Commit | Line | Data |
---|---|---|
b886d83c | 1 | // SPDX-License-Identifier: GPL-2.0-only |
cdff2642 JJ |
2 | /* |
3 | * AppArmor security module | |
4 | * | |
5 | * This file contains AppArmor function for pathnames | |
6 | * | |
7 | * Copyright (C) 1998-2008 Novell/SUSE | |
8 | * Copyright 2009-2010 Canonical Ltd. | |
cdff2642 JJ |
9 | */ |
10 | ||
11 | #include <linux/magic.h> | |
cdff2642 JJ |
12 | #include <linux/mount.h> |
13 | #include <linux/namei.h> | |
14 | #include <linux/nsproxy.h> | |
15 | #include <linux/path.h> | |
16 | #include <linux/sched.h> | |
17 | #include <linux/slab.h> | |
18 | #include <linux/fs_struct.h> | |
19 | ||
20 | #include "include/apparmor.h" | |
21 | #include "include/path.h" | |
22 | #include "include/policy.h" | |
23 | ||
cdff2642 JJ |
24 | /* modified from dcache.c */ |
25 | static int prepend(char **buffer, int buflen, const char *str, int namelen) | |
26 | { | |
27 | buflen -= namelen; | |
28 | if (buflen < 0) | |
29 | return -ENAMETOOLONG; | |
30 | *buffer -= namelen; | |
31 | memcpy(*buffer, str, namelen); | |
32 | return 0; | |
33 | } | |
34 | ||
35 | #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT) | |
36 | ||
bd35db8b JJ |
37 | /* If the path is not connected to the expected root, |
38 | * check if it is a sysctl and handle specially else remove any | |
39 | * leading / that __d_path may have returned. | |
40 | * Unless | |
41 | * specifically directed to connect the path, | |
42 | * OR | |
43 | * if in a chroot and doing chroot relative paths and the path | |
44 | * resolves to the namespace root (would be connected outside | |
45 | * of chroot) and specifically directed to connect paths to | |
46 | * namespace root. | |
47 | */ | |
48 | static int disconnect(const struct path *path, char *buf, char **name, | |
72c8a768 | 49 | int flags, const char *disconnected) |
bd35db8b JJ |
50 | { |
51 | int error = 0; | |
52 | ||
53 | if (!(flags & PATH_CONNECT_PATH) && | |
54 | !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && | |
55 | our_mnt(path->mnt))) { | |
56 | /* disconnected path, don't return pathname starting | |
57 | * with '/' | |
58 | */ | |
59 | error = -EACCES; | |
60 | if (**name == '/') | |
61 | *name = *name + 1; | |
72c8a768 JJ |
62 | } else { |
63 | if (**name != '/') | |
64 | /* CONNECT_PATH with missing root */ | |
65 | error = prepend(name, *name - buf, "/", 1); | |
66 | if (!error && disconnected) | |
67 | error = prepend(name, *name - buf, disconnected, | |
68 | strlen(disconnected)); | |
69 | } | |
bd35db8b JJ |
70 | |
71 | return error; | |
72 | } | |
73 | ||
cdff2642 JJ |
74 | /** |
75 | * d_namespace_path - lookup a name associated with a given path | |
76 | * @path: path to lookup (NOT NULL) | |
77 | * @buf: buffer to store path to (NOT NULL) | |
cdff2642 JJ |
78 | * @name: Returns - pointer for start of path name with in @buf (NOT NULL) |
79 | * @flags: flags controlling path lookup | |
72c8a768 | 80 | * @disconnected: string to prefix to disconnected paths |
cdff2642 JJ |
81 | * |
82 | * Handle path name lookup. | |
83 | * | |
84 | * Returns: %0 else error code if path lookup fails | |
85 | * When no error the path name is returned in @name which points to | |
86 | * to a position in @buf | |
87 | */ | |
4227c333 JJ |
88 | static int d_namespace_path(const struct path *path, char *buf, char **name, |
89 | int flags, const char *disconnected) | |
cdff2642 | 90 | { |
cdff2642 | 91 | char *res; |
02125a82 AV |
92 | int error = 0; |
93 | int connected = 1; | |
4227c333 JJ |
94 | int isdir = (flags & PATH_IS_DIR) ? 1 : 0; |
95 | int buflen = aa_g_path_max - isdir; | |
cdff2642 | 96 | |
02125a82 AV |
97 | if (path->mnt->mnt_flags & MNT_INTERNAL) { |
98 | /* it's not mounted anywhere */ | |
99 | res = dentry_path(path->dentry, buf, buflen); | |
100 | *name = res; | |
101 | if (IS_ERR(res)) { | |
102 | *name = buf; | |
103 | return PTR_ERR(res); | |
104 | } | |
105 | if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC && | |
106 | strncmp(*name, "/sys/", 5) == 0) { | |
107 | /* TODO: convert over to using a per namespace | |
108 | * control instead of hard coded /proc | |
109 | */ | |
4227c333 JJ |
110 | error = prepend(name, *name - buf, "/proc", 5); |
111 | goto out; | |
bd35db8b | 112 | } else |
4227c333 JJ |
113 | error = disconnect(path, buf, name, flags, |
114 | disconnected); | |
115 | goto out; | |
02125a82 AV |
116 | } |
117 | ||
118 | /* resolve paths relative to chroot?*/ | |
cdff2642 | 119 | if (flags & PATH_CHROOT_REL) { |
02125a82 | 120 | struct path root; |
44672e4f | 121 | get_fs_root(current->fs, &root); |
02125a82 | 122 | res = __d_path(path, &root, buf, buflen); |
02125a82 | 123 | path_put(&root); |
3372b68a | 124 | } else { |
28042fab | 125 | res = d_absolute_path(path, buf, buflen); |
3372b68a JJ |
126 | if (!our_mnt(path->mnt)) |
127 | connected = 0; | |
128 | } | |
cdff2642 | 129 | |
cdff2642 JJ |
130 | /* handle error conditions - and still allow a partial path to |
131 | * be returned. | |
132 | */ | |
3372b68a | 133 | if (!res || IS_ERR(res)) { |
4227c333 JJ |
134 | if (PTR_ERR(res) == -ENAMETOOLONG) { |
135 | error = -ENAMETOOLONG; | |
136 | *name = buf; | |
137 | goto out; | |
138 | } | |
3372b68a | 139 | connected = 0; |
fbba8d89 JJ |
140 | res = dentry_path_raw(path->dentry, buf, buflen); |
141 | if (IS_ERR(res)) { | |
142 | error = PTR_ERR(res); | |
143 | *name = buf; | |
144 | goto out; | |
145 | }; | |
146 | } else if (!our_mnt(path->mnt)) | |
02125a82 | 147 | connected = 0; |
cdff2642 | 148 | |
fbba8d89 JJ |
149 | *name = res; |
150 | ||
4227c333 JJ |
151 | if (!connected) |
152 | error = disconnect(path, buf, name, flags, disconnected); | |
153 | ||
e819ff51 JJ |
154 | /* Handle two cases: |
155 | * 1. A deleted dentry && profile is not allowing mediation of deleted | |
156 | * 2. On some filesystems, newly allocated dentries appear to the | |
157 | * security_path hooks as a deleted dentry except without an inode | |
158 | * allocated. | |
159 | */ | |
729b8a3d | 160 | if (d_unlinked(path->dentry) && d_is_positive(path->dentry) && |
4227c333 | 161 | !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) { |
cdff2642 JJ |
162 | error = -ENOENT; |
163 | goto out; | |
cdff2642 JJ |
164 | } |
165 | ||
cdff2642 | 166 | out: |
4227c333 JJ |
167 | /* |
168 | * Append "/" to the pathname. The root directory is a special | |
169 | * case; it already ends in slash. | |
170 | */ | |
171 | if (!error && isdir && ((*name)[1] != '\0' || (*name)[0] != '/')) | |
172 | strcpy(&buf[aa_g_path_max - 2], "/"); | |
57fa1e18 | 173 | |
cdff2642 JJ |
174 | return error; |
175 | } | |
176 | ||
177 | /** | |
4227c333 | 178 | * aa_path_name - get the pathname to a buffer ensure dir / is appended |
cdff2642 JJ |
179 | * @path: path the file (NOT NULL) |
180 | * @flags: flags controlling path name generation | |
4227c333 | 181 | * @buffer: buffer to put name in (NOT NULL) |
cdff2642 | 182 | * @name: Returns - the generated path name if !error (NOT NULL) |
57fa1e18 | 183 | * @info: Returns - information on why the path lookup failed (MAYBE NULL) |
72c8a768 | 184 | * @disconnected: string to prepend to disconnected paths |
cdff2642 JJ |
185 | * |
186 | * @name is a pointer to the beginning of the pathname (which usually differs | |
187 | * from the beginning of the buffer), or NULL. If there is an error @name | |
188 | * may contain a partial or invalid name that can be used for audit purposes, | |
189 | * but it can not be used for mediation. | |
190 | * | |
191 | * We need PATH_IS_DIR to indicate whether the file is a directory or not | |
192 | * because the file may not yet exist, and so we cannot check the inode's | |
193 | * file type. | |
194 | * | |
195 | * Returns: %0 else error code if could retrieve name | |
196 | */ | |
4227c333 | 197 | int aa_path_name(const struct path *path, int flags, char *buffer, |
72c8a768 | 198 | const char **name, const char **info, const char *disconnected) |
cdff2642 | 199 | { |
4227c333 JJ |
200 | char *str = NULL; |
201 | int error = d_namespace_path(path, buffer, &str, flags, disconnected); | |
cdff2642 | 202 | |
4227c333 JJ |
203 | if (info && error) { |
204 | if (error == -ENOENT) | |
205 | *info = "Failed name lookup - deleted entry"; | |
206 | else if (error == -EACCES) | |
207 | *info = "Failed name lookup - disconnected path"; | |
208 | else if (error == -ENAMETOOLONG) | |
209 | *info = "Failed name lookup - name too long"; | |
210 | else | |
211 | *info = "Failed name lookup"; | |
cdff2642 | 212 | } |
4227c333 | 213 | |
cdff2642 JJ |
214 | *name = str; |
215 | ||
216 | return error; | |
217 | } |