diff options
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r-- | security/selinux/ss/policydb.c | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 7b03fa0f92b0..0a758323a9cf 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -744,7 +744,8 @@ int policydb_context_isvalid(struct policydb *p, struct context *c) | |||
744 | */ | 744 | */ |
745 | static int mls_read_range_helper(struct mls_range *r, void *fp) | 745 | static int mls_read_range_helper(struct mls_range *r, void *fp) |
746 | { | 746 | { |
747 | u32 buf[2], items; | 747 | __le32 buf[2]; |
748 | u32 items; | ||
748 | int rc; | 749 | int rc; |
749 | 750 | ||
750 | rc = next_entry(buf, fp, sizeof(u32)); | 751 | rc = next_entry(buf, fp, sizeof(u32)); |
@@ -805,7 +806,7 @@ static int context_read_and_validate(struct context *c, | |||
805 | struct policydb *p, | 806 | struct policydb *p, |
806 | void *fp) | 807 | void *fp) |
807 | { | 808 | { |
808 | u32 buf[3]; | 809 | __le32 buf[3]; |
809 | int rc; | 810 | int rc; |
810 | 811 | ||
811 | rc = next_entry(buf, fp, sizeof buf); | 812 | rc = next_entry(buf, fp, sizeof buf); |
@@ -845,7 +846,8 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
845 | char *key = NULL; | 846 | char *key = NULL; |
846 | struct perm_datum *perdatum; | 847 | struct perm_datum *perdatum; |
847 | int rc; | 848 | int rc; |
848 | u32 buf[2], len; | 849 | __le32 buf[2]; |
850 | u32 len; | ||
849 | 851 | ||
850 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); | 852 | perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); |
851 | if (!perdatum) { | 853 | if (!perdatum) { |
@@ -885,7 +887,8 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
885 | { | 887 | { |
886 | char *key = NULL; | 888 | char *key = NULL; |
887 | struct common_datum *comdatum; | 889 | struct common_datum *comdatum; |
888 | u32 buf[4], len, nel; | 890 | __le32 buf[4]; |
891 | u32 len, nel; | ||
889 | int i, rc; | 892 | int i, rc; |
890 | 893 | ||
891 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); | 894 | comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); |
@@ -939,7 +942,8 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
939 | { | 942 | { |
940 | struct constraint_node *c, *lc; | 943 | struct constraint_node *c, *lc; |
941 | struct constraint_expr *e, *le; | 944 | struct constraint_expr *e, *le; |
942 | u32 buf[3], nexpr; | 945 | __le32 buf[3]; |
946 | u32 nexpr; | ||
943 | int rc, i, j, depth; | 947 | int rc, i, j, depth; |
944 | 948 | ||
945 | lc = NULL; | 949 | lc = NULL; |
@@ -1023,7 +1027,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1023 | { | 1027 | { |
1024 | char *key = NULL; | 1028 | char *key = NULL; |
1025 | struct class_datum *cladatum; | 1029 | struct class_datum *cladatum; |
1026 | u32 buf[6], len, len2, ncons, nel; | 1030 | __le32 buf[6]; |
1031 | u32 len, len2, ncons, nel; | ||
1027 | int i, rc; | 1032 | int i, rc; |
1028 | 1033 | ||
1029 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); | 1034 | cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); |
@@ -1117,7 +1122,8 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1117 | char *key = NULL; | 1122 | char *key = NULL; |
1118 | struct role_datum *role; | 1123 | struct role_datum *role; |
1119 | int rc; | 1124 | int rc; |
1120 | u32 buf[2], len; | 1125 | __le32 buf[2]; |
1126 | u32 len; | ||
1121 | 1127 | ||
1122 | role = kmalloc(sizeof(*role), GFP_KERNEL); | 1128 | role = kmalloc(sizeof(*role), GFP_KERNEL); |
1123 | if (!role) { | 1129 | if (!role) { |
@@ -1177,7 +1183,8 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1177 | char *key = NULL; | 1183 | char *key = NULL; |
1178 | struct type_datum *typdatum; | 1184 | struct type_datum *typdatum; |
1179 | int rc; | 1185 | int rc; |
1180 | u32 buf[3], len; | 1186 | __le32 buf[3]; |
1187 | u32 len; | ||
1181 | 1188 | ||
1182 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); | 1189 | typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); |
1183 | if (!typdatum) { | 1190 | if (!typdatum) { |
@@ -1221,7 +1228,7 @@ bad: | |||
1221 | */ | 1228 | */ |
1222 | static int mls_read_level(struct mls_level *lp, void *fp) | 1229 | static int mls_read_level(struct mls_level *lp, void *fp) |
1223 | { | 1230 | { |
1224 | u32 buf[1]; | 1231 | __le32 buf[1]; |
1225 | int rc; | 1232 | int rc; |
1226 | 1233 | ||
1227 | memset(lp, 0, sizeof(*lp)); | 1234 | memset(lp, 0, sizeof(*lp)); |
@@ -1249,7 +1256,8 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1249 | char *key = NULL; | 1256 | char *key = NULL; |
1250 | struct user_datum *usrdatum; | 1257 | struct user_datum *usrdatum; |
1251 | int rc; | 1258 | int rc; |
1252 | u32 buf[2], len; | 1259 | __le32 buf[2]; |
1260 | u32 len; | ||
1253 | 1261 | ||
1254 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); | 1262 | usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); |
1255 | if (!usrdatum) { | 1263 | if (!usrdatum) { |
@@ -1303,7 +1311,8 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1303 | char *key = NULL; | 1311 | char *key = NULL; |
1304 | struct level_datum *levdatum; | 1312 | struct level_datum *levdatum; |
1305 | int rc; | 1313 | int rc; |
1306 | u32 buf[2], len; | 1314 | __le32 buf[2]; |
1315 | u32 len; | ||
1307 | 1316 | ||
1308 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); | 1317 | levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); |
1309 | if (!levdatum) { | 1318 | if (!levdatum) { |
@@ -1354,7 +1363,8 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1354 | char *key = NULL; | 1363 | char *key = NULL; |
1355 | struct cat_datum *catdatum; | 1364 | struct cat_datum *catdatum; |
1356 | int rc; | 1365 | int rc; |
1357 | u32 buf[3], len; | 1366 | __le32 buf[3]; |
1367 | u32 len; | ||
1358 | 1368 | ||
1359 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); | 1369 | catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); |
1360 | if (!catdatum) { | 1370 | if (!catdatum) { |
@@ -1417,7 +1427,8 @@ int policydb_read(struct policydb *p, void *fp) | |||
1417 | struct ocontext *l, *c, *newc; | 1427 | struct ocontext *l, *c, *newc; |
1418 | struct genfs *genfs_p, *genfs, *newgenfs; | 1428 | struct genfs *genfs_p, *genfs, *newgenfs; |
1419 | int i, j, rc; | 1429 | int i, j, rc; |
1420 | u32 buf[8], len, len2, config, nprim, nel, nel2; | 1430 | __le32 buf[8]; |
1431 | u32 len, len2, config, nprim, nel, nel2; | ||
1421 | char *policydb_str; | 1432 | char *policydb_str; |
1422 | struct policydb_compat_info *info; | 1433 | struct policydb_compat_info *info; |
1423 | struct range_trans *rt, *lrt; | 1434 | struct range_trans *rt, *lrt; |
@@ -1433,17 +1444,14 @@ int policydb_read(struct policydb *p, void *fp) | |||
1433 | if (rc < 0) | 1444 | if (rc < 0) |
1434 | goto bad; | 1445 | goto bad; |
1435 | 1446 | ||
1436 | for (i = 0; i < 2; i++) | 1447 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
1437 | buf[i] = le32_to_cpu(buf[i]); | ||
1438 | |||
1439 | if (buf[0] != POLICYDB_MAGIC) { | ||
1440 | printk(KERN_ERR "security: policydb magic number 0x%x does " | 1448 | printk(KERN_ERR "security: policydb magic number 0x%x does " |
1441 | "not match expected magic number 0x%x\n", | 1449 | "not match expected magic number 0x%x\n", |
1442 | buf[0], POLICYDB_MAGIC); | 1450 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
1443 | goto bad; | 1451 | goto bad; |
1444 | } | 1452 | } |
1445 | 1453 | ||
1446 | len = buf[1]; | 1454 | len = le32_to_cpu(buf[1]); |
1447 | if (len != strlen(POLICYDB_STRING)) { | 1455 | if (len != strlen(POLICYDB_STRING)) { |
1448 | printk(KERN_ERR "security: policydb string length %d does not " | 1456 | printk(KERN_ERR "security: policydb string length %d does not " |
1449 | "match expected length %Zu\n", | 1457 | "match expected length %Zu\n", |
@@ -1478,19 +1486,17 @@ int policydb_read(struct policydb *p, void *fp) | |||
1478 | rc = next_entry(buf, fp, sizeof(u32)*4); | 1486 | rc = next_entry(buf, fp, sizeof(u32)*4); |
1479 | if (rc < 0) | 1487 | if (rc < 0) |
1480 | goto bad; | 1488 | goto bad; |
1481 | for (i = 0; i < 4; i++) | ||
1482 | buf[i] = le32_to_cpu(buf[i]); | ||
1483 | 1489 | ||
1484 | p->policyvers = buf[0]; | 1490 | p->policyvers = le32_to_cpu(buf[0]); |
1485 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1491 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1486 | p->policyvers > POLICYDB_VERSION_MAX) { | 1492 | p->policyvers > POLICYDB_VERSION_MAX) { |
1487 | printk(KERN_ERR "security: policydb version %d does not match " | 1493 | printk(KERN_ERR "security: policydb version %d does not match " |
1488 | "my version range %d-%d\n", | 1494 | "my version range %d-%d\n", |
1489 | buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1495 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1490 | goto bad; | 1496 | goto bad; |
1491 | } | 1497 | } |
1492 | 1498 | ||
1493 | if ((buf[1] & POLICYDB_CONFIG_MLS)) { | 1499 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
1494 | if (ss_initialized && !selinux_mls_enabled) { | 1500 | if (ss_initialized && !selinux_mls_enabled) { |
1495 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | 1501 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " |
1496 | "policies\n"); | 1502 | "policies\n"); |
@@ -1519,9 +1525,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1519 | goto bad; | 1525 | goto bad; |
1520 | } | 1526 | } |
1521 | 1527 | ||
1522 | if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { | 1528 | if (le32_to_cpu(buf[2]) != info->sym_num || |
1529 | le32_to_cpu(buf[3]) != info->ocon_num) { | ||
1523 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " | 1530 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " |
1524 | "not match mine (%d,%d)\n", buf[2], buf[3], | 1531 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), |
1532 | le32_to_cpu(buf[3]), | ||
1525 | info->sym_num, info->ocon_num); | 1533 | info->sym_num, info->ocon_num); |
1526 | goto bad; | 1534 | goto bad; |
1527 | } | 1535 | } |