policy_unpack.c - OpenGrok cross reference for /linux/security/apparmor/policy

Deleted Added

sdiffudifftextold (2410aa96..)new (651e28c5..)

policy_unpack.c (2410aa96d6b4930ed25fd02c3d173f14b962e0f4)	policy_unpack.c (651e28c5537abb39076d3949fb7618536f1d242e)
1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor functions for unpacking policy loaded from 5 * userspace. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 261 unchanged lines hidden (view full) --- 270 if (unpack_X(e, code)) 271 return 1; 272 273fail: 274 e->pos = pos; 275 return 0; 276} 277	1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor functions for unpacking policy loaded from 5 * userspace. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 261 unchanged lines hidden (view full) --- 270 if (unpack_X(e, code)) 271 return 1; 272 273fail: 274 e->pos = pos; 275 return 0; 276} 277
	278static bool unpack_u16(struct aa_ext e, u16 data, const char name) 279{ 280 if (unpack_nameX(e, AA_U16, name)) { 281 if (!inbounds(e, sizeof(u16))) 282 return 0; 283 if (data) 284 data = le16_to_cpu(get_unaligned((__le16 *) e->pos)); 285 e->pos += sizeof(u16); 286 return 1; 287 } 288 return 0; 289} 290
278static bool unpack_u32(struct aa_ext e, u32 data, const char name) 279{ 280 if (unpack_nameX(e, AA_U32, name)) { 281 if (!inbounds(e, sizeof(u32))) 282 return 0; 283 if (data) 284 data = le32_to_cpu(get_unaligned((__le32 ) e->pos)); 285 e->pos += sizeof(u32); --- 293 unchanged lines hidden* (view full) --- 579 * 580 * NOTE: unpack profile sets audit struct if there is a failure 581 / 582static struct aa_profile unpack_profile(struct aa_ext e, char ns_name) 583{ 584 struct aa_profile profile = NULL; 585 const char tmpname, tmpns = NULL, name = NULL; 586 const char info = "failed to unpack profile";	291static bool unpack_u32(struct aa_ext e, u32 data, const char name) 292{ 293 if (unpack_nameX(e, AA_U32, name)) { 294 if (!inbounds(e, sizeof(u32))) 295 return 0; 296 if (data) 297 data = le32_to_cpu(get_unaligned((__le32 ) e->pos)); 298 e->pos += sizeof(u32); --- 293 unchanged lines hidden* (view full) --- 592 * 593 * NOTE: unpack profile sets audit struct if there is a failure 594 / 595static struct aa_profile unpack_profile(struct aa_ext e, char ns_name) 596{ 597 struct aa_profile profile = NULL; 598 const char tmpname, tmpns = NULL, name = NULL; 599 const char info = "failed to unpack profile";
587 size_t ns_len;	600 size_t size = 0, ns_len;
588 struct rhashtable_params params = { 0 }; 589 char key = NULL; 590 struct aa_data data; 591 int i, error = -EPROTO; 592 kernel_cap_t tmpcap; 593 u32 tmp; 594 595 ns_name = NULL; --- 116 unchanged lines hidden* (view full) --- 712 goto fail; 713 } 714 715 if (!unpack_rlimits(e, profile)) { 716 info = "failed to unpack profile rlimits"; 717 goto fail; 718 } 719	601 struct rhashtable_params params = { 0 }; 602 char key = NULL; 603 struct aa_data data; 604 int i, error = -EPROTO; 605 kernel_cap_t tmpcap; 606 u32 tmp; 607 608 ns_name = NULL; --- 116 unchanged lines hidden* (view full) --- 725 goto fail; 726 } 727 728 if (!unpack_rlimits(e, profile)) { 729 info = "failed to unpack profile rlimits"; 730 goto fail; 731 } 732
	733 size = unpack_array(e, "net_allowed_af"); 734 if (size) { 735 736 for (i = 0; i < size; i++) { 737 /* discard extraneous rules that this kernel will 738 * never request 739 / 740 if (i >= AF_MAX) { 741 u16 tmp; 742 743 if (!unpack_u16(e, &tmp, NULL) \|\| 744 !unpack_u16(e, &tmp, NULL) \|\| 745 !unpack_u16(e, &tmp, NULL)) 746 goto fail; 747 continue; 748 } 749 if (!unpack_u16(e, &profile->net.allow[i], NULL)) 750 goto fail; 751 if (!unpack_u16(e, &profile->net.audit[i], NULL)) 752 goto fail; 753 if (!unpack_u16(e, &profile->net.quiet[i], NULL)) 754 goto fail; 755 } 756 if (!unpack_nameX(e, AA_ARRAYEND, NULL)) 757 goto fail; 758 } 759 if (VERSION_LT(e->version, v7)) { 760 / pre v7 policy always allowed these */ 761 profile->net.allow[AF_UNIX] = 0xffff; 762 profile->net.allow[AF_NETLINK] = 0xffff; 763 } 764
720 if (unpack_nameX(e, AA_STRUCT, "policydb")) { 721 /* generic policy dfa - optional and may be NULL / 722 info = "failed to unpack policydb"; 723 profile->policy.dfa = unpack_dfa(e); 724 if (IS_ERR(profile->policy.dfa)) { 725 error = PTR_ERR(profile->policy.dfa); 726 profile->policy.dfa = NULL; 727 goto fail; --- 296 unchanged lines hidden* ---	765 if (unpack_nameX(e, AA_STRUCT, "policydb")) { 766 /* generic policy dfa - optional and may be NULL / 767 info = "failed to unpack policydb"; 768 profile->policy.dfa = unpack_dfa(e); 769 if (IS_ERR(profile->policy.dfa)) { 770 error = PTR_ERR(profile->policy.dfa); 771 profile->policy.dfa = NULL; 772 goto fail; --- 296 unchanged lines hidden* ---