aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/avtab.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/avtab.c')
-rw-r--r--security/selinux/ss/avtab.c48
1 files changed, 24 insertions, 24 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 916e73a18bc5..9e6626362bfd 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -6,15 +6,15 @@
6 6
7/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 7/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
8 * 8 *
9 * Added conditional policy language extensions 9 * Added conditional policy language extensions
10 * 10 *
11 * Copyright (C) 2003 Tresys Technology, LLC 11 * Copyright (C) 2003 Tresys Technology, LLC
12 * This program is free software; you can redistribute it and/or modify 12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by 13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation, version 2. 14 * the Free Software Foundation, version 2.
15 * 15 *
16 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> 16 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
17 * Tuned number of hash slots for avtab to reduce memory usage 17 * Tuned number of hash slots for avtab to reduce memory usage
18 */ 18 */
19 19
20#include <linux/kernel.h> 20#include <linux/kernel.h>
@@ -33,10 +33,10 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask)
33 33
34static struct avtab_node* 34static struct avtab_node*
35avtab_insert_node(struct avtab *h, int hvalue, 35avtab_insert_node(struct avtab *h, int hvalue,
36 struct avtab_node * prev, struct avtab_node * cur, 36 struct avtab_node *prev, struct avtab_node *cur,
37 struct avtab_key *key, struct avtab_datum *datum) 37 struct avtab_key *key, struct avtab_datum *datum)
38{ 38{
39 struct avtab_node * newnode; 39 struct avtab_node *newnode;
40 newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL); 40 newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
41 if (newnode == NULL) 41 if (newnode == NULL)
42 return NULL; 42 return NULL;
@@ -84,7 +84,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
84 } 84 }
85 85
86 newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); 86 newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
87 if(!newnode) 87 if (!newnode)
88 return -ENOMEM; 88 return -ENOMEM;
89 89
90 return 0; 90 return 0;
@@ -95,7 +95,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
95 * It also returns a pointer to the node inserted. 95 * It also returns a pointer to the node inserted.
96 */ 96 */
97struct avtab_node * 97struct avtab_node *
98avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) 98avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
99{ 99{
100 int hvalue; 100 int hvalue;
101 struct avtab_node *prev, *cur, *newnode; 101 struct avtab_node *prev, *cur, *newnode;
@@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag)
310 } 310 }
311 } 311 }
312 312
313 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " 313 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
314 "chain length %d sum of chain length^2 %Lu\n", 314 "longest chain length %d sum of chain length^2 %Lu\n",
315 tag, h->nel, slots_used, h->nslot, max_chain_len, 315 tag, h->nel, slots_used, h->nslot, max_chain_len,
316 chain2_len_sum); 316 chain2_len_sum);
317} 317}
@@ -326,7 +326,7 @@ static uint16_t spec_order[] = {
326}; 326};
327 327
328int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, 328int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
329 int (*insertf)(struct avtab *a, struct avtab_key *k, 329 int (*insertf)(struct avtab *a, struct avtab_key *k,
330 struct avtab_datum *d, void *p), 330 struct avtab_datum *d, void *p),
331 void *p) 331 void *p)
332{ 332{
@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
364 val = le32_to_cpu(buf32[items++]); 364 val = le32_to_cpu(buf32[items++]);
365 key.source_type = (u16)val; 365 key.source_type = (u16)val;
366 if (key.source_type != val) { 366 if (key.source_type != val) {
367 printk("SELinux: avtab: truncated source type\n"); 367 printk(KERN_ERR "SELinux: avtab: truncated source type\n");
368 return -1; 368 return -1;
369 } 369 }
370 val = le32_to_cpu(buf32[items++]); 370 val = le32_to_cpu(buf32[items++]);
371 key.target_type = (u16)val; 371 key.target_type = (u16)val;
372 if (key.target_type != val) { 372 if (key.target_type != val) {
373 printk("SELinux: avtab: truncated target type\n"); 373 printk(KERN_ERR "SELinux: avtab: truncated target type\n");
374 return -1; 374 return -1;
375 } 375 }
376 val = le32_to_cpu(buf32[items++]); 376 val = le32_to_cpu(buf32[items++]);
377 key.target_class = (u16)val; 377 key.target_class = (u16)val;
378 if (key.target_class != val) { 378 if (key.target_class != val) {
379 printk("SELinux: avtab: truncated target class\n"); 379 printk(KERN_ERR "SELinux: avtab: truncated target class\n");
380 return -1; 380 return -1;
381 } 381 }
382 382
@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
384 enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; 384 enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
385 385
386 if (!(val & (AVTAB_AV | AVTAB_TYPE))) { 386 if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
387 printk("SELinux: avtab: null entry\n"); 387 printk(KERN_ERR "SELinux: avtab: null entry\n");
388 return -1; 388 return -1;
389 } 389 }
390 if ((val & AVTAB_AV) && 390 if ((val & AVTAB_AV) &&
391 (val & AVTAB_TYPE)) { 391 (val & AVTAB_TYPE)) {
392 printk("SELinux: avtab: entry has both access vectors and types\n"); 392 printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
393 return -1; 393 return -1;
394 } 394 }
395 395
@@ -398,12 +398,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
398 key.specified = spec_order[i] | enabled; 398 key.specified = spec_order[i] | enabled;
399 datum.data = le32_to_cpu(buf32[items++]); 399 datum.data = le32_to_cpu(buf32[items++]);
400 rc = insertf(a, &key, &datum, p); 400 rc = insertf(a, &key, &datum, p);
401 if (rc) return rc; 401 if (rc)
402 return rc;
402 } 403 }
403 } 404 }
404 405
405 if (items != items2) { 406 if (items != items2) {
406 printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items); 407 printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
407 return -1; 408 return -1;
408 } 409 }
409 return 0; 410 return 0;
@@ -411,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
411 412
412 rc = next_entry(buf16, fp, sizeof(u16)*4); 413 rc = next_entry(buf16, fp, sizeof(u16)*4);
413 if (rc < 0) { 414 if (rc < 0) {
414 printk("SELinux: avtab: truncated entry\n"); 415 printk(KERN_ERR "SELinux: avtab: truncated entry\n");
415 return -1; 416 return -1;
416 } 417 }
417 418
@@ -424,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
424 if (!policydb_type_isvalid(pol, key.source_type) || 425 if (!policydb_type_isvalid(pol, key.source_type) ||
425 !policydb_type_isvalid(pol, key.target_type) || 426 !policydb_type_isvalid(pol, key.target_type) ||
426 !policydb_class_isvalid(pol, key.target_class)) { 427 !policydb_class_isvalid(pol, key.target_class)) {
427 printk(KERN_WARNING "SELinux: avtab: invalid type or class\n"); 428 printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
428 return -1; 429 return -1;
429 } 430 }
430 431
@@ -434,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
434 set++; 435 set++;
435 } 436 }
436 if (!set || set > 1) { 437 if (!set || set > 1) {
437 printk(KERN_WARNING 438 printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
438 "SELinux: avtab: more than one specifier\n");
439 return -1; 439 return -1;
440 } 440 }
441 441
442 rc = next_entry(buf32, fp, sizeof(u32)); 442 rc = next_entry(buf32, fp, sizeof(u32));
443 if (rc < 0) { 443 if (rc < 0) {
444 printk("SELinux: avtab: truncated entry\n"); 444 printk(KERN_ERR "SELinux: avtab: truncated entry\n");
445 return -1; 445 return -1;
446 } 446 }
447 datum.data = le32_to_cpu(*buf32); 447 datum.data = le32_to_cpu(*buf32);
448 if ((key.specified & AVTAB_TYPE) && 448 if ((key.specified & AVTAB_TYPE) &&
449 !policydb_type_isvalid(pol, datum.data)) { 449 !policydb_type_isvalid(pol, datum.data)) {
450 printk(KERN_WARNING "SELinux: avtab: invalid type\n"); 450 printk(KERN_ERR "SELinux: avtab: invalid type\n");
451 return -1; 451 return -1;
452 } 452 }
453 return insertf(a, &key, &datum, p); 453 return insertf(a, &key, &datum, p);
@@ -513,5 +513,5 @@ void avtab_cache_init(void)
513 513
514void avtab_cache_destroy(void) 514void avtab_cache_destroy(void)
515{ 515{
516 kmem_cache_destroy (avtab_node_cachep); 516 kmem_cache_destroy(avtab_node_cachep);
517} 517}
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-12 04:17:57 -0500