| secid.c (99cc45e486786c7215a7e39824c3bbaf7cf2fc08) | secid.c (a4c3f89c9b5a9fab5a8e4ea05399acd6e23072df) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor security identifier (secid) manipulation fns 5 * 6 * Copyright 2009-2017 Canonical Ltd. 7 * 8 * This program is free software; you can redistribute it and/or --- 19 unchanged lines hidden (view full) --- 28#include "include/label.h" 29#include "include/policy_ns.h" 30 31/* 32 * secids - do not pin labels with a refcount. They rely on the label 33 * properly updating/freeing them 34 */ 35 | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor security identifier (secid) manipulation fns 5 * 6 * Copyright 2009-2017 Canonical Ltd. 7 * 8 * This program is free software; you can redistribute it and/or --- 19 unchanged lines hidden (view full) --- 28#include "include/label.h" 29#include "include/policy_ns.h" 30 31/* 32 * secids - do not pin labels with a refcount. They rely on the label 33 * properly updating/freeing them 34 */ 35 |
| 36#define AA_FIRST_SECID 1 37 |
|
| 36static DEFINE_IDR(aa_secids); 37static DEFINE_SPINLOCK(secid_lock); 38 39/* 40 * TODO: allow policy to reserve a secid range? 41 * TODO: add secid pinning 42 * TODO: use secid_update in label replace 43 */ --- 71 unchanged lines hidden (view full) --- 115 116void apparmor_release_secctx(char *secdata, u32 seclen) 117{ 118 kfree(secdata); 119} 120 121/** 122 * aa_alloc_secid - allocate a new secid for a profile | 38static DEFINE_IDR(aa_secids); 39static DEFINE_SPINLOCK(secid_lock); 40 41/* 42 * TODO: allow policy to reserve a secid range? 43 * TODO: add secid pinning 44 * TODO: use secid_update in label replace 45 */ --- 71 unchanged lines hidden (view full) --- 117 118void apparmor_release_secctx(char *secdata, u32 seclen) 119{ 120 kfree(secdata); 121} 122 123/** 124 * aa_alloc_secid - allocate a new secid for a profile |
| 125 * @label: the label to allocate a secid for 126 * @gfp: memory allocation flags 127 * 128 * Returns: 0 with @label->secid initialized 129 * <0 returns error with @label->secid set to AA_SECID_INVALID |
|
| 123 */ | 130 */ |
| 124u32 aa_alloc_secid(struct aa_label *label, gfp_t gfp) | 131int aa_alloc_secid(struct aa_label *label, gfp_t gfp) |
| 125{ 126 unsigned long flags; | 132{ 133 unsigned long flags; |
| 127 u32 secid; | 134 int ret; |
| 128 129 idr_preload(gfp); 130 spin_lock_irqsave(&secid_lock, flags); | 135 136 idr_preload(gfp); 137 spin_lock_irqsave(&secid_lock, flags); |
| 131 secid = idr_alloc(&aa_secids, label, 0, 0, GFP_ATOMIC); 132 /* XXX: Can return -ENOMEM */ | 138 ret = idr_alloc(&aa_secids, label, AA_FIRST_SECID, 0, GFP_ATOMIC); |
| 133 spin_unlock_irqrestore(&secid_lock, flags); 134 idr_preload_end(); 135 | 139 spin_unlock_irqrestore(&secid_lock, flags); 140 idr_preload_end(); 141 |
| 136 return secid; | 142 if (ret < 0) { 143 label->secid = AA_SECID_INVALID; 144 return ret; 145 } 146 147 AA_BUG(ret == AA_SECID_INVALID); 148 label->secid = ret; 149 return 0; |
| 137} 138 139/** 140 * aa_free_secid - free a secid 141 * @secid: secid to free 142 */ 143void aa_free_secid(u32 secid) 144{ 145 unsigned long flags; 146 147 spin_lock_irqsave(&secid_lock, flags); 148 idr_remove(&aa_secids, secid); 149 spin_unlock_irqrestore(&secid_lock, flags); 150} | 150} 151 152/** 153 * aa_free_secid - free a secid 154 * @secid: secid to free 155 */ 156void aa_free_secid(u32 secid) 157{ 158 unsigned long flags; 159 160 spin_lock_irqsave(&secid_lock, flags); 161 idr_remove(&aa_secids, secid); 162 spin_unlock_irqrestore(&secid_lock, flags); 163} |
| 164 165void aa_secids_init(void) 166{ 167 idr_init_base(&aa_secids, AA_FIRST_SECID); 168} |
|