summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-08-01 11:17:17 -0400
committerPaul Moore <pmoore@redhat.com>2014-08-01 11:17:17 -0400
commit4b8feff251da3d7058b5779e21b33a85c686b974 (patch)
tree600fb14c92a11abf730e9f26236d33ba5ae9c278 /include/net
parent41c3bd2039e0d7b3dc32313141773f20716ec524 (diff)
netlabel: fix the horribly broken catmap functions
The NetLabel secattr catmap functions, and the SELinux import/export glue routines, were broken in many horrible ways and the SELinux glue code fiddled with the NetLabel catmap structures in ways that we probably shouldn't allow. At some point this "worked", but that was likely due to a bit of dumb luck and sub-par testing (both inflicted by yours truly). This patch corrects these problems by basically gutting the code in favor of something less obtuse and restoring the NetLabel abstractions in the SELinux catmap glue code. Everything is working now, and if it decides to break itself in the future this code will be much easier to debug than the code it replaces. One noteworthy side effect of the changes is that it is no longer necessary to allocate a NetLabel catmap before calling one of the NetLabel APIs to set a bit in the catmap. NetLabel will automatically allocate the catmap nodes when needed, resulting in less allocations when the lowest bit is greater than 255 and less code in the LSMs. Cc: stable@vger.kernel.org Reported-by: Christian Evans <frodox@zoho.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netlabel.h26
1 files changed, 24 insertions, 2 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 1c40d658d00..bda7a121f31 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -285,11 +285,11 @@ static inline void netlbl_secattr_catmap_free(
{
struct netlbl_lsm_secattr_catmap *iter;
- do {
+ while (catmap) {
iter = catmap;
catmap = catmap->next;
kfree(iter);
- } while (catmap);
+ }
}
/**
@@ -394,6 +394,9 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
u32 offset);
+int netlbl_secattr_catmap_getlong(struct netlbl_lsm_secattr_catmap *catmap,
+ u32 *offset,
+ unsigned long *bitmap);
int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
gfp_t flags);
@@ -401,6 +404,10 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap,
u32 start,
u32 end,
gfp_t flags);
+int netlbl_secattr_catmap_setlong(struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned long bitmap,
+ gfp_t flags);
/*
* LSM protocol operations (NetLabel LSM/kernel API)
@@ -504,6 +511,13 @@ static inline int netlbl_secattr_catmap_walk_rng(
{
return -ENOENT;
}
+static inline int netlbl_secattr_catmap_getlong(
+ struct netlbl_lsm_secattr_catmap *catmap,
+ u32 *offset,
+ unsigned long *bitmap)
+{
+ return 0;
+}
static inline int netlbl_secattr_catmap_setbit(
struct netlbl_lsm_secattr_catmap **catmap,
u32 bit,
@@ -519,6 +533,14 @@ static inline int netlbl_secattr_catmap_setrng(
{
return 0;
}
+static int netlbl_secattr_catmap_setlong(
+ struct netlbl_lsm_secattr_catmap **catmap,
+ u32 offset,
+ unsigned long bitmap,
+ gfp_t flags)
+{
+ return 0;
+}
static inline int netlbl_enabled(void)
{
return 0;