search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tracing: Enable comm recording if trace_printk() is used
[linux-2.6.git] / security / apparmor / apparmorfs.c
blob16c15ec6f67078238d25e10f3ea6fc3b7e243b88
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/security.h>
16 #include <linux/vmalloc.h>
17 #include <linux/module.h>
18 #include <linux/seq_file.h>
19 #include <linux/uaccess.h>
20 #include <linux/namei.h>
21 #include <linux/capability.h>
22
23 #include "include/apparmor.h"
24 #include "include/apparmorfs.h"
25 #include "include/audit.h"
26 #include "include/context.h"
27 #include "include/policy.h"
28 #include "include/resource.h"
29
30 /**
31 * aa_simple_write_to_buffer - common routine for getting policy from user
32 * @op: operation doing the user buffer copy
33 * @userbuf: user buffer to copy data from (NOT NULL)
34 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
35 * @copy_size: size of data to copy from user buffer
36 * @pos: position write is at in the file (NOT NULL)
37 *
38 * Returns: kernel buffer containing copy of user buffer data or an
39 * ERR_PTR on failure.
40 */
41 static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
42 size_t alloc_size, size_t copy_size,
43 loff_t *pos)
44 {
45 char *data;
46
47 BUG_ON(copy_size > alloc_size);
48
49 if (*pos != 0)
50 /* only writes from pos 0, that is complete writes */
51 return ERR_PTR(-ESPIPE);
52
53 /*
54 * Don't allow profile load/replace/remove from profiles that don't
55 * have CAP_MAC_ADMIN
56 */
57 if (!aa_may_manage_policy(op))
58 return ERR_PTR(-EACCES);
59
60 /* freed by caller to simple_write_to_buffer */
61 data = kvmalloc(alloc_size);
62 if (data == NULL)
63 return ERR_PTR(-ENOMEM);
64
65 if (copy_from_user(data, userbuf, copy_size)) {
66 kvfree(data);
67 return ERR_PTR(-EFAULT);
68 }
69
70 return data;
71 }
72
73
74 /* .load file hook fn to load policy */
75 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
76 loff_t *pos)
77 {
78 char *data;
79 ssize_t error;
80
81 data = aa_simple_write_to_buffer(OP_PROF_LOAD, buf, size, size, pos);
82
83 error = PTR_ERR(data);
84 if (!IS_ERR(data)) {
85 error = aa_replace_profiles(data, size, PROF_ADD);
86 kvfree(data);
87 }
88
89 return error;
90 }
91
92 static const struct file_operations aa_fs_profile_load = {
93 .write = profile_load,
94 .llseek = default_llseek,
95 };
96
97 /* .replace file hook fn to load and/or replace policy */
98 static ssize_t profile_replace(struct file *f, const char __user *buf,
99 size_t size, loff_t *pos)
100 {
101 char *data;
102 ssize_t error;
103
104 data = aa_simple_write_to_buffer(OP_PROF_REPL, buf, size, size, pos);
105 error = PTR_ERR(data);
106 if (!IS_ERR(data)) {
107 error = aa_replace_profiles(data, size, PROF_REPLACE);
108 kvfree(data);
109 }
110
111 return error;
112 }
113
114 static const struct file_operations aa_fs_profile_replace = {
115 .write = profile_replace,
116 .llseek = default_llseek,
117 };
118
119 /* .remove file hook fn to remove loaded policy */
120 static ssize_t profile_remove(struct file *f, const char __user *buf,
121 size_t size, loff_t *pos)
122 {
123 char *data;
124 ssize_t error;
125
126 /*
127 * aa_remove_profile needs a null terminated string so 1 extra
128 * byte is allocated and the copied data is null terminated.
129 */
130 data = aa_simple_write_to_buffer(OP_PROF_RM, buf, size + 1, size, pos);
131
132 error = PTR_ERR(data);
133 if (!IS_ERR(data)) {
134 data[size] = 0;
135 error = aa_remove_profiles(data, size);
136 kvfree(data);
137 }
138
139 return error;
140 }
141
142 static const struct file_operations aa_fs_profile_remove = {
143 .write = profile_remove,
144 .llseek = default_llseek,
145 };
146
147 static int aa_fs_seq_show(struct seq_file *seq, void *v)
148 {
149 struct aa_fs_entry *fs_file = seq->private;
150
151 if (!fs_file)
152 return 0;
153
154 switch (fs_file->v_type) {
155 case AA_FS_TYPE_BOOLEAN:
156 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
157 break;
158 case AA_FS_TYPE_STRING:
159 seq_printf(seq, "%s\n", fs_file->v.string);
160 break;
161 case AA_FS_TYPE_U64:
162 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
163 break;
164 default:
165 /* Ignore unpritable entry types. */
166 break;
167 }
168
169 return 0;
170 }
171
172 static int aa_fs_seq_open(struct inode *inode, struct file *file)
173 {
174 return single_open(file, aa_fs_seq_show, inode->i_private);
175 }
176
177 const struct file_operations aa_fs_seq_file_ops = {
178 .owner = THIS_MODULE,
179 .open = aa_fs_seq_open,
180 .read = seq_read,
181 .llseek = seq_lseek,
182 .release = single_release,
183 };
184
185 /** Base file system setup **/
186
187 static struct aa_fs_entry aa_fs_entry_file[] = {
188 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
189 "link lock"),
190 { }
191 };
192
193 static struct aa_fs_entry aa_fs_entry_domain[] = {
194 AA_FS_FILE_BOOLEAN("change_hat", 1),
195 AA_FS_FILE_BOOLEAN("change_hatv", 1),
196 AA_FS_FILE_BOOLEAN("change_onexec", 1),
197 AA_FS_FILE_BOOLEAN("change_profile", 1),
198 { }
199 };
200
201 static struct aa_fs_entry aa_fs_entry_features[] = {
202 AA_FS_DIR("domain", aa_fs_entry_domain),
203 AA_FS_DIR("file", aa_fs_entry_file),
204 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
205 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
206 { }
207 };
208
209 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
210 AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
211 AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
212 AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
213 AA_FS_DIR("features", aa_fs_entry_features),
214 { }
215 };
216
217 static struct aa_fs_entry aa_fs_entry =
218 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
219
220 /**
221 * aafs_create_file - create a file entry in the apparmor securityfs
222 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
223 * @parent: the parent dentry in the securityfs
224 *
225 * Use aafs_remove_file to remove entries created with this fn.
226 */
227 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
228 struct dentry *parent)
229 {
230 int error = 0;
231
232 fs_file->dentry = securityfs_create_file(fs_file->name,
233 S_IFREG | fs_file->mode,
234 parent, fs_file,
235 fs_file->file_ops);
236 if (IS_ERR(fs_file->dentry)) {
237 error = PTR_ERR(fs_file->dentry);
238 fs_file->dentry = NULL;
239 }
240 return error;
241 }
242
243 /**
244 * aafs_create_dir - recursively create a directory entry in the securityfs
245 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
246 * @parent: the parent dentry in the securityfs
247 *
248 * Use aafs_remove_dir to remove entries created with this fn.
249 */
250 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
251 struct dentry *parent)
252 {
253 int error;
254 struct aa_fs_entry *fs_file;
255
256 fs_dir->dentry = securityfs_create_dir(fs_dir->name, parent);
257 if (IS_ERR(fs_dir->dentry)) {
258 error = PTR_ERR(fs_dir->dentry);
259 fs_dir->dentry = NULL;
260 goto failed;
261 }
262
263 for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
264 if (fs_file->v_type == AA_FS_TYPE_DIR)
265 error = aafs_create_dir(fs_file, fs_dir->dentry);
266 else
267 error = aafs_create_file(fs_file, fs_dir->dentry);
268 if (error)
269 goto failed;
270 }
271
272 return 0;
273
274 failed:
275 return error;
276 }
277
278 /**
279 * aafs_remove_file - drop a single file entry in the apparmor securityfs
280 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
281 */
282 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
283 {
284 if (!fs_file->dentry)
285 return;
286
287 securityfs_remove(fs_file->dentry);
288 fs_file->dentry = NULL;
289 }
290
291 /**
292 * aafs_remove_dir - recursively drop a directory entry from the securityfs
293 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
294 */
295 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
296 {
297 struct aa_fs_entry *fs_file;
298
299 for (fs_file = fs_dir->v.files; fs_file->name; ++fs_file) {
300 if (fs_file->v_type == AA_FS_TYPE_DIR)
301 aafs_remove_dir(fs_file);
302 else
303 aafs_remove_file(fs_file);
304 }
305
306 aafs_remove_file(fs_dir);
307 }
308
309 /**
310 * aa_destroy_aafs - cleanup and free aafs
311 *
312 * releases dentries allocated by aa_create_aafs
313 */
314 void __init aa_destroy_aafs(void)
315 {
316 aafs_remove_dir(&aa_fs_entry);
317 }
318
319 /**
320 * aa_create_aafs - create the apparmor security filesystem
321 *
322 * dentries created here are released by aa_destroy_aafs
323 *
324 * Returns: error on failure
325 */
326 static int __init aa_create_aafs(void)
327 {
328 int error;
329
330 if (!apparmor_initialized)
331 return 0;
332
333 if (aa_fs_entry.dentry) {
334 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
335 return -EEXIST;
336 }
337
338 /* Populate fs tree. */
339 error = aafs_create_dir(&aa_fs_entry, NULL);
340 if (error)
341 goto error;
342
343 /* TODO: add support for apparmorfs_null and apparmorfs_mnt */
344
345 /* Report that AppArmor fs is enabled */
346 aa_info_message("AppArmor Filesystem Enabled");
347 return 0;
348
349 error:
350 aa_destroy_aafs();
351 AA_ERROR("Error creating AppArmor securityfs\n");
352 return error;
353 }
354
355 fs_initcall(aa_create_aafs);
Linus' kernel tree