Root/
1 | /* |
2 | * AppArmor security module |
3 | * |
4 | * This file contains AppArmor functions for unpacking policy loaded from |
5 | * userspace. |
6 | * |
7 | * Copyright (C) 1998-2008 Novell/SUSE |
8 | * Copyright 2009-2010 Canonical Ltd. |
9 | * |
10 | * This program is free software; you can redistribute it and/or |
11 | * modify it under the terms of the GNU General Public License as |
12 | * published by the Free Software Foundation, version 2 of the |
13 | * License. |
14 | * |
15 | * AppArmor uses a serialized binary format for loading policy. To find |
16 | * policy format documentation look in Documentation/security/apparmor.txt |
17 | * All policy is validated before it is used. |
18 | */ |
19 | |
20 | #include <asm/unaligned.h> |
21 | #include <linux/ctype.h> |
22 | #include <linux/errno.h> |
23 | |
24 | #include "include/apparmor.h" |
25 | #include "include/audit.h" |
26 | #include "include/context.h" |
27 | #include "include/match.h" |
28 | #include "include/policy.h" |
29 | #include "include/policy_unpack.h" |
30 | #include "include/sid.h" |
31 | |
32 | /* |
33 | * The AppArmor interface treats data as a type byte followed by the |
34 | * actual data. The interface has the notion of a a named entry |
35 | * which has a name (AA_NAME typecode followed by name string) followed by |
36 | * the entries typecode and data. Named types allow for optional |
37 | * elements and extensions to be added and tested for without breaking |
38 | * backwards compatibility. |
39 | */ |
40 | |
41 | enum aa_code { |
42 | AA_U8, |
43 | AA_U16, |
44 | AA_U32, |
45 | AA_U64, |
46 | AA_NAME, /* same as string except it is items name */ |
47 | AA_STRING, |
48 | AA_BLOB, |
49 | AA_STRUCT, |
50 | AA_STRUCTEND, |
51 | AA_LIST, |
52 | AA_LISTEND, |
53 | AA_ARRAY, |
54 | AA_ARRAYEND, |
55 | }; |
56 | |
57 | /* |
58 | * aa_ext is the read of the buffer containing the serialized profile. The |
59 | * data is copied into a kernel buffer in apparmorfs and then handed off to |
60 | * the unpack routines. |
61 | */ |
62 | struct aa_ext { |
63 | void *start; |
64 | void *end; |
65 | void *pos; /* pointer to current position in the buffer */ |
66 | u32 version; |
67 | }; |
68 | |
69 | /* audit callback for unpack fields */ |
70 | static void audit_cb(struct audit_buffer *ab, void *va) |
71 | { |
72 | struct common_audit_data *sa = va; |
73 | if (sa->aad->iface.target) { |
74 | struct aa_profile *name = sa->aad->iface.target; |
75 | audit_log_format(ab, " name="); |
76 | audit_log_untrustedstring(ab, name->base.hname); |
77 | } |
78 | if (sa->aad->iface.pos) |
79 | audit_log_format(ab, " offset=%ld", sa->aad->iface.pos); |
80 | } |
81 | |
82 | /** |
83 | * audit_iface - do audit message for policy unpacking/load/replace/remove |
84 | * @new: profile if it has been allocated (MAYBE NULL) |
85 | * @name: name of the profile being manipulated (MAYBE NULL) |
86 | * @info: any extra info about the failure (MAYBE NULL) |
87 | * @e: buffer position info |
88 | * @error: error code |
89 | * |
90 | * Returns: %0 or error |
91 | */ |
92 | static int audit_iface(struct aa_profile *new, const char *name, |
93 | const char *info, struct aa_ext *e, int error) |
94 | { |
95 | struct aa_profile *profile = __aa_current_profile(); |
96 | struct common_audit_data sa; |
97 | struct apparmor_audit_data aad = {0,}; |
98 | COMMON_AUDIT_DATA_INIT(&sa, NONE); |
99 | sa.aad = &aad; |
100 | if (e) |
101 | aad.iface.pos = e->pos - e->start; |
102 | aad.iface.target = new; |
103 | aad.name = name; |
104 | aad.info = info; |
105 | aad.error = error; |
106 | |
107 | return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, |
108 | audit_cb); |
109 | } |
110 | |
111 | /* test if read will be in packed data bounds */ |
112 | static bool inbounds(struct aa_ext *e, size_t size) |
113 | { |
114 | return (size <= e->end - e->pos); |
115 | } |
116 | |
117 | /** |
118 | * aa_u16_chunck - test and do bounds checking for a u16 size based chunk |
119 | * @e: serialized data read head (NOT NULL) |
120 | * @chunk: start address for chunk of data (NOT NULL) |
121 | * |
122 | * Returns: the size of chunk found with the read head at the end of the chunk. |
123 | */ |
124 | static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk) |
125 | { |
126 | size_t size = 0; |
127 | |
128 | if (!inbounds(e, sizeof(u16))) |
129 | return 0; |
130 | size = le16_to_cpu(get_unaligned((u16 *) e->pos)); |
131 | e->pos += sizeof(u16); |
132 | if (!inbounds(e, size)) |
133 | return 0; |
134 | *chunk = e->pos; |
135 | e->pos += size; |
136 | return size; |
137 | } |
138 | |
139 | /* unpack control byte */ |
140 | static bool unpack_X(struct aa_ext *e, enum aa_code code) |
141 | { |
142 | if (!inbounds(e, 1)) |
143 | return 0; |
144 | if (*(u8 *) e->pos != code) |
145 | return 0; |
146 | e->pos++; |
147 | return 1; |
148 | } |
149 | |
150 | /** |
151 | * unpack_nameX - check is the next element is of type X with a name of @name |
152 | * @e: serialized data extent information (NOT NULL) |
153 | * @code: type code |
154 | * @name: name to match to the serialized element. (MAYBE NULL) |
155 | * |
156 | * check that the next serialized data element is of type X and has a tag |
157 | * name @name. If @name is specified then there must be a matching |
158 | * name element in the stream. If @name is NULL any name element will be |
159 | * skipped and only the typecode will be tested. |
160 | * |
161 | * Returns 1 on success (both type code and name tests match) and the read |
162 | * head is advanced past the headers |
163 | * |
164 | * Returns: 0 if either match fails, the read head does not move |
165 | */ |
166 | static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) |
167 | { |
168 | /* |
169 | * May need to reset pos if name or type doesn't match |
170 | */ |
171 | void *pos = e->pos; |
172 | /* |
173 | * Check for presence of a tagname, and if present name size |
174 | * AA_NAME tag value is a u16. |
175 | */ |
176 | if (unpack_X(e, AA_NAME)) { |
177 | char *tag = NULL; |
178 | size_t size = unpack_u16_chunk(e, &tag); |
179 | /* if a name is specified it must match. otherwise skip tag */ |
180 | if (name && (!size || strcmp(name, tag))) |
181 | goto fail; |
182 | } else if (name) { |
183 | /* if a name is specified and there is no name tag fail */ |
184 | goto fail; |
185 | } |
186 | |
187 | /* now check if type code matches */ |
188 | if (unpack_X(e, code)) |
189 | return 1; |
190 | |
191 | fail: |
192 | e->pos = pos; |
193 | return 0; |
194 | } |
195 | |
196 | static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) |
197 | { |
198 | if (unpack_nameX(e, AA_U32, name)) { |
199 | if (!inbounds(e, sizeof(u32))) |
200 | return 0; |
201 | if (data) |
202 | *data = le32_to_cpu(get_unaligned((u32 *) e->pos)); |
203 | e->pos += sizeof(u32); |
204 | return 1; |
205 | } |
206 | return 0; |
207 | } |
208 | |
209 | static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name) |
210 | { |
211 | if (unpack_nameX(e, AA_U64, name)) { |
212 | if (!inbounds(e, sizeof(u64))) |
213 | return 0; |
214 | if (data) |
215 | *data = le64_to_cpu(get_unaligned((u64 *) e->pos)); |
216 | e->pos += sizeof(u64); |
217 | return 1; |
218 | } |
219 | return 0; |
220 | } |
221 | |
222 | static size_t unpack_array(struct aa_ext *e, const char *name) |
223 | { |
224 | if (unpack_nameX(e, AA_ARRAY, name)) { |
225 | int size; |
226 | if (!inbounds(e, sizeof(u16))) |
227 | return 0; |
228 | size = (int)le16_to_cpu(get_unaligned((u16 *) e->pos)); |
229 | e->pos += sizeof(u16); |
230 | return size; |
231 | } |
232 | return 0; |
233 | } |
234 | |
235 | static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name) |
236 | { |
237 | if (unpack_nameX(e, AA_BLOB, name)) { |
238 | u32 size; |
239 | if (!inbounds(e, sizeof(u32))) |
240 | return 0; |
241 | size = le32_to_cpu(get_unaligned((u32 *) e->pos)); |
242 | e->pos += sizeof(u32); |
243 | if (inbounds(e, (size_t) size)) { |
244 | *blob = e->pos; |
245 | e->pos += size; |
246 | return size; |
247 | } |
248 | } |
249 | return 0; |
250 | } |
251 | |
252 | static int unpack_str(struct aa_ext *e, const char **string, const char *name) |
253 | { |
254 | char *src_str; |
255 | size_t size = 0; |
256 | void *pos = e->pos; |
257 | *string = NULL; |
258 | if (unpack_nameX(e, AA_STRING, name)) { |
259 | size = unpack_u16_chunk(e, &src_str); |
260 | if (size) { |
261 | /* strings are null terminated, length is size - 1 */ |
262 | if (src_str[size - 1] != 0) |
263 | goto fail; |
264 | *string = src_str; |
265 | } |
266 | } |
267 | return size; |
268 | |
269 | fail: |
270 | e->pos = pos; |
271 | return 0; |
272 | } |
273 | |
274 | static int unpack_strdup(struct aa_ext *e, char **string, const char *name) |
275 | { |
276 | const char *tmp; |
277 | void *pos = e->pos; |
278 | int res = unpack_str(e, &tmp, name); |
279 | *string = NULL; |
280 | |
281 | if (!res) |
282 | return 0; |
283 | |
284 | *string = kmemdup(tmp, res, GFP_KERNEL); |
285 | if (!*string) { |
286 | e->pos = pos; |
287 | return 0; |
288 | } |
289 | |
290 | return res; |
291 | } |
292 | |
293 | /** |
294 | * verify_accept - verify the accept tables of a dfa |
295 | * @dfa: dfa to verify accept tables of (NOT NULL) |
296 | * @flags: flags governing dfa |
297 | * |
298 | * Returns: 1 if valid accept tables else 0 if error |
299 | */ |
300 | static bool verify_accept(struct aa_dfa *dfa, int flags) |
301 | { |
302 | int i; |
303 | |
304 | /* verify accept permissions */ |
305 | for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { |
306 | int mode = ACCEPT_TABLE(dfa)[i]; |
307 | |
308 | if (mode & ~DFA_VALID_PERM_MASK) |
309 | return 0; |
310 | |
311 | if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK) |
312 | return 0; |
313 | } |
314 | return 1; |
315 | } |
316 | |
317 | /** |
318 | * unpack_dfa - unpack a file rule dfa |
319 | * @e: serialized data extent information (NOT NULL) |
320 | * |
321 | * returns dfa or ERR_PTR or NULL if no dfa |
322 | */ |
323 | static struct aa_dfa *unpack_dfa(struct aa_ext *e) |
324 | { |
325 | char *blob = NULL; |
326 | size_t size; |
327 | struct aa_dfa *dfa = NULL; |
328 | |
329 | size = unpack_blob(e, &blob, "aadfa"); |
330 | if (size) { |
331 | /* |
332 | * The dfa is aligned with in the blob to 8 bytes |
333 | * from the beginning of the stream. |
334 | */ |
335 | size_t sz = blob - (char *)e->start; |
336 | size_t pad = ALIGN(sz, 8) - sz; |
337 | int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) | |
338 | TO_ACCEPT2_FLAG(YYTD_DATA32); |
339 | |
340 | |
341 | if (aa_g_paranoid_load) |
342 | flags |= DFA_FLAG_VERIFY_STATES; |
343 | |
344 | dfa = aa_dfa_unpack(blob + pad, size - pad, flags); |
345 | |
346 | if (IS_ERR(dfa)) |
347 | return dfa; |
348 | |
349 | if (!verify_accept(dfa, flags)) |
350 | goto fail; |
351 | } |
352 | |
353 | return dfa; |
354 | |
355 | fail: |
356 | aa_put_dfa(dfa); |
357 | return ERR_PTR(-EPROTO); |
358 | } |
359 | |
360 | /** |
361 | * unpack_trans_table - unpack a profile transition table |
362 | * @e: serialized data extent information (NOT NULL) |
363 | * @profile: profile to add the accept table to (NOT NULL) |
364 | * |
365 | * Returns: 1 if table successfully unpacked |
366 | */ |
367 | static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) |
368 | { |
369 | void *pos = e->pos; |
370 | |
371 | /* exec table is optional */ |
372 | if (unpack_nameX(e, AA_STRUCT, "xtable")) { |
373 | int i, size; |
374 | |
375 | size = unpack_array(e, NULL); |
376 | /* currently 4 exec bits and entries 0-3 are reserved iupcx */ |
377 | if (size > 16 - 4) |
378 | goto fail; |
379 | profile->file.trans.table = kzalloc(sizeof(char *) * size, |
380 | GFP_KERNEL); |
381 | if (!profile->file.trans.table) |
382 | goto fail; |
383 | |
384 | profile->file.trans.size = size; |
385 | for (i = 0; i < size; i++) { |
386 | char *str; |
387 | int c, j, size2 = unpack_strdup(e, &str, NULL); |
388 | /* unpack_strdup verifies that the last character is |
389 | * null termination byte. |
390 | */ |
391 | if (!size2) |
392 | goto fail; |
393 | profile->file.trans.table[i] = str; |
394 | /* verify that name doesn't start with space */ |
395 | if (isspace(*str)) |
396 | goto fail; |
397 | |
398 | /* count internal # of internal \0 */ |
399 | for (c = j = 0; j < size2 - 2; j++) { |
400 | if (!str[j]) |
401 | c++; |
402 | } |
403 | if (*str == ':') { |
404 | /* beginning with : requires an embedded \0, |
405 | * verify that exactly 1 internal \0 exists |
406 | * trailing \0 already verified by unpack_strdup |
407 | */ |
408 | if (c != 1) |
409 | goto fail; |
410 | /* first character after : must be valid */ |
411 | if (!str[1]) |
412 | goto fail; |
413 | } else if (c) |
414 | /* fail - all other cases with embedded \0 */ |
415 | goto fail; |
416 | } |
417 | if (!unpack_nameX(e, AA_ARRAYEND, NULL)) |
418 | goto fail; |
419 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
420 | goto fail; |
421 | } |
422 | return 1; |
423 | |
424 | fail: |
425 | aa_free_domain_entries(&profile->file.trans); |
426 | e->pos = pos; |
427 | return 0; |
428 | } |
429 | |
430 | static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) |
431 | { |
432 | void *pos = e->pos; |
433 | |
434 | /* rlimits are optional */ |
435 | if (unpack_nameX(e, AA_STRUCT, "rlimits")) { |
436 | int i, size; |
437 | u32 tmp = 0; |
438 | if (!unpack_u32(e, &tmp, NULL)) |
439 | goto fail; |
440 | profile->rlimits.mask = tmp; |
441 | |
442 | size = unpack_array(e, NULL); |
443 | if (size > RLIM_NLIMITS) |
444 | goto fail; |
445 | for (i = 0; i < size; i++) { |
446 | u64 tmp2 = 0; |
447 | int a = aa_map_resource(i); |
448 | if (!unpack_u64(e, &tmp2, NULL)) |
449 | goto fail; |
450 | profile->rlimits.limits[a].rlim_max = tmp2; |
451 | } |
452 | if (!unpack_nameX(e, AA_ARRAYEND, NULL)) |
453 | goto fail; |
454 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
455 | goto fail; |
456 | } |
457 | return 1; |
458 | |
459 | fail: |
460 | e->pos = pos; |
461 | return 0; |
462 | } |
463 | |
464 | /** |
465 | * unpack_profile - unpack a serialized profile |
466 | * @e: serialized data extent information (NOT NULL) |
467 | * |
468 | * NOTE: unpack profile sets audit struct if there is a failure |
469 | */ |
470 | static struct aa_profile *unpack_profile(struct aa_ext *e) |
471 | { |
472 | struct aa_profile *profile = NULL; |
473 | const char *name = NULL; |
474 | int i, error = -EPROTO; |
475 | kernel_cap_t tmpcap; |
476 | u32 tmp; |
477 | |
478 | /* check that we have the right struct being passed */ |
479 | if (!unpack_nameX(e, AA_STRUCT, "profile")) |
480 | goto fail; |
481 | if (!unpack_str(e, &name, NULL)) |
482 | goto fail; |
483 | |
484 | profile = aa_alloc_profile(name); |
485 | if (!profile) |
486 | return ERR_PTR(-ENOMEM); |
487 | |
488 | /* profile renaming is optional */ |
489 | (void) unpack_str(e, &profile->rename, "rename"); |
490 | |
491 | /* xmatch is optional and may be NULL */ |
492 | profile->xmatch = unpack_dfa(e); |
493 | if (IS_ERR(profile->xmatch)) { |
494 | error = PTR_ERR(profile->xmatch); |
495 | profile->xmatch = NULL; |
496 | goto fail; |
497 | } |
498 | /* xmatch_len is not optional if xmatch is set */ |
499 | if (profile->xmatch) { |
500 | if (!unpack_u32(e, &tmp, NULL)) |
501 | goto fail; |
502 | profile->xmatch_len = tmp; |
503 | } |
504 | |
505 | /* per profile debug flags (complain, audit) */ |
506 | if (!unpack_nameX(e, AA_STRUCT, "flags")) |
507 | goto fail; |
508 | if (!unpack_u32(e, &tmp, NULL)) |
509 | goto fail; |
510 | if (tmp) |
511 | profile->flags |= PFLAG_HAT; |
512 | if (!unpack_u32(e, &tmp, NULL)) |
513 | goto fail; |
514 | if (tmp) |
515 | profile->mode = APPARMOR_COMPLAIN; |
516 | if (!unpack_u32(e, &tmp, NULL)) |
517 | goto fail; |
518 | if (tmp) |
519 | profile->audit = AUDIT_ALL; |
520 | |
521 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
522 | goto fail; |
523 | |
524 | /* path_flags is optional */ |
525 | if (unpack_u32(e, &profile->path_flags, "path_flags")) |
526 | profile->path_flags |= profile->flags & PFLAG_MEDIATE_DELETED; |
527 | else |
528 | /* set a default value if path_flags field is not present */ |
529 | profile->path_flags = PFLAG_MEDIATE_DELETED; |
530 | |
531 | if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) |
532 | goto fail; |
533 | if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) |
534 | goto fail; |
535 | if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) |
536 | goto fail; |
537 | if (!unpack_u32(e, &tmpcap.cap[0], NULL)) |
538 | goto fail; |
539 | |
540 | if (unpack_nameX(e, AA_STRUCT, "caps64")) { |
541 | /* optional upper half of 64 bit caps */ |
542 | if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) |
543 | goto fail; |
544 | if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) |
545 | goto fail; |
546 | if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) |
547 | goto fail; |
548 | if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) |
549 | goto fail; |
550 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
551 | goto fail; |
552 | } |
553 | |
554 | if (unpack_nameX(e, AA_STRUCT, "capsx")) { |
555 | /* optional extended caps mediation mask */ |
556 | if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) |
557 | goto fail; |
558 | if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) |
559 | goto fail; |
560 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
561 | goto fail; |
562 | } |
563 | |
564 | if (!unpack_rlimits(e, profile)) |
565 | goto fail; |
566 | |
567 | if (unpack_nameX(e, AA_STRUCT, "policydb")) { |
568 | /* generic policy dfa - optional and may be NULL */ |
569 | profile->policy.dfa = unpack_dfa(e); |
570 | if (IS_ERR(profile->policy.dfa)) { |
571 | error = PTR_ERR(profile->policy.dfa); |
572 | profile->policy.dfa = NULL; |
573 | goto fail; |
574 | } |
575 | if (!unpack_u32(e, &profile->policy.start[0], "start")) |
576 | /* default start state */ |
577 | profile->policy.start[0] = DFA_START; |
578 | /* setup class index */ |
579 | for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) { |
580 | profile->policy.start[i] = |
581 | aa_dfa_next(profile->policy.dfa, |
582 | profile->policy.start[0], |
583 | i); |
584 | } |
585 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
586 | goto fail; |
587 | } |
588 | |
589 | /* get file rules */ |
590 | profile->file.dfa = unpack_dfa(e); |
591 | if (IS_ERR(profile->file.dfa)) { |
592 | error = PTR_ERR(profile->file.dfa); |
593 | profile->file.dfa = NULL; |
594 | goto fail; |
595 | } |
596 | |
597 | if (!unpack_u32(e, &profile->file.start, "dfa_start")) |
598 | /* default start state */ |
599 | profile->file.start = DFA_START; |
600 | |
601 | if (!unpack_trans_table(e, profile)) |
602 | goto fail; |
603 | |
604 | if (!unpack_nameX(e, AA_STRUCTEND, NULL)) |
605 | goto fail; |
606 | |
607 | return profile; |
608 | |
609 | fail: |
610 | if (profile) |
611 | name = NULL; |
612 | else if (!name) |
613 | name = "unknown"; |
614 | audit_iface(profile, name, "failed to unpack profile", e, error); |
615 | aa_put_profile(profile); |
616 | |
617 | return ERR_PTR(error); |
618 | } |
619 | |
620 | /** |
621 | * verify_head - unpack serialized stream header |
622 | * @e: serialized data read head (NOT NULL) |
623 | * @ns: Returns - namespace if one is specified else NULL (NOT NULL) |
624 | * |
625 | * Returns: error or 0 if header is good |
626 | */ |
627 | static int verify_header(struct aa_ext *e, const char **ns) |
628 | { |
629 | int error = -EPROTONOSUPPORT; |
630 | /* get the interface version */ |
631 | if (!unpack_u32(e, &e->version, "version")) { |
632 | audit_iface(NULL, NULL, "invalid profile format", e, error); |
633 | return error; |
634 | } |
635 | |
636 | /* check that the interface version is currently supported */ |
637 | if (e->version != 5) { |
638 | audit_iface(NULL, NULL, "unsupported interface version", e, |
639 | error); |
640 | return error; |
641 | } |
642 | |
643 | /* read the namespace if present */ |
644 | if (!unpack_str(e, ns, "namespace")) |
645 | *ns = NULL; |
646 | |
647 | return 0; |
648 | } |
649 | |
650 | static bool verify_xindex(int xindex, int table_size) |
651 | { |
652 | int index, xtype; |
653 | xtype = xindex & AA_X_TYPE_MASK; |
654 | index = xindex & AA_X_INDEX_MASK; |
655 | if (xtype == AA_X_TABLE && index > table_size) |
656 | return 0; |
657 | return 1; |
658 | } |
659 | |
660 | /* verify dfa xindexes are in range of transition tables */ |
661 | static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size) |
662 | { |
663 | int i; |
664 | for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { |
665 | if (!verify_xindex(dfa_user_xindex(dfa, i), table_size)) |
666 | return 0; |
667 | if (!verify_xindex(dfa_other_xindex(dfa, i), table_size)) |
668 | return 0; |
669 | } |
670 | return 1; |
671 | } |
672 | |
673 | /** |
674 | * verify_profile - Do post unpack analysis to verify profile consistency |
675 | * @profile: profile to verify (NOT NULL) |
676 | * |
677 | * Returns: 0 if passes verification else error |
678 | */ |
679 | static int verify_profile(struct aa_profile *profile) |
680 | { |
681 | if (aa_g_paranoid_load) { |
682 | if (profile->file.dfa && |
683 | !verify_dfa_xindex(profile->file.dfa, |
684 | profile->file.trans.size)) { |
685 | audit_iface(profile, NULL, "Invalid named transition", |
686 | NULL, -EPROTO); |
687 | return -EPROTO; |
688 | } |
689 | } |
690 | |
691 | return 0; |
692 | } |
693 | |
694 | /** |
695 | * aa_unpack - unpack packed binary profile data loaded from user space |
696 | * @udata: user data copied to kmem (NOT NULL) |
697 | * @size: the size of the user data |
698 | * @ns: Returns namespace profile is in if specified else NULL (NOT NULL) |
699 | * |
700 | * Unpack user data and return refcounted allocated profile or ERR_PTR |
701 | * |
702 | * Returns: profile else error pointer if fails to unpack |
703 | */ |
704 | struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns) |
705 | { |
706 | struct aa_profile *profile = NULL; |
707 | int error; |
708 | struct aa_ext e = { |
709 | .start = udata, |
710 | .end = udata + size, |
711 | .pos = udata, |
712 | }; |
713 | |
714 | error = verify_header(&e, ns); |
715 | if (error) |
716 | return ERR_PTR(error); |
717 | |
718 | profile = unpack_profile(&e); |
719 | if (IS_ERR(profile)) |
720 | return profile; |
721 | |
722 | error = verify_profile(profile); |
723 | if (error) { |
724 | aa_put_profile(profile); |
725 | profile = ERR_PTR(error); |
726 | } |
727 | |
728 | /* return refcount */ |
729 | return profile; |
730 | } |
731 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9