aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/policydb.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r--security/selinux/ss/policydb.c60
1 files changed, 34 insertions, 26 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 7b03fa0f92b0..0a758323a9cf 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -744,7 +744,8 @@ int policydb_context_isvalid(struct policydb *p, struct context *c)
744 */ 744 */
745static int mls_read_range_helper(struct mls_range *r, void *fp) 745static int mls_read_range_helper(struct mls_range *r, void *fp)
746{ 746{
747 u32 buf[2], items; 747 __le32 buf[2];
748 u32 items;
748 int rc; 749 int rc;
749 750
750 rc = next_entry(buf, fp, sizeof(u32)); 751 rc = next_entry(buf, fp, sizeof(u32));
@@ -805,7 +806,7 @@ static int context_read_and_validate(struct context *c,
805 struct policydb *p, 806 struct policydb *p,
806 void *fp) 807 void *fp)
807{ 808{
808 u32 buf[3]; 809 __le32 buf[3];
809 int rc; 810 int rc;
810 811
811 rc = next_entry(buf, fp, sizeof buf); 812 rc = next_entry(buf, fp, sizeof buf);
@@ -845,7 +846,8 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
845 char *key = NULL; 846 char *key = NULL;
846 struct perm_datum *perdatum; 847 struct perm_datum *perdatum;
847 int rc; 848 int rc;
848 u32 buf[2], len; 849 __le32 buf[2];
850 u32 len;
849 851
850 perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); 852 perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL);
851 if (!perdatum) { 853 if (!perdatum) {
@@ -885,7 +887,8 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp)
885{ 887{
886 char *key = NULL; 888 char *key = NULL;
887 struct common_datum *comdatum; 889 struct common_datum *comdatum;
888 u32 buf[4], len, nel; 890 __le32 buf[4];
891 u32 len, nel;
889 int i, rc; 892 int i, rc;
890 893
891 comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); 894 comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL);
@@ -939,7 +942,8 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons,
939{ 942{
940 struct constraint_node *c, *lc; 943 struct constraint_node *c, *lc;
941 struct constraint_expr *e, *le; 944 struct constraint_expr *e, *le;
942 u32 buf[3], nexpr; 945 __le32 buf[3];
946 u32 nexpr;
943 int rc, i, j, depth; 947 int rc, i, j, depth;
944 948
945 lc = NULL; 949 lc = NULL;
@@ -1023,7 +1027,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1023{ 1027{
1024 char *key = NULL; 1028 char *key = NULL;
1025 struct class_datum *cladatum; 1029 struct class_datum *cladatum;
1026 u32 buf[6], len, len2, ncons, nel; 1030 __le32 buf[6];
1031 u32 len, len2, ncons, nel;
1027 int i, rc; 1032 int i, rc;
1028 1033
1029 cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); 1034 cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL);
@@ -1117,7 +1122,8 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1117 char *key = NULL; 1122 char *key = NULL;
1118 struct role_datum *role; 1123 struct role_datum *role;
1119 int rc; 1124 int rc;
1120 u32 buf[2], len; 1125 __le32 buf[2];
1126 u32 len;
1121 1127
1122 role = kmalloc(sizeof(*role), GFP_KERNEL); 1128 role = kmalloc(sizeof(*role), GFP_KERNEL);
1123 if (!role) { 1129 if (!role) {
@@ -1177,7 +1183,8 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1177 char *key = NULL; 1183 char *key = NULL;
1178 struct type_datum *typdatum; 1184 struct type_datum *typdatum;
1179 int rc; 1185 int rc;
1180 u32 buf[3], len; 1186 __le32 buf[3];
1187 u32 len;
1181 1188
1182 typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); 1189 typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL);
1183 if (!typdatum) { 1190 if (!typdatum) {
@@ -1221,7 +1228,7 @@ bad:
1221 */ 1228 */
1222static int mls_read_level(struct mls_level *lp, void *fp) 1229static int mls_read_level(struct mls_level *lp, void *fp)
1223{ 1230{
1224 u32 buf[1]; 1231 __le32 buf[1];
1225 int rc; 1232 int rc;
1226 1233
1227 memset(lp, 0, sizeof(*lp)); 1234 memset(lp, 0, sizeof(*lp));
@@ -1249,7 +1256,8 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1249 char *key = NULL; 1256 char *key = NULL;
1250 struct user_datum *usrdatum; 1257 struct user_datum *usrdatum;
1251 int rc; 1258 int rc;
1252 u32 buf[2], len; 1259 __le32 buf[2];
1260 u32 len;
1253 1261
1254 usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); 1262 usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL);
1255 if (!usrdatum) { 1263 if (!usrdatum) {
@@ -1303,7 +1311,8 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1303 char *key = NULL; 1311 char *key = NULL;
1304 struct level_datum *levdatum; 1312 struct level_datum *levdatum;
1305 int rc; 1313 int rc;
1306 u32 buf[2], len; 1314 __le32 buf[2];
1315 u32 len;
1307 1316
1308 levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); 1317 levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC);
1309 if (!levdatum) { 1318 if (!levdatum) {
@@ -1354,7 +1363,8 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1354 char *key = NULL; 1363 char *key = NULL;
1355 struct cat_datum *catdatum; 1364 struct cat_datum *catdatum;
1356 int rc; 1365 int rc;
1357 u32 buf[3], len; 1366 __le32 buf[3];
1367 u32 len;
1358 1368
1359 catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); 1369 catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC);
1360 if (!catdatum) { 1370 if (!catdatum) {
@@ -1417,7 +1427,8 @@ int policydb_read(struct policydb *p, void *fp)
1417 struct ocontext *l, *c, *newc; 1427 struct ocontext *l, *c, *newc;
1418 struct genfs *genfs_p, *genfs, *newgenfs; 1428 struct genfs *genfs_p, *genfs, *newgenfs;
1419 int i, j, rc; 1429 int i, j, rc;
1420 u32 buf[8], len, len2, config, nprim, nel, nel2; 1430 __le32 buf[8];
1431 u32 len, len2, config, nprim, nel, nel2;
1421 char *policydb_str; 1432 char *policydb_str;
1422 struct policydb_compat_info *info; 1433 struct policydb_compat_info *info;
1423 struct range_trans *rt, *lrt; 1434 struct range_trans *rt, *lrt;
@@ -1433,17 +1444,14 @@ int policydb_read(struct policydb *p, void *fp)
1433 if (rc < 0) 1444 if (rc < 0)
1434 goto bad; 1445 goto bad;
1435 1446
1436 for (i = 0; i < 2; i++) 1447 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1437 buf[i] = le32_to_cpu(buf[i]);
1438
1439 if (buf[0] != POLICYDB_MAGIC) {
1440 printk(KERN_ERR "security: policydb magic number 0x%x does " 1448 printk(KERN_ERR "security: policydb magic number 0x%x does "
1441 "not match expected magic number 0x%x\n", 1449 "not match expected magic number 0x%x\n",
1442 buf[0], POLICYDB_MAGIC); 1450 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1443 goto bad; 1451 goto bad;
1444 } 1452 }
1445 1453
1446 len = buf[1]; 1454 len = le32_to_cpu(buf[1]);
1447 if (len != strlen(POLICYDB_STRING)) { 1455 if (len != strlen(POLICYDB_STRING)) {
1448 printk(KERN_ERR "security: policydb string length %d does not " 1456 printk(KERN_ERR "security: policydb string length %d does not "
1449 "match expected length %Zu\n", 1457 "match expected length %Zu\n",
@@ -1478,19 +1486,17 @@ int policydb_read(struct policydb *p, void *fp)
1478 rc = next_entry(buf, fp, sizeof(u32)*4); 1486 rc = next_entry(buf, fp, sizeof(u32)*4);
1479 if (rc < 0) 1487 if (rc < 0)
1480 goto bad; 1488 goto bad;
1481 for (i = 0; i < 4; i++)
1482 buf[i] = le32_to_cpu(buf[i]);
1483 1489
1484 p->policyvers = buf[0]; 1490 p->policyvers = le32_to_cpu(buf[0]);
1485 if (p->policyvers < POLICYDB_VERSION_MIN || 1491 if (p->policyvers < POLICYDB_VERSION_MIN ||
1486 p->policyvers > POLICYDB_VERSION_MAX) { 1492 p->policyvers > POLICYDB_VERSION_MAX) {
1487 printk(KERN_ERR "security: policydb version %d does not match " 1493 printk(KERN_ERR "security: policydb version %d does not match "
1488 "my version range %d-%d\n", 1494 "my version range %d-%d\n",
1489 buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1495 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1490 goto bad; 1496 goto bad;
1491 } 1497 }
1492 1498
1493 if ((buf[1] & POLICYDB_CONFIG_MLS)) { 1499 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1494 if (ss_initialized && !selinux_mls_enabled) { 1500 if (ss_initialized && !selinux_mls_enabled) {
1495 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1501 printk(KERN_ERR "Cannot switch between non-MLS and MLS "
1496 "policies\n"); 1502 "policies\n");
@@ -1519,9 +1525,11 @@ int policydb_read(struct policydb *p, void *fp)
1519 goto bad; 1525 goto bad;
1520 } 1526 }
1521 1527
1522 if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { 1528 if (le32_to_cpu(buf[2]) != info->sym_num ||
1529 le32_to_cpu(buf[3]) != info->ocon_num) {
1523 printk(KERN_ERR "security: policydb table sizes (%d,%d) do " 1530 printk(KERN_ERR "security: policydb table sizes (%d,%d) do "
1524 "not match mine (%d,%d)\n", buf[2], buf[3], 1531 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1532 le32_to_cpu(buf[3]),
1525 info->sym_num, info->ocon_num); 1533 info->sym_num, info->ocon_num);
1526 goto bad; 1534 goto bad;
1527 } 1535 }