1 files changed, 130 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 57363562f0f8..e7b850ad57ee 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -123,6 +123,11 @@ static struct policydb_compat_info policydb_compat[] = {
                .sym_num        = SYM_NUM,
                .ocon_num       = OCON_NUM,
        },
+        {
+                .version        = POLICYDB_VERSION_FILENAME_TRANS,
+                .sym_num        = SYM_NUM,
+                .ocon_num       = OCON_NUM,
+        },
 };
 static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -704,6 +709,7 @@ void policydb_destroy(struct policydb *p)
        int i;
        struct role_allow *ra, *lra = NULL;
        struct role_trans *tr, *ltr = NULL;
+        struct filename_trans *ft, *nft;
        for (i = 0; i < SYM_NUM; i++) {
                cond_resched();
@@ -781,6 +787,15 @@ void policydb_destroy(struct policydb *p)
                }
                flex_array_free(p->type_attr_map_array);
        }
+        ft = p->filename_trans;
+        while (ft) {
+                nft = ft->next;
+                kfree(ft->name);
+                kfree(ft);
+                ft = nft;
+        }
        ebitmap_destroy(&p->policycaps);
        ebitmap_destroy(&p->permissive_map);
@@ -1788,6 +1803,76 @@ out:
        return rc;
 }
+static int filename_trans_read(struct policydb *p, void *fp)
+{
+        struct filename_trans *ft, *last;
+        u32 nel, len;
+        char *name;
+        __le32 buf[4];
+        int rc, i;
+        if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
+                return 0;
+        rc = next_entry(buf, fp, sizeof(u32));
+        if (rc)
+                goto out;
+        nel = le32_to_cpu(buf[0]);
+        printk(KERN_ERR "%s: nel=%d\n", __func__, nel);
+        last = p->filename_trans;
+        while (last && last->next)
+                last = last->next;
+        for (i = 0; i < nel; i++) {
+                rc = -ENOMEM;
+                ft = kzalloc(sizeof(*ft), GFP_KERNEL);
+                if (!ft)
+                        goto out;
+                /* add it to the tail of the list */
+                if (!last)
+                        p->filename_trans = ft;
+                else
+                        last->next = ft;
+                last = ft;
+                /* length of the path component string */
+                rc = next_entry(buf, fp, sizeof(u32));
+                if (rc)
+                        goto out;
+                len = le32_to_cpu(buf[0]);
+                rc = -ENOMEM;
+                name = kmalloc(len + 1, GFP_KERNEL);
+                if (!name)
+                        goto out;
+                ft->name = name;
+                /* path component string */
+                rc = next_entry(name, fp, len);
+                if (rc)
+                        goto out;
+                name[len] = 0;
+                printk(KERN_ERR "%s: ft=%p ft->name=%p ft->name=%s\n", __func__, ft, ft->name, ft->name);
+                rc = next_entry(buf, fp, sizeof(u32) * 4);
+                if (rc)
+                        goto out;
+                ft->stype = le32_to_cpu(buf[0]);
+                ft->ttype = le32_to_cpu(buf[1]);
+                ft->tclass = le32_to_cpu(buf[2]);
+                ft->otype = le32_to_cpu(buf[3]);
+        }
+        rc = 0;
+out:
+        return rc;
+}
 static int genfs_read(struct policydb *p, void *fp)
 {
        int i, j, rc;
@@ -2251,6 +2336,10 @@ int policydb_read(struct policydb *p, void *fp)
                lra = ra;
        }
+        rc = filename_trans_read(p, fp);
+        if (rc)
+                goto bad;
        rc = policydb_index(p);
        if (rc)
                goto bad;
@@ -3025,6 +3114,43 @@ static int range_write(struct policydb *p, void *fp)
        return 0;
 }
+static int filename_trans_write(struct policydb *p, void *fp)
+{
+        struct filename_trans *ft;
+        u32 len, nel = 0;
+        __le32 buf[4];
+        int rc;
+        for (ft = p->filename_trans; ft; ft = ft->next)
+                nel++;
+        buf[0] = cpu_to_le32(nel);
+        rc = put_entry(buf, sizeof(u32), 1, fp);
+        if (rc)
+                return rc;
+        for (ft = p->filename_trans; ft; ft = ft->next) {
+                len = strlen(ft->name);
+                buf[0] = cpu_to_le32(len);
+                rc = put_entry(buf, sizeof(u32), 1, fp);
+                if (rc)
+                        return rc;
+                rc = put_entry(ft->name, sizeof(char), len, fp);
+                if (rc)
+                        return rc;
+                buf[0] = ft->stype;
+                buf[1] = ft->ttype;
+                buf[2] = ft->tclass;
+                buf[3] = ft->otype;
+                rc = put_entry(buf, sizeof(u32), 4, fp);
+                if (rc)
+                        return rc;
+        }
+        return 0;
+}
 /*
 * Write the configuration data in a policy database
 * structure to a policy database binary representation
@@ -3135,6 +3261,10 @@ int policydb_write(struct policydb *p, void *fp)
        if (rc)
                return rc;
+        rc = filename_trans_write(p, fp);
+        if (rc)
+                return rc;
        rc = ocontext_write(p, info, fp);
        if (rc)
                return rc;

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 57363562f0f8..e7b850ad57ee 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c
@@ -123,6 +123,11 @@ static struct policydb_compat_info policydb_compat[] = {
123	.sym_num = SYM_NUM,	123	.sym_num = SYM_NUM,
124	.ocon_num = OCON_NUM,	124	.ocon_num = OCON_NUM,
125	},	125	},
		126	{
		127	.version = POLICYDB_VERSION_FILENAME_TRANS,
		128	.sym_num = SYM_NUM,
		129	.ocon_num = OCON_NUM,
		130	},
126	};	131	};
127		132
128	static struct policydb_compat_info *policydb_lookup_compat(int version)	133	static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -704,6 +709,7 @@ void policydb_destroy(struct policydb *p)
704	int i;	709	int i;
705	struct role_allow ra, lra = NULL;	710	struct role_allow ra, lra = NULL;
706	struct role_trans tr, ltr = NULL;	711	struct role_trans tr, ltr = NULL;
		712	struct filename_trans ft, nft;
707		713
708	for (i = 0; i < SYM_NUM; i++) {	714	for (i = 0; i < SYM_NUM; i++) {
709	cond_resched();	715	cond_resched();
@@ -781,6 +787,15 @@ void policydb_destroy(struct policydb *p)
781	}	787	}
782	flex_array_free(p->type_attr_map_array);	788	flex_array_free(p->type_attr_map_array);
783	}	789	}
		790
		791	ft = p->filename_trans;
		792	while (ft) {
		793	nft = ft->next;
		794	kfree(ft->name);
		795	kfree(ft);
		796	ft = nft;
		797	}
		798
784	ebitmap_destroy(&p->policycaps);	799	ebitmap_destroy(&p->policycaps);
785	ebitmap_destroy(&p->permissive_map);	800	ebitmap_destroy(&p->permissive_map);
786		801
@@ -1788,6 +1803,76 @@ out:
1788	return rc;	1803	return rc;
1789	}	1804	}
1790		1805
		1806	static int filename_trans_read(struct policydb p, void fp)
		1807	{
		1808	struct filename_trans ft, last;
		1809	u32 nel, len;
		1810	char *name;
		1811	__le32 buf[4];
		1812	int rc, i;
		1813
		1814	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
		1815	return 0;
		1816
		1817	rc = next_entry(buf, fp, sizeof(u32));
		1818	if (rc)
		1819	goto out;
		1820	nel = le32_to_cpu(buf[0]);
		1821
		1822	printk(KERN_ERR "%s: nel=%d\n", __func__, nel);
		1823
		1824	last = p->filename_trans;
		1825	while (last && last->next)
		1826	last = last->next;
		1827
		1828	for (i = 0; i < nel; i++) {
		1829	rc = -ENOMEM;
		1830	ft = kzalloc(sizeof(*ft), GFP_KERNEL);
		1831	if (!ft)
		1832	goto out;
		1833
		1834	/* add it to the tail of the list */
		1835	if (!last)
		1836	p->filename_trans = ft;
		1837	else
		1838	last->next = ft;
		1839	last = ft;
		1840
		1841	/* length of the path component string */
		1842	rc = next_entry(buf, fp, sizeof(u32));
		1843	if (rc)
		1844	goto out;
		1845	len = le32_to_cpu(buf[0]);
		1846
		1847	rc = -ENOMEM;
		1848	name = kmalloc(len + 1, GFP_KERNEL);
		1849	if (!name)
		1850	goto out;
		1851
		1852	ft->name = name;
		1853
		1854	/* path component string */
		1855	rc = next_entry(name, fp, len);
		1856	if (rc)
		1857	goto out;
		1858	name[len] = 0;
		1859
		1860	printk(KERN_ERR "%s: ft=%p ft->name=%p ft->name=%s\n", __func__, ft, ft->name, ft->name);
		1861
		1862	rc = next_entry(buf, fp, sizeof(u32) * 4);
		1863	if (rc)
		1864	goto out;
		1865
		1866	ft->stype = le32_to_cpu(buf[0]);
		1867	ft->ttype = le32_to_cpu(buf[1]);
		1868	ft->tclass = le32_to_cpu(buf[2]);
		1869	ft->otype = le32_to_cpu(buf[3]);
		1870	}
		1871	rc = 0;
		1872	out:
		1873	return rc;
		1874	}
		1875
1791	static int genfs_read(struct policydb p, void fp)	1876	static int genfs_read(struct policydb p, void fp)
1792	{	1877	{
1793	int i, j, rc;	1878	int i, j, rc;
@@ -2251,6 +2336,10 @@ int policydb_read(struct policydb p, void fp)
2251	lra = ra;	2336	lra = ra;
2252	}	2337	}
2253		2338
		2339	rc = filename_trans_read(p, fp);
		2340	if (rc)
		2341	goto bad;
		2342
2254	rc = policydb_index(p);	2343	rc = policydb_index(p);
2255	if (rc)	2344	if (rc)
2256	goto bad;	2345	goto bad;
@@ -3025,6 +3114,43 @@ static int range_write(struct policydb p, void fp)
3025	return 0;	3114	return 0;
3026	}	3115	}
3027		3116
		3117	static int filename_trans_write(struct policydb p, void fp)
		3118	{
		3119	struct filename_trans *ft;
		3120	u32 len, nel = 0;
		3121	__le32 buf[4];
		3122	int rc;
		3123
		3124	for (ft = p->filename_trans; ft; ft = ft->next)
		3125	nel++;
		3126
		3127	buf[0] = cpu_to_le32(nel);
		3128	rc = put_entry(buf, sizeof(u32), 1, fp);
		3129	if (rc)
		3130	return rc;
		3131
		3132	for (ft = p->filename_trans; ft; ft = ft->next) {
		3133	len = strlen(ft->name);
		3134	buf[0] = cpu_to_le32(len);
		3135	rc = put_entry(buf, sizeof(u32), 1, fp);
		3136	if (rc)
		3137	return rc;
		3138
		3139	rc = put_entry(ft->name, sizeof(char), len, fp);
		3140	if (rc)
		3141	return rc;
		3142
		3143	buf[0] = ft->stype;
		3144	buf[1] = ft->ttype;
		3145	buf[2] = ft->tclass;
		3146	buf[3] = ft->otype;
		3147
		3148	rc = put_entry(buf, sizeof(u32), 4, fp);
		3149	if (rc)
		3150	return rc;
		3151	}
		3152	return 0;
		3153	}
3028	/*	3154	/*
3029	* Write the configuration data in a policy database	3155	* Write the configuration data in a policy database
3030	* structure to a policy database binary representation	3156	* structure to a policy database binary representation
@@ -3135,6 +3261,10 @@ int policydb_write(struct policydb p, void fp)
3135	if (rc)	3261	if (rc)
3136	return rc;	3262	return rc;
3137		3263
		3264	rc = filename_trans_write(p, fp);
		3265	if (rc)
		3266	return rc;
		3267
3138	rc = ocontext_write(p, info, fp);	3268	rc = ocontext_write(p, info, fp);
3139	if (rc)	3269	if (rc)
3140	return rc;	3270	return rc;