1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * AppArmor security module
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * This file contains AppArmor security identifier (secid) manipulation fns
6*4882a593Smuzhiyun *
7*4882a593Smuzhiyun * Copyright 2009-2017 Canonical Ltd.
8*4882a593Smuzhiyun *
9*4882a593Smuzhiyun * AppArmor allocates a unique secid for every label used. If a label
10*4882a593Smuzhiyun * is replaced it receives the secid of the label it is replacing.
11*4882a593Smuzhiyun */
12*4882a593Smuzhiyun
13*4882a593Smuzhiyun #include <linux/errno.h>
14*4882a593Smuzhiyun #include <linux/err.h>
15*4882a593Smuzhiyun #include <linux/gfp.h>
16*4882a593Smuzhiyun #include <linux/idr.h>
17*4882a593Smuzhiyun #include <linux/slab.h>
18*4882a593Smuzhiyun #include <linux/spinlock.h>
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun #include "include/cred.h"
21*4882a593Smuzhiyun #include "include/lib.h"
22*4882a593Smuzhiyun #include "include/secid.h"
23*4882a593Smuzhiyun #include "include/label.h"
24*4882a593Smuzhiyun #include "include/policy_ns.h"
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun /*
27*4882a593Smuzhiyun * secids - do not pin labels with a refcount. They rely on the label
28*4882a593Smuzhiyun * properly updating/freeing them
29*4882a593Smuzhiyun */
30*4882a593Smuzhiyun #define AA_FIRST_SECID 2
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun static DEFINE_IDR(aa_secids);
33*4882a593Smuzhiyun static DEFINE_SPINLOCK(secid_lock);
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun /*
36*4882a593Smuzhiyun * TODO: allow policy to reserve a secid range?
37*4882a593Smuzhiyun * TODO: add secid pinning
38*4882a593Smuzhiyun * TODO: use secid_update in label replace
39*4882a593Smuzhiyun */
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun /**
42*4882a593Smuzhiyun * aa_secid_update - update a secid mapping to a new label
43*4882a593Smuzhiyun * @secid: secid to update
44*4882a593Smuzhiyun * @label: label the secid will now map to
45*4882a593Smuzhiyun */
aa_secid_update(u32 secid,struct aa_label * label)46*4882a593Smuzhiyun void aa_secid_update(u32 secid, struct aa_label *label)
47*4882a593Smuzhiyun {
48*4882a593Smuzhiyun unsigned long flags;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun spin_lock_irqsave(&secid_lock, flags);
51*4882a593Smuzhiyun idr_replace(&aa_secids, label, secid);
52*4882a593Smuzhiyun spin_unlock_irqrestore(&secid_lock, flags);
53*4882a593Smuzhiyun }
54*4882a593Smuzhiyun
55*4882a593Smuzhiyun /**
56*4882a593Smuzhiyun *
57*4882a593Smuzhiyun * see label for inverse aa_label_to_secid
58*4882a593Smuzhiyun */
aa_secid_to_label(u32 secid)59*4882a593Smuzhiyun struct aa_label *aa_secid_to_label(u32 secid)
60*4882a593Smuzhiyun {
61*4882a593Smuzhiyun struct aa_label *label;
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun rcu_read_lock();
64*4882a593Smuzhiyun label = idr_find(&aa_secids, secid);
65*4882a593Smuzhiyun rcu_read_unlock();
66*4882a593Smuzhiyun
67*4882a593Smuzhiyun return label;
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun
apparmor_secid_to_secctx(u32 secid,char ** secdata,u32 * seclen)70*4882a593Smuzhiyun int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
71*4882a593Smuzhiyun {
72*4882a593Smuzhiyun /* TODO: cache secctx and ref count so we don't have to recreate */
73*4882a593Smuzhiyun struct aa_label *label = aa_secid_to_label(secid);
74*4882a593Smuzhiyun int len;
75*4882a593Smuzhiyun
76*4882a593Smuzhiyun AA_BUG(!seclen);
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun if (!label)
79*4882a593Smuzhiyun return -EINVAL;
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun if (secdata)
82*4882a593Smuzhiyun len = aa_label_asxprint(secdata, root_ns, label,
83*4882a593Smuzhiyun FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
84*4882a593Smuzhiyun FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT,
85*4882a593Smuzhiyun GFP_ATOMIC);
86*4882a593Smuzhiyun else
87*4882a593Smuzhiyun len = aa_label_snxprint(NULL, 0, root_ns, label,
88*4882a593Smuzhiyun FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
89*4882a593Smuzhiyun FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT);
90*4882a593Smuzhiyun if (len < 0)
91*4882a593Smuzhiyun return -ENOMEM;
92*4882a593Smuzhiyun
93*4882a593Smuzhiyun *seclen = len;
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun return 0;
96*4882a593Smuzhiyun }
97*4882a593Smuzhiyun
apparmor_secctx_to_secid(const char * secdata,u32 seclen,u32 * secid)98*4882a593Smuzhiyun int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
99*4882a593Smuzhiyun {
100*4882a593Smuzhiyun struct aa_label *label;
101*4882a593Smuzhiyun
102*4882a593Smuzhiyun label = aa_label_strn_parse(&root_ns->unconfined->label, secdata,
103*4882a593Smuzhiyun seclen, GFP_KERNEL, false, false);
104*4882a593Smuzhiyun if (IS_ERR(label))
105*4882a593Smuzhiyun return PTR_ERR(label);
106*4882a593Smuzhiyun *secid = label->secid;
107*4882a593Smuzhiyun
108*4882a593Smuzhiyun return 0;
109*4882a593Smuzhiyun }
110*4882a593Smuzhiyun
apparmor_release_secctx(char * secdata,u32 seclen)111*4882a593Smuzhiyun void apparmor_release_secctx(char *secdata, u32 seclen)
112*4882a593Smuzhiyun {
113*4882a593Smuzhiyun kfree(secdata);
114*4882a593Smuzhiyun }
115*4882a593Smuzhiyun
116*4882a593Smuzhiyun /**
117*4882a593Smuzhiyun * aa_alloc_secid - allocate a new secid for a profile
118*4882a593Smuzhiyun * @label: the label to allocate a secid for
119*4882a593Smuzhiyun * @gfp: memory allocation flags
120*4882a593Smuzhiyun *
121*4882a593Smuzhiyun * Returns: 0 with @label->secid initialized
122*4882a593Smuzhiyun * <0 returns error with @label->secid set to AA_SECID_INVALID
123*4882a593Smuzhiyun */
aa_alloc_secid(struct aa_label * label,gfp_t gfp)124*4882a593Smuzhiyun int aa_alloc_secid(struct aa_label *label, gfp_t gfp)
125*4882a593Smuzhiyun {
126*4882a593Smuzhiyun unsigned long flags;
127*4882a593Smuzhiyun int ret;
128*4882a593Smuzhiyun
129*4882a593Smuzhiyun idr_preload(gfp);
130*4882a593Smuzhiyun spin_lock_irqsave(&secid_lock, flags);
131*4882a593Smuzhiyun ret = idr_alloc(&aa_secids, label, AA_FIRST_SECID, 0, GFP_ATOMIC);
132*4882a593Smuzhiyun spin_unlock_irqrestore(&secid_lock, flags);
133*4882a593Smuzhiyun idr_preload_end();
134*4882a593Smuzhiyun
135*4882a593Smuzhiyun if (ret < 0) {
136*4882a593Smuzhiyun label->secid = AA_SECID_INVALID;
137*4882a593Smuzhiyun return ret;
138*4882a593Smuzhiyun }
139*4882a593Smuzhiyun
140*4882a593Smuzhiyun AA_BUG(ret == AA_SECID_INVALID);
141*4882a593Smuzhiyun label->secid = ret;
142*4882a593Smuzhiyun return 0;
143*4882a593Smuzhiyun }
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun /**
146*4882a593Smuzhiyun * aa_free_secid - free a secid
147*4882a593Smuzhiyun * @secid: secid to free
148*4882a593Smuzhiyun */
aa_free_secid(u32 secid)149*4882a593Smuzhiyun void aa_free_secid(u32 secid)
150*4882a593Smuzhiyun {
151*4882a593Smuzhiyun unsigned long flags;
152*4882a593Smuzhiyun
153*4882a593Smuzhiyun spin_lock_irqsave(&secid_lock, flags);
154*4882a593Smuzhiyun idr_remove(&aa_secids, secid);
155*4882a593Smuzhiyun spin_unlock_irqrestore(&secid_lock, flags);
156*4882a593Smuzhiyun }
157*4882a593Smuzhiyun
aa_secids_init(void)158*4882a593Smuzhiyun void aa_secids_init(void)
159*4882a593Smuzhiyun {
160*4882a593Smuzhiyun idr_init_base(&aa_secids, AA_FIRST_SECID);
161*4882a593Smuzhiyun }
162