void mls_user_destroy(struct user_datum *usrdatum) { struct mls_range_list *rnode, *rtmp; rnode = usrdatum->ranges; while (rnode) { rtmp = rnode; rnode = rnode->next; ebitmap_destroy(&rtmp->range.level[0].cat); ebitmap_destroy(&rtmp->range.level[1].cat); kfree(rtmp); } }
/* note that unlike the other destroy functions, this one does /NOT/ * destroy the pointer itself */ static void scope_index_destroy(scope_index_t * scope) { unsigned int i; if (scope == NULL) { return; } for (i = 0; i < SYM_NUM; i++) { ebitmap_destroy(scope->scope + i); } for (i = 0; i < scope->class_perms_len; i++) { ebitmap_destroy(scope->class_perms_map + i); } free(scope->class_perms_map); }
static void cleanup(void) { if (global_state.sepolicy.file) { fclose(global_state.sepolicy.file); } if (global_state.sepolicy.sdb) { sepol_policydb_free(global_state.sepolicy.sdb); } if (global_state.sepolicy.pf) { sepol_policy_file_free(global_state.sepolicy.pf); } if (global_state.sepolicy.handle) { sepol_handle_destroy(global_state.sepolicy.handle); } ebitmap_destroy(&global_state.assert.set); int i; for (i = 0; i < SEHANDLE_CNT; i++) { struct selabel_handle *sehnd = global_state.sepolicy.sehnd[i]; if (sehnd) { selabel_close(sehnd); } } }
static bool is_type_of_attribute_set(policydb_t *policydb, const char *type_name, ebitmap_t *attr_set) { struct type_datum *type = hashtab_search(policydb->p_types.table, (char *)type_name); if (!type) { fprintf(stderr, "Error: \"%s\" is not defined in this policy.\n", type_name); return false; } if (type->flavor != TYPE_TYPE) { fprintf(stderr, "Error: \"%s\" is not a type in this policy.\n", type_name); return false; } ebitmap_t dst; ebitmap_init(&dst); /* Take the intersection, if the set is empty, then its a failure */ int rc = ebitmap_and(&dst, attr_set, &policydb->type_attr_map[type->s.value - 1]); if (rc) { fprintf(stderr, "Error: Could not perform ebitmap_and: %d\n", rc); exit(1); } bool res = (bool)ebitmap_length(&dst); ebitmap_destroy(&dst); return res; }
int mls_read_trusted(struct policydb *p, void *fp) { int rc = 0; rc = ebitmap_read(&p->trustedreaders, fp); if (rc) goto out; rc = ebitmap_read(&p->trustedwriters, fp); if (rc) goto bad; rc = ebitmap_read(&p->trustedobjects, fp); if (rc) goto bad2; out: return rc; bad2: ebitmap_destroy(&p->trustedwriters); bad: ebitmap_destroy(&p->trustedreaders); goto out; }
int sens_destroy(void *key, void *datum, void *p) { struct level_datum *levdatum; kfree(key); levdatum = datum; if (!levdatum->isalias) { ebitmap_destroy(&levdatum->level->cat); kfree(levdatum->level); } kfree(datum); return 0; }
/* * Read a MLS range structure from a policydb binary * representation file. */ static int mls_read_range_helper(struct mls_range *r, void *fp) { u32 *buf; int items, rc = -EINVAL; buf = next_entry(fp, sizeof(u32)); if (!buf) goto out; items = le32_to_cpu(buf[0]); buf = next_entry(fp, sizeof(u32) * items); if (!buf) { printk(KERN_ERR "security: mls: truncated range\n"); goto out; } r->level[0].sens = le32_to_cpu(buf[0]); if (items > 1) { r->level[1].sens = le32_to_cpu(buf[1]); } else { r->level[1].sens = r->level[0].sens; } rc = ebitmap_read(&r->level[0].cat, fp); if (rc) { printk(KERN_ERR "security: mls: error reading low " "categories\n"); goto out; } if (items > 1) { rc = ebitmap_read(&r->level[1].cat, fp); if (rc) { printk(KERN_ERR "security: mls: error reading high " "categories\n"); goto bad_high; } } else { rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); if (rc) { printk(KERN_ERR "security: mls: out of memory\n"); goto bad_high; } } rc = 0; out: return rc; bad_high: ebitmap_destroy(&r->level[0].cat); goto out; }
/* * Convert the MLS fields in the security context * structure `c' from the values specified in the * policy `oldp' to the values specified in the policy `newp'. */ int mls_convert_context(struct policydb *oldp, struct policydb *newp, struct context *c) { struct level_datum *levdatum; struct cat_datum *catdatum; struct ebitmap bitmap; int l, i; for (l = 0; l < 2; l++) { levdatum = hashtab_search(newp->p_levels.table, oldp->p_sens_val_to_name[c->range.level[l].sens - 1]); if (!levdatum) return -EINVAL; c->range.level[l].sens = levdatum->level->sens; ebitmap_init(&bitmap); for (i = 1; i <= ebitmap_length(&c->range.level[l].cat); i++) { if (ebitmap_get_bit(&c->range.level[l].cat, i - 1)) { int rc; catdatum = hashtab_search(newp->p_cats.table, oldp->p_cat_val_to_name[i - 1]); if (!catdatum) return -EINVAL; rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); if (rc) return rc; } } ebitmap_destroy(&c->range.level[l].cat); c->range.level[l].cat = bitmap; } return 0; }