Root/
1 | /* |
2 | * AppArmor security module |
3 | * |
4 | * This file contains AppArmor functions for unpacking policy loaded from |
5 | * userspace. |
6 | * |
7 | * Copyright (C) 1998-2008 Novell/SUSE |
8 | * Copyright 2009-2010 Canonical Ltd. |
9 | * |
10 | * This program is free software; you can redistribute it and/or |
11 | * modify it under the terms of the GNU General Public License as |
12 | * published by the Free Software Foundation, version 2 of the |
13 | * License. |
14 | * |
15 | * AppArmor uses a serialized binary format for loading policy. |
16 | * To find policy format documentation look in Documentation/apparmor.txt |
17 | * All policy is validated before it is used. |
18 | */ |
19 | |
20 | #include <asm/unaligned.h> |
21 | #include <linux/ctype.h> |
22 | #include <linux/errno.h> |
23 | |
24 | #include "include/apparmor.h" |
25 | #include "include/audit.h" |
26 | #include "include/context.h" |
27 | #include "include/match.h" |
28 | #include "include/policy.h" |
29 | #include "include/policy_unpack.h" |
30 | #include "include/sid.h" |
31 | |
32 | /* |
33 | * The AppArmor interface treats data as a type byte followed by the |
34 | * actual data. The interface has the notion of a a named entry |
35 | * which has a name (AA_NAME typecode followed by name string) followed by |
36 | * the entries typecode and data. Named types allow for optional |
37 | * elements and extensions to be added and tested for without breaking |
38 | * backwards compatibility. |
39 | */ |
40 | |
41 | enum aa_code { |
42 | AA_U8, |
43 | AA_U16, |
44 | AA_U32, |
45 | AA_U64, |
46 | AA_NAME, /* same as string except it is items name */ |
47 | AA_STRING, |
48 | AA_BLOB, |
49 | AA_STRUCT, |
50 | AA_STRUCTEND, |
51 | AA_LIST, |
52 | AA_LISTEND, |
53 | AA_ARRAY, |
54 | AA_ARRAYEND, |
55 | }; |
56 | |
57 | /* |
58 | * aa_ext is the read of the buffer containing the serialized profile. The |
59 | * data is copied into a kernel buffer in apparmorfs and then handed off to |
60 | * the unpack routines. |
61 | */ |
62 | struct aa_ext { |
63 | void *start; |
64 | void *end; |
65 | void *pos; /* pointer to current position in the buffer */ |
66 | u32 version; |
67 | }; |
68 | |
69 | /* audit callback for unpack fields */ |
70 | static void audit_cb(struct audit_buffer *ab, void *va) |
71 | { |
72 | struct common_audit_data *sa = va; |
73 | if (sa->aad.iface.target) { |
74 | struct aa_profile *name = sa->aad.iface.target; |
75 | audit_log_format(ab, " name="); |
76 | audit_log_untrustedstring(ab, name->base.hname); |
77 | } |
78 | if (sa->aad.iface.pos) |
79 | audit_log_format(ab, " offset=%ld", sa->aad.iface.pos); |
80 | } |
81 | |
82 | /** |
83 | * audit_iface - do audit message for policy unpacking/load/replace/remove |
84 | * @new: profile if it has been allocated (MAYBE NULL) |
85 | * @name: name of the profile being manipulated (MAYBE NULL) |
86 | * @info: any extra info about the failure (MAYBE NULL) |
87 | * @e: buffer position info (NOT NULL) |
88 | * @error: error code |
89 | * |
90 | * Returns: %0 or error |
91 | */ |
92 | static int audit_iface(struct aa_profile *new, const char *name, |
93 | const char *info, struct aa_ext *e, int error) |
94 | { |
95 | struct aa_profile *profile = __aa_current_profile(); |
96 | struct common_audit_data sa; |
97 | COMMON_AUDIT_DATA_INIT(&sa, NONE); |
98 | sa.aad.iface.pos = e->pos - e->start; |
99 | sa.aad.iface.target = new; |
100 | sa.aad.name = name; |
101 | sa.aad.info = info; |
102 | sa.aad.error = error; |
103 | |
104 | return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, |
105 | audit_cb); |
106 | } |
107 | |
108 | /* test if read will be in packed data bounds */ |
109 | static bool inbounds(struct aa_ext *e, size_t size) |
110 | { |
111 | return (size <= e->end - e->pos); |
112 | } |
113 | |
114 | /** |
115 | * aa_u16_chunck - test and do bounds checking for a u16 size based chunk |
116 | * @e: serialized data read head (NOT NULL) |
117 | * @chunk: start address for chunk of data (NOT NULL) |
118 | * |
119 | * Returns: the size of chunk found with the read head at the end of the chunk. |
120 | */ |
121 | static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk) |
122 | { |
123 | size_t size = 0; |
124 | |
125 | if (!inbounds(e, sizeof(u16))) |
126 | return 0; |
127 | size = le16_to_cpu(get_unaligned((u16 *) e->pos)); |
128 | e->pos += sizeof(u16); |
129 | if (!inbounds(e, size)) |
130 | return 0; |
131 | *chunk = e->pos; |
132 | e->pos += size; |
133 | return size; |
134 | } |
135 | |
136 | /* unpack control byte */ |
137 | static bool unpack_X(struct aa_ext *e, enum aa_code code) |
138 | { |
139 | if (!inbounds(e, 1)) |
140 | return 0; |
141 | if (*(u8 *) e->pos != code) |
142 | return 0; |
143 | e->pos++; |
144 | return 1; |
145 | } |
146 | |
147 | /** |
148 | * unpack_nameX - check is the next element is of type X with a name of @name |
149 | * @e: serialized data extent information (NOT NULL) |
150 | * @code: type code |
151 | * @name: name to match to the serialized element. (MAYBE NULL) |
152 | * |
153 | * check that the next serialized data element is of type X and has a tag |
154 | * name @name. If @name is specified then there must be a matching |
155 | * name element in the stream. If @name is NULL any name element will be |
156 | * skipped and only the typecode will be tested. |
157 | * |
158 | * Returns 1 on success (both type code and name tests match) and the read |
159 | * head is advanced past the headers |
160 | * |
161 | * Returns: 0 if either match fails, the read head does not move |
162 | */ |
163 | static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) |
164 | { |
165 | /* |
166 | * May need to reset pos if name or type doesn't match |
167 | */ |
168 | void *pos = e->pos; |
169 | /* |
170 | * Check for presence of a tagname, and if present name size |
171 | * AA_NAME tag value is a u16. |
172 | */ |
173 | if (unpack_X(e, AA_NAME)) { |
174 | char *tag = NULL; |
175 | size_t size = unpack_u16_chunk(e, &tag); |
176 | /* if a name is specified it must match. otherwise skip tag */ |
177 | if (name && (!size || strcmp(name, tag))) |
178 | goto fail; |
179 | } else if (name) { |
180 | /* if a name is specified and there is no name tag fail */ |
181 | goto fail; |
182 | } |
183 | |
184 | /* now check if type code matches */ |
185 | if (unpack_X(e, code)) |
186 | return 1; |
187 | |
188 | fail: |
189 | e->pos = pos; |
190 | return 0; |
191 | } |
192 | |
193 | static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) |
194 | { |
195 | if (unpack_nameX(e, AA_U32, name)) { |
196 | if (!inbounds(e, sizeof(u32))) |
197 | return 0; |
198 | if (data) |
199 | *data = le32_to_cpu(get_unaligned((u32 *) e->pos)); |
200 | e->pos += sizeof(u32); |
201 | return 1; |
202 | } |
203 | return 0; |
204 | } |
205 | |
206 | static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name) |
207 | { |
208 | if (unpack_nameX(e, AA_U64, name)) { |
209 | if (!inbounds(e, sizeof(u64))) |
210 | return 0; |
211 | if (data) |
212 | *data = le64_to_cpu(get_unaligned((u64 *) e->pos)); |
213 | e->pos += sizeof(u64); |
214 | return 1; |
215 | } |
216 | return 0; |
217 | } |
218 | |
219 | static size_t unpack_array(struct aa_ext *e, const char *name) |
220 | { |
221 | if (unpack_nameX(e, AA_ARRAY, name)) { |
222 | int size; |
223 | if (!inbounds(e, sizeof(u16))) |
224 | return 0; |
225 | size = (int)le16_to_cpu(get_unaligned((u16 *) e->pos)); |
226 | e->pos += sizeof(u16); |
227 | return size; |
228 | } |
229 | return 0; |
230 | } |
231 | |
232 | static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name) |
233 | { |
234 | if (unpack_nameX(e, AA_BLOB, name)) { |
235 | u32 size; |
236 | if (!inbounds(e, sizeof(u32))) |
237 | return 0; |
238 | size = le32_to_cpu(get_unaligned((u32 *) e->pos)); |
239 | e->pos += sizeof(u32); |
240 | if (inbounds(e, (size_t) size)) { |
241 | *blob = e->pos; |
242 | e->pos += size; |
243 | return size; |
244 | } |
245 | } |
246 | return 0; |
247 | } |
248 | |
249 | static int unpack_str(struct aa_ext *e, const char **string, const char *name) |
250 | { |
251 | char *src_str; |
252 | size_t size = 0; |
253 | void *pos = e->pos; |
254 | *string = NULL; |
255 | if (unpack_nameX(e, AA_STRING, name)) { |
256 | size = unpack_u16_chunk(e, &src_str); |
257 | if (size) { |
258 | /* strings are null terminated, length is size - 1 */ |
259 | if (src_str[size - 1] != 0) |
260 | goto fail; |
261 | *string = src_str; |
262 | } |
263 | } |
264 | return size; |
265 | |
266 | fail: |
267 | e->pos = pos; |
268 | return 0; |
269 | } |
270 | |
271 | static int unpack_strdup(struct aa_ext *e, char **string, const char *name) |
272 | { |
273 | const char *tmp; |
274 | void *pos = e->pos; |
275 | int res = unpack_str(e, &tmp, name); |
276 | *string = NULL; |
277 | |
278 | if (!res) |
279 | return 0; |
280 | |
281 | *string = kmemdup(tmp, res, GFP_KERNEL); |
282 | if (!*string) { |
283 | e->pos = pos; |
284 | return 0; |
285 | } |
286 | |
287 | return res; |
288 | } |
289 | |
290 | /** |
291 | * verify_accept - verify the accept tables of a dfa |
292 | * @dfa: dfa to verify accept tables of (NOT NULL) |
293 | * @flags: flags governing dfa |
294 | * |
295 | * Returns: 1 if valid accept tables else 0 if error |
296 | */ |
297 | static bool verify_accept(struct aa_dfa *dfa, int flags) |
298 | { |
299 | int i; |
300 | |
301 | /* verify accept permissions */ |
302 | for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { |
303 | int mode = ACCEPT_TABLE(dfa)[i]; |
304 | |
305 | if (mode & ~DFA_VALID_PERM_MASK) |
306 | return 0; |
307 | |
308 | if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) |
309 | return 0; |
310 | } |
311 | return 1; |
312 | } |
313 | |
314 | /** |
315 | * unpack_dfa - unpack a file rule dfa |
316 | * @e: serialized data extent information (NOT NULL) |
317 | * |
318 | * returns dfa or ERR_PTR or NULL if no dfa |
319 | */ |
320 | static struct aa_dfa *unpack_dfa(struct aa_ext *e) |
321 | { |
322 | char *blob = NULL; |
323 | size_t size; |
324 | struct aa_dfa *dfa = NULL; |
325 | |
326 | size = unpack_blob(e, &blob, "aadfa"); |
327 | if (size) { |
328 | /* |
329 | * The dfa is aligned with in the blob to 8 bytes |
330 | * from the beginning of the stream. |
331 | */ |
332 | size_t sz = blob - (char *)e->start; |
333 | size_t pad = ALIGN(sz, 8) - sz; |
334 | int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) | |
335 | TO_ACCEPT2_FLAG(YYTD_DATA32); |
336 | |
337 | |
338 | if (aa_g_paranoid_load) |
339 | flags |= DFA_FLAG_VERIFY_STATES; |
340 | |
341 | dfa = aa_dfa_unpack(blob + pad, size - pad, flags); |
342 | |
343 | if (IS_ERR(dfa)) |
344 | return dfa; |
345 | |
346 | if (!verify_accept(dfa, flags)) |
347 | goto fail; |
348 | } |
349 | |
350 | return dfa; |
351 | |
352 | fail: |
353 | aa_put_dfa(dfa); |
354 | return ERR_PTR(-EPROTO); |
355 | } |
356 | |
357 | /** |
358 | * unpack_trans_table - unpack a profile transition table |
359 | * @e: serialized data extent information (NOT NULL) |
360 | * @profile: profile to add the accept table to (NOT NULL) |
361 | * |
362 | * Returns: 1 if table succesfully unpacked |
363 | */ |
364 | static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) |
365 | { |
366 | void *pos = e->pos; |
367 | |
368 | /* exec table is optional */ |
369 | if (unpack_nameX(e, AA_STRUCT, "xtable")) { |
370 | int i, size; |
371 | |
372 | size = unpack_array(e, NULL); |
373 | /* currently 4 exec bits and entries 0-3 are reserved iupcx */ |
374 | if (size > 16 - 4) |
375 | goto fail; |
376 | profile->file.trans.table = kzalloc(sizeof(char *) * size, |
377 | GFP_KERNEL); |
378 | if (!profile->file.trans.table) |
379 | goto fail; |
380 | |
381 | profile->file.trans.size = size; |
382 | for (i = 0; i < size; i++) { |
383 | char *str; |
384 | int c, j, size = unpack_strdup(e, &str, NULL); |
385 | /* unpack_strdup verifies that the last character is |
386 | * null termination byte. |
387 | */ |
388 | if (!size) |
389 | goto fail; |
390 | profile->file.trans.table[i] = str; |
391 | /* verify that name doesn't start with space */ |
392 | if (isspace(*str)) |
393 | goto fail; |
394 | |
395 | /* count internal # of internal \0 */ |
396 | for (c = j = 0; j < size - 2; j++) { |
397 | if (!str[j]) |
398 | c++; |
399 | } |
400 | if (*str == ':') { |
401 | /* beginning with : requires an embedded \0, |
402 | * verify that exactly 1 internal \0 exists |
403 | * trailing \0 already verified by unpack_strdup |
404 | */ |
405 | if (c != 1) |
406 | goto fail; |
407 | /* first character after : must be valid */ |
408 | if (!str[1]) |
409 | goto fail; |
410 | } else if (c) |
411 | /* fail - all other cases with embedded \0 */ |
412 | goto fail; |
413 | } |
414 | if (!unpack_nameX(e, AA_ARRAYEND, NULL)) |
415 | goto fail; |
416 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
417 | goto fail; |
418 | } |
419 | return 1; |
420 | |
421 | fail: |
422 | aa_free_domain_entries(&profile->file.trans); |
423 | e->pos = pos; |
424 | return 0; |
425 | } |
426 | |
427 | static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) |
428 | { |
429 | void *pos = e->pos; |
430 | |
431 | /* rlimits are optional */ |
432 | if (unpack_nameX(e, AA_STRUCT, "rlimits")) { |
433 | int i, size; |
434 | u32 tmp = 0; |
435 | if (!unpack_u32(e, &tmp, NULL)) |
436 | goto fail; |
437 | profile->rlimits.mask = tmp; |
438 | |
439 | size = unpack_array(e, NULL); |
440 | if (size > RLIM_NLIMITS) |
441 | goto fail; |
442 | for (i = 0; i < size; i++) { |
443 | u64 tmp = 0; |
444 | int a = aa_map_resource(i); |
445 | if (!unpack_u64(e, &tmp, NULL)) |
446 | goto fail; |
447 | profile->rlimits.limits[a].rlim_max = tmp; |
448 | } |
449 | if (!unpack_nameX(e, AA_ARRAYEND, NULL)) |
450 | goto fail; |
451 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
452 | goto fail; |
453 | } |
454 | return 1; |
455 | |
456 | fail: |
457 | e->pos = pos; |
458 | return 0; |
459 | } |
460 | |
461 | /** |
462 | * unpack_profile - unpack a serialized profile |
463 | * @e: serialized data extent information (NOT NULL) |
464 | * |
465 | * NOTE: unpack profile sets audit struct if there is a failure |
466 | */ |
467 | static struct aa_profile *unpack_profile(struct aa_ext *e) |
468 | { |
469 | struct aa_profile *profile = NULL; |
470 | const char *name = NULL; |
471 | int error = -EPROTO; |
472 | kernel_cap_t tmpcap; |
473 | u32 tmp; |
474 | |
475 | /* check that we have the right struct being passed */ |
476 | if (!unpack_nameX(e, AA_STRUCT, "profile")) |
477 | goto fail; |
478 | if (!unpack_str(e, &name, NULL)) |
479 | goto fail; |
480 | |
481 | profile = aa_alloc_profile(name); |
482 | if (!profile) |
483 | return ERR_PTR(-ENOMEM); |
484 | |
485 | /* profile renaming is optional */ |
486 | (void) unpack_str(e, &profile->rename, "rename"); |
487 | |
488 | /* xmatch is optional and may be NULL */ |
489 | profile->xmatch = unpack_dfa(e); |
490 | if (IS_ERR(profile->xmatch)) { |
491 | error = PTR_ERR(profile->xmatch); |
492 | profile->xmatch = NULL; |
493 | goto fail; |
494 | } |
495 | /* xmatch_len is not optional if xmatch is set */ |
496 | if (profile->xmatch) { |
497 | if (!unpack_u32(e, &tmp, NULL)) |
498 | goto fail; |
499 | profile->xmatch_len = tmp; |
500 | } |
501 | |
502 | /* per profile debug flags (complain, audit) */ |
503 | if (!unpack_nameX(e, AA_STRUCT, "flags")) |
504 | goto fail; |
505 | if (!unpack_u32(e, &tmp, NULL)) |
506 | goto fail; |
507 | if (tmp) |
508 | profile->flags |= PFLAG_HAT; |
509 | if (!unpack_u32(e, &tmp, NULL)) |
510 | goto fail; |
511 | if (tmp) |
512 | profile->mode = APPARMOR_COMPLAIN; |
513 | if (!unpack_u32(e, &tmp, NULL)) |
514 | goto fail; |
515 | if (tmp) |
516 | profile->audit = AUDIT_ALL; |
517 | |
518 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
519 | goto fail; |
520 | |
521 | /* path_flags is optional */ |
522 | if (unpack_u32(e, &profile->path_flags, "path_flags")) |
523 | profile->path_flags |= profile->flags & PFLAG_MEDIATE_DELETED; |
524 | else |
525 | /* set a default value if path_flags field is not present */ |
526 | profile->path_flags = PFLAG_MEDIATE_DELETED; |
527 | |
528 | if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) |
529 | goto fail; |
530 | if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) |
531 | goto fail; |
532 | if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) |
533 | goto fail; |
534 | if (!unpack_u32(e, &tmpcap.cap[0], NULL)) |
535 | goto fail; |
536 | |
537 | if (unpack_nameX(e, AA_STRUCT, "caps64")) { |
538 | /* optional upper half of 64 bit caps */ |
539 | if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) |
540 | goto fail; |
541 | if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) |
542 | goto fail; |
543 | if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) |
544 | goto fail; |
545 | if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) |
546 | goto fail; |
547 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
548 | goto fail; |
549 | } |
550 | |
551 | if (unpack_nameX(e, AA_STRUCT, "capsx")) { |
552 | /* optional extended caps mediation mask */ |
553 | if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) |
554 | goto fail; |
555 | if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) |
556 | goto fail; |
557 | } |
558 | |
559 | if (!unpack_rlimits(e, profile)) |
560 | goto fail; |
561 | |
562 | /* get file rules */ |
563 | profile->file.dfa = unpack_dfa(e); |
564 | if (IS_ERR(profile->file.dfa)) { |
565 | error = PTR_ERR(profile->file.dfa); |
566 | profile->file.dfa = NULL; |
567 | goto fail; |
568 | } |
569 | |
570 | if (!unpack_u32(e, &profile->file.start, "dfa_start")) |
571 | /* default start state */ |
572 | profile->file.start = DFA_START; |
573 | |
574 | if (!unpack_trans_table(e, profile)) |
575 | goto fail; |
576 | |
577 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
578 | goto fail; |
579 | |
580 | return profile; |
581 | |
582 | fail: |
583 | if (profile) |
584 | name = NULL; |
585 | else if (!name) |
586 | name = "unknown"; |
587 | audit_iface(profile, name, "failed to unpack profile", e, error); |
588 | aa_put_profile(profile); |
589 | |
590 | return ERR_PTR(error); |
591 | } |
592 | |
593 | /** |
594 | * verify_head - unpack serialized stream header |
595 | * @e: serialized data read head (NOT NULL) |
596 | * @ns: Returns - namespace if one is specified else NULL (NOT NULL) |
597 | * |
598 | * Returns: error or 0 if header is good |
599 | */ |
600 | static int verify_header(struct aa_ext *e, const char **ns) |
601 | { |
602 | int error = -EPROTONOSUPPORT; |
603 | /* get the interface version */ |
604 | if (!unpack_u32(e, &e->version, "version")) { |
605 | audit_iface(NULL, NULL, "invalid profile format", e, error); |
606 | return error; |
607 | } |
608 | |
609 | /* check that the interface version is currently supported */ |
610 | if (e->version != 5) { |
611 | audit_iface(NULL, NULL, "unsupported interface version", e, |
612 | error); |
613 | return error; |
614 | } |
615 | |
616 | /* read the namespace if present */ |
617 | if (!unpack_str(e, ns, "namespace")) |
618 | *ns = NULL; |
619 | |
620 | return 0; |
621 | } |
622 | |
623 | static bool verify_xindex(int xindex, int table_size) |
624 | { |
625 | int index, xtype; |
626 | xtype = xindex & AA_X_TYPE_MASK; |
627 | index = xindex & AA_X_INDEX_MASK; |
628 | if (xtype == AA_X_TABLE && index > table_size) |
629 | return 0; |
630 | return 1; |
631 | } |
632 | |
633 | /* verify dfa xindexes are in range of transition tables */ |
634 | static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size) |
635 | { |
636 | int i; |
637 | for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { |
638 | if (!verify_xindex(dfa_user_xindex(dfa, i), table_size)) |
639 | return 0; |
640 | if (!verify_xindex(dfa_other_xindex(dfa, i), table_size)) |
641 | return 0; |
642 | } |
643 | return 1; |
644 | } |
645 | |
646 | /** |
647 | * verify_profile - Do post unpack analysis to verify profile consistency |
648 | * @profile: profile to verify (NOT NULL) |
649 | * |
650 | * Returns: 0 if passes verification else error |
651 | */ |
652 | static int verify_profile(struct aa_profile *profile) |
653 | { |
654 | if (aa_g_paranoid_load) { |
655 | if (profile->file.dfa && |
656 | !verify_dfa_xindex(profile->file.dfa, |
657 | profile->file.trans.size)) { |
658 | audit_iface(profile, NULL, "Invalid named transition", |
659 | NULL, -EPROTO); |
660 | return -EPROTO; |
661 | } |
662 | } |
663 | |
664 | return 0; |
665 | } |
666 | |
667 | /** |
668 | * aa_unpack - unpack packed binary profile data loaded from user space |
669 | * @udata: user data copied to kmem (NOT NULL) |
670 | * @size: the size of the user data |
671 | * @ns: Returns namespace profile is in if specified else NULL (NOT NULL) |
672 | * |
673 | * Unpack user data and return refcounted allocated profile or ERR_PTR |
674 | * |
675 | * Returns: profile else error pointer if fails to unpack |
676 | */ |
677 | struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns) |
678 | { |
679 | struct aa_profile *profile = NULL; |
680 | int error; |
681 | struct aa_ext e = { |
682 | .start = udata, |
683 | .end = udata + size, |
684 | .pos = udata, |
685 | }; |
686 | |
687 | error = verify_header(&e, ns); |
688 | if (error) |
689 | return ERR_PTR(error); |
690 | |
691 | profile = unpack_profile(&e); |
692 | if (IS_ERR(profile)) |
693 | return profile; |
694 | |
695 | error = verify_profile(profile); |
696 | if (error) { |
697 | aa_put_profile(profile); |
698 | profile = ERR_PTR(error); |
699 | } |
700 | |
701 | /* return refcount */ |
702 | return profile; |
703 | } |
704 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9