summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/conditional.c6
-rw-r--r--security/selinux/ss/mls.c25
-rw-r--r--security/selinux/ss/policydb.c109
-rw-r--r--security/selinux/ss/policydb.h17
-rw-r--r--security/selinux/ss/services.c38
5 files changed, 127 insertions, 68 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 655fe1c6cc69..c3f845cbcd48 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -193,6 +193,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
193{ 193{
194 struct policydb *p; 194 struct policydb *p;
195 struct cond_bool_datum *booldatum; 195 struct cond_bool_datum *booldatum;
196 struct flex_array *fa;
196 197
197 booldatum = datum; 198 booldatum = datum;
198 p = datap; 199 p = datap;
@@ -200,7 +201,10 @@ int cond_index_bool(void *key, void *datum, void *datap)
200 if (!booldatum->value || booldatum->value > p->p_bools.nprim) 201 if (!booldatum->value || booldatum->value > p->p_bools.nprim)
201 return -EINVAL; 202 return -EINVAL;
202 203
203 p->p_bool_val_to_name[booldatum->value - 1] = key; 204 fa = p->sym_val_to_name[SYM_BOOLS];
205 if (flex_array_put_ptr(fa, booldatum->value - 1, key,
206 GFP_KERNEL | __GFP_ZERO))
207 BUG();
204 p->bool_val_to_struct[booldatum->value - 1] = booldatum; 208 p->bool_val_to_struct[booldatum->value - 1] = booldatum;
205 209
206 return 0; 210 return 0;
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index b4eff7a60c50..1ef8e4e89880 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -45,7 +45,7 @@ int mls_compute_context_len(struct context *context)
45 len = 1; /* for the beginning ":" */ 45 len = 1; /* for the beginning ":" */
46 for (l = 0; l < 2; l++) { 46 for (l = 0; l < 2; l++) {
47 int index_sens = context->range.level[l].sens; 47 int index_sens = context->range.level[l].sens;
48 len += strlen(policydb.p_sens_val_to_name[index_sens - 1]); 48 len += strlen(sym_name(&policydb, SYM_LEVELS, index_sens - 1));
49 49
50 /* categories */ 50 /* categories */
51 head = -2; 51 head = -2;
@@ -55,17 +55,17 @@ int mls_compute_context_len(struct context *context)
55 if (i - prev > 1) { 55 if (i - prev > 1) {
56 /* one or more negative bits are skipped */ 56 /* one or more negative bits are skipped */
57 if (head != prev) { 57 if (head != prev) {
58 nm = policydb.p_cat_val_to_name[prev]; 58 nm = sym_name(&policydb, SYM_CATS, prev);
59 len += strlen(nm) + 1; 59 len += strlen(nm) + 1;
60 } 60 }
61 nm = policydb.p_cat_val_to_name[i]; 61 nm = sym_name(&policydb, SYM_CATS, i);
62 len += strlen(nm) + 1; 62 len += strlen(nm) + 1;
63 head = i; 63 head = i;
64 } 64 }
65 prev = i; 65 prev = i;
66 } 66 }
67 if (prev != head) { 67 if (prev != head) {
68 nm = policydb.p_cat_val_to_name[prev]; 68 nm = sym_name(&policydb, SYM_CATS, prev);
69 len += strlen(nm) + 1; 69 len += strlen(nm) + 1;
70 } 70 }
71 if (l == 0) { 71 if (l == 0) {
@@ -102,8 +102,8 @@ void mls_sid_to_context(struct context *context,
102 scontextp++; 102 scontextp++;
103 103
104 for (l = 0; l < 2; l++) { 104 for (l = 0; l < 2; l++) {
105 strcpy(scontextp, 105 strcpy(scontextp, sym_name(&policydb, SYM_LEVELS,
106 policydb.p_sens_val_to_name[context->range.level[l].sens - 1]); 106 context->range.level[l].sens - 1));
107 scontextp += strlen(scontextp); 107 scontextp += strlen(scontextp);
108 108
109 /* categories */ 109 /* categories */
@@ -118,7 +118,7 @@ void mls_sid_to_context(struct context *context,
118 *scontextp++ = '.'; 118 *scontextp++ = '.';
119 else 119 else
120 *scontextp++ = ','; 120 *scontextp++ = ',';
121 nm = policydb.p_cat_val_to_name[prev]; 121 nm = sym_name(&policydb, SYM_CATS, prev);
122 strcpy(scontextp, nm); 122 strcpy(scontextp, nm);
123 scontextp += strlen(nm); 123 scontextp += strlen(nm);
124 } 124 }
@@ -126,7 +126,7 @@ void mls_sid_to_context(struct context *context,
126 *scontextp++ = ':'; 126 *scontextp++ = ':';
127 else 127 else
128 *scontextp++ = ','; 128 *scontextp++ = ',';
129 nm = policydb.p_cat_val_to_name[i]; 129 nm = sym_name(&policydb, SYM_CATS, i);
130 strcpy(scontextp, nm); 130 strcpy(scontextp, nm);
131 scontextp += strlen(nm); 131 scontextp += strlen(nm);
132 head = i; 132 head = i;
@@ -139,7 +139,7 @@ void mls_sid_to_context(struct context *context,
139 *scontextp++ = '.'; 139 *scontextp++ = '.';
140 else 140 else
141 *scontextp++ = ','; 141 *scontextp++ = ',';
142 nm = policydb.p_cat_val_to_name[prev]; 142 nm = sym_name(&policydb, SYM_CATS, prev);
143 strcpy(scontextp, nm); 143 strcpy(scontextp, nm);
144 scontextp += strlen(nm); 144 scontextp += strlen(nm);
145 } 145 }
@@ -166,7 +166,7 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l)
166 if (!l->sens || l->sens > p->p_levels.nprim) 166 if (!l->sens || l->sens > p->p_levels.nprim)
167 return 0; 167 return 0;
168 levdatum = hashtab_search(p->p_levels.table, 168 levdatum = hashtab_search(p->p_levels.table,
169 p->p_sens_val_to_name[l->sens - 1]); 169 sym_name(p, SYM_LEVELS, l->sens - 1));
170 if (!levdatum) 170 if (!levdatum)
171 return 0; 171 return 0;
172 172
@@ -482,7 +482,8 @@ int mls_convert_context(struct policydb *oldp,
482 482
483 for (l = 0; l < 2; l++) { 483 for (l = 0; l < 2; l++) {
484 levdatum = hashtab_search(newp->p_levels.table, 484 levdatum = hashtab_search(newp->p_levels.table,
485 oldp->p_sens_val_to_name[c->range.level[l].sens - 1]); 485 sym_name(oldp, SYM_LEVELS,
486 c->range.level[l].sens - 1));
486 487
487 if (!levdatum) 488 if (!levdatum)
488 return -EINVAL; 489 return -EINVAL;
@@ -493,7 +494,7 @@ int mls_convert_context(struct policydb *oldp,
493 int rc; 494 int rc;
494 495
495 catdatum = hashtab_search(newp->p_cats.table, 496 catdatum = hashtab_search(newp->p_cats.table,
496 oldp->p_cat_val_to_name[i]); 497 sym_name(oldp, SYM_CATS, i));
497 if (!catdatum) 498 if (!catdatum)
498 return -EINVAL; 499 return -EINVAL;
499 rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); 500 rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index af41fdfe1a71..5adca670e5af 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -254,12 +254,17 @@ static int common_index(void *key, void *datum, void *datap)
254{ 254{
255 struct policydb *p; 255 struct policydb *p;
256 struct common_datum *comdatum; 256 struct common_datum *comdatum;
257 struct flex_array *fa;
257 258
258 comdatum = datum; 259 comdatum = datum;
259 p = datap; 260 p = datap;
260 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 261 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
261 return -EINVAL; 262 return -EINVAL;
262 p->p_common_val_to_name[comdatum->value - 1] = key; 263
264 fa = p->sym_val_to_name[SYM_COMMONS];
265 if (flex_array_put_ptr(fa, comdatum->value - 1, key,
266 GFP_KERNEL | __GFP_ZERO))
267 BUG();
263 return 0; 268 return 0;
264} 269}
265 270
@@ -267,12 +272,16 @@ static int class_index(void *key, void *datum, void *datap)
267{ 272{
268 struct policydb *p; 273 struct policydb *p;
269 struct class_datum *cladatum; 274 struct class_datum *cladatum;
275 struct flex_array *fa;
270 276
271 cladatum = datum; 277 cladatum = datum;
272 p = datap; 278 p = datap;
273 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 279 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
274 return -EINVAL; 280 return -EINVAL;
275 p->p_class_val_to_name[cladatum->value - 1] = key; 281 fa = p->sym_val_to_name[SYM_CLASSES];
282 if (flex_array_put_ptr(fa, cladatum->value - 1, key,
283 GFP_KERNEL | __GFP_ZERO))
284 BUG();
276 p->class_val_to_struct[cladatum->value - 1] = cladatum; 285 p->class_val_to_struct[cladatum->value - 1] = cladatum;
277 return 0; 286 return 0;
278} 287}
@@ -281,6 +290,7 @@ static int role_index(void *key, void *datum, void *datap)
281{ 290{
282 struct policydb *p; 291 struct policydb *p;
283 struct role_datum *role; 292 struct role_datum *role;
293 struct flex_array *fa;
284 294
285 role = datum; 295 role = datum;
286 p = datap; 296 p = datap;
@@ -288,7 +298,11 @@ static int role_index(void *key, void *datum, void *datap)
288 || role->value > p->p_roles.nprim 298 || role->value > p->p_roles.nprim
289 || role->bounds > p->p_roles.nprim) 299 || role->bounds > p->p_roles.nprim)
290 return -EINVAL; 300 return -EINVAL;
291 p->p_role_val_to_name[role->value - 1] = key; 301
302 fa = p->sym_val_to_name[SYM_ROLES];
303 if (flex_array_put_ptr(fa, role->value - 1, key,
304 GFP_KERNEL | __GFP_ZERO))
305 BUG();
292 p->role_val_to_struct[role->value - 1] = role; 306 p->role_val_to_struct[role->value - 1] = role;
293 return 0; 307 return 0;
294} 308}
@@ -297,6 +311,7 @@ static int type_index(void *key, void *datum, void *datap)
297{ 311{
298 struct policydb *p; 312 struct policydb *p;
299 struct type_datum *typdatum; 313 struct type_datum *typdatum;
314 struct flex_array *fa;
300 315
301 typdatum = datum; 316 typdatum = datum;
302 p = datap; 317 p = datap;
@@ -306,10 +321,13 @@ static int type_index(void *key, void *datum, void *datap)
306 || typdatum->value > p->p_types.nprim 321 || typdatum->value > p->p_types.nprim
307 || typdatum->bounds > p->p_types.nprim) 322 || typdatum->bounds > p->p_types.nprim)
308 return -EINVAL; 323 return -EINVAL;
309 p->p_type_val_to_name[typdatum->value - 1] = key; 324 fa = p->sym_val_to_name[SYM_TYPES];
310 /* this flex array was all preallocated, this cannot fail */ 325 if (flex_array_put_ptr(fa, typdatum->value - 1, key,
311 if (flex_array_put_ptr(p->type_val_to_struct_array, 326 GFP_KERNEL | __GFP_ZERO))
312 typdatum->value - 1, typdatum, 327 BUG();
328
329 fa = p->type_val_to_struct_array;
330 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,
313 GFP_KERNEL | __GFP_ZERO)) 331 GFP_KERNEL | __GFP_ZERO))
314 BUG(); 332 BUG();
315 } 333 }
@@ -321,6 +339,7 @@ static int user_index(void *key, void *datum, void *datap)
321{ 339{
322 struct policydb *p; 340 struct policydb *p;
323 struct user_datum *usrdatum; 341 struct user_datum *usrdatum;
342 struct flex_array *fa;
324 343
325 usrdatum = datum; 344 usrdatum = datum;
326 p = datap; 345 p = datap;
@@ -328,7 +347,11 @@ static int user_index(void *key, void *datum, void *datap)
328 || usrdatum->value > p->p_users.nprim 347 || usrdatum->value > p->p_users.nprim
329 || usrdatum->bounds > p->p_users.nprim) 348 || usrdatum->bounds > p->p_users.nprim)
330 return -EINVAL; 349 return -EINVAL;
331 p->p_user_val_to_name[usrdatum->value - 1] = key; 350
351 fa = p->sym_val_to_name[SYM_USERS];
352 if (flex_array_put_ptr(fa, usrdatum->value - 1, key,
353 GFP_KERNEL | __GFP_ZERO))
354 BUG();
332 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 355 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
333 return 0; 356 return 0;
334} 357}
@@ -337,6 +360,7 @@ static int sens_index(void *key, void *datum, void *datap)
337{ 360{
338 struct policydb *p; 361 struct policydb *p;
339 struct level_datum *levdatum; 362 struct level_datum *levdatum;
363 struct flex_array *fa;
340 364
341 levdatum = datum; 365 levdatum = datum;
342 p = datap; 366 p = datap;
@@ -345,7 +369,10 @@ static int sens_index(void *key, void *datum, void *datap)
345 if (!levdatum->level->sens || 369 if (!levdatum->level->sens ||
346 levdatum->level->sens > p->p_levels.nprim) 370 levdatum->level->sens > p->p_levels.nprim)
347 return -EINVAL; 371 return -EINVAL;
348 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 372 fa = p->sym_val_to_name[SYM_LEVELS];
373 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,
374 GFP_KERNEL | __GFP_ZERO))
375 BUG();
349 } 376 }
350 377
351 return 0; 378 return 0;
@@ -355,6 +382,7 @@ static int cat_index(void *key, void *datum, void *datap)
355{ 382{
356 struct policydb *p; 383 struct policydb *p;
357 struct cat_datum *catdatum; 384 struct cat_datum *catdatum;
385 struct flex_array *fa;
358 386
359 catdatum = datum; 387 catdatum = datum;
360 p = datap; 388 p = datap;
@@ -362,7 +390,10 @@ static int cat_index(void *key, void *datum, void *datap)
362 if (!catdatum->isalias) { 390 if (!catdatum->isalias) {
363 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 391 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
364 return -EINVAL; 392 return -EINVAL;
365 p->p_cat_val_to_name[catdatum->value - 1] = key; 393 fa = p->sym_val_to_name[SYM_CATS];
394 if (flex_array_put_ptr(fa, catdatum->value - 1, key,
395 GFP_KERNEL | __GFP_ZERO))
396 BUG();
366 } 397 }
367 398
368 return 0; 399 return 0;
@@ -392,9 +423,16 @@ static int policydb_index_classes(struct policydb *p)
392 int rc; 423 int rc;
393 424
394 rc = -ENOMEM; 425 rc = -ENOMEM;
395 p->p_common_val_to_name = 426 p->sym_val_to_name[SYM_COMMONS] = flex_array_alloc(sizeof(char *),
396 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 427 p->p_commons.nprim,
397 if (!p->p_common_val_to_name) 428 GFP_KERNEL | __GFP_ZERO);
429 if (!p->sym_val_to_name[SYM_COMMONS])
430 goto out;
431
432 rc = flex_array_prealloc(p->sym_val_to_name[SYM_COMMONS],
433 0, p->p_commons.nprim - 1,
434 GFP_KERNEL | __GFP_ZERO);
435 if (rc)
398 goto out; 436 goto out;
399 437
400 rc = hashtab_map(p->p_commons.table, common_index, p); 438 rc = hashtab_map(p->p_commons.table, common_index, p);
@@ -408,9 +446,16 @@ static int policydb_index_classes(struct policydb *p)
408 goto out; 446 goto out;
409 447
410 rc = -ENOMEM; 448 rc = -ENOMEM;
411 p->p_class_val_to_name = 449 p->sym_val_to_name[SYM_CLASSES] = flex_array_alloc(sizeof(char *),
412 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 450 p->p_classes.nprim,
413 if (!p->p_class_val_to_name) 451 GFP_KERNEL | __GFP_ZERO);
452 if (!p->sym_val_to_name[SYM_CLASSES])
453 goto out;
454
455 rc = flex_array_prealloc(p->sym_val_to_name[SYM_CLASSES],
456 0, p->p_classes.nprim - 1,
457 GFP_KERNEL | __GFP_ZERO);
458 if (rc)
414 goto out; 459 goto out;
415 460
416 rc = hashtab_map(p->p_classes.table, class_index, p); 461 rc = hashtab_map(p->p_classes.table, class_index, p);
@@ -507,10 +552,18 @@ static int policydb_index_others(struct policydb *p)
507 552
508 for (i = SYM_ROLES; i < SYM_NUM; i++) { 553 for (i = SYM_ROLES; i < SYM_NUM; i++) {
509 rc = -ENOMEM; 554 rc = -ENOMEM;
510 p->sym_val_to_name[i] = 555 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),
511 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 556 p->symtab[i].nprim,
557 GFP_KERNEL | __GFP_ZERO);
512 if (!p->sym_val_to_name[i]) 558 if (!p->sym_val_to_name[i])
513 goto out; 559 goto out;
560
561 rc = flex_array_prealloc(p->sym_val_to_name[i],
562 0, p->symtab[i].nprim - 1,
563 GFP_KERNEL | __GFP_ZERO);
564 if (rc)
565 goto out;
566
514 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 567 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
515 if (rc) 568 if (rc)
516 goto out; 569 goto out;
@@ -703,8 +756,10 @@ void policydb_destroy(struct policydb *p)
703 hashtab_destroy(p->symtab[i].table); 756 hashtab_destroy(p->symtab[i].table);
704 } 757 }
705 758
706 for (i = 0; i < SYM_NUM; i++) 759 for (i = 0; i < SYM_NUM; i++) {
707 kfree(p->sym_val_to_name[i]); 760 if (p->sym_val_to_name[i])
761 flex_array_free(p->sym_val_to_name[i]);
762 }
708 763
709 kfree(p->class_val_to_struct); 764 kfree(p->class_val_to_struct);
710 kfree(p->role_val_to_struct); 765 kfree(p->role_val_to_struct);
@@ -1566,9 +1621,9 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1566 printk(KERN_ERR 1621 printk(KERN_ERR
1567 "SELinux: boundary violated policy: " 1622 "SELinux: boundary violated policy: "
1568 "user=%s role=%s bounds=%s\n", 1623 "user=%s role=%s bounds=%s\n",
1569 p->p_user_val_to_name[user->value - 1], 1624 sym_name(p, SYM_USERS, user->value - 1),
1570 p->p_role_val_to_name[bit], 1625 sym_name(p, SYM_ROLES, bit),
1571 p->p_user_val_to_name[upper->value - 1]); 1626 sym_name(p, SYM_USERS, upper->value - 1));
1572 1627
1573 return -EINVAL; 1628 return -EINVAL;
1574 } 1629 }
@@ -1603,9 +1658,9 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1603 printk(KERN_ERR 1658 printk(KERN_ERR
1604 "SELinux: boundary violated policy: " 1659 "SELinux: boundary violated policy: "
1605 "role=%s type=%s bounds=%s\n", 1660 "role=%s type=%s bounds=%s\n",
1606 p->p_role_val_to_name[role->value - 1], 1661 sym_name(p, SYM_ROLES, role->value - 1),
1607 p->p_type_val_to_name[bit], 1662 sym_name(p, SYM_TYPES, bit),
1608 p->p_role_val_to_name[upper->value - 1]); 1663 sym_name(p, SYM_ROLES, upper->value - 1));
1609 1664
1610 return -EINVAL; 1665 return -EINVAL;
1611 } 1666 }
@@ -1637,7 +1692,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1637 printk(KERN_ERR "SELinux: type %s: " 1692 printk(KERN_ERR "SELinux: type %s: "
1638 "bounded by attribute %s", 1693 "bounded by attribute %s",
1639 (char *) key, 1694 (char *) key,
1640 p->p_type_val_to_name[upper->value - 1]); 1695 sym_name(p, SYM_TYPES, upper->value - 1));
1641 return -EINVAL; 1696 return -EINVAL;
1642 } 1697 }
1643 } 1698 }
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 9826a92a6b0c..4e3ab9d0b315 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -203,15 +203,7 @@ struct policydb {
203#define p_cats symtab[SYM_CATS] 203#define p_cats symtab[SYM_CATS]
204 204
205 /* symbol names indexed by (value - 1) */ 205 /* symbol names indexed by (value - 1) */
206 char **sym_val_to_name[SYM_NUM]; 206 struct flex_array *sym_val_to_name[SYM_NUM];
207#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
208#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
209#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
210#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
211#define p_user_val_to_name sym_val_to_name[SYM_USERS]
212#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
213#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
214#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
215 207
216 /* class, role, and user attributes indexed by (value - 1) */ 208 /* class, role, and user attributes indexed by (value - 1) */
217 struct class_datum **class_val_to_struct; 209 struct class_datum **class_val_to_struct;
@@ -321,6 +313,13 @@ static inline int put_entry(void *buf, size_t bytes, int num, struct policy_file
321 return 0; 313 return 0;
322} 314}
323 315
316static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr)
317{
318 struct flex_array *fa = p->sym_val_to_name[sym_num];
319
320 return flex_array_get_ptr(fa, element_nr);
321}
322
324extern u16 string_to_security_class(struct policydb *p, const char *name); 323extern u16 string_to_security_class(struct policydb *p, const char *name);
325extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); 324extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name);
326 325
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index afcbc19817f7..a03cfaf0ee07 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -464,7 +464,7 @@ static void security_dump_masked_av(struct context *scontext,
464 if (!permissions) 464 if (!permissions)
465 return; 465 return;
466 466
467 tclass_name = policydb.p_class_val_to_name[tclass - 1]; 467 tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);
468 tclass_dat = policydb.class_val_to_struct[tclass - 1]; 468 tclass_dat = policydb.class_val_to_struct[tclass - 1];
469 common_dat = tclass_dat->comdatum; 469 common_dat = tclass_dat->comdatum;
470 470
@@ -716,7 +716,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
716 audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, 716 audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
717 "security_validate_transition: denied for" 717 "security_validate_transition: denied for"
718 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", 718 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
719 o, n, t, policydb.p_class_val_to_name[tclass-1]); 719 o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
720out: 720out:
721 kfree(o); 721 kfree(o);
722 kfree(n); 722 kfree(n);
@@ -1012,9 +1012,9 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
1012 } 1012 }
1013 1013
1014 /* Compute the size of the context. */ 1014 /* Compute the size of the context. */
1015 *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1; 1015 *scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
1016 *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1; 1016 *scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
1017 *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1; 1017 *scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
1018 *scontext_len += mls_compute_context_len(context); 1018 *scontext_len += mls_compute_context_len(context);
1019 1019
1020 if (!scontext) 1020 if (!scontext)
@@ -1030,12 +1030,12 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
1030 * Copy the user name, role name and type name into the context. 1030 * Copy the user name, role name and type name into the context.
1031 */ 1031 */
1032 sprintf(scontextp, "%s:%s:%s", 1032 sprintf(scontextp, "%s:%s:%s",
1033 policydb.p_user_val_to_name[context->user - 1], 1033 sym_name(&policydb, SYM_USERS, context->user - 1),
1034 policydb.p_role_val_to_name[context->role - 1], 1034 sym_name(&policydb, SYM_ROLES, context->role - 1),
1035 policydb.p_type_val_to_name[context->type - 1]); 1035 sym_name(&policydb, SYM_TYPES, context->type - 1));
1036 scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1036 scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +
1037 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + 1037 1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +
1038 1 + strlen(policydb.p_type_val_to_name[context->type - 1]); 1038 1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));
1039 1039
1040 mls_sid_to_context(context, &scontextp); 1040 mls_sid_to_context(context, &scontextp);
1041 1041
@@ -1333,7 +1333,7 @@ static int compute_sid_handle_invalid_context(
1333 " for scontext=%s" 1333 " for scontext=%s"
1334 " tcontext=%s" 1334 " tcontext=%s"
1335 " tclass=%s", 1335 " tclass=%s",
1336 n, s, t, policydb.p_class_val_to_name[tclass-1]); 1336 n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
1337out: 1337out:
1338 kfree(s); 1338 kfree(s);
1339 kfree(t); 1339 kfree(t);
@@ -1654,7 +1654,7 @@ static int convert_context(u32 key,
1654 /* Convert the user. */ 1654 /* Convert the user. */
1655 rc = -EINVAL; 1655 rc = -EINVAL;
1656 usrdatum = hashtab_search(args->newp->p_users.table, 1656 usrdatum = hashtab_search(args->newp->p_users.table,
1657 args->oldp->p_user_val_to_name[c->user - 1]); 1657 sym_name(args->oldp, SYM_USERS, c->user - 1));
1658 if (!usrdatum) 1658 if (!usrdatum)
1659 goto bad; 1659 goto bad;
1660 c->user = usrdatum->value; 1660 c->user = usrdatum->value;
@@ -1662,7 +1662,7 @@ static int convert_context(u32 key,
1662 /* Convert the role. */ 1662 /* Convert the role. */
1663 rc = -EINVAL; 1663 rc = -EINVAL;
1664 role = hashtab_search(args->newp->p_roles.table, 1664 role = hashtab_search(args->newp->p_roles.table,
1665 args->oldp->p_role_val_to_name[c->role - 1]); 1665 sym_name(args->oldp, SYM_ROLES, c->role - 1));
1666 if (!role) 1666 if (!role)
1667 goto bad; 1667 goto bad;
1668 c->role = role->value; 1668 c->role = role->value;
@@ -1670,7 +1670,7 @@ static int convert_context(u32 key,
1670 /* Convert the type. */ 1670 /* Convert the type. */
1671 rc = -EINVAL; 1671 rc = -EINVAL;
1672 typdatum = hashtab_search(args->newp->p_types.table, 1672 typdatum = hashtab_search(args->newp->p_types.table,
1673 args->oldp->p_type_val_to_name[c->type - 1]); 1673 sym_name(args->oldp, SYM_TYPES, c->type - 1));
1674 if (!typdatum) 1674 if (!typdatum)
1675 goto bad; 1675 goto bad;
1676 c->type = typdatum->value; 1676 c->type = typdatum->value;
@@ -2326,14 +2326,14 @@ int security_get_bools(int *len, char ***names, int **values)
2326 size_t name_len; 2326 size_t name_len;
2327 2327
2328 (*values)[i] = policydb.bool_val_to_struct[i]->state; 2328 (*values)[i] = policydb.bool_val_to_struct[i]->state;
2329 name_len = strlen(policydb.p_bool_val_to_name[i]) + 1; 2329 name_len = strlen(sym_name(&policydb, SYM_BOOLS, i)) + 1;
2330 2330
2331 rc = -ENOMEM; 2331 rc = -ENOMEM;
2332 (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC); 2332 (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
2333 if (!(*names)[i]) 2333 if (!(*names)[i])
2334 goto err; 2334 goto err;
2335 2335
2336 strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len); 2336 strncpy((*names)[i], sym_name(&policydb, SYM_BOOLS, i), name_len);
2337 (*names)[i][name_len - 1] = 0; 2337 (*names)[i][name_len - 1] = 0;
2338 } 2338 }
2339 rc = 0; 2339 rc = 0;
@@ -2368,7 +2368,7 @@ int security_set_bools(int len, int *values)
2368 audit_log(current->audit_context, GFP_ATOMIC, 2368 audit_log(current->audit_context, GFP_ATOMIC,
2369 AUDIT_MAC_CONFIG_CHANGE, 2369 AUDIT_MAC_CONFIG_CHANGE,
2370 "bool=%s val=%d old_val=%d auid=%u ses=%u", 2370 "bool=%s val=%d old_val=%d auid=%u ses=%u",
2371 policydb.p_bool_val_to_name[i], 2371 sym_name(&policydb, SYM_BOOLS, i),
2372 !!values[i], 2372 !!values[i],
2373 policydb.bool_val_to_struct[i]->state, 2373 policydb.bool_val_to_struct[i]->state,
2374 audit_get_loginuid(current), 2374 audit_get_loginuid(current),
@@ -3132,7 +3132,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
3132 goto out; 3132 goto out;
3133 3133
3134 rc = -ENOMEM; 3134 rc = -ENOMEM;
3135 secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], 3135 secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),
3136 GFP_ATOMIC); 3136 GFP_ATOMIC);
3137 if (secattr->domain == NULL) 3137 if (secattr->domain == NULL)
3138 goto out; 3138 goto out;