1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AppArmor security module
4 *
5 * This file contains AppArmor function for pathnames
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
10
11 #include <linux/magic.h>
12 #include <linux/mount.h>
13 #include <linux/namei.h>
14 #include <linux/nsproxy.h>
15 #include <linux/path.h>
16 #include <linux/sched.h>
17 #include <linux/slab.h>
18 #include <linux/fs_struct.h>
19
20 #include "include/apparmor.h"
21 #include "include/path.h"
22 #include "include/policy.h"
23
24 /* modified from dcache.c */
25 static int prepend(char **buffer, int buflen, const char *str, int namelen)
26 {
27 buflen -= namelen;
28 if (buflen < 0)
29 return -ENAMETOOLONG;
30 *buffer -= namelen;
31 memcpy(*buffer, str, namelen);
32 return 0;
33 }
34
35 #define CHROOT_NSCONNECT (PATH_CHROOT_REL | PATH_CHROOT_NSCONNECT)
36
37 /* If the path is not connected to the expected root,
38 * check if it is a sysctl and handle specially else remove any
39 * leading / that __d_path may have returned.
40 * Unless
41 * specifically directed to connect the path,
42 * OR
43 * if in a chroot and doing chroot relative paths and the path
44 * resolves to the namespace root (would be connected outside
45 * of chroot) and specifically directed to connect paths to
46 * namespace root.
47 */
48 static int disconnect(const struct path *path, char *buf, char **name,
49 int flags, const char *disconnected)
50 {
51 int error = 0;
52
53 if (!(flags & PATH_CONNECT_PATH) &&
54 !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) &&
55 our_mnt(path->mnt))) {
56 /* disconnected path, don't return pathname starting
57 * with '/'
58 */
59 error = -EACCES;
60 if (**name == '/')
61 *name = *name + 1;
62 } else {
63 if (**name != '/')
64 /* CONNECT_PATH with missing root */
65 error = prepend(name, *name - buf, "/", 1);
66 if (!error && disconnected)
67 error = prepend(name, *name - buf, disconnected,
68 strlen(disconnected));
69 }
70
71 return error;
72 }
73
74 /**
75 * d_namespace_path - lookup a name associated with a given path
76 * @path: path to lookup (NOT NULL)
77 * @buf: buffer to store path to (NOT NULL)
78 * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
79 * @flags: flags controlling path lookup
80 * @disconnected: string to prefix to disconnected paths
81 *
82 * Handle path name lookup.
83 *
84 * Returns: %0 else error code if path lookup fails
85 * When no error the path name is returned in @name which points to
86 * to a position in @buf
87 */
88 static int d_namespace_path(const struct path *path, char *buf, char **name,
89 int flags, const char *disconnected)
90 {
91 char *res;
92 int error = 0;
93 int connected = 1;
94 int isdir = (flags & PATH_IS_DIR) ? 1 : 0;
95 int buflen = aa_g_path_max - isdir;
96
97 if (path->mnt->mnt_flags & MNT_INTERNAL) {
98 /* it's not mounted anywhere */
99 res = dentry_path(path->dentry, buf, buflen);
100 *name = res;
101 if (IS_ERR(res)) {
102 *name = buf;
103 return PTR_ERR(res);
104 }
105 if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC &&
106 strncmp(*name, "/sys/", 5) == 0) {
107 /* TODO: convert over to using a per namespace
108 * control instead of hard coded /proc
109 */
110 error = prepend(name, *name - buf, "/proc", 5);
111 goto out;
112 } else
113 error = disconnect(path, buf, name, flags,
114 disconnected);
115 goto out;
116 }
117
118 /* resolve paths relative to chroot?*/
119 if (flags & PATH_CHROOT_REL) {
120 struct path root;
121 get_fs_root(current->fs, &root);
122 res = __d_path(path, &root, buf, buflen);
123 path_put(&root);
124 } else {
125 res = d_absolute_path(path, buf, buflen);
126 if (!our_mnt(path->mnt))
127 connected = 0;
128 }
129
130 /* handle error conditions - and still allow a partial path to
131 * be returned.
132 */
133 if (!res || IS_ERR(res)) {
134 if (PTR_ERR(res) == -ENAMETOOLONG) {
135 error = -ENAMETOOLONG;
136 *name = buf;
137 goto out;
138 }
139 connected = 0;
140 res = dentry_path_raw(path->dentry, buf, buflen);
141 if (IS_ERR(res)) {
142 error = PTR_ERR(res);
143 *name = buf;
144 goto out;
145 };
146 } else if (!our_mnt(path->mnt))
147 connected = 0;
148
149 *name = res;
150
151 if (!connected)
152 error = disconnect(path, buf, name, flags, disconnected);
153
154 /* Handle two cases:
155 * 1. A deleted dentry && profile is not allowing mediation of deleted
156 * 2. On some filesystems, newly allocated dentries appear to the
157 * security_path hooks as a deleted dentry except without an inode
158 * allocated.
159 */
160 if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
161 !(flags & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))) {
162 error = -ENOENT;
163 goto out;
164 }
165
166 out:
167 /*
168 * Append "/" to the pathname. The root directory is a special
169 * case; it already ends in slash.
170 */
171 if (!error && isdir && ((*name)[1] != '\0' || (*name)[0] != '/'))
172 strcpy(&buf[aa_g_path_max - 2], "/");
173
174 return error;
175 }
176
177 /**
178 * aa_path_name - get the pathname to a buffer ensure dir / is appended
179 * @path: path the file (NOT NULL)
180 * @flags: flags controlling path name generation
181 * @buffer: buffer to put name in (NOT NULL)
182 * @name: Returns - the generated path name if !error (NOT NULL)
183 * @info: Returns - information on why the path lookup failed (MAYBE NULL)
184 * @disconnected: string to prepend to disconnected paths
185 *
186 * @name is a pointer to the beginning of the pathname (which usually differs
187 * from the beginning of the buffer), or NULL. If there is an error @name
188 * may contain a partial or invalid name that can be used for audit purposes,
189 * but it can not be used for mediation.
190 *
191 * We need PATH_IS_DIR to indicate whether the file is a directory or not
192 * because the file may not yet exist, and so we cannot check the inode's
193 * file type.
194 *
195 * Returns: %0 else error code if could retrieve name
196 */
197 int aa_path_name(const struct path *path, int flags, char *buffer,
198 const char **name, const char **info, const char *disconnected)
199 {
200 char *str = NULL;
201 int error = d_namespace_path(path, buffer, &str, flags, disconnected);
202
203 if (info && error) {
204 if (error == -ENOENT)
205 *info = "Failed name lookup - deleted entry";
206 else if (error == -EACCES)
207 *info = "Failed name lookup - disconnected path";
208 else if (error == -ENAMETOOLONG)
209 *info = "Failed name lookup - name too long";
210 else
211 *info = "Failed name lookup";
212 }
213
214 *name = str;
215
216 return error;
217 }