static ssize_t sel_read_bool(struct file *filep, char __user *buf, size_t count, loff_t *ppos) { char *page = NULL; ssize_t length; ssize_t ret; int cur_enforcing; struct inode *inode = filep->f_path.dentry->d_inode; unsigned index = inode->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; mutex_lock(&sel_mutex); ret = -EINVAL; if (index >= bool_num || strcmp(name, bool_pending_names[index])) goto out; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) goto out; cur_enforcing = security_get_bool_value(index); if (cur_enforcing < 0) { ret = cur_enforcing; goto out; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, bool_pending_values[index]); ret = simple_read_from_buffer(buf, count, ppos, page, length); out: mutex_unlock(&sel_mutex); free_page((unsigned long)page); return ret; }
static int flask_security_set_bool(struct xen_flask_boolean *arg) { int rv; rv = domain_has_security(current->domain, SECURITY__SETBOOL); if ( rv ) return rv; rv = flask_security_resolve_bool(arg); if ( rv ) return rv; spin_lock(&sel_sem); if ( arg->commit ) { int num; int *values; rv = security_get_bools(&num, NULL, &values, NULL); if ( rv != 0 ) goto out; if ( arg->bool_id >= num ) { xfree(values); rv = -ENOENT; goto out; } values[arg->bool_id] = !!(arg->new_value); arg->enforcing = arg->pending = !!(arg->new_value); if ( bool_pending_values ) bool_pending_values[arg->bool_id] = !!(arg->new_value); rv = security_set_bools(num, values); xfree(values); } else { if ( !bool_pending_values ) rv = flask_security_make_bools(); if ( !rv && arg->bool_id >= bool_num ) rv = -ENOENT; if ( rv ) goto out; bool_pending_values[arg->bool_id] = !!(arg->new_value); arg->pending = !!(arg->new_value); arg->enforcing = security_get_bool_value(arg->bool_id); rv = 0; } out: spin_unlock(&sel_sem); return rv; }
static int flask_security_get_bool(struct xen_flask_boolean *arg) { int rv; rv = flask_security_resolve_bool(arg); if ( rv ) return rv; spin_lock(&sel_sem); rv = security_get_bool_value(arg->bool_id); if ( rv < 0 ) goto out; arg->enforcing = rv; if ( bool_pending_values ) arg->pending = bool_pending_values[arg->bool_id]; else arg->pending = rv; rv = 0; if ( arg->size ) { char *nameout = security_get_bool_name(arg->bool_id); size_t nameout_len = strlen(nameout); if ( nameout_len > arg->size ) rv = -ERANGE; arg->size = nameout_len; if ( !rv && _copy_to_guest(arg->name, nameout, nameout_len) ) rv = -EFAULT; xfree(nameout); } out: spin_unlock(&sel_sem); return rv; }