Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
policy.c
Go to the documentation of this file.
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor policy manipulation functions
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  *
14  *
15  * AppArmor policy is based around profiles, which contain the rules a
16  * task is confined by. Every task in the system has a profile attached
17  * to it determined either by matching "unconfined" tasks against the
18  * visible set of profiles or by following a profiles attachment rules.
19  *
20  * Each profile exists in a profile namespace which is a container of
21  * visible profiles. Each namespace contains a special "unconfined" profile,
22  * which doesn't enforce any confinement on a task beyond DAC.
23  *
24  * Namespace and profile names can be written together in either
25  * of two syntaxes.
26  * :namespace:profile - used by kernel interfaces for easy detection
27  * namespace://profile - used by policy
28  *
29  * Profile names can not start with : or @ or ^ and may not contain \0
30  *
31  * Reserved profile names
32  * unconfined - special automatically generated unconfined profile
33  * inherit - special name to indicate profile inheritance
34  * null-XXXX-YYYY - special automatically generated learning profiles
35  *
36  * Namespace names may not start with / or @ and may not contain \0 or :
37  * Reserved namespace names
38  * user-XXXX - user defined profiles
39  *
40  * a // in a profile or namespace name indicates a hierarchical name with the
41  * name before the // being the parent and the name after the child.
42  *
43  * Profile and namespace hierarchies serve two different but similar purposes.
44  * The namespace contains the set of visible profiles that are considered
45  * for attachment. The hierarchy of namespaces allows for virtualizing
46  * the namespace so that for example a chroot can have its own set of profiles
47  * which may define some local user namespaces.
48  * The profile hierarchy severs two distinct purposes,
49  * - it allows for sub profiles or hats, which allows an application to run
50  * subprograms under its own profile with different restriction than it
51  * self, and not have it use the system profile.
52  * eg. if a mail program starts an editor, the policy might make the
53  * restrictions tighter on the editor tighter than the mail program,
54  * and definitely different than general editor restrictions
55  * - it allows for binary hierarchy of profiles, so that execution history
56  * is preserved. This feature isn't exploited by AppArmor reference policy
57  * but is allowed. NOTE: this is currently suboptimal because profile
58  * aliasing is not currently implemented so that a profile for each
59  * level must be defined.
60  * eg. /bin/bash///bin/ls as a name would indicate /bin/ls was started
61  * from /bin/bash
62  *
63  * A profile or namespace name that can contain one or more // separators
64  * is referred to as an hname (hierarchical).
65  * eg. /bin/bash//bin/ls
66  *
67  * An fqname is a name that may contain both namespace and profile hnames.
68  * eg. :ns:/bin/bash//bin/ls
69  *
70  * NOTES:
71  * - locking of profile lists is currently fairly coarse. All profile
72  * lists within a namespace use the namespace lock.
73  * FIXME: move profile lists to using rcu_lists
74  */
75 
76 #include <linux/slab.h>
77 #include <linux/spinlock.h>
78 #include <linux/string.h>
79 
80 #include "include/apparmor.h"
81 #include "include/capability.h"
82 #include "include/context.h"
83 #include "include/file.h"
84 #include "include/ipc.h"
85 #include "include/match.h"
86 #include "include/path.h"
87 #include "include/policy.h"
88 #include "include/policy_unpack.h"
89 #include "include/resource.h"
90 #include "include/sid.h"
91 
92 
93 /* root profile namespace */
94 struct aa_namespace *root_ns;
95 
96 const char *const profile_mode_names[] = {
97  "enforce",
98  "complain",
99  "kill",
100 };
101 
108 static const char *hname_tail(const char *hname)
109 {
110  char *split;
111  hname = strim((char *)hname);
112  for (split = strstr(hname, "//"); split; split = strstr(hname, "//"))
113  hname = split + 2;
114 
115  return hname;
116 }
117 
128 static bool policy_init(struct aa_policy *policy, const char *prefix,
129  const char *name)
130 {
131  /* freed by policy_free */
132  if (prefix) {
133  policy->hname = kmalloc(strlen(prefix) + strlen(name) + 3,
134  GFP_KERNEL);
135  if (policy->hname)
136  sprintf(policy->hname, "%s//%s", prefix, name);
137  } else
138  policy->hname = kstrdup(name, GFP_KERNEL);
139  if (!policy->hname)
140  return 0;
141  /* base.name is a substring of fqname */
142  policy->name = (char *)hname_tail(policy->hname);
143  INIT_LIST_HEAD(&policy->list);
144  INIT_LIST_HEAD(&policy->profiles);
145  kref_init(&policy->count);
146 
147  return 1;
148 }
149 
154 static void policy_destroy(struct aa_policy *policy)
155 {
156  /* still contains profiles -- invalid */
157  if (!list_empty(&policy->profiles)) {
158  AA_ERROR("%s: internal error, "
159  "policy '%s' still contains profiles\n",
160  __func__, policy->name);
161  BUG();
162  }
163  if (!list_empty(&policy->list)) {
164  AA_ERROR("%s: internal error, policy '%s' still on list\n",
165  __func__, policy->name);
166  BUG();
167  }
168 
169  /* don't free name as its a subset of hname */
170  kzfree(policy->hname);
171 }
172 
182 static struct aa_policy *__policy_find(struct list_head *head, const char *name)
183 {
184  struct aa_policy *policy;
185 
186  list_for_each_entry(policy, head, list) {
187  if (!strcmp(policy->name, name))
188  return policy;
189  }
190  return NULL;
191 }
192 
206 static struct aa_policy *__policy_strn_find(struct list_head *head,
207  const char *str, int len)
208 {
209  struct aa_policy *policy;
210 
211  list_for_each_entry(policy, head, list) {
212  if (aa_strneq(policy->name, str, len))
213  return policy;
214  }
215 
216  return NULL;
217 }
218 
219 /*
220  * Routines for AppArmor namespaces
221  */
222 
223 static const char *hidden_ns_name = "---";
231 bool aa_ns_visible(struct aa_namespace *curr, struct aa_namespace *view)
232 {
233  if (curr == view)
234  return true;
235 
236  for ( ; view; view = view->parent) {
237  if (view->parent == curr)
238  return true;
239  }
240  return false;
241 }
242 
250 const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
251 {
252  /* if view == curr then the namespace name isn't displayed */
253  if (curr == view)
254  return "";
255 
256  if (aa_ns_visible(curr, view)) {
257  /* at this point if a ns is visible it is in a view ns
258  * thus the curr ns.hname is a prefix of its name.
259  * Only output the virtualized portion of the name
260  * Add + 2 to skip over // separating curr hname prefix
261  * from the visible tail of the views hname
262  */
263  return view->base.hname + strlen(curr->base.hname) + 2;
264  } else
265  return hidden_ns_name;
266 }
267 
275 static struct aa_namespace *alloc_namespace(const char *prefix,
276  const char *name)
277 {
278  struct aa_namespace *ns;
279 
280  ns = kzalloc(sizeof(*ns), GFP_KERNEL);
281  AA_DEBUG("%s(%p)\n", __func__, ns);
282  if (!ns)
283  return NULL;
284  if (!policy_init(&ns->base, prefix, name))
285  goto fail_ns;
286 
287  INIT_LIST_HEAD(&ns->sub_ns);
288  rwlock_init(&ns->lock);
289 
290  /* released by free_namespace */
291  ns->unconfined = aa_alloc_profile("unconfined");
292  if (!ns->unconfined)
293  goto fail_unconfined;
294 
295  ns->unconfined->sid = aa_alloc_sid();
296  ns->unconfined->flags = PFLAG_UNCONFINED | PFLAG_IX_ON_NAME_ERROR |
297  PFLAG_IMMUTABLE;
298 
299  /*
300  * released by free_namespace, however __remove_namespace breaks
301  * the cyclic references (ns->unconfined, and unconfined->ns) and
302  * replaces with refs to parent namespace unconfined
303  */
304  ns->unconfined->ns = aa_get_namespace(ns);
305 
306  return ns;
307 
308 fail_unconfined:
309  kzfree(ns->base.hname);
310 fail_ns:
311  kzfree(ns);
312  return NULL;
313 }
314 
322 static void free_namespace(struct aa_namespace *ns)
323 {
324  if (!ns)
325  return;
326 
327  policy_destroy(&ns->base);
328  aa_put_namespace(ns->parent);
329 
330  if (ns->unconfined && ns->unconfined->ns == ns)
331  ns->unconfined->ns = NULL;
332 
333  aa_put_profile(ns->unconfined);
334  kzfree(ns);
335 }
336 
341 void aa_free_namespace_kref(struct kref *kref)
342 {
343  free_namespace(container_of(kref, struct aa_namespace, base.count));
344 }
345 
355 static struct aa_namespace *__aa_find_namespace(struct list_head *head,
356  const char *name)
357 {
358  return (struct aa_namespace *)__policy_find(head, name);
359 }
360 
371 struct aa_namespace *aa_find_namespace(struct aa_namespace *root,
372  const char *name)
373 {
374  struct aa_namespace *ns = NULL;
375 
376  read_lock(&root->lock);
377  ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
378  read_unlock(&root->lock);
379 
380  return ns;
381 }
382 
389 static struct aa_namespace *aa_prepare_namespace(const char *name)
390 {
391  struct aa_namespace *ns, *root;
392 
393  root = aa_current_profile()->ns;
394 
395  write_lock(&root->lock);
396 
397  /* if name isn't specified the profile is loaded to the current ns */
398  if (!name) {
399  /* released by caller */
400  ns = aa_get_namespace(root);
401  goto out;
402  }
403 
404  /* try and find the specified ns and if it doesn't exist create it */
405  /* released by caller */
406  ns = aa_get_namespace(__aa_find_namespace(&root->sub_ns, name));
407  if (!ns) {
408  /* namespace not found */
409  struct aa_namespace *new_ns;
410  write_unlock(&root->lock);
411  new_ns = alloc_namespace(root->base.hname, name);
412  if (!new_ns)
413  return NULL;
414  write_lock(&root->lock);
415  /* test for race when new_ns was allocated */
416  ns = __aa_find_namespace(&root->sub_ns, name);
417  if (!ns) {
418  /* add parent ref */
419  new_ns->parent = aa_get_namespace(root);
420 
421  list_add(&new_ns->base.list, &root->sub_ns);
422  /* add list ref */
423  ns = aa_get_namespace(new_ns);
424  } else {
425  /* raced so free the new one */
426  free_namespace(new_ns);
427  /* get reference on namespace */
428  aa_get_namespace(ns);
429  }
430  }
431 out:
432  write_unlock(&root->lock);
433 
434  /* return ref */
435  return ns;
436 }
437 
447 static void __list_add_profile(struct list_head *list,
448  struct aa_profile *profile)
449 {
450  list_add(&profile->base.list, list);
451  /* get list reference */
452  aa_get_profile(profile);
453 }
454 
467 static void __list_remove_profile(struct aa_profile *profile)
468 {
469  list_del_init(&profile->base.list);
470  if (!(profile->flags & PFLAG_NO_LIST_REF))
471  /* release list reference */
472  aa_put_profile(profile);
473 }
474 
487 static void __replace_profile(struct aa_profile *old, struct aa_profile *new)
488 {
489  struct aa_policy *policy;
490  struct aa_profile *child, *tmp;
491 
492  if (old->parent)
493  policy = &old->parent->base;
494  else
495  policy = &old->ns->base;
496 
497  /* released when @new is freed */
498  new->parent = aa_get_profile(old->parent);
499  new->ns = aa_get_namespace(old->ns);
500  new->sid = old->sid;
501  __list_add_profile(&policy->profiles, new);
502  /* inherit children */
503  list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) {
504  aa_put_profile(child->parent);
505  child->parent = aa_get_profile(new);
506  /* list refcount transferred to @new*/
507  list_move(&child->base.list, &new->base.profiles);
508  }
509 
510  /* released by free_profile */
511  old->replacedby = aa_get_profile(new);
512  __list_remove_profile(old);
513 }
514 
515 static void __profile_list_release(struct list_head *head);
516 
523 static void __remove_profile(struct aa_profile *profile)
524 {
525  /* release any children lists first */
526  __profile_list_release(&profile->base.profiles);
527  /* released by free_profile */
528  profile->replacedby = aa_get_profile(profile->ns->unconfined);
529  __list_remove_profile(profile);
530 }
531 
538 static void __profile_list_release(struct list_head *head)
539 {
540  struct aa_profile *profile, *tmp;
541  list_for_each_entry_safe(profile, tmp, head, base.list)
542  __remove_profile(profile);
543 }
544 
545 static void __ns_list_release(struct list_head *head);
546 
551 static void destroy_namespace(struct aa_namespace *ns)
552 {
553  if (!ns)
554  return;
555 
556  write_lock(&ns->lock);
557  /* release all profiles in this namespace */
558  __profile_list_release(&ns->base.profiles);
559 
560  /* release all sub namespaces */
561  __ns_list_release(&ns->sub_ns);
562 
563  write_unlock(&ns->lock);
564 }
565 
572 static void __remove_namespace(struct aa_namespace *ns)
573 {
574  struct aa_profile *unconfined = ns->unconfined;
575 
576  /* remove ns from namespace list */
577  list_del_init(&ns->base.list);
578 
579  /*
580  * break the ns, unconfined profile cyclic reference and forward
581  * all new unconfined profiles requests to the parent namespace
582  * This will result in all confined tasks that have a profile
583  * being removed, inheriting the parent->unconfined profile.
584  */
585  if (ns->parent)
586  ns->unconfined = aa_get_profile(ns->parent->unconfined);
587 
588  destroy_namespace(ns);
589 
590  /* release original ns->unconfined ref */
591  aa_put_profile(unconfined);
592  /* release ns->base.list ref, from removal above */
593  aa_put_namespace(ns);
594 }
595 
602 static void __ns_list_release(struct list_head *head)
603 {
604  struct aa_namespace *ns, *tmp;
605  list_for_each_entry_safe(ns, tmp, head, base.list)
606  __remove_namespace(ns);
607 
608 }
609 
616 int __init aa_alloc_root_ns(void)
617 {
618  /* released by aa_free_root_ns - used as list ref*/
619  root_ns = alloc_namespace(NULL, "root");
620  if (!root_ns)
621  return -ENOMEM;
622 
623  return 0;
624 }
625 
629 void __init aa_free_root_ns(void)
630  {
631  struct aa_namespace *ns = root_ns;
632  root_ns = NULL;
633 
634  destroy_namespace(ns);
635  aa_put_namespace(ns);
636 }
637 
644 struct aa_profile *aa_alloc_profile(const char *hname)
645 {
646  struct aa_profile *profile;
647 
648  /* freed by free_profile - usually through aa_put_profile */
649  profile = kzalloc(sizeof(*profile), GFP_KERNEL);
650  if (!profile)
651  return NULL;
652 
653  if (!policy_init(&profile->base, NULL, hname)) {
654  kzfree(profile);
655  return NULL;
656  }
657 
658  /* refcount released by caller */
659  return profile;
660 }
661 
676 struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
677 {
678  struct aa_profile *profile = NULL;
679  char *name;
680  u32 sid = aa_alloc_sid();
681 
682  /* freed below */
683  name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
684  if (!name)
685  goto fail;
686  sprintf(name, "%s//null-%x", parent->base.hname, sid);
687 
688  profile = aa_alloc_profile(name);
689  kfree(name);
690  if (!profile)
691  goto fail;
692 
693  profile->sid = sid;
694  profile->mode = APPARMOR_COMPLAIN;
695  profile->flags = PFLAG_NULL;
696  if (hat)
697  profile->flags |= PFLAG_HAT;
698 
699  /* released on free_profile */
700  profile->parent = aa_get_profile(parent);
701  profile->ns = aa_get_namespace(parent->ns);
702 
703  write_lock(&profile->ns->lock);
704  __list_add_profile(&parent->base.profiles, profile);
705  write_unlock(&profile->ns->lock);
706 
707  /* refcount released by caller */
708  return profile;
709 
710 fail:
711  aa_free_sid(sid);
712  return NULL;
713 }
714 
725 static void free_profile(struct aa_profile *profile)
726 {
727  struct aa_profile *p;
728 
729  AA_DEBUG("%s(%p)\n", __func__, profile);
730 
731  if (!profile)
732  return;
733 
734  if (!list_empty(&profile->base.list)) {
735  AA_ERROR("%s: internal error, "
736  "profile '%s' still on ns list\n",
737  __func__, profile->base.name);
738  BUG();
739  }
740 
741  /* free children profiles */
742  policy_destroy(&profile->base);
743  aa_put_profile(profile->parent);
744 
745  aa_put_namespace(profile->ns);
746  kzfree(profile->rename);
747 
748  aa_free_file_rules(&profile->file);
749  aa_free_cap_rules(&profile->caps);
750  aa_free_rlimit_rules(&profile->rlimits);
751 
752  aa_free_sid(profile->sid);
753  aa_put_dfa(profile->xmatch);
754  aa_put_dfa(profile->policy.dfa);
755 
756  /* put the profile reference for replacedby, but not via
757  * put_profile(kref_put).
758  * replacedby can form a long chain that can result in cascading
759  * frees that blows the stack because kref_put makes a nested fn
760  * call (it looks like recursion, with free_profile calling
761  * free_profile) for each profile in the chain lp#1056078.
762  */
763  for (p = profile->replacedby; p; ) {
764  if (atomic_dec_and_test(&p->base.count.refcount)) {
765  /* no more refs on p, grab its replacedby */
766  struct aa_profile *next = p->replacedby;
767  /* break the chain */
768  p->replacedby = NULL;
769  /* now free p, chain is broken */
770  free_profile(p);
771 
772  /* follow up with next profile in the chain */
773  p = next;
774  } else
775  break;
776  }
777 
778  kzfree(profile);
779 }
780 
785 void aa_free_profile_kref(struct kref *kref)
786 {
787  struct aa_profile *p = container_of(kref, struct aa_profile,
788  base.count);
789 
790  free_profile(p);
791 }
792 
793 /* TODO: profile accounting - setup in remove */
794 
804 static struct aa_profile *__find_child(struct list_head *head, const char *name)
805 {
806  return (struct aa_profile *)__policy_find(head, name);
807 }
808 
819 static struct aa_profile *__strn_find_child(struct list_head *head,
820  const char *name, int len)
821 {
822  return (struct aa_profile *)__policy_strn_find(head, name, len);
823 }
824 
832 struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name)
833 {
834  struct aa_profile *profile;
835 
836  read_lock(&parent->ns->lock);
837  profile = aa_get_profile(__find_child(&parent->base.profiles, name));
838  read_unlock(&parent->ns->lock);
839 
840  /* refcount released by caller */
841  return profile;
842 }
843 
857 static struct aa_policy *__lookup_parent(struct aa_namespace *ns,
858  const char *hname)
859 {
860  struct aa_policy *policy;
861  struct aa_profile *profile = NULL;
862  char *split;
863 
864  policy = &ns->base;
865 
866  for (split = strstr(hname, "//"); split;) {
867  profile = __strn_find_child(&policy->profiles, hname,
868  split - hname);
869  if (!profile)
870  return NULL;
871  policy = &profile->base;
872  hname = split + 2;
873  split = strstr(hname, "//");
874  }
875  if (!profile)
876  return &ns->base;
877  return &profile->base;
878 }
879 
891 static struct aa_profile *__lookup_profile(struct aa_policy *base,
892  const char *hname)
893 {
894  struct aa_profile *profile = NULL;
895  char *split;
896 
897  for (split = strstr(hname, "//"); split;) {
898  profile = __strn_find_child(&base->profiles, hname,
899  split - hname);
900  if (!profile)
901  return NULL;
902 
903  base = &profile->base;
904  hname = split + 2;
905  split = strstr(hname, "//");
906  }
907 
908  profile = __find_child(&base->profiles, hname);
909 
910  return profile;
911 }
912 
920 struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *hname)
921 {
922  struct aa_profile *profile;
923 
924  read_lock(&ns->lock);
925  profile = aa_get_profile(__lookup_profile(&ns->base, hname));
926  read_unlock(&ns->lock);
927 
928  /* the unconfined profile is not in the regular profile list */
929  if (!profile && strcmp(hname, "unconfined") == 0)
930  profile = aa_get_profile(ns->unconfined);
931 
932  /* refcount released by caller */
933  return profile;
934 }
935 
944 static int replacement_allowed(struct aa_profile *profile, int noreplace,
945  const char **info)
946 {
947  if (profile) {
948  if (profile->flags & PFLAG_IMMUTABLE) {
949  *info = "cannot replace immutible profile";
950  return -EPERM;
951  } else if (noreplace) {
952  *info = "profile already exists";
953  return -EEXIST;
954  }
955  }
956  return 0;
957 }
958 
967 static void __add_new_profile(struct aa_namespace *ns, struct aa_policy *policy,
968  struct aa_profile *profile)
969 {
970  if (policy != &ns->base)
971  /* released on profile replacement or free_profile */
972  profile->parent = aa_get_profile((struct aa_profile *) policy);
973  __list_add_profile(&policy->profiles, profile);
974  /* released on free_profile */
975  profile->sid = aa_alloc_sid();
976  profile->ns = aa_get_namespace(ns);
977 }
978 
989 static int audit_policy(int op, gfp_t gfp, const char *name, const char *info,
990  int error)
991 {
992  struct common_audit_data sa;
993  struct apparmor_audit_data aad = {0,};
994  sa.type = LSM_AUDIT_DATA_NONE;
995  sa.aad = &aad;
996  aad.op = op;
997  aad.name = name;
998  aad.info = info;
999  aad.error = error;
1000 
1001  return aa_audit(AUDIT_APPARMOR_STATUS, __aa_current_profile(), gfp,
1002  &sa, NULL);
1003 }
1004 
1011 bool aa_may_manage_policy(int op)
1012 {
1013  /* check if loading policy is locked out */
1014  if (aa_g_lock_policy) {
1015  audit_policy(op, GFP_KERNEL, NULL, "policy_locked", -EACCES);
1016  return 0;
1017  }
1018 
1019  if (!capable(CAP_MAC_ADMIN)) {
1020  audit_policy(op, GFP_KERNEL, NULL, "not policy admin", -EACCES);
1021  return 0;
1022  }
1023 
1024  return 1;
1025 }
1026 
1039 ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
1040 {
1041  struct aa_policy *policy;
1042  struct aa_profile *old_profile = NULL, *new_profile = NULL;
1043  struct aa_profile *rename_profile = NULL;
1044  struct aa_namespace *ns = NULL;
1045  const char *ns_name, *name = NULL, *info = NULL;
1046  int op = OP_PROF_REPL;
1047  ssize_t error;
1048 
1049  /* released below */
1050  new_profile = aa_unpack(udata, size, &ns_name);
1051  if (IS_ERR(new_profile)) {
1052  error = PTR_ERR(new_profile);
1053  new_profile = NULL;
1054  goto fail;
1055  }
1056 
1057  /* released below */
1058  ns = aa_prepare_namespace(ns_name);
1059  if (!ns) {
1060  info = "failed to prepare namespace";
1061  error = -ENOMEM;
1062  name = ns_name;
1063  goto fail;
1064  }
1065 
1066  name = new_profile->base.hname;
1067 
1068  write_lock(&ns->lock);
1069  /* no ref on policy only use inside lock */
1070  policy = __lookup_parent(ns, new_profile->base.hname);
1071 
1072  if (!policy) {
1073  info = "parent does not exist";
1074  error = -ENOENT;
1075  goto audit;
1076  }
1077 
1078  old_profile = __find_child(&policy->profiles, new_profile->base.name);
1079  /* released below */
1080  aa_get_profile(old_profile);
1081 
1082  if (new_profile->rename) {
1083  rename_profile = __lookup_profile(&ns->base,
1084  new_profile->rename);
1085  /* released below */
1086  aa_get_profile(rename_profile);
1087 
1088  if (!rename_profile) {
1089  info = "profile to rename does not exist";
1090  name = new_profile->rename;
1091  error = -ENOENT;
1092  goto audit;
1093  }
1094  }
1095 
1096  error = replacement_allowed(old_profile, noreplace, &info);
1097  if (error)
1098  goto audit;
1099 
1100  error = replacement_allowed(rename_profile, noreplace, &info);
1101  if (error)
1102  goto audit;
1103 
1104 audit:
1105  if (!old_profile && !rename_profile)
1106  op = OP_PROF_LOAD;
1107 
1108  error = audit_policy(op, GFP_ATOMIC, name, info, error);
1109 
1110  if (!error) {
1111  if (rename_profile)
1112  __replace_profile(rename_profile, new_profile);
1113  if (old_profile) {
1114  /* when there are both rename and old profiles
1115  * inherit old profiles sid
1116  */
1117  if (rename_profile)
1118  aa_free_sid(new_profile->sid);
1119  __replace_profile(old_profile, new_profile);
1120  }
1121  if (!(old_profile || rename_profile))
1122  __add_new_profile(ns, policy, new_profile);
1123  }
1124  write_unlock(&ns->lock);
1125 
1126 out:
1127  aa_put_namespace(ns);
1128  aa_put_profile(rename_profile);
1129  aa_put_profile(old_profile);
1130  aa_put_profile(new_profile);
1131  if (error)
1132  return error;
1133  return size;
1134 
1135 fail:
1136  error = audit_policy(op, GFP_KERNEL, name, info, error);
1137  goto out;
1138 }
1139 
1152 ssize_t aa_remove_profiles(char *fqname, size_t size)
1153 {
1154  struct aa_namespace *root, *ns = NULL;
1155  struct aa_profile *profile = NULL;
1156  const char *name = fqname, *info = NULL;
1157  ssize_t error = 0;
1158 
1159  if (*fqname == 0) {
1160  info = "no profile specified";
1161  error = -ENOENT;
1162  goto fail;
1163  }
1164 
1165  root = aa_current_profile()->ns;
1166 
1167  if (fqname[0] == ':') {
1168  char *ns_name;
1169  name = aa_split_fqname(fqname, &ns_name);
1170  if (ns_name) {
1171  /* released below */
1172  ns = aa_find_namespace(root, ns_name);
1173  if (!ns) {
1174  info = "namespace does not exist";
1175  error = -ENOENT;
1176  goto fail;
1177  }
1178  }
1179  } else
1180  /* released below */
1181  ns = aa_get_namespace(root);
1182 
1183  if (!name) {
1184  /* remove namespace - can only happen if fqname[0] == ':' */
1185  write_lock(&ns->parent->lock);
1186  __remove_namespace(ns);
1187  write_unlock(&ns->parent->lock);
1188  } else {
1189  /* remove profile */
1190  write_lock(&ns->lock);
1191  profile = aa_get_profile(__lookup_profile(&ns->base, name));
1192  if (!profile) {
1193  error = -ENOENT;
1194  info = "profile does not exist";
1195  goto fail_ns_lock;
1196  }
1197  name = profile->base.hname;
1198  __remove_profile(profile);
1199  write_unlock(&ns->lock);
1200  }
1201 
1202  /* don't fail removal if audit fails */
1203  (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
1204  aa_put_namespace(ns);
1205  aa_put_profile(profile);
1206  return size;
1207 
1208 fail_ns_lock:
1209  write_unlock(&ns->lock);
1210  aa_put_namespace(ns);
1211 
1212 fail:
1213  (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
1214  return error;
1215 }
Generated on Thu Jan 10 2013 15:03:07 for Linux Kernel by   doxygen 1.8.2