Commit | Line | Data |
---|---|---|
cdff2642 JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor function for pathnames | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #include <linux/magic.h> | |
cdff2642 JJ |
16 | #include <linux/mount.h> |
17 | #include <linux/namei.h> | |
18 | #include <linux/nsproxy.h> | |
19 | #include <linux/path.h> | |
20 | #include <linux/sched.h> | |
21 | #include <linux/slab.h> | |
22 | #include <linux/fs_struct.h> | |
23 | ||
24 | #include "include/apparmor.h" | |
25 | #include "include/path.h" | |
26 | #include "include/policy.h" | |
27 | ||
28 | ||
29 | /* modified from dcache.c */ | |
30 | static int prepend(char **buffer, int buflen, const char *str, int namelen) | |
31 | { | |
32 | buflen -= namelen; | |
33 | if (buflen < 0) | |
34 | return -ENAMETOOLONG; | |
35 | *buffer -= namelen; | |
36 | memcpy(*buffer, str, namelen); | |
37 | return 0; | |
38 | } | |
39 | ||
40 | #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT) | |
41 | ||
42 | /** | |
43 | * d_namespace_path - lookup a name associated with a given path | |
44 | * @path: path to lookup (NOT NULL) | |
45 | * @buf: buffer to store path to (NOT NULL) | |
46 | * @buflen: length of @buf | |
47 | * @name: Returns - pointer for start of path name with in @buf (NOT NULL) | |
48 | * @flags: flags controlling path lookup | |
49 | * | |
50 | * Handle path name lookup. | |
51 | * | |
52 | * Returns: %0 else error code if path lookup fails | |
53 | * When no error the path name is returned in @name which points to | |
54 | * to a position in @buf | |
55 | */ | |
2c7661ff | 56 | static int d_namespace_path(const struct path *path, char *buf, int buflen, |
cdff2642 JJ |
57 | char **name, int flags) |
58 | { | |
cdff2642 | 59 | char *res; |
02125a82 AV |
60 | int error = 0; |
61 | int connected = 1; | |
cdff2642 | 62 | |
02125a82 AV |
63 | if (path->mnt->mnt_flags & MNT_INTERNAL) { |
64 | /* it's not mounted anywhere */ | |
65 | res = dentry_path(path->dentry, buf, buflen); | |
66 | *name = res; | |
67 | if (IS_ERR(res)) { | |
68 | *name = buf; | |
69 | return PTR_ERR(res); | |
70 | } | |
71 | if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC && | |
72 | strncmp(*name, "/sys/", 5) == 0) { | |
73 | /* TODO: convert over to using a per namespace | |
74 | * control instead of hard coded /proc | |
75 | */ | |
76 | return prepend(name, *name - buf, "/proc", 5); | |
77 | } | |
78 | return 0; | |
79 | } | |
80 | ||
81 | /* resolve paths relative to chroot?*/ | |
cdff2642 | 82 | if (flags & PATH_CHROOT_REL) { |
02125a82 | 83 | struct path root; |
44672e4f | 84 | get_fs_root(current->fs, &root); |
02125a82 | 85 | res = __d_path(path, &root, buf, buflen); |
02125a82 | 86 | path_put(&root); |
3372b68a | 87 | } else { |
28042fab | 88 | res = d_absolute_path(path, buf, buflen); |
3372b68a JJ |
89 | if (!our_mnt(path->mnt)) |
90 | connected = 0; | |
91 | } | |
cdff2642 | 92 | |
cdff2642 JJ |
93 | /* handle error conditions - and still allow a partial path to |
94 | * be returned. | |
95 | */ | |
3372b68a | 96 | if (!res || IS_ERR(res)) { |
cffee16e JJ |
97 | if (PTR_ERR(res) == -ENAMETOOLONG) |
98 | return -ENAMETOOLONG; | |
3372b68a | 99 | connected = 0; |
fbba8d89 JJ |
100 | res = dentry_path_raw(path->dentry, buf, buflen); |
101 | if (IS_ERR(res)) { | |
102 | error = PTR_ERR(res); | |
103 | *name = buf; | |
104 | goto out; | |
105 | }; | |
106 | } else if (!our_mnt(path->mnt)) | |
02125a82 | 107 | connected = 0; |
cdff2642 | 108 | |
fbba8d89 JJ |
109 | *name = res; |
110 | ||
e819ff51 JJ |
111 | /* Handle two cases: |
112 | * 1. A deleted dentry && profile is not allowing mediation of deleted | |
113 | * 2. On some filesystems, newly allocated dentries appear to the | |
114 | * security_path hooks as a deleted dentry except without an inode | |
115 | * allocated. | |
116 | */ | |
729b8a3d | 117 | if (d_unlinked(path->dentry) && d_is_positive(path->dentry) && |
e819ff51 | 118 | !(flags & PATH_MEDIATE_DELETED)) { |
cdff2642 JJ |
119 | error = -ENOENT; |
120 | goto out; | |
cdff2642 JJ |
121 | } |
122 | ||
02125a82 | 123 | /* If the path is not connected to the expected root, |
cdff2642 JJ |
124 | * check if it is a sysctl and handle specially else remove any |
125 | * leading / that __d_path may have returned. | |
126 | * Unless | |
127 | * specifically directed to connect the path, | |
128 | * OR | |
129 | * if in a chroot and doing chroot relative paths and the path | |
130 | * resolves to the namespace root (would be connected outside | |
131 | * of chroot) and specifically directed to connect paths to | |
132 | * namespace root. | |
133 | */ | |
134 | if (!connected) { | |
02125a82 | 135 | if (!(flags & PATH_CONNECT_PATH) && |
cdff2642 | 136 | !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && |
02125a82 | 137 | our_mnt(path->mnt))) { |
cdff2642 JJ |
138 | /* disconnected path, don't return pathname starting |
139 | * with '/' | |
140 | */ | |
ef9a7622 | 141 | error = -EACCES; |
cdff2642 JJ |
142 | if (*res == '/') |
143 | *name = res + 1; | |
144 | } | |
145 | } | |
146 | ||
147 | out: | |
cdff2642 JJ |
148 | return error; |
149 | } | |
150 | ||
151 | /** | |
152 | * get_name_to_buffer - get the pathname to a buffer ensure dir / is appended | |
153 | * @path: path to get name for (NOT NULL) | |
154 | * @flags: flags controlling path lookup | |
155 | * @buffer: buffer to put name in (NOT NULL) | |
156 | * @size: size of buffer | |
157 | * @name: Returns - contains position of path name in @buffer (NOT NULL) | |
158 | * | |
159 | * Returns: %0 else error on failure | |
160 | */ | |
2c7661ff | 161 | static int get_name_to_buffer(const struct path *path, int flags, char *buffer, |
57fa1e18 | 162 | int size, char **name, const char **info) |
cdff2642 JJ |
163 | { |
164 | int adjust = (flags & PATH_IS_DIR) ? 1 : 0; | |
165 | int error = d_namespace_path(path, buffer, size - adjust, name, flags); | |
166 | ||
167 | if (!error && (flags & PATH_IS_DIR) && (*name)[1] != '\0') | |
168 | /* | |
169 | * Append "/" to the pathname. The root directory is a special | |
170 | * case; it already ends in slash. | |
171 | */ | |
172 | strcpy(&buffer[size - 2], "/"); | |
173 | ||
57fa1e18 JJ |
174 | if (info && error) { |
175 | if (error == -ENOENT) | |
176 | *info = "Failed name lookup - deleted entry"; | |
e573cc30 | 177 | else if (error == -EACCES) |
57fa1e18 JJ |
178 | *info = "Failed name lookup - disconnected path"; |
179 | else if (error == -ENAMETOOLONG) | |
180 | *info = "Failed name lookup - name too long"; | |
181 | else | |
182 | *info = "Failed name lookup"; | |
183 | } | |
184 | ||
cdff2642 JJ |
185 | return error; |
186 | } | |
187 | ||
188 | /** | |
57fa1e18 | 189 | * aa_path_name - compute the pathname of a file |
cdff2642 JJ |
190 | * @path: path the file (NOT NULL) |
191 | * @flags: flags controlling path name generation | |
192 | * @buffer: buffer that aa_get_name() allocated (NOT NULL) | |
193 | * @name: Returns - the generated path name if !error (NOT NULL) | |
57fa1e18 | 194 | * @info: Returns - information on why the path lookup failed (MAYBE NULL) |
cdff2642 JJ |
195 | * |
196 | * @name is a pointer to the beginning of the pathname (which usually differs | |
197 | * from the beginning of the buffer), or NULL. If there is an error @name | |
198 | * may contain a partial or invalid name that can be used for audit purposes, | |
199 | * but it can not be used for mediation. | |
200 | * | |
201 | * We need PATH_IS_DIR to indicate whether the file is a directory or not | |
202 | * because the file may not yet exist, and so we cannot check the inode's | |
203 | * file type. | |
204 | * | |
205 | * Returns: %0 else error code if could retrieve name | |
206 | */ | |
2c7661ff AV |
207 | int aa_path_name(const struct path *path, int flags, char **buffer, |
208 | const char **name, const char **info) | |
cdff2642 JJ |
209 | { |
210 | char *buf, *str = NULL; | |
211 | int size = 256; | |
212 | int error; | |
213 | ||
214 | *name = NULL; | |
215 | *buffer = NULL; | |
216 | for (;;) { | |
217 | /* freed by caller */ | |
218 | buf = kmalloc(size, GFP_KERNEL); | |
219 | if (!buf) | |
220 | return -ENOMEM; | |
221 | ||
57fa1e18 | 222 | error = get_name_to_buffer(path, flags, buf, size, &str, info); |
cdff2642 JJ |
223 | if (error != -ENAMETOOLONG) |
224 | break; | |
225 | ||
226 | kfree(buf); | |
227 | size <<= 1; | |
228 | if (size > aa_g_path_max) | |
229 | return -ENAMETOOLONG; | |
57fa1e18 | 230 | *info = NULL; |
cdff2642 JJ |
231 | } |
232 | *buffer = buf; | |
233 | *name = str; | |
234 | ||
235 | return error; | |
236 | } |