diff options
| -rw-r--r-- | security/selinux/ss/policydb.c | 131 |
1 files changed, 63 insertions, 68 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 891c2d07e8b6..84f8cc73c7db 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -11,7 +11,7 @@ | |||
| 11 | * | 11 | * |
| 12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | 12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
| 13 | * | 13 | * |
| 14 | * Added conditional policy language extensions | 14 | * Added conditional policy language extensions |
| 15 | * | 15 | * |
| 16 | * Updated: Hewlett-Packard <paul.moore@hp.com> | 16 | * Updated: Hewlett-Packard <paul.moore@hp.com> |
| 17 | * | 17 | * |
| @@ -21,7 +21,7 @@ | |||
| 21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
| 22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | 22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
| 23 | * This program is free software; you can redistribute it and/or modify | 23 | * This program is free software; you can redistribute it and/or modify |
| 24 | * it under the terms of the GNU General Public License as published by | 24 | * it under the terms of the GNU General Public License as published by |
| 25 | * the Free Software Foundation, version 2. | 25 | * the Free Software Foundation, version 2. |
| 26 | */ | 26 | */ |
| 27 | 27 | ||
| @@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = { | |||
| 51 | }; | 51 | }; |
| 52 | #endif | 52 | #endif |
| 53 | 53 | ||
| 54 | int selinux_mls_enabled = 0; | 54 | int selinux_mls_enabled; |
| 55 | 55 | ||
| 56 | static unsigned int symtab_sizes[SYM_NUM] = { | 56 | static unsigned int symtab_sizes[SYM_NUM] = { |
| 57 | 2, | 57 | 2, |
| @@ -73,39 +73,39 @@ struct policydb_compat_info { | |||
| 73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ | 73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ |
| 74 | static struct policydb_compat_info policydb_compat[] = { | 74 | static struct policydb_compat_info policydb_compat[] = { |
| 75 | { | 75 | { |
| 76 | .version = POLICYDB_VERSION_BASE, | 76 | .version = POLICYDB_VERSION_BASE, |
| 77 | .sym_num = SYM_NUM - 3, | 77 | .sym_num = SYM_NUM - 3, |
| 78 | .ocon_num = OCON_NUM - 1, | 78 | .ocon_num = OCON_NUM - 1, |
| 79 | }, | 79 | }, |
| 80 | { | 80 | { |
| 81 | .version = POLICYDB_VERSION_BOOL, | 81 | .version = POLICYDB_VERSION_BOOL, |
| 82 | .sym_num = SYM_NUM - 2, | 82 | .sym_num = SYM_NUM - 2, |
| 83 | .ocon_num = OCON_NUM - 1, | 83 | .ocon_num = OCON_NUM - 1, |
| 84 | }, | 84 | }, |
| 85 | { | 85 | { |
| 86 | .version = POLICYDB_VERSION_IPV6, | 86 | .version = POLICYDB_VERSION_IPV6, |
| 87 | .sym_num = SYM_NUM - 2, | 87 | .sym_num = SYM_NUM - 2, |
| 88 | .ocon_num = OCON_NUM, | 88 | .ocon_num = OCON_NUM, |
| 89 | }, | 89 | }, |
| 90 | { | 90 | { |
| 91 | .version = POLICYDB_VERSION_NLCLASS, | 91 | .version = POLICYDB_VERSION_NLCLASS, |
| 92 | .sym_num = SYM_NUM - 2, | 92 | .sym_num = SYM_NUM - 2, |
| 93 | .ocon_num = OCON_NUM, | 93 | .ocon_num = OCON_NUM, |
| 94 | }, | 94 | }, |
| 95 | { | 95 | { |
| 96 | .version = POLICYDB_VERSION_MLS, | 96 | .version = POLICYDB_VERSION_MLS, |
| 97 | .sym_num = SYM_NUM, | 97 | .sym_num = SYM_NUM, |
| 98 | .ocon_num = OCON_NUM, | 98 | .ocon_num = OCON_NUM, |
| 99 | }, | 99 | }, |
| 100 | { | 100 | { |
| 101 | .version = POLICYDB_VERSION_AVTAB, | 101 | .version = POLICYDB_VERSION_AVTAB, |
| 102 | .sym_num = SYM_NUM, | 102 | .sym_num = SYM_NUM, |
| 103 | .ocon_num = OCON_NUM, | 103 | .ocon_num = OCON_NUM, |
| 104 | }, | 104 | }, |
| 105 | { | 105 | { |
| 106 | .version = POLICYDB_VERSION_RANGETRANS, | 106 | .version = POLICYDB_VERSION_RANGETRANS, |
| 107 | .sym_num = SYM_NUM, | 107 | .sym_num = SYM_NUM, |
| 108 | .ocon_num = OCON_NUM, | 108 | .ocon_num = OCON_NUM, |
| 109 | }, | 109 | }, |
| 110 | { | 110 | { |
| 111 | .version = POLICYDB_VERSION_POLCAP, | 111 | .version = POLICYDB_VERSION_POLCAP, |
| @@ -152,7 +152,7 @@ static int roles_init(struct policydb *p) | |||
| 152 | rc = -EINVAL; | 152 | rc = -EINVAL; |
| 153 | goto out_free_role; | 153 | goto out_free_role; |
| 154 | } | 154 | } |
| 155 | key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); | 155 | key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); |
| 156 | if (!key) { | 156 | if (!key) { |
| 157 | rc = -ENOMEM; | 157 | rc = -ENOMEM; |
| 158 | goto out_free_role; | 158 | goto out_free_role; |
| @@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p) | |||
| 424 | 424 | ||
| 425 | p->role_val_to_struct = | 425 | p->role_val_to_struct = |
| 426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), | 426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), |
| 427 | GFP_KERNEL); | 427 | GFP_KERNEL); |
| 428 | if (!p->role_val_to_struct) { | 428 | if (!p->role_val_to_struct) { |
| 429 | rc = -ENOMEM; | 429 | rc = -ENOMEM; |
| 430 | goto out; | 430 | goto out; |
| @@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p) | |||
| 432 | 432 | ||
| 433 | p->user_val_to_struct = | 433 | p->user_val_to_struct = |
| 434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), | 434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), |
| 435 | GFP_KERNEL); | 435 | GFP_KERNEL); |
| 436 | if (!p->user_val_to_struct) { | 436 | if (!p->user_val_to_struct) { |
| 437 | rc = -ENOMEM; | 437 | rc = -ENOMEM; |
| 438 | goto out; | 438 | goto out; |
| @@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p) | |||
| 634 | while (c) { | 634 | while (c) { |
| 635 | ctmp = c; | 635 | ctmp = c; |
| 636 | c = c->next; | 636 | c = c->next; |
| 637 | ocontext_destroy(ctmp,i); | 637 | ocontext_destroy(ctmp, i); |
| 638 | } | 638 | } |
| 639 | p->ocontexts[i] = NULL; | 639 | p->ocontexts[i] = NULL; |
| 640 | } | 640 | } |
| @@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p) | |||
| 647 | while (c) { | 647 | while (c) { |
| 648 | ctmp = c; | 648 | ctmp = c; |
| 649 | c = c->next; | 649 | c = c->next; |
| 650 | ocontext_destroy(ctmp,OCON_FSUSE); | 650 | ocontext_destroy(ctmp, OCON_FSUSE); |
| 651 | } | 651 | } |
| 652 | gtmp = g; | 652 | gtmp = g; |
| 653 | g = g->next; | 653 | g = g->next; |
| @@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p) | |||
| 664 | } | 664 | } |
| 665 | kfree(ltr); | 665 | kfree(ltr); |
| 666 | 666 | ||
| 667 | for (ra = p->role_allow; ra; ra = ra -> next) { | 667 | for (ra = p->role_allow; ra; ra = ra->next) { |
| 668 | cond_resched(); | 668 | cond_resched(); |
| 669 | kfree(lra); | 669 | kfree(lra); |
| 670 | lra = ra; | 670 | lra = ra; |
| 671 | } | 671 | } |
| 672 | kfree(lra); | 672 | kfree(lra); |
| 673 | 673 | ||
| 674 | for (rt = p->range_tr; rt; rt = rt -> next) { | 674 | for (rt = p->range_tr; rt; rt = rt->next) { |
| 675 | cond_resched(); | 675 | cond_resched(); |
| 676 | if (lrt) { | 676 | if (lrt) { |
| 677 | ebitmap_destroy(&lrt->target_range.level[0].cat); | 677 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
| @@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 924 | len = le32_to_cpu(buf[0]); | 924 | len = le32_to_cpu(buf[0]); |
| 925 | perdatum->value = le32_to_cpu(buf[1]); | 925 | perdatum->value = le32_to_cpu(buf[1]); |
| 926 | 926 | ||
| 927 | key = kmalloc(len + 1,GFP_KERNEL); | 927 | key = kmalloc(len + 1, GFP_KERNEL); |
| 928 | if (!key) { | 928 | if (!key) { |
| 929 | rc = -ENOMEM; | 929 | rc = -ENOMEM; |
| 930 | goto bad; | 930 | goto bad; |
| @@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); | 971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); |
| 972 | nel = le32_to_cpu(buf[3]); | 972 | nel = le32_to_cpu(buf[3]); |
| 973 | 973 | ||
| 974 | key = kmalloc(len + 1,GFP_KERNEL); | 974 | key = kmalloc(len + 1, GFP_KERNEL); |
| 975 | if (!key) { | 975 | if (!key) { |
| 976 | rc = -ENOMEM; | 976 | rc = -ENOMEM; |
| 977 | goto bad; | 977 | goto bad; |
| @@ -998,7 +998,7 @@ bad: | |||
| 998 | } | 998 | } |
| 999 | 999 | ||
| 1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, | 1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, |
| 1001 | int allowxtarget, void *fp) | 1001 | int allowxtarget, void *fp) |
| 1002 | { | 1002 | { |
| 1003 | struct constraint_node *c, *lc; | 1003 | struct constraint_node *c, *lc; |
| 1004 | struct constraint_expr *e, *le; | 1004 | struct constraint_expr *e, *le; |
| @@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
| 1012 | if (!c) | 1012 | if (!c) |
| 1013 | return -ENOMEM; | 1013 | return -ENOMEM; |
| 1014 | 1014 | ||
| 1015 | if (lc) { | 1015 | if (lc) |
| 1016 | lc->next = c; | 1016 | lc->next = c; |
| 1017 | } else { | 1017 | else |
| 1018 | *nodep = c; | 1018 | *nodep = c; |
| 1019 | } | ||
| 1020 | 1019 | ||
| 1021 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | 1020 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); |
| 1022 | if (rc < 0) | 1021 | if (rc < 0) |
| @@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
| 1030 | if (!e) | 1029 | if (!e) |
| 1031 | return -ENOMEM; | 1030 | return -ENOMEM; |
| 1032 | 1031 | ||
| 1033 | if (le) { | 1032 | if (le) |
| 1034 | le->next = e; | 1033 | le->next = e; |
| 1035 | } else { | 1034 | else |
| 1036 | c->expr = e; | 1035 | c->expr = e; |
| 1037 | } | ||
| 1038 | 1036 | ||
| 1039 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); | 1037 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); |
| 1040 | if (rc < 0) | 1038 | if (rc < 0) |
| @@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1111 | 1109 | ||
| 1112 | ncons = le32_to_cpu(buf[5]); | 1110 | ncons = le32_to_cpu(buf[5]); |
| 1113 | 1111 | ||
| 1114 | key = kmalloc(len + 1,GFP_KERNEL); | 1112 | key = kmalloc(len + 1, GFP_KERNEL); |
| 1115 | if (!key) { | 1113 | if (!key) { |
| 1116 | rc = -ENOMEM; | 1114 | rc = -ENOMEM; |
| 1117 | goto bad; | 1115 | goto bad; |
| @@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1122 | key[len] = 0; | 1120 | key[len] = 0; |
| 1123 | 1121 | ||
| 1124 | if (len2) { | 1122 | if (len2) { |
| 1125 | cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); | 1123 | cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); |
| 1126 | if (!cladatum->comkey) { | 1124 | if (!cladatum->comkey) { |
| 1127 | rc = -ENOMEM; | 1125 | rc = -ENOMEM; |
| 1128 | goto bad; | 1126 | goto bad; |
| @@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1195 | len = le32_to_cpu(buf[0]); | 1193 | len = le32_to_cpu(buf[0]); |
| 1196 | role->value = le32_to_cpu(buf[1]); | 1194 | role->value = le32_to_cpu(buf[1]); |
| 1197 | 1195 | ||
| 1198 | key = kmalloc(len + 1,GFP_KERNEL); | 1196 | key = kmalloc(len + 1, GFP_KERNEL); |
| 1199 | if (!key) { | 1197 | if (!key) { |
| 1200 | rc = -ENOMEM; | 1198 | rc = -ENOMEM; |
| 1201 | goto bad; | 1199 | goto bad; |
| @@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1242 | __le32 buf[3]; | 1240 | __le32 buf[3]; |
| 1243 | u32 len; | 1241 | u32 len; |
| 1244 | 1242 | ||
| 1245 | typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); | 1243 | typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); |
| 1246 | if (!typdatum) { | 1244 | if (!typdatum) { |
| 1247 | rc = -ENOMEM; | 1245 | rc = -ENOMEM; |
| 1248 | return rc; | 1246 | return rc; |
| @@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1256 | typdatum->value = le32_to_cpu(buf[1]); | 1254 | typdatum->value = le32_to_cpu(buf[1]); |
| 1257 | typdatum->primary = le32_to_cpu(buf[2]); | 1255 | typdatum->primary = le32_to_cpu(buf[2]); |
| 1258 | 1256 | ||
| 1259 | key = kmalloc(len + 1,GFP_KERNEL); | 1257 | key = kmalloc(len + 1, GFP_KERNEL); |
| 1260 | if (!key) { | 1258 | if (!key) { |
| 1261 | rc = -ENOMEM; | 1259 | rc = -ENOMEM; |
| 1262 | goto bad; | 1260 | goto bad; |
| @@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1328 | len = le32_to_cpu(buf[0]); | 1326 | len = le32_to_cpu(buf[0]); |
| 1329 | usrdatum->value = le32_to_cpu(buf[1]); | 1327 | usrdatum->value = le32_to_cpu(buf[1]); |
| 1330 | 1328 | ||
| 1331 | key = kmalloc(len + 1,GFP_KERNEL); | 1329 | key = kmalloc(len + 1, GFP_KERNEL); |
| 1332 | if (!key) { | 1330 | if (!key) { |
| 1333 | rc = -ENOMEM; | 1331 | rc = -ENOMEM; |
| 1334 | goto bad; | 1332 | goto bad; |
| @@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1382 | len = le32_to_cpu(buf[0]); | 1380 | len = le32_to_cpu(buf[0]); |
| 1383 | levdatum->isalias = le32_to_cpu(buf[1]); | 1381 | levdatum->isalias = le32_to_cpu(buf[1]); |
| 1384 | 1382 | ||
| 1385 | key = kmalloc(len + 1,GFP_ATOMIC); | 1383 | key = kmalloc(len + 1, GFP_ATOMIC); |
| 1386 | if (!key) { | 1384 | if (!key) { |
| 1387 | rc = -ENOMEM; | 1385 | rc = -ENOMEM; |
| 1388 | goto bad; | 1386 | goto bad; |
| @@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
| 1434 | catdatum->value = le32_to_cpu(buf[1]); | 1432 | catdatum->value = le32_to_cpu(buf[1]); |
| 1435 | catdatum->isalias = le32_to_cpu(buf[2]); | 1433 | catdatum->isalias = le32_to_cpu(buf[2]); |
| 1436 | 1434 | ||
| 1437 | key = kmalloc(len + 1,GFP_ATOMIC); | 1435 | key = kmalloc(len + 1, GFP_ATOMIC); |
| 1438 | if (!key) { | 1436 | if (!key) { |
| 1439 | rc = -ENOMEM; | 1437 | rc = -ENOMEM; |
| 1440 | goto bad; | 1438 | goto bad; |
| @@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1493 | goto out; | 1491 | goto out; |
| 1494 | 1492 | ||
| 1495 | /* Read the magic number and string length. */ | 1493 | /* Read the magic number and string length. */ |
| 1496 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1494 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
| 1497 | if (rc < 0) | 1495 | if (rc < 0) |
| 1498 | goto bad; | 1496 | goto bad; |
| 1499 | 1497 | ||
| @@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1511 | len, strlen(POLICYDB_STRING)); | 1509 | len, strlen(POLICYDB_STRING)); |
| 1512 | goto bad; | 1510 | goto bad; |
| 1513 | } | 1511 | } |
| 1514 | policydb_str = kmalloc(len + 1,GFP_KERNEL); | 1512 | policydb_str = kmalloc(len + 1, GFP_KERNEL); |
| 1515 | if (!policydb_str) { | 1513 | if (!policydb_str) { |
| 1516 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " | 1514 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " |
| 1517 | "string of length %d\n", len); | 1515 | "string of length %d\n", len); |
| @@ -1544,9 +1542,9 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1544 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1542 | if (p->policyvers < POLICYDB_VERSION_MIN || |
| 1545 | p->policyvers > POLICYDB_VERSION_MAX) { | 1543 | p->policyvers > POLICYDB_VERSION_MAX) { |
| 1546 | printk(KERN_ERR "SELinux: policydb version %d does not match " | 1544 | printk(KERN_ERR "SELinux: policydb version %d does not match " |
| 1547 | "my version range %d-%d\n", | 1545 | "my version range %d-%d\n", |
| 1548 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1546 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
| 1549 | goto bad; | 1547 | goto bad; |
| 1550 | } | 1548 | } |
| 1551 | 1549 | ||
| 1552 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { | 1550 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
| @@ -1634,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1634 | rc = -ENOMEM; | 1632 | rc = -ENOMEM; |
| 1635 | goto bad; | 1633 | goto bad; |
| 1636 | } | 1634 | } |
| 1637 | if (ltr) { | 1635 | if (ltr) |
| 1638 | ltr->next = tr; | 1636 | ltr->next = tr; |
| 1639 | } else { | 1637 | else |
| 1640 | p->role_tr = tr; | 1638 | p->role_tr = tr; |
| 1641 | } | ||
| 1642 | rc = next_entry(buf, fp, sizeof(u32)*3); | 1639 | rc = next_entry(buf, fp, sizeof(u32)*3); |
| 1643 | if (rc < 0) | 1640 | if (rc < 0) |
| 1644 | goto bad; | 1641 | goto bad; |
| @@ -1665,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1665 | rc = -ENOMEM; | 1662 | rc = -ENOMEM; |
| 1666 | goto bad; | 1663 | goto bad; |
| 1667 | } | 1664 | } |
| 1668 | if (lra) { | 1665 | if (lra) |
| 1669 | lra->next = ra; | 1666 | lra->next = ra; |
| 1670 | } else { | 1667 | else |
| 1671 | p->role_allow = ra; | 1668 | p->role_allow = ra; |
| 1672 | } | ||
| 1673 | rc = next_entry(buf, fp, sizeof(u32)*2); | 1669 | rc = next_entry(buf, fp, sizeof(u32)*2); |
| 1674 | if (rc < 0) | 1670 | if (rc < 0) |
| 1675 | goto bad; | 1671 | goto bad; |
| @@ -1703,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1703 | rc = -ENOMEM; | 1699 | rc = -ENOMEM; |
| 1704 | goto bad; | 1700 | goto bad; |
| 1705 | } | 1701 | } |
| 1706 | if (l) { | 1702 | if (l) |
| 1707 | l->next = c; | 1703 | l->next = c; |
| 1708 | } else { | 1704 | else |
| 1709 | p->ocontexts[i] = c; | 1705 | p->ocontexts[i] = c; |
| 1710 | } | ||
| 1711 | l = c; | 1706 | l = c; |
| 1712 | rc = -EINVAL; | 1707 | rc = -EINVAL; |
| 1713 | switch (i) { | 1708 | switch (i) { |
| @@ -1726,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1726 | if (rc < 0) | 1721 | if (rc < 0) |
| 1727 | goto bad; | 1722 | goto bad; |
| 1728 | len = le32_to_cpu(buf[0]); | 1723 | len = le32_to_cpu(buf[0]); |
| 1729 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1724 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
| 1730 | if (!c->u.name) { | 1725 | if (!c->u.name) { |
| 1731 | rc = -ENOMEM; | 1726 | rc = -ENOMEM; |
| 1732 | goto bad; | 1727 | goto bad; |
| @@ -1754,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1754 | goto bad; | 1749 | goto bad; |
| 1755 | break; | 1750 | break; |
| 1756 | case OCON_NODE: | 1751 | case OCON_NODE: |
| 1757 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1752 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
| 1758 | if (rc < 0) | 1753 | if (rc < 0) |
| 1759 | goto bad; | 1754 | goto bad; |
| 1760 | c->u.node.addr = le32_to_cpu(buf[0]); | 1755 | c->u.node.addr = le32_to_cpu(buf[0]); |
| @@ -1771,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1771 | if (c->v.behavior > SECURITY_FS_USE_NONE) | 1766 | if (c->v.behavior > SECURITY_FS_USE_NONE) |
| 1772 | goto bad; | 1767 | goto bad; |
| 1773 | len = le32_to_cpu(buf[1]); | 1768 | len = le32_to_cpu(buf[1]); |
| 1774 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1769 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
| 1775 | if (!c->u.name) { | 1770 | if (!c->u.name) { |
| 1776 | rc = -ENOMEM; | 1771 | rc = -ENOMEM; |
| 1777 | goto bad; | 1772 | goto bad; |
| @@ -1819,7 +1814,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1819 | goto bad; | 1814 | goto bad; |
| 1820 | } | 1815 | } |
| 1821 | 1816 | ||
| 1822 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); | 1817 | newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); |
| 1823 | if (!newgenfs->fstype) { | 1818 | if (!newgenfs->fstype) { |
| 1824 | rc = -ENOMEM; | 1819 | rc = -ENOMEM; |
| 1825 | kfree(newgenfs); | 1820 | kfree(newgenfs); |
| @@ -1865,7 +1860,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1865 | goto bad; | 1860 | goto bad; |
| 1866 | } | 1861 | } |
| 1867 | 1862 | ||
| 1868 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); | 1863 | newc->u.name = kmalloc(len + 1, GFP_KERNEL); |
| 1869 | if (!newc->u.name) { | 1864 | if (!newc->u.name) { |
| 1870 | rc = -ENOMEM; | 1865 | rc = -ENOMEM; |
| 1871 | goto bad_newc; | 1866 | goto bad_newc; |
| @@ -1969,7 +1964,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1969 | out: | 1964 | out: |
| 1970 | return rc; | 1965 | return rc; |
| 1971 | bad_newc: | 1966 | bad_newc: |
| 1972 | ocontext_destroy(newc,OCON_FSUSE); | 1967 | ocontext_destroy(newc, OCON_FSUSE); |
| 1973 | bad: | 1968 | bad: |
| 1974 | if (!rc) | 1969 | if (!rc) |
| 1975 | rc = -EINVAL; | 1970 | rc = -EINVAL; |