPS(attach);
1128SEQ_PROFILE_FOPS(hash);
1129
1130/*
1131 * namespace based files
1132 * several root files and
1133 * policy/ *
1134 */
1135
1136#define SEQ_NS_FOPS(NAME) \
1137static int seq_ns_ ##NAME ##_open(struct inode *inode, struct file *file) \
1138{ \
1139 return single_open(file, seq_ns_ ##NAME ##_show, inode->i_private); \
1140} \
1141 \
1142static const struct file_operations seq_ns_ ##NAME ##_fops = { \
1143 .owner = THIS_MODULE, \
1144 .open = seq_ns_ ##NAME ##_open, \
1145 .read = seq_read, \
1146 .llseek = seq_lseek, \
1147 .release = single_release, \
1148} \
1149
1150static int seq_ns_stacked_show(struct seq_file *seq, void *v)
1151{
1152 struct aa_label *label;
1153
1154 label = begin_current_label_crit_section();
1155 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
1156 end_current_label_crit_section(label);
1157
1158 return 0;
1159}
1160
1161static int seq_ns_nsstacked_show(struct seq_file *seq, void *v)
1162{
1163 struct aa_label *label;
1164 struct aa_profile *profile;
1165 struct label_it it;
1166 int count = 1;
1167
1168 label = begin_current_label_crit_section();
1169
1170 if (label->size > 1) {
1171 label_for_each(it, label, profile)
1172 if (profile->ns != labels_ns(label)) {
1173 count++;
1174 break;
1175 }
1176 }
1177
1178 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
1179 end_current_label_crit_section(label);
1180
1181 return 0;
1182}
1183
1184static int seq_ns_level_show(struct seq_file *seq, void *v)
1185{
1186 struct aa_label *label;
1187
1188 label = begin_current_label_crit_section();
1189 seq_printf(seq, "%d\n", labels_ns(label)->level);
1190 end_current_label_crit_section(label);
1191
1192 return 0;
1193}
1194
1195static int seq_ns_name_show(struct seq_file *seq, void *v)
1196{
1197 struct aa_label *label = begin_current_label_crit_section();
1198 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
1199 end_current_label_crit_section(label);
1200
1201 return 0;
1202}
1203
1204static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
1205{
1206 seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
1207 return 0;
1208}
1209
1210static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
1211{
1212 seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
1213 return 0;
1214}
1215
1216SEQ_NS_FOPS(stacked);
1217SEQ_NS_FOPS(nsstacked);
1218SEQ_NS_FOPS(level);
1219SEQ_NS_FOPS(name);
1220SEQ_NS_FOPS(compress_min);
1221SEQ_NS_FOPS(compress_max);
1222
1223
1224/* policy/raw_data/ * file ops */
1225#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1226#define SEQ_RAWDATA_FOPS(NAME) \
1227static int seq_rawdata_ ##NAME ##_open(struct inode *inode, struct file *file)\
1228{ \
1229 return seq_rawdata_open(inode, file, seq_rawdata_ ##NAME ##_show); \
1230} \
1231 \
1232static const struct file_operations seq_rawdata_ ##NAME ##_fops = { \
1233 .owner = THIS_MODULE, \
1234 .open = seq_rawdata_ ##NAME ##_open, \
1235 .read = seq_read, \
1236 .llseek = seq_lseek, \
1237 .release = seq_rawdata_release, \
1238} \
1239
1240static int seq_rawdata_open(struct inode *inode, struct file *file,
1241 int (*show)(struct seq_file *, void *))
1242{
1243 struct aa_loaddata *data = __aa_get_loaddata(inode->i_private);
1244 int error;
1245
1246 if (!data)
1247 /* lost race this ent is being reaped */
1248 return -ENOENT;
1249
1250 error = single_open(file, show, data);
1251 if (error) {
1252 AA_BUG(file->private_data &&
1253 ((struct seq_file *)file->private_data)->private);
1254 aa_put_loaddata(data);
1255 }
1256
1257 return error;
1258}
1259
1260static int seq_rawdata_release(struct inode *inode, struct file *file)
1261{
1262 struct seq_file *seq = (struct seq_file *) file->private_data;
1263
1264 if (seq)
1265 aa_put_loaddata(seq->private);
1266
1267 return single_release(inode, file);
1268}
1269
1270static int seq_rawdata_abi_show(struct seq_file *seq, void *v)
1271{
1272 struct aa_loaddata *data = seq->private;
1273
1274 seq_printf(seq, "v%d\n", data->abi);
1275
1276 return 0;
1277}
1278
1279static int seq_rawdata_revision_show(struct seq_file *seq, void *v)
1280{
1281 struct aa_loaddata *data = seq->private;
1282
1283 seq_printf(seq, "%ld\n", data->revision);
1284
1285 return 0;
1286}
1287
1288static int seq_rawdata_hash_show(struct seq_file *seq, void *v)
1289{
1290 struct aa_loaddata *data = seq->private;
1291 unsigned int i, size = aa_hash_size();
1292
1293 if (data->hash) {
1294 for (i = 0; i < size; i++)
1295 seq_printf(seq, "%.2x", data->hash[i]);
1296 seq_putc(seq, '\n');
1297 }
1298
1299 return 0;
1300}
1301
1302static int seq_rawdata_compressed_size_show(struct seq_file *seq, void *v)
1303{
1304 struct aa_loaddata *data = seq->private;
1305
1306 seq_printf(seq, "%zu\n", data->compressed_size);
1307
1308 return 0;
1309}
1310
1311SEQ_RAWDATA_FOPS(abi);
1312SEQ_RAWDATA_FOPS(revision);
1313SEQ_RAWDATA_FOPS(hash);
1314SEQ_RAWDATA_FOPS(compressed_size);
1315
1316static int decompress_zstd(char *src, size_t slen, char *dst, size_t dlen)
1317{
1318 if (slen < dlen) {
1319 const size_t wksp_len = zstd_dctx_workspace_bound();
1320 zstd_dctx *ctx;
1321 void *wksp;
1322 size_t out_len;
1323 int ret = 0;
1324
1325 wksp = kvzalloc(wksp_len, GFP_KERNEL);
1326 if (!wksp) {
1327 ret = -ENOMEM;
1328 goto cleanup;
1329 }
1330 ctx = zstd_init_dctx(wksp, wksp_len);
1331 if (ctx == NULL) {
1332 ret = -ENOMEM;
1333 goto cleanup;
1334 }
1335 out_len = zstd_decompress_dctx(ctx, dst, dlen, src, slen);
1336 if (zstd_is_error(out_len)) {
1337 ret = -EINVAL;
1338 goto cleanup;
1339 }
1340cleanup:
1341 kvfree(wksp);
1342 return ret;
1343 }
1344
1345 if (dlen < slen)
1346 return -EINVAL;
1347 memcpy(dst, src, slen);
1348 return 0;
1349}
1350
1351static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
1352 loff_t *ppos)
1353{
1354 struct rawdata_f_data *private = file->private_data;
1355
1356 return simple_read_from_buffer(buf, size, ppos,
1357 RAWDATA_F_DATA_BUF(private),
1358 private->loaddata->size);
1359}
1360
1361static int rawdata_release(struct inode *inode, struct file *file)
1362{
1363 rawdata_f_data_free(file->private_data);
1364
1365 return 0;
1366}
1367
1368static int rawdata_open(struct inode *inode, struct file *file)
1369{
1370 int error;
1371 struct aa_loaddata *loaddata;
1372 struct rawdata_f_data *private;
1373
1374 if (!aa_current_policy_view_capable(NULL))
1375 return -EACCES;
1376
1377 loaddata = __aa_get_loaddata(inode->i_private);
1378 if (!loaddata)
1379 /* lost race: this entry is being reaped */
1380 return -ENOENT;
1381
1382 private = rawdata_f_data_alloc(loaddata->size);
1383 if (IS_ERR(private)) {
1384 error = PTR_ERR(private);
1385 goto fail_private_alloc;
1386 }
1387
1388 private->loaddata = loaddata;
1389
1390 error = decompress_zstd(loaddata->data, loaddata->compressed_size,
1391 RAWDATA_F_DATA_BUF(private),
1392 loaddata->size);
1393 if (error)
1394 goto fail_decompress;
1395
1396 file->private_data = private;
1397 return 0;
1398
1399fail_decompress:
1400 rawdata_f_data_free(private);
1401 return error;
1402
1403fail_private_alloc:
1404 aa_put_loaddata(loaddata);
1405 return error;
1406}
1407
1408static const struct file_operations rawdata_fops = {
1409 .open = rawdata_open,
1410 .read = rawdata_read,
1411 .llseek = generic_file_llseek,
1412 .release = rawdata_release,
1413};
1414
1415static void remove_rawdata_dents(struct aa_loaddata *rawdata)
1416{
1417 int i;
1418
1419 for (i = 0; i < AAFS_LOADDATA_NDENTS; i++) {
1420 if (!IS_ERR_OR_NULL(rawdata->dents[i])) {
1421 /* no refcounts on i_private */
1422 aafs_remove(rawdata->dents[i]);
1423 rawdata->dents[i] = NULL;
1424 }
1425 }
1426}
1427
1428void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
1429{
1430 AA_BUG(rawdata->ns && !mutex_is_locked(&rawdata->ns->lock));
1431
1432 if (rawdata->ns) {
1433 remove_rawdata_dents(rawdata);
1434 list_del_init(&rawdata->list);
1435 aa_put_ns(rawdata->ns);
1436 rawdata->ns = NULL;
1437 }
1438}
1439
1440int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata)
1441{
1442 struct dentry *dent, *dir;
1443
1444 AA_BUG(!ns);
1445 AA_BUG(!rawdata);
1446 AA_BUG(!mutex_is_locked(&ns->lock));
1447 AA_BUG(!ns_subdata_dir(ns));
1448
1449 /*
1450 * just use ns revision dir was originally created at. This is
1451 * under ns->lock and if load is successful revision will be
1452 * bumped and is guaranteed to be unique
1453 */
1454 rawdata->name = kasprintf(GFP_KERNEL, "%ld", ns->revision);
1455 if (!rawdata->name)
1456 return -ENOMEM;
1457
1458 dir = aafs_create_dir(rawdata->name, ns_subdata_dir(ns));
1459 if (IS_ERR(dir))
1460 /* ->name freed when rawdata freed */
1461 return PTR_ERR(dir);
1462 rawdata->dents[AAFS_LOADDATA_DIR] = dir;
1463
1464 dent = aafs_create_file("abi", S_IFREG | 0444, dir, rawdata,
1465 &seq_rawdata_abi_fops);
1466 if (IS_ERR(dent))
1467 goto fail;
1468 rawdata->dents[AAFS_LOADDATA_ABI] = dent;
1469
1470 dent = aafs_create_file("revision", S_IFREG | 0444, dir, rawdata,
1471 &seq_rawdata_revision_fops);
1472 if (IS_ERR(dent))
1473 goto fail;
1474 rawdata->dents[AAFS_LOADDATA_REVISION] = dent;
1475
1476 if (aa_g_hash_policy) {
1477 dent = aafs_create_file("sha256", S_IFREG | 0444, dir,
1478 rawdata, &seq_rawdata_hash_fops);
1479 if (IS_ERR(dent))
1480 goto fail;
1481 rawdata->dents[AAFS_LOADDATA_HASH] = dent;
1482 }
1483
1484 dent = aafs_create_file("compressed_size", S_IFREG | 0444, dir,
1485 rawdata,
1486 &seq_rawdata_compressed_size_fops);
1487 if (IS_ERR(dent))
1488 goto fail;
1489 rawdata->dents[AAFS_LOADDATA_COMPRESSED_SIZE] = dent;
1490
1491 dent = aafs_create_file("raw_data", S_IFREG | 0444,
1492 dir, rawdata, &rawdata_fops);
1493 if (IS_ERR(dent))
1494 goto fail;
1495 rawdata->dents[AAFS_LOADDATA_DATA] = dent;
1496 d_inode(dent)->i_size = rawdata->size;
1497
1498 rawdata->ns = aa_get_ns(ns);
1499 list_add(&rawdata->list, &ns->rawdata_list);
1500 /* no refcount on inode rawdata */
1501
1502 return 0;
1503
1504fail:
1505 remove_rawdata_dents(rawdata);
1506
1507 return PTR_ERR(dent);
1508}
1509#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1510
1511
1512/** fns to setup dynamic per profile/namespace files **/
1513
1514/*
1515 *
1516 * Requires: @profile->ns->lock held
1517 */
1518void __aafs_profile_rmdir(struct aa_profile *profile)
1519{
1520 struct aa_profile *child;
1521 int i;
1522
1523 if (!profile)
1524 return;
1525
1526 list_for_each_entry(child, &profile->base.profiles, base.list)
1527 __aafs_profile_rmdir(child);
1528
1529 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
1530 struct aa_proxy *proxy;
1531 if (!profile->dents[i])
1532 continue;
1533
1534 proxy = d_inode(profile->dents[i])->i_private;
1535 aafs_remove(profile->dents[i]);
1536 aa_put_proxy(proxy);
1537 profile->dents[i] = NULL;
1538 }
1539}
1540
1541/*
1542 *
1543 * Requires: @old->ns->lock held
1544 */
1545void __aafs_profile_migrate_dents(struct aa_profile *old,
1546 struct aa_profile *new)
1547{
1548 int i;
1549
1550 AA_BUG(!old);
1551 AA_BUG(!new);
1552 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
1553
1554 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
1555 new->dents[i] = old->dents[i];
1556 if (new->dents[i]) {
1557 struct inode *inode = d_inode(new->dents[i]);
1558
1559 inode_set_mtime_to_ts(inode,
1560 inode_set_ctime_current(inode));
1561 }
1562 old->dents[i] = NULL;
1563 }
1564}
1565
1566static struct dentry *create_profile_file(struct dentry *dir, const char *name,
1567 struct aa_profile *profile,
1568 const struct file_operations *fops)
1569{
1570 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
1571 struct dentry *dent;
1572
1573 dent = aafs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
1574 if (IS_ERR(dent))
1575 aa_put_proxy(proxy);
1576
1577 return dent;
1578}
1579
1580#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1581static int profile_depth(struct aa_profile *profile)
1582{
1583 int depth = 0;
1584
1585 rcu_read_lock();
1586 for (depth = 0; profile; profile = rcu_access_pointer(profile->parent))
1587 depth++;
1588 rcu_read_unlock();
1589
1590 return depth;
1591}
1592
1593static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
1594{
1595 char *buffer, *s;
1596 int error;
1597 int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
1598
1599 s = buffer = kmalloc(size, GFP_KERNEL);
1600 if (!buffer)
1601 return ERR_PTR(-ENOMEM);
1602
1603 for (; depth > 0; depth--) {
1604 strcpy(s, "../../");
1605 s += 6;
1606 size -= 6;
1607 }
1608
1609 error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
1610 if (error >= size || error < 0) {
1611 kfree(buffer);
1612 return ERR_PTR(-ENAMETOOLONG);
1613 }
1614
1615 return buffer;
1616}
1617
1618static const char *rawdata_get_link_base(struct dentry *dentry,
1619 struct inode *inode,
1620 struct delayed_call *done,
1621 const char *name)
1622{
1623 struct aa_proxy *proxy = inode->i_private;
1624 struct aa_label *label;
1625 struct aa_profile *profile;
1626 char *target;
1627 int depth;
1628
1629 if (!dentry)
1630 return ERR_PTR(-ECHILD);
1631
1632 label = aa_get_label_rcu(&proxy->label);
1633 profile = labels_profile(label);
1634 depth = profile_depth(profile);
1635 target = gen_symlink_name(depth, profile->rawdata->name, name);
1636 aa_put_label(label);
1637
1638 if (IS_ERR(target))
1639 return target;
1640
1641 set_delayed_call(done, kfree_link, target);
1642
1643 return target;
1644}
1645
1646static const char *rawdata_get_link_sha256(struct dentry *dentry,
1647 struct inode *inode,
1648 struct delayed_call *done)
1649{
1650 return rawdata_get_link_base(dentry, inode, done, "sha256");
1651}
1652
1653static const char *rawdata_get_link_abi(struct dentry *dentry,
1654 struct inode *inode,
1655 struct delayed_call *done)
1656{
1657 return rawdata_get_link_base(dentry, inode, done, "abi");
1658}
1659
1660static const char *rawdata_get_link_data(struct dentry *dentry,
1661 struct inode *inode,
1662 struct delayed_call *done)
1663{
1664 return rawdata_get_link_base(dentry, inode, done, "raw_data");
1665}
1666
1667static const struct inode_operations rawdata_link_sha256_iops = {
1668 .get_link = rawdata_get_link_sha256,
1669};
1670
1671static const struct inode_operations rawdata_link_abi_iops = {
1672 .get_link = rawdata_get_link_abi,
1673};
1674static const struct inode_operations rawdata_link_data_iops = {
1675 .get_link = rawdata_get_link_data,
1676};
1677#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1678
1679/*
1680 * Requires: @profile->ns->lock held
1681 */
1682int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
1683{
1684 struct aa_profile *child;
1685 struct dentry *dent = NULL, *dir;
1686 int error;
1687
1688 AA_BUG(!profile);
1689 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
1690
1691 if (!parent) {
1692 struct aa_profile *p;
1693 p = aa_deref_parent(profile);
1694 dent = prof_dir(p);
1695 /* adding to parent that previously didn't have children */
1696 dent = aafs_create_dir("profiles", dent);
1697 if (IS_ERR(dent))
1698 goto fail;
1699 prof_child_dir(p) = parent = dent;
1700 }
1701
1702 if (!profile->dirname) {
1703 int len, id_len;
1704 len = mangle_name(profile->base.name, NULL);
1705 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
1706
1707 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
1708 if (!profile->dirname) {
1709 error = -ENOMEM;
1710 goto fail2;
1711 }
1712
1713 mangle_name(profile->base.name, profile->dirname);
1714 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
1715 }
1716
1717 dent = aafs_create_dir(profile->dirname, parent);
1718 if (IS_ERR(dent))
1719 goto fail;
1720 prof_dir(profile) = dir = dent;
1721
1722 dent = create_profile_file(dir, "name", profile,
1723 &seq_profile_name_fops);
1724 if (IS_ERR(dent))
1725 goto fail;
1726 profile->dents[AAFS_PROF_NAME] = dent;
1727
1728 dent = create_profile_file(dir, "mode", profile,
1729 &seq_profile_mode_fops);
1730 if (IS_ERR(dent))
1731 goto fail;
1732 profile->dents[AAFS_PROF_MODE] = dent;
1733
1734 dent = create_profile_file(dir, "attach", profile,
1735 &seq_profile_attach_fops);
1736 if (IS_ERR(dent))
1737 goto fail;
1738 profile->dents[AAFS_PROF_ATTACH] = dent;
1739
1740 if (profile->hash) {
1741 dent = create_profile_file(dir, "sha256", profile,
1742 &seq_profile_hash_fops);
1743 if (IS_ERR(dent))
1744 goto fail;
1745 profile->dents[AAFS_PROF_HASH] = dent;
1746 }
1747
1748#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
1749 if (profile->rawdata) {
1750 if (aa_g_hash_policy) {
1751 dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir,
1752 profile->label.proxy, NULL, NULL,
1753 &rawdata_link_sha256_iops);
1754 if (IS_ERR(dent))
1755 goto fail;
1756 aa_get_proxy(profile->label.proxy);
1757 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1758 }
1759 dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,
1760 profile->label.proxy, NULL, NULL,
1761 &rawdata_link_abi_iops);
1762 if (IS_ERR(dent))
1763 goto fail;
1764 aa_get_proxy(profile->label.proxy);
1765 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1766
1767 dent = aafs_create("raw_data", S_IFLNK | 0444, dir,
1768 profile->label.proxy, NULL, NULL,
1769 &rawdata_link_data_iops);
1770 if (IS_ERR(dent))
1771 goto fail;
1772 aa_get_proxy(profile->label.proxy);
1773 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1774 }
1775#endif /*CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
1776
1777 list_for_each_entry(child, &profile->base.profiles, base.list) {
1778 error = __aafs_profile_mkdir(child, prof_child_dir(profile));
1779 if (error)
1780 goto fail2;
1781 }
1782
1783 return 0;
1784
1785fail:
1786 error = PTR_ERR(dent);
1787
1788fail2:
1789 __aafs_profile_rmdir(profile);
1790
1791 return error;
1792}
1793
1794static int ns_mkdir_op(struct mnt_idmap *idmap, struct inode *dir,
1795 struct dentry *dentry, umode_t mode)
1796{
1797 struct aa_ns *ns, *parent;
1798 /* TODO: improve permission check */
1799 struct aa_label *label;
1800 int error;
1801
1802 label = begin_current_label_crit_section();
1803 error = aa_may_manage_policy(current_cred(), label, NULL,
1804 AA_MAY_LOAD_POLICY);
1805 end_current_label_crit_section(label);
1806 if (error)
1807 return error;
1808
1809 parent = aa_get_ns(dir->i_private);
1810 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1811
1812 /* we have to unlock and then relock to get locking order right
1813 * for pin_fs
1814 */
1815 inode_unlock(dir);
1816 error = simple_pin_fs(&aafs_ops, &aafs_mnt, &aafs_count);
1817 mutex_lock_nested(&parent->lock, parent->level);
1818 inode_lock_nested(dir, I_MUTEX_PARENT);
1819 if (error)
1820 goto out;
1821
1822 error = __aafs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1823 NULL, NULL, NULL);
1824 if (error)
1825 goto out_pin;
1826
1827 ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
1828 dentry);
1829 if (IS_ERR(ns)) {
1830 error = PTR_ERR(ns);
1831 ns = NULL;
1832 }
1833
1834 aa_put_ns(ns); /* list ref remains */
1835out_pin:
1836 if (error)
1837 simple_release_fs(&aafs_mnt, &aafs_count);
1838out:
1839 mutex_unlock(&parent->lock);
1840 aa_put_ns(parent);
1841
1842 return error;
1843}
1844
1845static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1846{
1847 struct aa_ns *ns, *parent;
1848 /* TODO: improve permission check */
1849 struct aa_label *label;
1850 int error;
1851
1852 label = begin_current_label_crit_section();
1853 error = aa_may_manage_policy(current_cred(), label, NULL,
1854 AA_MAY_LOAD_POLICY);
1855 end_current_label_crit_section(label);
1856 if (error)
1857 return error;
1858
1859 parent = aa_get_ns(dir->i_private);
1860 /* rmdir calls the generic securityfs functions to remove files
1861 * from the apparmor dir. It is up to the apparmor ns locking
1862 * to avoid races.
1863 */
1864 inode_unlock(dir);
1865 inode_unlock(dentry->d_inode);
1866
1867 mutex_lock_nested(&parent->lock, parent->level);
1868 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1869 dentry->d_name.len));
1870 if (!ns) {
1871 error = -ENOENT;
1872 goto out;
1873 }
1874 AA_BUG(ns_dir(ns) != dentry);
1875
1876 __aa_remove_ns(ns);
1877 aa_put_ns(ns);
1878
1879out:
1880 mutex_unlock(&parent->lock);
1881 inode_lock_nested(dir, I_MUTEX_PARENT);
1882 inode_lock(dentry->d_inode);
1883 aa_put_ns(parent);
1884
1885 return error;
1886}
1887
1888static const struct inode_operations ns_dir_inode_operations = {
1889 .lookup = simple_lookup,
1890 .mkdir = ns_mkdir_op,
1891 .rmdir = ns_rmdir_op,
1892};
1893
1894static void __aa_fs_list_remove_rawdata(struct aa_ns *ns)
1895{
1896 struct aa_loaddata *ent, *tmp;
1897
1898 AA_BUG(!mutex_is_locked(&ns->lock));
1899
1900 list_for_each_entry_safe(ent, tmp, &ns->rawdata_list, list)
1901 __aa_fs_remove_rawdata(ent);
1902}
1903
1904/*
1905 *
1906 * Requires: @ns->lock held
1907 */
1908void __aafs_ns_rmdir(struct aa_ns *ns)
1909{
1910 struct aa_ns *sub;
1911 struct aa_profile *child;
1912 int i;
1913
1914 if (!ns)
1915 return;
1916 AA_BUG(!mutex_is_locked(&ns->lock));
1917
1918 list_for_each_entry(child, &ns->base.profiles, base.list)
1919 __aafs_profile_rmdir(child);
1920
1921 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1922 mutex_lock_nested(&sub->lock, sub->level);
1923 __aafs_ns_rmdir(sub);
1924 mutex_unlock(&sub->lock);
1925 }
1926
1927 __aa_fs_list_remove_rawdata(ns);
1928
1929 if (ns_subns_dir(ns)) {
1930 sub = d_inode(ns_subns_dir(ns))->i_private;
1931 aa_put_ns(sub);
1932 }
1933 if (ns_subload(ns)) {
1934 sub = d_inode(ns_subload(ns))->i_private;
1935 aa_put_ns(sub);
1936 }
1937 if (ns_subreplace(ns)) {
1938 sub = d_inode(ns_subreplace(ns))->i_private;
1939 aa_put_ns(sub);
1940 }
1941 if (ns_subremove(ns)) {
1942 sub = d_inode(ns_subremove(ns))->i_private;
1943 aa_put_ns(sub);
1944 }
1945 if (ns_subrevision(ns)) {
1946 sub = d_inode(ns_subrevision(ns))->i_private;
1947 aa_put_ns(sub);
1948 }
1949
1950 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1951 aafs_remove(ns->dents[i]);
1952 ns->dents[i] = NULL;
1953 }
1954}
1955
1956/* assumes cleanup in caller */
1957static int __aafs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1958{
1959 struct dentry *dent;
1960
1961 AA_BUG(!ns);
1962 AA_BUG(!dir);
1963
1964 dent = aafs_create_dir("profiles", dir);
1965 if (IS_ERR(dent))
1966 return PTR_ERR(dent);
1967 ns_subprofs_dir(ns) = dent;
1968
1969 dent = aafs_create_dir("raw_data", dir);
1970 if (IS_ERR(dent))
1971 return PTR_ERR(dent);
1972 ns_subdata_dir(ns) = dent;
1973
1974 dent = aafs_create_file("revision", 0444, dir, ns,
1975 &aa_fs_ns_revision_fops);
1976 if (IS_ERR(dent))
1977 return PTR_ERR(dent);
1978 aa_get_ns(ns);
1979 ns_subrevision(ns) = dent;
1980
1981 dent = aafs_create_file(".load", 0640, dir, ns,
1982 &aa_fs_profile_load);
1983 if (IS_ERR(dent))
1984 return PTR_ERR(dent);
1985 aa_get_ns(ns);
1986 ns_subload(ns) = dent;
1987
1988 dent = aafs_create_file(".replace", 0640, dir, ns,
1989 &aa_fs_profile_replace);
1990 if (IS_ERR(dent))
1991 return PTR_ERR(dent);
1992 aa_get_ns(ns);
1993 ns_subreplace(ns) = dent;
1994
1995 dent = aafs_create_file(".remove", 0640, dir, ns,
1996 &aa_fs_profile_remove);
1997 if (IS_ERR(dent))
1998 return PTR_ERR(dent);
1999 aa_get_ns(ns);
2000 ns_subremove(ns) = dent;
2001
2002 /* use create_dentry so we can supply private data */
2003 dent = aafs_create("namespaces", S_IFDIR | 0755, dir, ns, NULL, NULL,
2004 &ns_dir_inode_operations);
2005 if (IS_ERR(dent))
2006 return PTR_ERR(dent);
2007 aa_get_ns(ns);
2008 ns_subns_dir(ns) = dent;
2009
2010 return 0;
2011}
2012
2013/*
2014 * Requires: @ns->lock held
2015 */
2016int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
2017 struct dentry *dent)
2018{
2019 struct aa_ns *sub;
2020 struct aa_profile *child;
2021 struct dentry *dir;
2022 int error;
2023
2024 AA_BUG(!ns);
2025 AA_BUG(!parent);
2026 AA_BUG(!mutex_is_locked(&ns->lock));
2027
2028 if (!name)
2029 name = ns->base.name;
2030
2031 if (!dent) {
2032 /* create ns dir if it doesn't already exist */
2033 dent = aafs_create_dir(name, parent);
2034 if (IS_ERR(dent))
2035 goto fail;
2036 } else
2037 dget(dent);
2038 ns_dir(ns) = dir = dent;
2039 error = __aafs_ns_mkdir_entries(ns, dir);
2040 if (error)
2041 goto fail2;
2042
2043 /* profiles */
2044 list_for_each_entry(child, &ns->base.profiles, base.list) {
2045 error = __aafs_profile_mkdir(child, ns_subprofs_dir(ns));
2046 if (error)
2047 goto fail2;
2048 }
2049
2050 /* subnamespaces */
2051 list_for_each_entry(sub, &ns->sub_ns, base.list) {
2052 mutex_lock_nested(&sub->lock, sub->level);
2053 error = __aafs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
2054 mutex_unlock(&sub->lock);
2055 if (error)
2056 goto fail2;
2057 }
2058
2059 return 0;
2060
2061fail:
2062 error = PTR_ERR(dent);
2063
2064fail2:
2065 __aafs_ns_rmdir(ns);
2066
2067 return error;
2068}
2069
2070/**
2071 * __next_ns - find the next namespace to list
2072 * @root: root namespace to stop search at (NOT NULL)
2073 * @ns: current ns position (NOT NULL)
2074 *
2075 * Find the next namespace from @ns under @root and handle all locking needed
2076 * while switching current namespace.
2077 *
2078 * Returns: next namespace or NULL if at last namespace under @root
2079 * Requires: ns->parent->lock to be held
2080 * NOTE: will not unlock root->lock
2081 */
2082static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
2083{
2084 struct aa_ns *parent, *next;
2085
2086 AA_BUG(!root);
2087 AA_BUG(!ns);
2088 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
2089
2090 /* is next namespace a child */
2091 if (!list_empty(&ns->sub_ns)) {
2092 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
2093 mutex_lock_nested(&next->lock, next->level);
2094 return next;
2095 }
2096
2097 /* check if the next ns is a sibling, parent, gp, .. */
2098 parent = ns->parent;
2099 while (ns != root) {
2100 mutex_unlock(&ns->lock);
2101 next = list_next_entry(ns, base.list);
2102 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
2103 mutex_lock_nested(&next->lock, next->level);
2104 return next;
2105 }
2106 ns = parent;
2107 parent = parent->parent;
2108 }
2109
2110 return NULL;
2111}
2112
2113/**
2114 * __first_profile - find the first profile in a namespace
2115 * @root: namespace that is root of profiles being displayed (NOT NULL)
2116 * @ns: namespace to start in (NOT NULL)
2117 *
2118 * Returns: unrefcounted profile or NULL if no profile
2119 * Requires: profile->ns.lock to be held
2120 */
2121static struct aa_profile *__first_profile(struct aa_ns *root,
2122 struct aa_ns *ns)
2123{
2124 AA_BUG(!root);
2125 AA_BUG(ns && !mutex_is_locked(&ns->lock));
2126
2127 for (; ns; ns = __next_ns(root, ns)) {
2128 if (!list_empty(&ns->base.profiles))
2129 return list_first_entry(&ns->base.profiles,
2130 struct aa_profile, base.list);
2131 }
2132 return NULL;
2133}
2134
2135/**
2136 * __next_profile - step to the next profile in a profile tree
2137 * @p: current profile in tree (NOT NULL)
2138 *
2139 * Perform a depth first traversal on the profile tree in a namespace
2140 *
2141 * Returns: next profile or NULL if done
2142 * Requires: profile->ns.lock to be held
2143 */
2144static struct aa_profile *__next_profile(struct aa_profile *p)
2145{
2146 struct aa_profile *parent;
2147 struct aa_ns *ns = p->ns;
2148
2149 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
2150
2151 /* is next profile a child */
2152 if (!list_empty(&p->base.profiles))
2153 return list_first_entry(&p->base.profiles, typeof(*p),
2154 base.list);
2155
2156 /* is next profile a sibling, parent sibling, gp, sibling, .. */
2157 parent = rcu_dereference_protected(p->parent,
2158 mutex_is_locked(&p->ns->lock));
2159 while (parent) {
2160 p = list_next_entry(p, base.list);
2161 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
2162 return p;
2163 p = parent;
2164 parent = rcu_dereference_protected(parent->parent,
2165 mutex_is_locked(&parent->ns->lock));
2166 }
2167
2168 /* is next another profile in the namespace */
2169 p = list_next_entry(p, base.list);
2170 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
2171 return p;
2172
2173 return NULL;
2174}
2175
2176/**
2177 * next_profile - step to the next profile in where ever it may be
2178 * @root: root namespace (NOT NULL)
2179 * @profile: current profile (NOT NULL)
2180 *
2181 * Returns: next profile or NULL if there isn't one
2182 */
2183static struct aa_profile *next_profile(struct aa_ns *root,
2184 struct aa_profile *profile)
2185{
2186 struct aa_profile *next = __next_profile(profile);
2187 if (next)
2188 return next;
2189
2190 /* finished all profiles in namespace move to next namespace */
2191 return __first_profile(root, __next_ns(root, profile->ns));
2192}
2193
2194/**
2195 * p_start - start a depth first traversal of profile tree
2196 * @f: seq_file to fill
2197 * @pos: current position
2198 *
2199 * Returns: first profile under current namespace or NULL if none found
2200 *
2201 * acquires first ns->lock
2202 */
2203static void *p_start(struct seq_file *f, loff_t *pos)
2204{
2205 struct aa_profile *profile = NULL;
2206 struct aa_ns *root = aa_get_current_ns();
2207 loff_t l = *pos;
2208 f->private = root;
2209
2210 /* find the first profile */
2211 mutex_lock_nested(&root->lock, root->level);
2212 profile = __first_profile(root, root);
2213
2214 /* skip to position */
2215 for (; profile && l > 0; l--)
2216 profile = next_profile(root, profile);
2217
2218 return profile;
2219}
2220
2221/**
2222 * p_next - read the next profile entry
2223 * @f: seq_file to fill
2224 * @p: profile previously returned
2225 * @pos: current position
2226 *
2227 * Returns: next profile after @p or NULL if none
2228 *
2229 * may acquire/release locks in namespace tree as necessary
2230 */
2231static void *p_next(struct seq_file *f, void *p, loff_t *pos)
2232{
2233 struct aa_profile *profile = p;
2234 struct aa_ns *ns = f->private;
2235 (*pos)++;
2236
2237 return next_profile(ns, profile);
2238}
2239
2240/**
2241 * p_stop - stop depth first traversal
2242 * @f: seq_file we are filling
2243 * @p: the last profile writen
2244 *
2245 * Release all locking done by p_start/p_next on namespace tree
2246 */
2247static void p_stop(struct seq_file *f, void *p)
2248{
2249 struct aa_profile *profile = p;
2250 struct aa_ns *root = f->private, *ns;
2251
2252 if (profile) {
2253 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
2254 mutex_unlock(&ns->lock);
2255 }
2256 mutex_unlock(&root->lock);
2257 aa_put_ns(root);
2258}
2259
2260/**
2261 * seq_show_profile - show a profile entry
2262 * @f: seq_file to file
2263 * @p: current position (profile) (NOT NULL)
2264 *
2265 * Returns: error on failure
2266 */
2267static int seq_show_profile(struct seq_file *f, void *p)
2268{
2269 struct aa_profile *profile = (struct aa_profile *)p;
2270 struct aa_ns *root = f->private;
2271
2272 aa_label_seq_xprint(f, root, &profile->label,
2273 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
2274 seq_putc(f, '\n');
2275
2276 return 0;
2277}
2278
2279static const struct seq_operations aa_sfs_profiles_op = {
2280 .start = p_start,
2281 .next = p_next,
2282 .stop = p_stop,
2283 .show = seq_show_profile,
2284};
2285
2286static int profiles_open(struct inode *inode, struct file *file)
2287{
2288 if (!aa_current_policy_view_capable(NULL))
2289 return -EACCES;
2290
2291 return seq_open(file, &aa_sfs_profiles_op);
2292}
2293
2294static int profiles_release(struct inode *inode, struct file *file)
2295{
2296 return seq_release(inode, file);
2297}
2298
2299static const struct file_operations aa_sfs_profiles_fops = {
2300 .open = profiles_open,
2301 .read = seq_read,
2302 .llseek = seq_lseek,
2303 .release = profiles_release,
2304};
2305
2306
2307/** Base file system setup **/
2308static struct aa_sfs_entry aa_sfs_entry_file[] = {
2309 AA_SFS_FILE_STRING("mask",
2310 "create read write exec append mmap_exec link lock"),
2311 { }
2312};
2313
2314static struct aa_sfs_entry aa_sfs_entry_ptrace[] = {
2315 AA_SFS_FILE_STRING("mask", "read trace"),
2316 { }
2317};
2318
2319static struct aa_sfs_entry aa_sfs_entry_signal[] = {
2320 AA_SFS_FILE_STRING("mask", AA_SFS_SIG_MASK),
2321 { }
2322};
2323
2324static struct aa_sfs_entry aa_sfs_entry_attach[] = {
2325 AA_SFS_FILE_BOOLEAN("xattr", 1),
2326 { }
2327};
2328static struct aa_sfs_entry aa_sfs_entry_domain[] = {
2329 AA_SFS_FILE_BOOLEAN("change_hat", 1),
2330 AA_SFS_FILE_BOOLEAN("change_hatv", 1),
2331 AA_SFS_FILE_BOOLEAN("change_onexec", 1),
2332 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2333 AA_SFS_FILE_BOOLEAN("stack", 1),
2334 AA_SFS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
2335 AA_SFS_FILE_BOOLEAN("post_nnp_subset", 1),
2336 AA_SFS_FILE_BOOLEAN("computed_longest_left", 1),
2337 AA_SFS_DIR("attach_conditions", aa_sfs_entry_attach),
2338 AA_SFS_FILE_BOOLEAN("disconnected.path", 1),
2339 AA_SFS_FILE_STRING("version", "1.2"),
2340 { }
2341};
2342
2343static struct aa_sfs_entry aa_sfs_entry_unconfined[] = {
2344 AA_SFS_FILE_BOOLEAN("change_profile", 1),
2345 { }
2346};
2347
2348static struct aa_sfs_entry aa_sfs_entry_versions[] = {
2349 AA_SFS_FILE_BOOLEAN("v5", 1),
2350 AA_SFS_FILE_BOOLEAN("v6", 1),
2351 AA_SFS_FILE_BOOLEAN("v7", 1),
2352 AA_SFS_FILE_BOOLEAN("v8", 1),
2353 AA_SFS_FILE_BOOLEAN("v9", 1),
2354 { }
2355};
2356
2357#define PERMS32STR "allow deny subtree cond kill complain prompt audit quiet hide xindex tag label"
2358static struct aa_sfs_entry aa_sfs_entry_policy[] = {
2359 AA_SFS_DIR("versions", aa_sfs_entry_versions),
2360 AA_SFS_FILE_BOOLEAN("set_load", 1),
2361 /* number of out of band transitions supported */
2362 AA_SFS_FILE_U64("outofband", MAX_OOB_SUPPORTED),
2363 AA_SFS_FILE_U64("permstable32_version", 1),
2364 AA_SFS_FILE_STRING("permstable32", PERMS32STR),
2365 AA_SFS_DIR("unconfined_restrictions", aa_sfs_entry_unconfined),
2366 { }
2367};
2368
2369static struct aa_sfs_entry aa_sfs_entry_mount[] = {
2370 AA_SFS_FILE_STRING("mask", "mount umount pivot_root"),
2371 AA_SFS_FILE_STRING("move_mount", "detached"),
2372 { }
2373};
2374
2375static struct aa_sfs_entry aa_sfs_entry_ns[] = {
2376 AA_SFS_FILE_BOOLEAN("profile", 1),
2377 AA_SFS_FILE_BOOLEAN("pivot_root", 0),
2378 AA_SFS_FILE_STRING("mask", "userns_create"),
2379 { }
2380};
2381
2382static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
2383 AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
2384 AA_SFS_FILE_BOOLEAN("data", 1),
2385 AA_SFS_FILE_BOOLEAN("multi_transaction", 1),
2386 { }
2387};
2388
2389static struct aa_sfs_entry aa_sfs_entry_query[] = {
2390 AA_SFS_DIR("label", aa_sfs_entry_query_label),
2391 { }
2392};
2393
2394static struct aa_sfs_entry aa_sfs_entry_io_uring[] = {
2395 AA_SFS_FILE_STRING("mask", "sqpoll override_creds"),
2396 { }
2397};
2398
2399static struct aa_sfs_entry aa_sfs_entry_features[] = {
2400 AA_SFS_DIR("policy", aa_sfs_entry_policy),
2401 AA_SFS_DIR("domain", aa_sfs_entry_domain),
2402 AA_SFS_DIR("file", aa_sfs_entry_file),
2403 AA_SFS_DIR("network_v8", aa_sfs_entry_network),
2404 AA_SFS_DIR("mount", aa_sfs_entry_mount),
2405 AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
2406 AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
2407 AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit),
2408 AA_SFS_DIR("caps", aa_sfs_entry_caps),
2409 AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
2410 AA_SFS_DIR("signal", aa_sfs_entry_signal),
2411 AA_SFS_DIR("query", aa_sfs_entry_query),
2412 AA_SFS_DIR("io_uring", aa_sfs_entry_io_uring),
2413 { }
2414};
2415
2416static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
2417 AA_SFS_FILE_FOPS(".access", 0666, &aa_sfs_access),
2418 AA_SFS_FILE_FOPS(".stacked", 0444, &seq_ns_stacked_fops),
2419 AA_SFS_FILE_FOPS(".ns_stacked", 0444, &seq_ns_nsstacked_fops),
2420 AA_SFS_FILE_FOPS(".ns_level", 0444, &seq_ns_level_fops),
2421 AA_SFS_FILE_FOPS(".ns_name", 0444, &seq_ns_name_fops),
2422 AA_SFS_FILE_FOPS("profiles", 0444, &aa_sfs_profiles_fops),
2423 AA_SFS_FILE_FOPS("raw_data_compression_level_min", 0444, &seq_ns_compress_min_fops),
2424 AA_SFS_FILE_FOPS("raw_data_compression_level_max", 0444, &seq_ns_compress_max_fops),
2425 AA_SFS_DIR("features", aa_sfs_entry_features),
2426 { }
2427};
2428
2429static struct aa_sfs_entry aa_sfs_entry =
2430 AA_SFS_DIR("apparmor", aa_sfs_entry_apparmor);
2431
2432/**
2433 * entry_create_file - create a file entry in the apparmor securityfs
2434 * @fs_file: aa_sfs_entry to build an entry for (NOT NULL)
2435 * @parent: the parent dentry in the securityfs
2436 *
2437 * Use entry_remove_file to remove entries created with this fn.
2438 */
2439static int __init entry_create_file(struct aa_sfs_entry *fs_file,
2440 struct dentry *parent)
2441{
2442 int error = 0;
2443
2444 fs_file->dentry = securityfs_create_file(fs_file->name,
2445 S_IFREG | fs_file->mode,
2446 parent, fs_file,
2447 fs_file->file_ops);
2448 if (IS_ERR(fs_file->dentry)) {
2449 error = PTR_ERR(fs_file->dentry);
2450 fs_file->dentry = NULL;
2451 }
2452 return error;
2453}
2454
2455static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir);
2456/**
2457 * entry_create_dir - recursively create a directory entry in the securityfs
2458 * @fs_dir: aa_sfs_entry (and all child entries) to build (NOT NULL)
2459 * @parent: the parent dentry in the securityfs
2460 *
2461 * Use entry_remove_dir to remove entries created with this fn.
2462 */
2463static int __init entry_create_dir(struct aa_sfs_entry *fs_dir,
2464 struct dentry *parent)
2465{
2466 struct aa_sfs_entry *fs_file;
2467 struct dentry *dir;
2468 int error;
2469
2470 dir = securityfs_create_dir(fs_dir->name, parent);
2471 if (IS_ERR(dir))
2472 return PTR_ERR(dir);
2473 fs_dir->dentry = dir;
2474
2475 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2476 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2477 error = entry_create_dir(fs_file, fs_dir->dentry);
2478 else
2479 error = entry_create_file(fs_file, fs_dir->dentry);
2480 if (error)
2481 goto failed;
2482 }
2483
2484 return 0;
2485
2486failed:
2487 entry_remove_dir(fs_dir);
2488
2489 return error;
2490}
2491
2492/**
2493 * entry_remove_file - drop a single file entry in the apparmor securityfs
2494 * @fs_file: aa_sfs_entry to detach from the securityfs (NOT NULL)
2495 */
2496static void __init entry_remove_file(struct aa_sfs_entry *fs_file)
2497{
2498 if (!fs_file->dentry)
2499 return;
2500
2501 securityfs_remove(fs_file->dentry);
2502 fs_file->dentry = NULL;
2503}
2504
2505/**
2506 * entry_remove_dir - recursively drop a directory entry from the securityfs
2507 * @fs_dir: aa_sfs_entry (and all child entries) to detach (NOT NULL)
2508 */
2509static void __init entry_remove_dir(struct aa_sfs_entry *fs_dir)
2510{
2511 struct aa_sfs_entry *fs_file;
2512
2513 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
2514 if (fs_file->v_type == AA_SFS_TYPE_DIR)
2515 entry_remove_dir(fs_file);
2516 else
2517 entry_remove_file(fs_file);
2518 }
2519
2520 entry_remove_file(fs_dir);
2521}
2522
2523/**
2524 * aa_destroy_aafs - cleanup and free aafs
2525 *
2526 * releases dentries allocated by aa_create_aafs
2527 */
2528void __init aa_destroy_aafs(void)
2529{
2530 entry_remove_dir(&aa_sfs_entry);
2531}
2532
2533
2534#define NULL_FILE_NAME ".null"
2535struct path aa_null;
2536
2537static int aa_mk_null_file(struct dentry *parent)
2538{
2539 struct vfsmount *mount = NULL;
2540 struct dentry *dentry;
2541 struct inode *inode;
2542 int count = 0;
2543 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
2544
2545 if (error)
2546 return error;
2547
2548 inode_lock(d_inode(parent));
2549 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
2550 if (IS_ERR(dentry)) {
2551 error = PTR_ERR(dentry);
2552 goto out;
2553 }
2554 inode = new_inode(parent->d_inode->i_sb);
2555 if (!inode) {
2556 error = -ENOMEM;
2557 goto out1;
2558 }
2559
2560 inode->i_ino = get_next_ino();
2561 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
2562 simple_inode_init_ts(inode);
2563 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
2564 MKDEV(MEM_MAJOR, 3));
2565 d_instantiate(dentry, inode);
2566 aa_null.dentry = dget(dentry);
2567 aa_null.mnt = mntget(mount);
2568
2569 error = 0;
2570
2571out1:
2572 dput(dentry);
2573out:
2574 inode_unlock(d_inode(parent));
2575 simple_release_fs(&mount, &count);
2576 return error;
2577}
2578
2579
2580
2581static const char *policy_get_link(struct dentry *dentry,
2582 struct inode *inode,
2583 struct delayed_call *done)
2584{
2585 struct aa_ns *ns;
2586 struct path path;
2587 int error;
2588
2589 if (!dentry)
2590 return ERR_PTR(-ECHILD);
2591
2592 ns = aa_get_current_ns();
2593 path.mnt = mntget(aafs_mnt);
2594 path.dentry = dget(ns_dir(ns));
2595 error = nd_jump_link(&path);
2596 aa_put_ns(ns);
2597
2598 return ERR_PTR(error);
2599}
2600
2601static int policy_readlink(struct dentry *dentry, char __user *buffer,
2602 int buflen)
2603{
2604 char name[32];
2605 int res;
2606
2607 res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
2608 d_inode(dentry)->i_ino);
2609 if (res > 0 && res < sizeof(name))
2610 res = readlink_copy(buffer, buflen, name);
2611 else
2612 res = -ENOENT;
2613
2614 return res;
2615}
2616
2617static const struct inode_operations policy_link_iops = {
2618 .readlink = policy_readlink,
2619 .get_link = policy_get_link,
2620};
2621
2622
2623/**
2624 * aa_create_aafs - create the apparmor security filesystem
2625 *
2626 * dentries created here are released by aa_destroy_aafs
2627 *
2628 * Returns: error on failure
2629 */
2630static int __init aa_create_aafs(void)
2631{
2632 struct dentry *dent;
2633 int error;
2634
2635 if (!apparmor_initialized)
2636 return 0;
2637
2638 if (aa_sfs_entry.dentry) {
2639 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
2640 return -EEXIST;
2641 }
2642
2643 /* setup apparmorfs used to virtualize policy/ */
2644 aafs_mnt = kern_mount(&aafs_ops);
2645 if (IS_ERR(aafs_mnt))
2646 panic("can't set apparmorfs up\n");
2647 aafs_mnt->mnt_sb->s_flags &= ~SB_NOUSER;
2648
2649 /* Populate fs tree. */
2650 error = entry_create_dir(&aa_sfs_entry, NULL);
2651 if (error)
2652 goto error;
2653
2654 dent = securityfs_create_file(".load", 0666, aa_sfs_entry.dentry,
2655 NULL, &aa_fs_profile_load);
2656 if (IS_ERR(dent))
2657 goto dent_error;
2658 ns_subload(root_ns) = dent;
2659
2660 dent = securityfs_create_file(".replace", 0666, aa_sfs_entry.dentry,
2661 NULL, &aa_fs_profile_replace);
2662 if (IS_ERR(dent))
2663 goto dent_error;
2664 ns_subreplace(root_ns) = dent;
2665
2666 dent = securityfs_create_file(".remove", 0666, aa_sfs_entry.dentry,
2667 NULL, &aa_fs_profile_remove);
2668 if (IS_ERR(dent))
2669 goto dent_error;
2670 ns_subremove(root_ns) = dent;
2671
2672 dent = securityfs_create_file("revision", 0444, aa_sfs_entry.dentry,
2673 NULL, &aa_fs_ns_revision_fops);
2674 if (IS_ERR(dent))
2675 goto dent_error;
2676 ns_subrevision(root_ns) = dent;
2677
2678 /* policy tree referenced by magic policy symlink */
2679 mutex_lock_nested(&root_ns->lock, root_ns->level);
2680 error = __aafs_ns_mkdir(root_ns, aafs_mnt->mnt_root, ".policy",
2681 aafs_mnt->mnt_root);
2682 mutex_unlock(&root_ns->lock);
2683 if (error)
2684 goto error;
2685
2686 /* magic symlink similar to nsfs redirects based on task policy */
2687 dent = securityfs_create_symlink("policy", aa_sfs_entry.dentry,
2688 NULL, &policy_link_iops);
2689 if (IS_ERR(dent))
2690 goto dent_error;
2691
2692 error = aa_mk_null_file(aa_sfs_entry.dentry);
2693 if (error)
2694 goto error;
2695
2696 /* TODO: add default profile to apparmorfs */
2697
2698 /* Report that AppArmor fs is enabled */
2699 aa_info_message("AppArmor Filesystem Enabled");
2700 return 0;
2701
2702dent_error:
2703 error = PTR_ERR(dent);
2704error:
2705 aa_destroy_aafs();
2706 AA_ERROR("Error creating AppArmor securityfs\n");
2707 return error;
2708}
2709
2710fs_initcall(aa_create_aafs);