1 // SPDX-License-Identifier: GPL-2.0-only
3 * AppArmor security module
5 * This file contains AppArmor label definitions
7 * Copyright 2017 Canonical Ltd.
10 #include <linux/audit.h>
11 #include <linux/seq_file.h>
12 #include <linux/sort.h>
14 #include "include/apparmor.h"
15 #include "include/cred.h"
16 #include "include/label.h"
17 #include "include/policy.h"
18 #include "include/secid.h"
22 * the aa_label represents the set of profiles confining an object
24 * Labels maintain a reference count to the set of pointers they reference
25 * Labels are ref counted by
26 * tasks and object via the security field/security context off the field
27 * code - will take a ref count on a label if it needs the label
28 * beyond what is possible with an rcu_read_lock.
29 * profiles - each profile is a label
30 * secids - a pinned secid will keep a refcount of the label it is
32 * objects - inode, files, sockets, ...
34 * Labels are not ref counted by the label set, so they maybe removed and
35 * freed when no longer in use.
39 #define PROXY_POISON 97
40 #define LABEL_POISON 100
42 static void free_proxy(struct aa_proxy *proxy)
45 /* p->label will not updated any more as p is dead */
46 aa_put_label(rcu_dereference_protected(proxy->label, true));
47 memset(proxy, 0, sizeof(*proxy));
48 RCU_INIT_POINTER(proxy->label, (struct aa_label *)PROXY_POISON);
53 void aa_proxy_kref(struct kref *kref)
55 struct aa_proxy *proxy = container_of(kref, struct aa_proxy, count);
60 struct aa_proxy *aa_alloc_proxy(struct aa_label *label, gfp_t gfp)
64 new = kzalloc(sizeof(struct aa_proxy), gfp);
66 kref_init(&new->count);
67 rcu_assign_pointer(new->label, aa_get_label(label));
72 /* requires profile list write lock held */
73 void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new)
79 lockdep_assert_held_write(&labels_set(orig)->lock);
81 tmp = rcu_dereference_protected(orig->proxy->label,
82 &labels_ns(orig)->lock);
83 rcu_assign_pointer(orig->proxy->label, aa_get_label(new));
84 orig->flags |= FLAG_STALE;
88 static void __proxy_share(struct aa_label *old, struct aa_label *new)
90 struct aa_proxy *proxy = new->proxy;
92 new->proxy = aa_get_proxy(old->proxy);
93 __aa_proxy_redirect(old, new);
99 * ns_cmp - compare ns for label set ordering
100 * @a: ns to compare (NOT NULL)
101 * @b: ns to compare (NOT NULL)
103 * Returns: <0 if a < b
107 static int ns_cmp(struct aa_ns *a, struct aa_ns *b)
113 AA_BUG(!a->base.hname);
114 AA_BUG(!b->base.hname);
119 res = a->level - b->level;
123 return strcmp(a->base.hname, b->base.hname);
127 * profile_cmp - profile comparison for set ordering
128 * @a: profile to compare (NOT NULL)
129 * @b: profile to compare (NOT NULL)
131 * Returns: <0 if a < b
135 static int profile_cmp(struct aa_profile *a, struct aa_profile *b)
143 AA_BUG(!a->base.hname);
144 AA_BUG(!b->base.hname);
146 if (a == b || a->base.hname == b->base.hname)
148 res = ns_cmp(a->ns, b->ns);
152 return strcmp(a->base.hname, b->base.hname);
156 * vec_cmp - label comparison for set ordering
157 * @a: label to compare (NOT NULL)
158 * @vec: vector of profiles to compare (NOT NULL)
161 * Returns: <0 if a < vec
165 static int vec_cmp(struct aa_profile **a, int an, struct aa_profile **b, int bn)
176 for (i = 0; i < an && i < bn; i++) {
177 int res = profile_cmp(a[i], b[i]);
186 static bool vec_is_stale(struct aa_profile **vec, int n)
192 for (i = 0; i < n; i++) {
193 if (profile_is_stale(vec[i]))
200 static bool vec_unconfined(struct aa_profile **vec, int n)
206 for (i = 0; i < n; i++) {
207 if (!profile_unconfined(vec[i]))
214 static int sort_cmp(const void *a, const void *b)
216 return profile_cmp(*(struct aa_profile **)a, *(struct aa_profile **)b);
220 * assumes vec is sorted
221 * Assumes @vec has null terminator at vec[n], and will null terminate
224 static inline int unique(struct aa_profile **vec, int n)
226 int i, pos, dups = 0;
232 for (i = 1; i < n; i++) {
233 int res = profile_cmp(vec[pos], vec[i]);
235 AA_BUG(res > 0, "vec not sorted");
238 aa_put_profile(vec[i]);
253 * aa_vec_unique - canonical sort and unique a list of profiles
254 * @n: number of refcounted profiles in the list (@n > 0)
255 * @vec: list of profiles to sort and merge
257 * Returns: the number of duplicates eliminated == references put
259 * If @flags & VEC_FLAG_TERMINATE @vec has null terminator at vec[n], and will
260 * null terminate vec[n - dups]
262 int aa_vec_unique(struct aa_profile **vec, int n, int flags)
269 /* vecs are usually small and inorder, have a fallback for larger */
271 sort(vec, n, sizeof(struct aa_profile *), sort_cmp, NULL);
272 dups = unique(vec, n);
276 /* insertion sort + unique in one */
277 for (i = 1; i < n; i++) {
278 struct aa_profile *tmp = vec[i];
281 for (pos = i - 1 - dups; pos >= 0; pos--) {
282 int res = profile_cmp(vec[pos], tmp);
285 /* drop duplicate entry */
292 /* pos is at entry < tmp, or index -1. Set to insert pos */
295 for (j = i - dups; j > pos; j--)
305 if (flags & VEC_FLAG_TERMINATE)
306 vec[n - dups] = NULL;
312 static void label_destroy(struct aa_label *label)
314 struct aa_label *tmp;
318 if (!label_isprofile(label)) {
319 struct aa_profile *profile;
322 aa_put_str(label->hname);
324 label_for_each(i, label, profile) {
325 aa_put_profile(profile);
326 label->vec[i.i] = (struct aa_profile *)
327 (LABEL_POISON + (long) i.i);
331 if (rcu_dereference_protected(label->proxy->label, true) == label)
332 rcu_assign_pointer(label->proxy->label, NULL);
334 aa_free_secid(label->secid);
336 tmp = rcu_dereference_protected(label->proxy->label, true);
338 rcu_assign_pointer(label->proxy->label, NULL);
340 aa_put_proxy(label->proxy);
341 label->proxy = (struct aa_proxy *) PROXY_POISON + 1;
344 void aa_label_free(struct aa_label *label)
349 label_destroy(label);
353 static void label_free_switch(struct aa_label *label)
355 if (label->flags & FLAG_NS_COUNT)
356 aa_free_ns(labels_ns(label));
357 else if (label_isprofile(label))
358 aa_free_profile(labels_profile(label));
360 aa_label_free(label);
363 static void label_free_rcu(struct rcu_head *head)
365 struct aa_label *label = container_of(head, struct aa_label, rcu);
367 if (label->flags & FLAG_IN_TREE)
368 (void) aa_label_remove(label);
369 label_free_switch(label);
372 void aa_label_kref(struct kref *kref)
374 struct aa_label *label = container_of(kref, struct aa_label, count);
375 struct aa_ns *ns = labels_ns(label);
378 /* never live, no rcu callback needed, just using the fn */
379 label_free_switch(label);
382 /* TODO: update labels_profile macro so it works here */
383 AA_BUG(label_isprofile(label) &&
384 on_list_rcu(&label->vec[0]->base.profiles));
385 AA_BUG(label_isprofile(label) &&
386 on_list_rcu(&label->vec[0]->base.list));
388 /* TODO: if compound label and not stale add to reclaim cache */
389 call_rcu(&label->rcu, label_free_rcu);
392 static void label_free_or_put_new(struct aa_label *label, struct aa_label *new)
395 /* need to free directly to break circular ref with proxy */
401 bool aa_label_init(struct aa_label *label, int size, gfp_t gfp)
406 if (aa_alloc_secid(label, gfp) < 0)
409 label->size = size; /* doesn't include null */
410 label->vec[size] = NULL; /* null terminate */
411 kref_init(&label->count);
412 RB_CLEAR_NODE(&label->node);
418 * aa_label_alloc - allocate a label with a profile vector of @size length
419 * @size: size of profile vector in the label
420 * @proxy: proxy to use OR null if to allocate a new one
421 * @gfp: memory allocation type
424 * else NULL if failed
426 struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp)
428 struct aa_label *new;
432 /* + 1 for null terminator entry on vec */
433 new = kzalloc(sizeof(*new) + sizeof(struct aa_profile *) * (size + 1),
435 AA_DEBUG("%s (%p)\n", __func__, new);
439 if (!aa_label_init(new, size, gfp))
443 proxy = aa_alloc_proxy(new, gfp);
448 /* just set new's proxy, don't redirect proxy here if it was passed in*/
461 * label_cmp - label comparison for set ordering
462 * @a: label to compare (NOT NULL)
463 * @b: label to compare (NOT NULL)
465 * Returns: <0 if a < b
469 static int label_cmp(struct aa_label *a, struct aa_label *b)
476 return vec_cmp(a->vec, a->size, b->vec, b->size);
479 /* helper fn for label_for_each_confined */
480 int aa_label_next_confined(struct aa_label *label, int i)
485 for (; i < label->size; i++) {
486 if (!profile_unconfined(label->vec[i]))
494 * aa_label_next_not_in_set - return the next profile of @sub not in @set
496 * @set: label to test against
497 * @sub: label to if is subset of @set
499 * Returns: profile in @sub that is not in @set, with iterator set pos after
500 * else NULL if @sub is a subset of @set
502 struct aa_profile *__aa_label_next_not_in_set(struct label_it *I,
503 struct aa_label *set,
504 struct aa_label *sub)
509 AA_BUG(I->i > set->size);
512 AA_BUG(I->j > sub->size);
514 while (I->j < sub->size && I->i < set->size) {
515 int res = profile_cmp(sub->vec[I->j], set->vec[I->i]);
523 return sub->vec[(I->j)++];
526 if (I->j < sub->size)
527 return sub->vec[(I->j)++];
533 * aa_label_is_subset - test if @sub is a subset of @set
534 * @set: label to test against
535 * @sub: label to test if is subset of @set
537 * Returns: true if @sub is subset of @set
540 bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub)
542 struct label_it i = { };
550 return __aa_label_next_not_in_set(&i, set, sub) == NULL;
554 * aa_label_is_unconfined_subset - test if @sub is a subset of @set
555 * @set: label to test against
556 * @sub: label to test if is subset of @set
558 * This checks for subset but taking into account unconfined. IF
559 * @sub contains an unconfined profile that does not have a matching
560 * unconfined in @set then this will not cause the test to fail.
561 * Conversely we don't care about an unconfined in @set that is not in
564 * Returns: true if @sub is special_subset of @set
567 bool aa_label_is_unconfined_subset(struct aa_label *set, struct aa_label *sub)
569 struct label_it i = { };
570 struct aa_profile *p;
579 p = __aa_label_next_not_in_set(&i, set, sub);
580 if (p && !profile_unconfined(p))
589 * __label_remove - remove @label from the label set
590 * @l: label to remove
591 * @new: label to redirect to
593 * Requires: labels_set(@label)->lock write_lock
594 * Returns: true if the label was in the tree and removed
596 static bool __label_remove(struct aa_label *label, struct aa_label *new)
598 struct aa_labelset *ls = labels_set(label);
602 lockdep_assert_held_write(&ls->lock);
605 __aa_proxy_redirect(label, new);
607 if (!label_is_stale(label))
608 __label_make_stale(label);
610 if (label->flags & FLAG_IN_TREE) {
611 rb_erase(&label->node, &ls->root);
612 label->flags &= ~FLAG_IN_TREE;
620 * __label_replace - replace @old with @new in label set
621 * @old: label to remove from label set
622 * @new: label to replace @old with
624 * Requires: labels_set(@old)->lock write_lock
625 * valid ref count be held on @new
626 * Returns: true if @old was in set and replaced by @new
628 * Note: current implementation requires label set be order in such a way
629 * that @new directly replaces @old position in the set (ie.
630 * using pointer comparison of the label address would not work)
632 static bool __label_replace(struct aa_label *old, struct aa_label *new)
634 struct aa_labelset *ls = labels_set(old);
639 lockdep_assert_held_write(&ls->lock);
640 AA_BUG(new->flags & FLAG_IN_TREE);
642 if (!label_is_stale(old))
643 __label_make_stale(old);
645 if (old->flags & FLAG_IN_TREE) {
646 rb_replace_node(&old->node, &new->node, &ls->root);
647 old->flags &= ~FLAG_IN_TREE;
648 new->flags |= FLAG_IN_TREE;
656 * __label_insert - attempt to insert @l into a label set
657 * @ls: set of labels to insert @l into (NOT NULL)
658 * @label: new label to insert (NOT NULL)
659 * @replace: whether insertion should replace existing entry that is not stale
661 * Requires: @ls->lock
662 * caller to hold a valid ref on l
663 * if @replace is true l has a preallocated proxy associated
664 * Returns: @l if successful in inserting @l - with additional refcount
665 * else ref counted equivalent label that is already in the set,
666 * the else condition only happens if @replace is false
668 static struct aa_label *__label_insert(struct aa_labelset *ls,
669 struct aa_label *label, bool replace)
671 struct rb_node **new, *parent = NULL;
675 AA_BUG(labels_set(label) != ls);
676 lockdep_assert_held_write(&ls->lock);
677 AA_BUG(label->flags & FLAG_IN_TREE);
679 /* Figure out where to put new node */
680 new = &ls->root.rb_node;
682 struct aa_label *this = rb_entry(*new, struct aa_label, node);
683 int result = label_cmp(label, this);
687 /* !__aa_get_label means queued for destruction,
688 * so replace in place, however the label has
689 * died before the replacement so do not share
692 if (!replace && !label_is_stale(this)) {
693 if (__aa_get_label(this))
696 __proxy_share(this, label);
697 AA_BUG(!__label_replace(this, label));
698 return aa_get_label(label);
699 } else if (result < 0)
700 new = &((*new)->rb_left);
701 else /* (result > 0) */
702 new = &((*new)->rb_right);
705 /* Add new node and rebalance tree. */
706 rb_link_node(&label->node, parent, new);
707 rb_insert_color(&label->node, &ls->root);
708 label->flags |= FLAG_IN_TREE;
710 return aa_get_label(label);
714 * __vec_find - find label that matches @vec in label set
715 * @vec: vec of profiles to find matching label for (NOT NULL)
718 * Requires: @vec_labelset(vec) lock held
719 * caller to hold a valid ref on l
721 * Returns: ref counted @label if matching label is in tree
722 * ref counted label that is equiv to @l in tree
723 * else NULL if @vec equiv is not in tree
725 static struct aa_label *__vec_find(struct aa_profile **vec, int n)
727 struct rb_node *node;
733 node = vec_labelset(vec, n)->root.rb_node;
735 struct aa_label *this = rb_entry(node, struct aa_label, node);
736 int result = vec_cmp(this->vec, this->size, vec, n);
739 node = node->rb_left;
741 node = node->rb_right;
743 return __aa_get_label(this);
750 * __label_find - find label @label in label set
751 * @label: label to find (NOT NULL)
753 * Requires: labels_set(@label)->lock held
754 * caller to hold a valid ref on l
756 * Returns: ref counted @label if @label is in tree OR
757 * ref counted label that is equiv to @label in tree
758 * else NULL if @label or equiv is not in tree
760 static struct aa_label *__label_find(struct aa_label *label)
764 return __vec_find(label->vec, label->size);
769 * aa_label_remove - remove a label from the labelset
770 * @label: label to remove
772 * Returns: true if @label was removed from the tree
773 * else @label was not in tree so it could not be removed
775 bool aa_label_remove(struct aa_label *label)
777 struct aa_labelset *ls = labels_set(label);
783 write_lock_irqsave(&ls->lock, flags);
784 res = __label_remove(label, ns_unconfined(labels_ns(label)));
785 write_unlock_irqrestore(&ls->lock, flags);
791 * aa_label_replace - replace a label @old with a new version @new
792 * @old: label to replace
793 * @new: label replacing @old
795 * Returns: true if @old was in tree and replaced
796 * else @old was not in tree, and @new was not inserted
798 bool aa_label_replace(struct aa_label *old, struct aa_label *new)
803 if (name_is_shared(old, new) && labels_ns(old) == labels_ns(new)) {
804 write_lock_irqsave(&labels_set(old)->lock, flags);
805 if (old->proxy != new->proxy)
806 __proxy_share(old, new);
808 __aa_proxy_redirect(old, new);
809 res = __label_replace(old, new);
810 write_unlock_irqrestore(&labels_set(old)->lock, flags);
813 struct aa_labelset *ls = labels_set(old);
815 write_lock_irqsave(&ls->lock, flags);
816 res = __label_remove(old, new);
817 if (labels_ns(old) != labels_ns(new)) {
818 write_unlock_irqrestore(&ls->lock, flags);
819 ls = labels_set(new);
820 write_lock_irqsave(&ls->lock, flags);
822 l = __label_insert(ls, new, true);
824 write_unlock_irqrestore(&ls->lock, flags);
832 * vec_find - find label @l in label set
833 * @vec: array of profiles to find equiv label for (NOT NULL)
836 * Returns: refcounted label if @vec equiv is in tree
837 * else NULL if @vec equiv is not in tree
839 static struct aa_label *vec_find(struct aa_profile **vec, int n)
841 struct aa_labelset *ls;
842 struct aa_label *label;
849 ls = vec_labelset(vec, n);
850 read_lock_irqsave(&ls->lock, flags);
851 label = __vec_find(vec, n);
852 read_unlock_irqrestore(&ls->lock, flags);
857 /* requires sort and merge done first */
858 static struct aa_label *vec_create_and_insert_label(struct aa_profile **vec,
861 struct aa_label *label = NULL;
862 struct aa_labelset *ls;
864 struct aa_label *new;
870 return aa_get_label(&vec[0]->label);
872 ls = labels_set(&vec[len - 1]->label);
874 /* TODO: enable when read side is lockless
875 * check if label exists before taking locks
877 new = aa_label_alloc(len, NULL, gfp);
881 for (i = 0; i < len; i++)
882 new->vec[i] = aa_get_profile(vec[i]);
884 write_lock_irqsave(&ls->lock, flags);
885 label = __label_insert(ls, new, false);
886 write_unlock_irqrestore(&ls->lock, flags);
887 label_free_or_put_new(label, new);
892 struct aa_label *aa_vec_find_or_create_label(struct aa_profile **vec, int len,
895 struct aa_label *label = vec_find(vec, len);
900 return vec_create_and_insert_label(vec, len, gfp);
904 * aa_label_find - find label @label in label set
905 * @label: label to find (NOT NULL)
907 * Requires: caller to hold a valid ref on l
909 * Returns: refcounted @label if @label is in tree
910 * refcounted label that is equiv to @label in tree
911 * else NULL if @label or equiv is not in tree
913 struct aa_label *aa_label_find(struct aa_label *label)
917 return vec_find(label->vec, label->size);
922 * aa_label_insert - insert label @label into @ls or return existing label
923 * @ls - labelset to insert @label into
924 * @label - label to insert
926 * Requires: caller to hold a valid ref on @label
928 * Returns: ref counted @label if successful in inserting @label
929 * else ref counted equivalent label that is already in the set
931 struct aa_label *aa_label_insert(struct aa_labelset *ls, struct aa_label *label)
939 /* check if label exists before taking lock */
940 if (!label_is_stale(label)) {
941 read_lock_irqsave(&ls->lock, flags);
942 l = __label_find(label);
943 read_unlock_irqrestore(&ls->lock, flags);
948 write_lock_irqsave(&ls->lock, flags);
949 l = __label_insert(ls, label, false);
950 write_unlock_irqrestore(&ls->lock, flags);
957 * aa_label_next_in_merge - find the next profile when merging @a and @b
962 * Returns: next profile
963 * else null if no more profiles
965 struct aa_profile *aa_label_next_in_merge(struct label_it *I,
973 AA_BUG(I->i > a->size);
975 AA_BUG(I->j > b->size);
977 if (I->i < a->size) {
978 if (I->j < b->size) {
979 int res = profile_cmp(a->vec[I->i], b->vec[I->j]);
982 return b->vec[(I->j)++];
987 return a->vec[(I->i)++];
991 return b->vec[(I->j)++];
997 * label_merge_cmp - cmp of @a merging with @b against @z for set ordering
998 * @a: label to merge then compare (NOT NULL)
999 * @b: label to merge then compare (NOT NULL)
1000 * @z: label to compare merge against (NOT NULL)
1002 * Assumes: using the most recent versions of @a, @b, and @z
1004 * Returns: <0 if a < b
1008 static int label_merge_cmp(struct aa_label *a, struct aa_label *b,
1011 struct aa_profile *p = NULL;
1012 struct label_it i = { };
1020 k < z->size && (p = aa_label_next_in_merge(&i, a, b));
1022 int res = profile_cmp(p, z->vec[k]);
1030 else if (k < z->size)
1036 * label_merge_insert - create a new label by merging @a and @b
1037 * @new: preallocated label to merge into (NOT NULL)
1038 * @a: label to merge with @b (NOT NULL)
1039 * @b: label to merge with @a (NOT NULL)
1041 * Requires: preallocated proxy
1043 * Returns: ref counted label either @new if merge is unique
1044 * @a if @b is a subset of @a
1045 * @b if @a is a subset of @b
1047 * NOTE: will not use @new if the merge results in @new == @a or @b
1049 * Must be used within labelset write lock to avoid racing with
1050 * setting labels stale.
1052 static struct aa_label *label_merge_insert(struct aa_label *new,
1056 struct aa_label *label;
1057 struct aa_labelset *ls;
1058 struct aa_profile *next;
1060 unsigned long flags;
1061 int k = 0, invcount = 0;
1065 AA_BUG(a->size < 0);
1067 AA_BUG(b->size < 0);
1069 AA_BUG(new->size < a->size + b->size);
1071 label_for_each_in_merge(i, a, b, next) {
1073 if (profile_is_stale(next)) {
1074 new->vec[k] = aa_get_newest_profile(next);
1075 AA_BUG(!new->vec[k]->label.proxy);
1076 AA_BUG(!new->vec[k]->label.proxy->label);
1077 if (next->label.proxy != new->vec[k]->label.proxy)
1082 new->vec[k++] = aa_get_profile(next);
1084 /* set to actual size which is <= allocated len */
1089 new->size -= aa_vec_unique(&new->vec[0], new->size,
1090 VEC_FLAG_TERMINATE);
1091 /* TODO: deal with reference labels */
1092 if (new->size == 1) {
1093 label = aa_get_label(&new->vec[0]->label);
1096 } else if (!stale) {
1098 * merge could be same as a || b, note: it is not possible
1099 * for new->size == a->size == b->size unless a == b
1102 return aa_get_label(a);
1103 else if (k == b->size)
1104 return aa_get_label(b);
1106 if (vec_unconfined(new->vec, new->size))
1107 new->flags |= FLAG_UNCONFINED;
1108 ls = labels_set(new);
1109 write_lock_irqsave(&ls->lock, flags);
1110 label = __label_insert(labels_set(new), new, false);
1111 write_unlock_irqrestore(&ls->lock, flags);
1117 * labelset_of_merge - find which labelset a merged label should be inserted
1118 * @a: label to merge and insert
1119 * @b: label to merge and insert
1121 * Returns: labelset that the merged label should be inserted into
1123 static struct aa_labelset *labelset_of_merge(struct aa_label *a,
1126 struct aa_ns *nsa = labels_ns(a);
1127 struct aa_ns *nsb = labels_ns(b);
1129 if (ns_cmp(nsa, nsb) <= 0)
1130 return &nsa->labels;
1131 return &nsb->labels;
1135 * __label_find_merge - find label that is equiv to merge of @a and @b
1136 * @ls: set of labels to search (NOT NULL)
1137 * @a: label to merge with @b (NOT NULL)
1138 * @b: label to merge with @a (NOT NULL)
1140 * Requires: ls->lock read_lock held
1142 * Returns: ref counted label that is equiv to merge of @a and @b
1143 * else NULL if merge of @a and @b is not in set
1145 static struct aa_label *__label_find_merge(struct aa_labelset *ls,
1149 struct rb_node *node;
1156 return __label_find(a);
1158 node = ls->root.rb_node;
1160 struct aa_label *this = container_of(node, struct aa_label,
1162 int result = label_merge_cmp(a, b, this);
1165 node = node->rb_left;
1166 else if (result > 0)
1167 node = node->rb_right;
1169 return __aa_get_label(this);
1177 * aa_label_find_merge - find label that is equiv to merge of @a and @b
1178 * @a: label to merge with @b (NOT NULL)
1179 * @b: label to merge with @a (NOT NULL)
1181 * Requires: labels be fully constructed with a valid ns
1183 * Returns: ref counted label that is equiv to merge of @a and @b
1184 * else NULL if merge of @a and @b is not in set
1186 struct aa_label *aa_label_find_merge(struct aa_label *a, struct aa_label *b)
1188 struct aa_labelset *ls;
1189 struct aa_label *label, *ar = NULL, *br = NULL;
1190 unsigned long flags;
1195 if (label_is_stale(a))
1196 a = ar = aa_get_newest_label(a);
1197 if (label_is_stale(b))
1198 b = br = aa_get_newest_label(b);
1199 ls = labelset_of_merge(a, b);
1200 read_lock_irqsave(&ls->lock, flags);
1201 label = __label_find_merge(ls, a, b);
1202 read_unlock_irqrestore(&ls->lock, flags);
1210 * aa_label_merge - attempt to insert new merged label of @a and @b
1211 * @ls: set of labels to insert label into (NOT NULL)
1212 * @a: label to merge with @b (NOT NULL)
1213 * @b: label to merge with @a (NOT NULL)
1214 * @gfp: memory allocation type
1216 * Requires: caller to hold valid refs on @a and @b
1217 * labels be fully constructed with a valid ns
1219 * Returns: ref counted new label if successful in inserting merge of a & b
1220 * else ref counted equivalent label that is already in the set.
1221 * else NULL if could not create label (-ENOMEM)
1223 struct aa_label *aa_label_merge(struct aa_label *a, struct aa_label *b,
1226 struct aa_label *label = NULL;
1232 return aa_get_newest_label(a);
1234 /* TODO: enable when read side is lockless
1235 * check if label exists before taking locks
1236 if (!label_is_stale(a) && !label_is_stale(b))
1237 label = aa_label_find_merge(a, b);
1241 struct aa_label *new;
1243 a = aa_get_newest_label(a);
1244 b = aa_get_newest_label(b);
1246 /* could use label_merge_len(a, b), but requires double
1247 * comparison for small savings
1249 new = aa_label_alloc(a->size + b->size, NULL, gfp);
1253 label = label_merge_insert(new, a, b);
1254 label_free_or_put_new(label, new);
1263 static inline bool label_is_visible(struct aa_profile *profile,
1264 struct aa_label *label)
1266 return aa_ns_visible(profile->ns, labels_ns(label), true);
1269 /* match a profile and its associated ns component if needed
1270 * Assumes visibility test has already been done.
1271 * If a subns profile is not to be matched should be prescreened with
1274 static inline unsigned int match_component(struct aa_profile *profile,
1275 struct aa_profile *tp,
1278 const char *ns_name;
1280 if (profile->ns == tp->ns)
1281 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname);
1283 /* try matching with namespace name and then profile */
1284 ns_name = aa_ns_name(profile->ns, tp->ns, true);
1285 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1);
1286 state = aa_dfa_match(profile->policy.dfa, state, ns_name);
1287 state = aa_dfa_match_len(profile->policy.dfa, state, ":", 1);
1288 return aa_dfa_match(profile->policy.dfa, state, tp->base.hname);
1292 * label_compound_match - find perms for full compound label
1293 * @profile: profile to find perms for
1294 * @label: label to check access permissions for
1295 * @start: state to start match in
1296 * @subns: whether to do permission checks on components in a subns
1297 * @request: permissions to request
1298 * @perms: perms struct to set
1300 * Returns: 0 on success else ERROR
1302 * For the label A//&B//&C this does the perm match for A//&B//&C
1303 * @perms should be preinitialized with allperms OR a previous permission
1304 * check to be stacked.
1306 static int label_compound_match(struct aa_profile *profile,
1307 struct aa_label *label,
1308 unsigned int state, bool subns, u32 request,
1309 struct aa_perms *perms)
1311 struct aa_profile *tp;
1314 /* find first subcomponent that is visible */
1315 label_for_each(i, label, tp) {
1316 if (!aa_ns_visible(profile->ns, tp->ns, subns))
1318 state = match_component(profile, tp, state);
1324 /* no component visible */
1329 label_for_each_cont(i, label, tp) {
1330 if (!aa_ns_visible(profile->ns, tp->ns, subns))
1332 state = aa_dfa_match(profile->policy.dfa, state, "//&");
1333 state = match_component(profile, tp, state);
1337 aa_compute_perms(profile->policy.dfa, state, perms);
1338 aa_apply_modes_to_perms(profile, perms);
1339 if ((perms->allow & request) != request)
1350 * label_components_match - find perms for all subcomponents of a label
1351 * @profile: profile to find perms for
1352 * @label: label to check access permissions for
1353 * @start: state to start match in
1354 * @subns: whether to do permission checks on components in a subns
1355 * @request: permissions to request
1356 * @perms: an initialized perms struct to add accumulation to
1358 * Returns: 0 on success else ERROR
1360 * For the label A//&B//&C this does the perm match for each of A and B and C
1361 * @perms should be preinitialized with allperms OR a previous permission
1362 * check to be stacked.
1364 static int label_components_match(struct aa_profile *profile,
1365 struct aa_label *label, unsigned int start,
1366 bool subns, u32 request,
1367 struct aa_perms *perms)
1369 struct aa_profile *tp;
1371 struct aa_perms tmp;
1372 unsigned int state = 0;
1374 /* find first subcomponent to test */
1375 label_for_each(i, label, tp) {
1376 if (!aa_ns_visible(profile->ns, tp->ns, subns))
1378 state = match_component(profile, tp, start);
1384 /* no subcomponents visible - no change in perms */
1388 aa_compute_perms(profile->policy.dfa, state, &tmp);
1389 aa_apply_modes_to_perms(profile, &tmp);
1390 aa_perms_accum(perms, &tmp);
1391 label_for_each_cont(i, label, tp) {
1392 if (!aa_ns_visible(profile->ns, tp->ns, subns))
1394 state = match_component(profile, tp, start);
1397 aa_compute_perms(profile->policy.dfa, state, &tmp);
1398 aa_apply_modes_to_perms(profile, &tmp);
1399 aa_perms_accum(perms, &tmp);
1402 if ((perms->allow & request) != request)
1413 * aa_label_match - do a multi-component label match
1414 * @profile: profile to match against (NOT NULL)
1415 * @label: label to match (NOT NULL)
1416 * @state: state to start in
1417 * @subns: whether to match subns components
1418 * @request: permission request
1419 * @perms: Returns computed perms (NOT NULL)
1421 * Returns: the state the match finished in, may be the none matching state
1423 int aa_label_match(struct aa_profile *profile, struct aa_label *label,
1424 unsigned int state, bool subns, u32 request,
1425 struct aa_perms *perms)
1427 int error = label_compound_match(profile, label, state, subns, request,
1433 return label_components_match(profile, label, state, subns, request,
1439 * aa_update_label_name - update a label to have a stored name
1440 * @ns: ns being viewed from (NOT NULL)
1441 * @label: label to update (NOT NULL)
1442 * @gfp: type of memory allocation
1444 * Requires: labels_set(label) not locked in caller
1446 * note: only updates the label name if it does not have a name already
1447 * and if it is in the labelset
1449 bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp)
1451 struct aa_labelset *ls;
1452 unsigned long flags;
1453 char __counted *name;
1459 if (label->hname || labels_ns(label) != ns)
1462 if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0)
1465 ls = labels_set(label);
1466 write_lock_irqsave(&ls->lock, flags);
1467 if (!label->hname && label->flags & FLAG_IN_TREE) {
1468 label->hname = name;
1472 write_unlock_irqrestore(&ls->lock, flags);
1478 * cached label name is present and visible
1479 * @label->hname only exists if label is namespace hierachical
1481 static inline bool use_label_hname(struct aa_ns *ns, struct aa_label *label,
1484 if (label->hname && (!ns || labels_ns(label) == ns) &&
1485 !(flags & ~FLAG_SHOW_MODE))
1491 /* helper macro for snprint routines */
1492 #define update_for_len(total, len, size, str) \
1494 size_t ulen = len; \
1498 ulen = min(ulen, size); \
1504 * aa_profile_snxprint - print a profile name to a buffer
1505 * @str: buffer to write to. (MAY BE NULL if @size == 0)
1506 * @size: size of buffer
1507 * @view: namespace profile is being viewed from
1508 * @profile: profile to view (NOT NULL)
1509 * @flags: whether to include the mode string
1510 * @prev_ns: last ns printed when used in compound print
1512 * Returns: size of name written or would be written if larger than
1515 * Note: will not print anything if the profile is not visible
1517 static int aa_profile_snxprint(char *str, size_t size, struct aa_ns *view,
1518 struct aa_profile *profile, int flags,
1519 struct aa_ns **prev_ns)
1521 const char *ns_name = NULL;
1523 AA_BUG(!str && size != 0);
1527 view = profiles_ns(profile);
1529 if (view != profile->ns &&
1530 (!prev_ns || (*prev_ns != profile->ns))) {
1532 *prev_ns = profile->ns;
1533 ns_name = aa_ns_name(view, profile->ns,
1534 flags & FLAG_VIEW_SUBNS);
1535 if (ns_name == aa_hidden_ns_name) {
1536 if (flags & FLAG_HIDDEN_UNCONFINED)
1537 return snprintf(str, size, "%s", "unconfined");
1538 return snprintf(str, size, "%s", ns_name);
1542 if ((flags & FLAG_SHOW_MODE) && profile != profile->ns->unconfined) {
1543 const char *modestr = aa_profile_mode_names[profile->mode];
1546 return snprintf(str, size, ":%s:%s (%s)", ns_name,
1547 profile->base.hname, modestr);
1548 return snprintf(str, size, "%s (%s)", profile->base.hname,
1553 return snprintf(str, size, ":%s:%s", ns_name,
1554 profile->base.hname);
1555 return snprintf(str, size, "%s", profile->base.hname);
1558 static const char *label_modename(struct aa_ns *ns, struct aa_label *label,
1561 struct aa_profile *profile;
1563 int mode = -1, count = 0;
1565 label_for_each(i, label, profile) {
1566 if (aa_ns_visible(ns, profile->ns, flags & FLAG_VIEW_SUBNS)) {
1568 if (profile == profile->ns->unconfined)
1569 /* special case unconfined so stacks with
1570 * unconfined don't report as mixed. ie.
1571 * profile_foo//&:ns1:unconfined (mixed)
1575 mode = profile->mode;
1576 else if (mode != profile->mode)
1584 /* everything was unconfined */
1585 mode = APPARMOR_UNCONFINED;
1587 return aa_profile_mode_names[mode];
1590 /* if any visible label is not unconfined the display_mode returns true */
1591 static inline bool display_mode(struct aa_ns *ns, struct aa_label *label,
1594 if ((flags & FLAG_SHOW_MODE)) {
1595 struct aa_profile *profile;
1598 label_for_each(i, label, profile) {
1599 if (aa_ns_visible(ns, profile->ns,
1600 flags & FLAG_VIEW_SUBNS) &&
1601 profile != profile->ns->unconfined)
1604 /* only ns->unconfined in set of profiles in ns */
1612 * aa_label_snxprint - print a label name to a string buffer
1613 * @str: buffer to write to. (MAY BE NULL if @size == 0)
1614 * @size: size of buffer
1615 * @ns: namespace profile is being viewed from
1616 * @label: label to view (NOT NULL)
1617 * @flags: whether to include the mode string
1619 * Returns: size of name written or would be written if larger than
1622 * Note: labels do not have to be strictly hierarchical to the ns as
1623 * objects may be shared across different namespaces and thus
1624 * pickup labeling from each ns. If a particular part of the
1625 * label is not visible it will just be excluded. And if none
1626 * of the label is visible "---" will be used.
1628 int aa_label_snxprint(char *str, size_t size, struct aa_ns *ns,
1629 struct aa_label *label, int flags)
1631 struct aa_profile *profile;
1632 struct aa_ns *prev_ns = NULL;
1634 int count = 0, total = 0;
1637 AA_BUG(!str && size != 0);
1640 if (AA_DEBUG_LABEL && (flags & FLAG_ABS_ROOT)) {
1642 len = snprintf(str, size, "_");
1643 update_for_len(total, len, size, str);
1645 ns = labels_ns(label);
1648 label_for_each(i, label, profile) {
1649 if (aa_ns_visible(ns, profile->ns, flags & FLAG_VIEW_SUBNS)) {
1651 len = snprintf(str, size, "//&");
1652 update_for_len(total, len, size, str);
1654 len = aa_profile_snxprint(str, size, ns, profile,
1655 flags & FLAG_VIEW_SUBNS,
1657 update_for_len(total, len, size, str);
1663 if (flags & FLAG_HIDDEN_UNCONFINED)
1664 return snprintf(str, size, "%s", "unconfined");
1665 return snprintf(str, size, "%s", aa_hidden_ns_name);
1668 /* count == 1 && ... is for backwards compat where the mode
1669 * is not displayed for 'unconfined' in the current ns
1671 if (display_mode(ns, label, flags)) {
1672 len = snprintf(str, size, " (%s)",
1673 label_modename(ns, label, flags));
1674 update_for_len(total, len, size, str);
1679 #undef update_for_len
1682 * aa_label_asxprint - allocate a string buffer and print label into it
1683 * @strp: Returns - the allocated buffer with the label name. (NOT NULL)
1684 * @ns: namespace profile is being viewed from
1685 * @label: label to view (NOT NULL)
1686 * @flags: flags controlling what label info is printed
1687 * @gfp: kernel memory allocation type
1689 * Returns: size of name written or would be written if larger than
1692 int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,
1693 int flags, gfp_t gfp)
1700 size = aa_label_snxprint(NULL, 0, ns, label, flags);
1704 *strp = kmalloc(size + 1, gfp);
1707 return aa_label_snxprint(*strp, size + 1, ns, label, flags);
1711 * aa_label_acntsxprint - allocate a __counted string buffer and print label
1712 * @strp: buffer to write to.
1713 * @ns: namespace profile is being viewed from
1714 * @label: label to view (NOT NULL)
1715 * @flags: flags controlling what label info is printed
1716 * @gfp: kernel memory allocation type
1718 * Returns: size of name written or would be written if larger than
1721 int aa_label_acntsxprint(char __counted **strp, struct aa_ns *ns,
1722 struct aa_label *label, int flags, gfp_t gfp)
1729 size = aa_label_snxprint(NULL, 0, ns, label, flags);
1733 *strp = aa_str_alloc(size + 1, gfp);
1736 return aa_label_snxprint(*strp, size + 1, ns, label, flags);
1740 void aa_label_xaudit(struct audit_buffer *ab, struct aa_ns *ns,
1741 struct aa_label *label, int flags, gfp_t gfp)
1750 if (!use_label_hname(ns, label, flags) ||
1751 display_mode(ns, label, flags)) {
1752 len = aa_label_asxprint(&name, ns, label, flags, gfp);
1754 AA_DEBUG("label print error");
1759 str = (char *) label->hname;
1762 if (audit_string_contains_control(str, len))
1763 audit_log_n_hex(ab, str, len);
1765 audit_log_n_string(ab, str, len);
1770 void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
1771 struct aa_label *label, int flags, gfp_t gfp)
1776 if (!use_label_hname(ns, label, flags)) {
1780 len = aa_label_asxprint(&str, ns, label, flags, gfp);
1782 AA_DEBUG("label print error");
1785 seq_printf(f, "%s", str);
1787 } else if (display_mode(ns, label, flags))
1788 seq_printf(f, "%s (%s)", label->hname,
1789 label_modename(ns, label, flags));
1791 seq_printf(f, "%s", label->hname);
1794 void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
1799 if (!use_label_hname(ns, label, flags)) {
1803 len = aa_label_asxprint(&str, ns, label, flags, gfp);
1805 AA_DEBUG("label print error");
1810 } else if (display_mode(ns, label, flags))
1811 pr_info("%s (%s)", label->hname,
1812 label_modename(ns, label, flags));
1814 pr_info("%s", label->hname);
1817 void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp)
1819 struct aa_ns *ns = aa_get_current_ns();
1821 aa_label_xaudit(ab, ns, label, FLAG_VIEW_SUBNS, gfp);
1825 void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp)
1827 struct aa_ns *ns = aa_get_current_ns();
1829 aa_label_seq_xprint(f, ns, label, FLAG_VIEW_SUBNS, gfp);
1833 void aa_label_printk(struct aa_label *label, gfp_t gfp)
1835 struct aa_ns *ns = aa_get_current_ns();
1837 aa_label_xprintk(ns, label, FLAG_VIEW_SUBNS, gfp);
1841 static int label_count_strn_entries(const char *str, size_t n)
1843 const char *end = str + n;
1849 for (split = aa_label_strn_split(str, end - str);
1851 split = aa_label_strn_split(str, end - str)) {
1860 * ensure stacks with components like
1862 * have :ns: applied to both 'A' and 'B' by making the lookup relative
1863 * to the base if the lookup specifies an ns, else making the stacked lookup
1864 * relative to the last embedded ns in the string.
1866 static struct aa_profile *fqlookupn_profile(struct aa_label *base,
1867 struct aa_label *currentbase,
1868 const char *str, size_t n)
1870 const char *first = skipn_spaces(str, n);
1872 if (first && *first == ':')
1873 return aa_fqlookupn_profile(base, str, n);
1875 return aa_fqlookupn_profile(currentbase, str, n);
1879 * aa_label_strn_parse - parse, validate and convert a text string to a label
1880 * @base: base label to use for lookups (NOT NULL)
1881 * @str: null terminated text string (NOT NULL)
1882 * @n: length of str to parse, will stop at \0 if encountered before n
1883 * @gfp: allocation type
1884 * @create: true if should create compound labels if they don't exist
1885 * @force_stack: true if should stack even if no leading &
1887 * Returns: the matching refcounted label if present
1890 struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
1891 size_t n, gfp_t gfp, bool create,
1894 DEFINE_VEC(profile, vec);
1895 struct aa_label *label, *currbase = base;
1896 int i, len, stack = 0, error;
1897 const char *end = str + n;
1903 str = skipn_spaces(str, n);
1904 if (str == NULL || (AA_DEBUG_LABEL && *str == '_' &&
1905 base != &root_ns->unconfined->label))
1906 return ERR_PTR(-EINVAL);
1908 len = label_count_strn_entries(str, end - str);
1909 if (*str == '&' || force_stack) {
1910 /* stack on top of base */
1917 error = vec_setup(profile, vec, len, gfp);
1919 return ERR_PTR(error);
1921 for (i = 0; i < stack; i++)
1922 vec[i] = aa_get_profile(base->vec[i]);
1924 for (split = aa_label_strn_split(str, end - str), i = stack;
1925 split && i < len; i++) {
1926 vec[i] = fqlookupn_profile(base, currbase, str, split - str);
1930 * if component specified a new ns it becomes the new base
1931 * so that subsequent lookups are relative to it
1933 if (vec[i]->ns != labels_ns(currbase))
1934 currbase = &vec[i]->label;
1936 split = aa_label_strn_split(str, end - str);
1938 /* last element doesn't have a split */
1940 vec[i] = fqlookupn_profile(base, currbase, str, end - str);
1945 /* no need to free vec as len < LOCAL_VEC_ENTRIES */
1946 return &vec[0]->label;
1948 len -= aa_vec_unique(vec, len, VEC_FLAG_TERMINATE);
1949 /* TODO: deal with reference labels */
1951 label = aa_get_label(&vec[0]->label);
1956 label = aa_vec_find_or_create_label(vec, len, gfp);
1958 label = vec_find(vec, len);
1963 /* use adjusted len from after vec_unique, not original */
1964 vec_cleanup(profile, vec, len);
1968 label = ERR_PTR(-ENOENT);
1972 struct aa_label *aa_label_parse(struct aa_label *base, const char *str,
1973 gfp_t gfp, bool create, bool force_stack)
1975 return aa_label_strn_parse(base, str, strlen(str), gfp, create,
1980 * aa_labelset_destroy - remove all labels from the label set
1981 * @ls: label set to cleanup (NOT NULL)
1983 * Labels that are removed from the set may still exist beyond the set
1984 * being destroyed depending on their reference counting
1986 void aa_labelset_destroy(struct aa_labelset *ls)
1988 struct rb_node *node;
1989 unsigned long flags;
1993 write_lock_irqsave(&ls->lock, flags);
1994 for (node = rb_first(&ls->root); node; node = rb_first(&ls->root)) {
1995 struct aa_label *this = rb_entry(node, struct aa_label, node);
1997 if (labels_ns(this) != root_ns)
1998 __label_remove(this,
1999 ns_unconfined(labels_ns(this)->parent));
2001 __label_remove(this, NULL);
2003 write_unlock_irqrestore(&ls->lock, flags);
2007 * @ls: labelset to init (NOT NULL)
2009 void aa_labelset_init(struct aa_labelset *ls)
2013 rwlock_init(&ls->lock);
2017 static struct aa_label *labelset_next_stale(struct aa_labelset *ls)
2019 struct aa_label *label;
2020 struct rb_node *node;
2021 unsigned long flags;
2025 read_lock_irqsave(&ls->lock, flags);
2027 __labelset_for_each(ls, node) {
2028 label = rb_entry(node, struct aa_label, node);
2029 if ((label_is_stale(label) ||
2030 vec_is_stale(label->vec, label->size)) &&
2031 __aa_get_label(label))
2038 read_unlock_irqrestore(&ls->lock, flags);
2044 * __label_update - insert updated version of @label into labelset
2045 * @label - the label to update/replace
2047 * Returns: new label that is up to date
2048 * else NULL on failure
2050 * Requires: @ns lock be held
2052 * Note: worst case is the stale @label does not get updated and has
2053 * to be updated at a later time.
2055 static struct aa_label *__label_update(struct aa_label *label)
2057 struct aa_label *new, *tmp;
2058 struct aa_labelset *ls;
2059 unsigned long flags;
2060 int i, invcount = 0;
2063 AA_BUG(!mutex_is_locked(&labels_ns(label)->lock));
2065 new = aa_label_alloc(label->size, label->proxy, GFP_KERNEL);
2070 * while holding the ns_lock will stop profile replacement, removal,
2071 * and label updates, label merging and removal can be occurring
2073 ls = labels_set(label);
2074 write_lock_irqsave(&ls->lock, flags);
2075 for (i = 0; i < label->size; i++) {
2076 AA_BUG(!label->vec[i]);
2077 new->vec[i] = aa_get_newest_profile(label->vec[i]);
2078 AA_BUG(!new->vec[i]);
2079 AA_BUG(!new->vec[i]->label.proxy);
2080 AA_BUG(!new->vec[i]->label.proxy->label);
2081 if (new->vec[i]->label.proxy != label->vec[i]->label.proxy)
2085 /* updated stale label by being removed/renamed from labelset */
2087 new->size -= aa_vec_unique(&new->vec[0], new->size,
2088 VEC_FLAG_TERMINATE);
2089 /* TODO: deal with reference labels */
2090 if (new->size == 1) {
2091 tmp = aa_get_label(&new->vec[0]->label);
2092 AA_BUG(tmp == label);
2095 if (labels_set(label) != labels_set(new)) {
2096 write_unlock_irqrestore(&ls->lock, flags);
2097 tmp = aa_label_insert(labels_set(new), new);
2098 write_lock_irqsave(&ls->lock, flags);
2102 AA_BUG(labels_ns(label) != labels_ns(new));
2104 tmp = __label_insert(labels_set(label), new, true);
2106 /* ensure label is removed, and redirected correctly */
2107 __label_remove(label, tmp);
2108 write_unlock_irqrestore(&ls->lock, flags);
2109 label_free_or_put_new(tmp, new);
2115 * __labelset_update - update labels in @ns
2116 * @ns: namespace to update labels in (NOT NULL)
2118 * Requires: @ns lock be held
2120 * Walk the labelset ensuring that all labels are up to date and valid
2121 * Any label that has a stale component is marked stale and replaced and
2122 * by an updated version.
2124 * If failures happen due to memory pressures then stale labels will
2125 * be left in place until the next pass.
2127 static void __labelset_update(struct aa_ns *ns)
2129 struct aa_label *label;
2132 AA_BUG(!mutex_is_locked(&ns->lock));
2135 label = labelset_next_stale(&ns->labels);
2137 struct aa_label *l = __label_update(label);
2140 aa_put_label(label);
2146 * __aa_labelset_udate_subtree - update all labels with a stale component
2147 * @ns: ns to start update at (NOT NULL)
2149 * Requires: @ns lock be held
2151 * Invalidates labels based on @p in @ns and any children namespaces.
2153 void __aa_labelset_update_subtree(struct aa_ns *ns)
2155 struct aa_ns *child;
2158 AA_BUG(!mutex_is_locked(&ns->lock));
2160 __labelset_update(ns);
2162 list_for_each_entry(child, &ns->sub_ns, base.list) {
2163 mutex_lock_nested(&child->lock, child->level);
2164 __aa_labelset_update_subtree(child);
2165 mutex_unlock(&child->lock);
projects / releases.git / blob