Commit 60abd318 authored by Ondrej Mosnacek's avatar Ondrej Mosnacek Committed by Paul Moore

selinux: convert cond_list to array

Since it is fixed-size after allocation and we know the size beforehand,
using a plain old array is simpler and more efficient.

While there, also fix signedness of some related variables/parameters.
Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 8d269a8e
...@@ -14,12 +14,10 @@ ...@@ -14,12 +14,10 @@
#include "security.h" #include "security.h"
int security_get_bools(struct selinux_state *state, int security_get_bools(struct selinux_state *state,
int *len, char ***names, int **values); u32 *len, char ***names, int **values);
int security_set_bools(struct selinux_state *state, int security_set_bools(struct selinux_state *state, u32 len, int *values);
int len, int *values);
int security_get_bool_value(struct selinux_state *state, int security_get_bool_value(struct selinux_state *state, u32 index);
int index);
#endif #endif
...@@ -1335,14 +1335,14 @@ static void sel_remove_entries(struct dentry *de) ...@@ -1335,14 +1335,14 @@ static void sel_remove_entries(struct dentry *de)
static int sel_make_bools(struct selinux_fs_info *fsi) static int sel_make_bools(struct selinux_fs_info *fsi)
{ {
int i, ret; int ret;
ssize_t len; ssize_t len;
struct dentry *dentry = NULL; struct dentry *dentry = NULL;
struct dentry *dir = fsi->bool_dir; struct dentry *dir = fsi->bool_dir;
struct inode *inode = NULL; struct inode *inode = NULL;
struct inode_security_struct *isec; struct inode_security_struct *isec;
char **names = NULL, *page; char **names = NULL, *page;
int num; u32 i, num;
int *values = NULL; int *values = NULL;
u32 sid; u32 sid;
......
...@@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p) ...@@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p)
p->bool_val_to_struct = NULL; p->bool_val_to_struct = NULL;
p->cond_list = NULL; p->cond_list = NULL;
p->cond_list_len = 0;
rc = avtab_init(&p->te_cond_avtab); rc = avtab_init(&p->te_cond_avtab);
if (rc) if (rc)
...@@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node) ...@@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node)
} }
cond_av_list_destroy(node->true_list); cond_av_list_destroy(node->true_list);
cond_av_list_destroy(node->false_list); cond_av_list_destroy(node->false_list);
kfree(node);
} }
static void cond_list_destroy(struct cond_node *list) static void cond_list_destroy(struct policydb *p)
{ {
struct cond_node *next, *cur; u32 i;
if (list == NULL) for (i = 0; i < p->cond_list_len; i++)
return; cond_node_destroy(&p->cond_list[i]);
kfree(p->cond_list);
for (cur = list; cur; cur = next) {
next = cur->next;
cond_node_destroy(cur);
}
} }
void cond_policydb_destroy(struct policydb *p) void cond_policydb_destroy(struct policydb *p)
{ {
kfree(p->bool_val_to_struct); kfree(p->bool_val_to_struct);
avtab_destroy(&p->te_cond_avtab); avtab_destroy(&p->te_cond_avtab);
cond_list_destroy(p->cond_list); cond_list_destroy(p);
} }
int cond_init_bool_indexes(struct policydb *p) int cond_init_bool_indexes(struct policydb *p)
...@@ -447,7 +443,6 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) ...@@ -447,7 +443,6 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
int cond_read_list(struct policydb *p, void *fp) int cond_read_list(struct policydb *p, void *fp)
{ {
struct cond_node *node, *last = NULL;
__le32 buf[1]; __le32 buf[1];
u32 i, len; u32 i, len;
int rc; int rc;
...@@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp) ...@@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp)
len = le32_to_cpu(buf[0]); len = le32_to_cpu(buf[0]);
p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
if (!p->cond_list)
return rc;
rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel); rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
if (rc) if (rc)
goto err; goto err;
for (i = 0; i < len; i++) { p->cond_list_len = len;
rc = -ENOMEM;
node = kzalloc(sizeof(*node), GFP_KERNEL);
if (!node)
goto err;
rc = cond_read_node(p, node, fp); for (i = 0; i < len; i++) {
rc = cond_read_node(p, &p->cond_list[i], fp);
if (rc) if (rc)
goto err; goto err;
if (i == 0)
p->cond_list = node;
else
last->next = node;
last = node;
} }
return 0; return 0;
err: err:
cond_list_destroy(p->cond_list); cond_list_destroy(p);
p->cond_list = NULL; p->cond_list = NULL;
return rc; return rc;
} }
...@@ -585,23 +575,19 @@ static int cond_write_node(struct policydb *p, struct cond_node *node, ...@@ -585,23 +575,19 @@ static int cond_write_node(struct policydb *p, struct cond_node *node,
return 0; return 0;
} }
int cond_write_list(struct policydb *p, struct cond_node *list, void *fp) int cond_write_list(struct policydb *p, void *fp)
{ {
struct cond_node *cur; u32 i;
u32 len;
__le32 buf[1]; __le32 buf[1];
int rc; int rc;
len = 0; buf[0] = cpu_to_le32(p->cond_list_len);
for (cur = list; cur != NULL; cur = cur->next)
len++;
buf[0] = cpu_to_le32(len);
rc = put_entry(buf, sizeof(u32), 1, fp); rc = put_entry(buf, sizeof(u32), 1, fp);
if (rc) if (rc)
return rc; return rc;
for (cur = list; cur != NULL; cur = cur->next) { for (i = 0; i < p->cond_list_len; i++) {
rc = cond_write_node(p, cur, fp); rc = cond_write_node(p, &p->cond_list[i], fp);
if (rc) if (rc)
return rc; return rc;
} }
......
...@@ -55,7 +55,6 @@ struct cond_node { ...@@ -55,7 +55,6 @@ struct cond_node {
struct cond_expr *expr; struct cond_expr *expr;
struct cond_av_list *true_list; struct cond_av_list *true_list;
struct cond_av_list *false_list; struct cond_av_list *false_list;
struct cond_node *next;
}; };
int cond_policydb_init(struct policydb *p); int cond_policydb_init(struct policydb *p);
...@@ -69,7 +68,7 @@ int cond_index_bool(void *key, void *datum, void *datap); ...@@ -69,7 +68,7 @@ int cond_index_bool(void *key, void *datum, void *datap);
int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
int cond_read_list(struct policydb *p, void *fp); int cond_read_list(struct policydb *p, void *fp);
int cond_write_bool(void *key, void *datum, void *ptr); int cond_write_bool(void *key, void *datum, void *ptr);
int cond_write_list(struct policydb *p, struct cond_node *list, void *fp); int cond_write_list(struct policydb *p, void *fp);
void cond_compute_av(struct avtab *ctab, struct avtab_key *key, void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
struct av_decision *avd, struct extended_perms *xperms); struct av_decision *avd, struct extended_perms *xperms);
......
...@@ -3483,7 +3483,7 @@ int policydb_write(struct policydb *p, void *fp) ...@@ -3483,7 +3483,7 @@ int policydb_write(struct policydb *p, void *fp)
if (rc) if (rc)
return rc; return rc;
rc = cond_write_list(p, p->cond_list, fp); rc = cond_write_list(p, fp);
if (rc) if (rc)
return rc; return rc;
......
...@@ -272,8 +272,9 @@ struct policydb { ...@@ -272,8 +272,9 @@ struct policydb {
struct cond_bool_datum **bool_val_to_struct; struct cond_bool_datum **bool_val_to_struct;
/* type enforcement conditional access vectors and transitions */ /* type enforcement conditional access vectors and transitions */
struct avtab te_cond_avtab; struct avtab te_cond_avtab;
/* linked list indexing te_cond_avtab by conditional */ /* array indexing te_cond_avtab by conditional */
struct cond_node *cond_list; struct cond_node *cond_list;
u32 cond_list_len;
/* role allows */ /* role allows */
struct role_allow *role_allow; struct role_allow *role_allow;
......
...@@ -2867,10 +2867,11 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb) ...@@ -2867,10 +2867,11 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
} }
int security_get_bools(struct selinux_state *state, int security_get_bools(struct selinux_state *state,
int *len, char ***names, int **values) u32 *len, char ***names, int **values)
{ {
struct policydb *policydb; struct policydb *policydb;
int i, rc; u32 i;
int rc;
if (!selinux_initialized(state)) { if (!selinux_initialized(state)) {
*len = 0; *len = 0;
...@@ -2924,12 +2925,11 @@ int security_get_bools(struct selinux_state *state, ...@@ -2924,12 +2925,11 @@ int security_get_bools(struct selinux_state *state,
} }
int security_set_bools(struct selinux_state *state, int len, int *values) int security_set_bools(struct selinux_state *state, u32 len, int *values)
{ {
struct policydb *policydb; struct policydb *policydb;
int i, rc; int rc;
int lenp, seqno = 0; u32 i, lenp, seqno = 0;
struct cond_node *cur;
write_lock_irq(&state->ss->policy_rwlock); write_lock_irq(&state->ss->policy_rwlock);
...@@ -2957,8 +2957,8 @@ int security_set_bools(struct selinux_state *state, int len, int *values) ...@@ -2957,8 +2957,8 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
policydb->bool_val_to_struct[i]->state = 0; policydb->bool_val_to_struct[i]->state = 0;
} }
for (cur = policydb->cond_list; cur; cur = cur->next) for (i = 0; i < policydb->cond_list_len; i++)
evaluate_cond_node(policydb, cur); evaluate_cond_node(policydb, &policydb->cond_list[i]);
seqno = ++state->ss->latest_granting; seqno = ++state->ss->latest_granting;
rc = 0; rc = 0;
...@@ -2974,11 +2974,11 @@ int security_set_bools(struct selinux_state *state, int len, int *values) ...@@ -2974,11 +2974,11 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
} }
int security_get_bool_value(struct selinux_state *state, int security_get_bool_value(struct selinux_state *state,
int index) u32 index)
{ {
struct policydb *policydb; struct policydb *policydb;
int rc; int rc;
int len; u32 len;
read_lock(&state->ss->policy_rwlock); read_lock(&state->ss->policy_rwlock);
...@@ -2998,10 +2998,10 @@ int security_get_bool_value(struct selinux_state *state, ...@@ -2998,10 +2998,10 @@ int security_get_bool_value(struct selinux_state *state,
static int security_preserve_bools(struct selinux_state *state, static int security_preserve_bools(struct selinux_state *state,
struct policydb *policydb) struct policydb *policydb)
{ {
int rc, nbools = 0, *bvalues = NULL, i; int rc, *bvalues = NULL;
char **bnames = NULL; char **bnames = NULL;
struct cond_bool_datum *booldatum; struct cond_bool_datum *booldatum;
struct cond_node *cur; u32 i, nbools = 0;
rc = security_get_bools(state, &nbools, &bnames, &bvalues); rc = security_get_bools(state, &nbools, &bnames, &bvalues);
if (rc) if (rc)
...@@ -3011,8 +3011,8 @@ static int security_preserve_bools(struct selinux_state *state, ...@@ -3011,8 +3011,8 @@ static int security_preserve_bools(struct selinux_state *state,
if (booldatum) if (booldatum)
booldatum->state = bvalues[i]; booldatum->state = bvalues[i];
} }
for (cur = policydb->cond_list; cur; cur = cur->next) for (i = 0; i < policydb->cond_list_len; i++)
evaluate_cond_node(policydb, cur); evaluate_cond_node(policydb, &policydb->cond_list[i]);
out: out:
if (bnames) { if (bnames) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment