mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-22 07:53:11 -05:00
Code Activity

selinux: make more use of str_read() when loading the policy

Browse source 
Simplify the call sites, and enable future string validation in a single
place.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche 2024-12-16 17:40:07 +01:00 committed by Paul Moore
parent 7491536366
commit 01c2253a0f
3 changed files with 12 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
security/selinux/ss/conditional.c
View file

@ -230,17 +230,11 @@ int cond_read_bool(struct policydb *p, struct symtab *s, struct policy_file *fp)
goto err;
len = le32_to_cpu(buf[2]);
if (((len == 0) || (len == (u32)-1)))
goto err;
rc = -ENOMEM;
key = kmalloc(len + 1, GFP_KERNEL);
if (!key)
goto err;
rc = next_entry(key, fp, len);
rc = str_read(&key, GFP_KERNEL, fp, len);
if (rc)
goto err;
key[len] = '\0';
rc = symtab_insert(s, key, booldatum);
if (rc)
goto err;

22
security/selinux/ss/policydb.c
View file

@ -1093,7 +1093,7 @@ static int context_read_and_validate(struct context *c, struct policydb *p,
* binary representation file.
*/
static int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len)
int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len)
{
int rc;
char *str;
@ -2473,24 +2473,18 @@ int policydb_read(struct policydb *p, struct policy_file *fp)
goto bad;
}
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
pr_err("SELinux: unable to allocate memory for policydb "
"string of length %d\n",
len);
goto bad;
}
rc = next_entry(policydb_str, fp, len);
rc = str_read(&policydb_str, GFP_KERNEL, fp, len);
if (rc) {
pr_err("SELinux: truncated policydb string identifier\n");
kfree(policydb_str);
if (rc == -ENOMEM) {
pr_err("SELinux: unable to allocate memory for policydb string of length %d\n",
len);
} else {
pr_err("SELinux: truncated policydb string identifier\n");
}
goto bad;
}
rc = -EINVAL;
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
pr_err("SELinux: policydb string %s does not match "
"my string %s\n",

2
security/selinux/ss/policydb.h
View file

@ -386,6 +386,8 @@ static inline char *sym_name(struct policydb *p, unsigned int sym_num,
return p->sym_val_to_name[sym_num][element_nr];
}
extern int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len);
extern u16 string_to_security_class(struct policydb *p, const char *name);
extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name);