static ssize_t sel_write_access(struct file *file, char *buf, size_t size) { char *scon = NULL, *tcon = NULL; u32 ssid, tsid; u16 tclass; struct av_decision avd; ssize_t length; char format[32]; length = task_has_security(current, SECURITY__COMPUTE_AV); if (length) goto out; length = -ENOMEM; scon = kzalloc(size + 1, GFP_KERNEL); if (!scon) goto out; length = -ENOMEM; tcon = kzalloc(size + 1, GFP_KERNEL); if (!tcon) goto out; length = -EINVAL; snprintf(format, sizeof(format), "%%%ds %%%ds %%hu", size, size); if (sscanf(buf, format, scon, tcon, &tclass) != 3) goto out; length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); if (length) goto out; length = security_context_to_sid(tcon, strlen(tcon) + 1, &tsid); if (length) goto out; security_compute_av_user(ssid, tsid, tclass, &avd); length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, "%x %x %x %x %u %x", avd.allowed, 0xffffffff, avd.auditallow, avd.auditdeny, avd.seqno, avd.flags); out: kfree(tcon); kfree(scon); return length; }
static ssize_t sel_write_access(struct file *file, char *buf, size_t size) { char *scon, *tcon; u32 ssid, tsid; u16 tclass; u32 req; struct av_decision avd; ssize_t length; length = task_has_security(current, SECURITY__COMPUTE_AV); if (length) return length; length = -ENOMEM; scon = kzalloc(size+1, GFP_KERNEL); if (!scon) return length; tcon = kzalloc(size+1, GFP_KERNEL); if (!tcon) goto out; length = -EINVAL; if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) goto out2; length = security_context_to_sid(scon, strlen(scon)+1, &ssid); if (length < 0) goto out2; length = security_context_to_sid(tcon, strlen(tcon)+1, &tsid); if (length < 0) goto out2; length = security_compute_av_user(ssid, tsid, tclass, req, &avd); if (length < 0) goto out2; length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, "%x %x %x %x %u %x", avd.allowed, 0xffffffff, avd.auditallow, avd.auditdeny, avd.seqno, avd.flags); out2: kfree(tcon); out: kfree(scon); return length; }
static ssize_t sel_write_access(struct file *file, char *buf, size_t size) { char *scon = NULL, *tcon = NULL; u32 ssid, tsid; u16 tclass; struct av_decision avd; ssize_t length; length = avc_has_perm(current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL); if (length) goto out; length = -ENOMEM; scon = kzalloc(size + 1, GFP_KERNEL); if (!scon) goto out; length = -ENOMEM; tcon = kzalloc(size + 1, GFP_KERNEL); if (!tcon) goto out; length = -EINVAL; if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) goto out; length = security_context_str_to_sid(scon, &ssid, GFP_KERNEL); if (length) goto out; length = security_context_str_to_sid(tcon, &tsid, GFP_KERNEL); if (length) goto out; security_compute_av_user(ssid, tsid, tclass, &avd); length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT, "%x %x %x %x %u %x", avd.allowed, 0xffffffff, avd.auditallow, avd.auditdeny, avd.seqno, avd.flags); out: kfree(tcon); kfree(scon); return length; }