| sidtab.c (8e4e4c2f53ffcb0ef746dc3b87ce1a57c5c94c7d) | sidtab.c (048be156491ff1aeb0fe5ff0862644d38cd39015) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Implementation of the SID table type. 4 * 5 * Original author: Stephen Smalley, <sds@tycho.nsa.gov> 6 * Author: Ondrej Mosnacek, <omosnacek@gmail.com> 7 * 8 * Copyright (C) 2018 Red Hat, Inc. --- 4 unchanged lines hidden (view full) --- 13#include <linux/rcupdate.h> 14#include <linux/slab.h> 15#include <linux/sched.h> 16#include <linux/spinlock.h> 17#include <asm/barrier.h> 18#include "flask.h" 19#include "security.h" 20#include "sidtab.h" | 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Implementation of the SID table type. 4 * 5 * Original author: Stephen Smalley, <sds@tycho.nsa.gov> 6 * Author: Ondrej Mosnacek, <omosnacek@gmail.com> 7 * 8 * Copyright (C) 2018 Red Hat, Inc. --- 4 unchanged lines hidden (view full) --- 13#include <linux/rcupdate.h> 14#include <linux/slab.h> 15#include <linux/sched.h> 16#include <linux/spinlock.h> 17#include <asm/barrier.h> 18#include "flask.h" 19#include "security.h" 20#include "sidtab.h" |
| 21#include "services.h" |
|
| 21 22struct sidtab_str_cache { 23 struct rcu_head rcu_member; 24 struct list_head lru_member; 25 struct sidtab_entry *parent; 26 u32 len; 27 char str[]; 28}; --- 258 unchanged lines hidden (view full) --- 287 * This sidtab is now frozen - tell the caller to abort and 288 * get the new one. 289 */ 290 rc = -ESTALE; 291 goto out_unlock; 292 } 293 294 count = s->count; | 22 23struct sidtab_str_cache { 24 struct rcu_head rcu_member; 25 struct list_head lru_member; 26 struct sidtab_entry *parent; 27 u32 len; 28 char str[]; 29}; --- 258 unchanged lines hidden (view full) --- 288 * This sidtab is now frozen - tell the caller to abort and 289 * get the new one. 290 */ 291 rc = -ESTALE; 292 goto out_unlock; 293 } 294 295 count = s->count; |
| 295 convert = s->convert; | |
| 296 297 /* bail out if we already reached max entries */ 298 rc = -EOVERFLOW; 299 if (count >= SIDTAB_MAX) 300 goto out_unlock; 301 302 /* insert context into new entry */ 303 rc = -ENOMEM; --- 7 unchanged lines hidden (view full) --- 311 rc = context_cpy(&dst->context, context); 312 if (rc) 313 goto out_unlock; 314 315 /* 316 * if we are building a new sidtab, we need to convert the context 317 * and insert it there as well 318 */ | 296 297 /* bail out if we already reached max entries */ 298 rc = -EOVERFLOW; 299 if (count >= SIDTAB_MAX) 300 goto out_unlock; 301 302 /* insert context into new entry */ 303 rc = -ENOMEM; --- 7 unchanged lines hidden (view full) --- 311 rc = context_cpy(&dst->context, context); 312 if (rc) 313 goto out_unlock; 314 315 /* 316 * if we are building a new sidtab, we need to convert the context 317 * and insert it there as well 318 */ |
| 319 convert = s->convert; |
|
| 319 if (convert) { | 320 if (convert) { |
| 321 struct sidtab *target = convert->target; 322 |
|
| 320 rc = -ENOMEM; | 323 rc = -ENOMEM; |
| 321 dst_convert = sidtab_do_lookup(convert->target, count, 1); | 324 dst_convert = sidtab_do_lookup(target, count, 1); |
| 322 if (!dst_convert) { 323 context_destroy(&dst->context); 324 goto out_unlock; 325 } 326 | 325 if (!dst_convert) { 326 context_destroy(&dst->context); 327 goto out_unlock; 328 } 329 |
| 327 rc = convert->func(context, &dst_convert->context, 328 convert->args, GFP_ATOMIC); | 330 rc = services_convert_context(convert->args, 331 context, &dst_convert->context); |
| 329 if (rc) { 330 context_destroy(&dst->context); 331 goto out_unlock; 332 } 333 dst_convert->sid = index_to_sid(count); 334 dst_convert->hash = context_compute_hash(&dst_convert->context); | 332 if (rc) { 333 context_destroy(&dst->context); 334 goto out_unlock; 335 } 336 dst_convert->sid = index_to_sid(count); 337 dst_convert->hash = context_compute_hash(&dst_convert->context); |
| 335 convert->target->count = count + 1; | 338 target->count = count + 1; |
| 336 | 339 |
| 337 hash_add_rcu(convert->target->context_to_sid, | 340 hash_add_rcu(target->context_to_sid, |
| 338 &dst_convert->list, dst_convert->hash); 339 } 340 341 if (context->len) 342 pr_info("SELinux: Context %s is not valid (left unmapped).\n", 343 context->str); 344 345 *sid = index_to_sid(count); --- 51 unchanged lines hidden (view full) --- 397 if (!edst->ptr_leaf) { 398 edst->ptr_leaf = kzalloc(SIDTAB_NODE_ALLOC_SIZE, 399 GFP_KERNEL); 400 if (!edst->ptr_leaf) 401 return -ENOMEM; 402 } 403 i = 0; 404 while (i < SIDTAB_LEAF_ENTRIES && *pos < count) { | 341 &dst_convert->list, dst_convert->hash); 342 } 343 344 if (context->len) 345 pr_info("SELinux: Context %s is not valid (left unmapped).\n", 346 context->str); 347 348 *sid = index_to_sid(count); --- 51 unchanged lines hidden (view full) --- 400 if (!edst->ptr_leaf) { 401 edst->ptr_leaf = kzalloc(SIDTAB_NODE_ALLOC_SIZE, 402 GFP_KERNEL); 403 if (!edst->ptr_leaf) 404 return -ENOMEM; 405 } 406 i = 0; 407 while (i < SIDTAB_LEAF_ENTRIES && *pos < count) { |
| 405 rc = convert->func(&esrc->ptr_leaf->entries[i].context, 406 &edst->ptr_leaf->entries[i].context, 407 convert->args, GFP_KERNEL); | 408 rc = services_convert_context(convert->args, 409 &esrc->ptr_leaf->entries[i].context, 410 &edst->ptr_leaf->entries[i].context); |
| 408 if (rc) 409 return rc; 410 (*pos)++; 411 i++; 412 } 413 cond_resched(); 414 } 415 return 0; --- 213 unchanged lines hidden --- | 411 if (rc) 412 return rc; 413 (*pos)++; 414 i++; 415 } 416 cond_resched(); 417 } 418 return 0; --- 213 unchanged lines hidden --- |