Make Smack operate on smack_known struct where it still used char*

Smack used to use a mix of smack_known struct and char* throughout its APIs and implementation. This patch unifies the behaviour and makes it store and operate exclusively on smack_known struct pointers when managing labels. Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com> Conflicts: security/smack/smack_access.c security/smack/smack_lsm.c
author: Lukasz Pawelczyk <l.pawelczyk@samsung.com> 2014-08-29 11:02:55 -0400
committer: Casey Schaufler <casey@schaufler-ca.com> 2014-08-29 13:10:55 -0400
commit: 21c7eae21a2100a89cfb8cebaf7b770271f32c6e (patch)
tree: 9747fd04fb0a18e98c31985c978ae559f7affc0b /security/smack/smackfs.c
parent: d01757904d9deb619e23c9450218829943a46822 (diff)
1 files changed, 33 insertions, 28 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 49a2248b525c..bce4e8f1b267 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -131,14 +131,17 @@ LIST_HEAD(smack_rule_list);
 struct smack_parsed_rule {
        struct smack_known      *smk_subject;
-        char                    *smk_object;
+        struct smack_known      *smk_object;
        int                     smk_access1;
        int                     smk_access2;
 };
 static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
-const char *smack_cipso_option = SMACK_CIPSO_OPTION;
+struct smack_known smack_cipso_option = {
+        .smk_known      = SMACK_CIPSO_OPTION,
+        .smk_secid      = 0,
+};
 /*
 * Values for parsing cipso rules
@@ -339,7 +342,7 @@ static int smk_fill_rule(const char *subject, const char *object,
                if (rule->smk_subject == NULL)
                        return -EINVAL;
-                rule->smk_object = smk_import(object, len);
+                rule->smk_object = smk_import_entry(object, len);
                if (rule->smk_object == NULL)
                        return -EINVAL;
        } else {
@@ -359,7 +362,7 @@ static int smk_fill_rule(const char *subject, const char *object,
                kfree(cp);
                if (skp == NULL)
                        return -ENOENT;
-                rule->smk_object = skp->smk_known;
+                rule->smk_object = skp;
        }
        rule->smk_access1 = smk_perm_from_str(access1);
@@ -598,13 +601,15 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
         * anything you read back.
         */
        if (strlen(srp->smk_subject->smk_known) >= max ||
-            strlen(srp->smk_object) >= max)
+            strlen(srp->smk_object->smk_known) >= max)
                return;
        if (srp->smk_access == 0)
                return;
-        seq_printf(s, "%s %s", srp->smk_subject->smk_known, srp->smk_object);
+        seq_printf(s, "%s %s",
+                   srp->smk_subject->smk_known,
+                   srp->smk_object->smk_known);
        seq_putc(s, ' ');
@@ -1073,7 +1078,7 @@ static int netlbladdr_seq_show(struct seq_file *s, void *v)
        for (maskn = 0; temp_mask; temp_mask <<= 1, maskn++);
        seq_printf(s, "%u.%u.%u.%u/%d %s\n",
-                hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label);
+                hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label->smk_known);
        return 0;
 }
@@ -1153,10 +1158,10 @@ static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
 static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
                                size_t count, loff_t *ppos)
 {
-        struct smk_netlbladdr *skp;
+        struct smk_netlbladdr *snp;
        struct sockaddr_in newname;
        char *smack;
-        char *sp;
+        struct smack_known *skp;
        char *data;
        char *host = (char *)&newname.sin_addr.s_addr;
        int rc;
@@ -1219,15 +1224,15 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
         * If smack begins with '-', it is an option, don't import it
         */
        if (smack[0] != '-') {
-                sp = smk_import(smack, 0);
+                skp = smk_import_entry(smack, 0);
-                if (sp == NULL) {
+                if (skp == NULL) {
                        rc = -EINVAL;
                        goto free_out;
                }
        } else {
                /* check known options */
-                if (strcmp(smack, smack_cipso_option) == 0)
+                if (strcmp(smack, smack_cipso_option.smk_known) == 0)
-                        sp = (char *)smack_cipso_option;
+                        skp = &smack_cipso_option;
                else {
                        rc = -EINVAL;
                        goto free_out;
@@ -1250,9 +1255,9 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
        nsa = newname.sin_addr.s_addr;
        /* try to find if the prefix is already in the list */
        found = 0;
-        list_for_each_entry_rcu(skp, &smk_netlbladdr_list, list) {
+        list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) {
-                if (skp->smk_host.sin_addr.s_addr == nsa &&
+                if (snp->smk_host.sin_addr.s_addr == nsa &&
-                    skp->smk_mask.s_addr == mask.s_addr) {
+                    snp->smk_mask.s_addr == mask.s_addr) {
                        found = 1;
                        break;
                }
@@ -1260,26 +1265,26 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
        smk_netlabel_audit_set(&audit_info);
        if (found == 0) {
-                skp = kzalloc(sizeof(*skp), GFP_KERNEL);
+                snp = kzalloc(sizeof(*snp), GFP_KERNEL);
-                if (skp == NULL)
+                if (snp == NULL)
                        rc = -ENOMEM;
                else {
                        rc = 0;
-                        skp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
+                        snp->smk_host.sin_addr.s_addr = newname.sin_addr.s_addr;
-                        skp->smk_mask.s_addr = mask.s_addr;
+                        snp->smk_mask.s_addr = mask.s_addr;
-                        skp->smk_label = sp;
+                        snp->smk_label = skp;
-                        smk_netlbladdr_insert(skp);
+                        smk_netlbladdr_insert(snp);
                }
        } else {
                /* we delete the unlabeled entry, only if the previous label
                 * wasn't the special CIPSO option */
-                if (skp->smk_label != smack_cipso_option)
+                if (snp->smk_label != &smack_cipso_option)
                        rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
-                                        &skp->smk_host.sin_addr, &skp->smk_mask,
+                                        &snp->smk_host.sin_addr, &snp->smk_mask,
                                        PF_INET, &audit_info);
                else
                        rc = 0;
-                skp->smk_label = sp;
+                snp->smk_label = skp;
        }
        /*
@@ -1287,10 +1292,10 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
         * this host so that incoming packets get labeled.
         * but only if we didn't get the special CIPSO option
         */
-        if (rc == 0 && sp != smack_cipso_option)
+        if (rc == 0 && skp != &smack_cipso_option)
                rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
-                        &skp->smk_host.sin_addr, &skp->smk_mask, PF_INET,
+                        &snp->smk_host.sin_addr, &snp->smk_mask, PF_INET,
-                        smack_to_secid(skp->smk_label), &audit_info);
+                        snp->smk_label->smk_secid, &audit_info);
        if (rc == 0)
                rc = count;
author	Lukasz Pawelczyk <l.pawelczyk@samsung.com>	2014-08-29 11:02:55 -0400
committer	Casey Schaufler <casey@schaufler-ca.com>	2014-08-29 13:10:55 -0400
commit	21c7eae21a2100a89cfb8cebaf7b770271f32c6e (patch)
tree	9747fd04fb0a18e98c31985c978ae559f7affc0b /security/smack/smackfs.c
parent	d01757904d9deb619e23c9450218829943a46822 (diff)