1 files changed, 9 insertions, 69 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index b4b5da1c0a42..f2dde268165a 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -31,43 +31,7 @@
 #include <net/ipv6.h>
 #include "avc.h"
 #include "avc_ss.h"
+#include "classmap.h"
-static const struct av_perm_to_string av_perm_to_string[] = {
-#define S_(c, v, s) { c, v, s },
-#include "av_perm_to_string.h"
-#undef S_
-};
-static const char *class_to_string[] = {
-#define S_(s) s,
-#include "class_to_string.h"
-#undef S_
-};
-#define TB_(s) static const char *s[] = {
-#define TE_(s) };
-#define S_(s) s,
-#include "common_perm_to_string.h"
-#undef TB_
-#undef TE_
-#undef S_
-static const struct av_inherit av_inherit[] = {
-#define S_(c, i, b) {   .tclass = c,\
-                        .common_pts = common_##i##_perm_to_string,\
-                        .common_base =  b },
-#include "av_inherit.h"
-#undef S_
-};
-const struct selinux_class_perm selinux_class_perm = {
-        .av_perm_to_string = av_perm_to_string,
-        .av_pts_len = ARRAY_SIZE(av_perm_to_string),
-        .class_to_string = class_to_string,
-        .cts_len = ARRAY_SIZE(class_to_string),
-        .av_inherit = av_inherit,
-        .av_inherit_len = ARRAY_SIZE(av_inherit)
-};
 #define AVC_CACHE_SLOTS                 512
 #define AVC_DEF_CACHE_THRESHOLD         512
@@ -139,52 +103,28 @@ static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 */
 static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 {
-        const char **common_pts = NULL;
+        const char **perms;
-        u32 common_base = 0;
+        int i, perm;
-        int i, i2, perm;
        if (av == 0) {
                audit_log_format(ab, " null");
                return;
        }
-        for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+        perms = secclass_map[tclass-1].perms;
-                if (av_inherit[i].tclass == tclass) {
-                        common_pts = av_inherit[i].common_pts;
-                        common_base = av_inherit[i].common_base;
-                        break;
-                }
-        }
        audit_log_format(ab, " {");
        i = 0;
        perm = 1;
-        while (perm < common_base) {
+        while (i < (sizeof(av) * 8)) {
-                if (perm & av) {
+                if ((perm & av) && perms[i]) {
-                        audit_log_format(ab, " %s", common_pts[i]);
+                        audit_log_format(ab, " %s", perms[i]);
                        av &= ~perm;
                }
                i++;
                perm <<= 1;
        }
-        while (i < sizeof(av) * 8) {
-                if (perm & av) {
-                        for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
-                                if ((av_perm_to_string[i2].tclass == tclass) &&
-                                    (av_perm_to_string[i2].value == perm))
-                                        break;
-                        }
-                        if (i2 < ARRAY_SIZE(av_perm_to_string)) {
-                                audit_log_format(ab, " %s",
-                                                 av_perm_to_string[i2].name);
-                                av &= ~perm;
-                        }
-                }
-                i++;
-                perm <<= 1;
-        }
        if (av)
                audit_log_format(ab, " 0x%x", av);
@@ -219,8 +159,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
                kfree(scontext);
        }
-        BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
+        BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
-        audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
+        audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
 }
 /**

diff --git a/security/selinux/avc.c b/security/selinux/avc.c index b4b5da1c0a42..f2dde268165a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c
@@ -31,43 +31,7 @@
31	#include <net/ipv6.h>	31	#include <net/ipv6.h>
32	#include "avc.h"	32	#include "avc.h"
33	#include "avc_ss.h"	33	#include "avc_ss.h"
34		34	#include "classmap.h"
35	static const struct av_perm_to_string av_perm_to_string[] = {
36	#define S_(c, v, s) { c, v, s },
37	#include "av_perm_to_string.h"
38	#undef S_
39	};
40
41	static const char *class_to_string[] = {
42	#define S_(s) s,
43	#include "class_to_string.h"
44	#undef S_
45	};
46
47	#define TB_(s) static const char *s[] = {
48	#define TE_(s) };
49	#define S_(s) s,
50	#include "common_perm_to_string.h"
51	#undef TB_
52	#undef TE_
53	#undef S_
54
55	static const struct av_inherit av_inherit[] = {
56	#define S_(c, i, b) { .tclass = c,\
57	.common_pts = common_##i##_perm_to_string,\
58	.common_base = b },
59	#include "av_inherit.h"
60	#undef S_
61	};
62
63	const struct selinux_class_perm selinux_class_perm = {
64	.av_perm_to_string = av_perm_to_string,
65	.av_pts_len = ARRAY_SIZE(av_perm_to_string),
66	.class_to_string = class_to_string,
67	.cts_len = ARRAY_SIZE(class_to_string),
68	.av_inherit = av_inherit,
69	.av_inherit_len = ARRAY_SIZE(av_inherit)
70	};
71		35
72	#define AVC_CACHE_SLOTS 512	36	#define AVC_CACHE_SLOTS 512
73	#define AVC_DEF_CACHE_THRESHOLD 512	37	#define AVC_DEF_CACHE_THRESHOLD 512
@@ -139,52 +103,28 @@ static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
139	*/	103	*/
140	static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)	104	static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
141	{	105	{
142	const char **common_pts = NULL;	106	const char **perms;
143	u32 common_base = 0;	107	int i, perm;
144	int i, i2, perm;
145		108
146	if (av == 0) {	109	if (av == 0) {
147	audit_log_format(ab, " null");	110	audit_log_format(ab, " null");
148	return;	111	return;
149	}	112	}
150		113
151	for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {	114	perms = secclass_map[tclass-1].perms;
152	if (av_inherit[i].tclass == tclass) {
153	common_pts = av_inherit[i].common_pts;
154	common_base = av_inherit[i].common_base;
155	break;
156	}
157	}
158		115
159	audit_log_format(ab, " {");	116	audit_log_format(ab, " {");
160	i = 0;	117	i = 0;
161	perm = 1;	118	perm = 1;
162	while (perm < common_base) {	119	while (i < (sizeof(av) * 8)) {
163	if (perm & av) {	120	if ((perm & av) && perms[i]) {
164	audit_log_format(ab, " %s", common_pts[i]);	121	audit_log_format(ab, " %s", perms[i]);
165	av &= ~perm;	122	av &= ~perm;
166	}	123	}
167	i++;	124	i++;
168	perm <<= 1;	125	perm <<= 1;
169	}	126	}
170		127
171	while (i < sizeof(av) * 8) {
172	if (perm & av) {
173	for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
174	if ((av_perm_to_string[i2].tclass == tclass) &&
175	(av_perm_to_string[i2].value == perm))
176	break;
177	}
178	if (i2 < ARRAY_SIZE(av_perm_to_string)) {
179	audit_log_format(ab, " %s",
180	av_perm_to_string[i2].name);
181	av &= ~perm;
182	}
183	}
184	i++;
185	perm <<= 1;
186	}
187
188	if (av)	128	if (av)
189	audit_log_format(ab, " 0x%x", av);	129	audit_log_format(ab, " 0x%x", av);
190		130
@@ -219,8 +159,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
219	kfree(scontext);	159	kfree(scontext);
220	}	160	}
221		161
222	BUG_ON(tclass >= ARRAY_SIZE(class_to_string) \|\| !class_to_string[tclass]);	162	BUG_ON(tclass >= ARRAY_SIZE(secclass_map));
223	audit_log_format(ab, " tclass=%s", class_to_string[tclass]);	163	audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name);
224	}	164	}
225		165
226	/**	166	/**