1
Index: b/security/apparmor/main.c
2
===================================================================
3
--- a/security/apparmor/main.c
4
+++ b/security/apparmor/main.c
5
@@ -772,6 +772,45 @@ int aa_fork(struct task_struct *task)
9
+static struct aa_profile *
10
+aa_register_find(const char *name, int mandatory, int complain)
12
+ struct aa_profile *profile;
14
+ /* Locate new profile */
15
+ profile = aa_profilelist_find(name);
17
+ AA_DEBUG("%s: setting profile %s\n",
18
+ __FUNCTION__, profile->name);
19
+ } else if (mandatory) {
21
+ LOG_HINT(profile, GFP_KERNEL, HINT_MANDPROF,
22
+ "image=%s pid=%d profile=%s active=%s\n",
25
+ BASE_PROFILE(profile)->name, profile->name);
27
+ profile = aa_dup_profile(null_complain_profile);
29
+ AA_WARN("REJECTING exec(2) of image '%s'. "
30
+ "Profile mandatory and not found "
31
+ "(%s(%d) profile %s active %s)\n",
33
+ current->comm, current->pid,
34
+ BASE_PROFILE(profile)->name, profile->name);
35
+ return ERR_PTR(-EPERM);
38
+ /* Only way we can get into this code is if task
41
+ AA_DEBUG("%s: No profile found for exec image %s\n",
49
* aa_register - register a new program
50
* @bprm: binprm of program being registered
51
@@ -783,156 +822,96 @@ int aa_register(struct linux_binprm *bpr
53
char *filename, *buffer = NULL;
54
struct file *filp = bprm->file;
55
- struct aa_profile *profile;
56
- struct aa_profile *newprofile = NULL, unconstrained_flag;
57
- int error = -ENOMEM,
60
- find_profile_mandatory = 0,
63
+ struct aa_profile *profile, *newprofile = NULL;
64
+ int exec_mode = AA_EXEC_UNSAFE, complain = 0;
66
AA_DEBUG("%s\n", __FUNCTION__);
68
filename = aa_get_name(filp->f_dentry, filp->f_vfsmnt, &buffer);
69
if (IS_ERR(filename)) {
70
AA_WARN("%s: Failed to get filename\n", __FUNCTION__);
77
profile = aa_get_profile(current);
80
+ complain = PROFILE_COMPLAIN(profile);
83
- /* Unconfined task, load profile if it exists */
88
- complain = PROFILE_COMPLAIN(profile);
90
- /* Confined task, determine what mode inherit, unconstrained or
91
- * mandatory to load new profile
93
- exec_mode = aa_match(profile->file_rules, filename);
94
- unsafe_exec = exec_mode & AA_EXEC_UNSAFE;
95
- exec_mode &= AA_EXEC_MODIFIERS;
98
- switch (exec_mode) {
99
- case AA_EXEC_INHERIT:
100
- /* do nothing - setting of profile
101
- * already handed in aa_fork
103
- AA_DEBUG("%s: INHERIT %s\n",
108
- case AA_EXEC_UNCONSTRAINED:
109
- AA_DEBUG("%s: UNCONSTRAINED %s\n",
113
- /* unload profile */
114
- newprofile = &unconstrained_flag;
117
- case AA_EXEC_PROFILE:
118
- AA_DEBUG("%s: PROFILE %s\n",
123
- find_profile_mandatory = 1;
127
- AA_ERROR("%s: Rejecting exec(2) of image '%s'. "
128
- "Unknown exec qualifier %x "
129
- "(%s (pid %d) profile %s active %s)\n",
133
- current->comm, current->pid,
134
- BASE_PROFILE(profile)->name, profile->name);
139
- } else if (complain) {
140
- /* There was no entry in calling profile
141
- * describing mode to execute image in.
142
- * Drop into null-profile (disabling secure exec).
143
+ /* Confined task, determine what mode inherit, unconstrained or
144
+ * mandatory to load new profile
146
- newprofile = aa_dup_profile(null_complain_profile);
149
- AA_WARN("%s: Rejecting exec(2) of image '%s'. "
150
- "Unable to determine exec qualifier "
151
- "(%s (pid %d) profile %s active %s)\n",
154
- current->comm, current->pid,
155
- BASE_PROFILE(profile)->name, profile->name);
159
+ exec_mode = aa_match(profile->file_rules, filename);
163
- goto apply_profile;
165
- /* Locate new profile */
166
- newprofile = aa_profilelist_find(filename);
168
- AA_DEBUG("%s: setting profile %s\n",
169
- __FUNCTION__, newprofile->name);
170
- } else if (find_profile_mandatory) {
171
- /* Profile (mandatory) could not be found */
172
+ if (exec_mode & AA_EXEC_MODIFIERS) {
173
+ switch (exec_mode & AA_EXEC_MODIFIERS) {
174
+ case AA_EXEC_INHERIT:
175
+ AA_DEBUG("%s: INHERIT %s\n",
178
+ /* nothing to be done here */
182
- LOG_HINT(profile, GFP_KERNEL, HINT_MANDPROF,
183
- "image=%s pid=%d profile=%s active=%s\n",
186
- BASE_PROFILE(profile)->name, profile->name);
187
+ case AA_EXEC_UNCONSTRAINED:
188
+ AA_DEBUG("%s: UNCONSTRAINED %s\n",
192
+ /* unload profile */
196
+ case AA_EXEC_PROFILE:
197
+ AA_DEBUG("%s: PROFILE %s\n",
200
+ newprofile = aa_register_find(filename, 1,
205
+ AA_ERROR("%s: Rejecting exec(2) of image '%s'. "
206
+ "Unknown exec qualifier %x "
207
+ "(%s (pid %d) profile %s active %s)\n",
210
+ exec_mode & AA_EXEC_MODIFIERS,
211
+ current->comm, current->pid,
212
+ BASE_PROFILE(profile)->name,
214
+ newprofile = ERR_PTR(-EPERM);
218
+ } else if (complain) {
219
+ /* There was no entry in calling profile
220
+ * describing mode to execute image in.
221
+ * Drop into null-profile (disabling secure exec).
223
newprofile = aa_dup_profile(null_complain_profile);
224
+ exec_mode |= AA_EXEC_UNSAFE;
226
- AA_WARN("REJECTING exec(2) of image '%s'. "
227
- "Profile mandatory and not found "
228
- "(%s(%d) profile %s active %s)\n",
229
+ AA_WARN("%s: Rejecting exec(2) of image '%s'. "
230
+ "Unable to determine exec qualifier "
231
+ "(%s (pid %d) profile %s active %s)\n",
234
current->comm, current->pid,
235
BASE_PROFILE(profile)->name, profile->name);
237
+ newprofile = ERR_PTR(-EPERM);
240
- /* Profile (non-mandatory) could not be found */
242
- /* Only way we can get into this code is if task
243
- * is unconstrained.
248
- AA_DEBUG("%s: No profile found for exec image %s\n",
253
+ /* Unconfined task, load profile if it exists */
254
+ newprofile = aa_register_find(filename, 0, 0);
255
+ if (newprofile == NULL)
260
- /* Apply profile if necessary */
262
+ /* Apply the new profile, or switch to unconfined if NULL. */
263
+ if (!IS_ERR(newprofile)) {
264
struct aa_task_context *cxt, *lazy_cxt = NULL;
267
- if (newprofile == &unconstrained_flag)
270
/* grab a lock - this is to guarentee consistency against
271
* other writers of aa_task_context (replacement/removal)
273
@@ -961,7 +940,7 @@ apply_profile:
275
AA_ERROR("%s: Failed to allocate aa_task_context\n",
278
+ newprofile = ERR_PTR(-ENOMEM);
282
@@ -999,7 +978,7 @@ apply_profile:
283
* Redo with error checking
285
spin_unlock_irqrestore(&cxt_lock, flags);
291
@@ -1012,7 +991,7 @@ apply_profile:
292
* Cases 2 and 3 are marked as requiring secure exec
293
* (unless policy specified "unsafe exec")
295
- if (cxt && cxt->profile && !unsafe_exec) {
296
+ if (newprofile && !(exec_mode & AA_EXEC_UNSAFE)) {
297
unsigned long bprm_flags;
299
bprm_flags = AA_SECURE_EXEC_NEEDED;
300
@@ -1021,7 +1000,6 @@ apply_profile:
303
aa_switch_to_profile(cxt, newprofile, 0);
304
- aa_put_profile(newprofile);
306
if (complain && newprofile == null_complain_profile)
307
LOG_HINT(newprofile, GFP_ATOMIC, HINT_CHGPROF,
308
@@ -1033,11 +1011,11 @@ apply_profile:
311
aa_put_name_buffer(buffer);
313
aa_put_profile(profile);
317
+ if (IS_ERR(newprofile))
318
+ return PTR_ERR(newprofile);
319
+ aa_put_profile(newprofile);