^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * AppArmor security module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file contains AppArmor function for pathnames
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Copyright (C) 1998-2008 Novell/SUSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Copyright 2009-2010 Canonical Ltd.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/magic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/mount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/namei.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/nsproxy.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/path.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/fs_struct.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include "include/apparmor.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include "include/path.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include "include/policy.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) /* modified from dcache.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) static int prepend(char **buffer, int buflen, const char *str, int namelen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) buflen -= namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) if (buflen < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) return -ENAMETOOLONG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) *buffer -= namelen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) memcpy(*buffer, str, namelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) /* If the path is not connected to the expected root,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) * check if it is a sysctl and handle specially else remove any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) * leading / that __d_path may have returned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) * Unless
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) * specifically directed to connect the path,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) * OR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) * if in a chroot and doing chroot relative paths and the path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) * resolves to the namespace root (would be connected outside
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) * of chroot) and specifically directed to connect paths to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * namespace root.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) static int disconnect(const struct path *path, char *buf, char **name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) int flags, const char *disconnected)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) int error = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) if (!(flags & PATH_CONNECT_PATH) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) our_mnt(path->mnt))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) /* disconnected path, don't return pathname starting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) * with '/'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) error = -EACCES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) if (**name == '/')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) *name = *name + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) if (**name != '/')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) /* CONNECT_PATH with missing root */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) error = prepend(name, *name - buf, "/", 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) if (!error && disconnected)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) error = prepend(name, *name - buf, disconnected,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) strlen(disconnected));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) * d_namespace_path - lookup a name associated with a given path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) * @path: path to lookup (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) * @buf: buffer to store path to (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * @flags: flags controlling path lookup
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * @disconnected: string to prefix to disconnected paths
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) * Handle path name lookup.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) * Returns: %0 else error code if path lookup fails
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) * When no error the path name is returned in @name which points to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) * to a position in @buf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) static int d_namespace_path(const struct path *path, char *buf, char **name,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) int flags, const char *disconnected)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) char *res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) int error = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) int connected = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) int isdir = (flags & PATH_IS_DIR) ? 1 : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) int buflen = aa_g_path_max - isdir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) if (path->mnt->mnt_flags & MNT_INTERNAL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) /* it's not mounted anywhere */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) res = dentry_path(path->dentry, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) *name = res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) if (IS_ERR(res)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) *name = buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) return PTR_ERR(res);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) strncmp(*name, "/sys/", 5) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) /* TODO: convert over to using a per namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * control instead of hard coded /proc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) error = prepend(name, *name - buf, "/proc", 5);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) } else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) error = disconnect(path, buf, name, flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) disconnected);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) /* resolve paths relative to chroot?*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) if (flags & PATH_CHROOT_REL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) struct path root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) get_fs_root(current->fs, &root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) res = __d_path(path, &root, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) path_put(&root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) res = d_absolute_path(path, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) if (!our_mnt(path->mnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) connected = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) /* handle error conditions - and still allow a partial path to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * be returned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) if (!res || IS_ERR(res)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) if (PTR_ERR(res) == -ENAMETOOLONG) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) error = -ENAMETOOLONG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) *name = buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) connected = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) res = dentry_path_raw(path->dentry, buf, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) if (IS_ERR(res)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) error = PTR_ERR(res);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) *name = buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) } else if (!our_mnt(path->mnt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) connected = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) *name = res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) if (!connected)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) error = disconnect(path, buf, name, flags, disconnected);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) /* Handle two cases:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) * 1. A deleted dentry && profile is not allowing mediation of deleted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) * 2. On some filesystems, newly allocated dentries appear to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) * security_path hooks as a deleted dentry except without an inode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) * allocated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) error = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) * Append "/" to the pathname. The root directory is a special
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) * case; it already ends in slash.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) if (!error && isdir && ((*name)[1] != '\0' || (*name)[0] != '/'))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) strcpy(&buf[aa_g_path_max - 2], "/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) * aa_path_name - get the pathname to a buffer ensure dir / is appended
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * @path: path the file (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) * @flags: flags controlling path name generation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) * @buffer: buffer to put name in (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) * @name: Returns - the generated path name if !error (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) * @info: Returns - information on why the path lookup failed (MAYBE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) * @disconnected: string to prepend to disconnected paths
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) * @name is a pointer to the beginning of the pathname (which usually differs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) * from the beginning of the buffer), or NULL. If there is an error @name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) * may contain a partial or invalid name that can be used for audit purposes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) * but it can not be used for mediation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) * We need PATH_IS_DIR to indicate whether the file is a directory or not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) * because the file may not yet exist, and so we cannot check the inode's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) * file type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) * Returns: %0 else error code if could retrieve name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) int aa_path_name(const struct path *path, int flags, char *buffer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) const char **name, const char **info, const char *disconnected)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) char *str = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) int error = d_namespace_path(path, buffer, &str, flags, disconnected);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) if (info && error) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) if (error == -ENOENT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) *info = "Failed name lookup - deleted entry";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) else if (error == -EACCES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) *info = "Failed name lookup - disconnected path";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) else if (error == -ENAMETOOLONG)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) *info = "Failed name lookup - name too long";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) *info = "Failed name lookup";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) *name = str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) return error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags