search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync hh.org
[hh.org.git] / security / selinux / ss / ebitmap.c
blobce492a6b38ed64110e2f8b0db68510df12281782
1 /*
2 * Implementation of the extensible bitmap type.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6 /*
7 * Updated: Hewlett-Packard <paul.moore@hp.com>
8 *
9 * Added support to import/export the NetLabel category bitmap
10 *
11 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
12 */
13
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/errno.h>
17 #include <net/netlabel.h>
18 #include "ebitmap.h"
19 #include "policydb.h"
20
21 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
22 {
23 struct ebitmap_node *n1, *n2;
24
25 if (e1->highbit != e2->highbit)
26 return 0;
27
28 n1 = e1->node;
29 n2 = e2->node;
30 while (n1 && n2 &&
31 (n1->startbit == n2->startbit) &&
32 (n1->map == n2->map)) {
33 n1 = n1->next;
34 n2 = n2->next;
35 }
36
37 if (n1 || n2)
38 return 0;
39
40 return 1;
41 }
42
43 int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
44 {
45 struct ebitmap_node *n, *new, *prev;
46
47 ebitmap_init(dst);
48 n = src->node;
49 prev = NULL;
50 while (n) {
51 new = kzalloc(sizeof(*new), GFP_ATOMIC);
52 if (!new) {
53 ebitmap_destroy(dst);
54 return -ENOMEM;
55 }
56 new->startbit = n->startbit;
57 new->map = n->map;
58 new->next = NULL;
59 if (prev)
60 prev->next = new;
61 else
62 dst->node = new;
63 prev = new;
64 n = n->next;
65 }
66
67 dst->highbit = src->highbit;
68 return 0;
69 }
70
71 #ifdef CONFIG_NETLABEL
72 /**
73 * ebitmap_netlbl_export - Export an ebitmap into a NetLabel category bitmap
74 * @ebmap: the ebitmap to export
75 * @catmap: the NetLabel category bitmap
76 *
77 * Description:
78 * Export a SELinux extensibile bitmap into a NetLabel category bitmap.
79 * Returns zero on success, negative values on error.
80 *
81 */
82 int ebitmap_netlbl_export(struct ebitmap *ebmap,
83 struct netlbl_lsm_secattr_catmap **catmap)
84 {
85 struct ebitmap_node *e_iter = ebmap->node;
86 struct netlbl_lsm_secattr_catmap *c_iter;
87 u32 cmap_idx;
88
89 /* This function is a much simpler because SELinux's MAPTYPE happens
90 * to be the same as NetLabel's NETLBL_CATMAP_MAPTYPE, if MAPTYPE is
91 * changed from a u64 this function will most likely need to be changed
92 * as well. It's not ideal but I think the tradeoff in terms of
93 * neatness and speed is worth it. */
94
95 if (e_iter == NULL) {
96 *catmap = NULL;
97 return 0;
98 }
99
100 c_iter = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
101 if (c_iter == NULL)
102 return -ENOMEM;
103 *catmap = c_iter;
104 c_iter->startbit = e_iter->startbit & ~(NETLBL_CATMAP_SIZE - 1);
105
106 while (e_iter != NULL) {
107 if (e_iter->startbit >=
108 (c_iter->startbit + NETLBL_CATMAP_SIZE)) {
109 c_iter->next = netlbl_secattr_catmap_alloc(GFP_ATOMIC);
110 if (c_iter->next == NULL)
111 goto netlbl_export_failure;
112 c_iter = c_iter->next;
113 c_iter->startbit = e_iter->startbit &
114 ~(NETLBL_CATMAP_SIZE - 1);
115 }
116 cmap_idx = (e_iter->startbit - c_iter->startbit) /
117 NETLBL_CATMAP_MAPSIZE;
118 c_iter->bitmap[cmap_idx] = e_iter->map;
119 e_iter = e_iter->next;
120 }
121
122 return 0;
123
124 netlbl_export_failure:
125 netlbl_secattr_catmap_free(*catmap);
126 return -ENOMEM;
127 }
128
129 /**
130 * ebitmap_netlbl_import - Import a NetLabel category bitmap into an ebitmap
131 * @ebmap: the ebitmap to export
132 * @catmap: the NetLabel category bitmap
133 *
134 * Description:
135 * Import a NetLabel category bitmap into a SELinux extensibile bitmap.
136 * Returns zero on success, negative values on error.
137 *
138 */
139 int ebitmap_netlbl_import(struct ebitmap *ebmap,
140 struct netlbl_lsm_secattr_catmap *catmap)
141 {
142 struct ebitmap_node *e_iter = NULL;
143 struct ebitmap_node *emap_prev = NULL;
144 struct netlbl_lsm_secattr_catmap *c_iter = catmap;
145 u32 c_idx;
146
147 /* This function is a much simpler because SELinux's MAPTYPE happens
148 * to be the same as NetLabel's NETLBL_CATMAP_MAPTYPE, if MAPTYPE is
149 * changed from a u64 this function will most likely need to be changed
150 * as well. It's not ideal but I think the tradeoff in terms of
151 * neatness and speed is worth it. */
152
153 do {
154 for (c_idx = 0; c_idx < NETLBL_CATMAP_MAPCNT; c_idx++) {
155 if (c_iter->bitmap[c_idx] == 0)
156 continue;
157
158 e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
159 if (e_iter == NULL)
160 goto netlbl_import_failure;
161 if (emap_prev == NULL)
162 ebmap->node = e_iter;
163 else
164 emap_prev->next = e_iter;
165 emap_prev = e_iter;
166
167 e_iter->startbit = c_iter->startbit +
168 NETLBL_CATMAP_MAPSIZE * c_idx;
169 e_iter->map = c_iter->bitmap[c_idx];
170 }
171 c_iter = c_iter->next;
172 } while (c_iter != NULL);
173 if (e_iter != NULL)
174 ebmap->highbit = e_iter->startbit + MAPSIZE;
175 else
176 ebitmap_destroy(ebmap);
177
178 return 0;
179
180 netlbl_import_failure:
181 ebitmap_destroy(ebmap);
182 return -ENOMEM;
183 }
184 #endif /* CONFIG_NETLABEL */
185
186 int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2)
187 {
188 struct ebitmap_node *n1, *n2;
189
190 if (e1->highbit < e2->highbit)
191 return 0;
192
193 n1 = e1->node;
194 n2 = e2->node;
195 while (n1 && n2 && (n1->startbit <= n2->startbit)) {
196 if (n1->startbit < n2->startbit) {
197 n1 = n1->next;
198 continue;
199 }
200 if ((n1->map & n2->map) != n2->map)
201 return 0;
202
203 n1 = n1->next;
204 n2 = n2->next;
205 }
206
207 if (n2)
208 return 0;
209
210 return 1;
211 }
212
213 int ebitmap_get_bit(struct ebitmap *e, unsigned long bit)
214 {
215 struct ebitmap_node *n;
216
217 if (e->highbit < bit)
218 return 0;
219
220 n = e->node;
221 while (n && (n->startbit <= bit)) {
222 if ((n->startbit + MAPSIZE) > bit) {
223 if (n->map & (MAPBIT << (bit - n->startbit)))
224 return 1;
225 else
226 return 0;
227 }
228 n = n->next;
229 }
230
231 return 0;
232 }
233
234 int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
235 {
236 struct ebitmap_node *n, *prev, *new;
237
238 prev = NULL;
239 n = e->node;
240 while (n && n->startbit <= bit) {
241 if ((n->startbit + MAPSIZE) > bit) {
242 if (value) {
243 n->map |= (MAPBIT << (bit - n->startbit));
244 } else {
245 n->map &= ~(MAPBIT << (bit - n->startbit));
246 if (!n->map) {
247 /* drop this node from the bitmap */
248
249 if (!n->next) {
250 /*
251 * this was the highest map
252 * within the bitmap
253 */
254 if (prev)
255 e->highbit = prev->startbit + MAPSIZE;
256 else
257 e->highbit = 0;
258 }
259 if (prev)
260 prev->next = n->next;
261 else
262 e->node = n->next;
263
264 kfree(n);
265 }
266 }
267 return 0;
268 }
269 prev = n;
270 n = n->next;
271 }
272
273 if (!value)
274 return 0;
275
276 new = kzalloc(sizeof(*new), GFP_ATOMIC);
277 if (!new)
278 return -ENOMEM;
279
280 new->startbit = bit & ~(MAPSIZE - 1);
281 new->map = (MAPBIT << (bit - new->startbit));
282
283 if (!n)
284 /* this node will be the highest map within the bitmap */
285 e->highbit = new->startbit + MAPSIZE;
286
287 if (prev) {
288 new->next = prev->next;
289 prev->next = new;
290 } else {
291 new->next = e->node;
292 e->node = new;
293 }
294
295 return 0;
296 }
297
298 void ebitmap_destroy(struct ebitmap *e)
299 {
300 struct ebitmap_node *n, *temp;
301
302 if (!e)
303 return;
304
305 n = e->node;
306 while (n) {
307 temp = n;
308 n = n->next;
309 kfree(temp);
310 }
311
312 e->highbit = 0;
313 e->node = NULL;
314 return;
315 }
316
317 int ebitmap_read(struct ebitmap *e, void *fp)
318 {
319 int rc;
320 struct ebitmap_node *n, *l;
321 __le32 buf[3];
322 u32 mapsize, count, i;
323 __le64 map;
324
325 ebitmap_init(e);
326
327 rc = next_entry(buf, fp, sizeof buf);
328 if (rc < 0)
329 goto out;
330
331 mapsize = le32_to_cpu(buf[0]);
332 e->highbit = le32_to_cpu(buf[1]);
333 count = le32_to_cpu(buf[2]);
334
335 if (mapsize != MAPSIZE) {
336 printk(KERN_ERR "security: ebitmap: map size %u does not "
337 "match my size %Zd (high bit was %d)\n", mapsize,
338 MAPSIZE, e->highbit);
339 goto bad;
340 }
341 if (!e->highbit) {
342 e->node = NULL;
343 goto ok;
344 }
345 if (e->highbit & (MAPSIZE - 1)) {
346 printk(KERN_ERR "security: ebitmap: high bit (%d) is not a "
347 "multiple of the map size (%Zd)\n", e->highbit, MAPSIZE);
348 goto bad;
349 }
350 l = NULL;
351 for (i = 0; i < count; i++) {
352 rc = next_entry(buf, fp, sizeof(u32));
353 if (rc < 0) {
354 printk(KERN_ERR "security: ebitmap: truncated map\n");
355 goto bad;
356 }
357 n = kzalloc(sizeof(*n), GFP_KERNEL);
358 if (!n) {
359 printk(KERN_ERR "security: ebitmap: out of memory\n");
360 rc = -ENOMEM;
361 goto bad;
362 }
363
364 n->startbit = le32_to_cpu(buf[0]);
365
366 if (n->startbit & (MAPSIZE - 1)) {
367 printk(KERN_ERR "security: ebitmap start bit (%d) is "
368 "not a multiple of the map size (%Zd)\n",
369 n->startbit, MAPSIZE);
370 goto bad_free;
371 }
372 if (n->startbit > (e->highbit - MAPSIZE)) {
373 printk(KERN_ERR "security: ebitmap start bit (%d) is "
374 "beyond the end of the bitmap (%Zd)\n",
375 n->startbit, (e->highbit - MAPSIZE));
376 goto bad_free;
377 }
378 rc = next_entry(&map, fp, sizeof(u64));
379 if (rc < 0) {
380 printk(KERN_ERR "security: ebitmap: truncated map\n");
381 goto bad_free;
382 }
383 n->map = le64_to_cpu(map);
384
385 if (!n->map) {
386 printk(KERN_ERR "security: ebitmap: null map in "
387 "ebitmap (startbit %d)\n", n->startbit);
388 goto bad_free;
389 }
390 if (l) {
391 if (n->startbit <= l->startbit) {
392 printk(KERN_ERR "security: ebitmap: start "
393 "bit %d comes after start bit %d\n",
394 n->startbit, l->startbit);
395 goto bad_free;
396 }
397 l->next = n;
398 } else
399 e->node = n;
400
401 l = n;
402 }
403
404 ok:
405 rc = 0;
406 out:
407 return rc;
408 bad_free:
409 kfree(n);
410 bad:
411 if (!rc)
412 rc = -EINVAL;
413 ebitmap_destroy(e);
414 goto out;
415 }
hh.org GIT migration