diff options
| -rw-r--r-- | security/smack/smack.h | 5 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 29 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 12 |
3 files changed, 37 insertions, 9 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 339614c76e63..e80597a3048a 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -53,6 +53,7 @@ | |||
| 53 | */ | 53 | */ |
| 54 | struct smack_known { | 54 | struct smack_known { |
| 55 | struct list_head list; | 55 | struct list_head list; |
| 56 | struct hlist_node smk_hashed; | ||
| 56 | char *smk_known; | 57 | char *smk_known; |
| 57 | u32 smk_secid; | 58 | u32 smk_secid; |
| 58 | struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */ | 59 | struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */ |
| @@ -222,6 +223,7 @@ char *smk_parse_smack(const char *string, int len); | |||
| 222 | int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); | 223 | int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); |
| 223 | char *smk_import(const char *, int); | 224 | char *smk_import(const char *, int); |
| 224 | struct smack_known *smk_import_entry(const char *, int); | 225 | struct smack_known *smk_import_entry(const char *, int); |
| 226 | void smk_insert_entry(struct smack_known *skp); | ||
| 225 | struct smack_known *smk_find_entry(const char *); | 227 | struct smack_known *smk_find_entry(const char *); |
| 226 | u32 smack_to_secid(const char *); | 228 | u32 smack_to_secid(const char *); |
| 227 | 229 | ||
| @@ -247,6 +249,9 @@ extern struct list_head smk_netlbladdr_list; | |||
| 247 | 249 | ||
| 248 | extern struct security_operations smack_ops; | 250 | extern struct security_operations smack_ops; |
| 249 | 251 | ||
| 252 | #define SMACK_HASH_SLOTS 16 | ||
| 253 | extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; | ||
| 254 | |||
| 250 | /* | 255 | /* |
| 251 | * Is the directory transmuting? | 256 | * Is the directory transmuting? |
| 252 | */ | 257 | */ |
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 6a0377f38620..b3b59b1e93d6 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -325,6 +325,25 @@ void smack_log(char *subject_label, char *object_label, int request, | |||
| 325 | 325 | ||
| 326 | DEFINE_MUTEX(smack_known_lock); | 326 | DEFINE_MUTEX(smack_known_lock); |
| 327 | 327 | ||
| 328 | struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; | ||
| 329 | |||
| 330 | /** | ||
| 331 | * smk_insert_entry - insert a smack label into a hash map, | ||
| 332 | * | ||
| 333 | * this function must be called under smack_known_lock | ||
| 334 | */ | ||
| 335 | void smk_insert_entry(struct smack_known *skp) | ||
| 336 | { | ||
| 337 | unsigned int hash; | ||
| 338 | struct hlist_head *head; | ||
| 339 | |||
| 340 | hash = full_name_hash(skp->smk_known, strlen(skp->smk_known)); | ||
| 341 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; | ||
| 342 | |||
| 343 | hlist_add_head_rcu(&skp->smk_hashed, head); | ||
| 344 | list_add_rcu(&skp->list, &smack_known_list); | ||
| 345 | } | ||
| 346 | |||
| 328 | /** | 347 | /** |
| 329 | * smk_find_entry - find a label on the list, return the list entry | 348 | * smk_find_entry - find a label on the list, return the list entry |
| 330 | * @string: a text string that might be a Smack label | 349 | * @string: a text string that might be a Smack label |
| @@ -334,12 +353,16 @@ DEFINE_MUTEX(smack_known_lock); | |||
| 334 | */ | 353 | */ |
| 335 | struct smack_known *smk_find_entry(const char *string) | 354 | struct smack_known *smk_find_entry(const char *string) |
| 336 | { | 355 | { |
| 356 | unsigned int hash; | ||
| 357 | struct hlist_head *head; | ||
| 337 | struct smack_known *skp; | 358 | struct smack_known *skp; |
| 338 | 359 | ||
| 339 | list_for_each_entry_rcu(skp, &smack_known_list, list) { | 360 | hash = full_name_hash(string, strlen(string)); |
| 361 | head = &smack_known_hash[hash & (SMACK_HASH_SLOTS - 1)]; | ||
| 362 | |||
| 363 | hlist_for_each_entry_rcu(skp, head, smk_hashed) | ||
| 340 | if (strcmp(skp->smk_known, string) == 0) | 364 | if (strcmp(skp->smk_known, string) == 0) |
| 341 | return skp; | 365 | return skp; |
| 342 | } | ||
| 343 | 366 | ||
| 344 | return NULL; | 367 | return NULL; |
| 345 | } | 368 | } |
| @@ -475,7 +498,7 @@ struct smack_known *smk_import_entry(const char *string, int len) | |||
| 475 | * Make sure that the entry is actually | 498 | * Make sure that the entry is actually |
| 476 | * filled before putting it on the list. | 499 | * filled before putting it on the list. |
| 477 | */ | 500 | */ |
| 478 | list_add_rcu(&skp->list, &smack_known_list); | 501 | smk_insert_entry(skp); |
| 479 | goto unlockout; | 502 | goto unlockout; |
| 480 | } | 503 | } |
| 481 | /* | 504 | /* |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f7682a387b7..ce000a81caf7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -3879,12 +3879,12 @@ static __init void init_smack_known_list(void) | |||
| 3879 | /* | 3879 | /* |
| 3880 | * Create the known labels list | 3880 | * Create the known labels list |
| 3881 | */ | 3881 | */ |
| 3882 | list_add(&smack_known_huh.list, &smack_known_list); | 3882 | smk_insert_entry(&smack_known_huh); |
| 3883 | list_add(&smack_known_hat.list, &smack_known_list); | 3883 | smk_insert_entry(&smack_known_hat); |
| 3884 | list_add(&smack_known_star.list, &smack_known_list); | 3884 | smk_insert_entry(&smack_known_star); |
| 3885 | list_add(&smack_known_floor.list, &smack_known_list); | 3885 | smk_insert_entry(&smack_known_floor); |
| 3886 | list_add(&smack_known_invalid.list, &smack_known_list); | 3886 | smk_insert_entry(&smack_known_invalid); |
| 3887 | list_add(&smack_known_web.list, &smack_known_list); | 3887 | smk_insert_entry(&smack_known_web); |
| 3888 | } | 3888 | } |
| 3889 | 3889 | ||
| 3890 | /** | 3890 | /** |