1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * AppArmor security module
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * This file contains AppArmor functions for unpacking policy loaded from
6*4882a593Smuzhiyun * userspace.
7*4882a593Smuzhiyun *
8*4882a593Smuzhiyun * Copyright (C) 1998-2008 Novell/SUSE
9*4882a593Smuzhiyun * Copyright 2009-2010 Canonical Ltd.
10*4882a593Smuzhiyun *
11*4882a593Smuzhiyun * AppArmor uses a serialized binary format for loading policy. To find
12*4882a593Smuzhiyun * policy format documentation see Documentation/admin-guide/LSM/apparmor.rst
13*4882a593Smuzhiyun * All policy is validated before it is used.
14*4882a593Smuzhiyun */
15*4882a593Smuzhiyun
16*4882a593Smuzhiyun #include <asm/unaligned.h>
17*4882a593Smuzhiyun #include <linux/ctype.h>
18*4882a593Smuzhiyun #include <linux/errno.h>
19*4882a593Smuzhiyun #include <linux/zlib.h>
20*4882a593Smuzhiyun
21*4882a593Smuzhiyun #include "include/apparmor.h"
22*4882a593Smuzhiyun #include "include/audit.h"
23*4882a593Smuzhiyun #include "include/cred.h"
24*4882a593Smuzhiyun #include "include/crypto.h"
25*4882a593Smuzhiyun #include "include/match.h"
26*4882a593Smuzhiyun #include "include/path.h"
27*4882a593Smuzhiyun #include "include/policy.h"
28*4882a593Smuzhiyun #include "include/policy_unpack.h"
29*4882a593Smuzhiyun
30*4882a593Smuzhiyun #define K_ABI_MASK 0x3ff
31*4882a593Smuzhiyun #define FORCE_COMPLAIN_FLAG 0x800
32*4882a593Smuzhiyun #define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
33*4882a593Smuzhiyun #define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun #define v5 5 /* base version */
36*4882a593Smuzhiyun #define v6 6 /* per entry policydb mediation check */
37*4882a593Smuzhiyun #define v7 7
38*4882a593Smuzhiyun #define v8 8 /* full network masking */
39*4882a593Smuzhiyun
40*4882a593Smuzhiyun /*
41*4882a593Smuzhiyun * The AppArmor interface treats data as a type byte followed by the
42*4882a593Smuzhiyun * actual data. The interface has the notion of a a named entry
43*4882a593Smuzhiyun * which has a name (AA_NAME typecode followed by name string) followed by
44*4882a593Smuzhiyun * the entries typecode and data. Named types allow for optional
45*4882a593Smuzhiyun * elements and extensions to be added and tested for without breaking
46*4882a593Smuzhiyun * backwards compatibility.
47*4882a593Smuzhiyun */
48*4882a593Smuzhiyun
49*4882a593Smuzhiyun enum aa_code {
50*4882a593Smuzhiyun AA_U8,
51*4882a593Smuzhiyun AA_U16,
52*4882a593Smuzhiyun AA_U32,
53*4882a593Smuzhiyun AA_U64,
54*4882a593Smuzhiyun AA_NAME, /* same as string except it is items name */
55*4882a593Smuzhiyun AA_STRING,
56*4882a593Smuzhiyun AA_BLOB,
57*4882a593Smuzhiyun AA_STRUCT,
58*4882a593Smuzhiyun AA_STRUCTEND,
59*4882a593Smuzhiyun AA_LIST,
60*4882a593Smuzhiyun AA_LISTEND,
61*4882a593Smuzhiyun AA_ARRAY,
62*4882a593Smuzhiyun AA_ARRAYEND,
63*4882a593Smuzhiyun };
64*4882a593Smuzhiyun
65*4882a593Smuzhiyun /*
66*4882a593Smuzhiyun * aa_ext is the read of the buffer containing the serialized profile. The
67*4882a593Smuzhiyun * data is copied into a kernel buffer in apparmorfs and then handed off to
68*4882a593Smuzhiyun * the unpack routines.
69*4882a593Smuzhiyun */
70*4882a593Smuzhiyun struct aa_ext {
71*4882a593Smuzhiyun void *start;
72*4882a593Smuzhiyun void *end;
73*4882a593Smuzhiyun void *pos; /* pointer to current position in the buffer */
74*4882a593Smuzhiyun u32 version;
75*4882a593Smuzhiyun };
76*4882a593Smuzhiyun
77*4882a593Smuzhiyun /* audit callback for unpack fields */
audit_cb(struct audit_buffer * ab,void * va)78*4882a593Smuzhiyun static void audit_cb(struct audit_buffer *ab, void *va)
79*4882a593Smuzhiyun {
80*4882a593Smuzhiyun struct common_audit_data *sa = va;
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun if (aad(sa)->iface.ns) {
83*4882a593Smuzhiyun audit_log_format(ab, " ns=");
84*4882a593Smuzhiyun audit_log_untrustedstring(ab, aad(sa)->iface.ns);
85*4882a593Smuzhiyun }
86*4882a593Smuzhiyun if (aad(sa)->name) {
87*4882a593Smuzhiyun audit_log_format(ab, " name=");
88*4882a593Smuzhiyun audit_log_untrustedstring(ab, aad(sa)->name);
89*4882a593Smuzhiyun }
90*4882a593Smuzhiyun if (aad(sa)->iface.pos)
91*4882a593Smuzhiyun audit_log_format(ab, " offset=%ld", aad(sa)->iface.pos);
92*4882a593Smuzhiyun }
93*4882a593Smuzhiyun
94*4882a593Smuzhiyun /**
95*4882a593Smuzhiyun * audit_iface - do audit message for policy unpacking/load/replace/remove
96*4882a593Smuzhiyun * @new: profile if it has been allocated (MAYBE NULL)
97*4882a593Smuzhiyun * @ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)
98*4882a593Smuzhiyun * @name: name of the profile being manipulated (MAYBE NULL)
99*4882a593Smuzhiyun * @info: any extra info about the failure (MAYBE NULL)
100*4882a593Smuzhiyun * @e: buffer position info
101*4882a593Smuzhiyun * @error: error code
102*4882a593Smuzhiyun *
103*4882a593Smuzhiyun * Returns: %0 or error
104*4882a593Smuzhiyun */
audit_iface(struct aa_profile * new,const char * ns_name,const char * name,const char * info,struct aa_ext * e,int error)105*4882a593Smuzhiyun static int audit_iface(struct aa_profile *new, const char *ns_name,
106*4882a593Smuzhiyun const char *name, const char *info, struct aa_ext *e,
107*4882a593Smuzhiyun int error)
108*4882a593Smuzhiyun {
109*4882a593Smuzhiyun struct aa_profile *profile = labels_profile(aa_current_raw_label());
110*4882a593Smuzhiyun DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL);
111*4882a593Smuzhiyun if (e)
112*4882a593Smuzhiyun aad(&sa)->iface.pos = e->pos - e->start;
113*4882a593Smuzhiyun aad(&sa)->iface.ns = ns_name;
114*4882a593Smuzhiyun if (new)
115*4882a593Smuzhiyun aad(&sa)->name = new->base.hname;
116*4882a593Smuzhiyun else
117*4882a593Smuzhiyun aad(&sa)->name = name;
118*4882a593Smuzhiyun aad(&sa)->info = info;
119*4882a593Smuzhiyun aad(&sa)->error = error;
120*4882a593Smuzhiyun
121*4882a593Smuzhiyun return aa_audit(AUDIT_APPARMOR_STATUS, profile, &sa, audit_cb);
122*4882a593Smuzhiyun }
123*4882a593Smuzhiyun
__aa_loaddata_update(struct aa_loaddata * data,long revision)124*4882a593Smuzhiyun void __aa_loaddata_update(struct aa_loaddata *data, long revision)
125*4882a593Smuzhiyun {
126*4882a593Smuzhiyun AA_BUG(!data);
127*4882a593Smuzhiyun AA_BUG(!data->ns);
128*4882a593Smuzhiyun AA_BUG(!data->dents[AAFS_LOADDATA_REVISION]);
129*4882a593Smuzhiyun AA_BUG(!mutex_is_locked(&data->ns->lock));
130*4882a593Smuzhiyun AA_BUG(data->revision > revision);
131*4882a593Smuzhiyun
132*4882a593Smuzhiyun data->revision = revision;
133*4882a593Smuzhiyun d_inode(data->dents[AAFS_LOADDATA_DIR])->i_mtime =
134*4882a593Smuzhiyun current_time(d_inode(data->dents[AAFS_LOADDATA_DIR]));
135*4882a593Smuzhiyun d_inode(data->dents[AAFS_LOADDATA_REVISION])->i_mtime =
136*4882a593Smuzhiyun current_time(d_inode(data->dents[AAFS_LOADDATA_REVISION]));
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun
aa_rawdata_eq(struct aa_loaddata * l,struct aa_loaddata * r)139*4882a593Smuzhiyun bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r)
140*4882a593Smuzhiyun {
141*4882a593Smuzhiyun if (l->size != r->size)
142*4882a593Smuzhiyun return false;
143*4882a593Smuzhiyun if (l->compressed_size != r->compressed_size)
144*4882a593Smuzhiyun return false;
145*4882a593Smuzhiyun if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0)
146*4882a593Smuzhiyun return false;
147*4882a593Smuzhiyun return memcmp(l->data, r->data, r->compressed_size ?: r->size) == 0;
148*4882a593Smuzhiyun }
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun /*
151*4882a593Smuzhiyun * need to take the ns mutex lock which is NOT safe most places that
152*4882a593Smuzhiyun * put_loaddata is called, so we have to delay freeing it
153*4882a593Smuzhiyun */
do_loaddata_free(struct work_struct * work)154*4882a593Smuzhiyun static void do_loaddata_free(struct work_struct *work)
155*4882a593Smuzhiyun {
156*4882a593Smuzhiyun struct aa_loaddata *d = container_of(work, struct aa_loaddata, work);
157*4882a593Smuzhiyun struct aa_ns *ns = aa_get_ns(d->ns);
158*4882a593Smuzhiyun
159*4882a593Smuzhiyun if (ns) {
160*4882a593Smuzhiyun mutex_lock_nested(&ns->lock, ns->level);
161*4882a593Smuzhiyun __aa_fs_remove_rawdata(d);
162*4882a593Smuzhiyun mutex_unlock(&ns->lock);
163*4882a593Smuzhiyun aa_put_ns(ns);
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun
166*4882a593Smuzhiyun kfree_sensitive(d->hash);
167*4882a593Smuzhiyun kfree_sensitive(d->name);
168*4882a593Smuzhiyun kvfree(d->data);
169*4882a593Smuzhiyun kfree_sensitive(d);
170*4882a593Smuzhiyun }
171*4882a593Smuzhiyun
aa_loaddata_kref(struct kref * kref)172*4882a593Smuzhiyun void aa_loaddata_kref(struct kref *kref)
173*4882a593Smuzhiyun {
174*4882a593Smuzhiyun struct aa_loaddata *d = container_of(kref, struct aa_loaddata, count);
175*4882a593Smuzhiyun
176*4882a593Smuzhiyun if (d) {
177*4882a593Smuzhiyun INIT_WORK(&d->work, do_loaddata_free);
178*4882a593Smuzhiyun schedule_work(&d->work);
179*4882a593Smuzhiyun }
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun
aa_loaddata_alloc(size_t size)182*4882a593Smuzhiyun struct aa_loaddata *aa_loaddata_alloc(size_t size)
183*4882a593Smuzhiyun {
184*4882a593Smuzhiyun struct aa_loaddata *d;
185*4882a593Smuzhiyun
186*4882a593Smuzhiyun d = kzalloc(sizeof(*d), GFP_KERNEL);
187*4882a593Smuzhiyun if (d == NULL)
188*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
189*4882a593Smuzhiyun d->data = kvzalloc(size, GFP_KERNEL);
190*4882a593Smuzhiyun if (!d->data) {
191*4882a593Smuzhiyun kfree(d);
192*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
193*4882a593Smuzhiyun }
194*4882a593Smuzhiyun kref_init(&d->count);
195*4882a593Smuzhiyun INIT_LIST_HEAD(&d->list);
196*4882a593Smuzhiyun
197*4882a593Smuzhiyun return d;
198*4882a593Smuzhiyun }
199*4882a593Smuzhiyun
200*4882a593Smuzhiyun /* test if read will be in packed data bounds */
inbounds(struct aa_ext * e,size_t size)201*4882a593Smuzhiyun static bool inbounds(struct aa_ext *e, size_t size)
202*4882a593Smuzhiyun {
203*4882a593Smuzhiyun return (size <= e->end - e->pos);
204*4882a593Smuzhiyun }
205*4882a593Smuzhiyun
kvmemdup(const void * src,size_t len)206*4882a593Smuzhiyun static void *kvmemdup(const void *src, size_t len)
207*4882a593Smuzhiyun {
208*4882a593Smuzhiyun void *p = kvmalloc(len, GFP_KERNEL);
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun if (p)
211*4882a593Smuzhiyun memcpy(p, src, len);
212*4882a593Smuzhiyun return p;
213*4882a593Smuzhiyun }
214*4882a593Smuzhiyun
215*4882a593Smuzhiyun /**
216*4882a593Smuzhiyun * aa_u16_chunck - test and do bounds checking for a u16 size based chunk
217*4882a593Smuzhiyun * @e: serialized data read head (NOT NULL)
218*4882a593Smuzhiyun * @chunk: start address for chunk of data (NOT NULL)
219*4882a593Smuzhiyun *
220*4882a593Smuzhiyun * Returns: the size of chunk found with the read head at the end of the chunk.
221*4882a593Smuzhiyun */
unpack_u16_chunk(struct aa_ext * e,char ** chunk)222*4882a593Smuzhiyun static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk)
223*4882a593Smuzhiyun {
224*4882a593Smuzhiyun size_t size = 0;
225*4882a593Smuzhiyun void *pos = e->pos;
226*4882a593Smuzhiyun
227*4882a593Smuzhiyun if (!inbounds(e, sizeof(u16)))
228*4882a593Smuzhiyun goto fail;
229*4882a593Smuzhiyun size = le16_to_cpu(get_unaligned((__le16 *) e->pos));
230*4882a593Smuzhiyun e->pos += sizeof(__le16);
231*4882a593Smuzhiyun if (!inbounds(e, size))
232*4882a593Smuzhiyun goto fail;
233*4882a593Smuzhiyun *chunk = e->pos;
234*4882a593Smuzhiyun e->pos += size;
235*4882a593Smuzhiyun return size;
236*4882a593Smuzhiyun
237*4882a593Smuzhiyun fail:
238*4882a593Smuzhiyun e->pos = pos;
239*4882a593Smuzhiyun return 0;
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun
242*4882a593Smuzhiyun /* unpack control byte */
unpack_X(struct aa_ext * e,enum aa_code code)243*4882a593Smuzhiyun static bool unpack_X(struct aa_ext *e, enum aa_code code)
244*4882a593Smuzhiyun {
245*4882a593Smuzhiyun if (!inbounds(e, 1))
246*4882a593Smuzhiyun return false;
247*4882a593Smuzhiyun if (*(u8 *) e->pos != code)
248*4882a593Smuzhiyun return false;
249*4882a593Smuzhiyun e->pos++;
250*4882a593Smuzhiyun return true;
251*4882a593Smuzhiyun }
252*4882a593Smuzhiyun
253*4882a593Smuzhiyun /**
254*4882a593Smuzhiyun * unpack_nameX - check is the next element is of type X with a name of @name
255*4882a593Smuzhiyun * @e: serialized data extent information (NOT NULL)
256*4882a593Smuzhiyun * @code: type code
257*4882a593Smuzhiyun * @name: name to match to the serialized element. (MAYBE NULL)
258*4882a593Smuzhiyun *
259*4882a593Smuzhiyun * check that the next serialized data element is of type X and has a tag
260*4882a593Smuzhiyun * name @name. If @name is specified then there must be a matching
261*4882a593Smuzhiyun * name element in the stream. If @name is NULL any name element will be
262*4882a593Smuzhiyun * skipped and only the typecode will be tested.
263*4882a593Smuzhiyun *
264*4882a593Smuzhiyun * Returns true on success (both type code and name tests match) and the read
265*4882a593Smuzhiyun * head is advanced past the headers
266*4882a593Smuzhiyun *
267*4882a593Smuzhiyun * Returns: false if either match fails, the read head does not move
268*4882a593Smuzhiyun */
unpack_nameX(struct aa_ext * e,enum aa_code code,const char * name)269*4882a593Smuzhiyun static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
270*4882a593Smuzhiyun {
271*4882a593Smuzhiyun /*
272*4882a593Smuzhiyun * May need to reset pos if name or type doesn't match
273*4882a593Smuzhiyun */
274*4882a593Smuzhiyun void *pos = e->pos;
275*4882a593Smuzhiyun /*
276*4882a593Smuzhiyun * Check for presence of a tagname, and if present name size
277*4882a593Smuzhiyun * AA_NAME tag value is a u16.
278*4882a593Smuzhiyun */
279*4882a593Smuzhiyun if (unpack_X(e, AA_NAME)) {
280*4882a593Smuzhiyun char *tag = NULL;
281*4882a593Smuzhiyun size_t size = unpack_u16_chunk(e, &tag);
282*4882a593Smuzhiyun /* if a name is specified it must match. otherwise skip tag */
283*4882a593Smuzhiyun if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag)))
284*4882a593Smuzhiyun goto fail;
285*4882a593Smuzhiyun } else if (name) {
286*4882a593Smuzhiyun /* if a name is specified and there is no name tag fail */
287*4882a593Smuzhiyun goto fail;
288*4882a593Smuzhiyun }
289*4882a593Smuzhiyun
290*4882a593Smuzhiyun /* now check if type code matches */
291*4882a593Smuzhiyun if (unpack_X(e, code))
292*4882a593Smuzhiyun return true;
293*4882a593Smuzhiyun
294*4882a593Smuzhiyun fail:
295*4882a593Smuzhiyun e->pos = pos;
296*4882a593Smuzhiyun return false;
297*4882a593Smuzhiyun }
298*4882a593Smuzhiyun
unpack_u8(struct aa_ext * e,u8 * data,const char * name)299*4882a593Smuzhiyun static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name)
300*4882a593Smuzhiyun {
301*4882a593Smuzhiyun void *pos = e->pos;
302*4882a593Smuzhiyun
303*4882a593Smuzhiyun if (unpack_nameX(e, AA_U8, name)) {
304*4882a593Smuzhiyun if (!inbounds(e, sizeof(u8)))
305*4882a593Smuzhiyun goto fail;
306*4882a593Smuzhiyun if (data)
307*4882a593Smuzhiyun *data = get_unaligned((u8 *)e->pos);
308*4882a593Smuzhiyun e->pos += sizeof(u8);
309*4882a593Smuzhiyun return true;
310*4882a593Smuzhiyun }
311*4882a593Smuzhiyun
312*4882a593Smuzhiyun fail:
313*4882a593Smuzhiyun e->pos = pos;
314*4882a593Smuzhiyun return false;
315*4882a593Smuzhiyun }
316*4882a593Smuzhiyun
unpack_u32(struct aa_ext * e,u32 * data,const char * name)317*4882a593Smuzhiyun static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
318*4882a593Smuzhiyun {
319*4882a593Smuzhiyun void *pos = e->pos;
320*4882a593Smuzhiyun
321*4882a593Smuzhiyun if (unpack_nameX(e, AA_U32, name)) {
322*4882a593Smuzhiyun if (!inbounds(e, sizeof(u32)))
323*4882a593Smuzhiyun goto fail;
324*4882a593Smuzhiyun if (data)
325*4882a593Smuzhiyun *data = le32_to_cpu(get_unaligned((__le32 *) e->pos));
326*4882a593Smuzhiyun e->pos += sizeof(u32);
327*4882a593Smuzhiyun return true;
328*4882a593Smuzhiyun }
329*4882a593Smuzhiyun
330*4882a593Smuzhiyun fail:
331*4882a593Smuzhiyun e->pos = pos;
332*4882a593Smuzhiyun return false;
333*4882a593Smuzhiyun }
334*4882a593Smuzhiyun
unpack_u64(struct aa_ext * e,u64 * data,const char * name)335*4882a593Smuzhiyun static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name)
336*4882a593Smuzhiyun {
337*4882a593Smuzhiyun void *pos = e->pos;
338*4882a593Smuzhiyun
339*4882a593Smuzhiyun if (unpack_nameX(e, AA_U64, name)) {
340*4882a593Smuzhiyun if (!inbounds(e, sizeof(u64)))
341*4882a593Smuzhiyun goto fail;
342*4882a593Smuzhiyun if (data)
343*4882a593Smuzhiyun *data = le64_to_cpu(get_unaligned((__le64 *) e->pos));
344*4882a593Smuzhiyun e->pos += sizeof(u64);
345*4882a593Smuzhiyun return true;
346*4882a593Smuzhiyun }
347*4882a593Smuzhiyun
348*4882a593Smuzhiyun fail:
349*4882a593Smuzhiyun e->pos = pos;
350*4882a593Smuzhiyun return false;
351*4882a593Smuzhiyun }
352*4882a593Smuzhiyun
unpack_array(struct aa_ext * e,const char * name)353*4882a593Smuzhiyun static size_t unpack_array(struct aa_ext *e, const char *name)
354*4882a593Smuzhiyun {
355*4882a593Smuzhiyun void *pos = e->pos;
356*4882a593Smuzhiyun
357*4882a593Smuzhiyun if (unpack_nameX(e, AA_ARRAY, name)) {
358*4882a593Smuzhiyun int size;
359*4882a593Smuzhiyun if (!inbounds(e, sizeof(u16)))
360*4882a593Smuzhiyun goto fail;
361*4882a593Smuzhiyun size = (int)le16_to_cpu(get_unaligned((__le16 *) e->pos));
362*4882a593Smuzhiyun e->pos += sizeof(u16);
363*4882a593Smuzhiyun return size;
364*4882a593Smuzhiyun }
365*4882a593Smuzhiyun
366*4882a593Smuzhiyun fail:
367*4882a593Smuzhiyun e->pos = pos;
368*4882a593Smuzhiyun return 0;
369*4882a593Smuzhiyun }
370*4882a593Smuzhiyun
unpack_blob(struct aa_ext * e,char ** blob,const char * name)371*4882a593Smuzhiyun static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name)
372*4882a593Smuzhiyun {
373*4882a593Smuzhiyun void *pos = e->pos;
374*4882a593Smuzhiyun
375*4882a593Smuzhiyun if (unpack_nameX(e, AA_BLOB, name)) {
376*4882a593Smuzhiyun u32 size;
377*4882a593Smuzhiyun if (!inbounds(e, sizeof(u32)))
378*4882a593Smuzhiyun goto fail;
379*4882a593Smuzhiyun size = le32_to_cpu(get_unaligned((__le32 *) e->pos));
380*4882a593Smuzhiyun e->pos += sizeof(u32);
381*4882a593Smuzhiyun if (inbounds(e, (size_t) size)) {
382*4882a593Smuzhiyun *blob = e->pos;
383*4882a593Smuzhiyun e->pos += size;
384*4882a593Smuzhiyun return size;
385*4882a593Smuzhiyun }
386*4882a593Smuzhiyun }
387*4882a593Smuzhiyun
388*4882a593Smuzhiyun fail:
389*4882a593Smuzhiyun e->pos = pos;
390*4882a593Smuzhiyun return 0;
391*4882a593Smuzhiyun }
392*4882a593Smuzhiyun
unpack_str(struct aa_ext * e,const char ** string,const char * name)393*4882a593Smuzhiyun static int unpack_str(struct aa_ext *e, const char **string, const char *name)
394*4882a593Smuzhiyun {
395*4882a593Smuzhiyun char *src_str;
396*4882a593Smuzhiyun size_t size = 0;
397*4882a593Smuzhiyun void *pos = e->pos;
398*4882a593Smuzhiyun *string = NULL;
399*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRING, name)) {
400*4882a593Smuzhiyun size = unpack_u16_chunk(e, &src_str);
401*4882a593Smuzhiyun if (size) {
402*4882a593Smuzhiyun /* strings are null terminated, length is size - 1 */
403*4882a593Smuzhiyun if (src_str[size - 1] != 0)
404*4882a593Smuzhiyun goto fail;
405*4882a593Smuzhiyun *string = src_str;
406*4882a593Smuzhiyun
407*4882a593Smuzhiyun return size;
408*4882a593Smuzhiyun }
409*4882a593Smuzhiyun }
410*4882a593Smuzhiyun
411*4882a593Smuzhiyun fail:
412*4882a593Smuzhiyun e->pos = pos;
413*4882a593Smuzhiyun return 0;
414*4882a593Smuzhiyun }
415*4882a593Smuzhiyun
unpack_strdup(struct aa_ext * e,char ** string,const char * name)416*4882a593Smuzhiyun static int unpack_strdup(struct aa_ext *e, char **string, const char *name)
417*4882a593Smuzhiyun {
418*4882a593Smuzhiyun const char *tmp;
419*4882a593Smuzhiyun void *pos = e->pos;
420*4882a593Smuzhiyun int res = unpack_str(e, &tmp, name);
421*4882a593Smuzhiyun *string = NULL;
422*4882a593Smuzhiyun
423*4882a593Smuzhiyun if (!res)
424*4882a593Smuzhiyun return 0;
425*4882a593Smuzhiyun
426*4882a593Smuzhiyun *string = kmemdup(tmp, res, GFP_KERNEL);
427*4882a593Smuzhiyun if (!*string) {
428*4882a593Smuzhiyun e->pos = pos;
429*4882a593Smuzhiyun return 0;
430*4882a593Smuzhiyun }
431*4882a593Smuzhiyun
432*4882a593Smuzhiyun return res;
433*4882a593Smuzhiyun }
434*4882a593Smuzhiyun
435*4882a593Smuzhiyun
436*4882a593Smuzhiyun /**
437*4882a593Smuzhiyun * unpack_dfa - unpack a file rule dfa
438*4882a593Smuzhiyun * @e: serialized data extent information (NOT NULL)
439*4882a593Smuzhiyun *
440*4882a593Smuzhiyun * returns dfa or ERR_PTR or NULL if no dfa
441*4882a593Smuzhiyun */
unpack_dfa(struct aa_ext * e)442*4882a593Smuzhiyun static struct aa_dfa *unpack_dfa(struct aa_ext *e)
443*4882a593Smuzhiyun {
444*4882a593Smuzhiyun char *blob = NULL;
445*4882a593Smuzhiyun size_t size;
446*4882a593Smuzhiyun struct aa_dfa *dfa = NULL;
447*4882a593Smuzhiyun
448*4882a593Smuzhiyun size = unpack_blob(e, &blob, "aadfa");
449*4882a593Smuzhiyun if (size) {
450*4882a593Smuzhiyun /*
451*4882a593Smuzhiyun * The dfa is aligned with in the blob to 8 bytes
452*4882a593Smuzhiyun * from the beginning of the stream.
453*4882a593Smuzhiyun * alignment adjust needed by dfa unpack
454*4882a593Smuzhiyun */
455*4882a593Smuzhiyun size_t sz = blob - (char *) e->start -
456*4882a593Smuzhiyun ((e->pos - e->start) & 7);
457*4882a593Smuzhiyun size_t pad = ALIGN(sz, 8) - sz;
458*4882a593Smuzhiyun int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
459*4882a593Smuzhiyun TO_ACCEPT2_FLAG(YYTD_DATA32) | DFA_FLAG_VERIFY_STATES;
460*4882a593Smuzhiyun dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
461*4882a593Smuzhiyun
462*4882a593Smuzhiyun if (IS_ERR(dfa))
463*4882a593Smuzhiyun return dfa;
464*4882a593Smuzhiyun
465*4882a593Smuzhiyun }
466*4882a593Smuzhiyun
467*4882a593Smuzhiyun return dfa;
468*4882a593Smuzhiyun }
469*4882a593Smuzhiyun
470*4882a593Smuzhiyun /**
471*4882a593Smuzhiyun * unpack_trans_table - unpack a profile transition table
472*4882a593Smuzhiyun * @e: serialized data extent information (NOT NULL)
473*4882a593Smuzhiyun * @profile: profile to add the accept table to (NOT NULL)
474*4882a593Smuzhiyun *
475*4882a593Smuzhiyun * Returns: true if table successfully unpacked
476*4882a593Smuzhiyun */
unpack_trans_table(struct aa_ext * e,struct aa_profile * profile)477*4882a593Smuzhiyun static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
478*4882a593Smuzhiyun {
479*4882a593Smuzhiyun void *saved_pos = e->pos;
480*4882a593Smuzhiyun
481*4882a593Smuzhiyun /* exec table is optional */
482*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "xtable")) {
483*4882a593Smuzhiyun int i, size;
484*4882a593Smuzhiyun
485*4882a593Smuzhiyun size = unpack_array(e, NULL);
486*4882a593Smuzhiyun /* currently 4 exec bits and entries 0-3 are reserved iupcx */
487*4882a593Smuzhiyun if (size > 16 - 4)
488*4882a593Smuzhiyun goto fail;
489*4882a593Smuzhiyun profile->file.trans.table = kcalloc(size, sizeof(char *),
490*4882a593Smuzhiyun GFP_KERNEL);
491*4882a593Smuzhiyun if (!profile->file.trans.table)
492*4882a593Smuzhiyun goto fail;
493*4882a593Smuzhiyun
494*4882a593Smuzhiyun profile->file.trans.size = size;
495*4882a593Smuzhiyun for (i = 0; i < size; i++) {
496*4882a593Smuzhiyun char *str;
497*4882a593Smuzhiyun int c, j, pos, size2 = unpack_strdup(e, &str, NULL);
498*4882a593Smuzhiyun /* unpack_strdup verifies that the last character is
499*4882a593Smuzhiyun * null termination byte.
500*4882a593Smuzhiyun */
501*4882a593Smuzhiyun if (!size2)
502*4882a593Smuzhiyun goto fail;
503*4882a593Smuzhiyun profile->file.trans.table[i] = str;
504*4882a593Smuzhiyun /* verify that name doesn't start with space */
505*4882a593Smuzhiyun if (isspace(*str))
506*4882a593Smuzhiyun goto fail;
507*4882a593Smuzhiyun
508*4882a593Smuzhiyun /* count internal # of internal \0 */
509*4882a593Smuzhiyun for (c = j = 0; j < size2 - 1; j++) {
510*4882a593Smuzhiyun if (!str[j]) {
511*4882a593Smuzhiyun pos = j;
512*4882a593Smuzhiyun c++;
513*4882a593Smuzhiyun }
514*4882a593Smuzhiyun }
515*4882a593Smuzhiyun if (*str == ':') {
516*4882a593Smuzhiyun /* first character after : must be valid */
517*4882a593Smuzhiyun if (!str[1])
518*4882a593Smuzhiyun goto fail;
519*4882a593Smuzhiyun /* beginning with : requires an embedded \0,
520*4882a593Smuzhiyun * verify that exactly 1 internal \0 exists
521*4882a593Smuzhiyun * trailing \0 already verified by unpack_strdup
522*4882a593Smuzhiyun *
523*4882a593Smuzhiyun * convert \0 back to : for label_parse
524*4882a593Smuzhiyun */
525*4882a593Smuzhiyun if (c == 1)
526*4882a593Smuzhiyun str[pos] = ':';
527*4882a593Smuzhiyun else if (c > 1)
528*4882a593Smuzhiyun goto fail;
529*4882a593Smuzhiyun } else if (c)
530*4882a593Smuzhiyun /* fail - all other cases with embedded \0 */
531*4882a593Smuzhiyun goto fail;
532*4882a593Smuzhiyun }
533*4882a593Smuzhiyun if (!unpack_nameX(e, AA_ARRAYEND, NULL))
534*4882a593Smuzhiyun goto fail;
535*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
536*4882a593Smuzhiyun goto fail;
537*4882a593Smuzhiyun }
538*4882a593Smuzhiyun return true;
539*4882a593Smuzhiyun
540*4882a593Smuzhiyun fail:
541*4882a593Smuzhiyun aa_free_domain_entries(&profile->file.trans);
542*4882a593Smuzhiyun e->pos = saved_pos;
543*4882a593Smuzhiyun return false;
544*4882a593Smuzhiyun }
545*4882a593Smuzhiyun
unpack_xattrs(struct aa_ext * e,struct aa_profile * profile)546*4882a593Smuzhiyun static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile)
547*4882a593Smuzhiyun {
548*4882a593Smuzhiyun void *pos = e->pos;
549*4882a593Smuzhiyun
550*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "xattrs")) {
551*4882a593Smuzhiyun int i, size;
552*4882a593Smuzhiyun
553*4882a593Smuzhiyun size = unpack_array(e, NULL);
554*4882a593Smuzhiyun profile->xattr_count = size;
555*4882a593Smuzhiyun profile->xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL);
556*4882a593Smuzhiyun if (!profile->xattrs)
557*4882a593Smuzhiyun goto fail;
558*4882a593Smuzhiyun for (i = 0; i < size; i++) {
559*4882a593Smuzhiyun if (!unpack_strdup(e, &profile->xattrs[i], NULL))
560*4882a593Smuzhiyun goto fail;
561*4882a593Smuzhiyun }
562*4882a593Smuzhiyun if (!unpack_nameX(e, AA_ARRAYEND, NULL))
563*4882a593Smuzhiyun goto fail;
564*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
565*4882a593Smuzhiyun goto fail;
566*4882a593Smuzhiyun }
567*4882a593Smuzhiyun
568*4882a593Smuzhiyun return true;
569*4882a593Smuzhiyun
570*4882a593Smuzhiyun fail:
571*4882a593Smuzhiyun e->pos = pos;
572*4882a593Smuzhiyun return false;
573*4882a593Smuzhiyun }
574*4882a593Smuzhiyun
unpack_secmark(struct aa_ext * e,struct aa_profile * profile)575*4882a593Smuzhiyun static bool unpack_secmark(struct aa_ext *e, struct aa_profile *profile)
576*4882a593Smuzhiyun {
577*4882a593Smuzhiyun void *pos = e->pos;
578*4882a593Smuzhiyun int i, size;
579*4882a593Smuzhiyun
580*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "secmark")) {
581*4882a593Smuzhiyun size = unpack_array(e, NULL);
582*4882a593Smuzhiyun
583*4882a593Smuzhiyun profile->secmark = kcalloc(size, sizeof(struct aa_secmark),
584*4882a593Smuzhiyun GFP_KERNEL);
585*4882a593Smuzhiyun if (!profile->secmark)
586*4882a593Smuzhiyun goto fail;
587*4882a593Smuzhiyun
588*4882a593Smuzhiyun profile->secmark_count = size;
589*4882a593Smuzhiyun
590*4882a593Smuzhiyun for (i = 0; i < size; i++) {
591*4882a593Smuzhiyun if (!unpack_u8(e, &profile->secmark[i].audit, NULL))
592*4882a593Smuzhiyun goto fail;
593*4882a593Smuzhiyun if (!unpack_u8(e, &profile->secmark[i].deny, NULL))
594*4882a593Smuzhiyun goto fail;
595*4882a593Smuzhiyun if (!unpack_strdup(e, &profile->secmark[i].label, NULL))
596*4882a593Smuzhiyun goto fail;
597*4882a593Smuzhiyun }
598*4882a593Smuzhiyun if (!unpack_nameX(e, AA_ARRAYEND, NULL))
599*4882a593Smuzhiyun goto fail;
600*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
601*4882a593Smuzhiyun goto fail;
602*4882a593Smuzhiyun }
603*4882a593Smuzhiyun
604*4882a593Smuzhiyun return true;
605*4882a593Smuzhiyun
606*4882a593Smuzhiyun fail:
607*4882a593Smuzhiyun if (profile->secmark) {
608*4882a593Smuzhiyun for (i = 0; i < size; i++)
609*4882a593Smuzhiyun kfree(profile->secmark[i].label);
610*4882a593Smuzhiyun kfree(profile->secmark);
611*4882a593Smuzhiyun profile->secmark_count = 0;
612*4882a593Smuzhiyun profile->secmark = NULL;
613*4882a593Smuzhiyun }
614*4882a593Smuzhiyun
615*4882a593Smuzhiyun e->pos = pos;
616*4882a593Smuzhiyun return false;
617*4882a593Smuzhiyun }
618*4882a593Smuzhiyun
unpack_rlimits(struct aa_ext * e,struct aa_profile * profile)619*4882a593Smuzhiyun static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile)
620*4882a593Smuzhiyun {
621*4882a593Smuzhiyun void *pos = e->pos;
622*4882a593Smuzhiyun
623*4882a593Smuzhiyun /* rlimits are optional */
624*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "rlimits")) {
625*4882a593Smuzhiyun int i, size;
626*4882a593Smuzhiyun u32 tmp = 0;
627*4882a593Smuzhiyun if (!unpack_u32(e, &tmp, NULL))
628*4882a593Smuzhiyun goto fail;
629*4882a593Smuzhiyun profile->rlimits.mask = tmp;
630*4882a593Smuzhiyun
631*4882a593Smuzhiyun size = unpack_array(e, NULL);
632*4882a593Smuzhiyun if (size > RLIM_NLIMITS)
633*4882a593Smuzhiyun goto fail;
634*4882a593Smuzhiyun for (i = 0; i < size; i++) {
635*4882a593Smuzhiyun u64 tmp2 = 0;
636*4882a593Smuzhiyun int a = aa_map_resource(i);
637*4882a593Smuzhiyun if (!unpack_u64(e, &tmp2, NULL))
638*4882a593Smuzhiyun goto fail;
639*4882a593Smuzhiyun profile->rlimits.limits[a].rlim_max = tmp2;
640*4882a593Smuzhiyun }
641*4882a593Smuzhiyun if (!unpack_nameX(e, AA_ARRAYEND, NULL))
642*4882a593Smuzhiyun goto fail;
643*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
644*4882a593Smuzhiyun goto fail;
645*4882a593Smuzhiyun }
646*4882a593Smuzhiyun return true;
647*4882a593Smuzhiyun
648*4882a593Smuzhiyun fail:
649*4882a593Smuzhiyun e->pos = pos;
650*4882a593Smuzhiyun return false;
651*4882a593Smuzhiyun }
652*4882a593Smuzhiyun
strhash(const void * data,u32 len,u32 seed)653*4882a593Smuzhiyun static u32 strhash(const void *data, u32 len, u32 seed)
654*4882a593Smuzhiyun {
655*4882a593Smuzhiyun const char * const *key = data;
656*4882a593Smuzhiyun
657*4882a593Smuzhiyun return jhash(*key, strlen(*key), seed);
658*4882a593Smuzhiyun }
659*4882a593Smuzhiyun
datacmp(struct rhashtable_compare_arg * arg,const void * obj)660*4882a593Smuzhiyun static int datacmp(struct rhashtable_compare_arg *arg, const void *obj)
661*4882a593Smuzhiyun {
662*4882a593Smuzhiyun const struct aa_data *data = obj;
663*4882a593Smuzhiyun const char * const *key = arg->key;
664*4882a593Smuzhiyun
665*4882a593Smuzhiyun return strcmp(data->key, *key);
666*4882a593Smuzhiyun }
667*4882a593Smuzhiyun
668*4882a593Smuzhiyun /**
669*4882a593Smuzhiyun * unpack_profile - unpack a serialized profile
670*4882a593Smuzhiyun * @e: serialized data extent information (NOT NULL)
671*4882a593Smuzhiyun *
672*4882a593Smuzhiyun * NOTE: unpack profile sets audit struct if there is a failure
673*4882a593Smuzhiyun */
unpack_profile(struct aa_ext * e,char ** ns_name)674*4882a593Smuzhiyun static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
675*4882a593Smuzhiyun {
676*4882a593Smuzhiyun struct aa_profile *profile = NULL;
677*4882a593Smuzhiyun const char *tmpname, *tmpns = NULL, *name = NULL;
678*4882a593Smuzhiyun const char *info = "failed to unpack profile";
679*4882a593Smuzhiyun size_t ns_len;
680*4882a593Smuzhiyun struct rhashtable_params params = { 0 };
681*4882a593Smuzhiyun char *key = NULL;
682*4882a593Smuzhiyun struct aa_data *data;
683*4882a593Smuzhiyun int i, error = -EPROTO;
684*4882a593Smuzhiyun kernel_cap_t tmpcap;
685*4882a593Smuzhiyun u32 tmp;
686*4882a593Smuzhiyun
687*4882a593Smuzhiyun *ns_name = NULL;
688*4882a593Smuzhiyun
689*4882a593Smuzhiyun /* check that we have the right struct being passed */
690*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCT, "profile"))
691*4882a593Smuzhiyun goto fail;
692*4882a593Smuzhiyun if (!unpack_str(e, &name, NULL))
693*4882a593Smuzhiyun goto fail;
694*4882a593Smuzhiyun if (*name == '\0')
695*4882a593Smuzhiyun goto fail;
696*4882a593Smuzhiyun
697*4882a593Smuzhiyun tmpname = aa_splitn_fqname(name, strlen(name), &tmpns, &ns_len);
698*4882a593Smuzhiyun if (tmpns) {
699*4882a593Smuzhiyun *ns_name = kstrndup(tmpns, ns_len, GFP_KERNEL);
700*4882a593Smuzhiyun if (!*ns_name) {
701*4882a593Smuzhiyun info = "out of memory";
702*4882a593Smuzhiyun goto fail;
703*4882a593Smuzhiyun }
704*4882a593Smuzhiyun name = tmpname;
705*4882a593Smuzhiyun }
706*4882a593Smuzhiyun
707*4882a593Smuzhiyun profile = aa_alloc_profile(name, NULL, GFP_KERNEL);
708*4882a593Smuzhiyun if (!profile)
709*4882a593Smuzhiyun return ERR_PTR(-ENOMEM);
710*4882a593Smuzhiyun
711*4882a593Smuzhiyun /* profile renaming is optional */
712*4882a593Smuzhiyun (void) unpack_str(e, &profile->rename, "rename");
713*4882a593Smuzhiyun
714*4882a593Smuzhiyun /* attachment string is optional */
715*4882a593Smuzhiyun (void) unpack_str(e, &profile->attach, "attach");
716*4882a593Smuzhiyun
717*4882a593Smuzhiyun /* xmatch is optional and may be NULL */
718*4882a593Smuzhiyun profile->xmatch = unpack_dfa(e);
719*4882a593Smuzhiyun if (IS_ERR(profile->xmatch)) {
720*4882a593Smuzhiyun error = PTR_ERR(profile->xmatch);
721*4882a593Smuzhiyun profile->xmatch = NULL;
722*4882a593Smuzhiyun info = "bad xmatch";
723*4882a593Smuzhiyun goto fail;
724*4882a593Smuzhiyun }
725*4882a593Smuzhiyun /* xmatch_len is not optional if xmatch is set */
726*4882a593Smuzhiyun if (profile->xmatch) {
727*4882a593Smuzhiyun if (!unpack_u32(e, &tmp, NULL)) {
728*4882a593Smuzhiyun info = "missing xmatch len";
729*4882a593Smuzhiyun goto fail;
730*4882a593Smuzhiyun }
731*4882a593Smuzhiyun profile->xmatch_len = tmp;
732*4882a593Smuzhiyun }
733*4882a593Smuzhiyun
734*4882a593Smuzhiyun /* disconnected attachment string is optional */
735*4882a593Smuzhiyun (void) unpack_str(e, &profile->disconnected, "disconnected");
736*4882a593Smuzhiyun
737*4882a593Smuzhiyun /* per profile debug flags (complain, audit) */
738*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCT, "flags")) {
739*4882a593Smuzhiyun info = "profile missing flags";
740*4882a593Smuzhiyun goto fail;
741*4882a593Smuzhiyun }
742*4882a593Smuzhiyun info = "failed to unpack profile flags";
743*4882a593Smuzhiyun if (!unpack_u32(e, &tmp, NULL))
744*4882a593Smuzhiyun goto fail;
745*4882a593Smuzhiyun if (tmp & PACKED_FLAG_HAT)
746*4882a593Smuzhiyun profile->label.flags |= FLAG_HAT;
747*4882a593Smuzhiyun if (!unpack_u32(e, &tmp, NULL))
748*4882a593Smuzhiyun goto fail;
749*4882a593Smuzhiyun if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) {
750*4882a593Smuzhiyun profile->mode = APPARMOR_COMPLAIN;
751*4882a593Smuzhiyun } else if (tmp == PACKED_MODE_ENFORCE) {
752*4882a593Smuzhiyun profile->mode = APPARMOR_ENFORCE;
753*4882a593Smuzhiyun } else if (tmp == PACKED_MODE_KILL) {
754*4882a593Smuzhiyun profile->mode = APPARMOR_KILL;
755*4882a593Smuzhiyun } else if (tmp == PACKED_MODE_UNCONFINED) {
756*4882a593Smuzhiyun profile->mode = APPARMOR_UNCONFINED;
757*4882a593Smuzhiyun profile->label.flags |= FLAG_UNCONFINED;
758*4882a593Smuzhiyun } else {
759*4882a593Smuzhiyun goto fail;
760*4882a593Smuzhiyun }
761*4882a593Smuzhiyun if (!unpack_u32(e, &tmp, NULL))
762*4882a593Smuzhiyun goto fail;
763*4882a593Smuzhiyun if (tmp)
764*4882a593Smuzhiyun profile->audit = AUDIT_ALL;
765*4882a593Smuzhiyun
766*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
767*4882a593Smuzhiyun goto fail;
768*4882a593Smuzhiyun
769*4882a593Smuzhiyun /* path_flags is optional */
770*4882a593Smuzhiyun if (unpack_u32(e, &profile->path_flags, "path_flags"))
771*4882a593Smuzhiyun profile->path_flags |= profile->label.flags &
772*4882a593Smuzhiyun PATH_MEDIATE_DELETED;
773*4882a593Smuzhiyun else
774*4882a593Smuzhiyun /* set a default value if path_flags field is not present */
775*4882a593Smuzhiyun profile->path_flags = PATH_MEDIATE_DELETED;
776*4882a593Smuzhiyun
777*4882a593Smuzhiyun info = "failed to unpack profile capabilities";
778*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
779*4882a593Smuzhiyun goto fail;
780*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL))
781*4882a593Smuzhiyun goto fail;
782*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL))
783*4882a593Smuzhiyun goto fail;
784*4882a593Smuzhiyun if (!unpack_u32(e, &tmpcap.cap[0], NULL))
785*4882a593Smuzhiyun goto fail;
786*4882a593Smuzhiyun
787*4882a593Smuzhiyun info = "failed to unpack upper profile capabilities";
788*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "caps64")) {
789*4882a593Smuzhiyun /* optional upper half of 64 bit caps */
790*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL))
791*4882a593Smuzhiyun goto fail;
792*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL))
793*4882a593Smuzhiyun goto fail;
794*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL))
795*4882a593Smuzhiyun goto fail;
796*4882a593Smuzhiyun if (!unpack_u32(e, &(tmpcap.cap[1]), NULL))
797*4882a593Smuzhiyun goto fail;
798*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
799*4882a593Smuzhiyun goto fail;
800*4882a593Smuzhiyun }
801*4882a593Smuzhiyun
802*4882a593Smuzhiyun info = "failed to unpack extended profile capabilities";
803*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "capsx")) {
804*4882a593Smuzhiyun /* optional extended caps mediation mask */
805*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL))
806*4882a593Smuzhiyun goto fail;
807*4882a593Smuzhiyun if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL))
808*4882a593Smuzhiyun goto fail;
809*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
810*4882a593Smuzhiyun goto fail;
811*4882a593Smuzhiyun }
812*4882a593Smuzhiyun
813*4882a593Smuzhiyun if (!unpack_xattrs(e, profile)) {
814*4882a593Smuzhiyun info = "failed to unpack profile xattrs";
815*4882a593Smuzhiyun goto fail;
816*4882a593Smuzhiyun }
817*4882a593Smuzhiyun
818*4882a593Smuzhiyun if (!unpack_rlimits(e, profile)) {
819*4882a593Smuzhiyun info = "failed to unpack profile rlimits";
820*4882a593Smuzhiyun goto fail;
821*4882a593Smuzhiyun }
822*4882a593Smuzhiyun
823*4882a593Smuzhiyun if (!unpack_secmark(e, profile)) {
824*4882a593Smuzhiyun info = "failed to unpack profile secmark rules";
825*4882a593Smuzhiyun goto fail;
826*4882a593Smuzhiyun }
827*4882a593Smuzhiyun
828*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "policydb")) {
829*4882a593Smuzhiyun /* generic policy dfa - optional and may be NULL */
830*4882a593Smuzhiyun info = "failed to unpack policydb";
831*4882a593Smuzhiyun profile->policy.dfa = unpack_dfa(e);
832*4882a593Smuzhiyun if (IS_ERR(profile->policy.dfa)) {
833*4882a593Smuzhiyun error = PTR_ERR(profile->policy.dfa);
834*4882a593Smuzhiyun profile->policy.dfa = NULL;
835*4882a593Smuzhiyun goto fail;
836*4882a593Smuzhiyun } else if (!profile->policy.dfa) {
837*4882a593Smuzhiyun error = -EPROTO;
838*4882a593Smuzhiyun goto fail;
839*4882a593Smuzhiyun }
840*4882a593Smuzhiyun if (!unpack_u32(e, &profile->policy.start[0], "start"))
841*4882a593Smuzhiyun /* default start state */
842*4882a593Smuzhiyun profile->policy.start[0] = DFA_START;
843*4882a593Smuzhiyun /* setup class index */
844*4882a593Smuzhiyun for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
845*4882a593Smuzhiyun profile->policy.start[i] =
846*4882a593Smuzhiyun aa_dfa_next(profile->policy.dfa,
847*4882a593Smuzhiyun profile->policy.start[0],
848*4882a593Smuzhiyun i);
849*4882a593Smuzhiyun }
850*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL))
851*4882a593Smuzhiyun goto fail;
852*4882a593Smuzhiyun } else
853*4882a593Smuzhiyun profile->policy.dfa = aa_get_dfa(nulldfa);
854*4882a593Smuzhiyun
855*4882a593Smuzhiyun /* get file rules */
856*4882a593Smuzhiyun profile->file.dfa = unpack_dfa(e);
857*4882a593Smuzhiyun if (IS_ERR(profile->file.dfa)) {
858*4882a593Smuzhiyun error = PTR_ERR(profile->file.dfa);
859*4882a593Smuzhiyun profile->file.dfa = NULL;
860*4882a593Smuzhiyun info = "failed to unpack profile file rules";
861*4882a593Smuzhiyun goto fail;
862*4882a593Smuzhiyun } else if (profile->file.dfa) {
863*4882a593Smuzhiyun if (!unpack_u32(e, &profile->file.start, "dfa_start"))
864*4882a593Smuzhiyun /* default start state */
865*4882a593Smuzhiyun profile->file.start = DFA_START;
866*4882a593Smuzhiyun } else if (profile->policy.dfa &&
867*4882a593Smuzhiyun profile->policy.start[AA_CLASS_FILE]) {
868*4882a593Smuzhiyun profile->file.dfa = aa_get_dfa(profile->policy.dfa);
869*4882a593Smuzhiyun profile->file.start = profile->policy.start[AA_CLASS_FILE];
870*4882a593Smuzhiyun } else
871*4882a593Smuzhiyun profile->file.dfa = aa_get_dfa(nulldfa);
872*4882a593Smuzhiyun
873*4882a593Smuzhiyun if (!unpack_trans_table(e, profile)) {
874*4882a593Smuzhiyun info = "failed to unpack profile transition table";
875*4882a593Smuzhiyun goto fail;
876*4882a593Smuzhiyun }
877*4882a593Smuzhiyun
878*4882a593Smuzhiyun if (unpack_nameX(e, AA_STRUCT, "data")) {
879*4882a593Smuzhiyun info = "out of memory";
880*4882a593Smuzhiyun profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL);
881*4882a593Smuzhiyun if (!profile->data)
882*4882a593Smuzhiyun goto fail;
883*4882a593Smuzhiyun
884*4882a593Smuzhiyun params.nelem_hint = 3;
885*4882a593Smuzhiyun params.key_len = sizeof(void *);
886*4882a593Smuzhiyun params.key_offset = offsetof(struct aa_data, key);
887*4882a593Smuzhiyun params.head_offset = offsetof(struct aa_data, head);
888*4882a593Smuzhiyun params.hashfn = strhash;
889*4882a593Smuzhiyun params.obj_cmpfn = datacmp;
890*4882a593Smuzhiyun
891*4882a593Smuzhiyun if (rhashtable_init(profile->data, ¶ms)) {
892*4882a593Smuzhiyun info = "failed to init key, value hash table";
893*4882a593Smuzhiyun goto fail;
894*4882a593Smuzhiyun }
895*4882a593Smuzhiyun
896*4882a593Smuzhiyun while (unpack_strdup(e, &key, NULL)) {
897*4882a593Smuzhiyun data = kzalloc(sizeof(*data), GFP_KERNEL);
898*4882a593Smuzhiyun if (!data) {
899*4882a593Smuzhiyun kfree_sensitive(key);
900*4882a593Smuzhiyun goto fail;
901*4882a593Smuzhiyun }
902*4882a593Smuzhiyun
903*4882a593Smuzhiyun data->key = key;
904*4882a593Smuzhiyun data->size = unpack_blob(e, &data->data, NULL);
905*4882a593Smuzhiyun data->data = kvmemdup(data->data, data->size);
906*4882a593Smuzhiyun if (data->size && !data->data) {
907*4882a593Smuzhiyun kfree_sensitive(data->key);
908*4882a593Smuzhiyun kfree_sensitive(data);
909*4882a593Smuzhiyun goto fail;
910*4882a593Smuzhiyun }
911*4882a593Smuzhiyun
912*4882a593Smuzhiyun rhashtable_insert_fast(profile->data, &data->head,
913*4882a593Smuzhiyun profile->data->p);
914*4882a593Smuzhiyun }
915*4882a593Smuzhiyun
916*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL)) {
917*4882a593Smuzhiyun info = "failed to unpack end of key, value data table";
918*4882a593Smuzhiyun goto fail;
919*4882a593Smuzhiyun }
920*4882a593Smuzhiyun }
921*4882a593Smuzhiyun
922*4882a593Smuzhiyun if (!unpack_nameX(e, AA_STRUCTEND, NULL)) {
923*4882a593Smuzhiyun info = "failed to unpack end of profile";
924*4882a593Smuzhiyun goto fail;
925*4882a593Smuzhiyun }
926*4882a593Smuzhiyun
927*4882a593Smuzhiyun return profile;
928*4882a593Smuzhiyun
929*4882a593Smuzhiyun fail:
930*4882a593Smuzhiyun if (profile)
931*4882a593Smuzhiyun name = NULL;
932*4882a593Smuzhiyun else if (!name)
933*4882a593Smuzhiyun name = "unknown";
934*4882a593Smuzhiyun audit_iface(profile, NULL, name, info, e, error);
935*4882a593Smuzhiyun aa_free_profile(profile);
936*4882a593Smuzhiyun
937*4882a593Smuzhiyun return ERR_PTR(error);
938*4882a593Smuzhiyun }
939*4882a593Smuzhiyun
940*4882a593Smuzhiyun /**
941*4882a593Smuzhiyun * verify_head - unpack serialized stream header
942*4882a593Smuzhiyun * @e: serialized data read head (NOT NULL)
943*4882a593Smuzhiyun * @required: whether the header is required or optional
944*4882a593Smuzhiyun * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
945*4882a593Smuzhiyun *
946*4882a593Smuzhiyun * Returns: error or 0 if header is good
947*4882a593Smuzhiyun */
verify_header(struct aa_ext * e,int required,const char ** ns)948*4882a593Smuzhiyun static int verify_header(struct aa_ext *e, int required, const char **ns)
949*4882a593Smuzhiyun {
950*4882a593Smuzhiyun int error = -EPROTONOSUPPORT;
951*4882a593Smuzhiyun const char *name = NULL;
952*4882a593Smuzhiyun *ns = NULL;
953*4882a593Smuzhiyun
954*4882a593Smuzhiyun /* get the interface version */
955*4882a593Smuzhiyun if (!unpack_u32(e, &e->version, "version")) {
956*4882a593Smuzhiyun if (required) {
957*4882a593Smuzhiyun audit_iface(NULL, NULL, NULL, "invalid profile format",
958*4882a593Smuzhiyun e, error);
959*4882a593Smuzhiyun return error;
960*4882a593Smuzhiyun }
961*4882a593Smuzhiyun }
962*4882a593Smuzhiyun
963*4882a593Smuzhiyun /* Check that the interface version is currently supported.
964*4882a593Smuzhiyun * if not specified use previous version
965*4882a593Smuzhiyun * Mask off everything that is not kernel abi version
966*4882a593Smuzhiyun */
967*4882a593Smuzhiyun if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) {
968*4882a593Smuzhiyun audit_iface(NULL, NULL, NULL, "unsupported interface version",
969*4882a593Smuzhiyun e, error);
970*4882a593Smuzhiyun return error;
971*4882a593Smuzhiyun }
972*4882a593Smuzhiyun
973*4882a593Smuzhiyun /* read the namespace if present */
974*4882a593Smuzhiyun if (unpack_str(e, &name, "namespace")) {
975*4882a593Smuzhiyun if (*name == '\0') {
976*4882a593Smuzhiyun audit_iface(NULL, NULL, NULL, "invalid namespace name",
977*4882a593Smuzhiyun e, error);
978*4882a593Smuzhiyun return error;
979*4882a593Smuzhiyun }
980*4882a593Smuzhiyun if (*ns && strcmp(*ns, name)) {
981*4882a593Smuzhiyun audit_iface(NULL, NULL, NULL, "invalid ns change", e,
982*4882a593Smuzhiyun error);
983*4882a593Smuzhiyun } else if (!*ns) {
984*4882a593Smuzhiyun *ns = kstrdup(name, GFP_KERNEL);
985*4882a593Smuzhiyun if (!*ns)
986*4882a593Smuzhiyun return -ENOMEM;
987*4882a593Smuzhiyun }
988*4882a593Smuzhiyun }
989*4882a593Smuzhiyun
990*4882a593Smuzhiyun return 0;
991*4882a593Smuzhiyun }
992*4882a593Smuzhiyun
verify_xindex(int xindex,int table_size)993*4882a593Smuzhiyun static bool verify_xindex(int xindex, int table_size)
994*4882a593Smuzhiyun {
995*4882a593Smuzhiyun int index, xtype;
996*4882a593Smuzhiyun xtype = xindex & AA_X_TYPE_MASK;
997*4882a593Smuzhiyun index = xindex & AA_X_INDEX_MASK;
998*4882a593Smuzhiyun if (xtype == AA_X_TABLE && index >= table_size)
999*4882a593Smuzhiyun return false;
1000*4882a593Smuzhiyun return true;
1001*4882a593Smuzhiyun }
1002*4882a593Smuzhiyun
1003*4882a593Smuzhiyun /* verify dfa xindexes are in range of transition tables */
verify_dfa_xindex(struct aa_dfa * dfa,int table_size)1004*4882a593Smuzhiyun static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size)
1005*4882a593Smuzhiyun {
1006*4882a593Smuzhiyun int i;
1007*4882a593Smuzhiyun for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
1008*4882a593Smuzhiyun if (!verify_xindex(dfa_user_xindex(dfa, i), table_size))
1009*4882a593Smuzhiyun return false;
1010*4882a593Smuzhiyun if (!verify_xindex(dfa_other_xindex(dfa, i), table_size))
1011*4882a593Smuzhiyun return false;
1012*4882a593Smuzhiyun }
1013*4882a593Smuzhiyun return true;
1014*4882a593Smuzhiyun }
1015*4882a593Smuzhiyun
1016*4882a593Smuzhiyun /**
1017*4882a593Smuzhiyun * verify_profile - Do post unpack analysis to verify profile consistency
1018*4882a593Smuzhiyun * @profile: profile to verify (NOT NULL)
1019*4882a593Smuzhiyun *
1020*4882a593Smuzhiyun * Returns: 0 if passes verification else error
1021*4882a593Smuzhiyun */
verify_profile(struct aa_profile * profile)1022*4882a593Smuzhiyun static int verify_profile(struct aa_profile *profile)
1023*4882a593Smuzhiyun {
1024*4882a593Smuzhiyun if (profile->file.dfa &&
1025*4882a593Smuzhiyun !verify_dfa_xindex(profile->file.dfa,
1026*4882a593Smuzhiyun profile->file.trans.size)) {
1027*4882a593Smuzhiyun audit_iface(profile, NULL, NULL, "Invalid named transition",
1028*4882a593Smuzhiyun NULL, -EPROTO);
1029*4882a593Smuzhiyun return -EPROTO;
1030*4882a593Smuzhiyun }
1031*4882a593Smuzhiyun
1032*4882a593Smuzhiyun return 0;
1033*4882a593Smuzhiyun }
1034*4882a593Smuzhiyun
aa_load_ent_free(struct aa_load_ent * ent)1035*4882a593Smuzhiyun void aa_load_ent_free(struct aa_load_ent *ent)
1036*4882a593Smuzhiyun {
1037*4882a593Smuzhiyun if (ent) {
1038*4882a593Smuzhiyun aa_put_profile(ent->rename);
1039*4882a593Smuzhiyun aa_put_profile(ent->old);
1040*4882a593Smuzhiyun aa_put_profile(ent->new);
1041*4882a593Smuzhiyun kfree(ent->ns_name);
1042*4882a593Smuzhiyun kfree_sensitive(ent);
1043*4882a593Smuzhiyun }
1044*4882a593Smuzhiyun }
1045*4882a593Smuzhiyun
aa_load_ent_alloc(void)1046*4882a593Smuzhiyun struct aa_load_ent *aa_load_ent_alloc(void)
1047*4882a593Smuzhiyun {
1048*4882a593Smuzhiyun struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL);
1049*4882a593Smuzhiyun if (ent)
1050*4882a593Smuzhiyun INIT_LIST_HEAD(&ent->list);
1051*4882a593Smuzhiyun return ent;
1052*4882a593Smuzhiyun }
1053*4882a593Smuzhiyun
deflate_compress(const char * src,size_t slen,char ** dst,size_t * dlen)1054*4882a593Smuzhiyun static int deflate_compress(const char *src, size_t slen, char **dst,
1055*4882a593Smuzhiyun size_t *dlen)
1056*4882a593Smuzhiyun {
1057*4882a593Smuzhiyun int error;
1058*4882a593Smuzhiyun struct z_stream_s strm;
1059*4882a593Smuzhiyun void *stgbuf, *dstbuf;
1060*4882a593Smuzhiyun size_t stglen = deflateBound(slen);
1061*4882a593Smuzhiyun
1062*4882a593Smuzhiyun memset(&strm, 0, sizeof(strm));
1063*4882a593Smuzhiyun
1064*4882a593Smuzhiyun if (stglen < slen)
1065*4882a593Smuzhiyun return -EFBIG;
1066*4882a593Smuzhiyun
1067*4882a593Smuzhiyun strm.workspace = kvzalloc(zlib_deflate_workspacesize(MAX_WBITS,
1068*4882a593Smuzhiyun MAX_MEM_LEVEL),
1069*4882a593Smuzhiyun GFP_KERNEL);
1070*4882a593Smuzhiyun if (!strm.workspace)
1071*4882a593Smuzhiyun return -ENOMEM;
1072*4882a593Smuzhiyun
1073*4882a593Smuzhiyun error = zlib_deflateInit(&strm, aa_g_rawdata_compression_level);
1074*4882a593Smuzhiyun if (error != Z_OK) {
1075*4882a593Smuzhiyun error = -ENOMEM;
1076*4882a593Smuzhiyun goto fail_deflate_init;
1077*4882a593Smuzhiyun }
1078*4882a593Smuzhiyun
1079*4882a593Smuzhiyun stgbuf = kvzalloc(stglen, GFP_KERNEL);
1080*4882a593Smuzhiyun if (!stgbuf) {
1081*4882a593Smuzhiyun error = -ENOMEM;
1082*4882a593Smuzhiyun goto fail_stg_alloc;
1083*4882a593Smuzhiyun }
1084*4882a593Smuzhiyun
1085*4882a593Smuzhiyun strm.next_in = src;
1086*4882a593Smuzhiyun strm.avail_in = slen;
1087*4882a593Smuzhiyun strm.next_out = stgbuf;
1088*4882a593Smuzhiyun strm.avail_out = stglen;
1089*4882a593Smuzhiyun
1090*4882a593Smuzhiyun error = zlib_deflate(&strm, Z_FINISH);
1091*4882a593Smuzhiyun if (error != Z_STREAM_END) {
1092*4882a593Smuzhiyun error = -EINVAL;
1093*4882a593Smuzhiyun goto fail_deflate;
1094*4882a593Smuzhiyun }
1095*4882a593Smuzhiyun error = 0;
1096*4882a593Smuzhiyun
1097*4882a593Smuzhiyun if (is_vmalloc_addr(stgbuf)) {
1098*4882a593Smuzhiyun dstbuf = kvzalloc(strm.total_out, GFP_KERNEL);
1099*4882a593Smuzhiyun if (dstbuf) {
1100*4882a593Smuzhiyun memcpy(dstbuf, stgbuf, strm.total_out);
1101*4882a593Smuzhiyun kvfree(stgbuf);
1102*4882a593Smuzhiyun }
1103*4882a593Smuzhiyun } else
1104*4882a593Smuzhiyun /*
1105*4882a593Smuzhiyun * If the staging buffer was kmalloc'd, then using krealloc is
1106*4882a593Smuzhiyun * probably going to be faster. The destination buffer will
1107*4882a593Smuzhiyun * always be smaller, so it's just shrunk, avoiding a memcpy
1108*4882a593Smuzhiyun */
1109*4882a593Smuzhiyun dstbuf = krealloc(stgbuf, strm.total_out, GFP_KERNEL);
1110*4882a593Smuzhiyun
1111*4882a593Smuzhiyun if (!dstbuf) {
1112*4882a593Smuzhiyun error = -ENOMEM;
1113*4882a593Smuzhiyun goto fail_deflate;
1114*4882a593Smuzhiyun }
1115*4882a593Smuzhiyun
1116*4882a593Smuzhiyun *dst = dstbuf;
1117*4882a593Smuzhiyun *dlen = strm.total_out;
1118*4882a593Smuzhiyun
1119*4882a593Smuzhiyun fail_stg_alloc:
1120*4882a593Smuzhiyun zlib_deflateEnd(&strm);
1121*4882a593Smuzhiyun fail_deflate_init:
1122*4882a593Smuzhiyun kvfree(strm.workspace);
1123*4882a593Smuzhiyun return error;
1124*4882a593Smuzhiyun
1125*4882a593Smuzhiyun fail_deflate:
1126*4882a593Smuzhiyun kvfree(stgbuf);
1127*4882a593Smuzhiyun goto fail_stg_alloc;
1128*4882a593Smuzhiyun }
1129*4882a593Smuzhiyun
compress_loaddata(struct aa_loaddata * data)1130*4882a593Smuzhiyun static int compress_loaddata(struct aa_loaddata *data)
1131*4882a593Smuzhiyun {
1132*4882a593Smuzhiyun
1133*4882a593Smuzhiyun AA_BUG(data->compressed_size > 0);
1134*4882a593Smuzhiyun
1135*4882a593Smuzhiyun /*
1136*4882a593Smuzhiyun * Shortcut the no compression case, else we increase the amount of
1137*4882a593Smuzhiyun * storage required by a small amount
1138*4882a593Smuzhiyun */
1139*4882a593Smuzhiyun if (aa_g_rawdata_compression_level != 0) {
1140*4882a593Smuzhiyun void *udata = data->data;
1141*4882a593Smuzhiyun int error = deflate_compress(udata, data->size, &data->data,
1142*4882a593Smuzhiyun &data->compressed_size);
1143*4882a593Smuzhiyun if (error)
1144*4882a593Smuzhiyun return error;
1145*4882a593Smuzhiyun
1146*4882a593Smuzhiyun kvfree(udata);
1147*4882a593Smuzhiyun } else
1148*4882a593Smuzhiyun data->compressed_size = data->size;
1149*4882a593Smuzhiyun
1150*4882a593Smuzhiyun return 0;
1151*4882a593Smuzhiyun }
1152*4882a593Smuzhiyun
1153*4882a593Smuzhiyun /**
1154*4882a593Smuzhiyun * aa_unpack - unpack packed binary profile(s) data loaded from user space
1155*4882a593Smuzhiyun * @udata: user data copied to kmem (NOT NULL)
1156*4882a593Smuzhiyun * @lh: list to place unpacked profiles in a aa_repl_ws
1157*4882a593Smuzhiyun * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
1158*4882a593Smuzhiyun *
1159*4882a593Smuzhiyun * Unpack user data and return refcounted allocated profile(s) stored in
1160*4882a593Smuzhiyun * @lh in order of discovery, with the list chain stored in base.list
1161*4882a593Smuzhiyun * or error
1162*4882a593Smuzhiyun *
1163*4882a593Smuzhiyun * Returns: profile(s) on @lh else error pointer if fails to unpack
1164*4882a593Smuzhiyun */
aa_unpack(struct aa_loaddata * udata,struct list_head * lh,const char ** ns)1165*4882a593Smuzhiyun int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
1166*4882a593Smuzhiyun const char **ns)
1167*4882a593Smuzhiyun {
1168*4882a593Smuzhiyun struct aa_load_ent *tmp, *ent;
1169*4882a593Smuzhiyun struct aa_profile *profile = NULL;
1170*4882a593Smuzhiyun int error;
1171*4882a593Smuzhiyun struct aa_ext e = {
1172*4882a593Smuzhiyun .start = udata->data,
1173*4882a593Smuzhiyun .end = udata->data + udata->size,
1174*4882a593Smuzhiyun .pos = udata->data,
1175*4882a593Smuzhiyun };
1176*4882a593Smuzhiyun
1177*4882a593Smuzhiyun *ns = NULL;
1178*4882a593Smuzhiyun while (e.pos < e.end) {
1179*4882a593Smuzhiyun char *ns_name = NULL;
1180*4882a593Smuzhiyun void *start;
1181*4882a593Smuzhiyun error = verify_header(&e, e.pos == e.start, ns);
1182*4882a593Smuzhiyun if (error)
1183*4882a593Smuzhiyun goto fail;
1184*4882a593Smuzhiyun
1185*4882a593Smuzhiyun start = e.pos;
1186*4882a593Smuzhiyun profile = unpack_profile(&e, &ns_name);
1187*4882a593Smuzhiyun if (IS_ERR(profile)) {
1188*4882a593Smuzhiyun error = PTR_ERR(profile);
1189*4882a593Smuzhiyun goto fail;
1190*4882a593Smuzhiyun }
1191*4882a593Smuzhiyun
1192*4882a593Smuzhiyun error = verify_profile(profile);
1193*4882a593Smuzhiyun if (error)
1194*4882a593Smuzhiyun goto fail_profile;
1195*4882a593Smuzhiyun
1196*4882a593Smuzhiyun if (aa_g_hash_policy)
1197*4882a593Smuzhiyun error = aa_calc_profile_hash(profile, e.version, start,
1198*4882a593Smuzhiyun e.pos - start);
1199*4882a593Smuzhiyun if (error)
1200*4882a593Smuzhiyun goto fail_profile;
1201*4882a593Smuzhiyun
1202*4882a593Smuzhiyun ent = aa_load_ent_alloc();
1203*4882a593Smuzhiyun if (!ent) {
1204*4882a593Smuzhiyun error = -ENOMEM;
1205*4882a593Smuzhiyun goto fail_profile;
1206*4882a593Smuzhiyun }
1207*4882a593Smuzhiyun
1208*4882a593Smuzhiyun ent->new = profile;
1209*4882a593Smuzhiyun ent->ns_name = ns_name;
1210*4882a593Smuzhiyun list_add_tail(&ent->list, lh);
1211*4882a593Smuzhiyun }
1212*4882a593Smuzhiyun udata->abi = e.version & K_ABI_MASK;
1213*4882a593Smuzhiyun if (aa_g_hash_policy) {
1214*4882a593Smuzhiyun udata->hash = aa_calc_hash(udata->data, udata->size);
1215*4882a593Smuzhiyun if (IS_ERR(udata->hash)) {
1216*4882a593Smuzhiyun error = PTR_ERR(udata->hash);
1217*4882a593Smuzhiyun udata->hash = NULL;
1218*4882a593Smuzhiyun goto fail;
1219*4882a593Smuzhiyun }
1220*4882a593Smuzhiyun }
1221*4882a593Smuzhiyun error = compress_loaddata(udata);
1222*4882a593Smuzhiyun if (error)
1223*4882a593Smuzhiyun goto fail;
1224*4882a593Smuzhiyun return 0;
1225*4882a593Smuzhiyun
1226*4882a593Smuzhiyun fail_profile:
1227*4882a593Smuzhiyun aa_put_profile(profile);
1228*4882a593Smuzhiyun
1229*4882a593Smuzhiyun fail:
1230*4882a593Smuzhiyun list_for_each_entry_safe(ent, tmp, lh, list) {
1231*4882a593Smuzhiyun list_del_init(&ent->list);
1232*4882a593Smuzhiyun aa_load_ent_free(ent);
1233*4882a593Smuzhiyun }
1234*4882a593Smuzhiyun
1235*4882a593Smuzhiyun return error;
1236*4882a593Smuzhiyun }
1237*4882a593Smuzhiyun
1238*4882a593Smuzhiyun #ifdef CONFIG_SECURITY_APPARMOR_KUNIT_TEST
1239*4882a593Smuzhiyun #include "policy_unpack_test.c"
1240*4882a593Smuzhiyun #endif /* CONFIG_SECURITY_APPARMOR_KUNIT_TEST */
1241