2010-07-30 01:47:57 +04:00
/*
* AppArmor security module
*
* This file contains basic common functions used in AppArmor
*
* Copyright ( C ) 1998 - 2008 Novell / SUSE
* Copyright 2009 - 2010 Canonical Ltd .
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation , version 2 of the
* License .
*/
2011-06-16 15:01:34 +04:00
# include <linux/mm.h>
2010-07-30 01:47:57 +04:00
# include <linux/slab.h>
# include <linux/string.h>
# include <linux/vmalloc.h>
# include "include/audit.h"
2011-08-29 05:15:25 +04:00
# include "include/apparmor.h"
2017-01-16 11:42:13 +03:00
# include "include/lib.h"
2017-01-16 11:42:14 +03:00
# include "include/policy.h"
2010-07-30 01:47:57 +04:00
/**
* aa_split_fqname - split a fqname into a profile and namespace name
* @ fqname : a full qualified name in namespace profile format ( NOT NULL )
* @ ns_name : pointer to portion of the string containing the ns name ( NOT NULL )
*
* Returns : profile name or NULL if one is not specified
*
* Split a namespace name from a profile name ( see policy . c for naming
* description ) . If a portion of the name is missing it returns NULL for
* that portion .
*
* NOTE : may modify the @ fqname string . The pointers returned point
* into the @ fqname string .
*/
char * aa_split_fqname ( char * fqname , char * * ns_name )
{
char * name = strim ( fqname ) ;
* ns_name = NULL ;
if ( name [ 0 ] = = ' : ' ) {
char * split = strchr ( & name [ 1 ] , ' : ' ) ;
2010-08-28 05:33:28 +04:00
* ns_name = skip_spaces ( & name [ 1 ] ) ;
2010-07-30 01:47:57 +04:00
if ( split ) {
/* overwrite ':' with \0 */
2013-02-27 15:45:05 +04:00
* split + + = 0 ;
if ( strncmp ( split , " // " , 2 ) = = 0 )
split + = 2 ;
name = skip_spaces ( split ) ;
2010-07-30 01:47:57 +04:00
} else
/* a ns name without a following profile is allowed */
name = NULL ;
}
if ( name & & * name = = 0 )
name = NULL ;
return name ;
}
/**
* aa_info_message - log a none profile related status message
* @ str : message to log
*/
void aa_info_message ( const char * str )
{
if ( audit_enabled ) {
struct common_audit_data sa ;
2012-04-03 20:37:02 +04:00
struct apparmor_audit_data aad = { 0 , } ;
2012-04-04 23:01:43 +04:00
sa . type = LSM_AUDIT_DATA_NONE ;
2012-04-03 20:37:02 +04:00
sa . aad = & aad ;
aad . info = str ;
2010-07-30 01:47:57 +04:00
aa_audit_msg ( AUDIT_APPARMOR_STATUS , & sa , NULL ) ;
}
printk ( KERN_INFO " AppArmor: %s \n " , str ) ;
}
/**
2013-02-19 04:04:34 +04:00
* __aa_kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
* @ size : how many bytes of memory are required
* @ flags : the type of memory to allocate ( see kmalloc ) .
2010-07-30 01:47:57 +04:00
*
* Return : allocated buffer or NULL if failed
*
* It is possible that policy being loaded from the user is larger than
* what can be allocated by kmalloc , in those cases fall back to vmalloc .
*/
2013-02-19 04:04:34 +04:00
void * __aa_kvmalloc ( size_t size , gfp_t flags )
2010-07-30 01:47:57 +04:00
{
void * buffer = NULL ;
if ( size = = 0 )
return NULL ;
/* do not attempt kmalloc if we need more than 16 pages at once */
if ( size < = ( 16 * PAGE_SIZE ) )
2016-11-14 14:11:52 +03:00
buffer = kmalloc ( size , flags | GFP_KERNEL | __GFP_NORETRY |
__GFP_NOWARN ) ;
2010-07-30 01:47:57 +04:00
if ( ! buffer ) {
2013-02-19 04:04:34 +04:00
if ( flags & __GFP_ZERO )
buffer = vzalloc ( size ) ;
else
buffer = vmalloc ( size ) ;
2010-07-30 01:47:57 +04:00
}
return buffer ;
}
2017-01-16 11:42:14 +03:00
/**
* aa_policy_init - initialize a policy structure
* @ policy : policy to initialize ( NOT NULL )
* @ prefix : prefix name if any is required . ( MAYBE NULL )
* @ name : name of the policy , init will make a copy of it ( NOT NULL )
*
* Note : this fn creates a copy of strings passed in
*
* Returns : true if policy init successful
*/
bool aa_policy_init ( struct aa_policy * policy , const char * prefix ,
const char * name )
{
/* freed by policy_free */
if ( prefix ) {
policy - > hname = kmalloc ( strlen ( prefix ) + strlen ( name ) + 3 ,
GFP_KERNEL ) ;
if ( policy - > hname )
sprintf ( policy - > hname , " %s//%s " , prefix , name ) ;
} else
policy - > hname = kstrdup ( name , GFP_KERNEL ) ;
if ( ! policy - > hname )
return 0 ;
/* base.name is a substring of fqname */
policy - > name = ( char * ) hname_tail ( policy - > hname ) ;
INIT_LIST_HEAD ( & policy - > list ) ;
INIT_LIST_HEAD ( & policy - > profiles ) ;
return 1 ;
}
/**
* aa_policy_destroy - free the elements referenced by @ policy
* @ policy : policy that is to have its elements freed ( NOT NULL )
*/
void aa_policy_destroy ( struct aa_policy * policy )
{
/* still contains profiles -- invalid */
if ( on_list_rcu ( & policy - > profiles ) ) {
AA_ERROR ( " %s: internal error, policy '%s' contains profiles \n " ,
__func__ , policy - > name ) ;
}
if ( on_list_rcu ( & policy - > list ) ) {
AA_ERROR ( " %s: internal error, policy '%s' still on list \n " ,
__func__ , policy - > name ) ;
}
/* don't free name as its a subset of hname */
kzfree ( policy - > hname ) ;
}