forked from Minki/linux
selinux: convert cond_list to array
Since it is fixed-size after allocation and we know the size beforehand, using a plain old array is simpler and more efficient. While there, also fix signedness of some related variables/parameters. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
8d269a8e2a
commit
60abd3181d
@ -14,12 +14,10 @@
|
||||
#include "security.h"
|
||||
|
||||
int security_get_bools(struct selinux_state *state,
|
||||
int *len, char ***names, int **values);
|
||||
u32 *len, char ***names, int **values);
|
||||
|
||||
int security_set_bools(struct selinux_state *state,
|
||||
int len, int *values);
|
||||
int security_set_bools(struct selinux_state *state, u32 len, int *values);
|
||||
|
||||
int security_get_bool_value(struct selinux_state *state,
|
||||
int index);
|
||||
int security_get_bool_value(struct selinux_state *state, u32 index);
|
||||
|
||||
#endif
|
||||
|
@ -1335,14 +1335,14 @@ static void sel_remove_entries(struct dentry *de)
|
||||
|
||||
static int sel_make_bools(struct selinux_fs_info *fsi)
|
||||
{
|
||||
int i, ret;
|
||||
int ret;
|
||||
ssize_t len;
|
||||
struct dentry *dentry = NULL;
|
||||
struct dentry *dir = fsi->bool_dir;
|
||||
struct inode *inode = NULL;
|
||||
struct inode_security_struct *isec;
|
||||
char **names = NULL, *page;
|
||||
int num;
|
||||
u32 i, num;
|
||||
int *values = NULL;
|
||||
u32 sid;
|
||||
|
||||
|
@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p)
|
||||
|
||||
p->bool_val_to_struct = NULL;
|
||||
p->cond_list = NULL;
|
||||
p->cond_list_len = 0;
|
||||
|
||||
rc = avtab_init(&p->te_cond_avtab);
|
||||
if (rc)
|
||||
@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node)
|
||||
}
|
||||
cond_av_list_destroy(node->true_list);
|
||||
cond_av_list_destroy(node->false_list);
|
||||
kfree(node);
|
||||
}
|
||||
|
||||
static void cond_list_destroy(struct cond_node *list)
|
||||
static void cond_list_destroy(struct policydb *p)
|
||||
{
|
||||
struct cond_node *next, *cur;
|
||||
u32 i;
|
||||
|
||||
if (list == NULL)
|
||||
return;
|
||||
|
||||
for (cur = list; cur; cur = next) {
|
||||
next = cur->next;
|
||||
cond_node_destroy(cur);
|
||||
}
|
||||
for (i = 0; i < p->cond_list_len; i++)
|
||||
cond_node_destroy(&p->cond_list[i]);
|
||||
kfree(p->cond_list);
|
||||
}
|
||||
|
||||
void cond_policydb_destroy(struct policydb *p)
|
||||
{
|
||||
kfree(p->bool_val_to_struct);
|
||||
avtab_destroy(&p->te_cond_avtab);
|
||||
cond_list_destroy(p->cond_list);
|
||||
cond_list_destroy(p);
|
||||
}
|
||||
|
||||
int cond_init_bool_indexes(struct policydb *p)
|
||||
@ -447,7 +443,6 @@ err:
|
||||
|
||||
int cond_read_list(struct policydb *p, void *fp)
|
||||
{
|
||||
struct cond_node *node, *last = NULL;
|
||||
__le32 buf[1];
|
||||
u32 i, len;
|
||||
int rc;
|
||||
@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp)
|
||||
|
||||
len = le32_to_cpu(buf[0]);
|
||||
|
||||
p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
|
||||
if (!p->cond_list)
|
||||
return rc;
|
||||
|
||||
rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
rc = -ENOMEM;
|
||||
node = kzalloc(sizeof(*node), GFP_KERNEL);
|
||||
if (!node)
|
||||
goto err;
|
||||
p->cond_list_len = len;
|
||||
|
||||
rc = cond_read_node(p, node, fp);
|
||||
for (i = 0; i < len; i++) {
|
||||
rc = cond_read_node(p, &p->cond_list[i], fp);
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
if (i == 0)
|
||||
p->cond_list = node;
|
||||
else
|
||||
last->next = node;
|
||||
last = node;
|
||||
}
|
||||
return 0;
|
||||
err:
|
||||
cond_list_destroy(p->cond_list);
|
||||
cond_list_destroy(p);
|
||||
p->cond_list = NULL;
|
||||
return rc;
|
||||
}
|
||||
@ -585,23 +575,19 @@ static int cond_write_node(struct policydb *p, struct cond_node *node,
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cond_write_list(struct policydb *p, struct cond_node *list, void *fp)
|
||||
int cond_write_list(struct policydb *p, void *fp)
|
||||
{
|
||||
struct cond_node *cur;
|
||||
u32 len;
|
||||
u32 i;
|
||||
__le32 buf[1];
|
||||
int rc;
|
||||
|
||||
len = 0;
|
||||
for (cur = list; cur != NULL; cur = cur->next)
|
||||
len++;
|
||||
buf[0] = cpu_to_le32(len);
|
||||
buf[0] = cpu_to_le32(p->cond_list_len);
|
||||
rc = put_entry(buf, sizeof(u32), 1, fp);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
for (cur = list; cur != NULL; cur = cur->next) {
|
||||
rc = cond_write_node(p, cur, fp);
|
||||
for (i = 0; i < p->cond_list_len; i++) {
|
||||
rc = cond_write_node(p, &p->cond_list[i], fp);
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
|
@ -55,7 +55,6 @@ struct cond_node {
|
||||
struct cond_expr *expr;
|
||||
struct cond_av_list *true_list;
|
||||
struct cond_av_list *false_list;
|
||||
struct cond_node *next;
|
||||
};
|
||||
|
||||
int cond_policydb_init(struct policydb *p);
|
||||
@ -69,7 +68,7 @@ int cond_index_bool(void *key, void *datum, void *datap);
|
||||
int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
|
||||
int cond_read_list(struct policydb *p, void *fp);
|
||||
int cond_write_bool(void *key, void *datum, void *ptr);
|
||||
int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
|
||||
int cond_write_list(struct policydb *p, void *fp);
|
||||
|
||||
void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
|
||||
struct av_decision *avd, struct extended_perms *xperms);
|
||||
|
@ -3483,7 +3483,7 @@ int policydb_write(struct policydb *p, void *fp)
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = cond_write_list(p, p->cond_list, fp);
|
||||
rc = cond_write_list(p, fp);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
|
@ -272,8 +272,9 @@ struct policydb {
|
||||
struct cond_bool_datum **bool_val_to_struct;
|
||||
/* type enforcement conditional access vectors and transitions */
|
||||
struct avtab te_cond_avtab;
|
||||
/* linked list indexing te_cond_avtab by conditional */
|
||||
/* array indexing te_cond_avtab by conditional */
|
||||
struct cond_node *cond_list;
|
||||
u32 cond_list_len;
|
||||
|
||||
/* role allows */
|
||||
struct role_allow *role_allow;
|
||||
|
@ -2867,10 +2867,11 @@ out:
|
||||
}
|
||||
|
||||
int security_get_bools(struct selinux_state *state,
|
||||
int *len, char ***names, int **values)
|
||||
u32 *len, char ***names, int **values)
|
||||
{
|
||||
struct policydb *policydb;
|
||||
int i, rc;
|
||||
u32 i;
|
||||
int rc;
|
||||
|
||||
if (!selinux_initialized(state)) {
|
||||
*len = 0;
|
||||
@ -2924,12 +2925,11 @@ err:
|
||||
}
|
||||
|
||||
|
||||
int security_set_bools(struct selinux_state *state, int len, int *values)
|
||||
int security_set_bools(struct selinux_state *state, u32 len, int *values)
|
||||
{
|
||||
struct policydb *policydb;
|
||||
int i, rc;
|
||||
int lenp, seqno = 0;
|
||||
struct cond_node *cur;
|
||||
int rc;
|
||||
u32 i, lenp, seqno = 0;
|
||||
|
||||
write_lock_irq(&state->ss->policy_rwlock);
|
||||
|
||||
@ -2957,8 +2957,8 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
|
||||
policydb->bool_val_to_struct[i]->state = 0;
|
||||
}
|
||||
|
||||
for (cur = policydb->cond_list; cur; cur = cur->next)
|
||||
evaluate_cond_node(policydb, cur);
|
||||
for (i = 0; i < policydb->cond_list_len; i++)
|
||||
evaluate_cond_node(policydb, &policydb->cond_list[i]);
|
||||
|
||||
seqno = ++state->ss->latest_granting;
|
||||
rc = 0;
|
||||
@ -2974,11 +2974,11 @@ out:
|
||||
}
|
||||
|
||||
int security_get_bool_value(struct selinux_state *state,
|
||||
int index)
|
||||
u32 index)
|
||||
{
|
||||
struct policydb *policydb;
|
||||
int rc;
|
||||
int len;
|
||||
u32 len;
|
||||
|
||||
read_lock(&state->ss->policy_rwlock);
|
||||
|
||||
@ -2998,10 +2998,10 @@ out:
|
||||
static int security_preserve_bools(struct selinux_state *state,
|
||||
struct policydb *policydb)
|
||||
{
|
||||
int rc, nbools = 0, *bvalues = NULL, i;
|
||||
int rc, *bvalues = NULL;
|
||||
char **bnames = NULL;
|
||||
struct cond_bool_datum *booldatum;
|
||||
struct cond_node *cur;
|
||||
u32 i, nbools = 0;
|
||||
|
||||
rc = security_get_bools(state, &nbools, &bnames, &bvalues);
|
||||
if (rc)
|
||||
@ -3011,8 +3011,8 @@ static int security_preserve_bools(struct selinux_state *state,
|
||||
if (booldatum)
|
||||
booldatum->state = bvalues[i];
|
||||
}
|
||||
for (cur = policydb->cond_list; cur; cur = cur->next)
|
||||
evaluate_cond_node(policydb, cur);
|
||||
for (i = 0; i < policydb->cond_list_len; i++)
|
||||
evaluate_cond_node(policydb, &policydb->cond_list[i]);
|
||||
|
||||
out:
|
||||
if (bnames) {
|
||||
|
Loading…
Reference in New Issue
Block a user