label.c 51 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * AppArmor security module
  4. *
  5. * This file contains AppArmor label definitions
  6. *
  7. * Copyright 2017 Canonical Ltd.
  8. */
  9. #include <linux/audit.h>
  10. #include <linux/seq_file.h>
  11. #include <linux/sort.h>
  12. #include "include/apparmor.h"
  13. #include "include/cred.h"
  14. #include "include/label.h"
  15. #include "include/policy.h"
  16. #include "include/secid.h"
  17. /*
  18. * the aa_label represents the set of profiles confining an object
  19. *
  20. * Labels maintain a reference count to the set of pointers they reference
  21. * Labels are ref counted by
  22. * tasks and object via the security field/security context off the field
  23. * code - will take a ref count on a label if it needs the label
  24. * beyond what is possible with an rcu_read_lock.
  25. * profiles - each profile is a label
  26. * secids - a pinned secid will keep a refcount of the label it is
  27. * referencing
  28. * objects - inode, files, sockets, ...
  29. *
  30. * Labels are not ref counted by the label set, so they maybe removed and
  31. * freed when no longer in use.
  32. *
  33. */
  34. #define PROXY_POISON 97
  35. #define LABEL_POISON 100
  36. static void free_proxy(struct aa_proxy *proxy)
  37. {
  38. if (proxy) {
  39. /* p->label will not updated any more as p is dead */
  40. aa_put_label(rcu_dereference_protected(proxy->label, true));
  41. memset(proxy, 0, sizeof(*proxy));
  42. RCU_INIT_POINTER(proxy->label, (struct aa_label *)PROXY_POISON);
  43. kfree(proxy);
  44. }
  45. }
  46. void aa_proxy_kref(struct kref *kref)
  47. {
  48. struct aa_proxy *proxy = container_of(kref, struct aa_proxy, count);
  49. free_proxy(proxy);
  50. }
  51. struct aa_proxy *aa_alloc_proxy(struct aa_label *label, gfp_t gfp)
  52. {
  53. struct aa_proxy *new;
  54. new = kzalloc(sizeof(struct aa_proxy), gfp);
  55. if (new) {
  56. kref_init(&new->count);
  57. rcu_assign_pointer(new->label, aa_get_label(label));
  58. }
  59. return new;
  60. }
  61. /* requires profile list write lock held */
  62. void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new)
  63. {
  64. struct aa_label *tmp;
  65. AA_BUG(!orig);
  66. AA_BUG(!new);
  67. lockdep_assert_held_write(&labels_set(orig)->lock);
  68. tmp = rcu_dereference_protected(orig->proxy->label,
  69. &labels_ns(orig)->lock);
  70. rcu_assign_pointer(orig->proxy->label, aa_get_label(new));
  71. orig->flags |= FLAG_STALE;
  72. aa_put_label(tmp);
  73. }
  74. static void __proxy_share(struct aa_label *old, struct aa_label *new)
  75. {
  76. struct aa_proxy *proxy = new->proxy;
  77. new->proxy = aa_get_proxy(old->proxy);
  78. __aa_proxy_redirect(old, new);
  79. aa_put_proxy(proxy);
  80. }
  81. /**
  82. * ns_cmp - compare ns for label set ordering
  83. * @a: ns to compare (NOT NULL)
  84. * @b: ns to compare (NOT NULL)
  85. *
  86. * Returns: <0 if a < b
  87. * ==0 if a == b
  88. * >0 if a > b
  89. */
  90. static int ns_cmp(struct aa_ns *a, struct aa_ns *b)
  91. {
  92. int res;
  93. AA_BUG(!a);
  94. AA_BUG(!b);
  95. AA_BUG(!a->base.hname);
  96. AA_BUG(!b->base.hname);
  97. if (a == b)
  98. return 0;
  99. res = a->level - b->level;
  100. if (res)
  101. return res;
  102. return strcmp(a->base.hname, b->base.hname);
  103. }
  104. /**
  105. * profile_cmp - profile comparison for set ordering
  106. * @a: profile to compare (NOT NULL)
  107. * @b: profile to compare (NOT NULL)
  108. *
  109. * Returns: <0 if a < b
  110. * ==0 if a == b
  111. * >0 if a > b
  112. */
  113. static int profile_cmp(struct aa_profile *a, struct aa_profile *b)
  114. {
  115. int res;
  116. AA_BUG(!a);
  117. AA_BUG(!b);
  118. AA_BUG(!a->ns);
  119. AA_BUG(!b->ns);
  120. AA_BUG(!a->base.hname);
  121. AA_BUG(!b->base.hname);
  122. if (a == b || a->base.hname == b->base.hname)
  123. return 0;
  124. res = ns_cmp(a->ns, b->ns);
  125. if (res)
  126. return res;
  127. return strcmp(a->base.hname, b->base.hname);
  128. }
  129. /**
  130. * vec_cmp - label comparison for set ordering
  131. * @a: label to compare (NOT NULL)
  132. * @vec: vector of profiles to compare (NOT NULL)
  133. * @n: length of @vec
  134. *
  135. * Returns: <0 if a < vec
  136. * ==0 if a == vec
  137. * >0 if a > vec
  138. */
  139. static int vec_cmp(struct aa_profile **a, int an, struct aa_profile **b, int bn)
  140. {
  141. int i;
  142. AA_BUG(!a);
  143. AA_BUG(!*a);
  144. AA_BUG(!b);
  145. AA_BUG(!*b);
  146. AA_BUG(an <= 0);
  147. AA_BUG(bn <= 0);
  148. for (i = 0; i < an && i < bn; i++) {
  149. int res = profile_cmp(a[i], b[i]);
  150. if (res != 0)
  151. return res;
  152. }
  153. return an - bn;
  154. }
  155. static bool vec_is_stale(struct aa_profile **vec, int n)
  156. {
  157. int i;
  158. AA_BUG(!vec);
  159. for (i = 0; i < n; i++) {
  160. if (profile_is_stale(vec[i]))
  161. return true;
  162. }
  163. return false;
  164. }
  165. static long accum_vec_flags(struct aa_profile **vec, int n)
  166. {
  167. long u = FLAG_UNCONFINED;
  168. int i;
  169. AA_BUG(!vec);
  170. for (i = 0; i < n; i++) {
  171. u |= vec[i]->label.flags & (FLAG_DEBUG1 | FLAG_DEBUG2 |
  172. FLAG_STALE);
  173. if (!(u & vec[i]->label.flags & FLAG_UNCONFINED))
  174. u &= ~FLAG_UNCONFINED;
  175. }
  176. return u;
  177. }
  178. static int sort_cmp(const void *a, const void *b)
  179. {
  180. return profile_cmp(*(struct aa_profile **)a, *(struct aa_profile **)b);
  181. }
  182. /*
  183. * assumes vec is sorted
  184. * Assumes @vec has null terminator at vec[n], and will null terminate
  185. * vec[n - dups]
  186. */
  187. static inline int unique(struct aa_profile **vec, int n)
  188. {
  189. int i, pos, dups = 0;
  190. AA_BUG(n < 1);
  191. AA_BUG(!vec);
  192. pos = 0;
  193. for (i = 1; i < n; i++) {
  194. int res = profile_cmp(vec[pos], vec[i]);
  195. AA_BUG(res > 0, "vec not sorted");
  196. if (res == 0) {
  197. /* drop duplicate */
  198. aa_put_profile(vec[i]);
  199. dups++;
  200. continue;
  201. }
  202. pos++;
  203. if (dups)
  204. vec[pos] = vec[i];
  205. }
  206. AA_BUG(dups < 0);
  207. return dups;
  208. }
  209. /**
  210. * aa_vec_unique - canonical sort and unique a list of profiles
  211. * @n: number of refcounted profiles in the list (@n > 0)
  212. * @vec: list of profiles to sort and merge
  213. *
  214. * Returns: the number of duplicates eliminated == references put
  215. *
  216. * If @flags & VEC_FLAG_TERMINATE @vec has null terminator at vec[n], and will
  217. * null terminate vec[n - dups]
  218. */
  219. int aa_vec_unique(struct aa_profile **vec, int n, int flags)
  220. {
  221. int i, dups = 0;
  222. AA_BUG(n < 1);
  223. AA_BUG(!vec);
  224. /* vecs are usually small and inorder, have a fallback for larger */
  225. if (n > 8) {
  226. sort(vec, n, sizeof(struct aa_profile *), sort_cmp, NULL);
  227. dups = unique(vec, n);
  228. goto out;
  229. }
  230. /* insertion sort + unique in one */
  231. for (i = 1; i < n; i++) {
  232. struct aa_profile *tmp = vec[i];
  233. int pos, j;
  234. for (pos = i - 1 - dups; pos >= 0; pos--) {
  235. int res = profile_cmp(vec[pos], tmp);
  236. if (res == 0) {
  237. /* drop duplicate entry */
  238. aa_put_profile(tmp);
  239. dups++;
  240. goto continue_outer;
  241. } else if (res < 0)
  242. break;
  243. }
  244. /* pos is at entry < tmp, or index -1. Set to insert pos */
  245. pos++;
  246. for (j = i - dups; j > pos; j--)
  247. vec[j] = vec[j - 1];
  248. vec[pos] = tmp;
  249. continue_outer:
  250. ;
  251. }
  252. AA_BUG(dups < 0);
  253. out:
  254. if (flags & VEC_FLAG_TERMINATE)
  255. vec[n - dups] = NULL;
  256. return dups;
  257. }
  258. void aa_label_destroy(struct aa_label *label)
  259. {
  260. AA_BUG(!label);
  261. if (!label_isprofile(label)) {
  262. struct aa_profile *profile;
  263. struct label_it i;
  264. aa_put_str(label->hname);
  265. label_for_each(i, label, profile) {
  266. aa_put_profile(profile);
  267. label->vec[i.i] = (struct aa_profile *)
  268. (LABEL_POISON + (long) i.i);
  269. }
  270. }
  271. if (label->proxy) {
  272. if (rcu_dereference_protected(label->proxy->label, true) == label)
  273. rcu_assign_pointer(label->proxy->label, NULL);
  274. aa_put_proxy(label->proxy);
  275. }
  276. aa_free_secid(label->secid);
  277. label->proxy = (struct aa_proxy *) PROXY_POISON + 1;
  278. }
  279. void aa_label_free(struct aa_label *label)
  280. {
  281. if (!label)
  282. return;
  283. aa_label_destroy(label);
  284. kfree(label);
  285. }
  286. static void label_free_switch(struct aa_label *label)
  287. {
  288. if (label->flags & FLAG_NS_COUNT)
  289. aa_free_ns(labels_ns(label));
  290. else if (label_isprofile(label))
  291. aa_free_profile(labels_profile(label));
  292. else
  293. aa_label_free(label);
  294. }
  295. static void label_free_rcu(struct rcu_head *head)
  296. {
  297. struct aa_label *label = container_of(head, struct aa_label, rcu);
  298. if (label->flags & FLAG_IN_TREE)
  299. (void) aa_label_remove(label);
  300. label_free_switch(label);
  301. }
  302. void aa_label_kref(struct kref *kref)
  303. {
  304. struct aa_label *label = container_of(kref, struct aa_label, count);
  305. struct aa_ns *ns = labels_ns(label);
  306. if (!ns) {
  307. /* never live, no rcu callback needed, just using the fn */
  308. label_free_switch(label);
  309. return;
  310. }
  311. /* TODO: update labels_profile macro so it works here */
  312. AA_BUG(label_isprofile(label) &&
  313. on_list_rcu(&label->vec[0]->base.profiles));
  314. AA_BUG(label_isprofile(label) &&
  315. on_list_rcu(&label->vec[0]->base.list));
  316. /* TODO: if compound label and not stale add to reclaim cache */
  317. call_rcu(&label->rcu, label_free_rcu);
  318. }
  319. static void label_free_or_put_new(struct aa_label *label, struct aa_label *new)
  320. {
  321. if (label != new)
  322. /* need to free directly to break circular ref with proxy */
  323. aa_label_free(new);
  324. else
  325. aa_put_label(new);
  326. }
  327. bool aa_label_init(struct aa_label *label, int size, gfp_t gfp)
  328. {
  329. AA_BUG(!label);
  330. AA_BUG(size < 1);
  331. if (aa_alloc_secid(label, gfp) < 0)
  332. return false;
  333. label->size = size; /* doesn't include null */
  334. label->vec[size] = NULL; /* null terminate */
  335. kref_init(&label->count);
  336. RB_CLEAR_NODE(&label->node);
  337. return true;
  338. }
  339. /**
  340. * aa_label_alloc - allocate a label with a profile vector of @size length
  341. * @size: size of profile vector in the label
  342. * @proxy: proxy to use OR null if to allocate a new one
  343. * @gfp: memory allocation type
  344. *
  345. * Returns: new label
  346. * else NULL if failed
  347. */
  348. struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
  349. {
  350. struct aa_label *new;
  351. AA_BUG(size < 1);
  352. /* + 1 for null terminator entry on vec */
  353. new = kzalloc(struct_size(new, vec, size + 1), gfp);
  354. AA_DEBUG("%s (%p)\n", __func__, new);
  355. if (!new)
  356. goto fail;
  357. if (!aa_label_init(new, size, gfp))
  358. goto fail;
  359. if (!proxy) {
  360. proxy = aa_alloc_proxy(new, gfp);
  361. if (!proxy)
  362. goto fail;
  363. } else
  364. aa_get_proxy(proxy);
  365. /* just set new's proxy, don't redirect proxy here if it was passed in*/
  366. new->proxy = proxy;
  367. return new;
  368. fail:
  369. kfree(new);
  370. return NULL;
  371. }
  372. /**
  373. * label_cmp - label comparison for set ordering
  374. * @a: label to compare (NOT NULL)
  375. * @b: label to compare (NOT NULL)
  376. *
  377. * Returns: <0 if a < b
  378. * ==0 if a == b
  379. * >0 if a > b
  380. */
  381. static int label_cmp(struct aa_label *a, struct aa_label *b)
  382. {
  383. AA_BUG(!b);
  384. if (a == b)
  385. return 0;
  386. return vec_cmp(a->vec, a->size, b->vec, b->size);
  387. }
  388. /* helper fn for label_for_each_confined */
  389. int aa_label_next_confined(struct aa_label *label, int i)
  390. {
  391. AA_BUG(!label);
  392. AA_BUG(i < 0);
  393. for (; i < label->size; i++) {
  394. if (!profile_unconfined(label->vec[i]))
  395. return i;
  396. }
  397. return i;
  398. }
  399. /**
  400. * __aa_label_next_not_in_set - return the next profile of @sub not in @set
  401. * @I: label iterator
  402. * @set: label to test against
  403. * @sub: label to if is subset of @set
  404. *
  405. * Returns: profile in @sub that is not in @set, with iterator set pos after
  406. * else NULL if @sub is a subset of @set
  407. */
  408. struct aa_profile *__aa_label_next_not_in_set(struct label_it *I,
  409. struct aa_label *set,
  410. struct aa_label *sub)
  411. {
  412. AA_BUG(!set);
  413. AA_BUG(!I);
  414. AA_BUG(I->i < 0);
  415. AA_BUG(I->i > set->size);
  416. AA_BUG(!sub);
  417. AA_BUG(I->j < 0);
  418. AA_BUG(I->j > sub->size);
  419. while (I->j < sub->size && I->i < set->size) {
  420. int res = profile_cmp(sub->vec[I->j], set->vec[I->i]);
  421. if (res == 0) {
  422. (I->j)++;
  423. (I->i)++;
  424. } else if (res > 0)
  425. (I->i)++;
  426. else
  427. return sub->vec[(I->j)++];
  428. }
  429. if (I->j < sub->size)
  430. return sub->vec[(I->j)++];
  431. return NULL;
  432. }
  433. /**
  434. * aa_label_is_subset - test if @sub is a subset of @set
  435. * @set: label to test against
  436. * @sub: label to test if is subset of @set
  437. *
  438. * Returns: true if @sub is subset of @set
  439. * else false
  440. */
  441. bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub)
  442. {
  443. struct label_it i = { };
  444. AA_BUG(!set);
  445. AA_BUG(!sub);
  446. if (sub == set)
  447. return true;
  448. return __aa_label_next_not_in_set(&i, set, sub) == NULL;
  449. }
  450. /**
  451. * aa_label_is_unconfined_subset - test if @sub is a subset of @set
  452. * @set: label to test against
  453. * @sub: label to test if is subset of @set
  454. *
  455. * This checks for subset but taking into account unconfined. IF
  456. * @sub contains an unconfined profile that does not have a matching
  457. * unconfined in @set then this will not cause the test to fail.
  458. * Conversely we don't care about an unconfined in @set that is not in
  459. * @sub
  460. *
  461. * Returns: true if @sub is special_subset of @set
  462. * else false
  463. */
  464. bool aa_label_is_unconfined_subset(struct aa_label *set, struct aa_label *sub)
  465. {
  466. struct label_it i = { };
  467. struct aa_profile *p;
  468. AA_BUG(!set);
  469. AA_BUG(!sub);
  470. if (sub == set)
  471. return true;
  472. do {
  473. p = __aa_label_next_not_in_set(&i, set, sub);
  474. if (p && !profile_unconfined(p))
  475. break;
  476. } while (p);
  477. return p == NULL;
  478. }
  479. /**
  480. * __label_remove - remove @label from the label set
  481. * @l: label to remove
  482. * @new: label to redirect to
  483. *
  484. * Requires: labels_set(@label)->lock write_lock
  485. * Returns: true if the label was in the tree and removed
  486. */
  487. static bool __label_remove(struct aa_label *label, struct aa_label *new)
  488. {
  489. struct aa_labelset *ls = labels_set(label);
  490. AA_BUG(!ls);
  491. AA_BUG(!label);
  492. lockdep_assert_held_write(&ls->lock);
  493. if (new)
  494. __aa_proxy_redirect(label, new);
  495. if (!label_is_stale(label))
  496. __label_make_stale(label);
  497. if (label->flags & FLAG_IN_TREE) {
  498. rb_erase(&label->node, &ls->root);
  499. label->flags &= ~FLAG_IN_TREE;
  500. return true;
  501. }
  502. return false;
  503. }
  504. /**
  505. * __label_replace - replace @old with @new in label set
  506. * @old: label to remove from label set
  507. * @new: label to replace @old with
  508. *
  509. * Requires: labels_set(@old)->lock write_lock
  510. * valid ref count be held on @new
  511. * Returns: true if @old was in set and replaced by @new
  512. *
  513. * Note: current implementation requires label set be order in such a way
  514. * that @new directly replaces @old position in the set (ie.
  515. * using pointer comparison of the label address would not work)
  516. */
  517. static bool __label_replace(struct aa_label *old, struct aa_label *new)
  518. {
  519. struct aa_labelset *ls = labels_set(old);
  520. AA_BUG(!ls);
  521. AA_BUG(!old);
  522. AA_BUG(!new);
  523. lockdep_assert_held_write(&ls->lock);
  524. AA_BUG(new->flags & FLAG_IN_TREE);
  525. if (!label_is_stale(old))
  526. __label_make_stale(old);
  527. if (old->flags & FLAG_IN_TREE) {
  528. rb_replace_node(&old->node, &new->node, &ls->root);
  529. old->flags &= ~FLAG_IN_TREE;
  530. new->flags |= FLAG_IN_TREE;
  531. return true;
  532. }
  533. return false;
  534. }
  535. /**
  536. * __label_insert - attempt to insert @l into a label set
  537. * @ls: set of labels to insert @l into (NOT NULL)
  538. * @label: new label to insert (NOT NULL)
  539. * @replace: whether insertion should replace existing entry that is not stale
  540. *
  541. * Requires: @ls->lock
  542. * caller to hold a valid ref on l
  543. * if @replace is true l has a preallocated proxy associated
  544. * Returns: @l if successful in inserting @l - with additional refcount
  545. * else ref counted equivalent label that is already in the set,
  546. * the else condition only happens if @replace is false
  547. */
  548. static struct aa_label *__label_insert(struct aa_labelset *ls,
  549. struct aa_label *label, bool replace)
  550. {
  551. struct rb_node **new, *parent = NULL;
  552. AA_BUG(!ls);
  553. AA_BUG(!label);
  554. AA_BUG(labels_set(label) != ls);
  555. lockdep_assert_held_write(&ls->lock);
  556. AA_BUG(label->flags & FLAG_IN_TREE);
  557. /* Figure out where to put new node */
  558. new = &ls->root.rb_node;
  559. while (*new) {
  560. struct aa_label *this = rb_entry(*new, struct aa_label, node);
  561. int result = label_cmp(label, this);
  562. parent = *new;
  563. if (result == 0) {
  564. /* !__aa_get_label means queued for destruction,
  565. * so replace in place, however the label has
  566. * died before the replacement so do not share
  567. * the proxy
  568. */
  569. if (!replace && !label_is_stale(this)) {
  570. if (__aa_get_label(this))
  571. return this;
  572. } else
  573. __proxy_share(this, label);
  574. AA_BUG(!__label_replace(this, label));
  575. return aa_get_label(label);
  576. } else if (result < 0)
  577. new = &((*new)->rb_left);
  578. else /* (result > 0) */
  579. new = &((*new)->rb_right);
  580. }
  581. /* Add new node and rebalance tree. */
  582. rb_link_node(&label->node, parent, new);
  583. rb_insert_color(&label->node, &ls->root);
  584. label->flags |= FLAG_IN_TREE;
  585. return aa_get_label(label);
  586. }
  587. /**
  588. * __vec_find - find label that matches @vec in label set
  589. * @vec: vec of profiles to find matching label for (NOT NULL)
  590. * @n: length of @vec
  591. *
  592. * Requires: @vec_labelset(vec) lock held
  593. * caller to hold a valid ref on l
  594. *
  595. * Returns: ref counted @label if matching label is in tree
  596. * ref counted label that is equiv to @l in tree
  597. * else NULL if @vec equiv is not in tree
  598. */
  599. static struct aa_label *__vec_find(struct aa_profile **vec, int n)
  600. {
  601. struct rb_node *node;
  602. AA_BUG(!vec);
  603. AA_BUG(!*vec);
  604. AA_BUG(n <= 0);
  605. node = vec_labelset(vec, n)->root.rb_node;
  606. while (node) {
  607. struct aa_label *this = rb_entry(node, struct aa_label, node);
  608. int result = vec_cmp(this->vec, this->size, vec, n);
  609. if (result > 0)
  610. node = node->rb_left;
  611. else if (result < 0)
  612. node = node->rb_right;
  613. else
  614. return __aa_get_label(this);
  615. }
  616. return NULL;
  617. }
  618. /**
  619. * __label_find - find label @label in label set
  620. * @label: label to find (NOT NULL)
  621. *
  622. * Requires: labels_set(@label)->lock held
  623. * caller to hold a valid ref on l
  624. *
  625. * Returns: ref counted @label if @label is in tree OR
  626. * ref counted label that is equiv to @label in tree
  627. * else NULL if @label or equiv is not in tree
  628. */
  629. static struct aa_label *__label_find(struct aa_label *label)
  630. {
  631. AA_BUG(!label);
  632. return __vec_find(label->vec, label->size);
  633. }
  634. /**
  635. * aa_label_remove - remove a label from the labelset
  636. * @label: label to remove
  637. *
  638. * Returns: true if @label was removed from the tree
  639. * else @label was not in tree so it could not be removed
  640. */
  641. bool aa_label_remove(struct aa_label *label)
  642. {
  643. struct aa_labelset *ls = labels_set(label);
  644. unsigned long flags;
  645. bool res;
  646. AA_BUG(!ls);
  647. write_lock_irqsave(&ls->lock, flags);
  648. res = __label_remove(label, ns_unconfined(labels_ns(label)));
  649. write_unlock_irqrestore(&ls->lock, flags);
  650. return res;
  651. }
  652. /**
  653. * aa_label_replace - replace a label @old with a new version @new
  654. * @old: label to replace
  655. * @new: label replacing @old
  656. *
  657. * Returns: true if @old was in tree and replaced
  658. * else @old was not in tree, and @new was not inserted
  659. */
  660. bool aa_label_replace(struct aa_label *old, struct aa_label *new)
  661. {
  662. unsigned long flags;
  663. bool res;
  664. if (name_is_shared(old, new) && labels_ns(old) == labels_ns(new)) {
  665. write_lock_irqsave(&labels_set(old)->lock, flags);
  666. if (old->proxy != new->proxy)
  667. __proxy_share(old, new);
  668. else
  669. __aa_proxy_redirect(old, new);
  670. res = __label_replace(old, new);
  671. write_unlock_irqrestore(&labels_set(old)->lock, flags);
  672. } else {
  673. struct aa_label *l;
  674. struct aa_labelset *ls = labels_set(old);
  675. write_lock_irqsave(&ls->lock, flags);
  676. res = __label_remove(old, new);
  677. if (labels_ns(old) != labels_ns(new)) {
  678. write_unlock_irqrestore(&ls->lock, flags);
  679. ls = labels_set(new);
  680. write_lock_irqsave(&ls->lock, flags);
  681. }
  682. l = __label_insert(ls, new, true);
  683. res = (l == new);
  684. write_unlock_irqrestore(&ls->lock, flags);
  685. aa_put_label(l);
  686. }
  687. return res;
  688. }
  689. /**
  690. * vec_find - find label @l in label set
  691. * @vec: array of profiles to find equiv label for (NOT NULL)
  692. * @n: length of @vec
  693. *
  694. * Returns: refcounted label if @vec equiv is in tree
  695. * else NULL if @vec equiv is not in tree
  696. */
  697. static struct aa_label *vec_find(struct aa_profile **vec, int n)
  698. {
  699. struct aa_labelset *ls;
  700. struct aa_label *label;
  701. unsigned long flags;
  702. AA_BUG(!vec);
  703. AA_BUG(!*vec);
  704. AA_BUG(n <= 0);
  705. ls = vec_labelset(vec, n);
  706. read_lock_irqsave(&ls->lock, flags);
  707. label = __vec_find(vec, n);
  708. read_unlock_irqrestore(&ls->lock, flags);
  709. return label;
  710. }
  711. /* requires sort and merge done first */
  712. static struct aa_label *vec_create_and_insert_label(struct aa_profile **vec,
  713. int len, gfp_t gfp)
  714. {
  715. struct aa_label *label = NULL;
  716. struct aa_labelset *ls;
  717. unsigned long flags;
  718. struct aa_label *new;
  719. int i;
  720. AA_BUG(!vec);
  721. if (len == 1)
  722. return aa_get_label(&vec[0]->label);
  723. ls = labels_set(&vec[len - 1]->label);
  724. /* TODO: enable when read side is lockless
  725. * check if label exists before taking locks
  726. */
  727. new = aa_label_alloc(len, NULL, gfp);
  728. if (!new)
  729. return NULL;
  730. for (i = 0; i < len; i++)
  731. new->vec[i] = aa_get_profile(vec[i]);
  732. write_lock_irqsave(&ls->lock, flags);
  733. label = __label_insert(ls, new, false);
  734. write_unlock_irqrestore(&ls->lock, flags);
  735. label_free_or_put_new(label, new);
  736. return label;
  737. }
  738. struct aa_label *aa_vec_find_or_create_label(struct aa_profile **vec, int len,
  739. gfp_t gfp)
  740. {
  741. struct aa_label *label = vec_find(vec, len);
  742. if (label)
  743. return label;
  744. return vec_create_and_insert_label(vec, len, gfp);
  745. }
  746. /**
  747. * aa_label_find - find label @label in label set
  748. * @label: label to find (NOT NULL)
  749. *
  750. * Requires: caller to hold a valid ref on l
  751. *
  752. * Returns: refcounted @label if @label is in tree
  753. * refcounted label that is equiv to @label in tree
  754. * else NULL if @label or equiv is not in tree
  755. */
  756. struct aa_label *aa_label_find(struct aa_label *label)
  757. {
  758. AA_BUG(!label);
  759. return vec_find(label->vec, label->size);
  760. }
  761. /**
  762. * aa_label_insert - insert label @label into @ls or return existing label
  763. * @ls - labelset to insert @label into
  764. * @label - label to insert
  765. *
  766. * Requires: caller to hold a valid ref on @label
  767. *
  768. * Returns: ref counted @label if successful in inserting @label
  769. * else ref counted equivalent label that is already in the set
  770. */
  771. struct aa_label *aa_label_insert(struct aa_labelset *ls, struct aa_label *label)
  772. {
  773. struct aa_label *l;
  774. unsigned long flags;
  775. AA_BUG(!ls);
  776. AA_BUG(!label);
  777. /* check if label exists before taking lock */
  778. if (!label_is_stale(label)) {
  779. read_lock_irqsave(&ls->lock, flags);
  780. l = __label_find(label);
  781. read_unlock_irqrestore(&ls->lock, flags);
  782. if (l)
  783. return l;
  784. }
  785. write_lock_irqsave(&ls->lock, flags);
  786. l = __label_insert(ls, label, false);
  787. write_unlock_irqrestore(&ls->lock, flags);
  788. return l;
  789. }
  790. /**
  791. * aa_label_next_in_merge - find the next profile when merging @a and @b
  792. * @I: label iterator
  793. * @a: label to merge
  794. * @b: label to merge
  795. *
  796. * Returns: next profile
  797. * else null if no more profiles
  798. */
  799. struct aa_profile *aa_label_next_in_merge(struct label_it *I,
  800. struct aa_label *a,
  801. struct aa_label *b)
  802. {
  803. AA_BUG(!a);
  804. AA_BUG(!b);
  805. AA_BUG(!I);
  806. AA_BUG(I->i < 0);
  807. AA_BUG(I->i > a->size);
  808. AA_BUG(I->j < 0);
  809. AA_BUG(I->j > b->size);
  810. if (I->i < a->size) {
  811. if (I->j < b->size) {
  812. int res = profile_cmp(a->vec[I->i], b->vec[I->j]);
  813. if (res > 0)
  814. return b->vec[(I->j)++];
  815. if (res == 0)
  816. (I->j)++;
  817. }
  818. return a->vec[(I->i)++];
  819. }
  820. if (I->j < b->size)
  821. return b->vec[(I->j)++];
  822. return NULL;
  823. }
  824. /**
  825. * label_merge_cmp - cmp of @a merging with @b against @z for set ordering
  826. * @a: label to merge then compare (NOT NULL)
  827. * @b: label to merge then compare (NOT NULL)
  828. * @z: label to compare merge against (NOT NULL)
  829. *
  830. * Assumes: using the most recent versions of @a, @b, and @z
  831. *
  832. * Returns: <0 if a < b
  833. * ==0 if a == b
  834. * >0 if a > b
  835. */
  836. static int label_merge_cmp(struct aa_label *a, struct aa_label *b,
  837. struct aa_label *z)
  838. {
  839. struct aa_profile *p = NULL;
  840. struct label_it i = { };
  841. int k;
  842. AA_BUG(!a);
  843. AA_BUG(!b);
  844. AA_BUG(!z);
  845. for (k = 0;
  846. k < z->size && (p = aa_label_next_in_merge(&i, a, b));
  847. k++) {
  848. int res = profile_cmp(p, z->vec[k]);
  849. if (res != 0)
  850. return res;
  851. }
  852. if (p)
  853. return 1;
  854. else if (k < z->size)
  855. return -1;
  856. return 0;
  857. }
  858. /**
  859. * label_merge_insert - create a new label by merging @a and @b
  860. * @new: preallocated label to merge into (NOT NULL)
  861. * @a: label to merge with @b (NOT NULL)
  862. * @b: label to merge with @a (NOT NULL)
  863. *
  864. * Requires: preallocated proxy
  865. *
  866. * Returns: ref counted label either @new if merge is unique
  867. * @a if @b is a subset of @a
  868. * @b if @a is a subset of @b
  869. *
  870. * NOTE: will not use @new if the merge results in @new == @a or @b
  871. *
  872. * Must be used within labelset write lock to avoid racing with
  873. * setting labels stale.
  874. */
  875. static struct aa_label *label_merge_insert(struct aa_label *new,
  876. struct aa_label *a,
  877. struct aa_label *b)
  878. {
  879. struct aa_label *label;
  880. struct aa_labelset *ls;
  881. struct aa_profile *next;
  882. struct label_it i;
  883. unsigned long flags;
  884. int k = 0, invcount = 0;
  885. bool stale = false;
  886. AA_BUG(!a);
  887. AA_BUG(a->size < 0);
  888. AA_BUG(!b);
  889. AA_BUG(b->size < 0);
  890. AA_BUG(!new);
  891. AA_BUG(new->size < a->size + b->size);
  892. label_for_each_in_merge(i, a, b, next) {
  893. AA_BUG(!next);
  894. if (profile_is_stale(next)) {
  895. new->vec[k] = aa_get_newest_profile(next);
  896. AA_BUG(!new->vec[k]->label.proxy);
  897. AA_BUG(!new->vec[k]->label.proxy->label);
  898. if (next->label.proxy != new->vec[k]->label.proxy)
  899. invcount++;
  900. k++;
  901. stale = true;
  902. } else
  903. new->vec[k++] = aa_get_profile(next);
  904. }
  905. /* set to actual size which is <= allocated len */
  906. new->size = k;
  907. new->vec[k] = NULL;
  908. if (invcount) {
  909. new->size -= aa_vec_unique(&new->vec[0], new->size,
  910. VEC_FLAG_TERMINATE);
  911. /* TODO: deal with reference labels */
  912. if (new->size == 1) {
  913. label = aa_get_label(&new->vec[0]->label);
  914. return label;
  915. }
  916. } else if (!stale) {
  917. /*
  918. * merge could be same as a || b, note: it is not possible
  919. * for new->size == a->size == b->size unless a == b
  920. */
  921. if (k == a->size)
  922. return aa_get_label(a);
  923. else if (k == b->size)
  924. return aa_get_label(b);
  925. }
  926. new->flags |= accum_vec_flags(new->vec, new->size);
  927. ls = labels_set(new);
  928. write_lock_irqsave(&ls->lock, flags);
  929. label = __label_insert(labels_set(new), new, false);
  930. write_unlock_irqrestore(&ls->lock, flags);
  931. return label;
  932. }
  933. /**
  934. * labelset_of_merge - find which labelset a merged label should be inserted
  935. * @a: label to merge and insert
  936. * @b: label to merge and insert
  937. *
  938. * Returns: labelset that the merged label should be inserted into
  939. */
  940. static struct aa_labelset *labelset_of_merge(struct aa_label *a,
  941. struct aa_label *b)
  942. {
  943. struct aa_ns *nsa = labels_ns(a);
  944. struct aa_ns *nsb = labels_ns(b);
  945. if (ns_cmp(nsa, nsb) <= 0)
  946. return &nsa->labels;
  947. return &nsb->labels;
  948. }
  949. /**
  950. * __label_find_merge - find label that is equiv to merge of @a and @b
  951. * @ls: set of labels to search (NOT NULL)
  952. * @a: label to merge with @b (NOT NULL)
  953. * @b: label to merge with @a (NOT NULL)
  954. *
  955. * Requires: ls->lock read_lock held
  956. *
  957. * Returns: ref counted label that is equiv to merge of @a and @b
  958. * else NULL if merge of @a and @b is not in set
  959. */
  960. static struct aa_label *__label_find_merge(struct aa_labelset *ls,
  961. struct aa_label *a,
  962. struct aa_label *b)
  963. {
  964. struct rb_node *node;
  965. AA_BUG(!ls);
  966. AA_BUG(!a);
  967. AA_BUG(!b);
  968. if (a == b)
  969. return __label_find(a);
  970. node = ls->root.rb_node;
  971. while (node) {
  972. struct aa_label *this = container_of(node, struct aa_label,
  973. node);
  974. int result = label_merge_cmp(a, b, this);
  975. if (result < 0)
  976. node = node->rb_left;
  977. else if (result > 0)
  978. node = node->rb_right;
  979. else
  980. return __aa_get_label(this);
  981. }
  982. return NULL;
  983. }
  984. /**
  985. * aa_label_find_merge - find label that is equiv to merge of @a and @b
  986. * @a: label to merge with @b (NOT NULL)
  987. * @b: label to merge with @a (NOT NULL)
  988. *
  989. * Requires: labels be fully constructed with a valid ns
  990. *
  991. * Returns: ref counted label that is equiv to merge of @a and @b
  992. * else NULL if merge of @a and @b is not in set
  993. */
  994. struct aa_label *aa_label_find_merge(struct aa_label *a, struct aa_label *b)
  995. {
  996. struct aa_labelset *ls;
  997. struct aa_label *label, *ar = NULL, *br = NULL;
  998. unsigned long flags;
  999. AA_BUG(!a);
  1000. AA_BUG(!b);
  1001. if (label_is_stale(a))
  1002. a = ar = aa_get_newest_label(a);
  1003. if (label_is_stale(b))
  1004. b = br = aa_get_newest_label(b);
  1005. ls = labelset_of_merge(a, b);
  1006. read_lock_irqsave(&ls->lock, flags);
  1007. label = __label_find_merge(ls, a, b);
  1008. read_unlock_irqrestore(&ls->lock, flags);
  1009. aa_put_label(ar);
  1010. aa_put_label(br);
  1011. return label;
  1012. }
  1013. /**
  1014. * aa_label_merge - attempt to insert new merged label of @a and @b
  1015. * @ls: set of labels to insert label into (NOT NULL)
  1016. * @a: label to merge with @b (NOT NULL)
  1017. * @b: label to merge with @a (NOT NULL)
  1018. * @gfp: memory allocation type
  1019. *
  1020. * Requires: caller to hold valid refs on @a and @b
  1021. * labels be fully constructed with a valid ns
  1022. *
  1023. * Returns: ref counted new label if successful in inserting merge of a & b
  1024. * else ref counted equivalent label that is already in the set.
  1025. * else NULL if could not create label (-ENOMEM)
  1026. */
  1027. struct aa_label *aa_label_merge(struct aa_label *a, struct aa_label *b,
  1028. gfp_t gfp)
  1029. {
  1030. struct aa_label *label = NULL;
  1031. AA_BUG(!a);
  1032. AA_BUG(!b);
  1033. if (a == b)
  1034. return aa_get_newest_label(a);
  1035. /* TODO: enable when read side is lockless
  1036. * check if label exists before taking locks
  1037. if (!label_is_stale(a) && !label_is_stale(b))
  1038. label = aa_label_find_merge(a, b);
  1039. */
  1040. if (!label) {
  1041. struct aa_label *new;
  1042. a = aa_get_newest_label(a);
  1043. b = aa_get_newest_label(b);
  1044. /* could use label_merge_len(a, b), but requires double
  1045. * comparison for small savings
  1046. */
  1047. new = aa_label_alloc(a->size + b->size, NULL, gfp);
  1048. if (!new)
  1049. goto out;
  1050. label = label_merge_insert(new, a, b);
  1051. label_free_or_put_new(label, new);
  1052. out:
  1053. aa_put_label(a);
  1054. aa_put_label(b);
  1055. }
  1056. return label;
  1057. }
  1058. static inline bool label_is_visible(struct aa_profile *profile,
  1059. struct aa_label *label)
  1060. {
  1061. return aa_ns_visible(profile->ns, labels_ns(label), true);
  1062. }
  1063. /* match a profile and its associated ns component if needed
  1064. * Assumes visibility test has already been done.
  1065. * If a subns profile is not to be matched should be prescreened with
  1066. * visibility test.
  1067. */
  1068. static inline unsigned int match_component(struct aa_profile *profile,
  1069. struct aa_profile *tp,
  1070. unsigned int state)
  1071. {
  1072. const char *ns_name;
  1073. if (profile->ns == tp->ns)
  1074. return aa_dfa_match(profile->policy.dfa, state, tp->base.hname);
  1075. /* try matching with namespace name and then profile */
  1076. ns_name = aa_ns_name(profile->ns, tp->ns, true);
  1077. state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1);
  1078. state = aa_dfa_match(profile->policy.dfa, state, ns_name);
  1079. state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1);
  1080. return aa_dfa_match(profile->policy.dfa, state, tp->base.hname);
  1081. }
  1082. /**
  1083. * label_compound_match - find perms for full compound label
  1084. * @profile: profile to find perms for
  1085. * @label: label to check access permissions for
  1086. * @start: state to start match in
  1087. * @subns: whether to do permission checks on components in a subns
  1088. * @request: permissions to request
  1089. * @perms: perms struct to set
  1090. *
  1091. * Returns: 0 on success else ERROR
  1092. *
  1093. * For the label A//&B//&C this does the perm match for A//&B//&C
  1094. * @perms should be preinitialized with allperms OR a previous permission
  1095. * check to be stacked.
  1096. */
  1097. static int label_compound_match(struct aa_profile *profile,
  1098. struct aa_label *label,
  1099. unsigned int state, bool subns, u32 request,
  1100. struct aa_perms *perms)
  1101. {
  1102. struct aa_profile *tp;
  1103. struct label_it i;
  1104. /* find first subcomponent that is visible */
  1105. label_for_each(i, label, tp) {
  1106. if (!aa_ns_visible(profile->ns, tp->ns, subns))
  1107. continue;
  1108. state = match_component(profile, tp, state);
  1109. if (!state)
  1110. goto fail;
  1111. goto next;
  1112. }
  1113. /* no component visible */
  1114. *perms = allperms;
  1115. return 0;
  1116. next:
  1117. label_for_each_cont(i, label, tp) {
  1118. if (!aa_ns_visible(profile->ns, tp->ns, subns))
  1119. continue;
  1120. state = aa_dfa_match(profile->policy.dfa, state, "//&");
  1121. state = match_component(profile, tp, state);
  1122. if (!state)
  1123. goto fail;
  1124. }
  1125. aa_compute_perms(profile->policy.dfa, state, perms);
  1126. aa_apply_modes_to_perms(profile, perms);
  1127. if ((perms->allow & request) != request)
  1128. return -EACCES;
  1129. return 0;
  1130. fail:
  1131. *perms = nullperms;
  1132. return state;
  1133. }
  1134. /**
  1135. * label_components_match - find perms for all subcomponents of a label
  1136. * @profile: profile to find perms for
  1137. * @label: label to check access permissions for
  1138. * @start: state to start match in
  1139. * @subns: whether to do permission checks on components in a subns
  1140. * @request: permissions to request
  1141. * @perms: an initialized perms struct to add accumulation to
  1142. *
  1143. * Returns: 0 on success else ERROR
  1144. *
  1145. * For the label A//&B//&C this does the perm match for each of A and B and C
  1146. * @perms should be preinitialized with allperms OR a previous permission
  1147. * check to be stacked.
  1148. */
  1149. static int label_components_match(struct aa_profile *profile,
  1150. struct aa_label *label, unsigned int start,
  1151. bool subns, u32 request,
  1152. struct aa_perms *perms)
  1153. {
  1154. struct aa_profile *tp;
  1155. struct label_it i;
  1156. struct aa_perms tmp;
  1157. unsigned int state = 0;
  1158. /* find first subcomponent to test */
  1159. label_for_each(i, label, tp) {
  1160. if (!aa_ns_visible(profile->ns, tp->ns, subns))
  1161. continue;
  1162. state = match_component(profile, tp, start);
  1163. if (!state)
  1164. goto fail;
  1165. goto next;
  1166. }
  1167. /* no subcomponents visible - no change in perms */
  1168. return 0;
  1169. next:
  1170. aa_compute_perms(profile->policy.dfa, state, &tmp);
  1171. aa_apply_modes_to_perms(profile, &tmp);
  1172. aa_perms_accum(perms, &tmp);
  1173. label_for_each_cont(i, label, tp) {
  1174. if (!aa_ns_visible(profile->ns, tp->ns, subns))
  1175. continue;
  1176. state = match_component(profile, tp, start);
  1177. if (!state)
  1178. goto fail;
  1179. aa_compute_perms(profile->policy.dfa, state, &tmp);
  1180. aa_apply_modes_to_perms(profile, &tmp);
  1181. aa_perms_accum(perms, &tmp);
  1182. }
  1183. if ((perms->allow & request) != request)
  1184. return -EACCES;
  1185. return 0;
  1186. fail:
  1187. *perms = nullperms;
  1188. return -EACCES;
  1189. }
  1190. /**
  1191. * aa_label_match - do a multi-component label match
  1192. * @profile: profile to match against (NOT NULL)
  1193. * @label: label to match (NOT NULL)
  1194. * @state: state to start in
  1195. * @subns: whether to match subns components
  1196. * @request: permission request
  1197. * @perms: Returns computed perms (NOT NULL)
  1198. *
  1199. * Returns: the state the match finished in, may be the none matching state
  1200. */
  1201. int aa_label_match(struct aa_profile *profile, struct aa_label *label,
  1202. unsigned int state, bool subns, u32 request,
  1203. struct aa_perms *perms)
  1204. {
  1205. int error = label_compound_match(profile, label, state, subns, request,
  1206. perms);
  1207. if (!error)
  1208. return error;
  1209. *perms = allperms;
  1210. return label_components_match(profile, label, state, subns, request,
  1211. perms);
  1212. }
  1213. /**
  1214. * aa_update_label_name - update a label to have a stored name
  1215. * @ns: ns being viewed from (NOT NULL)
  1216. * @label: label to update (NOT NULL)
  1217. * @gfp: type of memory allocation
  1218. *
  1219. * Requires: labels_set(label) not locked in caller
  1220. *
  1221. * note: only updates the label name if it does not have a name already
  1222. * and if it is in the labelset
  1223. */
  1224. bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp)
  1225. {
  1226. struct aa_labelset *ls;
  1227. unsigned long flags;
  1228. char __counted *name;
  1229. bool res = false;
  1230. AA_BUG(!ns);
  1231. AA_BUG(!label);
  1232. if (label->hname || labels_ns(label) != ns)
  1233. return res;
  1234. if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0)
  1235. return res;
  1236. ls = labels_set(label);
  1237. write_lock_irqsave(&ls->lock, flags);
  1238. if (!label->hname && label->flags & FLAG_IN_TREE) {
  1239. label->hname = name;
  1240. res = true;
  1241. } else
  1242. aa_put_str(name);
  1243. write_unlock_irqrestore(&ls->lock, flags);
  1244. return res;
  1245. }
  1246. /*
  1247. * cached label name is present and visible
  1248. * @label->hname only exists if label is namespace hierachical
  1249. */
  1250. static inline bool use_label_hname(struct aa_ns *ns, struct aa_label *label,
  1251. int flags)
  1252. {
  1253. if (label->hname && (!ns || labels_ns(label) == ns) &&
  1254. !(flags & ~FLAG_SHOW_MODE))
  1255. return true;
  1256. return false;
  1257. }
  1258. /* helper macro for snprint routines */
  1259. #define update_for_len(total, len, size, str) \
  1260. do { \
  1261. size_t ulen = len; \
  1262. \
  1263. AA_BUG(len < 0); \
  1264. total += ulen; \
  1265. ulen = min(ulen, size); \
  1266. size -= ulen; \
  1267. str += ulen; \
  1268. } while (0)
  1269. /**
  1270. * aa_profile_snxprint - print a profile name to a buffer
  1271. * @str: buffer to write to. (MAY BE NULL if @size == 0)
  1272. * @size: size of buffer
  1273. * @view: namespace profile is being viewed from
  1274. * @profile: profile to view (NOT NULL)
  1275. * @flags: whether to include the mode string
  1276. * @prev_ns: last ns printed when used in compound print
  1277. *
  1278. * Returns: size of name written or would be written if larger than
  1279. * available buffer
  1280. *
  1281. * Note: will not print anything if the profile is not visible
  1282. */
  1283. static int aa_profile_snxprint(char *str, size_t size, struct aa_ns *view,
  1284. struct aa_profile *profile, int flags,
  1285. struct aa_ns **prev_ns)
  1286. {
  1287. const char *ns_name = NULL;
  1288. AA_BUG(!str && size != 0);
  1289. AA_BUG(!profile);
  1290. if (!view)
  1291. view = profiles_ns(profile);
  1292. if (view != profile->ns &&
  1293. (!prev_ns || (*prev_ns != profile->ns))) {
  1294. if (prev_ns)
  1295. *prev_ns = profile->ns;
  1296. ns_name = aa_ns_name(view, profile->ns,
  1297. flags & FLAG_VIEW_SUBNS);
  1298. if (ns_name == aa_hidden_ns_name) {
  1299. if (flags & FLAG_HIDDEN_UNCONFINED)
  1300. return snprintf(str, size, "%s", "unconfined");
  1301. return snprintf(str, size, "%s", ns_name);
  1302. }
  1303. }
  1304. if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) {
  1305. const char *modestr = aa_profile_mode_names[profile->mode];
  1306. if (ns_name)
  1307. return snprintf(str, size, ":%s:%s (%s)", ns_name,
  1308. profile->base.hname, modestr);
  1309. return snprintf(str, size, "%s (%s)", profile->base.hname,
  1310. modestr);
  1311. }
  1312. if (ns_name)
  1313. return snprintf(str, size, ":%s:%s", ns_name,
  1314. profile->base.hname);
  1315. return snprintf(str, size, "%s", profile->base.hname);
  1316. }
  1317. static const char *label_modename(struct aa_ns *ns, struct aa_label *label,
  1318. int flags)
  1319. {
  1320. struct aa_profile *profile;
  1321. struct label_it i;
  1322. int mode = -1, count = 0;
  1323. label_for_each(i, label, profile) {
  1324. if (aa_ns_visible(ns, profile->ns, flags & FLAG_VIEW_SUBNS)) {
  1325. count++;
  1326. if (profile == profile->ns->unconfined)
  1327. /* special case unconfined so stacks with
  1328. * unconfined don't report as mixed. ie.
  1329. * profile_foo//&:ns1:unconfined (mixed)
  1330. */
  1331. continue;
  1332. if (mode == -1)
  1333. mode = profile->mode;
  1334. else if (mode != profile->mode)
  1335. return "mixed";
  1336. }
  1337. }
  1338. if (count == 0)
  1339. return "-";
  1340. if (mode == -1)
  1341. /* everything was unconfined */
  1342. mode = APPARMOR_UNCONFINED;
  1343. return aa_profile_mode_names[mode];
  1344. }
  1345. /* if any visible label is not unconfined the display_mode returns true */
  1346. static inline bool display_mode(struct aa_ns *ns, struct aa_label *label,
  1347. int flags)
  1348. {
  1349. if ((flags & FLAG_SHOW_MODE)) {
  1350. struct aa_profile *profile;
  1351. struct label_it i;
  1352. label_for_each(i, label, profile) {
  1353. if (aa_ns_visible(ns, profile->ns,
  1354. flags & FLAG_VIEW_SUBNS) &&
  1355. profile != profile->ns->unconfined)
  1356. return true;
  1357. }
  1358. /* only ns->unconfined in set of profiles in ns */
  1359. return false;
  1360. }
  1361. return false;
  1362. }
  1363. /**
  1364. * aa_label_snxprint - print a label name to a string buffer
  1365. * @str: buffer to write to. (MAY BE NULL if @size == 0)
  1366. * @size: size of buffer
  1367. * @ns: namespace profile is being viewed from
  1368. * @label: label to view (NOT NULL)
  1369. * @flags: whether to include the mode string
  1370. *
  1371. * Returns: size of name written or would be written if larger than
  1372. * available buffer
  1373. *
  1374. * Note: labels do not have to be strictly hierarchical to the ns as
  1375. * objects may be shared across different namespaces and thus
  1376. * pickup labeling from each ns. If a particular part of the
  1377. * label is not visible it will just be excluded. And if none
  1378. * of the label is visible "---" will be used.
  1379. */
  1380. int aa_label_snxprint(char *str, size_t size, struct aa_ns *ns,
  1381. struct aa_label *label, int flags)
  1382. {
  1383. struct aa_profile *profile;
  1384. struct aa_ns *prev_ns = NULL;
  1385. struct label_it i;
  1386. int count = 0, total = 0;
  1387. ssize_t len;
  1388. AA_BUG(!str && size != 0);
  1389. AA_BUG(!label);
  1390. if (AA_DEBUG_LABEL && (flags & FLAG_ABS_ROOT)) {
  1391. ns = root_ns;
  1392. len = snprintf(str, size, "_");
  1393. update_for_len(total, len, size, str);
  1394. } else if (!ns) {
  1395. ns = labels_ns(label);
  1396. }
  1397. label_for_each(i, label, profile) {
  1398. if (aa_ns_visible(ns, profile->ns, flags & FLAG_VIEW_SUBNS)) {
  1399. if (count > 0) {
  1400. len = snprintf(str, size, "//&");
  1401. update_for_len(total, len, size, str);
  1402. }
  1403. len = aa_profile_snxprint(str, size, ns, profile,
  1404. flags & FLAG_VIEW_SUBNS,
  1405. &prev_ns);
  1406. update_for_len(total, len, size, str);
  1407. count++;
  1408. }
  1409. }
  1410. if (count == 0) {
  1411. if (flags & FLAG_HIDDEN_UNCONFINED)
  1412. return snprintf(str, size, "%s", "unconfined");
  1413. return snprintf(str, size, "%s", aa_hidden_ns_name);
  1414. }
  1415. /* count == 1 && ... is for backwards compat where the mode
  1416. * is not displayed for 'unconfined' in the current ns
  1417. */
  1418. if (display_mode(ns, label, flags)) {
  1419. len = snprintf(str, size, " (%s)",
  1420. label_modename(ns, label, flags));
  1421. update_for_len(total, len, size, str);
  1422. }
  1423. return total;
  1424. }
  1425. #undef update_for_len
  1426. /**
  1427. * aa_label_asxprint - allocate a string buffer and print label into it
  1428. * @strp: Returns - the allocated buffer with the label name. (NOT NULL)
  1429. * @ns: namespace profile is being viewed from
  1430. * @label: label to view (NOT NULL)
  1431. * @flags: flags controlling what label info is printed
  1432. * @gfp: kernel memory allocation type
  1433. *
  1434. * Returns: size of name written or would be written if larger than
  1435. * available buffer
  1436. */
  1437. int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,
  1438. int flags, gfp_t gfp)
  1439. {
  1440. int size;
  1441. AA_BUG(!strp);
  1442. AA_BUG(!label);
  1443. size = aa_label_snxprint(NULL, 0, ns, label, flags);
  1444. if (size < 0)
  1445. return size;
  1446. *strp = kmalloc(size + 1, gfp);
  1447. if (!*strp)
  1448. return -ENOMEM;
  1449. return aa_label_snxprint(*strp, size + 1, ns, label, flags);
  1450. }
  1451. /**
  1452. * aa_label_acntsxprint - allocate a __counted string buffer and print label
  1453. * @strp: buffer to write to.
  1454. * @ns: namespace profile is being viewed from
  1455. * @label: label to view (NOT NULL)
  1456. * @flags: flags controlling what label info is printed
  1457. * @gfp: kernel memory allocation type
  1458. *
  1459. * Returns: size of name written or would be written if larger than
  1460. * available buffer
  1461. */
  1462. int aa_label_acntsxprint(char __counted **strp, struct aa_ns *ns,
  1463. struct aa_label *label, int flags, gfp_t gfp)
  1464. {
  1465. int size;
  1466. AA_BUG(!strp);
  1467. AA_BUG(!label);
  1468. size = aa_label_snxprint(NULL, 0, ns, label, flags);
  1469. if (size < 0)
  1470. return size;
  1471. *strp = aa_str_alloc(size + 1, gfp);
  1472. if (!*strp)
  1473. return -ENOMEM;
  1474. return aa_label_snxprint(*strp, size + 1, ns, label, flags);
  1475. }
  1476. void aa_label_xaudit(struct audit_buffer *ab, struct aa_ns *ns,
  1477. struct aa_label *label, int flags, gfp_t gfp)
  1478. {
  1479. const char *str;
  1480. char *name = NULL;
  1481. int len;
  1482. AA_BUG(!ab);
  1483. AA_BUG(!label);
  1484. if (!use_label_hname(ns, label, flags) ||
  1485. display_mode(ns, label, flags)) {
  1486. len = aa_label_asxprint(&name, ns, label, flags, gfp);
  1487. if (len < 0) {
  1488. AA_DEBUG("label print error");
  1489. return;
  1490. }
  1491. str = name;
  1492. } else {
  1493. str = (char *) label->hname;
  1494. len = strlen(str);
  1495. }
  1496. if (audit_string_contains_control(str, len))
  1497. audit_log_n_hex(ab, str, len);
  1498. else
  1499. audit_log_n_string(ab, str, len);
  1500. kfree(name);
  1501. }
  1502. void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
  1503. struct aa_label *label, int flags, gfp_t gfp)
  1504. {
  1505. AA_BUG(!f);
  1506. AA_BUG(!label);
  1507. if (!use_label_hname(ns, label, flags)) {
  1508. char *str;
  1509. int len;
  1510. len = aa_label_asxprint(&str, ns, label, flags, gfp);
  1511. if (len < 0) {
  1512. AA_DEBUG("label print error");
  1513. return;
  1514. }
  1515. seq_puts(f, str);
  1516. kfree(str);
  1517. } else if (display_mode(ns, label, flags))
  1518. seq_printf(f, "%s (%s)", label->hname,
  1519. label_modename(ns, label, flags));
  1520. else
  1521. seq_puts(f, label->hname);
  1522. }
  1523. void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
  1524. gfp_t gfp)
  1525. {
  1526. AA_BUG(!label);
  1527. if (!use_label_hname(ns, label, flags)) {
  1528. char *str;
  1529. int len;
  1530. len = aa_label_asxprint(&str, ns, label, flags, gfp);
  1531. if (len < 0) {
  1532. AA_DEBUG("label print error");
  1533. return;
  1534. }
  1535. pr_info("%s", str);
  1536. kfree(str);
  1537. } else if (display_mode(ns, label, flags))
  1538. pr_info("%s (%s)", label->hname,
  1539. label_modename(ns, label, flags));
  1540. else
  1541. pr_info("%s", label->hname);
  1542. }
  1543. void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp)
  1544. {
  1545. struct aa_ns *ns = aa_get_current_ns();
  1546. aa_label_xaudit(ab, ns, label, FLAG_VIEW_SUBNS, gfp);
  1547. aa_put_ns(ns);
  1548. }
  1549. void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp)
  1550. {
  1551. struct aa_ns *ns = aa_get_current_ns();
  1552. aa_label_seq_xprint(f, ns, label, FLAG_VIEW_SUBNS, gfp);
  1553. aa_put_ns(ns);
  1554. }
  1555. void aa_label_printk(struct aa_label *label, gfp_t gfp)
  1556. {
  1557. struct aa_ns *ns = aa_get_current_ns();
  1558. aa_label_xprintk(ns, label, FLAG_VIEW_SUBNS, gfp);
  1559. aa_put_ns(ns);
  1560. }
  1561. static int label_count_strn_entries(const char *str, size_t n)
  1562. {
  1563. const char *end = str + n;
  1564. const char *split;
  1565. int count = 1;
  1566. AA_BUG(!str);
  1567. for (split = aa_label_strn_split(str, end - str);
  1568. split;
  1569. split = aa_label_strn_split(str, end - str)) {
  1570. count++;
  1571. str = split + 3;
  1572. }
  1573. return count;
  1574. }
  1575. /*
  1576. * ensure stacks with components like
  1577. * :ns:A//&B
  1578. * have :ns: applied to both 'A' and 'B' by making the lookup relative
  1579. * to the base if the lookup specifies an ns, else making the stacked lookup
  1580. * relative to the last embedded ns in the string.
  1581. */
  1582. static struct aa_profile *fqlookupn_profile(struct aa_label *base,
  1583. struct aa_label *currentbase,
  1584. const char *str, size_t n)
  1585. {
  1586. const char *first = skipn_spaces(str, n);
  1587. if (first && *first == ':')
  1588. return aa_fqlookupn_profile(base, str, n);
  1589. return aa_fqlookupn_profile(currentbase, str, n);
  1590. }
  1591. /**
  1592. * aa_label_strn_parse - parse, validate and convert a text string to a label
  1593. * @base: base label to use for lookups (NOT NULL)
  1594. * @str: null terminated text string (NOT NULL)
  1595. * @n: length of str to parse, will stop at \0 if encountered before n
  1596. * @gfp: allocation type
  1597. * @create: true if should create compound labels if they don't exist
  1598. * @force_stack: true if should stack even if no leading &
  1599. *
  1600. * Returns: the matching refcounted label if present
  1601. * else ERRPTR
  1602. */
  1603. struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
  1604. size_t n, gfp_t gfp, bool create,
  1605. bool force_stack)
  1606. {
  1607. DEFINE_VEC(profile, vec);
  1608. struct aa_label *label, *currbase = base;
  1609. int i, len, stack = 0, error;
  1610. const char *end = str + n;
  1611. const char *split;
  1612. AA_BUG(!base);
  1613. AA_BUG(!str);
  1614. str = skipn_spaces(str, n);
  1615. if (str == NULL || (AA_DEBUG_LABEL && *str == '_' &&
  1616. base != &root_ns->unconfined->label))
  1617. return ERR_PTR(-EINVAL);
  1618. len = label_count_strn_entries(str, end - str);
  1619. if (*str == '&' || force_stack) {
  1620. /* stack on top of base */
  1621. stack = base->size;
  1622. len += stack;
  1623. if (*str == '&')
  1624. str++;
  1625. }
  1626. error = vec_setup(profile, vec, len, gfp);
  1627. if (error)
  1628. return ERR_PTR(error);
  1629. for (i = 0; i < stack; i++)
  1630. vec[i] = aa_get_profile(base->vec[i]);
  1631. for (split = aa_label_strn_split(str, end - str), i = stack;
  1632. split && i < len; i++) {
  1633. vec[i] = fqlookupn_profile(base, currbase, str, split - str);
  1634. if (!vec[i])
  1635. goto fail;
  1636. /*
  1637. * if component specified a new ns it becomes the new base
  1638. * so that subsequent lookups are relative to it
  1639. */
  1640. if (vec[i]->ns != labels_ns(currbase))
  1641. currbase = &vec[i]->label;
  1642. str = split + 3;
  1643. split = aa_label_strn_split(str, end - str);
  1644. }
  1645. /* last element doesn't have a split */
  1646. if (i < len) {
  1647. vec[i] = fqlookupn_profile(base, currbase, str, end - str);
  1648. if (!vec[i])
  1649. goto fail;
  1650. }
  1651. if (len == 1)
  1652. /* no need to free vec as len < LOCAL_VEC_ENTRIES */
  1653. return &vec[0]->label;
  1654. len -= aa_vec_unique(vec, len, VEC_FLAG_TERMINATE);
  1655. /* TODO: deal with reference labels */
  1656. if (len == 1) {
  1657. label = aa_get_label(&vec[0]->label);
  1658. goto out;
  1659. }
  1660. if (create)
  1661. label = aa_vec_find_or_create_label(vec, len, gfp);
  1662. else
  1663. label = vec_find(vec, len);
  1664. if (!label)
  1665. goto fail;
  1666. out:
  1667. /* use adjusted len from after vec_unique, not original */
  1668. vec_cleanup(profile, vec, len);
  1669. return label;
  1670. fail:
  1671. label = ERR_PTR(-ENOENT);
  1672. goto out;
  1673. }
  1674. struct aa_label *aa_label_parse(struct aa_label *base, const char *str,
  1675. gfp_t gfp, bool create, bool force_stack)
  1676. {
  1677. return aa_label_strn_parse(base, str, strlen(str), gfp, create,
  1678. force_stack);
  1679. }
  1680. /**
  1681. * aa_labelset_destroy - remove all labels from the label set
  1682. * @ls: label set to cleanup (NOT NULL)
  1683. *
  1684. * Labels that are removed from the set may still exist beyond the set
  1685. * being destroyed depending on their reference counting
  1686. */
  1687. void aa_labelset_destroy(struct aa_labelset *ls)
  1688. {
  1689. struct rb_node *node;
  1690. unsigned long flags;
  1691. AA_BUG(!ls);
  1692. write_lock_irqsave(&ls->lock, flags);
  1693. for (node = rb_first(&ls->root); node; node = rb_first(&ls->root)) {
  1694. struct aa_label *this = rb_entry(node, struct aa_label, node);
  1695. if (labels_ns(this) != root_ns)
  1696. __label_remove(this,
  1697. ns_unconfined(labels_ns(this)->parent));
  1698. else
  1699. __label_remove(this, NULL);
  1700. }
  1701. write_unlock_irqrestore(&ls->lock, flags);
  1702. }
  1703. /*
  1704. * @ls: labelset to init (NOT NULL)
  1705. */
  1706. void aa_labelset_init(struct aa_labelset *ls)
  1707. {
  1708. AA_BUG(!ls);
  1709. rwlock_init(&ls->lock);
  1710. ls->root = RB_ROOT;
  1711. }
  1712. static struct aa_label *labelset_next_stale(struct aa_labelset *ls)
  1713. {
  1714. struct aa_label *label;
  1715. struct rb_node *node;
  1716. unsigned long flags;
  1717. AA_BUG(!ls);
  1718. read_lock_irqsave(&ls->lock, flags);
  1719. __labelset_for_each(ls, node) {
  1720. label = rb_entry(node, struct aa_label, node);
  1721. if ((label_is_stale(label) ||
  1722. vec_is_stale(label->vec, label->size)) &&
  1723. __aa_get_label(label))
  1724. goto out;
  1725. }
  1726. label = NULL;
  1727. out:
  1728. read_unlock_irqrestore(&ls->lock, flags);
  1729. return label;
  1730. }
  1731. /**
  1732. * __label_update - insert updated version of @label into labelset
  1733. * @label - the label to update/replace
  1734. *
  1735. * Returns: new label that is up to date
  1736. * else NULL on failure
  1737. *
  1738. * Requires: @ns lock be held
  1739. *
  1740. * Note: worst case is the stale @label does not get updated and has
  1741. * to be updated at a later time.
  1742. */
  1743. static struct aa_label *__label_update(struct aa_label *label)
  1744. {
  1745. struct aa_label *new, *tmp;
  1746. struct aa_labelset *ls;
  1747. unsigned long flags;
  1748. int i, invcount = 0;
  1749. AA_BUG(!label);
  1750. AA_BUG(!mutex_is_locked(&labels_ns(label)->lock));
  1751. new = aa_label_alloc(label->size, label->proxy, GFP_KERNEL);
  1752. if (!new)
  1753. return NULL;
  1754. /*
  1755. * while holding the ns_lock will stop profile replacement, removal,
  1756. * and label updates, label merging and removal can be occurring
  1757. */
  1758. ls = labels_set(label);
  1759. write_lock_irqsave(&ls->lock, flags);
  1760. for (i = 0; i < label->size; i++) {
  1761. AA_BUG(!label->vec[i]);
  1762. new->vec[i] = aa_get_newest_profile(label->vec[i]);
  1763. AA_BUG(!new->vec[i]);
  1764. AA_BUG(!new->vec[i]->label.proxy);
  1765. AA_BUG(!new->vec[i]->label.proxy->label);
  1766. if (new->vec[i]->label.proxy != label->vec[i]->label.proxy)
  1767. invcount++;
  1768. }
  1769. /* updated stale label by being removed/renamed from labelset */
  1770. if (invcount) {
  1771. new->size -= aa_vec_unique(&new->vec[0], new->size,
  1772. VEC_FLAG_TERMINATE);
  1773. /* TODO: deal with reference labels */
  1774. if (new->size == 1) {
  1775. tmp = aa_get_label(&new->vec[0]->label);
  1776. AA_BUG(tmp == label);
  1777. goto remove;
  1778. }
  1779. if (labels_set(label) != labels_set(new)) {
  1780. write_unlock_irqrestore(&ls->lock, flags);
  1781. tmp = aa_label_insert(labels_set(new), new);
  1782. write_lock_irqsave(&ls->lock, flags);
  1783. goto remove;
  1784. }
  1785. } else
  1786. AA_BUG(labels_ns(label) != labels_ns(new));
  1787. tmp = __label_insert(labels_set(label), new, true);
  1788. remove:
  1789. /* ensure label is removed, and redirected correctly */
  1790. __label_remove(label, tmp);
  1791. write_unlock_irqrestore(&ls->lock, flags);
  1792. label_free_or_put_new(tmp, new);
  1793. return tmp;
  1794. }
  1795. /**
  1796. * __labelset_update - update labels in @ns
  1797. * @ns: namespace to update labels in (NOT NULL)
  1798. *
  1799. * Requires: @ns lock be held
  1800. *
  1801. * Walk the labelset ensuring that all labels are up to date and valid
  1802. * Any label that has a stale component is marked stale and replaced and
  1803. * by an updated version.
  1804. *
  1805. * If failures happen due to memory pressures then stale labels will
  1806. * be left in place until the next pass.
  1807. */
  1808. static void __labelset_update(struct aa_ns *ns)
  1809. {
  1810. struct aa_label *label;
  1811. AA_BUG(!ns);
  1812. AA_BUG(!mutex_is_locked(&ns->lock));
  1813. do {
  1814. label = labelset_next_stale(&ns->labels);
  1815. if (label) {
  1816. struct aa_label *l = __label_update(label);
  1817. aa_put_label(l);
  1818. aa_put_label(label);
  1819. }
  1820. } while (label);
  1821. }
  1822. /**
  1823. * __aa_labelset_update_subtree - update all labels with a stale component
  1824. * @ns: ns to start update at (NOT NULL)
  1825. *
  1826. * Requires: @ns lock be held
  1827. *
  1828. * Invalidates labels based on @p in @ns and any children namespaces.
  1829. */
  1830. void __aa_labelset_update_subtree(struct aa_ns *ns)
  1831. {
  1832. struct aa_ns *child;
  1833. AA_BUG(!ns);
  1834. AA_BUG(!mutex_is_locked(&ns->lock));
  1835. __labelset_update(ns);
  1836. list_for_each_entry(child, &ns->sub_ns, base.list) {
  1837. mutex_lock_nested(&child->lock, child->level);
  1838. __aa_labelset_update_subtree(child);
  1839. mutex_unlock(&child->lock);
  1840. }
  1841. }