aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-10-13 16:24:48 -0400
committerJames Morris <jmorris@namei.org>2010-10-20 19:12:50 -0400
commitd5630b9d276bd389299ffea620b7c340ab19bcf5 (patch)
tree4e97cadf12518fb107f9e7140fa94343bd6643f5 /security
parent2606fd1fa5710205b23ee859563502aa18362447 (diff)
security: secid_to_secctx returns len when data is NULL
With the (long ago) interface change to have the secid_to_secctx functions do the string allocation instead of having the caller do the allocation we lost the ability to query the security server for the length of the upcoming string. The SECMARK code would like to allocate a netlink skb with enough length to hold the string but it is just too unclean to do the string allocation twice or to do the allocation the first time and hold onto the string and slen. This patch adds the ability to call security_secid_to_secctx() with a NULL data pointer and it will just set the slen pointer. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c11
-rw-r--r--security/smack/smack_lsm.c3
2 files changed, 11 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 494ff527c174..60964d79e5eb 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -991,7 +991,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
991{ 991{
992 char *scontextp; 992 char *scontextp;
993 993
994 *scontext = NULL; 994 if (scontext)
995 *scontext = NULL;
995 *scontext_len = 0; 996 *scontext_len = 0;
996 997
997 if (context->len) { 998 if (context->len) {
@@ -1008,6 +1009,9 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
1008 *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1; 1009 *scontext_len += strlen(policydb.p_type_val_to_name[context->type - 1]) + 1;
1009 *scontext_len += mls_compute_context_len(context); 1010 *scontext_len += mls_compute_context_len(context);
1010 1011
1012 if (!scontext)
1013 return 0;
1014
1011 /* Allocate space for the context; caller must free this space. */ 1015 /* Allocate space for the context; caller must free this space. */
1012 scontextp = kmalloc(*scontext_len, GFP_ATOMIC); 1016 scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
1013 if (!scontextp) 1017 if (!scontextp)
@@ -1047,7 +1051,8 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
1047 struct context *context; 1051 struct context *context;
1048 int rc = 0; 1052 int rc = 0;
1049 1053
1050 *scontext = NULL; 1054 if (scontext)
1055 *scontext = NULL;
1051 *scontext_len = 0; 1056 *scontext_len = 0;
1052 1057
1053 if (!ss_initialized) { 1058 if (!ss_initialized) {
@@ -1055,6 +1060,8 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
1055 char *scontextp; 1060 char *scontextp;
1056 1061
1057 *scontext_len = strlen(initial_sid_to_string[sid]) + 1; 1062 *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
1063 if (!scontext)
1064 goto out;
1058 scontextp = kmalloc(*scontext_len, GFP_ATOMIC); 1065 scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
1059 if (!scontextp) { 1066 if (!scontextp) {
1060 rc = -ENOMEM; 1067 rc = -ENOMEM;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 174aec44bfac..bc39f4067af6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3004,7 +3004,8 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3004{ 3004{
3005 char *sp = smack_from_secid(secid); 3005 char *sp = smack_from_secid(secid);
3006 3006
3007 *secdata = sp; 3007 if (secdata)
3008 *secdata = sp;
3008 *seclen = strlen(sp); 3009 *seclen = strlen(sp);
3009 return 0; 3010 return 0;
3010} 3011}