Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/selinux/ss/avtab.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2)  * Implementation of the access vector table type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *	Added conditional policy language extensions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  * Copyright (C) 2003 Tresys Technology, LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  *	This program is free software; you can redistribute it and/or modify
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  *	it under the terms of the GNU General Public License as published by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  *	the Free Software Foundation, version 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17)  *	Tuned number of hash slots for avtab to reduce memory usage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #include "avtab.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) #include "policydb.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) static struct kmem_cache *avtab_node_cachep;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) static struct kmem_cache *avtab_xperms_cachep;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) /* Based on MurmurHash3, written by Austin Appleby and placed in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30)  * public domain.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) static inline int avtab_hash(struct avtab_key *keyp, u32 mask)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	static const u32 c1 = 0xcc9e2d51;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	static const u32 c2 = 0x1b873593;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	static const u32 r1 = 15;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	static const u32 r2 = 13;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	static const u32 m  = 5;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	static const u32 n  = 0xe6546b64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	u32 hash = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) #define mix(input) { \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	u32 v = input; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	v *= c1; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	v = (v << r1) | (v >> (32 - r1)); \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	v *= c2; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	hash ^= v; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	hash = (hash << r2) | (hash >> (32 - r2)); \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	hash = hash * m + n; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	mix(keyp->target_class);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	mix(keyp->target_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	mix(keyp->source_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) #undef mix
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	hash ^= hash >> 16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	hash *= 0x85ebca6b;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	hash ^= hash >> 13;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	hash *= 0xc2b2ae35;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	hash ^= hash >> 16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	return hash & mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) static struct avtab_node*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) avtab_insert_node(struct avtab *h, int hvalue,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 		  struct avtab_node *prev, struct avtab_node *cur,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 		  struct avtab_key *key, struct avtab_datum *datum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	struct avtab_node *newnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	struct avtab_extended_perms *xperms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	if (newnode == NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	newnode->key = *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	if (key->specified & AVTAB_XPERMS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 		xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		if (xperms == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 			kmem_cache_free(avtab_node_cachep, newnode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 			return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 		*xperms = *(datum->u.xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 		newnode->datum.u.xperms = xperms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 		newnode->datum.u.data = datum->u.data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	if (prev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		newnode->next = prev->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		prev->next = newnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		struct avtab_node **n = &h->htable[hvalue];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		newnode->next = *n;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		*n = newnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	h->nel++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	return newnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	int hvalue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	struct avtab_node *prev, *cur, *newnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	if (!h || !h->nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	hvalue = avtab_hash(key, h->mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	for (prev = NULL, cur = h->htable[hvalue];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	     cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	     prev = cur, cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		    key->target_class == cur->key.target_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 		    (specified & cur->key.specified)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 			/* extended perms may not be unique */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 			if (specified & AVTAB_XPERMS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 				break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 			return -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 		if (key->source_type < cur->key.source_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		    key->target_type < cur->key.target_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		    key->target_class < cur->key.target_class)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	if (!newnode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) /* Unlike avtab_insert(), this function allow multiple insertions of the same
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)  * key/specified mask into the table, as needed by the conditional avtab.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)  * It also returns a pointer to the node inserted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) struct avtab_node *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	int hvalue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	struct avtab_node *prev, *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	if (!h || !h->nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	hvalue = avtab_hash(key, h->mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	for (prev = NULL, cur = h->htable[hvalue];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	     cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	     prev = cur, cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		    key->target_class == cur->key.target_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 		    (specified & cur->key.specified))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 		if (key->source_type < cur->key.source_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 		    key->target_type < cur->key.target_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 		    key->target_class < cur->key.target_class)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	return avtab_insert_node(h, hvalue, prev, cur, key, datum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	int hvalue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	struct avtab_node *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	if (!h || !h->nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	hvalue = avtab_hash(key, h->mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	for (cur = h->htable[hvalue]; cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	     cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		    key->target_class == cur->key.target_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 		    (specified & cur->key.specified))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 			return &cur->datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		if (key->source_type < cur->key.source_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		    key->target_type < cur->key.target_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 		    key->target_class < cur->key.target_class)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) /* This search function returns a node pointer, and can be used in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)  * conjunction with avtab_search_next_node()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) struct avtab_node*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) avtab_search_node(struct avtab *h, struct avtab_key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	int hvalue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	struct avtab_node *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	if (!h || !h->nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	hvalue = avtab_hash(key, h->mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	for (cur = h->htable[hvalue]; cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	     cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 		    key->target_class == cur->key.target_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		    (specified & cur->key.specified))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 			return cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 		if (key->source_type < cur->key.source_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 		    key->target_type < cur->key.target_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 		if (key->source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 		    key->target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 		    key->target_class < cur->key.target_class)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) struct avtab_node*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) avtab_search_node_next(struct avtab_node *node, int specified)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 	struct avtab_node *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	if (!node)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 	specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 	for (cur = node->next; cur; cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		if (node->key.source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 		    node->key.target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 		    node->key.target_class == cur->key.target_class &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 		    (specified & cur->key.specified))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 			return cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 		if (node->key.source_type < cur->key.source_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 		if (node->key.source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		    node->key.target_type < cur->key.target_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 		if (node->key.source_type == cur->key.source_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		    node->key.target_type == cur->key.target_type &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		    node->key.target_class < cur->key.target_class)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) void avtab_destroy(struct avtab *h)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 	struct avtab_node *cur, *temp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	if (!h)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 	for (i = 0; i < h->nslot; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 		cur = h->htable[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 		while (cur) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 			temp = cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 			cur = cur->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 			if (temp->key.specified & AVTAB_XPERMS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 				kmem_cache_free(avtab_xperms_cachep,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 						temp->datum.u.xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 			kmem_cache_free(avtab_node_cachep, temp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 	kvfree(h->htable);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 	h->htable = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 	h->nel = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 	h->nslot = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 	h->mask = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) void avtab_init(struct avtab *h)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 	h->htable = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 	h->nel = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 	h->nslot = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 	h->mask = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) static int avtab_alloc_common(struct avtab *h, u32 nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 	if (!nslot)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 	h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 	if (!h->htable)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 	h->nslot = nslot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 	h->mask = nslot - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) int avtab_alloc(struct avtab *h, u32 nrules)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 	u32 nslot = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 	if (nrules != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 		u32 shift = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 		u32 work = nrules >> 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 		while (work) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 			work >>= 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 			shift++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 		nslot = 1 << shift;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 		if (nslot > MAX_AVTAB_HASH_BUCKETS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 			nslot = MAX_AVTAB_HASH_BUCKETS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 		rc = avtab_alloc_common(h, nslot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 	pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 	return avtab_alloc_common(new, orig->nslot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) void avtab_hash_eval(struct avtab *h, char *tag)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 	int i, chain_len, slots_used, max_chain_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 	unsigned long long chain2_len_sum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 	struct avtab_node *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 	slots_used = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 	max_chain_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	chain2_len_sum = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 	for (i = 0; i < h->nslot; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 		cur = h->htable[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 		if (cur) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 			slots_used++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 			chain_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 			while (cur) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 				chain_len++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 				cur = cur->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 			if (chain_len > max_chain_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 				max_chain_len = chain_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 			chain2_len_sum += chain_len * chain_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 	pr_debug("SELinux: %s:  %d entries and %d/%d buckets used, "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 	       "longest chain length %d sum of chain length^2 %llu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 	       tag, h->nel, slots_used, h->nslot, max_chain_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 	       chain2_len_sum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) static uint16_t spec_order[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	AVTAB_ALLOWED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 	AVTAB_AUDITDENY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 	AVTAB_AUDITALLOW,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 	AVTAB_TRANSITION,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 	AVTAB_CHANGE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 	AVTAB_MEMBER,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 	AVTAB_XPERMS_ALLOWED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 	AVTAB_XPERMS_AUDITALLOW,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 	AVTAB_XPERMS_DONTAUDIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 		    int (*insertf)(struct avtab *a, struct avtab_key *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 				   struct avtab_datum *d, void *p),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 		    void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 	__le16 buf16[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) 	u16 enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) 	u32 items, items2, val, vers = pol->policyvers;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) 	struct avtab_key key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 	struct avtab_datum datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) 	struct avtab_extended_perms xperms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 	__le32 buf32[ARRAY_SIZE(xperms.perms.p)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) 	int i, rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 	unsigned set;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 	memset(&key, 0, sizeof(struct avtab_key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	memset(&datum, 0, sizeof(struct avtab_datum));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 	if (vers < POLICYDB_VERSION_AVTAB) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 		rc = next_entry(buf32, fp, sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 		items2 = le32_to_cpu(buf32[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 		if (items2 > ARRAY_SIZE(buf32)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 			pr_err("SELinux: avtab: entry overflow\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 		rc = next_entry(buf32, fp, sizeof(u32)*items2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 		items = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 		val = le32_to_cpu(buf32[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 		key.source_type = (u16)val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) 		if (key.source_type != val) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 			pr_err("SELinux: avtab: truncated source type\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 		val = le32_to_cpu(buf32[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 		key.target_type = (u16)val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 		if (key.target_type != val) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 			pr_err("SELinux: avtab: truncated target type\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 		val = le32_to_cpu(buf32[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 		key.target_class = (u16)val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 		if (key.target_class != val) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) 			pr_err("SELinux: avtab: truncated target class\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) 		val = le32_to_cpu(buf32[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) 		enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) 		if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) 			pr_err("SELinux: avtab: null entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) 		if ((val & AVTAB_AV) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 		    (val & AVTAB_TYPE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) 			pr_err("SELinux: avtab: entry has both access vectors and types\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 		if (val & AVTAB_XPERMS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 			pr_err("SELinux: avtab: entry has extended permissions\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 			if (val & spec_order[i]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 				key.specified = spec_order[i] | enabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 				datum.u.data = le32_to_cpu(buf32[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) 				rc = insertf(a, &key, &datum, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 				if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) 					return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) 		if (items != items2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) 			pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 			       items2, items);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	rc = next_entry(buf16, fp, sizeof(u16)*4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 	if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) 		pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 	items = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 	key.source_type = le16_to_cpu(buf16[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 	key.target_type = le16_to_cpu(buf16[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 	key.target_class = le16_to_cpu(buf16[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 	key.specified = le16_to_cpu(buf16[items++]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	if (!policydb_type_isvalid(pol, key.source_type) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) 	    !policydb_type_isvalid(pol, key.target_type) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 	    !policydb_class_isvalid(pol, key.target_class)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) 		pr_err("SELinux: avtab: invalid type or class\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) 	set = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) 	for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) 		if (key.specified & spec_order[i])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) 			set++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) 	if (!set || set > 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) 		pr_err("SELinux:  avtab:  more than one specifier\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) 	if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) 			(key.specified & AVTAB_XPERMS)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 		pr_err("SELinux:  avtab:  policy version %u does not "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) 				"support extended permissions rules and one "
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) 				"was specified\n", vers);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) 	} else if (key.specified & AVTAB_XPERMS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) 		memset(&xperms, 0, sizeof(struct avtab_extended_perms));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) 		rc = next_entry(&xperms.specified, fp, sizeof(u8));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) 		rc = next_entry(&xperms.driver, fp, sizeof(u8));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) 		rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) 		for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) 			xperms.perms.p[i] = le32_to_cpu(buf32[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) 		datum.u.xperms = &xperms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) 		rc = next_entry(buf32, fp, sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) 			pr_err("SELinux: avtab: truncated entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) 		datum.u.data = le32_to_cpu(*buf32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) 	if ((key.specified & AVTAB_TYPE) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) 	    !policydb_type_isvalid(pol, datum.u.data)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) 		pr_err("SELinux: avtab: invalid type\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) 	return insertf(a, &key, &datum, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) static int avtab_insertf(struct avtab *a, struct avtab_key *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) 			 struct avtab_datum *d, void *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) 	return avtab_insert(a, k, d);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) 	__le32 buf[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) 	u32 nel, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) 	rc = next_entry(buf, fp, sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) 	if (rc < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) 		pr_err("SELinux: avtab: truncated table\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) 		goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) 	nel = le32_to_cpu(buf[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) 	if (!nel) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) 		pr_err("SELinux: avtab: table is empty\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) 		rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) 		goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) 	rc = avtab_alloc(a, nel);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) 		goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) 	for (i = 0; i < nel; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) 		rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) 		if (rc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) 			if (rc == -ENOMEM)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) 				pr_err("SELinux: avtab: out of memory\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) 			else if (rc == -EEXIST)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) 				pr_err("SELinux: avtab: duplicate entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) 			goto bad;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) 	rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) bad:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) 	avtab_destroy(a);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) 	goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) 	__le16 buf16[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) 	__le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) 	unsigned int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) 	buf16[0] = cpu_to_le16(cur->key.source_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) 	buf16[1] = cpu_to_le16(cur->key.target_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) 	buf16[2] = cpu_to_le16(cur->key.target_class);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) 	buf16[3] = cpu_to_le16(cur->key.specified);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) 	rc = put_entry(buf16, sizeof(u16), 4, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) 	if (cur->key.specified & AVTAB_XPERMS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) 		rc = put_entry(&cur->datum.u.xperms->specified, sizeof(u8), 1, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) 		rc = put_entry(&cur->datum.u.xperms->driver, sizeof(u8), 1, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) 		for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633) 			buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) 		rc = put_entry(buf32, sizeof(u32),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) 				ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) 		buf32[0] = cpu_to_le32(cur->datum.u.data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) 		rc = put_entry(buf32, sizeof(u32), 1, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) int avtab_write(struct policydb *p, struct avtab *a, void *fp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) 	unsigned int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648) 	int rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) 	struct avtab_node *cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) 	__le32 buf[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) 	buf[0] = cpu_to_le32(a->nel);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) 	rc = put_entry(buf, sizeof(u32), 1, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) 	for (i = 0; i < a->nslot; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) 		for (cur = a->htable[i]; cur;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) 		     cur = cur->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) 			rc = avtab_write_item(p, cur, fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) 			if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) 				return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) void __init avtab_cache_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) 	avtab_node_cachep = kmem_cache_create("avtab_node",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) 					      sizeof(struct avtab_node),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) 					      0, SLAB_PANIC, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) 	avtab_xperms_cachep = kmem_cache_create("avtab_extended_perms",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) 						sizeof(struct avtab_extended_perms),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) 						0, SLAB_PANIC, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.