void mls_user_destroy(struct user_datum *usrdatum)
{
struct mls_range_list *rnode, *rtmp;
rnode = usrdatum->ranges;
while (rnode) {
rtmp = rnode;
rnode = rnode->next;
ebitmap_destroy(&rtmp->range.level[0].cat);
ebitmap_destroy(&rtmp->range.level[1].cat);
kfree(rtmp);
}
}
/* note that unlike the other destroy functions, this one does /NOT/
* destroy the pointer itself */
static void scope_index_destroy(scope_index_t * scope)
{
unsigned int i;
if (scope == NULL) {
return;
}
for (i = 0; i < SYM_NUM; i++) {
ebitmap_destroy(scope->scope + i);
}
for (i = 0; i < scope->class_perms_len; i++) {
ebitmap_destroy(scope->class_perms_map + i);
}
free(scope->class_perms_map);
}
static void cleanup(void) {
if (global_state.sepolicy.file) {
fclose(global_state.sepolicy.file);
}
if (global_state.sepolicy.sdb) {
sepol_policydb_free(global_state.sepolicy.sdb);
}
if (global_state.sepolicy.pf) {
sepol_policy_file_free(global_state.sepolicy.pf);
}
if (global_state.sepolicy.handle) {
sepol_handle_destroy(global_state.sepolicy.handle);
}
ebitmap_destroy(&global_state.assert.set);
int i;
for (i = 0; i < SEHANDLE_CNT; i++) {
struct selabel_handle *sehnd = global_state.sepolicy.sehnd[i];
if (sehnd) {
selabel_close(sehnd);
}
}
}
static bool is_type_of_attribute_set(policydb_t *policydb, const char *type_name,
ebitmap_t *attr_set)
{
struct type_datum *type = hashtab_search(policydb->p_types.table, (char *)type_name);
if (!type) {
fprintf(stderr, "Error: \"%s\" is not defined in this policy.\n", type_name);
return false;
}
if (type->flavor != TYPE_TYPE) {
fprintf(stderr, "Error: \"%s\" is not a type in this policy.\n", type_name);
return false;
}
ebitmap_t dst;
ebitmap_init(&dst);
/* Take the intersection, if the set is empty, then its a failure */
int rc = ebitmap_and(&dst, attr_set, &policydb->type_attr_map[type->s.value - 1]);
if (rc) {
fprintf(stderr, "Error: Could not perform ebitmap_and: %d\n", rc);
exit(1);
}
bool res = (bool)ebitmap_length(&dst);
ebitmap_destroy(&dst);
return res;
}
int mls_read_trusted(struct policydb *p, void *fp)
{
int rc = 0;
rc = ebitmap_read(&p->trustedreaders, fp);
if (rc)
goto out;
rc = ebitmap_read(&p->trustedwriters, fp);
if (rc)
goto bad;
rc = ebitmap_read(&p->trustedobjects, fp);
if (rc)
goto bad2;
out:
return rc;
bad2:
ebitmap_destroy(&p->trustedwriters);
bad:
ebitmap_destroy(&p->trustedreaders);
goto out;
}
int sens_destroy(void *key, void *datum, void *p)
{
struct level_datum *levdatum;
kfree(key);
levdatum = datum;
if (!levdatum->isalias) {
ebitmap_destroy(&levdatum->level->cat);
kfree(levdatum->level);
}
kfree(datum);
return 0;
}
/*
* Read a MLS range structure from a policydb binary
* representation file.
*/
static int mls_read_range_helper(struct mls_range *r, void *fp)
{
u32 *buf;
int items, rc = -EINVAL;
buf = next_entry(fp, sizeof(u32));
if (!buf)
goto out;
items = le32_to_cpu(buf[0]);
buf = next_entry(fp, sizeof(u32) * items);
if (!buf) {
printk(KERN_ERR "security: mls: truncated range\n");
goto out;
}
r->level[0].sens = le32_to_cpu(buf[0]);
if (items > 1) {
r->level[1].sens = le32_to_cpu(buf[1]);
} else {
r->level[1].sens = r->level[0].sens;
}
rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
printk(KERN_ERR "security: mls: error reading low "
"categories\n");
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
printk(KERN_ERR "security: mls: error reading high "
"categories\n");
goto bad_high;
}
} else {
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
if (rc) {
printk(KERN_ERR "security: mls: out of memory\n");
goto bad_high;
}
}
rc = 0;
out:
return rc;
bad_high:
ebitmap_destroy(&r->level[0].cat);
goto out;
}
/*
* Convert the MLS fields in the security context
* structure `c' from the values specified in the
* policy `oldp' to the values specified in the policy `newp'.
*/
int mls_convert_context(struct policydb *oldp,
struct policydb *newp,
struct context *c)
{
struct level_datum *levdatum;
struct cat_datum *catdatum;
struct ebitmap bitmap;
int l, i;
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(newp->p_levels.table,
oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
if (!levdatum)
return -EINVAL;
c->range.level[l].sens = levdatum->level->sens;
ebitmap_init(&bitmap);
for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) {
if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) {
int rc;
catdatum = hashtab_search(newp->p_cats.table,
oldp->p_cat_val_to_name[i - 1]);
if (!catdatum)
return -EINVAL;
rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
if (rc)
return rc;
}
}
ebitmap_destroy(&c->range.level[l].cat);
c->range.level[l].cat = bitmap;
}
return 0;
}
