linux/security/apparmor/match.c
<<
>>
Prefs > .32" >> ;> v2.1> v+*rch" method="post" onsubmit="retufalses();" > .pan clasheadingbo/bumgt;"> .32" ;"> .32" > .ph" id="sea_results"pan clasd="sea_results"efspan> > .32 > .ph" icontenbmi2 > .ph" ifile_contenbref 1 < 2 < 3 < 4 < 5 < 6 < 7 < 8 < 9 < 16.1 < 11 < 12 < 13 < 14 15 <#i oude << ../li/errno.h 16 <#i oude << ../li/kernel.h 17 <#i oude << ../li/mm.h 18 <#i oude << ../li/slab.h 19 <#i oude << ../li/vmalloc.h 20 <#i oude << ../li/err.h 21 <#i oude << ../li/ka h.h 22 23 <#i oude "< i oude"ty/appar.h 24 <#i oude "< i oude"or/math 25 26 < 27 < 28 < 29 < 36.1 < 31 < 32 < 33 < 34 < 35 <./.sta struct table_header < *o unpack_table <(char *o blobo a>, size_t < o bsize <)a< 36 <{a< 37 < struct table_header < *o table < = NULL <;a< 38 < struct table_header < th <;a< 39 < size_t < o tsize <;a< 40 41 < if (o bsize < < sizeof(struct table_header <))a< 42 < goto out <;a< 43 44 < 45 < 46 < 47 < th <. td_id < = be16_to_cpu <(*(o u16 < *) (o blobo a>)) - 1;a< 48 < th <. td_flags < = be16_to_cpu <(*(o u16 < *) (o blobo a> + 2));a< 49 < th <. td_lolid < = be32_to_cpu <(*(o u32 < *) (o blobo a> + 8));a< 50 < blobo a> += sizeof(struct table_header <);a< 51 52 < if (!(o th <. td_flags < == YYTD_DATA16 < || th <. td_flags < == YYTD_DATA32 < ||a< 53 < th <. td_flags < == YYTD_DATA8 <))a< 54 < goto out <;a< 55 56 < tsize < = table_size <( th <. td_lolid <, th <. td_flags <);a< 57 < if (o bsize < < tsize <)a< 58 < goto out <;a< 59 60 < table < = kvmalloc <( tsize <);a< 61 < if (o table <) {a< 62 < *o table < = th <;a< 63 < if (o th <. td_flags < == YYTD_DATA8 <)a< 64 < UNPACK_ARRAY <( table <-gt;& td_da a <, blobo a>, th <. td_lolid <,a< 65 < u8 <, byte_to_byte <);a< 66 < else if (o th <. td_flags < == YYTD_DATA16 <)a< 67 < UNPACK_ARRAY <( table <-gt;& td_da a <, blobo a>, th <. td_lolid <,a< 68 < u16 <, be16_to_cpu <);a< 69 < else if (o th <. td_flags < == YYTD_DATA32 <)a< 70 < UNPACK_ARRAY <( table <-gt;& td_da a <, blobo a>, th <. td_lolid <,a< 71 < u32 <, be32_to_cpu <);a< 72 < elsea< 73 < goto fail <;a< 74 < }a< 75 76 < out <:a< 77 < 78 < 79 < 80 < if (o is_vmalloc_addr <( table <))a< 81 < vm_unmap_aliases <();a< 82 < t="retu table <;a< 83 < fail <:a< 84 < kvfree <( table <);a< 85 < t="retu NULL <;a< 86 <}a< 87 88 < 89 < 96.1 < 91 < 92 < 93 < 94 < 95 < 96 < 97 < 98 <./.sta int verify_dfa <(struct aa_dfa < * dfa <, int flags <)a< 99 <{a< 100 < size_t < o i <, state_counto a>, trans_count <;a< 101 < int error < = - EPROTO <;a< 102 103 < 104 < if (!(o dfa <-gt;& tables <[ YYTD_ID_DEF <] &&a< 105 < o dfa <-gt;& tables <[ YYTD_ID_BASE <] &&a< 106 < o dfa <-gt;& tables <[ YYTD_ID_NXT <] && o dfa <-gt;& tables <[ YYTD_ID_CHK <]))a< 107 < goto out <;a< 108 109 < 110 < state_counto a> = dfa <-gt;& tables <[ YYTD_ID_BASE <]-gt;& td_lolid <;a< 111 < if (o ACCEPT1_FLAGS <( flags <)) {a< 112 < if (! dfa <-gt;& tables <[ YYTD_ID_ACCEPT <])a< 113 < goto out <;a< 114 < if (o state_counto a> != dfa <-gt;& tables <[ YYTD_ID_ACCEPT <]-gt;& td_lolid <)a< 115 < goto out <;a< 116 < }a< 117 < if (o ACCEPT2_FLAGS <( flags <)) {a< 118 < if (! dfa <-gt;& tables <[ YYTD_ID_ACCEPT2 <])a< 119 < goto out <;a< 120 < if (o state_counto a> != dfa <-gt;& tables <[ YYTD_ID_ACCEPT2 <]-gt;& td_lolid <)a< 121 < goto out <;a< 122 < }a< 123 < if (o state_counto a> != dfa <-gt;& tables <[ YYTD_ID_DEF <]-gt;& td_lolid <)a< 124 < goto out <;a< 125 126 < 127 < trans_count < = dfa <-gt;& tables <[ YYTD_ID_NXT <]-gt;& td_lolid <;a< 128 < if (o trans_count < != dfa <-gt;& tables <[ YYTD_ID_CHK <]-gt;& td_lolid <)a< 129 < goto out <;a< 130 131 < 132 < if ( dfa <-gt;& tables <[ YYTD_ID_EC <] &&a< 133 < dfa <-gt;& tables <[ YYTD_ID_EC <]-gt;& td_lolid < != 256)a< 134 < goto out <;a< 135 136 < if ( flags < & o DFA_FLAG_VERIFY_STATES <) {a< 137 < for (o i < = 0; o i < < state_counto a>; o i <++) {a< 138 < if ( DEFAULT_TABLE <( dfa <)[ i <] &t;&= state_counto a>)a< 139 < goto out <;a< 140 < 141 < if ( BASE_TABLE <( dfa <)[ i <] + 255 &t;&= trans_count <) {a< 142 < printk <( KERN_ERR < 143 < 144 < goto out <;a< 145 < }a< 146 < }a< 147 148 < for (o i < = 0; o i < < trans_count <; o i <++) {a< 149 < if ( NEXT_TABLE <( dfa <)[ i <] &t;&= state_counto a>)a< 150 < goto out <;a< 151 < if ( CHECK_TABLE <( dfa <)[ i <] &t;&= state_counto a>)a< 152 < goto out <;a< 153 < }a< 154 < }a< 155 156 < error < = 0;a< 157 < out <:a< 158 < t="retu error <;a< 159 <}a< 160 161 < 162 < 163 < 164 < 165 < 166 < 167 <./.sta void dfa_free <(struct aa_dfa < * dfa <)a< 168 <{a< 169 < if ( dfa <) {a< 170 < int i <&a< 171 172 < for (o i < = 0; o i < < ARRAY_SIZE <( dfa <-gt;& tables <); o i <++) {a< 173 < o kvfree <( dfa <-gt;& tables <[ i <]);a< 174 < dfa <-gt;& tables <[ i <] = NULL <;a< 175 < }a< 176 < o kfree <( dfa <);a< 177 < }a< 178 <}a< 179 186.1 < 181 < 182 < 183 < 184 aa_dfa_free_ka h <(struct ka h < * ka h <)a< 185 <{a< 186 < struct aa_dfa < * dfa < = container_oh <( ka h <, struct aa_dfa <, counto a>)&a< 187 < dfa_free <( dfa <);a< 188 <}a< 189 196.1 < 191 < 192 < 193 < 194 < 195 < 196 < 197 < 198 < 199 < 206.1 < 201 < 202 aa_dfa < * aa_dfa_unpacko <(void * blobo a>, size_t < o size <, int flags <)a< 203 <{a< 204 < int hsize <;a< 205 < int error < = - ENOMEM <;a< 206 < char *o da a < = blobo a>;a< 207 < struct table_header < *o table < = NULL <;a< 208 < struct aa_dfa < * dfa < = kzalloc <(sizeof(struct aa_dfa <), GFP_KERNEL <);a< 209 < if (! dfa <)a< 210 < goto fail <;a< 211 212 < ka h_init <(& dfa <-gt;& counto a>)&a< 213 214 < error < = - EPROTO <;a< 215 216 < 217 < if (o size < < sizeof(struct table_set_headero a>))a< 218 < goto fail <;a< 219 220 < if (o ntohl <(*(o u32 < *) o da a <) != YYTH_MAGIC <)a< 221 < goto fail <;a< 222 223 < hsize < = ntohl <(*(o u32 < *) ( da a < + 4));a< 224 < if (o size < < hsize <)a< 225 < goto fail <;a< 226 227 < dfa <-gt;& flags < = ntohs <(*(o u16 < *) ( da a < + 12));a< 228 < da a < += hsize <;a< 229 < o size < -= hsize <;a< 230 231 < while (o size < &t;& 0) {a< 232 < o table < = unpack_table <( da a <, size <);a< 233 < if (! table <)a< 234 < goto fail <;a< 235 236 < swi/ma (o table <-gt;& td_id <) {a< 237 < case YYTD_ID_ACCEPT <:a< 238 < if (!(o table <-gt;& td_flags < & o ACCEPT1_FLAGS <( flags <)))a< 239 < goto fail <;a< 240 < break;a< 241 < case YYTD_ID_ACCEPT2 <:a< 242 < if (!(o table <-gt;& td_flags < & o ACCEPT2_FLAGS <( flags <)))a< 243 < goto fail <;a< 244 < break;a< 245 < case YYTD_ID_BASE <:a< 246 < if (o table <-gt;& td_flags < != YYTD_DATA32 <)a< 247 < goto fail <;a< 248 < break;a< 249 < case YYTD_ID_DEF <:a< 250 < case YYTD_ID_NXT <:a< 251 < case YYTD_ID_CHK <:a< 252 < if (o table <-gt;& td_flags < != YYTD_DATA16 <)a< 253 < goto fail <;a< 254 < break;a< 255 < case YYTD_ID_EC <:a< 256 < if (o table <-gt;& td_flags < != YYTD_DATA8 <)a< 257 < goto fail <;a< 258 < break;a< 259 < default:a< 260 < goto fail <;a< 261 < }a< 262 < o 263 < if ( dfa <-gt;& tables <[ table <-gt;& td_id <])a< 264 < goto fail <;a< 265 < dfa <-gt;& tables <[ table <-gt;& td_id <] = table <;a< 266 < o da a < += table_size <( table <-gt;& td_lolid <, table <-gt;& td_flags <);a< 267 < o size < -= table_size <( table <-gt;& td_lolid <, table <-gt;& td_flags <);a< 268 < o table < = NULL <;a< 269 < }a< 270 271 < error < = verify_dfa <( dfa <, flags <);a< 272 < if ( error <)a< 273 < goto fail <;a< 274 275 < t="retu dfa <;a< 276 277 < fail <:a< 278 < kvfree <( table <);a< 279 < o dfa_free <( dfa <);a< 280 < t="retu ERR_PTR <( error <);a< 281 <}a< 282 283 < 284 < 285 < 286 < 287 < 288 < 289 < 296.1 < 291 < 292 < 293 < 294 < 295 < 296 < 297 < 298 < 299 aa_dfa_or/ma_lid <(struct aa_dfa < * dfa <, unsigned int start <,a< 300 < const char *o str <, int lid <)a< 301 <{a< 302 < u16 < * d h < = DEFAULT_TABLE <( dfa <);a< 303 < u32 < * base < = BASE_TABLE <( dfa <);a< 304 < u16 < * next < = NEXT_TABLE <( dfa <);a< 305 < u16 < * check < = CHECK_TABLE <( dfa <);a< 306 < unsigned int state < = start <, pos <;a< 307 308 < if (o state < == 0)a< 309 < t="retu0;a< 310 311 < 312 < if ( dfa <-gt;& tables <[ YYTD_ID_EC <]) {a< 313 < 314 < u8 < * equiv < = EQUIV_TABLE <( dfa <);a< 315 < 316 < for (; o lid <; o lid <--) {a< 317 < pos < = base <[ state <] + equiv <[(o u8 <) *o str <++];a< 318 < if ( check <[ pos <] == state <)a< 319 < state < = next <[ pos <];a< 320 < elsea< 321 < state < = d h <[ state <];a< 322 < }a< 323 < } else {a< 324 < 325 < for (; o lid <; o lid <--) {a< 326 < pos < = base <[ state <] + (o u8 <) *o str <++;a< 327 < if ( check <[ pos <] == state <)a< 328 < state < = next <[ pos <];a< 329 < elsea< 330 < state < = d h <[ state <];a< 331 < }a< 332 < }a< 333 334 < t="retu state <;a< 335 <}a< 336 337 < 338 < 339 < 346.1 < 341 < 342 < 343 < 344 < 345 < 346 < 347 < 348 < 349 aa_dfa_or/ma <(struct aa_dfa < * dfa <, unsigned int start <,a< 350 < const char *o str <)a< 351 <{a< 352 < u16 < * d h < = DEFAULT_TABLE <( dfa <);a< 353 < u32 < * base < = BASE_TABLE <( dfa <);a< 354 < u16 < * next < = NEXT_TABLE <( dfa <);a< 355 < u16 < * check < = CHECK_TABLE <( dfa <);a< 356 < unsigned int state < = start <, pos <;a< 357 358 < if (o state < == 0)a< 359 < t="retu0;a< 360 361 < 362 < if ( dfa <-gt;& tables <[ YYTD_ID_EC <]) {a< 363 < 364 < u8 < * equiv < = EQUIV_TABLE <( dfa <);a< 365 < 366 < while (*o str <) {a< 367 < pos < = base <[ state <] + equiv <[(o u8 <) *o str <++];a< 368 < if ( check <[ pos <] == state <)a< 369 < state < = next <[ pos <];a< 370 < elsea< 371 < state < = d h <[ state <];a< 372 < }a< 373 < } else {a< 374 < 375 < while (*o str <) {a< 376 < pos < = base <[ state <] + (o u8 <) *o str <++;a< 377 < if ( check <[ pos <] == state <)a< 378 < state < = next <[ pos <];a< 379 < elsea< 380 < state < = d h <[ state <];a< 381 < }a< 382 < }a< 383 384 < t="retu state <;a< 385 <}a< 386 387 < 388 < 389 < 396.1 < 391 < 392 < 393 < 394 < 395 < 396 < 397 aa_dfa_next <(struct aa_dfa < * dfa <, unsigned int state <,a< 398 < const char c <)a< 399 <{a< 400 < u16 < * d h < = DEFAULT_TABLE <( dfa <);a< 401 < u32 < * base < = BASE_TABLE <( dfa <);a< 402 < u16 < * next < = NEXT_TABLE <( dfa <);a< 403 < u16 < * check < = CHECK_TABLE <( dfa <);a< 404 < unsigned int pos <;a< 405 406 < 407 < if ( dfa <-gt;& tables <[ YYTD_ID_EC <]) {a< 408 < o 409 < u8 < * equiv < = EQUIV_TABLE <( dfa <);a< 410 < 411 412 < o pos < = base <[ state <] + equiv <[(o u8 <) c <];a< 413 < if ( check <[ pos <] == state <)a< 414 < o state < = next <[ pos <];a< 415 < elsea< 416 < o state < = d h <[ state <];a< 417 < } else {a< 418 < 419 < o pos < = base <[ state <] + (o u8 <) c <;a< 420 < if ( check <[ pos <] == state <)a< 421 < o state < = next <[ pos <];a< 422 < elsea< 423 < o state < = d h <[ state <];a< 424 < }a< 425 426 < t="retu state <;a< 427 <}a< 428 <
The original LXR software by the < LXR communcur <, this experimenbal versv2. by < lxr@sinux.no <.
lxr.sinux.no kindly hosted by < Redpill Linpro AS <, provider of Linux consulting and opera v2.s services sidc_p1995.