diff options
-rw-r--r-- | security/selinux/ss/policydb.c | 131 |
1 files changed, 63 insertions, 68 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 891c2d07e8b6..84f8cc73c7db 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -11,7 +11,7 @@ | |||
11 | * | 11 | * |
12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | 12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
13 | * | 13 | * |
14 | * Added conditional policy language extensions | 14 | * Added conditional policy language extensions |
15 | * | 15 | * |
16 | * Updated: Hewlett-Packard <paul.moore@hp.com> | 16 | * Updated: Hewlett-Packard <paul.moore@hp.com> |
17 | * | 17 | * |
@@ -21,7 +21,7 @@ | |||
21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | 22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
23 | * This program is free software; you can redistribute it and/or modify | 23 | * This program is free software; you can redistribute it and/or modify |
24 | * it under the terms of the GNU General Public License as published by | 24 | * it under the terms of the GNU General Public License as published by |
25 | * the Free Software Foundation, version 2. | 25 | * the Free Software Foundation, version 2. |
26 | */ | 26 | */ |
27 | 27 | ||
@@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = { | |||
51 | }; | 51 | }; |
52 | #endif | 52 | #endif |
53 | 53 | ||
54 | int selinux_mls_enabled = 0; | 54 | int selinux_mls_enabled; |
55 | 55 | ||
56 | static unsigned int symtab_sizes[SYM_NUM] = { | 56 | static unsigned int symtab_sizes[SYM_NUM] = { |
57 | 2, | 57 | 2, |
@@ -73,39 +73,39 @@ struct policydb_compat_info { | |||
73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ | 73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ |
74 | static struct policydb_compat_info policydb_compat[] = { | 74 | static struct policydb_compat_info policydb_compat[] = { |
75 | { | 75 | { |
76 | .version = POLICYDB_VERSION_BASE, | 76 | .version = POLICYDB_VERSION_BASE, |
77 | .sym_num = SYM_NUM - 3, | 77 | .sym_num = SYM_NUM - 3, |
78 | .ocon_num = OCON_NUM - 1, | 78 | .ocon_num = OCON_NUM - 1, |
79 | }, | 79 | }, |
80 | { | 80 | { |
81 | .version = POLICYDB_VERSION_BOOL, | 81 | .version = POLICYDB_VERSION_BOOL, |
82 | .sym_num = SYM_NUM - 2, | 82 | .sym_num = SYM_NUM - 2, |
83 | .ocon_num = OCON_NUM - 1, | 83 | .ocon_num = OCON_NUM - 1, |
84 | }, | 84 | }, |
85 | { | 85 | { |
86 | .version = POLICYDB_VERSION_IPV6, | 86 | .version = POLICYDB_VERSION_IPV6, |
87 | .sym_num = SYM_NUM - 2, | 87 | .sym_num = SYM_NUM - 2, |
88 | .ocon_num = OCON_NUM, | 88 | .ocon_num = OCON_NUM, |
89 | }, | 89 | }, |
90 | { | 90 | { |
91 | .version = POLICYDB_VERSION_NLCLASS, | 91 | .version = POLICYDB_VERSION_NLCLASS, |
92 | .sym_num = SYM_NUM - 2, | 92 | .sym_num = SYM_NUM - 2, |
93 | .ocon_num = OCON_NUM, | 93 | .ocon_num = OCON_NUM, |
94 | }, | 94 | }, |
95 | { | 95 | { |
96 | .version = POLICYDB_VERSION_MLS, | 96 | .version = POLICYDB_VERSION_MLS, |
97 | .sym_num = SYM_NUM, | 97 | .sym_num = SYM_NUM, |
98 | .ocon_num = OCON_NUM, | 98 | .ocon_num = OCON_NUM, |
99 | }, | 99 | }, |
100 | { | 100 | { |
101 | .version = POLICYDB_VERSION_AVTAB, | 101 | .version = POLICYDB_VERSION_AVTAB, |
102 | .sym_num = SYM_NUM, | 102 | .sym_num = SYM_NUM, |
103 | .ocon_num = OCON_NUM, | 103 | .ocon_num = OCON_NUM, |
104 | }, | 104 | }, |
105 | { | 105 | { |
106 | .version = POLICYDB_VERSION_RANGETRANS, | 106 | .version = POLICYDB_VERSION_RANGETRANS, |
107 | .sym_num = SYM_NUM, | 107 | .sym_num = SYM_NUM, |
108 | .ocon_num = OCON_NUM, | 108 | .ocon_num = OCON_NUM, |
109 | }, | 109 | }, |
110 | { | 110 | { |
111 | .version = POLICYDB_VERSION_POLCAP, | 111 | .version = POLICYDB_VERSION_POLCAP, |
@@ -152,7 +152,7 @@ static int roles_init(struct policydb *p) | |||
152 | rc = -EINVAL; | 152 | rc = -EINVAL; |
153 | goto out_free_role; | 153 | goto out_free_role; |
154 | } | 154 | } |
155 | key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); | 155 | key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); |
156 | if (!key) { | 156 | if (!key) { |
157 | rc = -ENOMEM; | 157 | rc = -ENOMEM; |
158 | goto out_free_role; | 158 | goto out_free_role; |
@@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p) | |||
424 | 424 | ||
425 | p->role_val_to_struct = | 425 | p->role_val_to_struct = |
426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), | 426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), |
427 | GFP_KERNEL); | 427 | GFP_KERNEL); |
428 | if (!p->role_val_to_struct) { | 428 | if (!p->role_val_to_struct) { |
429 | rc = -ENOMEM; | 429 | rc = -ENOMEM; |
430 | goto out; | 430 | goto out; |
@@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p) | |||
432 | 432 | ||
433 | p->user_val_to_struct = | 433 | p->user_val_to_struct = |
434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), | 434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), |
435 | GFP_KERNEL); | 435 | GFP_KERNEL); |
436 | if (!p->user_val_to_struct) { | 436 | if (!p->user_val_to_struct) { |
437 | rc = -ENOMEM; | 437 | rc = -ENOMEM; |
438 | goto out; | 438 | goto out; |
@@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p) | |||
634 | while (c) { | 634 | while (c) { |
635 | ctmp = c; | 635 | ctmp = c; |
636 | c = c->next; | 636 | c = c->next; |
637 | ocontext_destroy(ctmp,i); | 637 | ocontext_destroy(ctmp, i); |
638 | } | 638 | } |
639 | p->ocontexts[i] = NULL; | 639 | p->ocontexts[i] = NULL; |
640 | } | 640 | } |
@@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p) | |||
647 | while (c) { | 647 | while (c) { |
648 | ctmp = c; | 648 | ctmp = c; |
649 | c = c->next; | 649 | c = c->next; |
650 | ocontext_destroy(ctmp,OCON_FSUSE); | 650 | ocontext_destroy(ctmp, OCON_FSUSE); |
651 | } | 651 | } |
652 | gtmp = g; | 652 | gtmp = g; |
653 | g = g->next; | 653 | g = g->next; |
@@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p) | |||
664 | } | 664 | } |
665 | kfree(ltr); | 665 | kfree(ltr); |
666 | 666 | ||
667 | for (ra = p->role_allow; ra; ra = ra -> next) { | 667 | for (ra = p->role_allow; ra; ra = ra->next) { |
668 | cond_resched(); | 668 | cond_resched(); |
669 | kfree(lra); | 669 | kfree(lra); |
670 | lra = ra; | 670 | lra = ra; |
671 | } | 671 | } |
672 | kfree(lra); | 672 | kfree(lra); |
673 | 673 | ||
674 | for (rt = p->range_tr; rt; rt = rt -> next) { | 674 | for (rt = p->range_tr; rt; rt = rt->next) { |
675 | cond_resched(); | 675 | cond_resched(); |
676 | if (lrt) { | 676 | if (lrt) { |
677 | ebitmap_destroy(&lrt->target_range.level[0].cat); | 677 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
@@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
924 | len = le32_to_cpu(buf[0]); | 924 | len = le32_to_cpu(buf[0]); |
925 | perdatum->value = le32_to_cpu(buf[1]); | 925 | perdatum->value = le32_to_cpu(buf[1]); |
926 | 926 | ||
927 | key = kmalloc(len + 1,GFP_KERNEL); | 927 | key = kmalloc(len + 1, GFP_KERNEL); |
928 | if (!key) { | 928 | if (!key) { |
929 | rc = -ENOMEM; | 929 | rc = -ENOMEM; |
930 | goto bad; | 930 | goto bad; |
@@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); | 971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); |
972 | nel = le32_to_cpu(buf[3]); | 972 | nel = le32_to_cpu(buf[3]); |
973 | 973 | ||
974 | key = kmalloc(len + 1,GFP_KERNEL); | 974 | key = kmalloc(len + 1, GFP_KERNEL); |
975 | if (!key) { | 975 | if (!key) { |
976 | rc = -ENOMEM; | 976 | rc = -ENOMEM; |
977 | goto bad; | 977 | goto bad; |
@@ -998,7 +998,7 @@ bad: | |||
998 | } | 998 | } |
999 | 999 | ||
1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, | 1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, |
1001 | int allowxtarget, void *fp) | 1001 | int allowxtarget, void *fp) |
1002 | { | 1002 | { |
1003 | struct constraint_node *c, *lc; | 1003 | struct constraint_node *c, *lc; |
1004 | struct constraint_expr *e, *le; | 1004 | struct constraint_expr *e, *le; |
@@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
1012 | if (!c) | 1012 | if (!c) |
1013 | return -ENOMEM; | 1013 | return -ENOMEM; |
1014 | 1014 | ||
1015 | if (lc) { | 1015 | if (lc) |
1016 | lc->next = c; | 1016 | lc->next = c; |
1017 | } else { | 1017 | else |
1018 | *nodep = c; | 1018 | *nodep = c; |
1019 | } | ||
1020 | 1019 | ||
1021 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | 1020 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); |
1022 | if (rc < 0) | 1021 | if (rc < 0) |
@@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
1030 | if (!e) | 1029 | if (!e) |
1031 | return -ENOMEM; | 1030 | return -ENOMEM; |
1032 | 1031 | ||
1033 | if (le) { | 1032 | if (le) |
1034 | le->next = e; | 1033 | le->next = e; |
1035 | } else { | 1034 | else |
1036 | c->expr = e; | 1035 | c->expr = e; |
1037 | } | ||
1038 | 1036 | ||
1039 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); | 1037 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); |
1040 | if (rc < 0) | 1038 | if (rc < 0) |
@@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1111 | 1109 | ||
1112 | ncons = le32_to_cpu(buf[5]); | 1110 | ncons = le32_to_cpu(buf[5]); |
1113 | 1111 | ||
1114 | key = kmalloc(len + 1,GFP_KERNEL); | 1112 | key = kmalloc(len + 1, GFP_KERNEL); |
1115 | if (!key) { | 1113 | if (!key) { |
1116 | rc = -ENOMEM; | 1114 | rc = -ENOMEM; |
1117 | goto bad; | 1115 | goto bad; |
@@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1122 | key[len] = 0; | 1120 | key[len] = 0; |
1123 | 1121 | ||
1124 | if (len2) { | 1122 | if (len2) { |
1125 | cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); | 1123 | cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); |
1126 | if (!cladatum->comkey) { | 1124 | if (!cladatum->comkey) { |
1127 | rc = -ENOMEM; | 1125 | rc = -ENOMEM; |
1128 | goto bad; | 1126 | goto bad; |
@@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1195 | len = le32_to_cpu(buf[0]); | 1193 | len = le32_to_cpu(buf[0]); |
1196 | role->value = le32_to_cpu(buf[1]); | 1194 | role->value = le32_to_cpu(buf[1]); |
1197 | 1195 | ||
1198 | key = kmalloc(len + 1,GFP_KERNEL); | 1196 | key = kmalloc(len + 1, GFP_KERNEL); |
1199 | if (!key) { | 1197 | if (!key) { |
1200 | rc = -ENOMEM; | 1198 | rc = -ENOMEM; |
1201 | goto bad; | 1199 | goto bad; |
@@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1242 | __le32 buf[3]; | 1240 | __le32 buf[3]; |
1243 | u32 len; | 1241 | u32 len; |
1244 | 1242 | ||
1245 | typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); | 1243 | typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); |
1246 | if (!typdatum) { | 1244 | if (!typdatum) { |
1247 | rc = -ENOMEM; | 1245 | rc = -ENOMEM; |
1248 | return rc; | 1246 | return rc; |
@@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1256 | typdatum->value = le32_to_cpu(buf[1]); | 1254 | typdatum->value = le32_to_cpu(buf[1]); |
1257 | typdatum->primary = le32_to_cpu(buf[2]); | 1255 | typdatum->primary = le32_to_cpu(buf[2]); |
1258 | 1256 | ||
1259 | key = kmalloc(len + 1,GFP_KERNEL); | 1257 | key = kmalloc(len + 1, GFP_KERNEL); |
1260 | if (!key) { | 1258 | if (!key) { |
1261 | rc = -ENOMEM; | 1259 | rc = -ENOMEM; |
1262 | goto bad; | 1260 | goto bad; |
@@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1328 | len = le32_to_cpu(buf[0]); | 1326 | len = le32_to_cpu(buf[0]); |
1329 | usrdatum->value = le32_to_cpu(buf[1]); | 1327 | usrdatum->value = le32_to_cpu(buf[1]); |
1330 | 1328 | ||
1331 | key = kmalloc(len + 1,GFP_KERNEL); | 1329 | key = kmalloc(len + 1, GFP_KERNEL); |
1332 | if (!key) { | 1330 | if (!key) { |
1333 | rc = -ENOMEM; | 1331 | rc = -ENOMEM; |
1334 | goto bad; | 1332 | goto bad; |
@@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1382 | len = le32_to_cpu(buf[0]); | 1380 | len = le32_to_cpu(buf[0]); |
1383 | levdatum->isalias = le32_to_cpu(buf[1]); | 1381 | levdatum->isalias = le32_to_cpu(buf[1]); |
1384 | 1382 | ||
1385 | key = kmalloc(len + 1,GFP_ATOMIC); | 1383 | key = kmalloc(len + 1, GFP_ATOMIC); |
1386 | if (!key) { | 1384 | if (!key) { |
1387 | rc = -ENOMEM; | 1385 | rc = -ENOMEM; |
1388 | goto bad; | 1386 | goto bad; |
@@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1434 | catdatum->value = le32_to_cpu(buf[1]); | 1432 | catdatum->value = le32_to_cpu(buf[1]); |
1435 | catdatum->isalias = le32_to_cpu(buf[2]); | 1433 | catdatum->isalias = le32_to_cpu(buf[2]); |
1436 | 1434 | ||
1437 | key = kmalloc(len + 1,GFP_ATOMIC); | 1435 | key = kmalloc(len + 1, GFP_ATOMIC); |
1438 | if (!key) { | 1436 | if (!key) { |
1439 | rc = -ENOMEM; | 1437 | rc = -ENOMEM; |
1440 | goto bad; | 1438 | goto bad; |
@@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1493 | goto out; | 1491 | goto out; |
1494 | 1492 | ||
1495 | /* Read the magic number and string length. */ | 1493 | /* Read the magic number and string length. */ |
1496 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1494 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
1497 | if (rc < 0) | 1495 | if (rc < 0) |
1498 | goto bad; | 1496 | goto bad; |
1499 | 1497 | ||
@@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1511 | len, strlen(POLICYDB_STRING)); | 1509 | len, strlen(POLICYDB_STRING)); |
1512 | goto bad; | 1510 | goto bad; |
1513 | } | 1511 | } |
1514 | policydb_str = kmalloc(len + 1,GFP_KERNEL); | 1512 | policydb_str = kmalloc(len + 1, GFP_KERNEL); |
1515 | if (!policydb_str) { | 1513 | if (!policydb_str) { |
1516 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " | 1514 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " |
1517 | "string of length %d\n", len); | 1515 | "string of length %d\n", len); |
@@ -1544,9 +1542,9 @@ int policydb_read(struct policydb *p, void *fp) | |||
1544 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1542 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1545 | p->policyvers > POLICYDB_VERSION_MAX) { | 1543 | p->policyvers > POLICYDB_VERSION_MAX) { |
1546 | printk(KERN_ERR "SELinux: policydb version %d does not match " | 1544 | printk(KERN_ERR "SELinux: policydb version %d does not match " |
1547 | "my version range %d-%d\n", | 1545 | "my version range %d-%d\n", |
1548 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1546 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1549 | goto bad; | 1547 | goto bad; |
1550 | } | 1548 | } |
1551 | 1549 | ||
1552 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { | 1550 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
@@ -1634,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1634 | rc = -ENOMEM; | 1632 | rc = -ENOMEM; |
1635 | goto bad; | 1633 | goto bad; |
1636 | } | 1634 | } |
1637 | if (ltr) { | 1635 | if (ltr) |
1638 | ltr->next = tr; | 1636 | ltr->next = tr; |
1639 | } else { | 1637 | else |
1640 | p->role_tr = tr; | 1638 | p->role_tr = tr; |
1641 | } | ||
1642 | rc = next_entry(buf, fp, sizeof(u32)*3); | 1639 | rc = next_entry(buf, fp, sizeof(u32)*3); |
1643 | if (rc < 0) | 1640 | if (rc < 0) |
1644 | goto bad; | 1641 | goto bad; |
@@ -1665,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1665 | rc = -ENOMEM; | 1662 | rc = -ENOMEM; |
1666 | goto bad; | 1663 | goto bad; |
1667 | } | 1664 | } |
1668 | if (lra) { | 1665 | if (lra) |
1669 | lra->next = ra; | 1666 | lra->next = ra; |
1670 | } else { | 1667 | else |
1671 | p->role_allow = ra; | 1668 | p->role_allow = ra; |
1672 | } | ||
1673 | rc = next_entry(buf, fp, sizeof(u32)*2); | 1669 | rc = next_entry(buf, fp, sizeof(u32)*2); |
1674 | if (rc < 0) | 1670 | if (rc < 0) |
1675 | goto bad; | 1671 | goto bad; |
@@ -1703,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1703 | rc = -ENOMEM; | 1699 | rc = -ENOMEM; |
1704 | goto bad; | 1700 | goto bad; |
1705 | } | 1701 | } |
1706 | if (l) { | 1702 | if (l) |
1707 | l->next = c; | 1703 | l->next = c; |
1708 | } else { | 1704 | else |
1709 | p->ocontexts[i] = c; | 1705 | p->ocontexts[i] = c; |
1710 | } | ||
1711 | l = c; | 1706 | l = c; |
1712 | rc = -EINVAL; | 1707 | rc = -EINVAL; |
1713 | switch (i) { | 1708 | switch (i) { |
@@ -1726,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1726 | if (rc < 0) | 1721 | if (rc < 0) |
1727 | goto bad; | 1722 | goto bad; |
1728 | len = le32_to_cpu(buf[0]); | 1723 | len = le32_to_cpu(buf[0]); |
1729 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1724 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
1730 | if (!c->u.name) { | 1725 | if (!c->u.name) { |
1731 | rc = -ENOMEM; | 1726 | rc = -ENOMEM; |
1732 | goto bad; | 1727 | goto bad; |
@@ -1754,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1754 | goto bad; | 1749 | goto bad; |
1755 | break; | 1750 | break; |
1756 | case OCON_NODE: | 1751 | case OCON_NODE: |
1757 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1752 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
1758 | if (rc < 0) | 1753 | if (rc < 0) |
1759 | goto bad; | 1754 | goto bad; |
1760 | c->u.node.addr = le32_to_cpu(buf[0]); | 1755 | c->u.node.addr = le32_to_cpu(buf[0]); |
@@ -1771,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1771 | if (c->v.behavior > SECURITY_FS_USE_NONE) | 1766 | if (c->v.behavior > SECURITY_FS_USE_NONE) |
1772 | goto bad; | 1767 | goto bad; |
1773 | len = le32_to_cpu(buf[1]); | 1768 | len = le32_to_cpu(buf[1]); |
1774 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1769 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
1775 | if (!c->u.name) { | 1770 | if (!c->u.name) { |
1776 | rc = -ENOMEM; | 1771 | rc = -ENOMEM; |
1777 | goto bad; | 1772 | goto bad; |
@@ -1819,7 +1814,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1819 | goto bad; | 1814 | goto bad; |
1820 | } | 1815 | } |
1821 | 1816 | ||
1822 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); | 1817 | newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); |
1823 | if (!newgenfs->fstype) { | 1818 | if (!newgenfs->fstype) { |
1824 | rc = -ENOMEM; | 1819 | rc = -ENOMEM; |
1825 | kfree(newgenfs); | 1820 | kfree(newgenfs); |
@@ -1865,7 +1860,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1865 | goto bad; | 1860 | goto bad; |
1866 | } | 1861 | } |
1867 | 1862 | ||
1868 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); | 1863 | newc->u.name = kmalloc(len + 1, GFP_KERNEL); |
1869 | if (!newc->u.name) { | 1864 | if (!newc->u.name) { |
1870 | rc = -ENOMEM; | 1865 | rc = -ENOMEM; |
1871 | goto bad_newc; | 1866 | goto bad_newc; |
@@ -1969,7 +1964,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1969 | out: | 1964 | out: |
1970 | return rc; | 1965 | return rc; |
1971 | bad_newc: | 1966 | bad_newc: |
1972 | ocontext_destroy(newc,OCON_FSUSE); | 1967 | ocontext_destroy(newc, OCON_FSUSE); |
1973 | bad: | 1968 | bad: |
1974 | if (!rc) | 1969 | if (!rc) |
1975 | rc = -EINVAL; | 1970 | rc = -EINVAL; |