summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorStephen Rothwell <sfr@canb.auug.org.au>2018-05-30 15:14:07 +1000
committerStephen Rothwell <sfr@canb.auug.org.au>2018-05-30 15:14:07 +1000
commitdcb8bd3e5f427c238c7799c16dc515b0ab9fd0bc (patch)
tree69383c2ecacbcee778119527cdf5df7f414ae73e /security
parent112405b19d7e6c64986adf50a47c537e176c37b9 (diff)
parent430837708c219dfb25d148808078f15add2ea71c (diff)
downloadlinux-next-dcb8bd3e5f427c238c7799c16dc515b0ab9fd0bc.tar.gz
Merge remote-tracking branch 'apparmor/apparmor-next'
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/audit.c90
-rw-r--r--security/apparmor/domain.c2
-rw-r--r--security/apparmor/include/audit.h6
-rw-r--r--security/apparmor/include/label.h2
-rw-r--r--security/apparmor/include/path.h32
-rw-r--r--security/apparmor/include/secid.h15
-rw-r--r--security/apparmor/label.c14
-rw-r--r--security/apparmor/lib.c2
-rw-r--r--security/apparmor/lsm.c44
-rw-r--r--security/apparmor/match.c2
-rw-r--r--security/apparmor/mount.c2
-rw-r--r--security/apparmor/policy.c4
-rw-r--r--security/apparmor/secid.c221
13 files changed, 370 insertions, 66 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 8f9ecac7f8de..eeaddfe0c0fb 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -19,7 +19,7 @@
#include "include/audit.h"
#include "include/policy.h"
#include "include/policy_ns.h"
-
+#include "include/secid.h"
const char *const audit_mode_names[] = {
"normal",
@@ -163,3 +163,91 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
return aad(sa)->error;
}
+
+struct aa_audit_rule {
+ struct aa_label *label;
+};
+
+void aa_audit_rule_free(void *vrule)
+{
+ struct aa_audit_rule *rule = vrule;
+
+ if (rule) {
+ if (!IS_ERR(rule->label))
+ aa_put_label(rule->label);
+ kfree(rule);
+ }
+}
+
+int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
+{
+ struct aa_audit_rule *rule;
+
+ switch (field) {
+ case AUDIT_SUBJ_ROLE:
+ if (op != Audit_equal && op != Audit_not_equal)
+ return -EINVAL;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL);
+
+ if (!rule)
+ return -ENOMEM;
+
+ /* Currently rules are treated as coming from the root ns */
+ rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr,
+ GFP_KERNEL, true, false);
+ if (IS_ERR(rule->label)) {
+ aa_audit_rule_free(rule);
+ return PTR_ERR(rule->label);
+ }
+
+ *vrule = rule;
+ return 0;
+}
+
+int aa_audit_rule_known(struct audit_krule *rule)
+{
+ int i;
+
+ for (i = 0; i < rule->field_count; i++) {
+ struct audit_field *f = &rule->fields[i];
+
+ switch (f->type) {
+ case AUDIT_SUBJ_ROLE:
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+ struct audit_context *actx)
+{
+ struct aa_audit_rule *rule = vrule;
+ struct aa_label *label;
+ int found = 0;
+
+ label = aa_secid_to_label(sid);
+
+ if (!label)
+ return -ENOENT;
+
+ if (aa_label_is_subset(label, rule->label))
+ found = 1;
+
+ switch (field) {
+ case AUDIT_SUBJ_ROLE:
+ switch (op) {
+ case Audit_equal:
+ return found;
+ case Audit_not_equal:
+ return !found;
+ }
+ }
+ return 0;
+}
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 590b7e8cd21c..098d546d8253 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -839,7 +839,7 @@ static struct aa_label *handle_onexec(struct aa_label *label,
cond, unsafe));
} else {
- /* TODO: determine how much we want to losen this */
+ /* TODO: determine how much we want to loosen this */
error = fn_for_each_in_ns(label, profile,
profile_onexec(profile, onexec, stack, bprm,
buffer, cond, unsafe));
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 9c9be9c98c15..b8c8b1066b0a 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -189,4 +189,10 @@ static inline int complain_error(int error)
return error;
}
+void aa_audit_rule_free(void *vrule);
+int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
+int aa_audit_rule_known(struct audit_krule *rule);
+int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
+ struct audit_context *actx);
+
#endif /* __AA_AUDIT_H */
diff --git a/security/apparmor/include/label.h b/security/apparmor/include/label.h
index d871e7ff0952..7ce5fe73ae7f 100644
--- a/security/apparmor/include/label.h
+++ b/security/apparmor/include/label.h
@@ -281,7 +281,7 @@ void __aa_labelset_update_subtree(struct aa_ns *ns);
void aa_label_free(struct aa_label *label);
void aa_label_kref(struct kref *kref);
-bool aa_label_init(struct aa_label *label, int size);
+bool aa_label_init(struct aa_label *label, int size, gfp_t gfp);
struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp);
bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub);
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index e042b994f2b8..a35c0a75bcc0 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -43,10 +43,10 @@ struct aa_buffers {
DECLARE_PER_CPU(struct aa_buffers, aa_buffers);
-#define ASSIGN(FN, X, N) ((X) = FN(N))
-#define EVAL1(FN, X) ASSIGN(FN, X, 0) /*X = FN(0)*/
-#define EVAL2(FN, X, Y...) do { ASSIGN(FN, X, 1); EVAL1(FN, Y); } while (0)
-#define EVAL(FN, X...) CONCATENATE(EVAL, COUNT_ARGS(X))(FN, X)
+#define ASSIGN(FN, A, X, N) ((X) = FN(A, N))
+#define EVAL1(FN, A, X) ASSIGN(FN, A, X, 0) /*X = FN(0)*/
+#define EVAL2(FN, A, X, Y...) do { ASSIGN(FN, A, X, 1); EVAL1(FN, A, Y); } while (0)
+#define EVAL(FN, A, X...) CONCATENATE(EVAL, COUNT_ARGS(X))(FN, A, X)
#define for_each_cpu_buffer(I) for ((I) = 0; (I) < MAX_PATH_BUFFERS; (I)++)
@@ -56,26 +56,24 @@ DECLARE_PER_CPU(struct aa_buffers, aa_buffers);
#define AA_BUG_PREEMPT_ENABLED(X) /* nop */
#endif
-#define __get_buffer(N) ({ \
- struct aa_buffers *__cpu_var; \
+#define __get_buffer(C, N) ({ \
AA_BUG_PREEMPT_ENABLED("__get_buffer without preempt disabled"); \
- __cpu_var = this_cpu_ptr(&aa_buffers); \
- __cpu_var->buf[(N)]; })
+ (C)->buf[(N)]; })
-#define __get_buffers(X...) EVAL(__get_buffer, X)
+#define __get_buffers(C, X...) EVAL(__get_buffer, C, X)
#define __put_buffers(X, Y...) ((void)&(X))
-#define get_buffers(X...) \
-do { \
- preempt_disable(); \
- __get_buffers(X); \
+#define get_buffers(X...) \
+do { \
+ struct aa_buffers *__cpu_var = get_cpu_ptr(&aa_buffers); \
+ __get_buffers(__cpu_var, X); \
} while (0)
-#define put_buffers(X, Y...) \
-do { \
- __put_buffers(X, Y); \
- preempt_enable(); \
+#define put_buffers(X, Y...) \
+do { \
+ __put_buffers(X, Y); \
+ put_cpu_ptr(&aa_buffers); \
} while (0)
#endif /* __AA_PATH_H */
diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h
index 95ed86a0f1e2..686de8e50a79 100644
--- a/security/apparmor/include/secid.h
+++ b/security/apparmor/include/secid.h
@@ -3,7 +3,7 @@
*
* This file contains AppArmor security identifier (secid) definitions
*
- * Copyright 2009-2010 Canonical Ltd.
+ * Copyright 2009-2018 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -14,13 +14,22 @@
#ifndef __AA_SECID_H
#define __AA_SECID_H
+#include <linux/slab.h>
#include <linux/types.h>
+struct aa_label;
+
/* secid value that will not be allocated */
#define AA_SECID_INVALID 0
-#define AA_SECID_ALLOC AA_SECID_INVALID
-u32 aa_alloc_secid(void);
+struct aa_label *aa_secid_to_label(u32 secid);
+int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
+void apparmor_release_secctx(char *secdata, u32 seclen);
+
+
+u32 aa_alloc_secid(struct aa_label *label, gfp_t gfp);
void aa_free_secid(u32 secid);
+void aa_secid_update(u32 secid, struct aa_label *label);
#endif /* __AA_SECID_H */
diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 523250e34837..a17574df611b 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -128,7 +128,7 @@ static int ns_cmp(struct aa_ns *a, struct aa_ns *b)
}
/**
- * profile_cmp - profile comparision for set ordering
+ * profile_cmp - profile comparison for set ordering
* @a: profile to compare (NOT NULL)
* @b: profile to compare (NOT NULL)
*
@@ -157,7 +157,7 @@ static int profile_cmp(struct aa_profile *a, struct aa_profile *b)
}
/**
- * vec_cmp - label comparision for set ordering
+ * vec_cmp - label comparison for set ordering
* @a: label to compare (NOT NULL)
* @vec: vector of profiles to compare (NOT NULL)
* @n: length of @vec
@@ -402,12 +402,12 @@ static void label_free_or_put_new(struct aa_label *label, struct aa_label *new)
aa_put_label(new);
}
-bool aa_label_init(struct aa_label *label, int size)
+bool aa_label_init(struct aa_label *label, int size, gfp_t gfp)
{
AA_BUG(!label);
AA_BUG(size < 1);
- label->secid = aa_alloc_secid();
+ label->secid = aa_alloc_secid(label, gfp);
if (label->secid == AA_SECID_INVALID)
return false;
@@ -441,7 +441,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
if (!new)
goto fail;
- if (!aa_label_init(new, size))
+ if (!aa_label_init(new, size, gfp))
goto fail;
if (!proxy) {
@@ -463,7 +463,7 @@ fail:
/**
- * label_cmp - label comparision for set ordering
+ * label_cmp - label comparison for set ordering
* @a: label to compare (NOT NULL)
* @b: label to compare (NOT NULL)
*
@@ -2011,7 +2011,7 @@ out:
/**
* __label_update - insert updated version of @label into labelset
- * @label - the label to update/repace
+ * @label - the label to update/replace
*
* Returns: new label that is up to date
* else NULL on failure
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 068a9f471f77..a7b3f681b80e 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -408,7 +408,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
* @request: requested perms
* @deny: Returns: explicit deny set
* @sa: initialized audit structure (MAY BE NULL if not auditing)
- * @cb: callback fn for tpye specific fields (MAY BE NULL)
+ * @cb: callback fn for type specific fields (MAY BE NULL)
*
* Returns: 0 if permission else error code
*
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ce2b89e9ad94..dab5409f2608 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -39,6 +39,7 @@
#include "include/policy_ns.h"
#include "include/procattr.h"
#include "include/mount.h"
+#include "include/secid.h"
/* Flag indicating whether initialization completed */
int apparmor_initialized;
@@ -710,6 +711,13 @@ static void apparmor_bprm_committed_creds(struct linux_binprm *bprm)
return;
}
+static void apparmor_task_getsecid(struct task_struct *p, u32 *secid)
+{
+ struct aa_label *label = aa_get_task_label(p);
+ *secid = label->secid;
+ aa_put_label(label);
+}
+
static int apparmor_task_setrlimit(struct task_struct *task,
unsigned int resource, struct rlimit *new_rlim)
{
@@ -1186,8 +1194,20 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(task_free, apparmor_task_free),
LSM_HOOK_INIT(task_alloc, apparmor_task_alloc),
+ LSM_HOOK_INIT(task_getsecid, apparmor_task_getsecid),
LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit),
LSM_HOOK_INIT(task_kill, apparmor_task_kill),
+
+#ifdef CONFIG_AUDIT
+ LSM_HOOK_INIT(audit_rule_init, aa_audit_rule_init),
+ LSM_HOOK_INIT(audit_rule_known, aa_audit_rule_known),
+ LSM_HOOK_INIT(audit_rule_match, aa_audit_rule_match),
+ LSM_HOOK_INIT(audit_rule_free, aa_audit_rule_free),
+#endif
+
+ LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx),
+ LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid),
+ LSM_HOOK_INIT(release_secctx, apparmor_release_secctx),
};
/*
@@ -1378,14 +1398,12 @@ static int param_set_audit(const char *val, const struct kernel_param *kp)
if (apparmor_initialized && !policy_admin_capable(NULL))
return -EPERM;
- for (i = 0; i < AUDIT_MAX_INDEX; i++) {
- if (strcmp(val, audit_mode_names[i]) == 0) {
- aa_g_audit = i;
- return 0;
- }
- }
+ i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val);
+ if (i < 0)
+ return -EINVAL;
- return -EINVAL;
+ aa_g_audit = i;
+ return 0;
}
static int param_get_mode(char *buffer, const struct kernel_param *kp)
@@ -1409,14 +1427,12 @@ static int param_set_mode(const char *val, const struct kernel_param *kp)
if (apparmor_initialized && !policy_admin_capable(NULL))
return -EPERM;
- for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) {
- if (strcmp(val, aa_profile_mode_names[i]) == 0) {
- aa_g_profile_mode = i;
- return 0;
- }
- }
+ i = match_string(aa_profile_mode_names, APPARMOR_MODE_NAMES_MAX_INDEX, val);
+ if (i < 0)
+ return -EINVAL;
- return -EINVAL;
+ aa_g_profile_mode = i;
+ return 0;
}
/*
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 280eba082c7b..55f2ee505a01 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -472,7 +472,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
/**
* aa_dfa_next - step one character to the next state in the dfa
- * @dfa: the dfa to tranverse (NOT NULL)
+ * @dfa: the dfa to traverse (NOT NULL)
* @state: the state to start in
* @c: the input character to transition on
*
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
index 6e8c7ac0b33d..c1da22482bfb 100644
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -121,7 +121,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
* @src_name: src_name of object being mediated (MAYBE_NULL)
* @type: type of filesystem (MAYBE_NULL)
* @trans: name of trans (MAYBE NULL)
- * @flags: filesystem idependent mount flags
+ * @flags: filesystem independent mount flags
* @data: filesystem mount flags
* @request: permissions requested
* @perms: the permissions computed for the request (NOT NULL)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index c07493ce2376..b367fef33d03 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -268,7 +268,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
if (!aa_policy_init(&profile->base, NULL, hname, gfp))
goto fail;
- if (!aa_label_init(&profile->label, 1))
+ if (!aa_label_init(&profile->label, 1, gfp))
goto fail;
/* update being set needed by fs interface */
@@ -1085,7 +1085,7 @@ fail:
* Remove a profile or sub namespace from the current namespace, so that
* they can not be found anymore and mark them as replaced by unconfined
*
- * NOTE: removing confinement does not restore rlimits to preconfinemnet values
+ * NOTE: removing confinement does not restore rlimits to preconfinement values
*
* Returns: size of data consume else error code if fails
*/
diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 3a3edbad0b21..c2f0c1571156 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -3,7 +3,7 @@
*
* This file contains AppArmor security identifier (secid) manipulation fns
*
- * Copyright 2009-2010 Canonical Ltd.
+ * Copyright 2009-2017 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -11,37 +11,220 @@
* License.
*
*
- * AppArmor allocates a unique secid for every profile loaded. If a profile
- * is replaced it receives the secid of the profile it is replacing.
- *
- * The secid value of 0 is invalid.
+ * AppArmor allocates a unique secid for every label used. If a label
+ * is replaced it receives the secid of the label it is replacing.
*/
-#include <linux/spinlock.h>
#include <linux/errno.h>
#include <linux/err.h>
+#include <linux/gfp.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+#include "include/cred.h"
+#include "include/lib.h"
#include "include/secid.h"
+#include "include/label.h"
+#include "include/policy_ns.h"
-/* global counter from which secids are allocated */
-static u32 global_secid;
+/*
+ * secids - do not pin labels with a refcount. They rely on the label
+ * properly updating/freeing them
+ *
+ * A singly linked free list is used to track secids that have been
+ * freed and reuse them before allocating new ones
+ */
+
+#define FREE_LIST_HEAD 1
+
+static RADIX_TREE(aa_secids_map, GFP_ATOMIC);
static DEFINE_SPINLOCK(secid_lock);
+static u32 alloced_secid = FREE_LIST_HEAD;
+static u32 free_list = FREE_LIST_HEAD;
+static unsigned long free_count;
+
+/*
+ * TODO: allow policy to reserve a secid range?
+ * TODO: add secid pinning
+ * TODO: use secid_update in label replace
+ */
+
+#define SECID_MAX U32_MAX
+
+/* TODO: mark free list as exceptional */
+static void *to_ptr(u32 secid)
+{
+ return (void *)
+ ((((unsigned long) secid) << RADIX_TREE_EXCEPTIONAL_SHIFT));
+}
+
+static u32 to_secid(void *ptr)
+{
+ return (u32) (((unsigned long) ptr) >> RADIX_TREE_EXCEPTIONAL_SHIFT);
+}
+
+
+/* TODO: tag free_list entries to mark them as different */
+static u32 __pop(struct aa_label *label)
+{
+ u32 secid = free_list;
+ void __rcu **slot;
+ void *entry;
+
+ if (free_list == FREE_LIST_HEAD)
+ return AA_SECID_INVALID;
+
+ slot = radix_tree_lookup_slot(&aa_secids_map, secid);
+ AA_BUG(!slot);
+ entry = radix_tree_deref_slot_protected(slot, &secid_lock);
+ free_list = to_secid(entry);
+ radix_tree_replace_slot(&aa_secids_map, slot, label);
+ free_count--;
+
+ return secid;
+}
+
+static void __push(u32 secid)
+{
+ void __rcu **slot;
+
+ slot = radix_tree_lookup_slot(&aa_secids_map, secid);
+ AA_BUG(!slot);
+ radix_tree_replace_slot(&aa_secids_map, slot, to_ptr(free_list));
+ free_list = secid;
+ free_count++;
+}
+
+static struct aa_label * __secid_update(u32 secid, struct aa_label *label)
+{
+ struct aa_label *old;
+ void __rcu **slot;
+
+ slot = radix_tree_lookup_slot(&aa_secids_map, secid);
+ AA_BUG(!slot);
+ old = radix_tree_deref_slot_protected(slot, &secid_lock);
+ radix_tree_replace_slot(&aa_secids_map, slot, label);
+
+ return old;
+}
+
+/**
+ * aa_secid_update - update a secid mapping to a new label
+ * @secid: secid to update
+ * @label: label the secid will now map to
+ */
+void aa_secid_update(u32 secid, struct aa_label *label)
+{
+ struct aa_label *old;
+ unsigned long flags;
+
+ spin_lock_irqsave(&secid_lock, flags);
+ old = __secid_update(secid, label);
+ spin_unlock_irqrestore(&secid_lock, flags);
+}
+
+/**
+ *
+ * see label for inverse aa_label_to_secid
+ */
+struct aa_label *aa_secid_to_label(u32 secid)
+{
+ struct aa_label *label;
+
+ rcu_read_lock();
+ label = radix_tree_lookup(&aa_secids_map, secid);
+ rcu_read_unlock();
+
+ return label;
+}
+
+int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+{
+ /* TODO: cache secctx and ref count so we don't have to recreate */
+ struct aa_label *label = aa_secid_to_label(secid);
+ int len;
+
+ AA_BUG(!secdata);
+ AA_BUG(!seclen);
+
+ if (!label)
+ return -EINVAL;
+
+ if (secdata)
+ len = aa_label_asxprint(secdata, root_ns, label,
+ FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+ FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT,
+ GFP_ATOMIC);
+ else
+ len = aa_label_snxprint(NULL, 0, root_ns, label,
+ FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+ FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT);
+ if (len < 0)
+ return -ENOMEM;
+
+ *seclen = len;
+
+ return 0;
+}
+
+
+int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
+{
+ struct aa_label *label;
+
+ label = aa_label_strn_parse(&root_ns->unconfined->label, secdata,
+ seclen, GFP_KERNEL, false, false);
+ if (IS_ERR(label))
+ return PTR_ERR(label);
+ *secid = label->secid;
+
+ return 0;
+}
+
+void apparmor_release_secctx(char *secdata, u32 seclen)
+{
+ kfree(secdata);
+}
-/* TODO FIXME: add secid to profile mapping, and secid recycling */
/**
* aa_alloc_secid - allocate a new secid for a profile
*/
-u32 aa_alloc_secid(void)
+u32 aa_alloc_secid(struct aa_label *label, gfp_t gfp)
{
+ unsigned long flags;
u32 secid;
- /*
- * TODO FIXME: secid recycling - part of profile mapping table
- */
- spin_lock(&secid_lock);
- secid = (++global_secid);
- spin_unlock(&secid_lock);
+ /* racey, but at worst causes new allocation instead of reuse */
+ if (free_list == FREE_LIST_HEAD) {
+ bool preload = 0;
+ int res;
+
+retry:
+ if (gfpflags_allow_blocking(gfp) && !radix_tree_preload(gfp))
+ preload = 1;
+ spin_lock_irqsave(&secid_lock, flags);
+ if (alloced_secid != SECID_MAX) {
+ secid = ++alloced_secid;
+ res = radix_tree_insert(&aa_secids_map, secid, label);
+ AA_BUG(res == -EEXIST);
+ } else {
+ secid = AA_SECID_INVALID;
+ }
+ spin_unlock_irqrestore(&secid_lock, flags);
+ if (preload)
+ radix_tree_preload_end();
+ } else {
+ spin_lock_irqsave(&secid_lock, flags);
+ /* remove entry from free list */
+ secid = __pop(label);
+ if (secid == AA_SECID_INVALID) {
+ spin_unlock_irqrestore(&secid_lock, flags);
+ goto retry;
+ }
+ spin_unlock_irqrestore(&secid_lock, flags);
+ }
+
return secid;
}
@@ -51,5 +234,9 @@ u32 aa_alloc_secid(void)
*/
void aa_free_secid(u32 secid)
{
- ; /* NOP ATM */
+ unsigned long flags;
+
+ spin_lock_irqsave(&secid_lock, flags);
+ __push(secid);
+ spin_unlock_irqrestore(&secid_lock, flags);
}