Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
103ae675
Commit
103ae675
authored
Aug 02, 2014
by
James Morris
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'next' of
git://git.infradead.org/users/pcmoore/selinux
into next
parents
a3d64df8
4fbe63d1
Changes
8
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
366 additions
and
274 deletions
+366
-274
include/net/netlabel.h
include/net/netlabel.h
+53
-41
net/ipv4/cipso_ipv4.c
net/ipv4/cipso_ipv4.c
+16
-31
net/netlabel/netlabel_kapi.c
net/netlabel/netlabel_kapi.c
+227
-100
security/selinux/ss/ebitmap.c
security/selinux/ss/ebitmap.c
+52
-81
security/selinux/ss/ebitmap.h
security/selinux/ss/ebitmap.h
+4
-4
security/smack/smack_access.c
security/smack/smack_access.c
+4
-7
security/smack/smack_lsm.c
security/smack/smack_lsm.c
+3
-3
security/smack/smackfs.c
security/smack/smackfs.c
+7
-7
No files found.
include/net/netlabel.h
View file @
103ae675
...
@@ -139,7 +139,7 @@ struct netlbl_lsm_cache {
...
@@ -139,7 +139,7 @@ struct netlbl_lsm_cache {
};
};
/**
/**
* struct netlbl_lsm_
secattr_
catmap - NetLabel LSM secattr category bitmap
* struct netlbl_lsm_catmap - NetLabel LSM secattr category bitmap
* @startbit: the value of the lowest order bit in the bitmap
* @startbit: the value of the lowest order bit in the bitmap
* @bitmap: the category bitmap
* @bitmap: the category bitmap
* @next: pointer to the next bitmap "node" or NULL
* @next: pointer to the next bitmap "node" or NULL
...
@@ -162,10 +162,10 @@ struct netlbl_lsm_cache {
...
@@ -162,10 +162,10 @@ struct netlbl_lsm_cache {
#define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \
#define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \
NETLBL_CATMAP_MAPCNT)
NETLBL_CATMAP_MAPCNT)
#define NETLBL_CATMAP_BIT (NETLBL_CATMAP_MAPTYPE)0x01
#define NETLBL_CATMAP_BIT (NETLBL_CATMAP_MAPTYPE)0x01
struct
netlbl_lsm_
secattr_
catmap
{
struct
netlbl_lsm_catmap
{
u32
startbit
;
u32
startbit
;
NETLBL_CATMAP_MAPTYPE
bitmap
[
NETLBL_CATMAP_MAPCNT
];
NETLBL_CATMAP_MAPTYPE
bitmap
[
NETLBL_CATMAP_MAPCNT
];
struct
netlbl_lsm_
secattr_
catmap
*
next
;
struct
netlbl_lsm_catmap
*
next
;
};
};
/**
/**
...
@@ -209,7 +209,7 @@ struct netlbl_lsm_secattr {
...
@@ -209,7 +209,7 @@ struct netlbl_lsm_secattr {
struct
netlbl_lsm_cache
*
cache
;
struct
netlbl_lsm_cache
*
cache
;
struct
{
struct
{
struct
{
struct
{
struct
netlbl_lsm_
secattr_
catmap
*
cat
;
struct
netlbl_lsm_catmap
*
cat
;
u32
lvl
;
u32
lvl
;
}
mls
;
}
mls
;
u32
secid
;
u32
secid
;
...
@@ -258,7 +258,7 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
...
@@ -258,7 +258,7 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
}
}
/**
/**
* netlbl_
secattr_
catmap_alloc - Allocate a LSM secattr catmap
* netlbl_catmap_alloc - Allocate a LSM secattr catmap
* @flags: memory allocation flags
* @flags: memory allocation flags
*
*
* Description:
* Description:
...
@@ -266,30 +266,28 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
...
@@ -266,30 +266,28 @@ static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)
* on failure.
* on failure.
*
*
*/
*/
static
inline
struct
netlbl_lsm_secattr_catmap
*
netlbl_secattr_catmap_alloc
(
static
inline
struct
netlbl_lsm_catmap
*
netlbl_catmap_alloc
(
gfp_t
flags
)
gfp_t
flags
)
{
{
return
kzalloc
(
sizeof
(
struct
netlbl_lsm_
secattr_
catmap
),
flags
);
return
kzalloc
(
sizeof
(
struct
netlbl_lsm_catmap
),
flags
);
}
}
/**
/**
* netlbl_
secattr_
catmap_free - Free a LSM secattr catmap
* netlbl_catmap_free - Free a LSM secattr catmap
* @catmap: the category bitmap
* @catmap: the category bitmap
*
*
* Description:
* Description:
* Free a LSM secattr catmap.
* Free a LSM secattr catmap.
*
*
*/
*/
static
inline
void
netlbl_secattr_catmap_free
(
static
inline
void
netlbl_catmap_free
(
struct
netlbl_lsm_catmap
*
catmap
)
struct
netlbl_lsm_secattr_catmap
*
catmap
)
{
{
struct
netlbl_lsm_
secattr_
catmap
*
iter
;
struct
netlbl_lsm_catmap
*
iter
;
do
{
while
(
catmap
)
{
iter
=
catmap
;
iter
=
catmap
;
catmap
=
catmap
->
next
;
catmap
=
catmap
->
next
;
kfree
(
iter
);
kfree
(
iter
);
}
while
(
catmap
);
}
}
}
/**
/**
...
@@ -321,7 +319,7 @@ static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
...
@@ -321,7 +319,7 @@ static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
if
(
secattr
->
flags
&
NETLBL_SECATTR_CACHE
)
if
(
secattr
->
flags
&
NETLBL_SECATTR_CACHE
)
netlbl_secattr_cache_free
(
secattr
->
cache
);
netlbl_secattr_cache_free
(
secattr
->
cache
);
if
(
secattr
->
flags
&
NETLBL_SECATTR_MLS_CAT
)
if
(
secattr
->
flags
&
NETLBL_SECATTR_MLS_CAT
)
netlbl_
secattr_
catmap_free
(
secattr
->
attr
.
mls
.
cat
);
netlbl_catmap_free
(
secattr
->
attr
.
mls
.
cat
);
}
}
/**
/**
...
@@ -390,17 +388,22 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
...
@@ -390,17 +388,22 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
/*
/*
* LSM security attribute operations
* LSM security attribute operations
*/
*/
int
netlbl_secattr_catmap_walk
(
struct
netlbl_lsm_secattr_catmap
*
catmap
,
int
netlbl_catmap_walk
(
struct
netlbl_lsm_catmap
*
catmap
,
u32
offset
);
u32
offset
);
int
netlbl_catmap_walkrng
(
struct
netlbl_lsm_catmap
*
catmap
,
u32
offset
);
int
netlbl_secattr_catmap_walk_rng
(
struct
netlbl_lsm_secattr_catmap
*
catmap
,
int
netlbl_catmap_getlong
(
struct
netlbl_lsm_catmap
*
catmap
,
u32
offset
);
u32
*
offset
,
int
netlbl_secattr_catmap_setbit
(
struct
netlbl_lsm_secattr_catmap
*
catmap
,
unsigned
long
*
bitmap
);
u32
bit
,
int
netlbl_catmap_setbit
(
struct
netlbl_lsm_catmap
**
catmap
,
gfp_t
flags
);
u32
bit
,
int
netlbl_secattr_catmap_setrng
(
struct
netlbl_lsm_secattr_catmap
*
catmap
,
gfp_t
flags
);
u32
start
,
int
netlbl_catmap_setrng
(
struct
netlbl_lsm_catmap
**
catmap
,
u32
end
,
u32
start
,
gfp_t
flags
);
u32
end
,
gfp_t
flags
);
int
netlbl_catmap_setlong
(
struct
netlbl_lsm_catmap
**
catmap
,
u32
offset
,
unsigned
long
bitmap
,
gfp_t
flags
);
/*
/*
* LSM protocol operations (NetLabel LSM/kernel API)
* LSM protocol operations (NetLabel LSM/kernel API)
...
@@ -492,30 +495,39 @@ static inline int netlbl_cfg_cipsov4_map_add(u32 doi,
...
@@ -492,30 +495,39 @@ static inline int netlbl_cfg_cipsov4_map_add(u32 doi,
{
{
return
-
ENOSYS
;
return
-
ENOSYS
;
}
}
static
inline
int
netlbl_secattr_catmap_walk
(
static
inline
int
netlbl_catmap_walk
(
struct
netlbl_lsm_catmap
*
catmap
,
struct
netlbl_lsm_secattr_catmap
*
catmap
,
u32
offset
)
u32
offset
)
{
{
return
-
ENOENT
;
return
-
ENOENT
;
}
}
static
inline
int
netlbl_secattr_catmap_walk_rng
(
static
inline
int
netlbl_catmap_walkrng
(
struct
netlbl_lsm_catmap
*
catmap
,
struct
netlbl_lsm_secattr_catmap
*
catmap
,
u32
offset
)
u32
offset
)
{
{
return
-
ENOENT
;
return
-
ENOENT
;
}
}
static
inline
int
netlbl_secattr_catmap_setbit
(
static
inline
int
netlbl_catmap_getlong
(
struct
netlbl_lsm_catmap
*
catmap
,
struct
netlbl_lsm_secattr_catmap
*
catmap
,
u32
*
offset
,
u32
bit
,
unsigned
long
*
bitmap
)
gfp_t
flags
)
{
{
return
0
;
return
0
;
}
}
static
inline
int
netlbl_secattr_catmap_setrng
(
static
inline
int
netlbl_catmap_setbit
(
struct
netlbl_lsm_catmap
**
catmap
,
struct
netlbl_lsm_secattr_catmap
*
catmap
,
u32
bit
,
u32
start
,
gfp_t
flags
)
u32
end
,
{
gfp_t
flags
)
return
0
;
}
static
inline
int
netlbl_catmap_setrng
(
struct
netlbl_lsm_catmap
**
catmap
,
u32
start
,
u32
end
,
gfp_t
flags
)
{
return
0
;
}
static
int
netlbl_catmap_setlong
(
struct
netlbl_lsm_catmap
**
catmap
,
u32
offset
,
unsigned
long
bitmap
,
gfp_t
flags
)
{
{
return
0
;
return
0
;
}
}
...
...
net/ipv4/cipso_ipv4.c
View file @
103ae675
...
@@ -890,8 +890,8 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
...
@@ -890,8 +890,8 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
}
}
for
(;;)
{
for
(;;)
{
host_spot
=
netlbl_
secattr_
catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
host_spot
=
netlbl_catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
host_spot
+
1
);
host_spot
+
1
);
if
(
host_spot
<
0
)
if
(
host_spot
<
0
)
break
;
break
;
...
@@ -973,7 +973,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
...
@@ -973,7 +973,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
return
-
EPERM
;
return
-
EPERM
;
break
;
break
;
}
}
ret_val
=
netlbl_
secattr_catmap_setbit
(
secattr
->
attr
.
mls
.
cat
,
ret_val
=
netlbl_
catmap_setbit
(
&
secattr
->
attr
.
mls
.
cat
,
host_spot
,
host_spot
,
GFP_ATOMIC
);
GFP_ATOMIC
);
if
(
ret_val
!=
0
)
if
(
ret_val
!=
0
)
...
@@ -1039,8 +1039,7 @@ static int cipso_v4_map_cat_enum_hton(const struct cipso_v4_doi *doi_def,
...
@@ -1039,8 +1039,7 @@ static int cipso_v4_map_cat_enum_hton(const struct cipso_v4_doi *doi_def,
u32
cat_iter
=
0
;
u32
cat_iter
=
0
;
for
(;;)
{
for
(;;)
{
cat
=
netlbl_secattr_catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
cat
=
netlbl_catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
cat
+
1
);
cat
+
1
);
if
(
cat
<
0
)
if
(
cat
<
0
)
break
;
break
;
if
((
cat_iter
+
2
)
>
net_cat_len
)
if
((
cat_iter
+
2
)
>
net_cat_len
)
...
@@ -1075,9 +1074,9 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def,
...
@@ -1075,9 +1074,9 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def,
u32
iter
;
u32
iter
;
for
(
iter
=
0
;
iter
<
net_cat_len
;
iter
+=
2
)
{
for
(
iter
=
0
;
iter
<
net_cat_len
;
iter
+=
2
)
{
ret_val
=
netlbl_
secattr_catmap_setbit
(
secattr
->
attr
.
mls
.
cat
,
ret_val
=
netlbl_
catmap_setbit
(
&
secattr
->
attr
.
mls
.
cat
,
get_unaligned_be16
(
&
net_cat
[
iter
]),
get_unaligned_be16
(
&
net_cat
[
iter
]),
GFP_ATOMIC
);
GFP_ATOMIC
);
if
(
ret_val
!=
0
)
if
(
ret_val
!=
0
)
return
ret_val
;
return
ret_val
;
}
}
...
@@ -1155,8 +1154,7 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
...
@@ -1155,8 +1154,7 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
return
-
ENOSPC
;
return
-
ENOSPC
;
for
(;;)
{
for
(;;)
{
iter
=
netlbl_secattr_catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
iter
=
netlbl_catmap_walk
(
secattr
->
attr
.
mls
.
cat
,
iter
+
1
);
iter
+
1
);
if
(
iter
<
0
)
if
(
iter
<
0
)
break
;
break
;
cat_size
+=
(
iter
==
0
?
0
:
sizeof
(
u16
));
cat_size
+=
(
iter
==
0
?
0
:
sizeof
(
u16
));
...
@@ -1164,8 +1162,7 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
...
@@ -1164,8 +1162,7 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
return
-
ENOSPC
;
return
-
ENOSPC
;
array
[
array_cnt
++
]
=
iter
;
array
[
array_cnt
++
]
=
iter
;
iter
=
netlbl_secattr_catmap_walk_rng
(
secattr
->
attr
.
mls
.
cat
,
iter
=
netlbl_catmap_walkrng
(
secattr
->
attr
.
mls
.
cat
,
iter
);
iter
);
if
(
iter
<
0
)
if
(
iter
<
0
)
return
-
EFAULT
;
return
-
EFAULT
;
cat_size
+=
sizeof
(
u16
);
cat_size
+=
sizeof
(
u16
);
...
@@ -1217,10 +1214,10 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def,
...
@@ -1217,10 +1214,10 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def,
else
else
cat_low
=
0
;
cat_low
=
0
;
ret_val
=
netlbl_
secattr_catmap_setrng
(
secattr
->
attr
.
mls
.
cat
,
ret_val
=
netlbl_
catmap_setrng
(
&
secattr
->
attr
.
mls
.
cat
,
cat_low
,
cat_low
,
cat_high
,
cat_high
,
GFP_ATOMIC
);
GFP_ATOMIC
);
if
(
ret_val
!=
0
)
if
(
ret_val
!=
0
)
return
ret_val
;
return
ret_val
;
}
}
...
@@ -1335,16 +1332,12 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def,
...
@@ -1335,16 +1332,12 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def,
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
if
(
tag_len
>
4
)
{
if
(
tag_len
>
4
)
{
secattr
->
attr
.
mls
.
cat
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
if
(
secattr
->
attr
.
mls
.
cat
==
NULL
)
return
-
ENOMEM
;
ret_val
=
cipso_v4_map_cat_rbm_ntoh
(
doi_def
,
ret_val
=
cipso_v4_map_cat_rbm_ntoh
(
doi_def
,
&
tag
[
4
],
&
tag
[
4
],
tag_len
-
4
,
tag_len
-
4
,
secattr
);
secattr
);
if
(
ret_val
!=
0
)
{
if
(
ret_val
!=
0
)
{
netlbl_
secattr_
catmap_free
(
secattr
->
attr
.
mls
.
cat
);
netlbl_catmap_free
(
secattr
->
attr
.
mls
.
cat
);
return
ret_val
;
return
ret_val
;
}
}
...
@@ -1430,16 +1423,12 @@ static int cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def,
...
@@ -1430,16 +1423,12 @@ static int cipso_v4_parsetag_enum(const struct cipso_v4_doi *doi_def,
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
if
(
tag_len
>
4
)
{
if
(
tag_len
>
4
)
{
secattr
->
attr
.
mls
.
cat
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
if
(
secattr
->
attr
.
mls
.
cat
==
NULL
)
return
-
ENOMEM
;
ret_val
=
cipso_v4_map_cat_enum_ntoh
(
doi_def
,
ret_val
=
cipso_v4_map_cat_enum_ntoh
(
doi_def
,
&
tag
[
4
],
&
tag
[
4
],
tag_len
-
4
,
tag_len
-
4
,
secattr
);
secattr
);
if
(
ret_val
!=
0
)
{
if
(
ret_val
!=
0
)
{
netlbl_
secattr_
catmap_free
(
secattr
->
attr
.
mls
.
cat
);
netlbl_catmap_free
(
secattr
->
attr
.
mls
.
cat
);
return
ret_val
;
return
ret_val
;
}
}
...
@@ -1524,16 +1513,12 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def,
...
@@ -1524,16 +1513,12 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def,
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
secattr
->
flags
|=
NETLBL_SECATTR_MLS_LVL
;
if
(
tag_len
>
4
)
{
if
(
tag_len
>
4
)
{
secattr
->
attr
.
mls
.
cat
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
if
(
secattr
->
attr
.
mls
.
cat
==
NULL
)
return
-
ENOMEM
;
ret_val
=
cipso_v4_map_cat_rng_ntoh
(
doi_def
,
ret_val
=
cipso_v4_map_cat_rng_ntoh
(
doi_def
,
&
tag
[
4
],
&
tag
[
4
],
tag_len
-
4
,
tag_len
-
4
,
secattr
);
secattr
);
if
(
ret_val
!=
0
)
{
if
(
ret_val
!=
0
)
{
netlbl_
secattr_
catmap_free
(
secattr
->
attr
.
mls
.
cat
);
netlbl_catmap_free
(
secattr
->
attr
.
mls
.
cat
);
return
ret_val
;
return
ret_val
;
}
}
...
...
net/netlabel/netlabel_kapi.c
View file @
103ae675
This diff is collapsed.
Click to expand it.
security/selinux/ss/ebitmap.c
View file @
103ae675
...
@@ -86,51 +86,36 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
...
@@ -86,51 +86,36 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
*
*
*/
*/
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_
secattr_
catmap
**
catmap
)
struct
netlbl_lsm_catmap
**
catmap
)
{
{
struct
ebitmap_node
*
e_iter
=
ebmap
->
node
;
struct
ebitmap_node
*
e_iter
=
ebmap
->
node
;
struct
netlbl_lsm_secattr_catmap
*
c_iter
;
unsigned
long
e_map
;
u32
cmap_idx
,
cmap_sft
;
u32
offset
;
int
i
;
unsigned
int
iter
;
int
rc
;
/* NetLabel's NETLBL_CATMAP_MAPTYPE is defined as an array of u64,
* however, it is not always compatible with an array of unsigned long
* in ebitmap_node.
* In addition, you should pay attention the following implementation
* assumes unsigned long has a width equal with or less than 64-bit.
*/
if
(
e_iter
==
NULL
)
{
if
(
e_iter
==
NULL
)
{
*
catmap
=
NULL
;
*
catmap
=
NULL
;
return
0
;
return
0
;
}
}
c_iter
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
if
(
*
catmap
!=
NULL
)
if
(
c_iter
==
NULL
)
netlbl_catmap_free
(
*
catmap
);
return
-
ENOMEM
;
*
catmap
=
NULL
;
*
catmap
=
c_iter
;
c_iter
->
startbit
=
e_iter
->
startbit
&
~
(
NETLBL_CATMAP_SIZE
-
1
);
while
(
e_iter
)
{
while
(
e_iter
)
{
for
(
i
=
0
;
i
<
EBITMAP_UNIT_NUMS
;
i
++
)
{
offset
=
e_iter
->
startbit
;
unsigned
int
delta
,
e_startbit
,
c_endbit
;
for
(
iter
=
0
;
iter
<
EBITMAP_UNIT_NUMS
;
iter
++
)
{
e_map
=
e_iter
->
maps
[
iter
];
e_startbit
=
e_iter
->
startbit
+
i
*
EBITMAP_UNIT_SIZE
;
if
(
e_map
!=
0
)
{
c_endbit
=
c_iter
->
startbit
+
NETLBL_CATMAP_SIZE
;
rc
=
netlbl_catmap_setlong
(
catmap
,
if
(
e_startbit
>=
c_endbit
)
{
offset
,
c_iter
->
next
e_map
,
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
GFP_ATOMIC
);
if
(
c_iter
->
next
==
NULL
)
if
(
rc
!=
0
)
goto
netlbl_export_failure
;
goto
netlbl_export_failure
;
c_iter
=
c_iter
->
next
;
c_iter
->
startbit
=
e_startbit
&
~
(
NETLBL_CATMAP_SIZE
-
1
);
}
}
delta
=
e_startbit
-
c_iter
->
startbit
;
offset
+=
EBITMAP_UNIT_SIZE
;
cmap_idx
=
delta
/
NETLBL_CATMAP_MAPSIZE
;
cmap_sft
=
delta
%
NETLBL_CATMAP_MAPSIZE
;
c_iter
->
bitmap
[
cmap_idx
]
|=
e_iter
->
maps
[
i
]
<<
cmap_sft
;
}
}
e_iter
=
e_iter
->
next
;
e_iter
=
e_iter
->
next
;
}
}
...
@@ -138,7 +123,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
...
@@ -138,7 +123,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
return
0
;
return
0
;
netlbl_export_failure:
netlbl_export_failure:
netlbl_
secattr_
catmap_free
(
*
catmap
);
netlbl_catmap_free
(
*
catmap
);
return
-
ENOMEM
;
return
-
ENOMEM
;
}
}
...
@@ -153,58 +138,44 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
...
@@ -153,58 +138,44 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
*
*
*/
*/
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_
secattr_
catmap
*
catmap
)
struct
netlbl_lsm_catmap
*
catmap
)
{
{
int
rc
;
struct
ebitmap_node
*
e_iter
=
NULL
;
struct
ebitmap_node
*
e_iter
=
NULL
;
struct
ebitmap_node
*
emap_prev
=
NULL
;
struct
ebitmap_node
*
e_prev
=
NULL
;
struct
netlbl_lsm_secattr_catmap
*
c_iter
=
catmap
;
u32
offset
=
0
,
idx
;
u32
c_idx
,
c_pos
,
e_idx
,
e_sft
;
unsigned
long
bitmap
;
/* NetLabel's NETLBL_CATMAP_MAPTYPE is defined as an array of u64,
for
(;;)
{
* however, it is not always compatible with an array of unsigned long
rc
=
netlbl_catmap_getlong
(
catmap
,
&
offset
,
&
bitmap
);
* in ebitmap_node.
if
(
rc
<
0
)
* In addition, you should pay attention the following implementation
goto
netlbl_import_failure
;
* assumes unsigned long has a width equal with or less than 64-bit.
if
(
offset
==
(
u32
)
-
1
)
*/
return
0
;
do
{
for
(
c_idx
=
0
;
c_idx
<
NETLBL_CATMAP_MAPCNT
;
c_idx
++
)
{
unsigned
int
delta
;
u64
map
=
c_iter
->
bitmap
[
c_idx
];
if
(
!
map
)
continue
;
c_pos
=
c_iter
->
startbit
if
(
e_iter
==
NULL
||
+
c_idx
*
NETLBL_CATMAP_MAPSIZE
;
offset
>=
e_iter
->
startbit
+
EBITMAP_SIZE
)
{
if
(
!
e_iter
e_prev
=
e_iter
;
||
c_pos
>=
e_iter
->
startbit
+
EBITMAP_SIZE
)
{
e_iter
=
kzalloc
(
sizeof
(
*
e_iter
),
GFP_ATOMIC
);
e_iter
=
kzalloc
(
sizeof
(
*
e_iter
),
GFP_ATOMIC
);
if
(
e_iter
==
NULL
)
if
(
!
e_iter
)
goto
netlbl_import_failure
;
goto
netlbl_import_failure
;
e_iter
->
startbit
=
offset
&
~
(
EBITMAP_SIZE
-
1
);
e_iter
->
startbit
if
(
e_prev
==
NULL
)
=
c_pos
-
(
c_pos
%
EBITMAP_SIZE
);
ebmap
->
node
=
e_iter
;
if
(
emap_prev
==
NULL
)
else
ebmap
->
node
=
e_iter
;
e_prev
->
next
=
e_iter
;
else
ebmap
->
highbit
=
e_iter
->
startbit
+
EBITMAP_SIZE
;
emap_prev
->
next
=
e_iter
;
emap_prev
=
e_iter
;
}
delta
=
c_pos
-
e_iter
->
startbit
;
e_idx
=
delta
/
EBITMAP_UNIT_SIZE
;
e_sft
=
delta
%
EBITMAP_UNIT_SIZE
;
while
(
map
)
{
e_iter
->
maps
[
e_idx
++
]
|=
map
&
(
-
1UL
);
map
=
EBITMAP_SHIFT_UNIT_SIZE
(
map
);
}
}
}
c_iter
=
c_iter
->
next
;
}
while
(
c_iter
);
if
(
e_iter
!=
NULL
)
ebmap
->
highbit
=
e_iter
->
startbit
+
EBITMAP_SIZE
;
else
ebitmap_destroy
(
ebmap
);
/* offset will always be aligned to an unsigned long */
idx
=
EBITMAP_NODE_INDEX
(
e_iter
,
offset
);
e_iter
->
maps
[
idx
]
=
bitmap
;
/* next */
offset
+=
EBITMAP_UNIT_SIZE
;
}
/* NOTE: we should never reach this return */
return
0
;
return
0
;
netlbl_import_failure:
netlbl_import_failure:
...
...
security/selinux/ss/ebitmap.h
View file @
103ae675
...
@@ -132,17 +132,17 @@ int ebitmap_write(struct ebitmap *e, void *fp);
...
@@ -132,17 +132,17 @@ int ebitmap_write(struct ebitmap *e, void *fp);
#ifdef CONFIG_NETLABEL
#ifdef CONFIG_NETLABEL
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_
secattr_
catmap
**
catmap
);
struct
netlbl_lsm_catmap
**
catmap
);
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_
secattr_
catmap
*
catmap
);
struct
netlbl_lsm_catmap
*
catmap
);
#else
#else
static
inline
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
static
inline
int
ebitmap_netlbl_export
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_secattr
_catmap
**
catmap
)
struct
netlbl_lsm
_catmap
**
catmap
)
{
{
return
-
ENOMEM
;
return
-
ENOMEM
;
}
}
static
inline
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
static
inline
int
ebitmap_netlbl_import
(
struct
ebitmap
*
ebmap
,
struct
netlbl_lsm_secattr
_catmap
*
catmap
)
struct
netlbl_lsm
_catmap
*
catmap
)
{
{
return
-
ENOMEM
;
return
-
ENOMEM
;
}
}
...
...
security/smack/smack_access.c
View file @
103ae675
...
@@ -457,19 +457,16 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
...
@@ -457,19 +457,16 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
sap
->
flags
|=
NETLBL_SECATTR_MLS_CAT
;
sap
->
flags
|=
NETLBL_SECATTR_MLS_CAT
;
sap
->
attr
.
mls
.
lvl
=
level
;
sap
->
attr
.
mls
.
lvl
=
level
;
sap
->
attr
.
mls
.
cat
=
netlbl_secattr_catmap_alloc
(
GFP_ATOMIC
);
sap
->
attr
.
mls
.
cat
=
NULL
;
if
(
!
sap
->
attr
.
mls
.
cat
)
return
-
ENOMEM
;
sap
->
attr
.
mls
.
cat
->
startbit
=
0
;
for
(
cat
=
1
,
cp
=
catset
,
byte
=
0
;
byte
<
len
;
cp
++
,
byte
++
)
for
(
cat
=
1
,
cp
=
catset
,
byte
=
0
;
byte
<
len
;
cp
++
,
byte
++
)
for
(
m
=
0x80
;
m
!=
0
;
m
>>=
1
,
cat
++
)
{
for
(
m
=
0x80
;
m
!=
0
;
m
>>=
1
,
cat
++
)
{
if
((
m
&
*
cp
)
==
0
)
if
((
m
&
*
cp
)
==
0
)
continue
;
continue
;
rc
=
netlbl_
secattr_catmap_setbit
(
sap
->
attr
.
mls
.
cat
,
rc
=
netlbl_
catmap_setbit
(
&
sap
->
attr
.
mls
.
cat
,
cat
,
GFP_ATOMIC
);
cat
,
GFP_ATOMIC
);
if
(
rc
<
0
)
{
if
(
rc
<
0
)
{
netlbl_
secattr_
catmap_free
(
sap
->
attr
.
mls
.
cat
);
netlbl_catmap_free
(
sap
->
attr
.
mls
.
cat
);
return
rc
;
return
rc
;
}
}
}
}
...
...
security/smack/smack_lsm.c
View file @
103ae675
...
@@ -3209,9 +3209,9 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
...
@@ -3209,9 +3209,9 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
break
;
break
;
}
}
for
(
acat
=
-
1
,
kcat
=
-
1
;
acat
==
kcat
;
)
{
for
(
acat
=
-
1
,
kcat
=
-
1
;
acat
==
kcat
;
)
{
acat
=
netlbl_
secattr_catmap_walk
(
acat
=
netlbl_
catmap_walk
(
sap
->
attr
.
mls
.
cat
,
sap
->
attr
.
mls
.
cat
,
acat
+
1
);
acat
+
1
);
kcat
=
netlbl_
secattr_
catmap_walk
(
kcat
=
netlbl_catmap_walk
(
skp
->
smk_netlabel
.
attr
.
mls
.
cat
,
skp
->
smk_netlabel
.
attr
.
mls
.
cat
,
kcat
+
1
);
kcat
+
1
);
if
(
acat
<
0
||
kcat
<
0
)
if
(
acat
<
0
||
kcat
<
0
)
...
...
security/smack/smackfs.c
View file @
103ae675
...
@@ -787,7 +787,7 @@ static int cipso_seq_show(struct seq_file *s, void *v)
...
@@ -787,7 +787,7 @@ static int cipso_seq_show(struct seq_file *s, void *v)
struct
list_head
*
list
=
v
;
struct
list_head
*
list
=
v
;
struct
smack_known
*
skp
=
struct
smack_known
*
skp
=
list_entry
(
list
,
struct
smack_known
,
list
);
list_entry
(
list
,
struct
smack_known
,
list
);
struct
netlbl_lsm_
secattr_
catmap
*
cmp
=
skp
->
smk_netlabel
.
attr
.
mls
.
cat
;
struct
netlbl_lsm_catmap
*
cmp
=
skp
->
smk_netlabel
.
attr
.
mls
.
cat
;
char
sep
=
'/'
;
char
sep
=
'/'
;
int
i
;
int
i
;
...
@@ -804,8 +804,8 @@ static int cipso_seq_show(struct seq_file *s, void *v)
...
@@ -804,8 +804,8 @@ static int cipso_seq_show(struct seq_file *s, void *v)
seq_printf
(
s
,
"%s %3d"
,
skp
->
smk_known
,
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
);
seq_printf
(
s
,
"%s %3d"
,
skp
->
smk_known
,
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
);
for
(
i
=
netlbl_
secattr_
catmap_walk
(
cmp
,
0
);
i
>=
0
;
for
(
i
=
netlbl_catmap_walk
(
cmp
,
0
);
i
>=
0
;
i
=
netlbl_
secattr_
catmap_walk
(
cmp
,
i
+
1
))
{
i
=
netlbl_catmap_walk
(
cmp
,
i
+
1
))
{
seq_printf
(
s
,
"%c%d"
,
sep
,
i
);
seq_printf
(
s
,
"%c%d"
,
sep
,
i
);
sep
=
','
;
sep
=
','
;
}
}
...
@@ -926,7 +926,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
...
@@ -926,7 +926,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
rc
=
smk_netlbl_mls
(
maplevel
,
mapcatset
,
&
ncats
,
SMK_CIPSOLEN
);
rc
=
smk_netlbl_mls
(
maplevel
,
mapcatset
,
&
ncats
,
SMK_CIPSOLEN
);
if
(
rc
>=
0
)
{
if
(
rc
>=
0
)
{
netlbl_
secattr_
catmap_free
(
skp
->
smk_netlabel
.
attr
.
mls
.
cat
);
netlbl_catmap_free
(
skp
->
smk_netlabel
.
attr
.
mls
.
cat
);
skp
->
smk_netlabel
.
attr
.
mls
.
cat
=
ncats
.
attr
.
mls
.
cat
;
skp
->
smk_netlabel
.
attr
.
mls
.
cat
=
ncats
.
attr
.
mls
.
cat
;
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
=
ncats
.
attr
.
mls
.
lvl
;
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
=
ncats
.
attr
.
mls
.
lvl
;
rc
=
count
;
rc
=
count
;
...
@@ -976,14 +976,14 @@ static int cipso2_seq_show(struct seq_file *s, void *v)
...
@@ -976,14 +976,14 @@ static int cipso2_seq_show(struct seq_file *s, void *v)
struct
list_head
*
list
=
v
;
struct
list_head
*
list
=
v
;
struct
smack_known
*
skp
=
struct
smack_known
*
skp
=
list_entry
(
list
,
struct
smack_known
,
list
);
list_entry
(
list
,
struct
smack_known
,
list
);
struct
netlbl_lsm_
secattr_
catmap
*
cmp
=
skp
->
smk_netlabel
.
attr
.
mls
.
cat
;
struct
netlbl_lsm_catmap
*
cmp
=
skp
->
smk_netlabel
.
attr
.
mls
.
cat
;
char
sep
=
'/'
;
char
sep
=
'/'
;
int
i
;
int
i
;
seq_printf
(
s
,
"%s %3d"
,
skp
->
smk_known
,
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
);
seq_printf
(
s
,
"%s %3d"
,
skp
->
smk_known
,
skp
->
smk_netlabel
.
attr
.
mls
.
lvl
);
for
(
i
=
netlbl_
secattr_
catmap_walk
(
cmp
,
0
);
i
>=
0
;
for
(
i
=
netlbl_catmap_walk
(
cmp
,
0
);
i
>=
0
;
i
=
netlbl_
secattr_
catmap_walk
(
cmp
,
i
+
1
))
{
i
=
netlbl_catmap_walk
(
cmp
,
i
+
1
))
{
seq_printf
(
s
,
"%c%d"
,
sep
,
i
);
seq_printf
(
s
,
"%c%d"
,
sep
,
i
);
sep
=
','
;
sep
=
','
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment