diff options
author | Thomas Gleixner <tglx@mtd.linutronix.de> | 2005-11-06 15:36:37 +0100 |
---|---|---|
committer | Thomas Gleixner <tglx@mtd.linutronix.de> | 2005-11-06 15:36:37 +0100 |
commit | 2fc2991175bf77395e6b15fe6b2304d3bf72da40 (patch) | |
tree | b0ff38c09240e7c00e1577d447ebe89143d752dc /security/selinux/ss | |
parent | [MTD] mtdchar: Return EINVAL for bad seeks instead of fixing up to valid byte (diff) | |
parent | [PATCH] nvidiafb: Geforce 7800 series support added (diff) | |
download | linux-dev-2fc2991175bf77395e6b15fe6b2304d3bf72da40.tar.xz linux-dev-2fc2991175bf77395e6b15fe6b2304d3bf72da40.zip |
Merge branch 'master' of /home/tglx/work/mtd/git/linux-2.6.git/
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/avtab.c | 196 | ||||
-rw-r--r-- | security/selinux/ss/avtab.h | 37 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 223 | ||||
-rw-r--r-- | security/selinux/ss/ebitmap.c | 14 | ||||
-rw-r--r-- | security/selinux/ss/ebitmap.h | 30 | ||||
-rw-r--r-- | security/selinux/ss/hashtab.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/mls.c | 42 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 160 | ||||
-rw-r--r-- | security/selinux/ss/policydb.h | 3 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 91 |
10 files changed, 477 insertions, 325 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index f238c034c44e..dde094feb20d 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -58,6 +58,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat { int hvalue; struct avtab_node *prev, *cur, *newnode; + u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); if (!h) return -EINVAL; @@ -69,7 +70,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat if (key->source_type == cur->key.source_type && key->target_type == cur->key.target_type && key->target_class == cur->key.target_class && - (datum->specified & cur->datum.specified)) + (specified & cur->key.specified)) return -EEXIST; if (key->source_type < cur->key.source_type) break; @@ -98,6 +99,7 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da { int hvalue; struct avtab_node *prev, *cur, *newnode; + u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); if (!h) return NULL; @@ -108,7 +110,7 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da if (key->source_type == cur->key.source_type && key->target_type == cur->key.target_type && key->target_class == cur->key.target_class && - (datum->specified & cur->datum.specified)) + (specified & cur->key.specified)) break; if (key->source_type < cur->key.source_type) break; @@ -125,10 +127,11 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da return newnode; } -struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified) +struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key) { int hvalue; struct avtab_node *cur; + u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); if (!h) return NULL; @@ -138,7 +141,7 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int spe if (key->source_type == cur->key.source_type && key->target_type == cur->key.target_type && key->target_class == cur->key.target_class && - (specified & cur->datum.specified)) + (specified & cur->key.specified)) return &cur->datum; if (key->source_type < cur->key.source_type) @@ -159,10 +162,11 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int spe * conjunction with avtab_search_next_node() */ struct avtab_node* -avtab_search_node(struct avtab *h, struct avtab_key *key, int specified) +avtab_search_node(struct avtab *h, struct avtab_key *key) { int hvalue; struct avtab_node *cur; + u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); if (!h) return NULL; @@ -172,7 +176,7 @@ avtab_search_node(struct avtab *h, struct avtab_key *key, int specified) if (key->source_type == cur->key.source_type && key->target_type == cur->key.target_type && key->target_class == cur->key.target_class && - (specified & cur->datum.specified)) + (specified & cur->key.specified)) return cur; if (key->source_type < cur->key.source_type) @@ -196,11 +200,12 @@ avtab_search_node_next(struct avtab_node *node, int specified) if (!node) return NULL; + specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); for (cur = node->next; cur; cur = cur->next) { if (node->key.source_type == cur->key.source_type && node->key.target_type == cur->key.target_type && node->key.target_class == cur->key.target_class && - (specified & cur->datum.specified)) + (specified & cur->key.specified)) return cur; if (node->key.source_type < cur->key.source_type) @@ -278,76 +283,129 @@ void avtab_hash_eval(struct avtab *h, char *tag) max_chain_len); } -int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey) +static uint16_t spec_order[] = { + AVTAB_ALLOWED, + AVTAB_AUDITDENY, + AVTAB_AUDITALLOW, + AVTAB_TRANSITION, + AVTAB_CHANGE, + AVTAB_MEMBER +}; + +int avtab_read_item(void *fp, u32 vers, struct avtab *a, + int (*insertf)(struct avtab *a, struct avtab_key *k, + struct avtab_datum *d, void *p), + void *p) { - u32 buf[7]; - u32 items, items2; - int rc; + __le16 buf16[4]; + u16 enabled; + __le32 buf32[7]; + u32 items, items2, val; + struct avtab_key key; + struct avtab_datum datum; + int i, rc; + + memset(&key, 0, sizeof(struct avtab_key)); + memset(&datum, 0, sizeof(struct avtab_datum)); + + if (vers < POLICYDB_VERSION_AVTAB) { + rc = next_entry(buf32, fp, sizeof(u32)); + if (rc < 0) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + return -1; + } + items2 = le32_to_cpu(buf32[0]); + if (items2 > ARRAY_SIZE(buf32)) { + printk(KERN_ERR "security: avtab: entry overflow\n"); + return -1; - memset(avkey, 0, sizeof(struct avtab_key)); - memset(avdatum, 0, sizeof(struct avtab_datum)); + } + rc = next_entry(buf32, fp, sizeof(u32)*items2); + if (rc < 0) { + printk(KERN_ERR "security: avtab: truncated entry\n"); + return -1; + } + items = 0; - rc = next_entry(buf, fp, sizeof(u32)); - if (rc < 0) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; - } - items2 = le32_to_cpu(buf[0]); - if (items2 > ARRAY_SIZE(buf)) { - printk(KERN_ERR "security: avtab: entry overflow\n"); - goto bad; + val = le32_to_cpu(buf32[items++]); + key.source_type = (u16)val; + if (key.source_type != val) { + printk("security: avtab: truncated source type\n"); + return -1; + } + val = le32_to_cpu(buf32[items++]); + key.target_type = (u16)val; + if (key.target_type != val) { + printk("security: avtab: truncated target type\n"); + return -1; + } + val = le32_to_cpu(buf32[items++]); + key.target_class = (u16)val; + if (key.target_class != val) { + printk("security: avtab: truncated target class\n"); + return -1; + } + + val = le32_to_cpu(buf32[items++]); + enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; + + if (!(val & (AVTAB_AV | AVTAB_TYPE))) { + printk("security: avtab: null entry\n"); + return -1; + } + if ((val & AVTAB_AV) && + (val & AVTAB_TYPE)) { + printk("security: avtab: entry has both access vectors and types\n"); + return -1; + } + + for (i = 0; i < sizeof(spec_order)/sizeof(u16); i++) { + if (val & spec_order[i]) { + key.specified = spec_order[i] | enabled; + datum.data = le32_to_cpu(buf32[items++]); + rc = insertf(a, &key, &datum, p); + if (rc) return rc; + } + } + + if (items != items2) { + printk("security: avtab: entry only had %d items, expected %d\n", items2, items); + return -1; + } + return 0; } - rc = next_entry(buf, fp, sizeof(u32)*items2); + + rc = next_entry(buf16, fp, sizeof(u16)*4); if (rc < 0) { - printk(KERN_ERR "security: avtab: truncated entry\n"); - goto bad; + printk("security: avtab: truncated entry\n"); + return -1; } + items = 0; - avkey->source_type = le32_to_cpu(buf[items++]); - avkey->target_type = le32_to_cpu(buf[items++]); - avkey->target_class = le32_to_cpu(buf[items++]); - avdatum->specified = le32_to_cpu(buf[items++]); - if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) { - printk(KERN_ERR "security: avtab: null entry\n"); - goto bad; - } - if ((avdatum->specified & AVTAB_AV) && - (avdatum->specified & AVTAB_TYPE)) { - printk(KERN_ERR "security: avtab: entry has both access vectors and types\n"); - goto bad; - } - if (avdatum->specified & AVTAB_AV) { - if (avdatum->specified & AVTAB_ALLOWED) - avtab_allowed(avdatum) = le32_to_cpu(buf[items++]); - if (avdatum->specified & AVTAB_AUDITDENY) - avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]); - if (avdatum->specified & AVTAB_AUDITALLOW) - avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]); - } else { - if (avdatum->specified & AVTAB_TRANSITION) - avtab_transition(avdatum) = le32_to_cpu(buf[items++]); - if (avdatum->specified & AVTAB_CHANGE) - avtab_change(avdatum) = le32_to_cpu(buf[items++]); - if (avdatum->specified & AVTAB_MEMBER) - avtab_member(avdatum) = le32_to_cpu(buf[items++]); - } - if (items != items2) { - printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n", - items2, items); - goto bad; + key.source_type = le16_to_cpu(buf16[items++]); + key.target_type = le16_to_cpu(buf16[items++]); + key.target_class = le16_to_cpu(buf16[items++]); + key.specified = le16_to_cpu(buf16[items++]); + + rc = next_entry(buf32, fp, sizeof(u32)); + if (rc < 0) { + printk("security: avtab: truncated entry\n"); + return -1; } + datum.data = le32_to_cpu(*buf32); + return insertf(a, &key, &datum, p); +} - return 0; -bad: - return -1; +static int avtab_insertf(struct avtab *a, struct avtab_key *k, + struct avtab_datum *d, void *p) +{ + return avtab_insert(a, k, d); } -int avtab_read(struct avtab *a, void *fp, u32 config) +int avtab_read(struct avtab *a, void *fp, u32 vers) { int rc; - struct avtab_key avkey; - struct avtab_datum avdatum; - u32 buf[1]; + __le32 buf[1]; u32 nel, i; @@ -363,16 +421,14 @@ int avtab_read(struct avtab *a, void *fp, u32 config) goto bad; } for (i = 0; i < nel; i++) { - if (avtab_read_item(fp, &avdatum, &avkey)) { - rc = -EINVAL; - goto bad; - } - rc = avtab_insert(a, &avkey, &avdatum); + rc = avtab_read_item(fp,vers, a, avtab_insertf, NULL); if (rc) { if (rc == -ENOMEM) printk(KERN_ERR "security: avtab: out of memory\n"); - if (rc == -EEXIST) + else if (rc == -EEXIST) printk(KERN_ERR "security: avtab: duplicate entry\n"); + else + rc = -EINVAL; goto bad; } } diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index 519d4f6dc655..0a90d939af93 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -21,12 +21,9 @@ #define _SS_AVTAB_H_ struct avtab_key { - u32 source_type; /* source type */ - u32 target_type; /* target type */ - u32 target_class; /* target object class */ -}; - -struct avtab_datum { + u16 source_type; /* source type */ + u16 target_type; /* target type */ + u16 target_class; /* target object class */ #define AVTAB_ALLOWED 1 #define AVTAB_AUDITALLOW 2 #define AVTAB_AUDITDENY 4 @@ -35,15 +32,13 @@ struct avtab_datum { #define AVTAB_MEMBER 32 #define AVTAB_CHANGE 64 #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) -#define AVTAB_ENABLED 0x80000000 /* reserved for used in cond_avtab */ - u32 specified; /* what fields are specified */ - u32 data[3]; /* access vectors or types */ -#define avtab_allowed(x) (x)->data[0] -#define avtab_auditdeny(x) (x)->data[1] -#define avtab_auditallow(x) (x)->data[2] -#define avtab_transition(x) (x)->data[0] -#define avtab_change(x) (x)->data[1] -#define avtab_member(x) (x)->data[2] +#define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */ +#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ + u16 specified; /* what field is specified */ +}; + +struct avtab_datum { + u32 data; /* access vector or type value */ }; struct avtab_node { @@ -58,17 +53,21 @@ struct avtab { }; int avtab_init(struct avtab *); -struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k, int specified); +struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k); void avtab_destroy(struct avtab *h); void avtab_hash_eval(struct avtab *h, char *tag); -int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey); -int avtab_read(struct avtab *a, void *fp, u32 config); +int avtab_read_item(void *fp, uint32_t vers, struct avtab *a, + int (*insert)(struct avtab *a, struct avtab_key *k, + struct avtab_datum *d, void *p), + void *p); + +int avtab_read(struct avtab *a, void *fp, u32 vers); struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum); -struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified); +struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key); struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index e2057f5a411a..d2737edba541 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -100,18 +100,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) /* turn the rules on or off */ for (cur = node->true_list; cur != NULL; cur = cur->next) { if (new_state <= 0) { - cur->node->datum.specified &= ~AVTAB_ENABLED; + cur->node->key.specified &= ~AVTAB_ENABLED; } else { - cur->node->datum.specified |= AVTAB_ENABLED; + cur->node->key.specified |= AVTAB_ENABLED; } } for (cur = node->false_list; cur != NULL; cur = cur->next) { /* -1 or 1 */ if (new_state) { - cur->node->datum.specified &= ~AVTAB_ENABLED; + cur->node->key.specified &= ~AVTAB_ENABLED; } else { - cur->node->datum.specified |= AVTAB_ENABLED; + cur->node->key.specified |= AVTAB_ENABLED; } } } @@ -216,13 +216,13 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cond_bool_datum *booldatum; - u32 buf[3], len; + __le32 buf[3]; + u32 len; int rc; - booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); + booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); if (!booldatum) return -1; - memset(booldatum, 0, sizeof(struct cond_bool_datum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -252,104 +252,126 @@ err: return -1; } -static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, - struct cond_av_list *other) +struct cond_insertf_data { - struct cond_av_list *list, *last = NULL, *cur; - struct avtab_key key; - struct avtab_datum datum; + struct policydb *p; + struct cond_av_list *other; + struct cond_av_list *head; + struct cond_av_list *tail; +}; + +static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr) +{ + struct cond_insertf_data *data = ptr; + struct policydb *p = data->p; + struct cond_av_list *other = data->other, *list, *cur; struct avtab_node *node_ptr; - int rc; - u32 buf[1], i, len; u8 found; - *ret_list = NULL; - - len = 0; - rc = next_entry(buf, fp, sizeof buf); - if (rc < 0) - return -1; - - len = le32_to_cpu(buf[0]); - if (len == 0) { - return 0; - } - for (i = 0; i < len; i++) { - if (avtab_read_item(fp, &datum, &key)) + /* + * For type rules we have to make certain there aren't any + * conflicting rules by searching the te_avtab and the + * cond_te_avtab. + */ + if (k->specified & AVTAB_TYPE) { + if (avtab_search(&p->te_avtab, k)) { + printk("security: type rule already exists outside of a conditional."); goto err; - + } /* - * For type rules we have to make certain there aren't any - * conflicting rules by searching the te_avtab and the - * cond_te_avtab. + * If we are reading the false list other will be a pointer to + * the true list. We can have duplicate entries if there is only + * 1 other entry and it is in our true list. + * + * If we are reading the true list (other == NULL) there shouldn't + * be any other entries. */ - if (datum.specified & AVTAB_TYPE) { - if (avtab_search(&p->te_avtab, &key, AVTAB_TYPE)) { - printk("security: type rule already exists outside of a conditional."); - goto err; - } - /* - * If we are reading the false list other will be a pointer to - * the true list. We can have duplicate entries if there is only - * 1 other entry and it is in our true list. - * - * If we are reading the true list (other == NULL) there shouldn't - * be any other entries. - */ - if (other) { - node_ptr = avtab_search_node(&p->te_cond_avtab, &key, AVTAB_TYPE); - if (node_ptr) { - if (avtab_search_node_next(node_ptr, AVTAB_TYPE)) { - printk("security: too many conflicting type rules."); - goto err; - } - found = 0; - for (cur = other; cur != NULL; cur = cur->next) { - if (cur->node == node_ptr) { - found = 1; - break; - } - } - if (!found) { - printk("security: conflicting type rules."); - goto err; + if (other) { + node_ptr = avtab_search_node(&p->te_cond_avtab, k); + if (node_ptr) { + if (avtab_search_node_next(node_ptr, k->specified)) { + printk("security: too many conflicting type rules."); + goto err; + } + found = 0; + for (cur = other; cur != NULL; cur = cur->next) { + if (cur->node == node_ptr) { + found = 1; + break; } } - } else { - if (avtab_search(&p->te_cond_avtab, &key, AVTAB_TYPE)) { - printk("security: conflicting type rules when adding type rule for true."); + if (!found) { + printk("security: conflicting type rules.\n"); goto err; } } + } else { + if (avtab_search(&p->te_cond_avtab, k)) { + printk("security: conflicting type rules when adding type rule for true.\n"); + goto err; + } } - node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, &key, &datum); - if (!node_ptr) { - printk("security: could not insert rule."); - goto err; - } - - list = kmalloc(sizeof(struct cond_av_list), GFP_KERNEL); - if (!list) - goto err; - memset(list, 0, sizeof(struct cond_av_list)); - - list->node = node_ptr; - if (i == 0) - *ret_list = list; - else - last->next = list; - last = list; + } + node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); + if (!node_ptr) { + printk("security: could not insert rule."); + goto err; } + list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL); + if (!list) + goto err; + + list->node = node_ptr; + if (!data->head) + data->head = list; + else + data->tail->next = list; + data->tail = list; return 0; + err: - cond_av_list_destroy(*ret_list); - *ret_list = NULL; + cond_av_list_destroy(data->head); + data->head = NULL; return -1; } +static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other) +{ + int i, rc; + __le32 buf[1]; + u32 len; + struct cond_insertf_data data; + + *ret_list = NULL; + + len = 0; + rc = next_entry(buf, fp, sizeof(u32)); + if (rc < 0) + return -1; + + len = le32_to_cpu(buf[0]); + if (len == 0) { + return 0; + } + + data.p = p; + data.other = other; + data.head = NULL; + data.tail = NULL; + for (i = 0; i < len; i++) { + rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab, cond_insertf, &data); + if (rc) + return rc; + + } + + *ret_list = data.head; + return 0; +} + static int expr_isvalid(struct policydb *p, struct cond_expr *expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { @@ -366,7 +388,8 @@ static int expr_isvalid(struct policydb *p, struct cond_expr *expr) static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) { - u32 buf[2], len, i; + __le32 buf[2]; + u32 len, i; int rc; struct cond_expr *expr = NULL, *last = NULL; @@ -389,11 +412,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) if (rc < 0) goto err; - expr = kmalloc(sizeof(struct cond_expr), GFP_KERNEL); + expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); if (!expr) { goto err; } - memset(expr, 0, sizeof(struct cond_expr)); expr->expr_type = le32_to_cpu(buf[0]); expr->bool = le32_to_cpu(buf[1]); @@ -424,7 +446,8 @@ err: int cond_read_list(struct policydb *p, void *fp) { struct cond_node *node, *last = NULL; - u32 buf[1], i, len; + __le32 buf[1]; + u32 i, len; int rc; rc = next_entry(buf, fp, sizeof buf); @@ -434,10 +457,9 @@ int cond_read_list(struct policydb *p, void *fp) len = le32_to_cpu(buf[0]); for (i = 0; i < len; i++) { - node = kmalloc(sizeof(struct cond_node), GFP_KERNEL); + node = kzalloc(sizeof(struct cond_node), GFP_KERNEL); if (!node) goto err; - memset(node, 0, sizeof(struct cond_node)); if (cond_read_node(p, node, fp) != 0) goto err; @@ -452,6 +474,7 @@ int cond_read_list(struct policydb *p, void *fp) return 0; err: cond_list_destroy(p->cond_list); + p->cond_list = NULL; return -1; } @@ -465,22 +488,22 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi if(!ctab || !key || !avd) return; - for(node = avtab_search_node(ctab, key, AVTAB_AV); node != NULL; - node = avtab_search_node_next(node, AVTAB_AV)) { - if ( (__u32) (AVTAB_ALLOWED|AVTAB_ENABLED) == - (node->datum.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) - avd->allowed |= avtab_allowed(&node->datum); - if ( (__u32) (AVTAB_AUDITDENY|AVTAB_ENABLED) == - (node->datum.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) + for(node = avtab_search_node(ctab, key); node != NULL; + node = avtab_search_node_next(node, key->specified)) { + if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) + avd->allowed |= node->datum.data; + if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) /* Since a '0' in an auditdeny mask represents a * permission we do NOT want to audit (dontaudit), we use * the '&' operand to ensure that all '0's in the mask * are retained (much unlike the allow and auditallow cases). */ - avd->auditdeny &= avtab_auditdeny(&node->datum); - if ( (__u32) (AVTAB_AUDITALLOW|AVTAB_ENABLED) == - (node->datum.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) - avd->auditallow |= avtab_auditallow(&node->datum); + avd->auditdeny &= node->datum.data; + if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) + avd->auditallow |= node->datum.data; } return; } diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d8ce9cc0b9f1..47024a6e1844 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -39,12 +39,11 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src) n = src->node; prev = NULL; while (n) { - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kzalloc(sizeof(*new), GFP_ATOMIC); if (!new) { ebitmap_destroy(dst); return -ENOMEM; } - memset(new, 0, sizeof(*new)); new->startbit = n->startbit; new->map = n->map; new->next = NULL; @@ -150,10 +149,9 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) if (!value) return 0; - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kzalloc(sizeof(*new), GFP_ATOMIC); if (!new) return -ENOMEM; - memset(new, 0, sizeof(*new)); new->startbit = bit & ~(MAPSIZE - 1); new->map = (MAPBIT << (bit - new->startbit)); @@ -196,8 +194,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) { int rc; struct ebitmap_node *n, *l; - u32 buf[3], mapsize, count, i; - u64 map; + __le32 buf[3]; + u32 mapsize, count, i; + __le64 map; ebitmap_init(e); @@ -231,13 +230,12 @@ int ebitmap_read(struct ebitmap *e, void *fp) printk(KERN_ERR "security: ebitmap: truncated map\n"); goto bad; } - n = kmalloc(sizeof(*n), GFP_KERNEL); + n = kzalloc(sizeof(*n), GFP_KERNEL); if (!n) { printk(KERN_ERR "security: ebitmap: out of memory\n"); rc = -ENOMEM; goto bad; } - memset(n, 0, sizeof(*n)); n->startbit = le32_to_cpu(buf[0]); diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h index 471370233fd9..8bf41055a6cb 100644 --- a/security/selinux/ss/ebitmap.h +++ b/security/selinux/ss/ebitmap.h @@ -32,11 +32,41 @@ struct ebitmap { #define ebitmap_length(e) ((e)->highbit) #define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0) +static inline unsigned int ebitmap_start(struct ebitmap *e, + struct ebitmap_node **n) +{ + *n = e->node; + return ebitmap_startbit(e); +} + static inline void ebitmap_init(struct ebitmap *e) { memset(e, 0, sizeof(*e)); } +static inline unsigned int ebitmap_next(struct ebitmap_node **n, + unsigned int bit) +{ + if ((bit == ((*n)->startbit + MAPSIZE - 1)) && + (*n)->next) { + *n = (*n)->next; + return (*n)->startbit; + } + + return (bit+1); +} + +static inline int ebitmap_node_get_bit(struct ebitmap_node * n, + unsigned int bit) +{ + if (n->map & (MAPBIT << (bit - n->startbit))) + return 1; + return 0; +} + +#define ebitmap_for_each_bit(e, n, bit) \ + for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \ + int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2); int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src); int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2); diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 26661fcc00ce..24e5ec957630 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -15,11 +15,10 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, void *key), struct hashtab *p; u32 i; - p = kmalloc(sizeof(*p), GFP_KERNEL); + p = kzalloc(sizeof(*p), GFP_KERNEL); if (p == NULL) return p; - memset(p, 0, sizeof(*p)); p->size = size; p->nel = 0; p->hash_value = hash_value; @@ -55,10 +54,9 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum) if (cur && (h->keycmp(h, key, cur->key) == 0)) return -EEXIST; - newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); + newnode = kzalloc(sizeof(*newnode), GFP_KERNEL); if (newnode == NULL) return -ENOMEM; - memset(newnode, 0, sizeof(*newnode)); newnode->key = key; newnode->datum = datum; if (prev) { diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index d4c32c39ccc9..aaefac2921f1 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -27,6 +27,7 @@ int mls_compute_context_len(struct context * context) { int i, l, len, range; + struct ebitmap_node *node; if (!selinux_mls_enabled) return 0; @@ -36,24 +37,24 @@ int mls_compute_context_len(struct context * context) range = 0; len += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]); - for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++) { - if (ebitmap_get_bit(&context->range.level[l].cat, i - 1)) { + ebitmap_for_each_bit(&context->range.level[l].cat, node, i) { + if (ebitmap_node_get_bit(node, i)) { if (range) { range++; continue; } - len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1; + len += strlen(policydb.p_cat_val_to_name[i]) + 1; range++; } else { if (range > 1) - len += strlen(policydb.p_cat_val_to_name[i - 2]) + 1; + len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1; range = 0; } } /* Handle case where last category is the end of range */ if (range > 1) - len += strlen(policydb.p_cat_val_to_name[i - 2]) + 1; + len += strlen(policydb.p_cat_val_to_name[i - 1]) + 1; if (l == 0) { if (mls_level_eq(&context->range.level[0], @@ -77,6 +78,7 @@ void mls_sid_to_context(struct context *context, { char *scontextp; int i, l, range, wrote_sep; + struct ebitmap_node *node; if (!selinux_mls_enabled) return; @@ -94,8 +96,8 @@ void mls_sid_to_context(struct context *context, scontextp += strlen(policydb.p_sens_val_to_name[context->range.level[l].sens - 1]); /* categories */ - for (i = 1; i <= ebitmap_length(&context->range.level[l].cat); i++) { - if (ebitmap_get_bit(&context->range.level[l].cat, i - 1)) { + ebitmap_for_each_bit(&context->range.level[l].cat, node, i) { + if (ebitmap_node_get_bit(node, i)) { if (range) { range++; continue; @@ -106,8 +108,8 @@ void mls_sid_to_context(struct context *context, wrote_sep = 1; } else *scontextp++ = ','; - strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]); - scontextp += strlen(policydb.p_cat_val_to_name[i - 1]); + strcpy(scontextp, policydb.p_cat_val_to_name[i]); + scontextp += strlen(policydb.p_cat_val_to_name[i]); range++; } else { if (range > 1) { @@ -116,8 +118,8 @@ void mls_sid_to_context(struct context *context, else *scontextp++ = ','; - strcpy(scontextp, policydb.p_cat_val_to_name[i - 2]); - scontextp += strlen(policydb.p_cat_val_to_name[i - 2]); + strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]); + scontextp += strlen(policydb.p_cat_val_to_name[i - 1]); } range = 0; } @@ -130,8 +132,8 @@ void mls_sid_to_context(struct context *context, else *scontextp++ = ','; - strcpy(scontextp, policydb.p_cat_val_to_name[i - 2]); - scontextp += strlen(policydb.p_cat_val_to_name[i - 2]); + strcpy(scontextp, policydb.p_cat_val_to_name[i - 1]); + scontextp += strlen(policydb.p_cat_val_to_name[i - 1]); } if (l == 0) { @@ -157,6 +159,7 @@ int mls_context_isvalid(struct policydb *p, struct context *c) { struct level_datum *levdatum; struct user_datum *usrdatum; + struct ebitmap_node *node; int i, l; if (!selinux_mls_enabled) @@ -179,11 +182,11 @@ int mls_context_isvalid(struct policydb *p, struct context *c) if (!levdatum) return 0; - for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) { - if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) { + ebitmap_for_each_bit(&c->range.level[l].cat, node, i) { + if (ebitmap_node_get_bit(node, i)) { if (i > p->p_cats.nprim) return 0; - if (!ebitmap_get_bit(&levdatum->level->cat, i - 1)) + if (!ebitmap_get_bit(&levdatum->level->cat, i)) /* * Category may not be associated with * sensitivity in low level. @@ -468,6 +471,7 @@ int mls_convert_context(struct policydb *oldp, struct level_datum *levdatum; struct cat_datum *catdatum; struct ebitmap bitmap; + struct ebitmap_node *node; int l, i; if (!selinux_mls_enabled) @@ -482,12 +486,12 @@ int mls_convert_context(struct policydb *oldp, c->range.level[l].sens = levdatum->level->sens; ebitmap_init(&bitmap); - for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) { - if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) { + ebitmap_for_each_bit(&c->range.level[l].cat, node, i) { + if (ebitmap_node_get_bit(node, i)) { int rc; catdatum = hashtab_search(newp->p_cats.table, - oldp->p_cat_val_to_name[i - 1]); + oldp->p_cat_val_to_name[i]); if (!catdatum) return -EINVAL; rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 785c33cf4864..2f5f539875f2 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -91,6 +91,11 @@ static struct policydb_compat_info policydb_compat[] = { .sym_num = SYM_NUM, .ocon_num = OCON_NUM, }, + { + .version = POLICYDB_VERSION_AVTAB, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, + }, }; static struct policydb_compat_info *policydb_lookup_compat(int version) @@ -116,12 +121,11 @@ static int roles_init(struct policydb *p) int rc; struct role_datum *role; - role = kmalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc(sizeof(*role), GFP_KERNEL); if (!role) { rc = -ENOMEM; goto out; } - memset(role, 0, sizeof(*role)); role->value = ++p->p_roles.nprim; if (role->value != OBJECT_R_VAL) { rc = -EINVAL; @@ -584,6 +588,9 @@ void policydb_destroy(struct policydb *p) struct ocontext *c, *ctmp; struct genfs *g, *gtmp; int i; + struct role_allow *ra, *lra = NULL; + struct role_trans *tr, *ltr = NULL; + struct range_trans *rt, *lrt = NULL; for (i = 0; i < SYM_NUM; i++) { hashtab_map(p->symtab[i].table, destroy_f[i], NULL); @@ -624,6 +631,30 @@ void policydb_destroy(struct policydb *p) cond_policydb_destroy(p); + for (tr = p->role_tr; tr; tr = tr->next) { + if (ltr) kfree(ltr); + ltr = tr; + } + if (ltr) kfree(ltr); + + for (ra = p->role_allow; ra; ra = ra -> next) { + if (lra) kfree(lra); + lra = ra; + } + if (lra) kfree(lra); + + for (rt = p->range_tr; rt; rt = rt -> next) { + if (lrt) kfree(lrt); + lrt = rt; + } + if (lrt) kfree(lrt); + + if (p->type_attr_map) { + for (i = 0; i < p->p_types.nprim; i++) + ebitmap_destroy(&p->type_attr_map[i]); + } + kfree(p->type_attr_map); + return; } @@ -714,7 +745,8 @@ int policydb_context_isvalid(struct policydb *p, struct context *c) */ static int mls_read_range_helper(struct mls_range *r, void *fp) { - u32 buf[2], items; + __le32 buf[2]; + u32 items; int rc; rc = next_entry(buf, fp, sizeof(u32)); @@ -775,7 +807,7 @@ static int context_read_and_validate(struct context *c, struct policydb *p, void *fp) { - u32 buf[3]; + __le32 buf[3]; int rc; rc = next_entry(buf, fp, sizeof buf); @@ -815,14 +847,14 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct perm_datum *perdatum; int rc; - u32 buf[2], len; + __le32 buf[2]; + u32 len; - perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); + perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); if (!perdatum) { rc = -ENOMEM; goto out; } - memset(perdatum, 0, sizeof(*perdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -855,15 +887,15 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct common_datum *comdatum; - u32 buf[4], len, nel; + __le32 buf[4]; + u32 len, nel; int i, rc; - comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); + comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); if (!comdatum) { rc = -ENOMEM; goto out; } - memset(comdatum, 0, sizeof(*comdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -909,15 +941,15 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, { struct constraint_node *c, *lc; struct constraint_expr *e, *le; - u32 buf[3], nexpr; + __le32 buf[3]; + u32 nexpr; int rc, i, j, depth; lc = NULL; for (i = 0; i < ncons; i++) { - c = kmalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) return -ENOMEM; - memset(c, 0, sizeof(*c)); if (lc) { lc->next = c; @@ -933,10 +965,9 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, le = NULL; depth = -1; for (j = 0; j < nexpr; j++) { - e = kmalloc(sizeof(*e), GFP_KERNEL); + e = kzalloc(sizeof(*e), GFP_KERNEL); if (!e) return -ENOMEM; - memset(e, 0, sizeof(*e)); if (le) { le->next = e; @@ -993,15 +1024,15 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct class_datum *cladatum; - u32 buf[6], len, len2, ncons, nel; + __le32 buf[6]; + u32 len, len2, ncons, nel; int i, rc; - cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); + cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); if (!cladatum) { rc = -ENOMEM; goto out; } - memset(cladatum, 0, sizeof(*cladatum)); rc = next_entry(buf, fp, sizeof(u32)*6); if (rc < 0) @@ -1087,14 +1118,14 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct role_datum *role; int rc; - u32 buf[2], len; + __le32 buf[2]; + u32 len; - role = kmalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc(sizeof(*role), GFP_KERNEL); if (!role) { rc = -ENOMEM; goto out; } - memset(role, 0, sizeof(*role)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -1147,14 +1178,14 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct type_datum *typdatum; int rc; - u32 buf[3], len; + __le32 buf[3]; + u32 len; - typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); + typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); if (!typdatum) { rc = -ENOMEM; return rc; } - memset(typdatum, 0, sizeof(*typdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -1191,7 +1222,7 @@ bad: */ static int mls_read_level(struct mls_level *lp, void *fp) { - u32 buf[1]; + __le32 buf[1]; int rc; memset(lp, 0, sizeof(*lp)); @@ -1219,14 +1250,14 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct user_datum *usrdatum; int rc; - u32 buf[2], len; + __le32 buf[2]; + u32 len; - usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); + usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); if (!usrdatum) { rc = -ENOMEM; goto out; } - memset(usrdatum, 0, sizeof(*usrdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -1273,14 +1304,14 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct level_datum *levdatum; int rc; - u32 buf[2], len; + __le32 buf[2]; + u32 len; - levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); + levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); if (!levdatum) { rc = -ENOMEM; goto out; } - memset(levdatum, 0, sizeof(*levdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -1324,14 +1355,14 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) char *key = NULL; struct cat_datum *catdatum; int rc; - u32 buf[3], len; + __le32 buf[3]; + u32 len; - catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); + catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); if (!catdatum) { rc = -ENOMEM; goto out; } - memset(catdatum, 0, sizeof(*catdatum)); rc = next_entry(buf, fp, sizeof buf); if (rc < 0) @@ -1387,7 +1418,8 @@ int policydb_read(struct policydb *p, void *fp) struct ocontext *l, *c, *newc; struct genfs *genfs_p, *genfs, *newgenfs; int i, j, rc; - u32 buf[8], len, len2, config, nprim, nel, nel2; + __le32 buf[8]; + u32 len, len2, config, nprim, nel, nel2; char *policydb_str; struct policydb_compat_info *info; struct range_trans *rt, *lrt; @@ -1403,17 +1435,14 @@ int policydb_read(struct policydb *p, void *fp) if (rc < 0) goto bad; - for (i = 0; i < 2; i++) - buf[i] = le32_to_cpu(buf[i]); - - if (buf[0] != POLICYDB_MAGIC) { + if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { printk(KERN_ERR "security: policydb magic number 0x%x does " "not match expected magic number 0x%x\n", - buf[0], POLICYDB_MAGIC); + le32_to_cpu(buf[0]), POLICYDB_MAGIC); goto bad; } - len = buf[1]; + len = le32_to_cpu(buf[1]); if (len != strlen(POLICYDB_STRING)) { printk(KERN_ERR "security: policydb string length %d does not " "match expected length %Zu\n", @@ -1448,19 +1477,17 @@ int policydb_read(struct policydb *p, void *fp) rc = next_entry(buf, fp, sizeof(u32)*4); if (rc < 0) goto bad; - for (i = 0; i < 4; i++) - buf[i] = le32_to_cpu(buf[i]); - p->policyvers = buf[0]; + p->policyvers = le32_to_cpu(buf[0]); if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) { printk(KERN_ERR "security: policydb version %d does not match " "my version range %d-%d\n", - buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); + le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); goto bad; } - if ((buf[1] & POLICYDB_CONFIG_MLS)) { + if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { if (ss_initialized && !selinux_mls_enabled) { printk(KERN_ERR "Cannot switch between non-MLS and MLS " "policies\n"); @@ -1489,9 +1516,11 @@ int policydb_read(struct policydb *p, void *fp) goto bad; } - if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { + if (le32_to_cpu(buf[2]) != info->sym_num || + le32_to_cpu(buf[3]) != info->ocon_num) { printk(KERN_ERR "security: policydb table sizes (%d,%d) do " - "not match mine (%d,%d)\n", buf[2], buf[3], + "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), + le32_to_cpu(buf[3]), info->sym_num, info->ocon_num); goto bad; } @@ -1511,7 +1540,7 @@ int policydb_read(struct policydb *p, void *fp) p->symtab[i].nprim = nprim; } - rc = avtab_read(&p->te_avtab, fp, config); + rc = avtab_read(&p->te_avtab, fp, p->policyvers); if (rc) goto bad; @@ -1527,12 +1556,11 @@ int policydb_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); ltr = NULL; for (i = 0; i < nel; i++) { - tr = kmalloc(sizeof(*tr), GFP_KERNEL); + tr = kzalloc(sizeof(*tr), GFP_KERNEL); if (!tr) { rc = -ENOMEM; goto bad; } - memset(tr, 0, sizeof(*tr)); if (ltr) { ltr->next = tr; } else { @@ -1553,12 +1581,11 @@ int policydb_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); lra = NULL; for (i = 0; i < nel; i++) { - ra = kmalloc(sizeof(*ra), GFP_KERNEL); + ra = kzalloc(sizeof(*ra), GFP_KERNEL); if (!ra) { rc = -ENOMEM; goto bad; } - memset(ra, 0, sizeof(*ra)); if (lra) { lra->next = ra; } else { @@ -1587,12 +1614,11 @@ int policydb_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); l = NULL; for (j = 0; j < nel; j++) { - c = kmalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) { rc = -ENOMEM; goto bad; } - memset(c, 0, sizeof(*c)); if (l) { l->next = c; } else { @@ -1703,12 +1729,11 @@ int policydb_read(struct policydb *p, void *fp) if (rc < 0) goto bad; len = le32_to_cpu(buf[0]); - newgenfs = kmalloc(sizeof(*newgenfs), GFP_KERNEL); + newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); if (!newgenfs) { rc = -ENOMEM; goto bad; } - memset(newgenfs, 0, sizeof(*newgenfs)); newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); if (!newgenfs->fstype) { @@ -1750,12 +1775,11 @@ int policydb_read(struct policydb *p, void *fp) goto bad; len = le32_to_cpu(buf[0]); - newc = kmalloc(sizeof(*newc), GFP_KERNEL); + newc = kzalloc(sizeof(*newc), GFP_KERNEL); if (!newc) { rc = -ENOMEM; goto bad; } - memset(newc, 0, sizeof(*newc)); newc->u.name = kmalloc(len + 1,GFP_KERNEL); if (!newc->u.name) { @@ -1803,12 +1827,11 @@ int policydb_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); lrt = NULL; for (i = 0; i < nel; i++) { - rt = kmalloc(sizeof(*rt), GFP_KERNEL); + rt = kzalloc(sizeof(*rt), GFP_KERNEL); if (!rt) { rc = -ENOMEM; goto bad; } - memset(rt, 0, sizeof(*rt)); if (lrt) lrt->next = rt; else @@ -1825,6 +1848,21 @@ int policydb_read(struct policydb *p, void *fp) } } + p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); + if (!p->type_attr_map) + goto bad; + + for (i = 0; i < p->p_types.nprim; i++) { + ebitmap_init(&p->type_attr_map[i]); + if (p->policyvers >= POLICYDB_VERSION_AVTAB) { + if (ebitmap_read(&p->type_attr_map[i], fp)) + goto bad; + } + /* add the type itself as the degenerate case */ + if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) + goto bad; + } + rc = 0; out: return rc; diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 2470e2a1a1c3..b1340711f721 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -237,6 +237,9 @@ struct policydb { /* range transitions */ struct range_trans *range_tr; + /* type -> attribute reverse mapping */ + struct ebitmap *type_attr_map; + unsigned int policyvers; }; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 014120474e69..44eb4d74908d 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -266,8 +266,11 @@ static int context_struct_compute_av(struct context *scontext, struct constraint_node *constraint; struct role_allow *ra; struct avtab_key avkey; - struct avtab_datum *avdatum; + struct avtab_node *node; struct class_datum *tclass_datum; + struct ebitmap *sattr, *tattr; + struct ebitmap_node *snode, *tnode; + unsigned int i, j; /* * Remap extended Netlink classes for old policy versions. @@ -300,21 +303,34 @@ static int context_struct_compute_av(struct context *scontext, * If a specific type enforcement rule was defined for * this permission check, then use it. */ - avkey.source_type = scontext->type; - avkey.target_type = tcontext->type; avkey.target_class = tclass; - avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_AV); - if (avdatum) { - if (avdatum->specified & AVTAB_ALLOWED) - avd->allowed = avtab_allowed(avdatum); - if (avdatum->specified & AVTAB_AUDITDENY) - avd->auditdeny = avtab_auditdeny(avdatum); - if (avdatum->specified & AVTAB_AUDITALLOW) - avd->auditallow = avtab_auditallow(avdatum); - } + avkey.specified = AVTAB_AV; + sattr = &policydb.type_attr_map[scontext->type - 1]; + tattr = &policydb.type_attr_map[tcontext->type - 1]; + ebitmap_for_each_bit(sattr, snode, i) { + if (!ebitmap_node_get_bit(snode, i)) + continue; + ebitmap_for_each_bit(tattr, tnode, j) { + if (!ebitmap_node_get_bit(tnode, j)) + continue; + avkey.source_type = i + 1; + avkey.target_type = j + 1; + for (node = avtab_search_node(&policydb.te_avtab, &avkey); + node != NULL; + node = avtab_search_node_next(node, avkey.specified)) { + if (node->key.specified == AVTAB_ALLOWED) + avd->allowed |= node->datum.data; + else if (node->key.specified == AVTAB_AUDITALLOW) + avd->auditallow |= node->datum.data; + else if (node->key.specified == AVTAB_AUDITDENY) + avd->auditdeny &= node->datum.data; + } - /* Check conditional av table for additional permissions */ - cond_compute_av(&policydb.te_cond_avtab, &avkey, avd); + /* Check conditional av table for additional permissions */ + cond_compute_av(&policydb.te_cond_avtab, &avkey, avd); + + } + } /* * Remove any permissions prohibited by a constraint (this includes @@ -365,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, goto out; if (context_struct_to_string(tcontext, &t, &tlen) < 0) goto out; - audit_log(current->audit_context, AUDIT_SELINUX_ERR, + audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, "security_validate_transition: denied for" " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", o, n, t, policydb.p_class_val_to_name[tclass-1]); @@ -771,7 +787,7 @@ static int compute_sid_handle_invalid_context( goto out; if (context_struct_to_string(newcontext, &n, &nlen) < 0) goto out; - audit_log(current->audit_context, AUDIT_SELINUX_ERR, + audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, "security_compute_sid: invalid context %s" " for scontext=%s" " tcontext=%s" @@ -797,7 +813,6 @@ static int security_compute_sid(u32 ssid, struct avtab_key avkey; struct avtab_datum *avdatum; struct avtab_node *node; - unsigned int type_change = 0; int rc = 0; if (!ss_initialized) { @@ -862,33 +877,23 @@ static int security_compute_sid(u32 ssid, avkey.source_type = scontext->type; avkey.target_type = tcontext->type; avkey.target_class = tclass; - avdatum = avtab_search(&policydb.te_avtab, &avkey, AVTAB_TYPE); + avkey.specified = specified; + avdatum = avtab_search(&policydb.te_avtab, &avkey); /* If no permanent rule, also check for enabled conditional rules */ if(!avdatum) { - node = avtab_search_node(&policydb.te_cond_avtab, &avkey, specified); + node = avtab_search_node(&policydb.te_cond_avtab, &avkey); for (; node != NULL; node = avtab_search_node_next(node, specified)) { - if (node->datum.specified & AVTAB_ENABLED) { + if (node->key.specified & AVTAB_ENABLED) { avdatum = &node->datum; break; } } } - type_change = (avdatum && (avdatum->specified & specified)); - if (type_change) { + if (avdatum) { /* Use the type from the type transition/member/change rule. */ - switch (specified) { - case AVTAB_TRANSITION: - newcontext.type = avtab_transition(avdatum); - break; - case AVTAB_MEMBER: - newcontext.type = avtab_member(avdatum); - break; - case AVTAB_CHANGE: - newcontext.type = avtab_change(avdatum); - break; - } + newcontext.type = avdatum->data; } /* Check for class-specific changes. */ @@ -1502,6 +1507,7 @@ int security_get_user_sids(u32 fromsid, struct user_datum *user; struct role_datum *role; struct av_decision avd; + struct ebitmap_node *rnode, *tnode; int rc = 0, i, j; if (!ss_initialized) { @@ -1525,20 +1531,19 @@ int security_get_user_sids(u32 fromsid, } usercon.user = user->value; - mysids = kmalloc(maxnel*sizeof(*mysids), GFP_ATOMIC); + mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC); if (!mysids) { rc = -ENOMEM; goto out_unlock; } - memset(mysids, 0, maxnel*sizeof(*mysids)); - for (i = ebitmap_startbit(&user->roles); i < ebitmap_length(&user->roles); i++) { - if (!ebitmap_get_bit(&user->roles, i)) + ebitmap_for_each_bit(&user->roles, rnode, i) { + if (!ebitmap_node_get_bit(rnode, i)) continue; role = policydb.role_val_to_struct[i]; usercon.role = i+1; - for (j = ebitmap_startbit(&role->types); j < ebitmap_length(&role->types); j++) { - if (!ebitmap_get_bit(&role->types, j)) + ebitmap_for_each_bit(&role->types, tnode, j) { + if (!ebitmap_node_get_bit(tnode, j)) continue; usercon.type = j+1; @@ -1560,13 +1565,12 @@ int security_get_user_sids(u32 fromsid, mysids[mynel++] = sid; } else { maxnel += SIDS_NEL; - mysids2 = kmalloc(maxnel*sizeof(*mysids2), GFP_ATOMIC); + mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC); if (!mysids2) { rc = -ENOMEM; kfree(mysids); goto out_unlock; } - memset(mysids2, 0, maxnel*sizeof(*mysids2)); memcpy(mysids2, mysids, mynel * sizeof(*mysids2)); kfree(mysids); mysids = mysids2; @@ -1708,12 +1712,11 @@ int security_get_bools(int *len, char ***names, int **values) goto out; } - *names = (char**)kmalloc(sizeof(char*) * *len, GFP_ATOMIC); + *names = (char**)kcalloc(*len, sizeof(char*), GFP_ATOMIC); if (!*names) goto err; - memset(*names, 0, sizeof(char*) * *len); - *values = (int*)kmalloc(sizeof(int) * *len, GFP_ATOMIC); + *values = (int*)kcalloc(*len, sizeof(int), GFP_ATOMIC); if (!*values) goto err; |