ホーム エクスプローラ ヘルプ
サインイン
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 5c86c450e2
ブランチ タグ
android_kernel_...
/
security
/
apparmor
/
mount.c

mount.c 18 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740 
  1. // SPDX-License-Identifier: GPL-2.0-only
    2. 

  2. /*
    3. 

  3.  * AppArmor security module
    4. 

  4.  *
    5. 

  5.  * This file contains AppArmor mediation of files
    6. 

  6.  *
    7. 

  7.  * Copyright (C) 1998-2008 Novell/SUSE
    8. 

  8.  * Copyright 2009-2017 Canonical Ltd.
    9. 

  9.  */
    10. 

  10. 

  11. #include <linux/fs.h>
    12. 

  12. #include <linux/mount.h>
    13. 

  13. #include <linux/namei.h>
    14. 

  14. #include <uapi/linux/mount.h>
    15. 

  15. 

  16. #include "include/apparmor.h"
    17. 

  17. #include "include/audit.h"
    18. 

  18. #include "include/cred.h"
    19. 

  19. #include "include/domain.h"
    20. 

  20. #include "include/file.h"
    21. 

  21. #include "include/match.h"
    22. 

  22. #include "include/mount.h"
    23. 

  23. #include "include/path.h"
    24. 

  24. #include "include/policy.h"
    25. 

  25. 

  26. 

  27. static void audit_mnt_flags(struct audit_buffer *ab, unsigned long flags)
    28. 

  28. {
    29. 

  29. 	if (flags & MS_RDONLY)
    30. 

  30. 		audit_log_format(ab, "ro");
    31. 

  31. 	else
    32. 

  32. 		audit_log_format(ab, "rw");
    33. 

  33. 	if (flags & MS_NOSUID)
    34. 

  34. 		audit_log_format(ab, ", nosuid");
    35. 

  35. 	if (flags & MS_NODEV)
    36. 

  36. 		audit_log_format(ab, ", nodev");
    37. 

  37. 	if (flags & MS_NOEXEC)
    38. 

  38. 		audit_log_format(ab, ", noexec");
    39. 

  39. 	if (flags & MS_SYNCHRONOUS)
    40. 

  40. 		audit_log_format(ab, ", sync");
    41. 

  41. 	if (flags & MS_REMOUNT)
    42. 

  42. 		audit_log_format(ab, ", remount");
    43. 

  43. 	if (flags & MS_MANDLOCK)
    44. 

  44. 		audit_log_format(ab, ", mand");
    45. 

  45. 	if (flags & MS_DIRSYNC)
    46. 

  46. 		audit_log_format(ab, ", dirsync");
    47. 

  47. 	if (flags & MS_NOATIME)
    48. 

  48. 		audit_log_format(ab, ", noatime");
    49. 

  49. 	if (flags & MS_NODIRATIME)
    50. 

  50. 		audit_log_format(ab, ", nodiratime");
    51. 

  51. 	if (flags & MS_BIND)
    52. 

  52. 		audit_log_format(ab, flags & MS_REC ? ", rbind" : ", bind");
    53. 

  53. 	if (flags & MS_MOVE)
    54. 

  54. 		audit_log_format(ab, ", move");
    55. 

  55. 	if (flags & MS_SILENT)
    56. 

  56. 		audit_log_format(ab, ", silent");
    57. 

  57. 	if (flags & MS_POSIXACL)
    58. 

  58. 		audit_log_format(ab, ", acl");
    59. 

  59. 	if (flags & MS_UNBINDABLE)
    60. 

  60. 		audit_log_format(ab, flags & MS_REC ? ", runbindable" :
    61. 

  61. 				 ", unbindable");
    62. 

  62. 	if (flags & MS_PRIVATE)
    63. 

  63. 		audit_log_format(ab, flags & MS_REC ? ", rprivate" :
    64. 

  64. 				 ", private");
    65. 

  65. 	if (flags & MS_SLAVE)
    66. 

  66. 		audit_log_format(ab, flags & MS_REC ? ", rslave" :
    67. 

  67. 				 ", slave");
    68. 

  68. 	if (flags & MS_SHARED)
    69. 

  69. 		audit_log_format(ab, flags & MS_REC ? ", rshared" :
    70. 

  70. 				 ", shared");
    71. 

  71. 	if (flags & MS_RELATIME)
    72. 

  72. 		audit_log_format(ab, ", relatime");
    73. 

  73. 	if (flags & MS_I_VERSION)
    74. 

  74. 		audit_log_format(ab, ", iversion");
    75. 

  75. 	if (flags & MS_STRICTATIME)
    76. 

  76. 		audit_log_format(ab, ", strictatime");
    77. 

  77. 	if (flags & MS_NOUSER)
    78. 

  78. 		audit_log_format(ab, ", nouser");
    79. 

  79. }
    80. 

  80. 

  81. /**
    82. 

  82.  * audit_cb - call back for mount specific audit fields
    83. 

  83.  * @ab: audit_buffer  (NOT NULL)
    84. 

  84.  * @va: audit struct to audit values of  (NOT NULL)
    85. 

  85.  */
    86. 

  86. static void audit_cb(struct audit_buffer *ab, void *va)
    87. 

  87. {
    88. 

  88. 	struct common_audit_data *sa = va;
    89. 

  89. 

  90. 	if (aad(sa)->mnt.type) {
    91. 

  91. 		audit_log_format(ab, " fstype=");
    92. 

  92. 		audit_log_untrustedstring(ab, aad(sa)->mnt.type);
    93. 

  93. 	}
    94. 

  94. 	if (aad(sa)->mnt.src_name) {
    95. 

  95. 		audit_log_format(ab, " srcname=");
    96. 

  96. 		audit_log_untrustedstring(ab, aad(sa)->mnt.src_name);
    97. 

  97. 	}
    98. 

  98. 	if (aad(sa)->mnt.trans) {
    99. 

  99. 		audit_log_format(ab, " trans=");
    100. 

  100. 		audit_log_untrustedstring(ab, aad(sa)->mnt.trans);
    101. 

  101. 	}
    102. 

  102. 	if (aad(sa)->mnt.flags) {
    103. 

  103. 		audit_log_format(ab, " flags=\"");
    104. 

  104. 		audit_mnt_flags(ab, aad(sa)->mnt.flags);
    105. 

  105. 		audit_log_format(ab, "\"");
    106. 

  106. 	}
    107. 

  107. 	if (aad(sa)->mnt.data) {
    108. 

  108. 		audit_log_format(ab, " options=");
    109. 

  109. 		audit_log_untrustedstring(ab, aad(sa)->mnt.data);
    110. 

  110. 	}
    111. 

  111. }
    112. 

  112. 

  113. /**
    114. 

  114.  * audit_mount - handle the auditing of mount operations
    115. 

  115.  * @profile: the profile being enforced  (NOT NULL)
    116. 

  116.  * @op: operation being mediated (NOT NULL)
    117. 

  117.  * @name: name of object being mediated (MAYBE NULL)
    118. 

  118.  * @src_name: src_name of object being mediated (MAYBE_NULL)
    119. 

  119.  * @type: type of filesystem (MAYBE_NULL)
    120. 

  120.  * @trans: name of trans (MAYBE NULL)
    121. 

  121.  * @flags: filesystem independent mount flags
    122. 

  122.  * @data: filesystem mount flags
    123. 

  123.  * @request: permissions requested
    124. 

  124.  * @perms: the permissions computed for the request (NOT NULL)
    125. 

  125.  * @info: extra information message (MAYBE NULL)
    126. 

  126.  * @error: 0 if operation allowed else failure error code
    127. 

  127.  *
    128. 

  128.  * Returns: %0 or error on failure
    129. 

  129.  */
    130. 

  130. static int audit_mount(struct aa_profile *profile, const char *op,
    131. 

  131. 		       const char *name, const char *src_name,
    132. 

  132. 		       const char *type, const char *trans,
    133. 

  133. 		       unsigned long flags, const void *data, u32 request,
    134. 

  134. 		       struct aa_perms *perms, const char *info, int error)
    135. 

  135. {
    136. 

  136. 	int audit_type = AUDIT_APPARMOR_AUTO;
    137. 

  137. 	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, op);
    138. 

  138. 

  139. 	if (likely(!error)) {
    140. 

  140. 		u32 mask = perms->audit;
    141. 

  141. 

  142. 		if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL))
    143. 

  143. 			mask = 0xffff;
    144. 

  144. 

  145. 		/* mask off perms that are not being force audited */
    146. 

  146. 		request &= mask;
    147. 

  147. 

  148. 		if (likely(!request))
    149. 

  149. 			return 0;
    150. 

  150. 		audit_type = AUDIT_APPARMOR_AUDIT;
    151. 

  151. 	} else {
    152. 

  152. 		/* only report permissions that were denied */
    153. 

  153. 		request = request & ~perms->allow;
    154. 

  154. 

  155. 		if (request & perms->kill)
    156. 

  156. 			audit_type = AUDIT_APPARMOR_KILL;
    157. 

  157. 

  158. 		/* quiet known rejects, assumes quiet and kill do not overlap */
    159. 

  159. 		if ((request & perms->quiet) &&
    160. 

  160. 		    AUDIT_MODE(profile) != AUDIT_NOQUIET &&
    161. 

  161. 		    AUDIT_MODE(profile) != AUDIT_ALL)
    162. 

  162. 			request &= ~perms->quiet;
    163. 

  163. 

  164. 		if (!request)
    165. 

  165. 			return error;
    166. 

  166. 	}
    167. 

  167. 

  168. 	aad(&sa)->name = name;
    169. 

  169. 	aad(&sa)->mnt.src_name = src_name;
    170. 

  170. 	aad(&sa)->mnt.type = type;
    171. 

  171. 	aad(&sa)->mnt.trans = trans;
    172. 

  172. 	aad(&sa)->mnt.flags = flags;
    173. 

  173. 	if (data && (perms->audit & AA_AUDIT_DATA))
    174. 

  174. 		aad(&sa)->mnt.data = data;
    175. 

  175. 	aad(&sa)->info = info;
    176. 

  176. 	aad(&sa)->error = error;
    177. 

  177. 

  178. 	return aa_audit(audit_type, profile, &sa, audit_cb);
    179. 

  179. }
    180. 

  180. 

  181. /**
    182. 

  182.  * match_mnt_flags - Do an ordered match on mount flags
    183. 

  183.  * @dfa: dfa to match against
    184. 

  184.  * @state: state to start in
    185. 

  185.  * @flags: mount flags to match against
    186. 

  186.  *
    187. 

  187.  * Mount flags are encoded as an ordered match. This is done instead of
    188. 

  188.  * checking against a simple bitmask, to allow for logical operations
    189. 

  189.  * on the flags.
    190. 

  190.  *
    191. 

  191.  * Returns: next state after flags match
    192. 

  192.  */
    193. 

  193. static unsigned int match_mnt_flags(struct aa_dfa *dfa, unsigned int state,
    194. 

  194. 				    unsigned long flags)
    195. 

  195. {
    196. 

  196. 	unsigned int i;
    197. 

  197. 

  198. 	for (i = 0; i <= 31 ; ++i) {
    199. 

  199. 		if ((1 << i) & flags)
    200. 

  200. 			state = aa_dfa_next(dfa, state, i + 1);
    201. 

  201. 	}
    202. 

  202. 

  203. 	return state;
    204. 

  204. }
    205. 

  205. 

  206. /**
    207. 

  207.  * compute_mnt_perms - compute mount permission associated with @state
    208. 

  208.  * @dfa: dfa to match against (NOT NULL)
    209. 

  209.  * @state: state match finished in
    210. 

  210.  *
    211. 

  211.  * Returns: mount permissions
    212. 

  212.  */
    213. 

  213. static struct aa_perms compute_mnt_perms(struct aa_dfa *dfa,
    214. 

  214. 					   unsigned int state)
    215. 

  215. {
    216. 

  216. 	struct aa_perms perms = {
    217. 

  217. 		.allow = dfa_user_allow(dfa, state),
    218. 

  218. 		.audit = dfa_user_audit(dfa, state),
    219. 

  219. 		.quiet = dfa_user_quiet(dfa, state),
    220. 

  220. 	};
    221. 

  221. 

  222. 	return perms;
    223. 

  223. }
    224. 

  224. 

  225. static const char * const mnt_info_table[] = {
    226. 

  226. 	"match succeeded",
    227. 

  227. 	"failed mntpnt match",
    228. 

  228. 	"failed srcname match",
    229. 

  229. 	"failed type match",
    230. 

  230. 	"failed flags match",
    231. 

  231. 	"failed data match",
    232. 

  232. 	"failed perms check"
    233. 

  233. };
    234. 

  234. 

  235. /*
    236. 

  236.  * Returns 0 on success else element that match failed in, this is the
    237. 

  237.  * index into the mnt_info_table above
    238. 

  238.  */
    239. 

  239. static int do_match_mnt(struct aa_dfa *dfa, unsigned int start,
    240. 

  240. 			const char *mntpnt, const char *devname,
    241. 

  241. 			const char *type, unsigned long flags,
    242. 

  242. 			void *data, bool binary, struct aa_perms *perms)
    243. 

  243. {
    244. 

  244. 	unsigned int state;
    245. 

  245. 

  246. 	AA_BUG(!dfa);
    247. 

  247. 	AA_BUG(!perms);
    248. 

  248. 

  249. 	state = aa_dfa_match(dfa, start, mntpnt);
    250. 

  250. 	state = aa_dfa_null_transition(dfa, state);
    251. 

  251. 	if (!state)
    252. 

  252. 		return 1;
    253. 

  253. 

  254. 	if (devname)
    255. 

  255. 		state = aa_dfa_match(dfa, state, devname);
    256. 

  256. 	state = aa_dfa_null_transition(dfa, state);
    257. 

  257. 	if (!state)
    258. 

  258. 		return 2;
    259. 

  259. 

  260. 	if (type)
    261. 

  261. 		state = aa_dfa_match(dfa, state, type);
    262. 

  262. 	state = aa_dfa_null_transition(dfa, state);
    263. 

  263. 	if (!state)
    264. 

  264. 		return 3;
    265. 

  265. 

  266. 	state = match_mnt_flags(dfa, state, flags);
    267. 

  267. 	if (!state)
    268. 

  268. 		return 4;
    269. 

  269. 	*perms = compute_mnt_perms(dfa, state);
    270. 

  270. 	if (perms->allow & AA_MAY_MOUNT)
    271. 

  271. 		return 0;
    272. 

  272. 

  273. 	/* only match data if not binary and the DFA flags data is expected */
    274. 

  274. 	if (data && !binary && (perms->allow & AA_MNT_CONT_MATCH)) {
    275. 

  275. 		state = aa_dfa_null_transition(dfa, state);
    276. 

  276. 		if (!state)
    277. 

  277. 			return 4;
    278. 

  278. 

  279. 		state = aa_dfa_match(dfa, state, data);
    280. 

  280. 		if (!state)
    281. 

  281. 			return 5;
    282. 

  282. 		*perms = compute_mnt_perms(dfa, state);
    283. 

  283. 		if (perms->allow & AA_MAY_MOUNT)
    284. 

  284. 			return 0;
    285. 

  285. 	}
    286. 

  286. 

  287. 	/* failed at perms check, don't confuse with flags match */
    288. 

  288. 	return 6;
    289. 

  289. }
    290. 

  290. 

  291. 

  292. static int path_flags(struct aa_profile *profile, const struct path *path)
    293. 

  293. {
    294. 

  294. 	AA_BUG(!profile);
    295. 

  295. 	AA_BUG(!path);
    296. 

  296. 

  297. 	return profile->path_flags |
    298. 

  298. 		(S_ISDIR(path->dentry->d_inode->i_mode) ? PATH_IS_DIR : 0);
    299. 

  299. }
    300. 

  300. 

  301. /**
    302. 

  302.  * match_mnt_path_str - handle path matching for mount
    303. 

  303.  * @profile: the confining profile
    304. 

  304.  * @mntpath: for the mntpnt (NOT NULL)
    305. 

  305.  * @buffer: buffer to be used to lookup mntpath
    306. 

  306.  * @devname: string for the devname/src_name (MAY BE NULL OR ERRPTR)
    307. 

  307.  * @type: string for the dev type (MAYBE NULL)
    308. 

  308.  * @flags: mount flags to match
    309. 

  309.  * @data: fs mount data (MAYBE NULL)
    310. 

  310.  * @binary: whether @data is binary
    311. 

  311.  * @devinfo: error str if (IS_ERR(@devname))
    312. 

  312.  *
    313. 

  313.  * Returns: 0 on success else error
    314. 

  314.  */
    315. 

  315. static int match_mnt_path_str(struct aa_profile *profile,
    316. 

  316. 			      const struct path *mntpath, char *buffer,
    317. 

  317. 			      const char *devname, const char *type,
    318. 

  318. 			      unsigned long flags, void *data, bool binary,
    319. 

  319. 			      const char *devinfo)
    320. 

  320. {
    321. 

  321. 	struct aa_perms perms = { };
    322. 

  322. 	const char *mntpnt = NULL, *info = NULL;
    323. 

  323. 	int pos, error;
    324. 

  324. 

  325. 	AA_BUG(!profile);
    326. 

  326. 	AA_BUG(!mntpath);
    327. 

  327. 	AA_BUG(!buffer);
    328. 

  328. 

  329. 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
    330. 

  330. 		return 0;
    331. 

  331. 

  332. 	error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer,
    333. 

  333. 			     &mntpnt, &info, profile->disconnected);
    334. 

  334. 	if (error)
    335. 

  335. 		goto audit;
    336. 

  336. 	if (IS_ERR(devname)) {
    337. 

  337. 		error = PTR_ERR(devname);
    338. 

  338. 		devname = NULL;
    339. 

  339. 		info = devinfo;
    340. 

  340. 		goto audit;
    341. 

  341. 	}
    342. 

  342. 

  343. 	error = -EACCES;
    344. 

  344. 	pos = do_match_mnt(profile->policy.dfa,
    345. 

  345. 			   profile->policy.start[AA_CLASS_MOUNT],
    346. 

  346. 			   mntpnt, devname, type, flags, data, binary, &perms);
    347. 

  347. 	if (pos) {
    348. 

  348. 		info = mnt_info_table[pos];
    349. 

  349. 		goto audit;
    350. 

  350. 	}
    351. 

  351. 	error = 0;
    352. 

  352. 

  353. audit:
    354. 

  354. 	return audit_mount(profile, OP_MOUNT, mntpnt, devname, type, NULL,
    355. 

  355. 			   flags, data, AA_MAY_MOUNT, &perms, info, error);
    356. 

  356. }
    357. 

  357. 

  358. /**
    359. 

  359.  * match_mnt - handle path matching for mount
    360. 

  360.  * @profile: the confining profile
    361. 

  361.  * @path: for the mntpnt (NOT NULL)
    362. 

  362.  * @buffer: buffer to be used to lookup mntpath
    363. 

  363.  * @devpath: path devname/src_name (MAYBE NULL)
    364. 

  364.  * @devbuffer: buffer to be used to lookup devname/src_name
    365. 

  365.  * @type: string for the dev type (MAYBE NULL)
    366. 

  366.  * @flags: mount flags to match
    367. 

  367.  * @data: fs mount data (MAYBE NULL)
    368. 

  368.  * @binary: whether @data is binary
    369. 

  369.  *
    370. 

  370.  * Returns: 0 on success else error
    371. 

  371.  */
    372. 

  372. static int match_mnt(struct aa_profile *profile, const struct path *path,
    373. 

  373. 		     char *buffer, const struct path *devpath, char *devbuffer,
    374. 

  374. 		     const char *type, unsigned long flags, void *data,
    375. 

  375. 		     bool binary)
    376. 

  376. {
    377. 

  377. 	const char *devname = NULL, *info = NULL;
    378. 

  378. 	int error = -EACCES;
    379. 

  379. 

  380. 	AA_BUG(!profile);
    381. 

  381. 	AA_BUG(devpath && !devbuffer);
    382. 

  382. 

  383. 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
    384. 

  384. 		return 0;
    385. 

  385. 

  386. 	if (devpath) {
    387. 

  387. 		error = aa_path_name(devpath, path_flags(profile, devpath),
    388. 

  388. 				     devbuffer, &devname, &info,
    389. 

  389. 				     profile->disconnected);
    390. 

  390. 		if (error)
    391. 

  391. 			devname = ERR_PTR(error);
    392. 

  392. 	}
    393. 

  393. 

  394. 	return match_mnt_path_str(profile, path, buffer, devname, type, flags,
    395. 

  395. 				  data, binary, info);
    396. 

  396. }
    397. 

  397. 

  398. int aa_remount(struct aa_label *label, const struct path *path,
    399. 

  399. 	       unsigned long flags, void *data)
    400. 

  400. {
    401. 

  401. 	struct aa_profile *profile;
    402. 

  402. 	char *buffer = NULL;
    403. 

  403. 	bool binary;
    404. 

  404. 	int error;
    405. 

  405. 

  406. 	AA_BUG(!label);
    407. 

  407. 	AA_BUG(!path);
    408. 

  408. 

  409. 	binary = path->dentry->d_sb->s_type->fs_flags & FS_BINARY_MOUNTDATA;
    410. 

  410. 

  411. 	buffer = aa_get_buffer(false);
    412. 

  412. 	if (!buffer)
    413. 

  413. 		return -ENOMEM;
    414. 

  414. 	error = fn_for_each_confined(label, profile,
    415. 

  415. 			match_mnt(profile, path, buffer, NULL, NULL, NULL,
    416. 

  416. 				  flags, data, binary));
    417. 

  417. 	aa_put_buffer(buffer);
    418. 

  418. 

  419. 	return error;
    420. 

  420. }
    421. 

  421. 

  422. int aa_bind_mount(struct aa_label *label, const struct path *path,
    423. 

  423. 		  const char *dev_name, unsigned long flags)
    424. 

  424. {
    425. 

  425. 	struct aa_profile *profile;
    426. 

  426. 	char *buffer = NULL, *old_buffer = NULL;
    427. 

  427. 	struct path old_path;
    428. 

  428. 	int error;
    429. 

  429. 

  430. 	AA_BUG(!label);
    431. 

  431. 	AA_BUG(!path);
    432. 

  432. 

  433. 	if (!dev_name || !*dev_name)
    434. 

  434. 		return -EINVAL;
    435. 

  435. 

  436. 	flags &= MS_REC | MS_BIND;
    437. 

  437. 

  438. 	error = kern_path(dev_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
    439. 

  439. 	if (error)
    440. 

  440. 		return error;
    441. 

  441. 

  442. 	buffer = aa_get_buffer(false);
    443. 

  443. 	old_buffer = aa_get_buffer(false);
    444. 

  444. 	error = -ENOMEM;
    445. 

  445. 	if (!buffer || !old_buffer)
    446. 

  446. 		goto out;
    447. 

  447. 

  448. 	error = fn_for_each_confined(label, profile,
    449. 

  449. 			match_mnt(profile, path, buffer, &old_path, old_buffer,
    450. 

  450. 				  NULL, flags, NULL, false));
    451. 

  451. out:
    452. 

  452. 	aa_put_buffer(buffer);
    453. 

  453. 	aa_put_buffer(old_buffer);
    454. 

  454. 	path_put(&old_path);
    455. 

  455. 

  456. 	return error;
    457. 

  457. }
    458. 

  458. 

  459. int aa_mount_change_type(struct aa_label *label, const struct path *path,
    460. 

  460. 			 unsigned long flags)
    461. 

  461. {
    462. 

  462. 	struct aa_profile *profile;
    463. 

  463. 	char *buffer = NULL;
    464. 

  464. 	int error;
    465. 

  465. 

  466. 	AA_BUG(!label);
    467. 

  467. 	AA_BUG(!path);
    468. 

  468. 

  469. 	/* These are the flags allowed by do_change_type() */
    470. 

  470. 	flags &= (MS_REC | MS_SILENT | MS_SHARED | MS_PRIVATE | MS_SLAVE |
    471. 

  471. 		  MS_UNBINDABLE);
    472. 

  472. 

  473. 	buffer = aa_get_buffer(false);
    474. 

  474. 	if (!buffer)
    475. 

  475. 		return -ENOMEM;
    476. 

  476. 	error = fn_for_each_confined(label, profile,
    477. 

  477. 			match_mnt(profile, path, buffer, NULL, NULL, NULL,
    478. 

  478. 				  flags, NULL, false));
    479. 

  479. 	aa_put_buffer(buffer);
    480. 

  480. 

  481. 	return error;
    482. 

  482. }
    483. 

  483. 

  484. int aa_move_mount(struct aa_label *label, const struct path *path,
    485. 

  485. 		  const char *orig_name)
    486. 

  486. {
    487. 

  487. 	struct aa_profile *profile;
    488. 

  488. 	char *buffer = NULL, *old_buffer = NULL;
    489. 

  489. 	struct path old_path;
    490. 

  490. 	int error;
    491. 

  491. 

  492. 	AA_BUG(!label);
    493. 

  493. 	AA_BUG(!path);
    494. 

  494. 

  495. 	if (!orig_name || !*orig_name)
    496. 

  496. 		return -EINVAL;
    497. 

  497. 

  498. 	error = kern_path(orig_name, LOOKUP_FOLLOW, &old_path);
    499. 

  499. 	if (error)
    500. 

  500. 		return error;
    501. 

  501. 

  502. 	buffer = aa_get_buffer(false);
    503. 

  503. 	old_buffer = aa_get_buffer(false);
    504. 

  504. 	error = -ENOMEM;
    505. 

  505. 	if (!buffer || !old_buffer)
    506. 

  506. 		goto out;
    507. 

  507. 	error = fn_for_each_confined(label, profile,
    508. 

  508. 			match_mnt(profile, path, buffer, &old_path, old_buffer,
    509. 

  509. 				  NULL, MS_MOVE, NULL, false));
    510. 

  510. out:
    511. 

  511. 	aa_put_buffer(buffer);
    512. 

  512. 	aa_put_buffer(old_buffer);
    513. 

  513. 	path_put(&old_path);
    514. 

  514. 

  515. 	return error;
    516. 

  516. }
    517. 

  517. 

  518. int aa_new_mount(struct aa_label *label, const char *dev_name,
    519. 

  519. 		 const struct path *path, const char *type, unsigned long flags,
    520. 

  520. 		 void *data)
    521. 

  521. {
    522. 

  522. 	struct aa_profile *profile;
    523. 

  523. 	char *buffer = NULL, *dev_buffer = NULL;
    524. 

  524. 	bool binary = true;
    525. 

  525. 	int error;
    526. 

  526. 	int requires_dev = 0;
    527. 

  527. 	struct path tmp_path, *dev_path = NULL;
    528. 

  528. 

  529. 	AA_BUG(!label);
    530. 

  530. 	AA_BUG(!path);
    531. 

  531. 

  532. 	if (type) {
    533. 

  533. 		struct file_system_type *fstype;
    534. 

  534. 

  535. 		fstype = get_fs_type(type);
    536. 

  536. 		if (!fstype)
    537. 

  537. 			return -ENODEV;
    538. 

  538. 		binary = fstype->fs_flags & FS_BINARY_MOUNTDATA;
    539. 

  539. 		requires_dev = fstype->fs_flags & FS_REQUIRES_DEV;
    540. 

  540. 		put_filesystem(fstype);
    541. 

  541. 

  542. 		if (requires_dev) {
    543. 

  543. 			if (!dev_name || !*dev_name)
    544. 

  544. 				return -ENOENT;
    545. 

  545. 

  546. 			error = kern_path(dev_name, LOOKUP_FOLLOW, &tmp_path);
    547. 

  547. 			if (error)
    548. 

  548. 				return error;
    549. 

  549. 			dev_path = &tmp_path;
    550. 

  550. 		}
    551. 

  551. 	}
    552. 

  552. 

  553. 	buffer = aa_get_buffer(false);
    554. 

  554. 	if (!buffer) {
    555. 

  555. 		error = -ENOMEM;
    556. 

  556. 		goto out;
    557. 

  557. 	}
    558. 

  558. 	if (dev_path) {
    559. 

  559. 		dev_buffer = aa_get_buffer(false);
    560. 

  560. 		if (!dev_buffer) {
    561. 

  561. 			error = -ENOMEM;
    562. 

  562. 			goto out;
    563. 

  563. 		}
    564. 

  564. 		error = fn_for_each_confined(label, profile,
    565. 

  565. 			match_mnt(profile, path, buffer, dev_path, dev_buffer,
    566. 

  566. 				  type, flags, data, binary));
    567. 

  567. 	} else {
    568. 

  568. 		error = fn_for_each_confined(label, profile,
    569. 

  569. 			match_mnt_path_str(profile, path, buffer, dev_name,
    570. 

  570. 					   type, flags, data, binary, NULL));
    571. 

  571. 	}
    572. 

  572. 

  573. out:
    574. 

  574. 	aa_put_buffer(buffer);
    575. 

  575. 	aa_put_buffer(dev_buffer);
    576. 

  576. 	if (dev_path)
    577. 

  577. 		path_put(dev_path);
    578. 

  578. 

  579. 	return error;
    580. 

  580. }
    581. 

  581. 

  582. static int profile_umount(struct aa_profile *profile, const struct path *path,
    583. 

  583. 			  char *buffer)
    584. 

  584. {
    585. 

  585. 	struct aa_perms perms = { };
    586. 

  586. 	const char *name = NULL, *info = NULL;
    587. 

  587. 	unsigned int state;
    588. 

  588. 	int error;
    589. 

  589. 

  590. 	AA_BUG(!profile);
    591. 

  591. 	AA_BUG(!path);
    592. 

  592. 

  593. 	if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
    594. 

  594. 		return 0;
    595. 

  595. 

  596. 	error = aa_path_name(path, path_flags(profile, path), buffer, &name,
    597. 

  597. 			     &info, profile->disconnected);
    598. 

  598. 	if (error)
    599. 

  599. 		goto audit;
    600. 

  600. 

  601. 	state = aa_dfa_match(profile->policy.dfa,
    602. 

  602. 			     profile->policy.start[AA_CLASS_MOUNT],
    603. 

  603. 			     name);
    604. 

  604. 	perms = compute_mnt_perms(profile->policy.dfa, state);
    605. 

  605. 	if (AA_MAY_UMOUNT & ~perms.allow)
    606. 

  606. 		error = -EACCES;
    607. 

  607. 

  608. audit:
    609. 

  609. 	return audit_mount(profile, OP_UMOUNT, name, NULL, NULL, NULL, 0, NULL,
    610. 

  610. 			   AA_MAY_UMOUNT, &perms, info, error);
    611. 

  611. }
    612. 

  612. 

  613. int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags)
    614. 

  614. {
    615. 

  615. 	struct aa_profile *profile;
    616. 

  616. 	char *buffer = NULL;
    617. 

  617. 	int error;
    618. 

  618. 	struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
    619. 

  619. 

  620. 	AA_BUG(!label);
    621. 

  621. 	AA_BUG(!mnt);
    622. 

  622. 

  623. 	buffer = aa_get_buffer(false);
    624. 

  624. 	if (!buffer)
    625. 

  625. 		return -ENOMEM;
    626. 

  626. 

  627. 	error = fn_for_each_confined(label, profile,
    628. 

  628. 			profile_umount(profile, &path, buffer));
    629. 

  629. 	aa_put_buffer(buffer);
    630. 

  630. 

  631. 	return error;
    632. 

  632. }
    633. 

  633. 

  634. /* helper fn for transition on pivotroot
    635. 

  635.  *
    636. 

  636.  * Returns: label for transition or ERR_PTR. Does not return NULL
    637. 

  637.  */
    638. 

  638. static struct aa_label *build_pivotroot(struct aa_profile *profile,
    639. 

  639. 					const struct path *new_path,
    640. 

  640. 					char *new_buffer,
    641. 

  641. 					const struct path *old_path,
    642. 

  642. 					char *old_buffer)
    643. 

  643. {
    644. 

  644. 	const char *old_name, *new_name = NULL, *info = NULL;
    645. 

  645. 	const char *trans_name = NULL;
    646. 

  646. 	struct aa_perms perms = { };
    647. 

  647. 	unsigned int state;
    648. 

  648. 	int error;
    649. 

  649. 

  650. 	AA_BUG(!profile);
    651. 

  651. 	AA_BUG(!new_path);
    652. 

  652. 	AA_BUG(!old_path);
    653. 

  653. 

  654. 	if (profile_unconfined(profile) ||
    655. 

  655. 	    !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT))
    656. 

  656. 		return aa_get_newest_label(&profile->label);
    657. 

  657. 

  658. 	error = aa_path_name(old_path, path_flags(profile, old_path),
    659. 

  659. 			     old_buffer, &old_name, &info,
    660. 

  660. 			     profile->disconnected);
    661. 

  661. 	if (error)
    662. 

  662. 		goto audit;
    663. 

  663. 	error = aa_path_name(new_path, path_flags(profile, new_path),
    664. 

  664. 			     new_buffer, &new_name, &info,
    665. 

  665. 			     profile->disconnected);
    666. 

  666. 	if (error)
    667. 

  667. 		goto audit;
    668. 

  668. 

  669. 	error = -EACCES;
    670. 

  670. 	state = aa_dfa_match(profile->policy.dfa,
    671. 

  671. 			     profile->policy.start[AA_CLASS_MOUNT],
    672. 

  672. 			     new_name);
    673. 

  673. 	state = aa_dfa_null_transition(profile->policy.dfa, state);
    674. 

  674. 	state = aa_dfa_match(profile->policy.dfa, state, old_name);
    675. 

  675. 	perms = compute_mnt_perms(profile->policy.dfa, state);
    676. 

  676. 

  677. 	if (AA_MAY_PIVOTROOT & perms.allow)
    678. 

  678. 		error = 0;
    679. 

  679. 

  680. audit:
    681. 

  681. 	error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
    682. 

  682. 			    NULL, trans_name, 0, NULL, AA_MAY_PIVOTROOT,
    683. 

  683. 			    &perms, info, error);
    684. 

  684. 	if (error)
    685. 

  685. 		return ERR_PTR(error);
    686. 

  686. 

  687. 	return aa_get_newest_label(&profile->label);
    688. 

  688. }
    689. 

  689. 

  690. int aa_pivotroot(struct aa_label *label, const struct path *old_path,
    691. 

  691. 		 const struct path *new_path)
    692. 

  692. {
    693. 

  693. 	struct aa_profile *profile;
    694. 

  694. 	struct aa_label *target = NULL;
    695. 

  695. 	char *old_buffer = NULL, *new_buffer = NULL, *info = NULL;
    696. 

  696. 	int error;
    697. 

  697. 

  698. 	AA_BUG(!label);
    699. 

  699. 	AA_BUG(!old_path);
    700. 

  700. 	AA_BUG(!new_path);
    701. 

  701. 

  702. 	old_buffer = aa_get_buffer(false);
    703. 

  703. 	new_buffer = aa_get_buffer(false);
    704. 

  704. 	error = -ENOMEM;
    705. 

  705. 	if (!old_buffer || !new_buffer)
    706. 

  706. 		goto out;
    707. 

  707. 	target = fn_label_build(label, profile, GFP_KERNEL,
    708. 

  708. 			build_pivotroot(profile, new_path, new_buffer,
    709. 

  709. 					old_path, old_buffer));
    710. 

  710. 	if (!target) {
    711. 

  711. 		info = "label build failed";
    712. 

  712. 		error = -ENOMEM;
    713. 

  713. 		goto fail;
    714. 

  714. 	} else if (!IS_ERR(target)) {
    715. 

  715. 		error = aa_replace_current_label(target);
    716. 

  716. 		if (error) {
    717. 

  717. 			/* TODO: audit target */
    718. 

  718. 			aa_put_label(target);
    719. 

  719. 			goto out;
    720. 

  720. 		}
    721. 

  721. 		aa_put_label(target);
    722. 

  722. 	} else
    723. 

  723. 		/* already audited error */
    724. 

  724. 		error = PTR_ERR(target);
    725. 

  725. out:
    726. 

  726. 	aa_put_buffer(old_buffer);
    727. 

  727. 	aa_put_buffer(new_buffer);
    728. 

  728. 

  729. 	return error;
    730. 

  730. 

  731. fail:
    732. 

  732. 	/* TODO: add back in auditing of new_name and old_name */
    733. 

  733. 	error = fn_for_each(label, profile,
    734. 

  734. 			audit_mount(profile, OP_PIVOTROOT, NULL /*new_name */,
    735. 

  735. 				    NULL /* old_name */,
    736. 

  736. 				    NULL, NULL,
    737. 

  737. 				    0, NULL, AA_MAY_PIVOTROOT, &nullperms, info,
    738. 

  738. 				    error));
    739. 

  739. 	goto out;
    740. 

  740. }
    741.