GIT 2c53f3dd52e9ab57c7c5b08becd8e4145287f34c git+ssh://master.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm commit Author: Eric Paris Date: Mon Jun 4 17:41:22 2007 -0400 selinux: introduce schedule points in policydb_destroy() During the LSPP testing we found that it was possible for policydb_destroy() to take 10+ seconds of kernel time to complete. Basically all policydb_destroy() does is walk some (possibly long) lists and free the memory it finds. Turning off slab debugging config options made the problem go away since the actual functions which took most of the time were (as seen by oprofile) > 121202 23.9879 .check_poison_obj > 78247 15.4864 .check_slabp were caused by that. So I decided to also add some voluntary schedule points in that code so config voluntary preempt would be enough to solve the problem. Something similar was done in places like shmem_free_pages() when we have to walk a list of memory and free it. This was tested by the LSPP group on the hardware which could reproduce the problem just loading a new policy and was found to not trigger the softlock detector. It takes just as much processing time, but the kernel doesn't spend all that time stuck doing one thing and never scheduling. Someday a better way to handle memory might make the time needed in this function a lot less, but this fixes the current issue as it stands today. Signed-off-by: Eric Paris Signed-off-by: James Morris commit 643d2c3dec97a83d253cfc38ff529c6688275e99 Author: James Morris Date: Thu May 24 19:04:30 2007 -0400 security: revalidate rw permissions for sys_splice and sys_vmsplice Revalidate read/write permissions for splice(2) and vmslice(2), in case security policy has changed since the files were opened. Signed-off-by: James Morris Signed-off-by: Jens Axboe Acked-by: Stephen Smalley commit 1a1c56a0bd1d0f22e71f1a1597c4b00b2a0172f8 Author: Christopher J. PeBenito Date: Wed May 23 09:12:09 2007 -0400 selinux: add selinuxfs structure for object class discovery The structure is as follows (relative to selinuxfs root): /class/file/index /class/file/perms/read /class/file/perms/write ... Each class is allocated 33 inodes, 1 for the class index and 32 for permissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file DIV 33 is the class number. The inode of the permission file % 33 is the index of the permission for that class. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris commit 48943c43b1088636de6c21a53b69e6bff0ce006a Author: Christopher J. PeBenito Date: Wed May 23 09:12:08 2007 -0400 selinux: change sel_make_dir() to specify inode counter. Specify the inode counter explicitly in sel_make_dir(), rather than always using sel_last_ino. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris commit 6fcbc87886e3db7d2e2462df8a099bf49b7daf25 Author: Christopher J. PeBenito Date: Wed May 23 09:12:07 2007 -0400 selinux: rename sel_remove_bools() for more general usage. sel_remove_bools() will also be used by the object class discovery, rename it for more general use. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris commit 7cb5e22dc5bf4f6bddd601202332ad64135627e4 Author: Christopher J. PeBenito Date: Wed May 23 09:12:06 2007 -0400 selinux: add support for querying object classes and permissions from the running policy Add support to the SELinux security server for obtaining a list of classes, and for obtaining a list of permissions for a specified class. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris commit ee9f2900c7575fd83ee64ece34d40c91e569a995 Author: Stephen Smalley Date: Thu Apr 19 14:16:19 2007 -0400 selinux: preserve boolean values across policy reloads At present, the userland policy loading code has to go through contortions to preserve boolean values across policy reloads, and cannot do so atomically. As this is what we always want to do for reloads, let the kernel preserve them instead. Signed-off-by: Stephen Smalley Acked-by: Karl MacMillan Signed-off-by: James Morris commit ce203bcc43b1771d19ed7495a5c4fc0bb715fbdd Author: James Carter Date: Wed Apr 4 16:18:50 2007 -0400 selinux: change numbering of boolean directory inodes in selinuxfs Change the numbering of the booleans directory inodes in selinuxfs to provide more room for new inodes without a conflict in inode numbers and to be consistent with how inode numbering is done in the initial_contexts directory. Signed-off-by: James Carter Acked-by: Eric Paris Acked-by: Stephen Smalley Signed-off-by: James Morris commit a935255c4675ee55dccf5207bb2099b2584b68fd Author: James Carter Date: Wed Apr 4 16:18:43 2007 -0400 selinux: remove unused enumeration constant from selinuxfs Remove the unused enumeration constant, SEL_AVC, from the sel_inos enumeration in selinuxfs. Signed-off-by: James Carter Acked-by: Eric Paris Acked-by: Stephen Smalley Signed-off-by: James Morris commit 15bb6b7c3944a5c0cf3827c46135d970da05350f Author: James Carter Date: Wed Apr 4 16:18:39 2007 -0400 selinux: explicitly number all selinuxfs inodes Explicitly number all selinuxfs inodes to prevent a conflict between inodes numbered using last_ino when created with new_inode() and those labeled explicitly. Signed-off-by: James Carter Acked-by: Eric Paris Acked-by: Stephen Smalley Signed-off-by: James Morris commit 9545dc3d0e1a7fb8f3c0e699e186a90a5c07662b Author: James Carter Date: Wed Apr 4 10:11:29 2007 -0400 selinux: export initial SID contexts via selinuxfs Make the initial SID contexts accessible to userspace via selinuxfs. An initial use of this support will be to make the unlabeled context available to libselinux for use for invalidated userspace SIDs. Signed-off-by: James Carter Acked-by: Stephen Smalley Signed-off-by: James Morris commit b740419aeaf1f5f32acff94f51eeb27a05b3a7d9 Author: Stephen Smalley Date: Mon Mar 26 13:36:26 2007 -0400 selinux: remove userland security class and permission definitions Remove userland security class and permission definitions from the kernel as the kernel only needs to use and validate its own class and permission definitions and userland definitions may change. Signed-off-by: Stephen Smalley Signed-off-by: James Morris commit afe24e79a3c61de2e2ad016211372f18f7bdebc3 Author: Paul Moore Date: Thu Mar 1 14:35:22 2007 -0500 SELinux: move security_skb_extlbl_sid() out of the security server As suggested, move the security_skb_extlbl_sid() function out of the security server and into the SELinux hooks file. Signed-off-by: Paul Moore Acked-by: Stephen Smalley Signed-off-by: James Morris commit 183d1d821aca04e0698db5345dcd1d1cd8d853f9 Author: Stephen Smalley Date: Fri Feb 23 09:20:09 2007 -0500 MAINTAINERS: update selinux entry Add Eric Paris as an SELinux maintainer. Signed-off-by: James Morris commit 612af53b56a304b0ac87a14dd1d9fe743163472b Author: Paul Moore Date: Wed Feb 28 15:14:23 2007 -0500 SELinux: rename selinux_netlabel.h to netlabel.h In the beginning I named the file selinux_netlabel.h to avoid potential namespace colisions. However, over time I have realized that there are several other similar cases of multiple header files with the same name so I'm changing the name to something which better fits with existing naming conventions. Signed-off-by: Paul Moore Signed-off-by: James Morris commit 8d8f7c1045081efa51d8135a6bd1516355e10916 Author: Paul Moore Date: Wed Feb 28 15:14:22 2007 -0500 SELinux: extract the NetLabel SELinux support from the security server Up until this patch the functions which have provided NetLabel support to SELinux have been integrated into the SELinux security server, which for various reasons is not really ideal. This patch makes an effort to extract as much of the NetLabel support from the security server as possibile and move it into it's own file within the SELinux directory structure. Signed-off-by: Paul Moore Signed-off-by: James Morris commit bb64df2da05eceb62acd32fdc13c23a7006c3d85 Author: Paul Moore Date: Wed Feb 28 15:14:21 2007 -0500 NetLabel: convert a BUG_ON in the CIPSO code to a runtime check This patch changes a BUG_ON in the CIPSO code to a runtime check. It should also increase the readability of the code as it replaces an unexplained constant with a well defined macro. Signed-off-by: Paul Moore Signed-off-by: James Morris commit b6b432b3fdddfae3c9908f6bd10f1d256d9e1087 Author: Paul Moore Date: Wed Feb 28 15:14:20 2007 -0500 NetLabel: cleanup and document CIPSO constants This patch collects all of the CIPSO constants and puts them in one place; it also documents each value explaining how the value is derived. Signed-off-by: Paul Moore Signed-off-by: James Morris commit a1e2554b5d6bf11a526dfd78d98715fcb8e4d932 Author: Stephen Smalley Date: Mon Feb 26 12:02:34 2007 -0500 Always initialize scontext and scontext_len Always initialize *scontext and *scontext_len in security_sid_to_context. (via http://lkml.org/lkml/2007/2/23/135) Signed-off-by: Stephen Smalley Signed-off-by: James Morris commit 3355090cadc83ffd885c11c075d78c223ad04d30 Author: Eric Paris Date: Thu Feb 22 18:11:31 2007 -0500 Reassign printk levels in selinux kernel code Below is a patch which demotes many printk lines to KERN_DEBUG from KERN_INFO. It should help stop the spamming of logs with messages in which users are not interested nor is there any action that users should take. It also promotes some KERN_INFO to KERN_ERR such as when there are improper attempts to register/unregister security modules. A similar patch was discussed a while back on list: http://marc.theaimsgroup.com/?t=116656343500003&r=1&w=2 This patch addresses almost all of the issues raised. I believe the only advice not taken was in the demoting of messages related to undefined permissions and classes. Signed-off-by: Eric Paris Acked-by: Stephen Smalley security/selinux/hooks.c | 20 ++++++++++---------- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/policydb.c | 6 +++--- security/selinux/ss/sidtab.c | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) Signed-off-by: James Morris commit 9fa641b08233f144fed7cd577bd8b41a706bc621 Author: Venkat Yekkirala Date: Tue Dec 12 13:02:41 2006 -0600 selinux: Delete mls_copy_context This deletes mls_copy_context() in favor of mls_context_cpy() and replaces mls_scopy_context() with mls_context_cpy_low(). Signed-off-by: Venkat Yekkirala Acked-by: Stephen Smalley Signed-off-by: James Morris commit 6dc6dca8bd34b1c8e4506f510adc78f40f0bc454 Author: Joy Latten Date: Thu Nov 30 15:50:43 2006 -0600 audit: disable ipsec auditing when CONFIG_AUDITSYSCALL=n Disables auditing in ipsec when CONFIG_AUDITSYSCALL is disabled in the kernel. Also includes a bug fix for xfrm_state.c as a result of original ipsec audit patch. Signed-off-by: Joy Latten Signed-off-by: James Morris commit faafdc1dc743b7e8215e02219109f9e346430619 Author: Joy Latten Date: Mon Nov 27 13:11:54 2006 -0600 Add auditing to ipsec An audit message occurs when an ipsec SA or ipsec policy is created/deleted. Signed-off-by: Joy Latten Signed-off-by: James Morris fs/splice.c | 14 ++ security/selinux/include/security.h | 4 + security/selinux/selinuxfs.c | 271 ++++++++++++++++++++++++++++++++++- security/selinux/ss/policydb.c | 7 + security/selinux/ss/services.c | 95 ++++++++++++ 5 files changed, 380 insertions(+), 11 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index 12f2828..3087d05 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -28,6 +28,7 @@ #include #include #include #include +#include struct partial_page { unsigned int offset; @@ -912,6 +913,10 @@ static long do_splice_from(struct pipe_i if (unlikely(ret < 0)) return ret; + ret = security_file_permission(out, MAY_WRITE); + if (unlikely(ret < 0)) + return ret; + return out->f_op->splice_write(pipe, out, ppos, len, flags); } @@ -935,6 +940,10 @@ static long do_splice_to(struct file *in if (unlikely(ret < 0)) return ret; + ret = security_file_permission(in, MAY_READ); + if (unlikely(ret < 0)) + return ret; + isize = i_size_read(in->f_mapping->host); if (unlikely(*ppos >= isize)) return 0; @@ -1263,6 +1272,7 @@ static int get_iovec_page_array(const st static long do_vmsplice(struct file *file, const struct iovec __user *iov, unsigned long nr_segs, unsigned int flags) { + long err; struct pipe_inode_info *pipe; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; @@ -1281,6 +1291,10 @@ static long do_vmsplice(struct file *fil else if (unlikely(!nr_segs)) return 0; + err = security_file_permission(file, MAY_WRITE); + if (unlikely(err < 0)) + return err; + spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial, flags & SPLICE_F_GIFT); if (spd.nr_pages <= 0) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index b94378a..83bdd4d 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -41,6 +41,7 @@ extern int selinux_mls_enabled; int security_load_policy(void * data, size_t len); +#define SEL_VEC_MAX 32 struct av_decision { u32 allowed; u32 decided; @@ -87,6 +88,9 @@ int security_validate_transition(u32 old int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); +int security_get_classes(char ***classes, int *nclasses); +int security_get_permissions(char *class, char ***perms, int *nperms); + #define SECURITY_FS_USE_XATTR 1 /* use xattr */ #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ #define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index aca099a..53345f1 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -67,6 +67,10 @@ static struct dentry *bool_dir = NULL; static int bool_num = 0; static int *bool_pending_values = NULL; +/* global data for classes */ +static struct dentry *class_dir = NULL; +static unsigned long last_class_ino; + extern void selnl_notify_setenforce(int val); /* Check whether a task is allowed to use a security operation. */ @@ -106,6 +110,7 @@ static unsigned long sel_last_ino = SEL_ #define SEL_INITCON_INO_OFFSET 0x01000000 #define SEL_BOOL_INO_OFFSET 0x02000000 +#define SEL_CLASS_INO_OFFSET 0x04000000 #define SEL_INO_MASK 0x00ffffff #define TMPBUFLEN 12 @@ -237,6 +242,11 @@ static const struct file_operations sel_ /* declaration for sel_write_load */ static int sel_make_bools(void); +static int sel_make_classes(void); + +/* declaration for sel_make_class_dirs */ +static int sel_make_dir(struct inode *dir, struct dentry *dentry, + unsigned long *ino); static ssize_t sel_read_mls(struct file *filp, char __user *buf, size_t count, loff_t *ppos) @@ -287,10 +297,18 @@ static ssize_t sel_write_load(struct fil goto out; ret = sel_make_bools(); + if (ret) { + length = ret; + goto out1; + } + + ret = sel_make_classes(); if (ret) length = ret; else length = count; + +out1: audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, "policy loaded auid=%u", audit_get_loginuid(current->audit_context)); @@ -940,9 +958,8 @@ static const struct file_operations sel_ .write = sel_commit_bools_write, }; -/* delete booleans - partial revoke() from - * fs/proc/generic.c proc_kill_inodes */ -static void sel_remove_bools(struct dentry *de) +/* partial revoke() from fs/proc/generic.c proc_kill_inodes */ +static void sel_remove_entries(struct dentry *de) { struct list_head *p, *node; struct super_block *sb = de->d_sb; @@ -998,7 +1015,7 @@ static int sel_make_bools(void) kfree(bool_pending_values); bool_pending_values = NULL; - sel_remove_bools(dir); + sel_remove_entries(dir); if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) return -ENOMEM; @@ -1048,7 +1065,7 @@ out: return ret; err: kfree(values); - sel_remove_bools(dir); + sel_remove_entries(dir); ret = -ENOMEM; goto out; } @@ -1245,7 +1262,7 @@ out: return ret; } -static ssize_t sel_read_initcon(struct file * file, char __user *buf, +static ssize_t sel_read_initcon(struct file * file, char __user *buf, size_t count, loff_t *ppos) { struct inode *inode; @@ -1294,7 +1311,227 @@ out: return ret; } -static int sel_make_dir(struct inode *dir, struct dentry *dentry) +static inline unsigned int sel_div(unsigned long a, unsigned long b) +{ + return a / b - (a % b < 0); +} + +static inline unsigned long sel_class_to_ino(u16 class) +{ + return (class * (SEL_VEC_MAX + 1)) | SEL_CLASS_INO_OFFSET; +} + +static inline u16 sel_ino_to_class(unsigned long ino) +{ + return sel_div(ino & SEL_INO_MASK, SEL_VEC_MAX + 1); +} + +static inline unsigned long sel_perm_to_ino(u16 class, u32 perm) +{ + return (class * (SEL_VEC_MAX + 1) + perm) | SEL_CLASS_INO_OFFSET; +} + +static inline u32 sel_ino_to_perm(unsigned long ino) +{ + return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1); +} + +static ssize_t sel_read_class(struct file * file, char __user *buf, + size_t count, loff_t *ppos) +{ + ssize_t rc, len; + char *page; + unsigned long ino = file->f_path.dentry->d_inode->i_ino; + + page = (char *)__get_free_page(GFP_KERNEL); + if (!page) { + rc = -ENOMEM; + goto out; + } + + len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); + rc = simple_read_from_buffer(buf, count, ppos, page, len); + free_page((unsigned long)page); +out: + return rc; +} + +static const struct file_operations sel_class_ops = { + .read = sel_read_class, +}; + +static ssize_t sel_read_perm(struct file * file, char __user *buf, + size_t count, loff_t *ppos) +{ + ssize_t rc, len; + char *page; + unsigned long ino = file->f_path.dentry->d_inode->i_ino; + + page = (char *)__get_free_page(GFP_KERNEL); + if (!page) { + rc = -ENOMEM; + goto out; + } + + len = snprintf(page, PAGE_SIZE,"%d", sel_ino_to_perm(ino)); + rc = simple_read_from_buffer(buf, count, ppos, page, len); + free_page((unsigned long)page); +out: + return rc; +} + +static const struct file_operations sel_perm_ops = { + .read = sel_read_perm, +}; + +static int sel_make_perm_files(char *objclass, int classvalue, + struct dentry *dir) +{ + int i, rc = 0, nperms; + char **perms; + + rc = security_get_permissions(objclass, &perms, &nperms); + if (rc) + goto out; + + for (i = 0; i < nperms; i++) { + struct inode *inode; + struct dentry *dentry; + + dentry = d_alloc_name(dir, perms[i]); + if (!dentry) { + rc = -ENOMEM; + goto out1; + } + + inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); + if (!inode) { + rc = -ENOMEM; + goto out1; + } + inode->i_fop = &sel_perm_ops; + /* i+1 since perm values are 1-indexed */ + inode->i_ino = sel_perm_to_ino(classvalue, i+1); + d_add(dentry, inode); + } + +out1: + for (i = 0; i < nperms; i++) + kfree(perms[i]); + kfree(perms); +out: + return rc; +} + +static int sel_make_class_dir_entries(char *classname, int index, + struct dentry *dir) +{ + struct dentry *dentry = NULL; + struct inode *inode = NULL; + int rc; + + dentry = d_alloc_name(dir, "index"); + if (!dentry) { + rc = -ENOMEM; + goto out; + } + + inode = sel_make_inode(dir->d_sb, S_IFREG|S_IRUGO); + if (!inode) { + rc = -ENOMEM; + goto out; + } + + inode->i_fop = &sel_class_ops; + inode->i_ino = sel_class_to_ino(index); + d_add(dentry, inode); + + dentry = d_alloc_name(dir, "perms"); + if (!dentry) { + rc = -ENOMEM; + goto out; + } + + rc = sel_make_dir(dir->d_inode, dentry, &last_class_ino); + if (rc) + goto out; + + rc = sel_make_perm_files(classname, index, dentry); + +out: + return rc; +} + +static void sel_remove_classes(void) +{ + struct list_head *class_node; + + list_for_each(class_node, &class_dir->d_subdirs) { + struct dentry *class_subdir = list_entry(class_node, + struct dentry, d_u.d_child); + struct list_head *class_subdir_node; + + list_for_each(class_subdir_node, &class_subdir->d_subdirs) { + struct dentry *d = list_entry(class_subdir_node, + struct dentry, d_u.d_child); + + if (d->d_inode) + if (d->d_inode->i_mode & S_IFDIR) + sel_remove_entries(d); + } + + sel_remove_entries(class_subdir); + } + + sel_remove_entries(class_dir); +} + +static int sel_make_classes(void) +{ + int rc = 0, nclasses, i; + char **classes; + + /* delete any existing entries */ + sel_remove_classes(); + + rc = security_get_classes(&classes, &nclasses); + if (rc < 0) + goto out; + + /* +2 since classes are 1-indexed */ + last_class_ino = sel_class_to_ino(nclasses+2); + + for (i = 0; i < nclasses; i++) { + struct dentry *class_name_dir; + + class_name_dir = d_alloc_name(class_dir, classes[i]); + if (!class_name_dir) { + rc = -ENOMEM; + goto out1; + } + + rc = sel_make_dir(class_dir->d_inode, class_name_dir, + &last_class_ino); + if (rc) + goto out1; + + /* i+1 since class values are 1-indexed */ + rc = sel_make_class_dir_entries(classes[i], i+1, + class_name_dir); + if (rc) + goto out1; + } + +out1: + for (i = 0; i < nclasses; i++) + kfree(classes[i]); + kfree(classes); +out: + return rc; +} + +static int sel_make_dir(struct inode *dir, struct dentry *dentry, + unsigned long *ino) { int ret = 0; struct inode *inode; @@ -1306,7 +1543,7 @@ static int sel_make_dir(struct inode *di } inode->i_op = &simple_dir_inode_operations; inode->i_fop = &simple_dir_operations; - inode->i_ino = ++sel_last_ino; + inode->i_ino = ++(*ino); /* directory inodes start off with i_nlink == 2 (for "." entry) */ inc_nlink(inode); d_add(dentry, inode); @@ -1352,7 +1589,7 @@ static int sel_fill_super(struct super_b goto err; } - ret = sel_make_dir(root_inode, dentry); + ret = sel_make_dir(root_inode, dentry, &sel_last_ino); if (ret) goto err; @@ -1385,7 +1622,7 @@ static int sel_fill_super(struct super_b goto err; } - ret = sel_make_dir(root_inode, dentry); + ret = sel_make_dir(root_inode, dentry, &sel_last_ino); if (ret) goto err; @@ -1399,7 +1636,7 @@ static int sel_fill_super(struct super_b goto err; } - ret = sel_make_dir(root_inode, dentry); + ret = sel_make_dir(root_inode, dentry, &sel_last_ino); if (ret) goto err; @@ -1407,6 +1644,18 @@ static int sel_fill_super(struct super_b if (ret) goto err; + dentry = d_alloc_name(sb->s_root, "class"); + if (!dentry) { + ret = -ENOMEM; + goto err; + } + + ret = sel_make_dir(root_inode, dentry, &sel_last_ino); + if (ret) + goto err; + + class_dir = dentry; + out: return ret; err: diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 0ac1021..f05f97a 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -21,6 +21,7 @@ */ #include +#include #include #include #include @@ -598,6 +599,7 @@ void policydb_destroy(struct policydb *p struct range_trans *rt, *lrt = NULL; for (i = 0; i < SYM_NUM; i++) { + cond_resched(); hashtab_map(p->symtab[i].table, destroy_f[i], NULL); hashtab_destroy(p->symtab[i].table); } @@ -612,6 +614,7 @@ void policydb_destroy(struct policydb *p avtab_destroy(&p->te_avtab); for (i = 0; i < OCON_NUM; i++) { + cond_resched(); c = p->ocontexts[i]; while (c) { ctmp = c; @@ -623,6 +626,7 @@ void policydb_destroy(struct policydb *p g = p->genfs; while (g) { + cond_resched(); kfree(g->fstype); c = g->head; while (c) { @@ -639,18 +643,21 @@ void policydb_destroy(struct policydb *p cond_policydb_destroy(p); for (tr = p->role_tr; tr; tr = tr->next) { + cond_resched(); kfree(ltr); ltr = tr; } kfree(ltr); for (ra = p->role_allow; ra; ra = ra -> next) { + cond_resched(); kfree(lra); lra = ra; } kfree(lra); for (rt = p->range_tr; rt; rt = rt -> next) { + cond_resched(); if (lrt) { ebitmap_destroy(&lrt->target_range.level[0].cat); ebitmap_destroy(&lrt->target_range.level[1].cat); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 40660ff..e4249ad 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1996,6 +1996,101 @@ out: return rc; } +static int get_classes_callback(void *k, void *d, void *args) +{ + struct class_datum *datum = d; + char *name = k, **classes = args; + int value = datum->value - 1; + + classes[value] = kstrdup(name, GFP_ATOMIC); + if (!classes[value]) + return -ENOMEM; + + return 0; +} + +int security_get_classes(char ***classes, int *nclasses) +{ + int rc = -ENOMEM; + + POLICY_RDLOCK; + + *nclasses = policydb.p_classes.nprim; + *classes = kcalloc(*nclasses, sizeof(*classes), GFP_ATOMIC); + if (!*classes) + goto out; + + rc = hashtab_map(policydb.p_classes.table, get_classes_callback, + *classes); + if (rc < 0) { + int i; + for (i = 0; i < *nclasses; i++) + kfree((*classes)[i]); + kfree(*classes); + } + +out: + POLICY_RDUNLOCK; + return rc; +} + +static int get_permissions_callback(void *k, void *d, void *args) +{ + struct perm_datum *datum = d; + char *name = k, **perms = args; + int value = datum->value - 1; + + perms[value] = kstrdup(name, GFP_ATOMIC); + if (!perms[value]) + return -ENOMEM; + + return 0; +} + +int security_get_permissions(char *class, char ***perms, int *nperms) +{ + int rc = -ENOMEM, i; + struct class_datum *match; + + POLICY_RDLOCK; + + match = hashtab_search(policydb.p_classes.table, class); + if (!match) { + printk(KERN_ERR "%s: unrecognized class %s\n", + __FUNCTION__, class); + rc = -EINVAL; + goto out; + } + + *nperms = match->permissions.nprim; + *perms = kcalloc(*nperms, sizeof(*perms), GFP_ATOMIC); + if (!*perms) + goto out; + + if (match->comdatum) { + rc = hashtab_map(match->comdatum->permissions.table, + get_permissions_callback, *perms); + if (rc < 0) + goto err; + } + + rc = hashtab_map(match->permissions.table, get_permissions_callback, + *perms); + if (rc < 0) + goto err; + +out: + POLICY_RDUNLOCK; + return rc; + +err: + POLICY_RDUNLOCK; + for (i = 0; i < *nperms; i++) + kfree((*perms)[i]); + kfree(*perms); + return rc; +} + struct selinux_audit_rule { u32 au_seqno; struct context au_ctxt;