| policy_unpack.c (556d0be74b19cb6288e5eb2f3216eac247d87968) | policy_unpack.c (f8eb8a1324e81927b2c64823b2fc38386efd3fef) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor functions for unpacking policy loaded from 5 * userspace. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 10 unchanged lines hidden (view full) --- 19 20#include <asm/unaligned.h> 21#include <linux/ctype.h> 22#include <linux/errno.h> 23 24#include "include/apparmor.h" 25#include "include/audit.h" 26#include "include/context.h" | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor functions for unpacking policy loaded from 5 * userspace. 6 * 7 * Copyright (C) 1998-2008 Novell/SUSE 8 * Copyright 2009-2010 Canonical Ltd. --- 10 unchanged lines hidden (view full) --- 19 20#include <asm/unaligned.h> 21#include <linux/ctype.h> 22#include <linux/errno.h> 23 24#include "include/apparmor.h" 25#include "include/audit.h" 26#include "include/context.h" |
| 27#include "include/crypto.h" |
|
| 27#include "include/match.h" 28#include "include/policy.h" 29#include "include/policy_unpack.h" 30 31/* 32 * The AppArmor interface treats data as a type byte followed by the 33 * actual data. The interface has the notion of a a named entry 34 * which has a name (AA_NAME typecode followed by name string) followed by --- 718 unchanged lines hidden (view full) --- 753 struct aa_ext e = { 754 .start = udata, 755 .end = udata + size, 756 .pos = udata, 757 }; 758 759 *ns = NULL; 760 while (e.pos < e.end) { | 28#include "include/match.h" 29#include "include/policy.h" 30#include "include/policy_unpack.h" 31 32/* 33 * The AppArmor interface treats data as a type byte followed by the 34 * actual data. The interface has the notion of a a named entry 35 * which has a name (AA_NAME typecode followed by name string) followed by --- 718 unchanged lines hidden (view full) --- 754 struct aa_ext e = { 755 .start = udata, 756 .end = udata + size, 757 .pos = udata, 758 }; 759 760 *ns = NULL; 761 while (e.pos < e.end) { |
| 762 void *start; |
|
| 761 error = verify_header(&e, e.pos == e.start, ns); 762 if (error) 763 goto fail; 764 | 763 error = verify_header(&e, e.pos == e.start, ns); 764 if (error) 765 goto fail; 766 |
| 767 start = e.pos; |
|
| 765 profile = unpack_profile(&e); 766 if (IS_ERR(profile)) { 767 error = PTR_ERR(profile); 768 goto fail; 769 } 770 771 error = verify_profile(profile); | 768 profile = unpack_profile(&e); 769 if (IS_ERR(profile)) { 770 error = PTR_ERR(profile); 771 goto fail; 772 } 773 774 error = verify_profile(profile); |
| 772 if (error) { 773 aa_free_profile(profile); 774 goto fail; 775 } | 775 if (error) 776 goto fail_profile; |
| 776 | 777 |
| 778 error = aa_calc_profile_hash(profile, e.version, start, 779 e.pos - start); 780 if (error) 781 goto fail_profile; 782 |
|
| 777 ent = aa_load_ent_alloc(); 778 if (!ent) { 779 error = -ENOMEM; | 783 ent = aa_load_ent_alloc(); 784 if (!ent) { 785 error = -ENOMEM; |
| 780 aa_put_profile(profile); 781 goto fail; | 786 goto fail_profile; |
| 782 } 783 784 ent->new = profile; 785 list_add_tail(&ent->list, lh); 786 } 787 788 return 0; 789 | 787 } 788 789 ent->new = profile; 790 list_add_tail(&ent->list, lh); 791 } 792 793 return 0; 794 |
| 795fail_profile: 796 aa_put_profile(profile); 797 |
|
| 790fail: 791 list_for_each_entry_safe(ent, tmp, lh, list) { 792 list_del_init(&ent->list); 793 aa_load_ent_free(ent); 794 } 795 796 return error; 797} | 798fail: 799 list_for_each_entry_safe(ent, tmp, lh, list) { 800 list_del_init(&ent->list); 801 aa_load_ent_free(ent); 802 } 803 804 return error; 805} |