add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/security/selinux/ss/policydb.h
..
..
@@ -1,3 +1,4 @@
1
+/* SPDX-License-Identifier: GPL-2.0-only */
1
2
 /*
2
3
  * A policy database (policydb) specifies the
3
4
  * configuration data for the security policy.
..
..
@@ -16,15 +17,10 @@
16
17
  *
17
18
  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
18
19
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
19
- *	This program is free software; you can redistribute it and/or modify
20
- *	it under the terms of the GNU General Public License as published by
21
- *	the Free Software Foundation, version 2.
22
20
  */
23
21
 
24
22
 #ifndef _SS_POLICYDB_H_
25
23
 #define _SS_POLICYDB_H_
26
-
27
-#include <linux/flex_array.h>
28
24
 
29
25
 #include "symtab.h"
30
26
 #include "avtab.h"
..
..
@@ -73,6 +69,7 @@
73
69
 #define DEFAULT_TARGET_LOW     4
74
70
 #define DEFAULT_TARGET_HIGH    5
75
71
 #define DEFAULT_TARGET_LOW_HIGH        6
72
+#define DEFAULT_GLBLUB		7
76
73
 	char default_range;
77
74
 };
78
75
 
..
..
@@ -84,23 +81,26 @@
84
81
 	struct ebitmap types;		/* set of authorized types for role */
85
82
 };
86
83
 
87
-struct role_trans {
84
+struct role_trans_key {
88
85
 	u32 role;		/* current role */
89
86
 	u32 type;		/* program executable type, or new object type */
90
87
 	u32 tclass;		/* process class, or new object class */
91
-	u32 new_role;		/* new role */
92
-	struct role_trans *next;
93
88
 };
94
89
 
95
-struct filename_trans {
96
-	u32 stype;		/* current process */
90
+struct role_trans_datum {
91
+	u32 new_role;		/* new role */
92
+};
93
+
94
+struct filename_trans_key {
97
95
 	u32 ttype;		/* parent dir context */
98
96
 	u16 tclass;		/* class of new object */
99
97
 	const char *name;	/* last path component */
100
98
 };
101
99
 
102
100
 struct filename_trans_datum {
103
-	u32 otype;		/* expected of new object */
101
+	struct ebitmap stypes;	/* bitmap of source types for this otype */
102
+	u32 otype;		/* resulting type of new object */
103
+	struct filename_trans_datum *next;	/* record for next otype*/
104
104
 };
105
105
 
106
106
 struct role_allow {
..
..
@@ -253,32 +253,35 @@
253
253
 #define p_cats symtab[SYM_CATS]
254
254
 
255
255
 	/* symbol names indexed by (value - 1) */
256
-	struct flex_array *sym_val_to_name[SYM_NUM];
256
+	char		**sym_val_to_name[SYM_NUM];
257
257
 
258
258
 	/* class, role, and user attributes indexed by (value - 1) */
259
259
 	struct class_datum **class_val_to_struct;
260
260
 	struct role_datum **role_val_to_struct;
261
261
 	struct user_datum **user_val_to_struct;
262
-	struct flex_array *type_val_to_struct_array;
262
+	struct type_datum **type_val_to_struct;
263
263
 
264
264
 	/* type enforcement access vectors and transitions */
265
265
 	struct avtab te_avtab;
266
266
 
267
267
 	/* role transitions */
268
-	struct role_trans *role_tr;
268
+	struct hashtab role_tr;
269
269
 
270
270
 	/* file transitions with the last path component */
271
271
 	/* quickly exclude lookups when parent ttype has no rules */
272
272
 	struct ebitmap filename_trans_ttypes;
273
273
 	/* actual set of filename_trans rules */
274
-	struct hashtab *filename_trans;
274
+	struct hashtab filename_trans;
275
+	/* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */
276
+	u32 compat_filename_trans_count;
275
277
 
276
278
 	/* bools indexed by (value - 1) */
277
279
 	struct cond_bool_datum **bool_val_to_struct;
278
280
 	/* type enforcement conditional access vectors and transitions */
279
281
 	struct avtab te_cond_avtab;
280
-	/* linked list indexing te_cond_avtab by conditional */
282
+	/* array indexing te_cond_avtab by conditional */
281
283
 	struct cond_node *cond_list;
284
+	u32 cond_list_len;
282
285
 
283
286
 	/* role allows */
284
287
 	struct role_allow *role_allow;
..
..
@@ -293,10 +296,10 @@
293
296
 	struct genfs *genfs;
294
297
 
295
298
 	/* range transitions table (range_trans_key -> mls_range) */
296
-	struct hashtab *range_tr;
299
+	struct hashtab range_tr;
297
300
 
298
301
 	/* type -> attribute reverse mapping */
299
-	struct flex_array *type_attr_map_array;
302
+	struct ebitmap *type_attr_map_array;
300
303
 
301
304
 	struct ebitmap policycaps;
302
305
 
..
..
@@ -312,7 +315,7 @@
312
315
 
313
316
 	u16 process_class;
314
317
 	u32 process_trans_perms;
315
-};
318
+} __randomize_layout;
316
319
 
317
320
 extern void policydb_destroy(struct policydb *p);
318
321
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
..
..
@@ -323,7 +326,14 @@
323
326
 extern int policydb_read(struct policydb *p, void *fp);
324
327
 extern int policydb_write(struct policydb *p, void *fp);
325
328
 
326
-#define PERM_SYMTAB_SIZE 32
329
+extern struct filename_trans_datum *policydb_filenametr_search(
330
+	struct policydb *p, struct filename_trans_key *key);
331
+
332
+extern struct mls_range *policydb_rangetr_search(
333
+	struct policydb *p, struct range_trans *key);
334
+
335
+extern struct role_trans_datum *policydb_roletr_search(
336
+	struct policydb *p, struct role_trans_key *key);
327
337
 
328
338
 #define POLICYDB_CONFIG_MLS    1
329
339
 #define POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE    (1 << 31)
..
..
@@ -364,6 +374,8 @@
364
374
 {
365
375
 	size_t len = bytes * num;
366
376
 
377
+	if (len > fp->len)
378
+		return -EINVAL;
367
379
 	memcpy(fp->data, buf, len);
368
380
 	fp->data += len;
369
381
 	fp->len -= len;
..
..
@@ -373,9 +385,7 @@
373
385
 
374
386
 static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr)
375
387
 {
376
-	struct flex_array *fa = p->sym_val_to_name[sym_num];
377
-
378
-	return flex_array_get_ptr(fa, element_nr);
388
+	return p->sym_val_to_name[sym_num][element_nr];
379
389
 }
380
390
 
381
391
 extern u16 string_to_security_class(struct policydb *p, const char *name);