X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Favtab.c;h=ebb993c5c244d3e5fb72468eee758fe40550e23a;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=8b4f596d05adb966934c9b2f8bad710f491d6b7b;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 8b4f596d0..ebb993c5c 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -28,12 +28,15 @@
  (keyp->source_type << 9)) & \
  AVTAB_HASH_MASK)
 
+static struct kmem_cache *avtab_node_cachep;
+
 static struct avtab_node*
-avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur,
+avtab_insert_node(struct avtab *h, int hvalue,
+		  struct avtab_node * prev, struct avtab_node * cur,
 		  struct avtab_key *key, struct avtab_datum *datum)
 {
 	struct avtab_node * newnode;
-	newnode = (struct avtab_node *) kmalloc(sizeof(struct avtab_node),GFP_KERNEL);
+	newnode = kmem_cache_alloc(avtab_node_cachep, GFP_KERNEL);
 	if (newnode == NULL)
 		return NULL;
 	memset(newnode, 0, sizeof(struct avtab_node));
@@ -51,10 +54,11 @@ avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct
 	return newnode;
 }
 
-int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
+static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
 {
 	int hvalue;
 	struct avtab_node *prev, *cur, *newnode;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return -EINVAL;
@@ -66,7 +70,7 @@ int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *dat
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (datum->specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return -EEXIST;
 		if (key->source_type < cur->key.source_type)
 			break;
@@ -95,6 +99,7 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da
 {
 	int hvalue;
 	struct avtab_node *prev, *cur, *newnode;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return NULL;
@@ -105,7 +110,7 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (datum->specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			break;
 		if (key->source_type < cur->key.source_type)
 			break;
@@ -122,10 +127,11 @@ avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_da
 	return newnode;
 }
 
-struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified)
+struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key)
 {
 	int hvalue;
 	struct avtab_node *cur;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return NULL;
@@ -135,7 +141,7 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int spe
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return &cur->datum;
 
 		if (key->source_type < cur->key.source_type)
@@ -156,10 +162,11 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int spe
  * conjunction with avtab_search_next_node()
  */
 struct avtab_node*
-avtab_search_node(struct avtab *h, struct avtab_key *key, int specified)
+avtab_search_node(struct avtab *h, struct avtab_key *key)
 {
 	int hvalue;
 	struct avtab_node *cur;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return NULL;
@@ -169,7 +176,7 @@ avtab_search_node(struct avtab *h, struct avtab_key *key, int specified)
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return cur;
 
 		if (key->source_type < cur->key.source_type)
@@ -193,11 +200,12 @@ avtab_search_node_next(struct avtab_node *node, int specified)
 	if (!node)
 		return NULL;
 
+	specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 	for (cur = node->next; cur; cur = cur->next) {
 		if (node->key.source_type == cur->key.source_type &&
 		    node->key.target_type == cur->key.target_type &&
 		    node->key.target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return cur;
 
 		if (node->key.source_type < cur->key.source_type)
@@ -226,7 +234,7 @@ void avtab_destroy(struct avtab *h)
 		while (cur != NULL) {
 			temp = cur;
 			cur = cur->next;
-			kfree(temp);
+			kmem_cache_free(avtab_node_cachep, temp);
 		}
 		h->htable[i] = NULL;
 	}
@@ -235,30 +243,6 @@ void avtab_destroy(struct avtab *h)
 }
 
 
-int avtab_map(struct avtab *h,
-	      int (*apply) (struct avtab_key *k,
-			    struct avtab_datum *d,
-			    void *args),
-	      void *args)
-{
-	int i, ret;
-	struct avtab_node *cur;
-
-	if (!h)
-		return 0;
-
-	for (i = 0; i < AVTAB_SIZE; i++) {
-		cur = h->htable[i];
-		while (cur != NULL) {
-			ret = apply(&cur->key, &cur->datum, args);
-			if (ret)
-				return ret;
-			cur = cur->next;
-		}
-	}
-	return 0;
-}
-
 int avtab_init(struct avtab *h)
 {
 	int i;
@@ -299,93 +283,152 @@ void avtab_hash_eval(struct avtab *h, char *tag)
 	       max_chain_len);
 }
 
-int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey)
+static uint16_t spec_order[] = {
+	AVTAB_ALLOWED,
+	AVTAB_AUDITDENY,
+	AVTAB_AUDITALLOW,
+	AVTAB_TRANSITION,
+	AVTAB_CHANGE,
+	AVTAB_MEMBER
+};
+
+int avtab_read_item(void *fp, u32 vers, struct avtab *a,
+	            int (*insertf)(struct avtab *a, struct avtab_key *k,
+				   struct avtab_datum *d, void *p),
+		    void *p)
 {
-	__u32 *buf;
-	__u32 items, items2;
+	__le16 buf16[4];
+	u16 enabled;
+	__le32 buf32[7];
+	u32 items, items2, val;
+	struct avtab_key key;
+	struct avtab_datum datum;
+	int i, rc;
+
+	memset(&key, 0, sizeof(struct avtab_key));
+	memset(&datum, 0, sizeof(struct avtab_datum));
+
+	if (vers < POLICYDB_VERSION_AVTAB) {
+		rc = next_entry(buf32, fp, sizeof(u32));
+		if (rc < 0) {
+			printk(KERN_ERR "security: avtab: truncated entry\n");
+			return -1;
+		}
+		items2 = le32_to_cpu(buf32[0]);
+		if (items2 > ARRAY_SIZE(buf32)) {
+			printk(KERN_ERR "security: avtab: entry overflow\n");
+			return -1;
 
-	memset(avkey, 0, sizeof(struct avtab_key));
-	memset(avdatum, 0, sizeof(struct avtab_datum));
+		}
+		rc = next_entry(buf32, fp, sizeof(u32)*items2);
+		if (rc < 0) {
+			printk(KERN_ERR "security: avtab: truncated entry\n");
+			return -1;
+		}
+		items = 0;
 
-	buf = next_entry(fp, sizeof(__u32));
-	if (!buf) {
-		printk(KERN_ERR "security: avtab: truncated entry\n");
-		goto bad;
+		val = le32_to_cpu(buf32[items++]);
+		key.source_type = (u16)val;
+		if (key.source_type != val) {
+			printk("security: avtab: truncated source type\n");
+			return -1;
+		}
+		val = le32_to_cpu(buf32[items++]);
+		key.target_type = (u16)val;
+		if (key.target_type != val) {
+			printk("security: avtab: truncated target type\n");
+			return -1;
+		}
+		val = le32_to_cpu(buf32[items++]);
+		key.target_class = (u16)val;
+		if (key.target_class != val) {
+			printk("security: avtab: truncated target class\n");
+			return -1;
+		}
+
+		val = le32_to_cpu(buf32[items++]);
+		enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
+
+		if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
+			printk("security: avtab: null entry\n");
+			return -1;
+		}
+		if ((val & AVTAB_AV) &&
+		    (val & AVTAB_TYPE)) {
+			printk("security: avtab: entry has both access vectors and types\n");
+			return -1;
+		}
+
+		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
+			if (val & spec_order[i]) {
+				key.specified = spec_order[i] | enabled;
+				datum.data = le32_to_cpu(buf32[items++]);
+				rc = insertf(a, &key, &datum, p);
+				if (rc) return rc;
+			}
+		}
+
+		if (items != items2) {
+			printk("security: avtab: entry only had %d items, expected %d\n", items2, items);
+			return -1;
+		}
+		return 0;
 	}
-	items2 = le32_to_cpu(buf[0]);
-	buf = next_entry(fp, sizeof(__u32)*items2);
-	if (!buf) {
-		printk(KERN_ERR "security: avtab: truncated entry\n");
-		goto bad;
+
+	rc = next_entry(buf16, fp, sizeof(u16)*4);
+	if (rc < 0) {
+		printk("security: avtab: truncated entry\n");
+		return -1;
 	}
+
 	items = 0;
-	avkey->source_type = le32_to_cpu(buf[items++]);
-	avkey->target_type = le32_to_cpu(buf[items++]);
-	avkey->target_class = le32_to_cpu(buf[items++]);
-	avdatum->specified = le32_to_cpu(buf[items++]);
-	if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) {
-		printk(KERN_ERR "security: avtab: null entry\n");
-		goto bad;
-	}
-	if ((avdatum->specified & AVTAB_AV) &&
-	    (avdatum->specified & AVTAB_TYPE)) {
-		printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
-		goto bad;
-	}
-	if (avdatum->specified & AVTAB_AV) {
-		if (avdatum->specified & AVTAB_ALLOWED)
-			avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_AUDITDENY)
-			avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_AUDITALLOW)
-			avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
-	} else {
-		if (avdatum->specified & AVTAB_TRANSITION)
-			avtab_transition(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_CHANGE)
-			avtab_change(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_MEMBER)
-			avtab_member(avdatum) = le32_to_cpu(buf[items++]);
-	}
-	if (items != items2) {
-		printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n",
-		       items2, items);
-		goto bad;
+	key.source_type = le16_to_cpu(buf16[items++]);
+	key.target_type = le16_to_cpu(buf16[items++]);
+	key.target_class = le16_to_cpu(buf16[items++]);
+	key.specified = le16_to_cpu(buf16[items++]);
+
+	rc = next_entry(buf32, fp, sizeof(u32));
+	if (rc < 0) {
+		printk("security: avtab: truncated entry\n");
+		return -1;
 	}
+	datum.data = le32_to_cpu(*buf32);
+	return insertf(a, &key, &datum, p);
+}
 
-	return 0;
-bad:
-	return -1;
+static int avtab_insertf(struct avtab *a, struct avtab_key *k,
+			 struct avtab_datum *d, void *p)
+{
+	return avtab_insert(a, k, d);
 }
 
-int avtab_read(struct avtab *a, void *fp, u32 config)
+int avtab_read(struct avtab *a, void *fp, u32 vers)
 {
-	int i, rc = -EINVAL;
-	struct avtab_key avkey;
-	struct avtab_datum avdatum;
-	u32 *buf;
-	u32 nel;
+	int rc;
+	__le32 buf[1];
+	u32 nel, i;
 
 
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf) {
+	rc = next_entry(buf, fp, sizeof(u32));
+	if (rc < 0) {
 		printk(KERN_ERR "security: avtab: truncated table\n");
 		goto bad;
 	}
 	nel = le32_to_cpu(buf[0]);
 	if (!nel) {
 		printk(KERN_ERR "security: avtab: table is empty\n");
+		rc = -EINVAL;
 		goto bad;
 	}
 	for (i = 0; i < nel; i++) {
-		if (avtab_read_item(fp, &avdatum, &avkey))
-			goto bad;
-		rc = avtab_insert(a, &avkey, &avdatum);
+		rc = avtab_read_item(fp,vers, a, avtab_insertf, NULL);
 		if (rc) {
 			if (rc == -ENOMEM)
 				printk(KERN_ERR "security: avtab: out of memory\n");
-			if (rc == -EEXIST)
+			else if (rc == -EEXIST)
 				printk(KERN_ERR "security: avtab: duplicate entry\n");
+			else
+				rc = -EINVAL;
 			goto bad;
 		}
 	}
@@ -399,3 +442,14 @@ bad:
 	goto out;
 }
 
+void avtab_cache_init(void)
+{
+	avtab_node_cachep = kmem_cache_create("avtab_node",
+					      sizeof(struct avtab_node),
+					      0, SLAB_PANIC, NULL, NULL);
+}
+
+void avtab_cache_destroy(void)
+{
+	kmem_cache_destroy (avtab_node_cachep);
+}