| policydb.c (ede17552b1e70d4435decba026b86e137b516248) | policydb.c (ded34574d4d351ab0ca095a45496b393cef611c2) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8/* --- 47 unchanged lines hidden (view full) --- 56 57struct policydb_compat_info { 58 int version; 59 int sym_num; 60 int ocon_num; 61}; 62 63/* These need to be updated if SYM_NUM or OCON_NUM changes */ | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8/* --- 47 unchanged lines hidden (view full) --- 56 57struct policydb_compat_info { 58 int version; 59 int sym_num; 60 int ocon_num; 61}; 62 63/* These need to be updated if SYM_NUM or OCON_NUM changes */ |
| 64static struct policydb_compat_info policydb_compat[] = { | 64static const struct policydb_compat_info policydb_compat[] = { |
| 65 { 66 .version = POLICYDB_VERSION_BASE, 67 .sym_num = SYM_NUM - 3, 68 .ocon_num = OCON_NUM - 3, 69 }, 70 { 71 .version = POLICYDB_VERSION_BOOL, 72 .sym_num = SYM_NUM - 2, --- 81 unchanged lines hidden (view full) --- 154 }, 155 { 156 .version = POLICYDB_VERSION_COMP_FTRANS, 157 .sym_num = SYM_NUM, 158 .ocon_num = OCON_NUM, 159 }, 160}; 161 | 65 { 66 .version = POLICYDB_VERSION_BASE, 67 .sym_num = SYM_NUM - 3, 68 .ocon_num = OCON_NUM - 3, 69 }, 70 { 71 .version = POLICYDB_VERSION_BOOL, 72 .sym_num = SYM_NUM - 2, --- 81 unchanged lines hidden (view full) --- 154 }, 155 { 156 .version = POLICYDB_VERSION_COMP_FTRANS, 157 .sym_num = SYM_NUM, 158 .ocon_num = OCON_NUM, 159 }, 160}; 161 |
| 162static struct policydb_compat_info *policydb_lookup_compat(int version) | 162static const struct policydb_compat_info *policydb_lookup_compat(int version) |
| 163{ 164 int i; | 163{ 164 int i; |
| 165 struct policydb_compat_info *info = NULL; | |
| 166 167 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { | 165 166 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { |
| 168 if (policydb_compat[i].version == version) { 169 info = &policydb_compat[i]; 170 break; 171 } | 167 if (policydb_compat[i].version == version) 168 return &policydb_compat[i]; |
| 172 } | 169 } |
| 173 return info; | 170 171 return NULL; |
| 174} 175 176/* 177 * The following *_destroy functions are used to 178 * free any memory allocated for each kind of 179 * symbol data in the policy database. 180 */ 181 --- 127 unchanged lines hidden (view full) --- 309 310static int cat_destroy(void *key, void *datum, void *p) 311{ 312 kfree(key); 313 kfree(datum); 314 return 0; 315} 316 | 172} 173 174/* 175 * The following *_destroy functions are used to 176 * free any memory allocated for each kind of 177 * symbol data in the policy database. 178 */ 179 --- 127 unchanged lines hidden (view full) --- 307 308static int cat_destroy(void *key, void *datum, void *p) 309{ 310 kfree(key); 311 kfree(datum); 312 return 0; 313} 314 |
| 317static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = { | 315static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
| 318 common_destroy, 319 cls_destroy, 320 role_destroy, 321 type_destroy, 322 user_destroy, 323 cond_destroy_bool, 324 sens_destroy, 325 cat_destroy, --- 338 unchanged lines hidden (view full) --- 664 return -EINVAL; 665 666 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 667 } 668 669 return 0; 670} 671 | 316 common_destroy, 317 cls_destroy, 318 role_destroy, 319 type_destroy, 320 user_destroy, 321 cond_destroy_bool, 322 sens_destroy, 323 cat_destroy, --- 338 unchanged lines hidden (view full) --- 662 return -EINVAL; 663 664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 665 } 666 667 return 0; 668} 669 |
| 672static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = { | 670static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
| 673 common_index, 674 class_index, 675 role_index, 676 type_index, 677 user_index, 678 cond_index_bool, 679 sens_index, 680 cat_index, --- 951 unchanged lines hidden (view full) --- 1632 if (rc) 1633 goto bad; 1634 return 0; 1635bad: 1636 cat_destroy(key, catdatum, NULL); 1637 return rc; 1638} 1639 | 671 common_index, 672 class_index, 673 role_index, 674 type_index, 675 user_index, 676 cond_index_bool, 677 sens_index, 678 cat_index, --- 951 unchanged lines hidden (view full) --- 1630 if (rc) 1631 goto bad; 1632 return 0; 1633bad: 1634 cat_destroy(key, catdatum, NULL); 1635 return rc; 1636} 1637 |
| 1640static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) = { | 1638static int (*const read_f[SYM_NUM]) (struct policydb *p, 1639 struct symtab *s, void *fp) = { |
| 1641 common_read, 1642 class_read, 1643 role_read, 1644 type_read, 1645 user_read, 1646 cond_read_bool, 1647 sens_read, 1648 cat_read, --- 554 unchanged lines hidden (view full) --- 2203 kfree(newgenfs->fstype); 2204 kfree(newgenfs); 2205 } 2206 ocontext_destroy(newc, OCON_FSUSE); 2207 2208 return rc; 2209} 2210 | 1640 common_read, 1641 class_read, 1642 role_read, 1643 type_read, 1644 user_read, 1645 cond_read_bool, 1646 sens_read, 1647 cat_read, --- 554 unchanged lines hidden (view full) --- 2202 kfree(newgenfs->fstype); 2203 kfree(newgenfs); 2204 } 2205 ocontext_destroy(newc, OCON_FSUSE); 2206 2207 return rc; 2208} 2209 |
| 2211static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, | 2210static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, |
| 2212 void *fp) 2213{ 2214 int i, j, rc; 2215 u32 nel, len; 2216 __be64 prefixbuf[1]; 2217 __le32 buf[3]; 2218 struct ocontext *l, *c; 2219 u32 nodebuf[8]; --- 179 unchanged lines hidden (view full) --- 2399 struct role_allow *ra, *lra; 2400 struct role_trans_key *rtk = NULL; 2401 struct role_trans_datum *rtd = NULL; 2402 int i, j, rc; 2403 __le32 buf[4]; 2404 u32 len, nprim, nel, perm; 2405 2406 char *policydb_str; | 2211 void *fp) 2212{ 2213 int i, j, rc; 2214 u32 nel, len; 2215 __be64 prefixbuf[1]; 2216 __le32 buf[3]; 2217 struct ocontext *l, *c; 2218 u32 nodebuf[8]; --- 179 unchanged lines hidden (view full) --- 2398 struct role_allow *ra, *lra; 2399 struct role_trans_key *rtk = NULL; 2400 struct role_trans_datum *rtd = NULL; 2401 int i, j, rc; 2402 __le32 buf[4]; 2403 u32 len, nprim, nel, perm; 2404 2405 char *policydb_str; |
| 2407 struct policydb_compat_info *info; | 2406 const struct policydb_compat_info *info; |
| 2408 2409 policydb_init(p); 2410 2411 /* Read the magic number and string length. */ 2412 rc = next_entry(buf, fp, sizeof(u32) * 2); 2413 if (rc) 2414 goto bad; 2415 --- 817 unchanged lines hidden (view full) --- 3233 3234 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3235 if (rc) 3236 return rc; 3237 3238 return 0; 3239} 3240 | 2407 2408 policydb_init(p); 2409 2410 /* Read the magic number and string length. */ 2411 rc = next_entry(buf, fp, sizeof(u32) * 2); 2412 if (rc) 2413 goto bad; 2414 --- 817 unchanged lines hidden (view full) --- 3232 3233 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3234 if (rc) 3235 return rc; 3236 3237 return 0; 3238} 3239 |
| 3241static int (*write_f[SYM_NUM]) (void *key, void *datum, 3242 void *datap) = { | 3240static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
| 3243 common_write, 3244 class_write, 3245 role_write, 3246 type_write, 3247 user_write, 3248 cond_write_bool, 3249 sens_write, 3250 cat_write, 3251}; 3252 | 3241 common_write, 3242 class_write, 3243 role_write, 3244 type_write, 3245 user_write, 3246 cond_write_bool, 3247 sens_write, 3248 cat_write, 3249}; 3250 |
| 3253static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, | 3251static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, |
| 3254 void *fp) 3255{ 3256 unsigned int i, j, rc; 3257 size_t nel, len; 3258 __be64 prefixbuf[1]; 3259 __le32 buf[3]; 3260 u32 nodebuf[8]; 3261 struct ocontext *c; --- 340 unchanged lines hidden (view full) --- 3602 */ 3603int policydb_write(struct policydb *p, void *fp) 3604{ 3605 unsigned int i, num_syms; 3606 int rc; 3607 __le32 buf[4]; 3608 u32 config; 3609 size_t len; | 3252 void *fp) 3253{ 3254 unsigned int i, j, rc; 3255 size_t nel, len; 3256 __be64 prefixbuf[1]; 3257 __le32 buf[3]; 3258 u32 nodebuf[8]; 3259 struct ocontext *c; --- 340 unchanged lines hidden (view full) --- 3600 */ 3601int policydb_write(struct policydb *p, void *fp) 3602{ 3603 unsigned int i, num_syms; 3604 int rc; 3605 __le32 buf[4]; 3606 u32 config; 3607 size_t len; |
| 3610 struct policydb_compat_info *info; | 3608 const struct policydb_compat_info *info; |
| 3611 3612 /* 3613 * refuse to write policy older than compressed avtab 3614 * to simplify the writer. There are other tests dropped 3615 * since we assume this throughout the writer code. Be 3616 * careful if you ever try to remove this restriction 3617 */ 3618 if (p->policyvers < POLICYDB_VERSION_AVTAB) { --- 115 unchanged lines hidden --- | 3609 3610 /* 3611 * refuse to write policy older than compressed avtab 3612 * to simplify the writer. There are other tests dropped 3613 * since we assume this throughout the writer code. Be 3614 * careful if you ever try to remove this restriction 3615 */ 3616 if (p->policyvers < POLICYDB_VERSION_AVTAB) { --- 115 unchanged lines hidden --- |