apparmor: provide base for multiple profiles to be replaced at once

previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2013-07-11 00:05:43 -0400
committer: John Johansen <john.johansen@canonical.com> 2013-08-14 14:42:06 -0400
commit: dd51c84857630e77c139afe4d9bba65fc051dc3f (patch)
tree: 2dbfb9435feadac6123600aef75004ee2197f6af /security/apparmor/policy_unpack.c
parent: 9d910a3bc01008d432b3bb79a69e7e3cdb4821b2 (diff)
1 files changed, 86 insertions, 28 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 6dac7d77cb4d..080a26b11f01 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -333,8 +333,10 @@ static struct aa_dfa *unpack_dfa(struct aa_ext *e)
                /*
                 * The dfa is aligned with in the blob to 8 bytes
                 * from the beginning of the stream.
+                 * alignment adjust needed by dfa unpack
                 */
-                size_t sz = blob - (char *)e->start;
+                size_t sz = blob - (char *) e->start -
+                        ((e->pos - e->start) & 7);
                size_t pad = ALIGN(sz, 8) - sz;
                int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
                        TO_ACCEPT2_FLAG(YYTD_DATA32);
@@ -622,29 +624,41 @@ fail:
 /**
 * verify_head - unpack serialized stream header
 * @e: serialized data read head (NOT NULL)
+ * @required: whether the header is required or optional
 * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
 *
 * Returns: error or 0 if header is good
 */
-static int verify_header(struct aa_ext *e, const char **ns)
+static int verify_header(struct aa_ext *e, int required, const char **ns)
 {
        int error = -EPROTONOSUPPORT;
+        const char *name = NULL;
+        *ns = NULL;
        /* get the interface version */
        if (!unpack_u32(e, &e->version, "version")) {
-                audit_iface(NULL, NULL, "invalid profile format", e, error);
+                if (required) {
-                return error;
+                        audit_iface(NULL, NULL, "invalid profile format", e,
-        }
+                                    error);
+                        return error;
+                }
-        /* check that the interface version is currently supported */
+                /* check that the interface version is currently supported */
-        if (e->version != 5) {
+                if (e->version != 5) {
-                audit_iface(NULL, NULL, "unsupported interface version", e,
+                        audit_iface(NULL, NULL, "unsupported interface version",
-                            error);
+                                    e, error);
-                return error;
+                        return error;
+                }
        }
        /* read the namespace if present */
-        if (!unpack_str(e, ns, "namespace"))
+        if (unpack_str(e, &name, "namespace")) {
-                *ns = NULL;
+                if (*ns && strcmp(*ns, name))
+                        audit_iface(NULL, NULL, "invalid ns change", e, error);
+                else if (!*ns)
+                        *ns = name;
+        }
        return 0;
 }
@@ -693,18 +707,40 @@ static int verify_profile(struct aa_profile *profile)
        return 0;
 }
+void aa_load_ent_free(struct aa_load_ent *ent)
+{
+        if (ent) {
+                aa_put_profile(ent->rename);
+                aa_put_profile(ent->old);
+                aa_put_profile(ent->new);
+                kzfree(ent);
+        }
+}
+struct aa_load_ent *aa_load_ent_alloc(void)
+{
+        struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL);
+        if (ent)
+                INIT_LIST_HEAD(&ent->list);
+        return ent;
+}
 /**
- * aa_unpack - unpack packed binary profile data loaded from user space
+ * aa_unpack - unpack packed binary profile(s) data loaded from user space
 * @udata: user data copied to kmem  (NOT NULL)
 * @size: the size of the user data
+ * @lh: list to place unpacked profiles in a aa_repl_ws
 * @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
 *
- * Unpack user data and return refcounted allocated profile or ERR_PTR
+ * Unpack user data and return refcounted allocated profile(s) stored in
+ * @lh in order of discovery, with the list chain stored in base.list
+ * or error
 *
- * Returns: profile else error pointer if fails to unpack
+ * Returns: profile(s) on @lh else error pointer if fails to unpack
 */
-struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns)
+int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns)
 {
+        struct aa_load_ent *tmp, *ent;
        struct aa_profile *profile = NULL;
        int error;
        struct aa_ext e = {
@@ -713,20 +749,42 @@ struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns)
                .pos = udata,
        };
-        error = verify_header(&e, ns);
+        *ns = NULL;
-        if (error)
+        while (e.pos < e.end) {
-                return ERR_PTR(error);
+                error = verify_header(&e, e.pos == e.start, ns);
+                if (error)
+                        goto fail;
-        profile = unpack_profile(&e);
+                profile = unpack_profile(&e);
-        if (IS_ERR(profile))
+                if (IS_ERR(profile)) {
-                return profile;
+                        error = PTR_ERR(profile);
+                        goto fail;
+                }
+                error = verify_profile(profile);
+                if (error) {
+                        aa_put_profile(profile);
+                        goto fail;
+                }
+                ent = aa_load_ent_alloc();
+                if (!ent) {
+                        error = -ENOMEM;
+                        aa_put_profile(profile);
+                        goto fail;
+                }
-        error = verify_profile(profile);
+                ent->new = profile;
-        if (error) {
+                list_add_tail(&ent->list, lh);
-                aa_put_profile(profile);
-                profile = ERR_PTR(error);
        }
-        /* return refcount */
+        return 0;
-        return profile;
+fail:
+        list_for_each_entry_safe(ent, tmp, lh, list) {
+                list_del_init(&ent->list);
+                aa_load_ent_free(ent);
+        }
+        return error;
 }
author	John Johansen <john.johansen@canonical.com>	2013-07-11 00:05:43 -0400
committer	John Johansen <john.johansen@canonical.com>	2013-08-14 14:42:06 -0400
commit	dd51c84857630e77c139afe4d9bba65fc051dc3f (patch)
tree	2dbfb9435feadac6123600aef75004ee2197f6af /security/apparmor/policy_unpack.c
parent	9d910a3bc01008d432b3bb79a69e7e3cdb4821b2 (diff)

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 6dac7d77cb4d..080a26b11f01 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c
@@ -333,8 +333,10 @@ static struct aa_dfa unpack_dfa(struct aa_ext e)
333	/*	333	/*
334	* The dfa is aligned with in the blob to 8 bytes	334	* The dfa is aligned with in the blob to 8 bytes
335	* from the beginning of the stream.	335	* from the beginning of the stream.
		336	* alignment adjust needed by dfa unpack
336	*/	337	*/
337	size_t sz = blob - (char *)e->start;	338	size_t sz = blob - (char *) e->start -
		339	((e->pos - e->start) & 7);
338	size_t pad = ALIGN(sz, 8) - sz;	340	size_t pad = ALIGN(sz, 8) - sz;
339	int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) \|	341	int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) \|
340	TO_ACCEPT2_FLAG(YYTD_DATA32);	342	TO_ACCEPT2_FLAG(YYTD_DATA32);
@@ -622,29 +624,41 @@ fail:
622	/**	624	/**
623	* verify_head - unpack serialized stream header	625	* verify_head - unpack serialized stream header
624	* @e: serialized data read head (NOT NULL)	626	* @e: serialized data read head (NOT NULL)
		627	* @required: whether the header is required or optional
625	* @ns: Returns - namespace if one is specified else NULL (NOT NULL)	628	* @ns: Returns - namespace if one is specified else NULL (NOT NULL)
626	*	629	*
627	* Returns: error or 0 if header is good	630	* Returns: error or 0 if header is good
628	*/	631	*/
629	static int verify_header(struct aa_ext e, const char *ns)	632	static int verify_header(struct aa_ext e, int required, const char *ns)
630	{	633	{
631	int error = -EPROTONOSUPPORT;	634	int error = -EPROTONOSUPPORT;
		635	const char *name = NULL;
		636	*ns = NULL;
		637
632	/* get the interface version */	638	/* get the interface version */
633	if (!unpack_u32(e, &e->version, "version")) {	639	if (!unpack_u32(e, &e->version, "version")) {
634	audit_iface(NULL, NULL, "invalid profile format", e, error);	640	if (required) {
635	return error;	641	audit_iface(NULL, NULL, "invalid profile format", e,
636	}	642	error);
		643	return error;
		644	}
637		645
638	/* check that the interface version is currently supported */	646	/* check that the interface version is currently supported */
639	if (e->version != 5) {	647	if (e->version != 5) {
640	audit_iface(NULL, NULL, "unsupported interface version", e,	648	audit_iface(NULL, NULL, "unsupported interface version",
641	error);	649	e, error);
642	return error;	650	return error;
		651	}
643	}	652	}
644		653
		654
645	/* read the namespace if present */	655	/* read the namespace if present */
646	if (!unpack_str(e, ns, "namespace"))	656	if (unpack_str(e, &name, "namespace")) {
647	*ns = NULL;	657	if (ns && strcmp(ns, name))
		658	audit_iface(NULL, NULL, "invalid ns change", e, error);
		659	else if (!*ns)
		660	*ns = name;
		661	}
648		662
649	return 0;	663	return 0;
650	}	664	}
@@ -693,18 +707,40 @@ static int verify_profile(struct aa_profile *profile)
693	return 0;	707	return 0;
694	}	708	}
695		709
		710	void aa_load_ent_free(struct aa_load_ent *ent)
		711	{
		712	if (ent) {
		713	aa_put_profile(ent->rename);
		714	aa_put_profile(ent->old);
		715	aa_put_profile(ent->new);
		716	kzfree(ent);
		717	}
		718	}
		719
		720	struct aa_load_ent *aa_load_ent_alloc(void)
		721	{
		722	struct aa_load_ent ent = kzalloc(sizeof(ent), GFP_KERNEL);
		723	if (ent)
		724	INIT_LIST_HEAD(&ent->list);
		725	return ent;
		726	}
		727
696	/**	728	/**
697	* aa_unpack - unpack packed binary profile data loaded from user space	729	* aa_unpack - unpack packed binary profile(s) data loaded from user space
698	* @udata: user data copied to kmem (NOT NULL)	730	* @udata: user data copied to kmem (NOT NULL)
699	* @size: the size of the user data	731	* @size: the size of the user data
		732	* @lh: list to place unpacked profiles in a aa_repl_ws
700	* @ns: Returns namespace profile is in if specified else NULL (NOT NULL)	733	* @ns: Returns namespace profile is in if specified else NULL (NOT NULL)
701	*	734	*
702	* Unpack user data and return refcounted allocated profile or ERR_PTR	735	* Unpack user data and return refcounted allocated profile(s) stored in
		736	* @lh in order of discovery, with the list chain stored in base.list
		737	* or error
703	*	738	*
704	* Returns: profile else error pointer if fails to unpack	739	* Returns: profile(s) on @lh else error pointer if fails to unpack
705	*/	740	*/
706	struct aa_profile aa_unpack(void udata, size_t size, const char **ns)	741	int aa_unpack(void udata, size_t size, struct list_head lh, const char **ns)
707	{	742	{
		743	struct aa_load_ent tmp, ent;
708	struct aa_profile *profile = NULL;	744	struct aa_profile *profile = NULL;
709	int error;	745	int error;
710	struct aa_ext e = {	746	struct aa_ext e = {
@@ -713,20 +749,42 @@ struct aa_profile aa_unpack(void udata, size_t size, const char **ns)
713	.pos = udata,	749	.pos = udata,
714	};	750	};
715		751
716	error = verify_header(&e, ns);	752	*ns = NULL;
717	if (error)	753	while (e.pos < e.end) {
718	return ERR_PTR(error);	754	error = verify_header(&e, e.pos == e.start, ns);
		755	if (error)
		756	goto fail;
719		757
720	profile = unpack_profile(&e);	758	profile = unpack_profile(&e);
721	if (IS_ERR(profile))	759	if (IS_ERR(profile)) {
722	return profile;	760	error = PTR_ERR(profile);
		761	goto fail;
		762	}
		763
		764	error = verify_profile(profile);
		765	if (error) {
		766	aa_put_profile(profile);
		767	goto fail;
		768	}
		769
		770	ent = aa_load_ent_alloc();
		771	if (!ent) {
		772	error = -ENOMEM;
		773	aa_put_profile(profile);
		774	goto fail;
		775	}
723		776
724	error = verify_profile(profile);	777	ent->new = profile;
725	if (error) {	778	list_add_tail(&ent->list, lh);
726	aa_put_profile(profile);
727	profile = ERR_PTR(error);
728	}	779	}
729		780
730	/* return refcount */	781	return 0;
731	return profile;	782
		783	fail:
		784	list_for_each_entry_safe(ent, tmp, lh, list) {
		785	list_del_init(&ent->list);
		786	aa_load_ent_free(ent);
		787	}
		788
		789	return error;
732	}	790	}