selinux: convert part of the sym_val_to_name array to use flex_array

The sym_val_to_name type array can be quite large as it grows linearly with the number of types. With known policies having over 5k types these allocations are growing large enough that they are likely to fail. Convert those to flex_array so no allocation is larger than PAGE_SIZE Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2010-11-29 15:47:09 -0500
committer: Eric Paris <eparis@redhat.com> 2010-11-30 17:28:58 -0500
commit: ac76c05becb6beedbb458d0827d3deaa6f479a72 (patch)
tree: 255276b52f7b031671ae5948b39d7c92e50ba420 /security/selinux/ss/services.c
parent: 23bdecb000c806cf4ec52764499a600f7200d7a9 (diff)
1 files changed, 19 insertions, 19 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index afcbc19817f7..a03cfaf0ee07 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -464,7 +464,7 @@ static void security_dump_masked_av(struct context *scontext,
        if (!permissions)
                return;
-        tclass_name = policydb.p_class_val_to_name[tclass - 1];
+        tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);
        tclass_dat = policydb.class_val_to_struct[tclass - 1];
        common_dat = tclass_dat->comdatum;
@@ -716,7 +716,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
        audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
                  "security_validate_transition:  denied for"
                  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
-                  o, n, t, policydb.p_class_val_to_name[tclass-1]);
+                  o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
 out:
        kfree(o);
        kfree(n);
@@ -1012,9 +1012,9 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
        }
        /* Compute the size of the context. */
-        *scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;
+        *scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
-        *scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;
+        *scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
-        *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
+        *scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
        *scontext_len += mls_compute_context_len(context);
        if (!scontext)
@@ -1030,12 +1030,12 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
         * Copy the user name, role name and type name into the context.
         */
        sprintf(scontextp, "%s:%s:%s",
-                policydb.p_user_val_to_name[context->user - 1],
+                sym_name(&policydb, SYM_USERS, context->user - 1),
-                policydb.p_role_val_to_name[context->role - 1],
+                sym_name(&policydb, SYM_ROLES, context->role - 1),
-                policydb.p_type_val_to_name[context->type - 1]);
+                sym_name(&policydb, SYM_TYPES, context->type - 1));
-        scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
+        scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +
-                     1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
+                     1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +
-                     1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
+                     1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));
        mls_sid_to_context(context, &scontextp);
@@ -1333,7 +1333,7 @@ static int compute_sid_handle_invalid_context(
                  " for scontext=%s"
                  " tcontext=%s"
                  " tclass=%s",
-                  n, s, t, policydb.p_class_val_to_name[tclass-1]);
+                  n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
 out:
        kfree(s);
        kfree(t);
@@ -1654,7 +1654,7 @@ static int convert_context(u32 key,
        /* Convert the user. */
        rc = -EINVAL;
        usrdatum = hashtab_search(args->newp->p_users.table,
-                                  args->oldp->p_user_val_to_name[c->user - 1]);
+                                  sym_name(args->oldp, SYM_USERS, c->user - 1));
        if (!usrdatum)
                goto bad;
        c->user = usrdatum->value;
@@ -1662,7 +1662,7 @@ static int convert_context(u32 key,
        /* Convert the role. */
        rc = -EINVAL;
        role = hashtab_search(args->newp->p_roles.table,
-                              args->oldp->p_role_val_to_name[c->role - 1]);
+                              sym_name(args->oldp, SYM_ROLES, c->role - 1));
        if (!role)
                goto bad;
        c->role = role->value;
@@ -1670,7 +1670,7 @@ static int convert_context(u32 key,
        /* Convert the type. */
        rc = -EINVAL;
        typdatum = hashtab_search(args->newp->p_types.table,
-                                  args->oldp->p_type_val_to_name[c->type - 1]);
+                                  sym_name(args->oldp, SYM_TYPES, c->type - 1));
        if (!typdatum)
                goto bad;
        c->type = typdatum->value;
@@ -2326,14 +2326,14 @@ int security_get_bools(int *len, char ***names, int **values)
                size_t name_len;
                (*values)[i] = policydb.bool_val_to_struct[i]->state;
-                name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
+                name_len = strlen(sym_name(&policydb, SYM_BOOLS, i)) + 1;
                rc = -ENOMEM;
                (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
                if (!(*names)[i])
                        goto err;
-                strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
+                strncpy((*names)[i], sym_name(&policydb, SYM_BOOLS, i), name_len);
                (*names)[i][name_len - 1] = 0;
        }
        rc = 0;
@@ -2368,7 +2368,7 @@ int security_set_bools(int len, int *values)
                        audit_log(current->audit_context, GFP_ATOMIC,
                                AUDIT_MAC_CONFIG_CHANGE,
                                "bool=%s val=%d old_val=%d auid=%u ses=%u",
-                                policydb.p_bool_val_to_name[i],
+                                sym_name(&policydb, SYM_BOOLS, i),
                                !!values[i],
                                policydb.bool_val_to_struct[i]->state,
                                audit_get_loginuid(current),
@@ -3132,7 +3132,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
                goto out;
        rc = -ENOMEM;
-        secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
+        secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),
                                  GFP_ATOMIC);
        if (secattr->domain == NULL)
                goto out;
author	Eric Paris <eparis@redhat.com>	2010-11-29 15:47:09 -0500
committer	Eric Paris <eparis@redhat.com>	2010-11-30 17:28:58 -0500
commit	ac76c05becb6beedbb458d0827d3deaa6f479a72 (patch)
tree	255276b52f7b031671ae5948b39d7c92e50ba420 /security/selinux/ss/services.c
parent	23bdecb000c806cf4ec52764499a600f7200d7a9 (diff)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index afcbc19817f7..a03cfaf0ee07 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -464,7 +464,7 @@ static void security_dump_masked_av(struct context *scontext,
464	if (!permissions)	464	if (!permissions)
465	return;	465	return;
466		466
467	tclass_name = policydb.p_class_val_to_name[tclass - 1];	467	tclass_name = sym_name(&policydb, SYM_CLASSES, tclass - 1);
468	tclass_dat = policydb.class_val_to_struct[tclass - 1];	468	tclass_dat = policydb.class_val_to_struct[tclass - 1];
469	common_dat = tclass_dat->comdatum;	469	common_dat = tclass_dat->comdatum;
470		470
@@ -716,7 +716,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
716	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,	716	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
717	"security_validate_transition: denied for"	717	"security_validate_transition: denied for"
718	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",	718	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
719	o, n, t, policydb.p_class_val_to_name[tclass-1]);	719	o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
720	out:	720	out:
721	kfree(o);	721	kfree(o);
722	kfree(n);	722	kfree(n);
@@ -1012,9 +1012,9 @@ static int context_struct_to_string(struct context context, char *scontext, u3
1012	}	1012	}
1013		1013
1014	/* Compute the size of the context. */	1014	/* Compute the size of the context. */
1015	*scontext_len += strlen(policydb.p_user_val_to_name[context->user - 1]) + 1;	1015	*scontext_len += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) + 1;
1016	*scontext_len += strlen(policydb.p_role_val_to_name[context->role - 1]) + 1;	1016	*scontext_len += strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) + 1;
1017	*scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;	1017	*scontext_len += strlen(sym_name(&policydb, SYM_TYPES, context->type - 1)) + 1;
1018	*scontext_len += mls_compute_context_len(context);	1018	*scontext_len += mls_compute_context_len(context);
1019		1019
1020	if (!scontext)	1020	if (!scontext)
@@ -1030,12 +1030,12 @@ static int context_struct_to_string(struct context context, char *scontext, u3
1030	* Copy the user name, role name and type name into the context.	1030	* Copy the user name, role name and type name into the context.
1031	*/	1031	*/
1032	sprintf(scontextp, "%s:%s:%s",	1032	sprintf(scontextp, "%s:%s:%s",
1033	policydb.p_user_val_to_name[context->user - 1],	1033	sym_name(&policydb, SYM_USERS, context->user - 1),
1034	policydb.p_role_val_to_name[context->role - 1],	1034	sym_name(&policydb, SYM_ROLES, context->role - 1),
1035	policydb.p_type_val_to_name[context->type - 1]);	1035	sym_name(&policydb, SYM_TYPES, context->type - 1));
1036	scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +	1036	scontextp += strlen(sym_name(&policydb, SYM_USERS, context->user - 1)) +
1037	1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +	1037	1 + strlen(sym_name(&policydb, SYM_ROLES, context->role - 1)) +
1038	1 + strlen(policydb.p_type_val_to_name[context->type - 1]);	1038	1 + strlen(sym_name(&policydb, SYM_TYPES, context->type - 1));
1039		1039
1040	mls_sid_to_context(context, &scontextp);	1040	mls_sid_to_context(context, &scontextp);
1041		1041
@@ -1333,7 +1333,7 @@ static int compute_sid_handle_invalid_context(
1333	" for scontext=%s"	1333	" for scontext=%s"
1334	" tcontext=%s"	1334	" tcontext=%s"
1335	" tclass=%s",	1335	" tclass=%s",
1336	n, s, t, policydb.p_class_val_to_name[tclass-1]);	1336	n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
1337	out:	1337	out:
1338	kfree(s);	1338	kfree(s);
1339	kfree(t);	1339	kfree(t);
@@ -1654,7 +1654,7 @@ static int convert_context(u32 key,
1654	/* Convert the user. */	1654	/* Convert the user. */
1655	rc = -EINVAL;	1655	rc = -EINVAL;
1656	usrdatum = hashtab_search(args->newp->p_users.table,	1656	usrdatum = hashtab_search(args->newp->p_users.table,
1657	args->oldp->p_user_val_to_name[c->user - 1]);	1657	sym_name(args->oldp, SYM_USERS, c->user - 1));
1658	if (!usrdatum)	1658	if (!usrdatum)
1659	goto bad;	1659	goto bad;
1660	c->user = usrdatum->value;	1660	c->user = usrdatum->value;
@@ -1662,7 +1662,7 @@ static int convert_context(u32 key,
1662	/* Convert the role. */	1662	/* Convert the role. */
1663	rc = -EINVAL;	1663	rc = -EINVAL;
1664	role = hashtab_search(args->newp->p_roles.table,	1664	role = hashtab_search(args->newp->p_roles.table,
1665	args->oldp->p_role_val_to_name[c->role - 1]);	1665	sym_name(args->oldp, SYM_ROLES, c->role - 1));
1666	if (!role)	1666	if (!role)
1667	goto bad;	1667	goto bad;
1668	c->role = role->value;	1668	c->role = role->value;
@@ -1670,7 +1670,7 @@ static int convert_context(u32 key,
1670	/* Convert the type. */	1670	/* Convert the type. */
1671	rc = -EINVAL;	1671	rc = -EINVAL;
1672	typdatum = hashtab_search(args->newp->p_types.table,	1672	typdatum = hashtab_search(args->newp->p_types.table,
1673	args->oldp->p_type_val_to_name[c->type - 1]);	1673	sym_name(args->oldp, SYM_TYPES, c->type - 1));
1674	if (!typdatum)	1674	if (!typdatum)
1675	goto bad;	1675	goto bad;
1676	c->type = typdatum->value;	1676	c->type = typdatum->value;
@@ -2326,14 +2326,14 @@ int security_get_bools(int len, char names, int values)
2326	size_t name_len;	2326	size_t name_len;
2327		2327
2328	(*values)[i] = policydb.bool_val_to_struct[i]->state;	2328	(*values)[i] = policydb.bool_val_to_struct[i]->state;
2329	name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;	2329	name_len = strlen(sym_name(&policydb, SYM_BOOLS, i)) + 1;
2330		2330
2331	rc = -ENOMEM;	2331	rc = -ENOMEM;
2332	(names)[i] = kmalloc(sizeof(char) name_len, GFP_ATOMIC);	2332	(names)[i] = kmalloc(sizeof(char) name_len, GFP_ATOMIC);
2333	if (!(*names)[i])	2333	if (!(*names)[i])
2334	goto err;	2334	goto err;
2335		2335
2336	strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);	2336	strncpy((*names)[i], sym_name(&policydb, SYM_BOOLS, i), name_len);
2337	(*names)[i][name_len - 1] = 0;	2337	(*names)[i][name_len - 1] = 0;
2338	}	2338	}
2339	rc = 0;	2339	rc = 0;
@@ -2368,7 +2368,7 @@ int security_set_bools(int len, int *values)
2368	audit_log(current->audit_context, GFP_ATOMIC,	2368	audit_log(current->audit_context, GFP_ATOMIC,
2369	AUDIT_MAC_CONFIG_CHANGE,	2369	AUDIT_MAC_CONFIG_CHANGE,
2370	"bool=%s val=%d old_val=%d auid=%u ses=%u",	2370	"bool=%s val=%d old_val=%d auid=%u ses=%u",
2371	policydb.p_bool_val_to_name[i],	2371	sym_name(&policydb, SYM_BOOLS, i),
2372	!!values[i],	2372	!!values[i],
2373	policydb.bool_val_to_struct[i]->state,	2373	policydb.bool_val_to_struct[i]->state,
2374	audit_get_loginuid(current),	2374	audit_get_loginuid(current),
@@ -3132,7 +3132,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
3132	goto out;	3132	goto out;
3133		3133
3134	rc = -ENOMEM;	3134	rc = -ENOMEM;
3135	secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],	3135	secattr->domain = kstrdup(sym_name(&policydb, SYM_TYPES, ctx->type - 1),
3136	GFP_ATOMIC);	3136	GFP_ATOMIC);
3137	if (secattr->domain == NULL)	3137	if (secattr->domain == NULL)
3138	goto out;	3138	goto out;