diff options
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r-- | security/selinux/ss/policydb.c | 148 |
1 files changed, 72 insertions, 76 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 6bdb0ff6a927..84f8cc73c7db 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -11,7 +11,7 @@ | |||
11 | * | 11 | * |
12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | 12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
13 | * | 13 | * |
14 | * Added conditional policy language extensions | 14 | * Added conditional policy language extensions |
15 | * | 15 | * |
16 | * Updated: Hewlett-Packard <paul.moore@hp.com> | 16 | * Updated: Hewlett-Packard <paul.moore@hp.com> |
17 | * | 17 | * |
@@ -21,7 +21,7 @@ | |||
21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | 22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
23 | * This program is free software; you can redistribute it and/or modify | 23 | * This program is free software; you can redistribute it and/or modify |
24 | * it under the terms of the GNU General Public License as published by | 24 | * it under the terms of the GNU General Public License as published by |
25 | * the Free Software Foundation, version 2. | 25 | * the Free Software Foundation, version 2. |
26 | */ | 26 | */ |
27 | 27 | ||
@@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = { | |||
51 | }; | 51 | }; |
52 | #endif | 52 | #endif |
53 | 53 | ||
54 | int selinux_mls_enabled = 0; | 54 | int selinux_mls_enabled; |
55 | 55 | ||
56 | static unsigned int symtab_sizes[SYM_NUM] = { | 56 | static unsigned int symtab_sizes[SYM_NUM] = { |
57 | 2, | 57 | 2, |
@@ -73,39 +73,39 @@ struct policydb_compat_info { | |||
73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ | 73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ |
74 | static struct policydb_compat_info policydb_compat[] = { | 74 | static struct policydb_compat_info policydb_compat[] = { |
75 | { | 75 | { |
76 | .version = POLICYDB_VERSION_BASE, | 76 | .version = POLICYDB_VERSION_BASE, |
77 | .sym_num = SYM_NUM - 3, | 77 | .sym_num = SYM_NUM - 3, |
78 | .ocon_num = OCON_NUM - 1, | 78 | .ocon_num = OCON_NUM - 1, |
79 | }, | 79 | }, |
80 | { | 80 | { |
81 | .version = POLICYDB_VERSION_BOOL, | 81 | .version = POLICYDB_VERSION_BOOL, |
82 | .sym_num = SYM_NUM - 2, | 82 | .sym_num = SYM_NUM - 2, |
83 | .ocon_num = OCON_NUM - 1, | 83 | .ocon_num = OCON_NUM - 1, |
84 | }, | 84 | }, |
85 | { | 85 | { |
86 | .version = POLICYDB_VERSION_IPV6, | 86 | .version = POLICYDB_VERSION_IPV6, |
87 | .sym_num = SYM_NUM - 2, | 87 | .sym_num = SYM_NUM - 2, |
88 | .ocon_num = OCON_NUM, | 88 | .ocon_num = OCON_NUM, |
89 | }, | 89 | }, |
90 | { | 90 | { |
91 | .version = POLICYDB_VERSION_NLCLASS, | 91 | .version = POLICYDB_VERSION_NLCLASS, |
92 | .sym_num = SYM_NUM - 2, | 92 | .sym_num = SYM_NUM - 2, |
93 | .ocon_num = OCON_NUM, | 93 | .ocon_num = OCON_NUM, |
94 | }, | 94 | }, |
95 | { | 95 | { |
96 | .version = POLICYDB_VERSION_MLS, | 96 | .version = POLICYDB_VERSION_MLS, |
97 | .sym_num = SYM_NUM, | 97 | .sym_num = SYM_NUM, |
98 | .ocon_num = OCON_NUM, | 98 | .ocon_num = OCON_NUM, |
99 | }, | 99 | }, |
100 | { | 100 | { |
101 | .version = POLICYDB_VERSION_AVTAB, | 101 | .version = POLICYDB_VERSION_AVTAB, |
102 | .sym_num = SYM_NUM, | 102 | .sym_num = SYM_NUM, |
103 | .ocon_num = OCON_NUM, | 103 | .ocon_num = OCON_NUM, |
104 | }, | 104 | }, |
105 | { | 105 | { |
106 | .version = POLICYDB_VERSION_RANGETRANS, | 106 | .version = POLICYDB_VERSION_RANGETRANS, |
107 | .sym_num = SYM_NUM, | 107 | .sym_num = SYM_NUM, |
108 | .ocon_num = OCON_NUM, | 108 | .ocon_num = OCON_NUM, |
109 | }, | 109 | }, |
110 | { | 110 | { |
111 | .version = POLICYDB_VERSION_POLCAP, | 111 | .version = POLICYDB_VERSION_POLCAP, |
@@ -152,7 +152,7 @@ static int roles_init(struct policydb *p) | |||
152 | rc = -EINVAL; | 152 | rc = -EINVAL; |
153 | goto out_free_role; | 153 | goto out_free_role; |
154 | } | 154 | } |
155 | key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); | 155 | key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); |
156 | if (!key) { | 156 | if (!key) { |
157 | rc = -ENOMEM; | 157 | rc = -ENOMEM; |
158 | goto out_free_role; | 158 | goto out_free_role; |
@@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s) | |||
390 | struct hashtab_info info; | 390 | struct hashtab_info info; |
391 | 391 | ||
392 | hashtab_stat(h, &info); | 392 | hashtab_stat(h, &info); |
393 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " | 393 | printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " |
394 | "longest chain length %d\n", symtab_name[i], h->nel, | 394 | "longest chain length %d\n", symtab_name[i], h->nel, |
395 | info.slots_used, h->size, info.max_chain_len); | 395 | info.slots_used, h->size, info.max_chain_len); |
396 | } | 396 | } |
@@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p) | |||
424 | 424 | ||
425 | p->role_val_to_struct = | 425 | p->role_val_to_struct = |
426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), | 426 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), |
427 | GFP_KERNEL); | 427 | GFP_KERNEL); |
428 | if (!p->role_val_to_struct) { | 428 | if (!p->role_val_to_struct) { |
429 | rc = -ENOMEM; | 429 | rc = -ENOMEM; |
430 | goto out; | 430 | goto out; |
@@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p) | |||
432 | 432 | ||
433 | p->user_val_to_struct = | 433 | p->user_val_to_struct = |
434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), | 434 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), |
435 | GFP_KERNEL); | 435 | GFP_KERNEL); |
436 | if (!p->user_val_to_struct) { | 436 | if (!p->user_val_to_struct) { |
437 | rc = -ENOMEM; | 437 | rc = -ENOMEM; |
438 | goto out; | 438 | goto out; |
@@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p) | |||
634 | while (c) { | 634 | while (c) { |
635 | ctmp = c; | 635 | ctmp = c; |
636 | c = c->next; | 636 | c = c->next; |
637 | ocontext_destroy(ctmp,i); | 637 | ocontext_destroy(ctmp, i); |
638 | } | 638 | } |
639 | p->ocontexts[i] = NULL; | 639 | p->ocontexts[i] = NULL; |
640 | } | 640 | } |
@@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p) | |||
647 | while (c) { | 647 | while (c) { |
648 | ctmp = c; | 648 | ctmp = c; |
649 | c = c->next; | 649 | c = c->next; |
650 | ocontext_destroy(ctmp,OCON_FSUSE); | 650 | ocontext_destroy(ctmp, OCON_FSUSE); |
651 | } | 651 | } |
652 | gtmp = g; | 652 | gtmp = g; |
653 | g = g->next; | 653 | g = g->next; |
@@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p) | |||
664 | } | 664 | } |
665 | kfree(ltr); | 665 | kfree(ltr); |
666 | 666 | ||
667 | for (ra = p->role_allow; ra; ra = ra -> next) { | 667 | for (ra = p->role_allow; ra; ra = ra->next) { |
668 | cond_resched(); | 668 | cond_resched(); |
669 | kfree(lra); | 669 | kfree(lra); |
670 | lra = ra; | 670 | lra = ra; |
671 | } | 671 | } |
672 | kfree(lra); | 672 | kfree(lra); |
673 | 673 | ||
674 | for (rt = p->range_tr; rt; rt = rt -> next) { | 674 | for (rt = p->range_tr; rt; rt = rt->next) { |
675 | cond_resched(); | 675 | cond_resched(); |
676 | if (lrt) { | 676 | if (lrt) { |
677 | ebitmap_destroy(&lrt->target_range.level[0].cat); | 677 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
@@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |||
924 | len = le32_to_cpu(buf[0]); | 924 | len = le32_to_cpu(buf[0]); |
925 | perdatum->value = le32_to_cpu(buf[1]); | 925 | perdatum->value = le32_to_cpu(buf[1]); |
926 | 926 | ||
927 | key = kmalloc(len + 1,GFP_KERNEL); | 927 | key = kmalloc(len + 1, GFP_KERNEL); |
928 | if (!key) { | 928 | if (!key) { |
929 | rc = -ENOMEM; | 929 | rc = -ENOMEM; |
930 | goto bad; | 930 | goto bad; |
@@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |||
971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); | 971 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); |
972 | nel = le32_to_cpu(buf[3]); | 972 | nel = le32_to_cpu(buf[3]); |
973 | 973 | ||
974 | key = kmalloc(len + 1,GFP_KERNEL); | 974 | key = kmalloc(len + 1, GFP_KERNEL); |
975 | if (!key) { | 975 | if (!key) { |
976 | rc = -ENOMEM; | 976 | rc = -ENOMEM; |
977 | goto bad; | 977 | goto bad; |
@@ -998,7 +998,7 @@ bad: | |||
998 | } | 998 | } |
999 | 999 | ||
1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, | 1000 | static int read_cons_helper(struct constraint_node **nodep, int ncons, |
1001 | int allowxtarget, void *fp) | 1001 | int allowxtarget, void *fp) |
1002 | { | 1002 | { |
1003 | struct constraint_node *c, *lc; | 1003 | struct constraint_node *c, *lc; |
1004 | struct constraint_expr *e, *le; | 1004 | struct constraint_expr *e, *le; |
@@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
1012 | if (!c) | 1012 | if (!c) |
1013 | return -ENOMEM; | 1013 | return -ENOMEM; |
1014 | 1014 | ||
1015 | if (lc) { | 1015 | if (lc) |
1016 | lc->next = c; | 1016 | lc->next = c; |
1017 | } else { | 1017 | else |
1018 | *nodep = c; | 1018 | *nodep = c; |
1019 | } | ||
1020 | 1019 | ||
1021 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | 1020 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); |
1022 | if (rc < 0) | 1021 | if (rc < 0) |
@@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, | |||
1030 | if (!e) | 1029 | if (!e) |
1031 | return -ENOMEM; | 1030 | return -ENOMEM; |
1032 | 1031 | ||
1033 | if (le) { | 1032 | if (le) |
1034 | le->next = e; | 1033 | le->next = e; |
1035 | } else { | 1034 | else |
1036 | c->expr = e; | 1035 | c->expr = e; |
1037 | } | ||
1038 | 1036 | ||
1039 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); | 1037 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); |
1040 | if (rc < 0) | 1038 | if (rc < 0) |
@@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1111 | 1109 | ||
1112 | ncons = le32_to_cpu(buf[5]); | 1110 | ncons = le32_to_cpu(buf[5]); |
1113 | 1111 | ||
1114 | key = kmalloc(len + 1,GFP_KERNEL); | 1112 | key = kmalloc(len + 1, GFP_KERNEL); |
1115 | if (!key) { | 1113 | if (!key) { |
1116 | rc = -ENOMEM; | 1114 | rc = -ENOMEM; |
1117 | goto bad; | 1115 | goto bad; |
@@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1122 | key[len] = 0; | 1120 | key[len] = 0; |
1123 | 1121 | ||
1124 | if (len2) { | 1122 | if (len2) { |
1125 | cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); | 1123 | cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); |
1126 | if (!cladatum->comkey) { | 1124 | if (!cladatum->comkey) { |
1127 | rc = -ENOMEM; | 1125 | rc = -ENOMEM; |
1128 | goto bad; | 1126 | goto bad; |
@@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1195 | len = le32_to_cpu(buf[0]); | 1193 | len = le32_to_cpu(buf[0]); |
1196 | role->value = le32_to_cpu(buf[1]); | 1194 | role->value = le32_to_cpu(buf[1]); |
1197 | 1195 | ||
1198 | key = kmalloc(len + 1,GFP_KERNEL); | 1196 | key = kmalloc(len + 1, GFP_KERNEL); |
1199 | if (!key) { | 1197 | if (!key) { |
1200 | rc = -ENOMEM; | 1198 | rc = -ENOMEM; |
1201 | goto bad; | 1199 | goto bad; |
@@ -1215,7 +1213,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1215 | 1213 | ||
1216 | if (strcmp(key, OBJECT_R) == 0) { | 1214 | if (strcmp(key, OBJECT_R) == 0) { |
1217 | if (role->value != OBJECT_R_VAL) { | 1215 | if (role->value != OBJECT_R_VAL) { |
1218 | printk(KERN_ERR "Role %s has wrong value %d\n", | 1216 | printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", |
1219 | OBJECT_R, role->value); | 1217 | OBJECT_R, role->value); |
1220 | rc = -EINVAL; | 1218 | rc = -EINVAL; |
1221 | goto bad; | 1219 | goto bad; |
@@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1242 | __le32 buf[3]; | 1240 | __le32 buf[3]; |
1243 | u32 len; | 1241 | u32 len; |
1244 | 1242 | ||
1245 | typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); | 1243 | typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); |
1246 | if (!typdatum) { | 1244 | if (!typdatum) { |
1247 | rc = -ENOMEM; | 1245 | rc = -ENOMEM; |
1248 | return rc; | 1246 | return rc; |
@@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1256 | typdatum->value = le32_to_cpu(buf[1]); | 1254 | typdatum->value = le32_to_cpu(buf[1]); |
1257 | typdatum->primary = le32_to_cpu(buf[2]); | 1255 | typdatum->primary = le32_to_cpu(buf[2]); |
1258 | 1256 | ||
1259 | key = kmalloc(len + 1,GFP_KERNEL); | 1257 | key = kmalloc(len + 1, GFP_KERNEL); |
1260 | if (!key) { | 1258 | if (!key) { |
1261 | rc = -ENOMEM; | 1259 | rc = -ENOMEM; |
1262 | goto bad; | 1260 | goto bad; |
@@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1328 | len = le32_to_cpu(buf[0]); | 1326 | len = le32_to_cpu(buf[0]); |
1329 | usrdatum->value = le32_to_cpu(buf[1]); | 1327 | usrdatum->value = le32_to_cpu(buf[1]); |
1330 | 1328 | ||
1331 | key = kmalloc(len + 1,GFP_KERNEL); | 1329 | key = kmalloc(len + 1, GFP_KERNEL); |
1332 | if (!key) { | 1330 | if (!key) { |
1333 | rc = -ENOMEM; | 1331 | rc = -ENOMEM; |
1334 | goto bad; | 1332 | goto bad; |
@@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1382 | len = le32_to_cpu(buf[0]); | 1380 | len = le32_to_cpu(buf[0]); |
1383 | levdatum->isalias = le32_to_cpu(buf[1]); | 1381 | levdatum->isalias = le32_to_cpu(buf[1]); |
1384 | 1382 | ||
1385 | key = kmalloc(len + 1,GFP_ATOMIC); | 1383 | key = kmalloc(len + 1, GFP_ATOMIC); |
1386 | if (!key) { | 1384 | if (!key) { |
1387 | rc = -ENOMEM; | 1385 | rc = -ENOMEM; |
1388 | goto bad; | 1386 | goto bad; |
@@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1434 | catdatum->value = le32_to_cpu(buf[1]); | 1432 | catdatum->value = le32_to_cpu(buf[1]); |
1435 | catdatum->isalias = le32_to_cpu(buf[2]); | 1433 | catdatum->isalias = le32_to_cpu(buf[2]); |
1436 | 1434 | ||
1437 | key = kmalloc(len + 1,GFP_ATOMIC); | 1435 | key = kmalloc(len + 1, GFP_ATOMIC); |
1438 | if (!key) { | 1436 | if (!key) { |
1439 | rc = -ENOMEM; | 1437 | rc = -ENOMEM; |
1440 | goto bad; | 1438 | goto bad; |
@@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1493 | goto out; | 1491 | goto out; |
1494 | 1492 | ||
1495 | /* Read the magic number and string length. */ | 1493 | /* Read the magic number and string length. */ |
1496 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1494 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
1497 | if (rc < 0) | 1495 | if (rc < 0) |
1498 | goto bad; | 1496 | goto bad; |
1499 | 1497 | ||
@@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1511 | len, strlen(POLICYDB_STRING)); | 1509 | len, strlen(POLICYDB_STRING)); |
1512 | goto bad; | 1510 | goto bad; |
1513 | } | 1511 | } |
1514 | policydb_str = kmalloc(len + 1,GFP_KERNEL); | 1512 | policydb_str = kmalloc(len + 1, GFP_KERNEL); |
1515 | if (!policydb_str) { | 1513 | if (!policydb_str) { |
1516 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " | 1514 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " |
1517 | "string of length %d\n", len); | 1515 | "string of length %d\n", len); |
@@ -1544,29 +1542,30 @@ int policydb_read(struct policydb *p, void *fp) | |||
1544 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1542 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1545 | p->policyvers > POLICYDB_VERSION_MAX) { | 1543 | p->policyvers > POLICYDB_VERSION_MAX) { |
1546 | printk(KERN_ERR "SELinux: policydb version %d does not match " | 1544 | printk(KERN_ERR "SELinux: policydb version %d does not match " |
1547 | "my version range %d-%d\n", | 1545 | "my version range %d-%d\n", |
1548 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1546 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1549 | goto bad; | 1547 | goto bad; |
1550 | } | 1548 | } |
1551 | 1549 | ||
1552 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { | 1550 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
1553 | if (ss_initialized && !selinux_mls_enabled) { | 1551 | if (ss_initialized && !selinux_mls_enabled) { |
1554 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | 1552 | printk(KERN_ERR "SELinux: Cannot switch between non-MLS" |
1555 | "policies\n"); | 1553 | " and MLS policies\n"); |
1556 | goto bad; | 1554 | goto bad; |
1557 | } | 1555 | } |
1558 | selinux_mls_enabled = 1; | 1556 | selinux_mls_enabled = 1; |
1559 | config |= POLICYDB_CONFIG_MLS; | 1557 | config |= POLICYDB_CONFIG_MLS; |
1560 | 1558 | ||
1561 | if (p->policyvers < POLICYDB_VERSION_MLS) { | 1559 | if (p->policyvers < POLICYDB_VERSION_MLS) { |
1562 | printk(KERN_ERR "security policydb version %d (MLS) " | 1560 | printk(KERN_ERR "SELinux: security policydb version %d " |
1563 | "not backwards compatible\n", p->policyvers); | 1561 | "(MLS) not backwards compatible\n", |
1562 | p->policyvers); | ||
1564 | goto bad; | 1563 | goto bad; |
1565 | } | 1564 | } |
1566 | } else { | 1565 | } else { |
1567 | if (ss_initialized && selinux_mls_enabled) { | 1566 | if (ss_initialized && selinux_mls_enabled) { |
1568 | printk(KERN_ERR "Cannot switch between MLS and non-MLS " | 1567 | printk(KERN_ERR "SELinux: Cannot switch between MLS and" |
1569 | "policies\n"); | 1568 | " non-MLS policies\n"); |
1570 | goto bad; | 1569 | goto bad; |
1571 | } | 1570 | } |
1572 | } | 1571 | } |
@@ -1633,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1633 | rc = -ENOMEM; | 1632 | rc = -ENOMEM; |
1634 | goto bad; | 1633 | goto bad; |
1635 | } | 1634 | } |
1636 | if (ltr) { | 1635 | if (ltr) |
1637 | ltr->next = tr; | 1636 | ltr->next = tr; |
1638 | } else { | 1637 | else |
1639 | p->role_tr = tr; | 1638 | p->role_tr = tr; |
1640 | } | ||
1641 | rc = next_entry(buf, fp, sizeof(u32)*3); | 1639 | rc = next_entry(buf, fp, sizeof(u32)*3); |
1642 | if (rc < 0) | 1640 | if (rc < 0) |
1643 | goto bad; | 1641 | goto bad; |
@@ -1664,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1664 | rc = -ENOMEM; | 1662 | rc = -ENOMEM; |
1665 | goto bad; | 1663 | goto bad; |
1666 | } | 1664 | } |
1667 | if (lra) { | 1665 | if (lra) |
1668 | lra->next = ra; | 1666 | lra->next = ra; |
1669 | } else { | 1667 | else |
1670 | p->role_allow = ra; | 1668 | p->role_allow = ra; |
1671 | } | ||
1672 | rc = next_entry(buf, fp, sizeof(u32)*2); | 1669 | rc = next_entry(buf, fp, sizeof(u32)*2); |
1673 | if (rc < 0) | 1670 | if (rc < 0) |
1674 | goto bad; | 1671 | goto bad; |
@@ -1702,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
1702 | rc = -ENOMEM; | 1699 | rc = -ENOMEM; |
1703 | goto bad; | 1700 | goto bad; |
1704 | } | 1701 | } |
1705 | if (l) { | 1702 | if (l) |
1706 | l->next = c; | 1703 | l->next = c; |
1707 | } else { | 1704 | else |
1708 | p->ocontexts[i] = c; | 1705 | p->ocontexts[i] = c; |
1709 | } | ||
1710 | l = c; | 1706 | l = c; |
1711 | rc = -EINVAL; | 1707 | rc = -EINVAL; |
1712 | switch (i) { | 1708 | switch (i) { |
@@ -1725,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1725 | if (rc < 0) | 1721 | if (rc < 0) |
1726 | goto bad; | 1722 | goto bad; |
1727 | len = le32_to_cpu(buf[0]); | 1723 | len = le32_to_cpu(buf[0]); |
1728 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1724 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
1729 | if (!c->u.name) { | 1725 | if (!c->u.name) { |
1730 | rc = -ENOMEM; | 1726 | rc = -ENOMEM; |
1731 | goto bad; | 1727 | goto bad; |
@@ -1753,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1753 | goto bad; | 1749 | goto bad; |
1754 | break; | 1750 | break; |
1755 | case OCON_NODE: | 1751 | case OCON_NODE: |
1756 | rc = next_entry(buf, fp, sizeof(u32)* 2); | 1752 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
1757 | if (rc < 0) | 1753 | if (rc < 0) |
1758 | goto bad; | 1754 | goto bad; |
1759 | c->u.node.addr = le32_to_cpu(buf[0]); | 1755 | c->u.node.addr = le32_to_cpu(buf[0]); |
@@ -1770,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1770 | if (c->v.behavior > SECURITY_FS_USE_NONE) | 1766 | if (c->v.behavior > SECURITY_FS_USE_NONE) |
1771 | goto bad; | 1767 | goto bad; |
1772 | len = le32_to_cpu(buf[1]); | 1768 | len = le32_to_cpu(buf[1]); |
1773 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | 1769 | c->u.name = kmalloc(len + 1, GFP_KERNEL); |
1774 | if (!c->u.name) { | 1770 | if (!c->u.name) { |
1775 | rc = -ENOMEM; | 1771 | rc = -ENOMEM; |
1776 | goto bad; | 1772 | goto bad; |
@@ -1818,7 +1814,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1818 | goto bad; | 1814 | goto bad; |
1819 | } | 1815 | } |
1820 | 1816 | ||
1821 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); | 1817 | newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); |
1822 | if (!newgenfs->fstype) { | 1818 | if (!newgenfs->fstype) { |
1823 | rc = -ENOMEM; | 1819 | rc = -ENOMEM; |
1824 | kfree(newgenfs); | 1820 | kfree(newgenfs); |
@@ -1864,7 +1860,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1864 | goto bad; | 1860 | goto bad; |
1865 | } | 1861 | } |
1866 | 1862 | ||
1867 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); | 1863 | newc->u.name = kmalloc(len + 1, GFP_KERNEL); |
1868 | if (!newc->u.name) { | 1864 | if (!newc->u.name) { |
1869 | rc = -ENOMEM; | 1865 | rc = -ENOMEM; |
1870 | goto bad_newc; | 1866 | goto bad_newc; |
@@ -1968,7 +1964,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1968 | out: | 1964 | out: |
1969 | return rc; | 1965 | return rc; |
1970 | bad_newc: | 1966 | bad_newc: |
1971 | ocontext_destroy(newc,OCON_FSUSE); | 1967 | ocontext_destroy(newc, OCON_FSUSE); |
1972 | bad: | 1968 | bad: |
1973 | if (!rc) | 1969 | if (!rc) |
1974 | rc = -EINVAL; | 1970 | rc = -EINVAL; |