Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Apr 2006 14:37:24 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 95678 for review
Message-ID:  <200604201437.k3KEbOTA057654@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=95678

Change 95678 by millert@millert_g5tower on 2006/04/20 14:37:16

	Update flask components based on the version of selinux in
	the linux 2.6.16 kernel.  This does not include the av cache
	changes which will be merged separately.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#9 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#10 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#14 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.c#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/ebitmap.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/hashtab.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.c#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mls_types.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#7 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#7 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#9 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.c#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/sidtab.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#8 (text+ko) ====

@@ -5,9 +5,9 @@
 POLICY_NOMAN=	yes
 
 POLICY_SRCS=	sebsd.c sebsd_alloc.c sebsd_syscall.c sebsd_sysctl.c
-POLICY_SRCS+=	ss/avtab.c ss/ebitmap.c ss/hashtab.c ss/init.c ss/policydb.c \
-		ss/queue.c ss/services.c ss/sidtab.c ss/symtab.c ss/mach_av.c \
-		ss/conditional.c
+POLICY_SRCS+=	ss/avtab.c ss/conditional.c ss/ebitmap.c ss/hashtab.c \
+		ss/init.c ss/mach_av.c ss/mls.c ss/policydb.c ss/queue.c \
+		ss/services.c ss/sidtab.c ss/symtab.c
 POLICY_SRCS+=	avc/avc.c avc/avc_audit.c
 
 CFLAGS+=	-DSEFOS_DEBUG -I..

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#9 (text+ko) ====

@@ -75,6 +75,7 @@
    { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" },
    { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" },
    { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" },
+   { SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition" },
    { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
    { SECCLASS_MSG, MSG__SEND, "send" },
    { SECCLASS_MSG, MSG__RECEIVE, "receive" },

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#8 (text+ko) ====

@@ -505,6 +505,7 @@
 #define PROCESS__SIGINH                           0x0000000000100000UL
 #define PROCESS__SETRLIMIT                        0x0000000000200000UL
 #define PROCESS__RLIMITINH                        0x0000000000400000UL
+#define PROCESS__DYNTRANSITION                    0x0000000000800000UL
 
 #define IPC__WRITE                                0x0000000000000020UL
 #define IPC__UNIX_WRITE                           0x0000000000000100UL

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#10 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#14 (text+ko) ====

@@ -56,13 +56,17 @@
 #if !defined(BYTE_ORDER)
 #error BYTE_ORDER not defined
 #elif BYTE_ORDER == LITTLE_ENDIAN
+#define	cpu_to_le16(x)	((__uint16_t)(x))
 #define	cpu_to_le32(x)	((__uint32_t)(x))
 #define	cpu_to_le64(x)	((__uint64_t)(x))
+#define	le16_to_cpu(x)	((__uint16_t)(x))
 #define	le32_to_cpu(x)	((__uint32_t)(x))
 #define	le64_to_cpu(x)	((__uint64_t)(x))
 #elif BYTE_ORDER == BIG_ENDIAN
+#define	cpu_to_le16(x)	NXSwapHostShortToLittle(x)
 #define	cpu_to_le32(x)	NXSwapHostLongToLittle(x)
 #define	cpu_to_le64(x)	NXSwapHostLongLongToLittle(x)
+#define	le16_to_cpu(x)	NXSwapLittleShortToHost(x)
 #define	le32_to_cpu(x)	NXSwapLittleLongToHost(x)
 #define	le64_to_cpu(x)	NXSwapLittleLongLongToHost(x)
 #else

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.c#5 (text+ko) ====

@@ -27,7 +27,8 @@
  AVTAB_HASH_MASK)
 
 static struct avtab_node*
-avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur,
+avtab_insert_node(struct avtab *h, int hvalue,
+		  struct avtab_node * prev, struct avtab_node * cur,
 		  struct avtab_key *key, struct avtab_datum *datum)
 {
 	struct avtab_node * newnode;
@@ -49,10 +50,11 @@
 	return newnode;
 }
 
-int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
+static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
 {
 	int hvalue;
 	struct avtab_node *prev, *cur, *newnode;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return EINVAL;
@@ -64,7 +66,7 @@
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (datum->specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return EEXIST;
 		if (key->source_type < cur->key.source_type)
 			break;
@@ -93,6 +95,7 @@
 {
 	int hvalue;
 	struct avtab_node *prev, *cur, *newnode;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return NULL;
@@ -103,7 +106,7 @@
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (datum->specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			break;
 		if (key->source_type < cur->key.source_type)
 			break;
@@ -120,10 +123,11 @@
 	return newnode;
 }
 
-struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key, int specified)
+struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key)
 {
 	int hvalue;
 	struct avtab_node *cur;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); 
 
 	if (!h)
 		return NULL;
@@ -133,7 +137,7 @@
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return &cur->datum;
 
 		if (key->source_type < cur->key.source_type)
@@ -154,10 +158,11 @@
  * conjunction with avtab_search_next_node()
  */
 struct avtab_node*
-avtab_search_node(struct avtab *h, struct avtab_key *key, int specified)
+avtab_search_node(struct avtab *h, struct avtab_key *key)
 {
 	int hvalue;
 	struct avtab_node *cur;
+	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
 	if (!h)
 		return NULL;
@@ -167,7 +172,7 @@
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
 		    key->target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return cur;
 
 		if (key->source_type < cur->key.source_type)
@@ -191,11 +196,12 @@
 	if (!node)
 		return NULL;
 
+	specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 	for (cur = node->next; cur; cur = cur->next) {
 		if (node->key.source_type == cur->key.source_type &&
 		    node->key.target_type == cur->key.target_type &&
 		    node->key.target_class == cur->key.target_class &&
-		    (specified & cur->datum.specified))
+		    (specified & cur->key.specified))
 			return cur;
 
 		if (node->key.source_type < cur->key.source_type)
@@ -232,31 +238,6 @@
 	h->htable = NULL;
 }
 
-
-int avtab_map(struct avtab *h,
-	      int (*apply) (struct avtab_key *k,
-			    struct avtab_datum *d,
-			    void *args),
-	      void *args)
-{
-	int i, ret;
-	struct avtab_node *cur;
-
-	if (!h)
-		return 0;
-
-	for (i = 0; i < AVTAB_SIZE; i++) {
-		cur = h->htable[i];
-		while (cur != NULL) {
-			ret = apply(&cur->key, &cur->datum, args);
-			if (ret)
-				return ret;
-			cur = cur->next;
-		}
-	}
-	return 0;
-}
-
 int avtab_init(struct avtab *h)
 {
 	int i;
@@ -297,93 +278,152 @@
 	       max_chain_len);
 }
 
-int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey)
+static uint16_t spec_order[] = {
+	AVTAB_ALLOWED,
+	AVTAB_AUDITDENY,
+	AVTAB_AUDITALLOW,
+	AVTAB_TRANSITION,
+	AVTAB_CHANGE,
+	AVTAB_MEMBER
+};
+
+int avtab_read_item(void *fp, u32 vers, struct avtab *a,
+	            int (*insertf)(struct avtab *a, struct avtab_key *k,
+				   struct avtab_datum *d, void *p),
+		    void *p)
 {
-	u32 *buf;
-	u32 items, items2;
+	__le16 buf16[4];
+	u16 enabled;
+	__le32 buf32[7];
+	u32 items, items2, val;
+	struct avtab_key key;
+	struct avtab_datum datum;
+	int i, rc;
+
+	memset(&key, 0, sizeof(struct avtab_key));
+	memset(&datum, 0, sizeof(struct avtab_datum));
+
+	if (vers < POLICYDB_VERSION_AVTAB) {
+		rc = next_entry(buf32, fp, sizeof(u32));
+		if (rc < 0) {
+			printk(KERN_ERR "security: avtab: truncated entry\n");
+			return -1;
+		}
+		items2 = le32_to_cpu(buf32[0]);
+		if (items2 > ARRAY_SIZE(buf32)) {
+			printk(KERN_ERR "security: avtab: entry overflow\n");
+			return -1;
+
+		}
+		rc = next_entry(buf32, fp, sizeof(u32)*items2);
+		if (rc < 0) {
+			printk(KERN_ERR "security: avtab: truncated entry\n");
+			return -1;
+		}
+		items = 0;
+
+		val = le32_to_cpu(buf32[items++]);
+		key.source_type = (u16)val;
+		if (key.source_type != val) {
+			printk("security: avtab: truncated source type\n");
+			return -1;
+		}
+		val = le32_to_cpu(buf32[items++]);
+		key.target_type = (u16)val;
+		if (key.target_type != val) {
+			printk("security: avtab: truncated target type\n");
+			return -1;
+		}
+		val = le32_to_cpu(buf32[items++]);
+		key.target_class = (u16)val;
+		if (key.target_class != val) {
+			printk("security: avtab: truncated target class\n");
+			return -1;
+		}
+
+		val = le32_to_cpu(buf32[items++]);
+		enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
+
+		if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
+			printk("security: avtab: null entry\n");
+			return -1;
+		}
+		if ((val & AVTAB_AV) &&
+		    (val & AVTAB_TYPE)) {
+			printk("security: avtab: entry has both access vectors and types\n");
+			return -1;
+		}
 
-	memset(avkey, 0, sizeof(struct avtab_key));
-	memset(avdatum, 0, sizeof(struct avtab_datum));
+		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
+			if (val & spec_order[i]) {
+				key.specified = spec_order[i] | enabled;
+				datum.data = le32_to_cpu(buf32[items++]);
+				rc = insertf(a, &key, &datum, p);
+				if (rc) return rc;
+			}
+		}
 
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf) {
-		printk(KERN_ERR "security: avtab: truncated entry\n");
-		goto bad;
+		if (items != items2) {
+			printk("security: avtab: entry only had %d items, expected %d\n", items2, items);
+			return -1;
+		}
+		return 0;
 	}
-	items2 = le32_to_cpu(buf[0]);
-	buf = next_entry(fp, sizeof(u32)*items2);
-	if (!buf) {
-		printk(KERN_ERR "security: avtab: truncated entry\n");
-		goto bad;
+
+	rc = next_entry(buf16, fp, sizeof(u16)*4);
+	if (rc < 0) {
+		printk("security: avtab: truncated entry\n");
+		return -1;
 	}
+
 	items = 0;
-	avkey->source_type = le32_to_cpu(buf[items++]);
-	avkey->target_type = le32_to_cpu(buf[items++]);
-	avkey->target_class = le32_to_cpu(buf[items++]);
-	avdatum->specified = le32_to_cpu(buf[items++]);
-	if (!(avdatum->specified & (AVTAB_AV | AVTAB_TYPE))) {
-		printk(KERN_ERR "security: avtab: null entry\n");
-		goto bad;
+	key.source_type = le16_to_cpu(buf16[items++]);
+	key.target_type = le16_to_cpu(buf16[items++]);
+	key.target_class = le16_to_cpu(buf16[items++]);
+	key.specified = le16_to_cpu(buf16[items++]);
+
+	rc = next_entry(buf32, fp, sizeof(u32));
+	if (rc < 0) {
+		printk("security: avtab: truncated entry\n");
+		return -1;
 	}
-	if ((avdatum->specified & AVTAB_AV) &&
-	    (avdatum->specified & AVTAB_TYPE)) {
-		printk(KERN_ERR "security: avtab: entry has both access vectors and types\n");
-		goto bad;
-	}
-	if (avdatum->specified & AVTAB_AV) {
-		if (avdatum->specified & AVTAB_ALLOWED)
-			avtab_allowed(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_AUDITDENY)
-			avtab_auditdeny(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_AUDITALLOW)
-			avtab_auditallow(avdatum) = le32_to_cpu(buf[items++]);
-	} else {
-		if (avdatum->specified & AVTAB_TRANSITION)
-			avtab_transition(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_CHANGE)
-			avtab_change(avdatum) = le32_to_cpu(buf[items++]);
-		if (avdatum->specified & AVTAB_MEMBER)
-			avtab_member(avdatum) = le32_to_cpu(buf[items++]);
-	}
-	if (items != items2) {
-		printk(KERN_ERR "security: avtab: entry only had %d items, expected %d\n",
-		       items2, items);
-		goto bad;
-	}
+	datum.data = le32_to_cpu(*buf32);
+	return insertf(a, &key, &datum, p);
+}
 
-	return 0;
-bad:
-	return -1;
+static int avtab_insertf(struct avtab *a, struct avtab_key *k,
+			 struct avtab_datum *d, void *p)
+{
+	return avtab_insert(a, k, d);
 }
 
-int avtab_read(struct avtab *a, void *fp, u32 config)
+int avtab_read(struct avtab *a, void *fp, u32 vers)
 {
-	int i, rc = EINVAL;
-	struct avtab_key avkey;
-	struct avtab_datum avdatum;
-	u32 *buf;
-	u32 nel;
+	int rc;
+	__le32 buf[1];
+	u32 nel, i;
 
 
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf) {
+	rc = next_entry(buf, fp, sizeof(u32));
+	if (rc < 0) {
 		printk(KERN_ERR "security: avtab: truncated table\n");
 		goto bad;
 	}
 	nel = le32_to_cpu(buf[0]);
 	if (!nel) {
 		printk(KERN_ERR "security: avtab: table is empty\n");
+		rc = EINVAL;
 		goto bad;
 	}
 	for (i = 0; i < nel; i++) {
-		if (avtab_read_item(fp, &avdatum, &avkey))
-			goto bad;
-		rc = avtab_insert(a, &avkey, &avdatum);
+		rc = avtab_read_item(fp,vers, a, avtab_insertf, NULL);
 		if (rc) {
 			if (rc == ENOMEM)
 				printk(KERN_ERR "security: avtab: out of memory\n");
-			if (rc == EEXIST)
+			else if (rc == EEXIST)
 				printk(KERN_ERR "security: avtab: duplicate entry\n");
+			else
+				rc = EINVAL;
 			goto bad;
 		}
 	}
@@ -396,3 +436,20 @@
 	avtab_destroy(a);
 	goto out;
 }
+
+void avtab_cache_init(void)
+{
+/* XXX - use zone allocator */
+#ifdef SEBSDnotyet
+	avtab_node_cachep = kmem_cache_create("avtab_node",
+					      sizeof(struct avtab_node),
+					      0, SLAB_PANIC, NULL, NULL);
+#endif
+}
+
+void avtab_cache_destroy(void)
+{
+#ifdef SEBSDnotyet
+	kmem_cache_destroy (avtab_node_cachep);
+#endif
+}

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/avtab.h#5 (text+ko) ====

@@ -21,12 +21,9 @@
 #define _SS_AVTAB_H_
 
 struct avtab_key {
-	u32 source_type;	/* source type */
-	u32 target_type;	/* target type */
-	u32 target_class;	/* target object class */
-};
-
-struct avtab_datum {
+	u16 source_type;	/* source type */
+	u16 target_type;	/* target type */
+	u16 target_class;	/* target object class */
 #define AVTAB_ALLOWED     1
 #define AVTAB_AUDITALLOW  2
 #define AVTAB_AUDITDENY   4
@@ -35,15 +32,13 @@
 #define AVTAB_MEMBER     32
 #define AVTAB_CHANGE     64
 #define AVTAB_TYPE       (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
-#define AVTAB_ENABLED    0x80000000 /* reserved for used in cond_avtab */
-	u32 specified;	/* what fields are specified */
-	u32 data[3];	/* access vectors or types */
-#define avtab_allowed(x) (x)->data[0]
-#define avtab_auditdeny(x) (x)->data[1]
-#define avtab_auditallow(x) (x)->data[2]
-#define avtab_transition(x) (x)->data[0]
-#define avtab_change(x) (x)->data[1]
-#define avtab_member(x) (x)->data[2]
+#define AVTAB_ENABLED_OLD    0x80000000 /* reserved for used in cond_avtab */
+#define AVTAB_ENABLED    0x8000 /* reserved for used in cond_avtab */
+	u16 specified;	/* what fields are specified */
+};
+
+struct avtab_datum {
+	u32 data; /* access vector or type value */
 };
 
 struct avtab_node {
@@ -58,27 +53,26 @@
 };
 
 int avtab_init(struct avtab *);
-int avtab_insert(struct avtab *h, struct avtab_key *k, struct avtab_datum *d);
-struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k, int specified);
+struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k);
 void avtab_destroy(struct avtab *h);
-int avtab_map(struct avtab *h,
-	      int (*apply) (struct avtab_key *k,
-			    struct avtab_datum *d,
-			    void *args),
-	      void *args);
 void avtab_hash_eval(struct avtab *h, char *tag);
 
-int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey);
-int avtab_read(struct avtab *a, void *fp, u32 config);
+int avtab_read_item(void *fp, u32 vers, struct avtab *a,
+		    int (*insert)(struct avtab *a, struct avtab_key *k,
+				  struct avtab_datum *d, void *p),
+		    void *p);
+
+int avtab_read(struct avtab *a, void *fp, u32 vers);
 
 struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
 					  struct avtab_datum *datum);
 
-struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key, int specified);
+struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key);
 
 struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
 
 void avtab_cache_init(void);
+void avtab_cache_destroy(void);
 
 #define AVTAB_HASH_BITS 15
 #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS)

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#4 (text+ko) ====

@@ -94,18 +94,18 @@
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
 			if (new_state <= 0) {
-				cur->node->datum.specified &= ~AVTAB_ENABLED;
+				cur->node->key.specified &= ~AVTAB_ENABLED;
 			} else {
-				cur->node->datum.specified |= AVTAB_ENABLED;
+				cur->node->key.specified |= AVTAB_ENABLED;
 			}
 		}
 
 		for (cur = node->false_list; cur != NULL; cur = cur->next) {
 			/* -1 or 1 */
 			if (new_state) {
-				cur->node->datum.specified &= ~AVTAB_ENABLED;
+				cur->node->key.specified &= ~AVTAB_ENABLED;
 			} else {
-				cur->node->datum.specified |= AVTAB_ENABLED;
+				cur->node->key.specified |= AVTAB_ENABLED;
 			}
 		}
 	}
@@ -160,16 +160,14 @@
 
 void cond_policydb_destroy(struct policydb *p)
 {
-	if (p->bool_val_to_struct != NULL)
-		kfree(p->bool_val_to_struct);
+	kfree(p->bool_val_to_struct);
 	avtab_destroy(&p->te_cond_avtab);
 	cond_list_destroy(p->cond_list);
 }
 
 int cond_init_bool_indexes(struct policydb *p)
 {
-	if (p->bool_val_to_struct)
-		kfree(p->bool_val_to_struct);
+	kfree(p->bool_val_to_struct);
 	p->bool_val_to_struct = (struct cond_bool_datum**)
 		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
@@ -179,8 +177,7 @@
 
 int cond_destroy_bool(void *key, void *datum, void *p)
 {
-	if (key)
-		kfree(key);
+	kfree(key);
 	kfree(datum);
 	return 0;
 }
@@ -194,7 +191,7 @@
 	p = datap;
 
 	if (!booldatum->value || booldatum->value > p->p_bools.nprim)
-		return -EINVAL;
+		return EINVAL;
 
 	p->p_bool_val_to_name[booldatum->value - 1] = key;
 	p->bool_val_to_struct[booldatum->value -1] = booldatum;
@@ -213,15 +210,16 @@
 {
 	char *key = NULL;
 	struct cond_bool_datum *booldatum;
-	u32 *buf, len;
+	__le32 buf[3];
+	u32 len;
+	int rc;
 
-	booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
+	booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
 	if (!booldatum)
 		return -1;
-	memset(booldatum, 0, sizeof(struct cond_bool_datum));
 
-	buf = next_entry(fp, sizeof(u32) * 3);
-	if (!buf)
+	rc = next_entry(buf, fp, sizeof buf);
+	if (rc < 0)
 		goto err;
 
 	booldatum->value = le32_to_cpu(buf[0]);
@@ -233,13 +231,12 @@
 
 	len = le32_to_cpu(buf[2]);
 
-	buf = next_entry(fp, len);
-	if (!buf)
-		goto err;
 	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key)
 		goto err;
-	memcpy(key, buf, len);
+	rc = next_entry(key, fp, len);
+	if (rc < 0)
+		goto err;
 	key[len] = 0;
 	if (hashtab_insert(h, key, booldatum))
 		goto err;
@@ -250,102 +247,124 @@
 	return -1;
 }
 
-static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list,
-			     struct cond_av_list *other)
+struct cond_insertf_data
+{
+	struct policydb *p;
+	struct cond_av_list *other;
+	struct cond_av_list *head;
+	struct cond_av_list *tail;
+};
+
+static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr)
 {
-	struct cond_av_list *list, *last = NULL, *cur;
-	struct avtab_key key;
-	struct avtab_datum datum;
+	struct cond_insertf_data *data = ptr;
+	struct policydb *p = data->p;
+	struct cond_av_list *other = data->other, *list, *cur;
 	struct avtab_node *node_ptr;
-	int len, i;
-	u32 *buf;
 	u8 found;
 
-	*ret_list = NULL;
 
-	len = 0;
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf)
-		return -1;
-
-	len = le32_to_cpu(buf[0]);
-	if (len == 0) {
-		return 0;
-	}
-
-	for (i = 0; i < len; i++) {
-		if (avtab_read_item(fp, &datum, &key))
+	/*
+	 * For type rules we have to make certain there aren't any
+	 * conflicting rules by searching the te_avtab and the
+	 * cond_te_avtab.
+	 */
+	if (k->specified & AVTAB_TYPE) {
+		if (avtab_search(&p->te_avtab, k)) {
+			printk("security: type rule already exists outside of a conditional.");
 			goto err;
-
+		}
 		/*
-		 * For type rules we have to make certain there aren't any
-		 * conflicting rules by searching the te_avtab and the
-		 * cond_te_avtab.
+		 * If we are reading the false list other will be a pointer to
+		 * the true list. We can have duplicate entries if there is only
+		 * 1 other entry and it is in our true list.
+		 *
+		 * If we are reading the true list (other == NULL) there shouldn't
+		 * be any other entries.
 		 */
-		if (datum.specified & AVTAB_TYPE) {
-			if (avtab_search(&p->te_avtab, &key, AVTAB_TYPE)) {
-				printk("security: type rule already exists outside of a conditional.");
-				goto err;
-			}
-			/*
-			 * If we are reading the false list other will be a pointer to
-			 * the true list. We can have duplicate entries if there is only
-			 * 1 other entry and it is in our true list.
-			 *
-			 * If we are reading the true list (other == NULL) there shouldn't
-			 * be any other entries.
-			 */
-			if (other) {
-				node_ptr = avtab_search_node(&p->te_cond_avtab, &key, AVTAB_TYPE);
-				if (node_ptr) {
-					if (avtab_search_node_next(node_ptr, AVTAB_TYPE)) {
-						printk("security: too many conflicting type rules.");
-						goto err;
+		if (other) {
+			node_ptr = avtab_search_node(&p->te_cond_avtab, k);
+			if (node_ptr) {
+				if (avtab_search_node_next(node_ptr, k->specified)) {
+					printk("security: too many conflicting type rules.");
+					goto err;
+				}
+				found = 0;
+				for (cur = other; cur != NULL; cur = cur->next) {
+					if (cur->node == node_ptr) {
+						found = 1;
+						break;
 					}
-					found = 0;
-					for (cur = other; cur != NULL; cur = cur->next) {
-						if (cur->node == node_ptr) {
-							found = 1;
-							break;
-						}
-					}
-					if (!found) {
-						printk("security: conflicting type rules.");
-						goto err;
-					}
 				}
-			} else {
-				if (avtab_search(&p->te_cond_avtab, &key, AVTAB_TYPE)) {
-					printk("security: conflicting type rules when adding type rule for true.");
+				if (!found) {
+					printk("security: conflicting type rules.\n");
 					goto err;
 				}
 			}
+		} else {
+			if (avtab_search(&p->te_cond_avtab, k)) {
+				printk("security: conflicting type rules when adding type rule for true.\n");
+				goto err;
+			}
 		}
-		node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, &key, &datum);
-		if (!node_ptr) {
-			printk("security: could not insert rule.");
-			goto err;
-		}
+	}
+
+	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
+	if (!node_ptr) {
+		printk("security: could not insert rule.");
+		goto err;
+	}
+
+	list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
+	if (!list)
+		goto err;
+
+	list->node = node_ptr;
+	if (!data->head)
+		data->head = list;
+	else
+		data->tail->next = list;
+	data->tail = list;
+	return 0;
+
+err:
+	cond_av_list_destroy(data->head);
+	data->head = NULL;
+	return -1;
+}
+
+static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list **ret_list, struct cond_av_list *other)
+{
+	int i, rc;
+	__le32 buf[1];
+	u32 len;
+	struct cond_insertf_data data;
+
+	*ret_list = NULL;
+
+	len = 0;
+	rc = next_entry(buf, fp, sizeof(u32));
+	if (rc < 0)
+		return -1;
 
-		list = kmalloc(sizeof(struct cond_av_list), GFP_KERNEL);
-		if (!list)
-			goto err;
-		memset(list, 0, sizeof(struct cond_av_list));
+	len = le32_to_cpu(buf[0]);
+	if (len == 0) {
+		return 0;
+	}
 
-		list->node = node_ptr;
-		if (i == 0)
-			*ret_list = list;
-		else
-			last->next = list;
-		last = list;
+	data.p = p;
+	data.other = other;
+	data.head = NULL;
+	data.tail = NULL;
+	for (i = 0; i < len; i++) {
+		rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab, cond_insertf, &data);
+		if (rc)
+			return rc;
 
 	}
 
+	*ret_list = data.head;
 	return 0;
-err:
-	cond_av_list_destroy(*ret_list);
-	*ret_list = NULL;
-	return -1;
 }
 
 static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
@@ -364,40 +383,42 @@
 
 static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 {
-	u32 *buf;
-	int len, i;
+	__le32 buf[2];
+	u32 len, i;
+	int rc;
 	struct cond_expr *expr = NULL, *last = NULL;
 
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf)
+	rc = next_entry(buf, fp, sizeof(u32));
+	if (rc < 0)
 		return -1;
 
 	node->cur_state = le32_to_cpu(buf[0]);
 
 	len = 0;
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf)
+	rc = next_entry(buf, fp, sizeof(u32));
+	if (rc < 0)
 		return -1;
 
 	/* expr */
 	len = le32_to_cpu(buf[0]);
 
 	for (i = 0; i < len; i++ ) {
-		buf = next_entry(fp, sizeof(u32) * 2);
-		if (!buf)
+		rc = next_entry(buf, fp, sizeof(u32) * 2);
+		if (rc < 0)
 			goto err;
 
-		expr = kmalloc(sizeof(struct cond_expr), GFP_KERNEL);
+		expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
 		if (!expr) {
 			goto err;
 		}
-		memset(expr, 0, sizeof(struct cond_expr));
 
 		expr->expr_type = le32_to_cpu(buf[0]);
 		expr->bool = le32_to_cpu(buf[1]);
 
-		if (!expr_isvalid(p, expr))
+		if (!expr_isvalid(p, expr)) {
+			kfree(expr);
 			goto err;
+		}
 
 		if (i == 0) {
 			node->expr = expr;
@@ -420,20 +441,20 @@
 int cond_read_list(struct policydb *p, void *fp)
 {
 	struct cond_node *node, *last = NULL;
-	u32 *buf;
-	int i, len;
+	__le32 buf[1];
+	u32 i, len;
+	int rc;
 
-	buf = next_entry(fp, sizeof(u32));
-	if (!buf)
+	rc = next_entry(buf, fp, sizeof buf);
+	if (rc < 0)
 		return -1;
 
 	len = le32_to_cpu(buf[0]);
 
 	for (i = 0; i < len; i++) {
-		node = kmalloc(sizeof(struct cond_node), GFP_KERNEL);
+		node = kzalloc(sizeof(struct cond_node), GFP_KERNEL);
 		if (!node)
 			goto err;
-		memset(node, 0, sizeof(struct cond_node));
 
 		if (cond_read_node(p, node, fp) != 0)
 			goto err;
@@ -448,6 +469,7 @@
 	return 0;
 err:
 	cond_list_destroy(p->cond_list);
+	p->cond_list = NULL;
 	return -1;
 }
 
@@ -461,22 +483,22 @@
 	if(!ctab || !key || !avd)
 		return;
 
-	for(node = avtab_search_node(ctab, key, AVTAB_AV); node != NULL;
-				node = avtab_search_node_next(node, AVTAB_AV)) {
-		if ( (u32) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
-		     (node->datum.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
-			avd->allowed |= avtab_allowed(&node->datum);
-		if ( (u32) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
-		     (node->datum.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
+	for(node = avtab_search_node(ctab, key); node != NULL;
+				node = avtab_search_node_next(node, key->specified)) {
+		if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
+		     (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
+			avd->allowed |= node->datum.data;
+		if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
+		     (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
 			/* Since a '0' in an auditdeny mask represents a
 			 * permission we do NOT want to audit (dontaudit), we use
 			 * the '&' operand to ensure that all '0's in the mask
 			 * are retained (much unlike the allow and auditallow cases).
 			 */
-			avd->auditdeny &= avtab_auditdeny(&node->datum);
-		if ( (u32) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
-		     (node->datum.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
-			avd->auditallow |= avtab_auditallow(&node->datum);
+			avd->auditdeny &= node->datum.data;
+		if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
+		     (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
+			avd->auditallow |= node->datum.data;
 	}
 	return;
 }

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/constraint.h#5 (text+ko) ====

@@ -31,6 +31,13 @@
 #define CEXPR_ROLE 2		/* role */
 #define CEXPR_TYPE 4		/* type */
 #define CEXPR_TARGET 8		/* target if set, source otherwise */
+#define CEXPR_XTARGET 16	/* special 3rd target for validatetrans rule */
+#define CEXPR_L1L2 32		/* low level 1 vs. low level 2 */
+#define CEXPR_L1H2 64		/* low level 1 vs. high level 2 */
+#define CEXPR_H1L2 128		/* high level 1 vs. low level 2 */
+#define CEXPR_H1H2 256		/* high level 1 vs. high level 2 */
+#define CEXPR_L1H1 512		/* low level 1 vs. high level 1 */
+#define CEXPR_L2H2 1024		/* low level 2 vs. high level 2 */
 	u32 attr;		/* attribute */
 
 #define CEXPR_EQ     1		/* == or eq */

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/context.h#5 (text+ko) ====

@@ -17,6 +17,7 @@
 

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604201437.k3KEbOTA057654>