1 // SPDX-License-Identifier: GPL-2.0-only
7  * Copyright (C) 1998-2008 Novell/SUSE
8  * Copyright 2009-2010 Canonical Ltd.
40  * file_audit_cb - call back for file specific audit fields
50 	if (aad(sa)->request & AA_AUDIT_FILE_MASK) {  in file_audit_cb()
52 				    map_mask_to_chr_mask(aad(sa)->request));  in file_audit_cb()
55 	if (aad(sa)->denied & AA_AUDIT_FILE_MASK) {  in file_audit_cb()
57 				    map_mask_to_chr_mask(aad(sa)->denied));  in file_audit_cb()
60 	if (aad(sa)->request & AA_AUDIT_FILE_MASK) {  in file_audit_cb()
64 				 from_kuid(&init_user_ns, aad(sa)->fs.ouid));  in file_audit_cb()
67 	if (aad(sa)->peer) {  in file_audit_cb()
69 		aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,  in file_audit_cb()
71 	} else if (aad(sa)->fs.target) {  in file_audit_cb()
73 		audit_log_untrustedstring(ab, aad(sa)->fs.target);  in file_audit_cb()
78  * aa_audit_file - handle the auditing of file operations
101 	aad(&sa)->request = request;  in aa_audit_file()
102 	aad(&sa)->name = name;  in aa_audit_file()
103 	aad(&sa)->fs.target = target;  in aa_audit_file()
104 	aad(&sa)->peer = tlabel;  in aa_audit_file()
105 	aad(&sa)->fs.ouid = ouid;  in aa_audit_file()
106 	aad(&sa)->info = info;  in aa_audit_file()
107 	aad(&sa)->error = error;  in aa_audit_file()
110 	if (likely(!aad(&sa)->error)) {  in aa_audit_file()
111 		u32 mask = perms->audit;  in aa_audit_file()
117 		aad(&sa)->request &= mask;  in aa_audit_file()
119 		if (likely(!aad(&sa)->request))  in aa_audit_file()
124 		aad(&sa)->request = aad(&sa)->request & ~perms->allow;  in aa_audit_file()
125 		AA_BUG(!aad(&sa)->request);  in aa_audit_file()
127 		if (aad(&sa)->request & perms->kill)  in aa_audit_file()
131 		if ((aad(&sa)->request & perms->quiet) &&  in aa_audit_file()
134 			aad(&sa)->request &= ~perms->quiet;  in aa_audit_file()
136 		if (!aad(&sa)->request)  in aa_audit_file()
137 			return aad(&sa)->error;  in aa_audit_file()
140 	aad(&sa)->denied = aad(&sa)->request & ~perms->allow;  in aa_audit_file()
145  * is_deleted - test if a file has been completely unlinked
152 	if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0)  in is_deleted()
166 			     labels_profile(label)->disconnected);  in path_name()
170 				      NULL, NULL, cond->uid, info, error));  in path_name()
178  * map_old_perms - map old file perms layout to the new layout
179  * @old: permission set in old mapping
205  * aa_compute_fperms - convert dfa compressed perms to internal perms
211  *       at load time.
213  * Returns: computed permission set
225 	if (uid_eq(current_fsuid(), cond->uid)) {  in aa_compute_fperms()
226 		perms.allow = map_old_perms(dfa_user_allow(dfa, state));  in aa_compute_fperms()
231 		perms.allow = map_old_perms(dfa_other_allow(dfa, state));  in aa_compute_fperms()
236 	perms.allow |= AA_MAY_GETATTR;  in aa_compute_fperms()
240 		perms.allow |= AA_MAY_CHANGE_PROFILE;  in aa_compute_fperms()
242 		perms.allow |= AA_MAY_ONEXEC;  in aa_compute_fperms()
248  * aa_str_perms - find permission that match @name
252  * @cond: conditions to consider for permission set computation  (NOT NULL)
253  * @perms: Returns - the permissions found when matching @name
276 	aa_str_perms(profile->file.dfa, profile->file.start, name, cond, perms);  in __aa_path_perm()
277 	if (request & ~perms->allow)  in __aa_path_perm()
278 		e = -EACCES;  in __aa_path_perm()
280 			     cond->uid, NULL, e);  in __aa_path_perm()
295 	error = path_name(op, &profile->label, path,  in profile_path_perm()
296 			  flags | profile->path_flags, buffer, &name, cond,  in profile_path_perm()
305  * aa_path_perm - do permissions check & audit for @path
324 	flags |= PATH_DELEGATE_DELETED | (S_ISDIR(cond->mode) ? PATH_IS_DIR :  in aa_path_perm()
328 		return -ENOMEM;  in aa_path_perm()
339  * xindex_is_subset - helper for aa_path_link
340  * @link: link permission set
341  * @target: target permission set
370 	error = path_name(OP_LINK, &profile->label, link, profile->path_flags,  in profile_path_link()
376 	error = path_name(OP_LINK, &profile->label, target, profile->path_flags,  in profile_path_link()
381 	error = -EACCES;  in profile_path_link()
382 	/* aa_str_perms - handles the case of the dfa being NULL */  in profile_path_link()
383 	state = aa_str_perms(profile->file.dfa, profile->file.start, lname,  in profile_path_link()
386 	if (!(lperms.allow & AA_MAY_LINK))  in profile_path_link()
390 	state = aa_dfa_null_transition(profile->file.dfa, state);  in profile_path_link()
391 	aa_str_perms(profile->file.dfa, state, tname, cond, &perms);  in profile_path_link()
400 	if (!(perms.allow & AA_MAY_LINK)) {  in profile_path_link()
407 	if (!(perms.allow & AA_LINK_SUBSET))  in profile_path_link()
413 	aa_str_perms(profile->file.dfa, profile->file.start, tname, cond,  in profile_path_link()
417 	request = lperms.allow & ~AA_MAY_LINK;  in profile_path_link()
418 	lperms.allow &= perms.allow | AA_MAY_LINK;  in profile_path_link()
420 	request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow);  in profile_path_link()
421 	if (request & ~lperms.allow) {  in profile_path_link()
423 	} else if ((lperms.allow & MAY_EXEC) &&  in profile_path_link()
425 		lperms.allow &= ~MAY_EXEC;  in profile_path_link()
436 			     NULL, cond->uid, info, error);  in profile_path_link()
440  * aa_path_link - Handle hard link permission check
460 	struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };  in aa_path_link()
461 	struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };  in aa_path_link()
463 		d_backing_inode(old_dentry)->i_uid,  in aa_path_link()
464 		d_backing_inode(old_dentry)->i_mode  in aa_path_link()
473 	error = -ENOMEM;  in aa_path_link()
492 	spin_lock(&fctx->lock);  in update_file_ctx()
493 	old = rcu_dereference_protected(fctx->label,  in update_file_ctx()
494 					lockdep_is_held(&fctx->lock));  in update_file_ctx()
498 			rcu_assign_pointer(fctx->label, l);  in update_file_ctx()
502 		fctx->allow |= request;  in update_file_ctx()
504 	spin_unlock(&fctx->lock);  in update_file_ctx()
515 		.mode = file_inode(file)->i_mode  in __file_path_perm()
520 	/* revalidation due to label out of date. No revocation at this time */  in __file_path_perm()
528 		return -ENOMEM;  in __file_path_perm()
532 			profile_path_perm(op, profile, &file->f_path, buffer,  in __file_path_perm()
545 				profile_path_perm(op, profile, &file->f_path,  in __file_path_perm()
550 				profile_path_perm(op, profile, &file->f_path,  in __file_path_perm()
566 	struct socket *sock = (struct socket *) file->private_data;  in __file_sock_perm()
571 	/* revalidation due to label out of date. No revocation at this time */  in __file_sock_perm()
589  * aa_file_perm - do permission revalidation check & audit for @file
612 	flabel  = rcu_dereference(fctx->label);  in aa_file_perm()
622 	denied = request & ~fctx->allow;  in aa_file_perm()
633 	if (file->f_path.mnt && path_mediated_fs(file->f_path.dentry))  in aa_file_perm()
637 	else if (S_ISSOCK(file_inode(file)->i_mode))  in aa_file_perm()
655 	spin_lock(&tty->files_lock);  in revalidate_tty()
656 	if (!list_empty(&tty->tty_files)) {  in revalidate_tty()
660 		file_priv = list_first_entry(&tty->tty_files,  in revalidate_tty()
662 		file = file_priv->file;  in revalidate_tty()
668 	spin_unlock(&tty->files_lock);  in revalidate_tty()
705 		replace_fd(n - 1, devnull, 0);  in aa_inherit_files()