~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/policy_unpack.c

Version: ~ [ linux-5.4-rc3 ] ~ [ linux-5.3.6 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.79 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.149 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.196 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.196 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.75 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * AppArmor security module
  3  *
  4  * This file contains AppArmor functions for unpacking policy loaded from
  5  * userspace.
  6  *
  7  * Copyright (C) 1998-2008 Novell/SUSE
  8  * Copyright 2009-2010 Canonical Ltd.
  9  *
 10  * This program is free software; you can redistribute it and/or
 11  * modify it under the terms of the GNU General Public License as
 12  * published by the Free Software Foundation, version 2 of the
 13  * License.
 14  *
 15  * AppArmor uses a serialized binary format for loading policy. To find
 16  * policy format documentation look in Documentation/security/apparmor.txt
 17  * All policy is validated before it is used.
 18  */
 19 
 20 #include <asm/unaligned.h>
 21 #include <linux/ctype.h>
 22 #include <linux/errno.h>
 23 
 24 #include "include/apparmor.h"
 25 #include "include/audit.h"
 26 #include "include/context.h"
 27 #include "include/crypto.h"
 28 #include "include/match.h"
 29 #include "include/policy.h"
 30 #include "include/policy_unpack.h"
 31 
 32 /*
 33  * The AppArmor interface treats data as a type byte followed by the
 34  * actual data.  The interface has the notion of a a named entry
 35  * which has a name (AA_NAME typecode followed by name string) followed by
 36  * the entries typecode and data.  Named types allow for optional
 37  * elements and extensions to be added and tested for without breaking
 38  * backwards compatibility.
 39  */
 40 
 41 enum aa_code {
 42         AA_U8,
 43         AA_U16,
 44         AA_U32,
 45         AA_U64,
 46         AA_NAME,                /* same as string except it is items name */
 47         AA_STRING,
 48         AA_BLOB,
 49         AA_STRUCT,
 50         AA_STRUCTEND,
 51         AA_LIST,
 52         AA_LISTEND,
 53         AA_ARRAY,
 54         AA_ARRAYEND,
 55 };
 56 
 57 /*
 58  * aa_ext is the read of the buffer containing the serialized profile.  The
 59  * data is copied into a kernel buffer in apparmorfs and then handed off to
 60  * the unpack routines.
 61  */
 62 struct aa_ext {
 63         void *start;
 64         void *end;
 65         void *pos;              /* pointer to current position in the buffer */
 66         u32 version;
 67 };
 68 
 69 /* audit callback for unpack fields */
 70 static void audit_cb(struct audit_buffer *ab, void *va)
 71 {
 72         struct common_audit_data *sa = va;
 73         if (sa->aad->iface.target) {
 74                 struct aa_profile *name = sa->aad->iface.target;
 75                 audit_log_format(ab, " name=");
 76                 audit_log_untrustedstring(ab, name->base.hname);
 77         }
 78         if (sa->aad->iface.pos)
 79                 audit_log_format(ab, " offset=%ld", sa->aad->iface.pos);
 80 }
 81 
 82 /**
 83  * audit_iface - do audit message for policy unpacking/load/replace/remove
 84  * @new: profile if it has been allocated (MAYBE NULL)
 85  * @name: name of the profile being manipulated (MAYBE NULL)
 86  * @info: any extra info about the failure (MAYBE NULL)
 87  * @e: buffer position info
 88  * @error: error code
 89  *
 90  * Returns: %0 or error
 91  */
 92 static int audit_iface(struct aa_profile *new, const char *name,
 93                        const char *info, struct aa_ext *e, int error)
 94 {
 95         struct aa_profile *profile = __aa_current_profile();
 96         struct common_audit_data sa;
 97         struct apparmor_audit_data aad = {0,};
 98         sa.type = LSM_AUDIT_DATA_NONE;
 99         sa.aad = &aad;
100         if (e)
101                 aad.iface.pos = e->pos - e->start;
102         aad.iface.target = new;
103         aad.name = name;
104         aad.info = info;
105         aad.error = error;
106 
107         return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa,
108                         audit_cb);
109 }
110 
111 /* test if read will be in packed data bounds */
112 static bool inbounds(struct aa_ext *e, size_t size)
113 {
114         return (size <= e->end - e->pos);
115 }
116 
117 /**
118  * aa_u16_chunck - test and do bounds checking for a u16 size based chunk
119  * @e: serialized data read head (NOT NULL)
120  * @chunk: start address for chunk of data (NOT NULL)
121  *
122  * Returns: the size of chunk found with the read head at the end of the chunk.
123  */
124 static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
125 {
126         size_t size = 0;
127 
128         if (!inbounds(e, sizeof(u16)))
129                 return 0;
130         size = le16_to_cpu(get_unaligned((u16 *) e->pos));
131         e->pos += sizeof(u16);
132         if (!inbounds(e, size))
133                 return 0;
134         *chunk = e->pos;
135         e->pos += size;
136         return size;
137 }
138 
139 /* unpack control byte */
140 static bool unpack_X(struct aa_ext *e, enum aa_code code)
141 {
142         if (!inbounds(e, 1))
143                 return 0;
144         if (*(u8 *) e->pos != code)
145                 return 0;
146         e->pos++;
147         return 1;
148 }
149 
150 /**
151  * unpack_nameX - check is the next element is of type X with a name of @name
152  * @e: serialized data extent information  (NOT NULL)
153  * @code: type code
154  * @name: name to match to the serialized element.  (MAYBE NULL)
155  *
156  * check that the next serialized data element is of type X and has a tag
157  * name @name.  If @name is specified then there must be a matching
158  * name element in the stream.  If @name is NULL any name element will be
159  * skipped and only the typecode will be tested.
160  *
161  * Returns 1 on success (both type code and name tests match) and the read
162  * head is advanced past the headers
163  *
164  * Returns: 0 if either match fails, the read head does not move
165  */
166 static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
167 {
168         /*
169          * May need to reset pos if name or type doesn't match
170          */
171         void *pos = e->pos;
172         /*
173          * Check for presence of a tagname, and if present name size
174          * AA_NAME tag value is a u16.
175          */
176         if (unpack_X(e, AA_NAME)) {
177                 char *tag = NULL;
178                 size_t size = unpack_u16_chunk(e, &tag);
179                 /* if a name is specified it must match. otherwise skip tag */
180                 if (name && (!size || strcmp(name, tag)))
181                         goto fail;
182         } else if (name) {
183                 /* if a name is specified and there is no name tag fail */
184                 goto fail;
185         }
186 
187         /* now check if type code matches */
188         if (unpack_X(e, code))
189                 return 1;
190 
191 fail:
192         e->pos = pos;
193         return 0;
194 }
195 
196 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
197 {
198         if (unpack_nameX(e, AA_U32, name)) {
199                 if (!inbounds(e, sizeof(u32)))
200                         return 0;
201                 if (data)
202                         *data = le32_to_cpu(get_unaligned((u32 *) e->pos));
203                 e->pos += sizeof(u32);
204                 return 1;
205         }
206         return 0;
207 }
208 
209 static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
210 {
211         if (unpack_nameX(e, AA_U64, name)) {
212                 if (!inbounds(e, sizeof(u64)))
213                         return 0;
214                 if (data)
215                         *data = le64_to_cpu(get_unaligned((u64 *) e->pos));
216                 e->pos += sizeof(u64);
217                 return 1;
218         }
219         return 0;
220 }
221 
222 static size_t unpack_array(struct aa_ext *e, const char *name)
223 {
224         if (unpack_nameX(e, AA_ARRAY, name)) {
225                 int size;
226                 if (!inbounds(e, sizeof(u16)))
227                         return 0;
228                 size = (int)le16_to_cpu(get_unaligned((u16 *) e->pos));
229                 e->pos += sizeof(u16);
230                 return size;
231         }
232         return 0;
233 }
234 
235 static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name)
236 {
237         if (unpack_nameX(e, AA_BLOB, name)) {
238                 u32 size;
239                 if (!inbounds(e, sizeof(u32)))
240                         return 0;
241                 size = le32_to_cpu(get_unaligned((u32 *) e->pos));
242                 e->pos += sizeof(u32);
243                 if (inbounds(e, (size_t) size)) {
244                         *blob = e->pos;
245                         e->pos += size;
246                         return size;
247                 }
248         }
249         return 0;
250 }
251 
252 static int unpack_str(struct aa_ext *e, const char **string, const char *name)
253 {
254         char *src_str;
255         size_t size = 0;
256         void *pos = e->pos;
257         *string = NULL;
258         if (unpack_nameX(e, AA_STRING, name)) {
259                 size = unpack_u16_chunk(e, &src_str);
260                 if (size) {
261                         /* strings are null terminated, length is size - 1 */
262                         if (src_str[size - 1] != 0)
263                                 goto fail;
264                         *string = src_str;
265                 }
266         }
267         return size;
268 
269 fail:
270         e->pos = pos;
271         return 0;
272 }
273 
274 static int unpack_strdup(struct aa_ext *e, char **string, const char *name)
275 {
276         const char *tmp;
277         void *pos = e->pos;
278         int res = unpack_str(e, &tmp, name);
279         *string = NULL;
280 
281         if (!res)
282                 return 0;
283 
284         *string = kmemdup(tmp, res, GFP_KERNEL);
285         if (!*string) {
286                 e->pos = pos;
287                 return 0;
288         }
289 
290         return res;
291 }
292 
293 #define DFA_VALID_PERM_MASK             0xffffffff
294 #define DFA_VALID_PERM2_MASK            0xffffffff
295 
296 /**
297  * verify_accept - verify the accept tables of a dfa
298  * @dfa: dfa to verify accept tables of (NOT NULL)
299  * @flags: flags governing dfa
300  *
301  * Returns: 1 if valid accept tables else 0 if error
302  */
303 static bool verify_accept(struct aa_dfa *dfa, int flags)
304 {
305         int i;
306 
307         /* verify accept permissions */
308         for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
309                 int mode = ACCEPT_TABLE(dfa)[i];
310 
311                 if (mode & ~DFA_VALID_PERM_MASK)
312                         return 0;
313 
314                 if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
315                         return 0;
316         }
317         return 1;
318 }
319 
320 /**
321  * unpack_dfa - unpack a file rule dfa
322  * @e: serialized data extent information (NOT NULL)
323  *
324  * returns dfa or ERR_PTR or NULL if no dfa
325  */
326 static struct aa_dfa *unpack_dfa(struct aa_ext *e)
327 {
328         char *blob = NULL;
329         size_t size;
330         struct aa_dfa *dfa = NULL;
331 
332         size = unpack_blob(e, &blob, "aadfa");
333         if (size) {
334                 /*
335                  * The dfa is aligned with in the blob to 8 bytes
336                  * from the beginning of the stream.
337                  * alignment adjust needed by dfa unpack
338                  */
339                 size_t sz = blob - (char *) e->start -
340                         ((e->pos - e->start) & 7);
341                 size_t pad = ALIGN(sz, 8) - sz;
342                 int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
343                         TO_ACCEPT2_FLAG(YYTD_DATA32);
344 
345 
346                 if (aa_g_paranoid_load)
347                         flags |= DFA_FLAG_VERIFY_STATES;
348 
349                 dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
350 
351                 if (IS_ERR(dfa))
352                         return dfa;
353 
354                 if (!verify_accept(dfa, flags))
355                         goto fail;
356         }
357 
358         return dfa;
359 
360 fail:
361         aa_put_dfa(dfa);
362         return ERR_PTR(-EPROTO);
363 }
364 
365 /**
366  * unpack_trans_table - unpack a profile transition table
367  * @e: serialized data extent information  (NOT NULL)
368  * @profile: profile to add the accept table to (NOT NULL)
369  *
370  * Returns: 1 if table successfully unpacked
371  */
372 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
373 {
374         void *pos = e->pos;
375 
376         /* exec table is optional */
377         if (unpack_nameX(e, AA_STRUCT, "xtable")) {
378                 int i, size;
379 
380                 size = unpack_array(e, NULL);
381                 /* currently 4 exec bits and entries 0-3 are reserved iupcx */
382                 if (size > 16 - 4)
383                         goto fail;
384                 profile->file.trans.table = kzalloc(sizeof(char *) * size,
385                                                     GFP_KERNEL);
386                 if (!profile->file.trans.table)
387                         goto fail;
388 
389                 profile->file.trans.size = size;
390                 for (i = 0; i < size; i++) {
391                         char *str;
392                         int c, j, size2 = unpack_strdup(e, &str, NULL);
393                         /* unpack_strdup verifies that the last character is
394                          * null termination byte.
395                          */
396                         if (!size2)
397                                 goto fail;
398                         profile->file.trans.table[i] = str;
399                         /* verify that name doesn't start with space */
400                         if (isspace(*str))
401                                 goto fail;
402 
403                         /* count internal #  of internal \0 */
404                         for (c = j = 0; j < size2 - 2; j++) {
405                                 if (!str[j])
406                                         c++;
407                         }
408                         if (*str == ':') {
409                                 /* beginning with : requires an embedded \0,
410                                  * verify that exactly 1 internal \0 exists
411                                  * trailing \0 already verified by unpack_strdup
412                                  */
413                                 if (c != 1)
414                                         goto fail;
415                                 /* first character after : must be valid */
416                                 if (!str[1])
417                                         goto fail;
418                         } else if (c)
419                                 /* fail - all other cases with embedded \0 */
420                                 goto fail;
421                 }
422                 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
423                         goto fail;
424                 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
425                         goto fail;
426         }
427         return 1;
428 
429 fail:
430         aa_free_domain_entries(&profile->file.trans);
431         e->pos = pos;
432         return 0;
433 }
434 
435 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
436 {
437         void *pos = e->pos;
438 
439         /* rlimits are optional */
440         if (unpack_nameX(e, AA_STRUCT, "rlimits")) {
441                 int i, size;
442                 u32 tmp = 0;
443                 if (!unpack_u32(e, &tmp, NULL))
444                         goto fail;
445                 profile->rlimits.mask = tmp;
446 
447                 size = unpack_array(e, NULL);
448                 if (size > RLIM_NLIMITS)
449                         goto fail;
450                 for (i = 0; i < size; i++) {
451                         u64 tmp2 = 0;
452                         int a = aa_map_resource(i);
453                         if (!unpack_u64(e, &tmp2, NULL))
454                                 goto fail;
455                         profile->rlimits.limits[a].rlim_max = tmp2;
456                 }
457                 if (!unpack_nameX(e, AA_ARRAYEND, NULL))
458                         goto fail;
459                 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
460                         goto fail;
461         }
462         return 1;
463 
464 fail:
465         e->pos = pos;
466         return 0;
467 }
468 
469 /**
470  * unpack_profile - unpack a serialized profile
471  * @e: serialized data extent information (NOT NULL)
472  *
473  * NOTE: unpack profile sets audit struct if there is a failure
474  */
475 static struct aa_profile *unpack_profile(struct aa_ext *e)
476 {
477         struct aa_profile *profile = NULL;
478         const char *name = NULL;
479         int i, error = -EPROTO;
480         kernel_cap_t tmpcap;
481         u32 tmp;
482 
483         /* check that we have the right struct being passed */
484         if (!unpack_nameX(e, AA_STRUCT, "profile"))
485                 goto fail;
486         if (!unpack_str(e, &name, NULL))
487                 goto fail;
488 
489         profile = aa_alloc_profile(name);
490         if (!profile)
491                 return ERR_PTR(-ENOMEM);
492 
493         /* profile renaming is optional */
494         (void) unpack_str(e, &profile->rename, "rename");
495 
496         /* attachment string is optional */
497         (void) unpack_str(e, &profile->attach, "attach");
498 
499         /* xmatch is optional and may be NULL */
500         profile->xmatch = unpack_dfa(e);
501         if (IS_ERR(profile->xmatch)) {
502                 error = PTR_ERR(profile->xmatch);
503                 profile->xmatch = NULL;
504                 goto fail;
505         }
506         /* xmatch_len is not optional if xmatch is set */
507         if (profile->xmatch) {
508                 if (!unpack_u32(e, &tmp, NULL))
509                         goto fail;
510                 profile->xmatch_len = tmp;
511         }
512 
513         /* per profile debug flags (complain, audit) */
514         if (!unpack_nameX(e, AA_STRUCT, "flags"))
515                 goto fail;
516         if (!unpack_u32(e, &tmp, NULL))
517                 goto fail;
518         if (tmp & PACKED_FLAG_HAT)
519                 profile->flags |= PFLAG_HAT;
520         if (!unpack_u32(e, &tmp, NULL))
521                 goto fail;
522         if (tmp == PACKED_MODE_COMPLAIN)
523                 profile->mode = APPARMOR_COMPLAIN;
524         else if (tmp == PACKED_MODE_KILL)
525                 profile->mode = APPARMOR_KILL;
526         else if (tmp == PACKED_MODE_UNCONFINED)
527                 profile->mode = APPARMOR_UNCONFINED;
528         if (!unpack_u32(e, &tmp, NULL))
529                 goto fail;
530         if (tmp)
531                 profile->audit = AUDIT_ALL;
532 
533         if (!unpack_nameX(e, AA_STRUCTEND, NULL))
534                 goto fail;
535 
536         /* path_flags is optional */
537         if (unpack_u32(e, &profile->path_flags, "path_flags"))
538                 profile->path_flags |= profile->flags & PFLAG_MEDIATE_DELETED;
539         else
540                 /* set a default value if path_flags field is not present */
541                 profile->path_flags = PFLAG_MEDIATE_DELETED;
542 
543         if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
544                 goto fail;
545         if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
546                 goto fail;
547         if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL))
548                 goto fail;
549         if (!unpack_u32(e, &tmpcap.cap[0], NULL))
550                 goto fail;
551 
552         if (unpack_nameX(e, AA_STRUCT, "caps64")) {
553                 /* optional upper half of 64 bit caps */
554                 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL))
555                         goto fail;
556                 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
557                         goto fail;
558                 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL))
559                         goto fail;
560                 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL))
561                         goto fail;
562                 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
563                         goto fail;
564         }
565 
566         if (unpack_nameX(e, AA_STRUCT, "capsx")) {
567                 /* optional extended caps mediation mask */
568                 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL))
569                         goto fail;
570                 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
571                         goto fail;
572                 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
573                         goto fail;
574         }
575 
576         if (!unpack_rlimits(e, profile))
577                 goto fail;
578 
579         if (unpack_nameX(e, AA_STRUCT, "policydb")) {
580                 /* generic policy dfa - optional and may be NULL */
581                 profile->policy.dfa = unpack_dfa(e);
582                 if (IS_ERR(profile->policy.dfa)) {
583                         error = PTR_ERR(profile->policy.dfa);
584                         profile->policy.dfa = NULL;
585                         goto fail;
586                 } else if (!profile->policy.dfa) {
587                         error = -EPROTO;
588                         goto fail;
589                 }
590                 if (!unpack_u32(e, &profile->policy.start[0], "start"))
591                         /* default start state */
592                         profile->policy.start[0] = DFA_START;
593                 /* setup class index */
594                 for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
595                         profile->policy.start[i] =
596                                 aa_dfa_next(profile->policy.dfa,
597                                             profile->policy.start[0],
598                                             i);
599                 }
600                 if (!unpack_nameX(e, AA_STRUCTEND, NULL))
601                         goto fail;
602         }
603 
604         /* get file rules */
605         profile->file.dfa = unpack_dfa(e);
606         if (IS_ERR(profile->file.dfa)) {
607                 error = PTR_ERR(profile->file.dfa);
608                 profile->file.dfa = NULL;
609                 goto fail;
610         }
611 
612         if (!unpack_u32(e, &profile->file.start, "dfa_start"))
613                 /* default start state */
614                 profile->file.start = DFA_START;
615 
616         if (!unpack_trans_table(e, profile))
617                 goto fail;
618 
619         if (!unpack_nameX(e, AA_STRUCTEND, NULL))
620                 goto fail;
621 
622         return profile;
623 
624 fail:
625         if (profile)
626                 name = NULL;
627         else if (!name)
628                 name = "unknown";
629         audit_iface(profile, name, "failed to unpack profile", e, error);
630         aa_free_profile(profile);
631 
632         return ERR_PTR(error);
633 }
634 
635 /**
636  * verify_head - unpack serialized stream header
637  * @e: serialized data read head (NOT NULL)
638  * @required: whether the header is required or optional
639  * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
640  *
641  * Returns: error or 0 if header is good
642  */
643 static int verify_header(struct aa_ext *e, int required, const char **ns)
644 {
645         int error = -EPROTONOSUPPORT;
646         const char *name = NULL;
647         *ns = NULL;
648 
649         /* get the interface version */
650         if (!unpack_u32(e, &e->version, "version")) {
651                 if (required) {
652                         audit_iface(NULL, NULL, "invalid profile format", e,
653                                     error);
654                         return error;
655                 }
656 
657                 /* check that the interface version is currently supported */
658                 if (e->version != 5) {
659                         audit_iface(NULL, NULL, "unsupported interface version",
660                                     e, error);
661                         return error;
662                 }
663         }
664 
665 
666         /* read the namespace if present */
667         if (unpack_str(e, &name, "namespace")) {
668                 if (*ns && strcmp(*ns, name))
669                         audit_iface(NULL, NULL, "invalid ns change", e, error);
670                 else if (!*ns)
671                         *ns = name;
672         }
673 
674         return 0;
675 }
676 
677 static bool verify_xindex(int xindex, int table_size)
678 {
679         int index, xtype;
680         xtype = xindex & AA_X_TYPE_MASK;
681         index = xindex & AA_X_INDEX_MASK;
682         if (xtype == AA_X_TABLE && index >= table_size)
683                 return 0;
684         return 1;
685 }
686 
687 /* verify dfa xindexes are in range of transition tables */
688 static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
689 {
690         int i;
691         for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
692                 if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
693                         return 0;
694                 if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
695                         return 0;
696         }
697         return 1;
698 }
699 
700 /**
701  * verify_profile - Do post unpack analysis to verify profile consistency
702  * @profile: profile to verify (NOT NULL)
703  *
704  * Returns: 0 if passes verification else error
705  */
706 static int verify_profile(struct aa_profile *profile)
707 {
708         if (aa_g_paranoid_load) {
709                 if (profile->file.dfa &&
710                     !verify_dfa_xindex(profile->file.dfa,
711                                        profile->file.trans.size)) {
712                         audit_iface(profile, NULL, "Invalid named transition",
713                                     NULL, -EPROTO);
714                         return -EPROTO;
715                 }
716         }
717 
718         return 0;
719 }
720 
721 void aa_load_ent_free(struct aa_load_ent *ent)
722 {
723         if (ent) {
724                 aa_put_profile(ent->rename);
725                 aa_put_profile(ent->old);
726                 aa_put_profile(ent->new);
727                 kzfree(ent);
728         }
729 }
730 
731 struct aa_load_ent *aa_load_ent_alloc(void)
732 {
733         struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL);
734         if (ent)
735                 INIT_LIST_HEAD(&ent->list);
736         return ent;
737 }
738 
739 /**
740  * aa_unpack - unpack packed binary profile(s) data loaded from user space
741  * @udata: user data copied to kmem  (NOT NULL)
742  * @size: the size of the user data
743  * @lh: list to place unpacked profiles in a aa_repl_ws
744  * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
745  *
746  * Unpack user data and return refcounted allocated profile(s) stored in
747  * @lh in order of discovery, with the list chain stored in base.list
748  * or error
749  *
750  * Returns: profile(s) on @lh else error pointer if fails to unpack
751  */
752 int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
753 {
754         struct aa_load_ent *tmp, *ent;
755         struct aa_profile *profile = NULL;
756         int error;
757         struct aa_ext e = {
758                 .start = udata,
759                 .end = udata + size,
760                 .pos = udata,
761         };
762 
763         *ns = NULL;
764         while (e.pos < e.end) {
765                 void *start;
766                 error = verify_header(&e, e.pos == e.start, ns);
767                 if (error)
768                         goto fail;
769 
770                 start = e.pos;
771                 profile = unpack_profile(&e);
772                 if (IS_ERR(profile)) {
773                         error = PTR_ERR(profile);
774                         goto fail;
775                 }
776 
777                 error = verify_profile(profile);
778                 if (error)
779                         goto fail_profile;
780 
781                 error = aa_calc_profile_hash(profile, e.version, start,
782                                              e.pos - start);
783                 if (error)
784                         goto fail_profile;
785 
786                 ent = aa_load_ent_alloc();
787                 if (!ent) {
788                         error = -ENOMEM;
789                         goto fail_profile;
790                 }
791 
792                 ent->new = profile;
793                 list_add_tail(&ent->list, lh);
794         }
795 
796         return 0;
797 
798 fail_profile:
799         aa_put_profile(profile);
800 
801 fail:
802         list_for_each_entry_safe(ent, tmp, lh, list) {
803                 list_del_init(&ent->list);
804                 aa_load_ent_free(ent);
805         }
806 
807         return error;
808 }
809 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp