[deliverable/linux.git] / security / selinux / ss / sidtab.c

/*
 * Implementation of the SID table type.
 *
 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
 */
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/errno.h>
#include <linux/sched.h>
#include "flask.h"
#include "security.h"
#include "sidtab.h"

#define SIDTAB_HASH(sid) \
(sid & SIDTAB_HASH_MASK)

#define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock)
#define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x)
#define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x)

int sidtab_init(struct sidtab *s)
{
	int i;

	s->htable = kmalloc(sizeof(*(s->htable)) * SIDTAB_SIZE, GFP_ATOMIC);
	if (!s->htable)
		return -ENOMEM;
	for (i = 0; i < SIDTAB_SIZE; i++)
		s->htable[i] = NULL;
	s->nel = 0;
	s->next_sid = 1;
	s->shutdown = 0;
	INIT_SIDTAB_LOCK(s);
	return 0;
}

int sidtab_insert(struct sidtab *s, u32 sid, struct context *context)
{
	int hvalue, rc = 0;
	struct sidtab_node *prev, *cur, *newnode;

	if (!s) {
		rc = -ENOMEM;
		goto out;
	}

	hvalue = SIDTAB_HASH(sid);
	prev = NULL;
	cur = s->htable[hvalue];
	while (cur != NULL && sid > cur->sid) {
		prev = cur;
		cur = cur->next;
	}

	if (cur && sid == cur->sid) {
		rc = -EEXIST;
		goto out;
	}

	newnode = kmalloc(sizeof(*newnode), GFP_ATOMIC);
	if (newnode == NULL) {
		rc = -ENOMEM;
		goto out;
	}
	newnode->sid = sid;
	if (context_cpy(&newnode->context, context)) {
		kfree(newnode);
		rc = -ENOMEM;
		goto out;
	}

	if (prev) {
		newnode->next = prev->next;
		wmb();
		prev->next = newnode;
	} else {
		newnode->next = s->htable[hvalue];
		wmb();
		s->htable[hvalue] = newnode;
	}

	s->nel++;
	if (sid >= s->next_sid)
		s->next_sid = sid + 1;
out:
	return rc;
}

struct context *sidtab_search(struct sidtab *s, u32 sid)
{
	int hvalue;
	struct sidtab_node *cur;

	if (!s)
		return NULL;

	hvalue = SIDTAB_HASH(sid);
	cur = s->htable[hvalue];
	while (cur != NULL && sid > cur->sid)
		cur = cur->next;

	if (cur == NULL || sid != cur->sid) {
		/* Remap invalid SIDs to the unlabeled SID. */
		sid = SECINITSID_UNLABELED;
		hvalue = SIDTAB_HASH(sid);
		cur = s->htable[hvalue];
		while (cur != NULL && sid > cur->sid)
			cur = cur->next;
		if (!cur || sid != cur->sid)
			return NULL;
	}

	return &cur->context;
}

int sidtab_map(struct sidtab *s,
	       int (*apply) (u32 sid,
			     struct context *context,
			     void *args),
	       void *args)
{
	int i, rc = 0;
	struct sidtab_node *cur;

	if (!s)
		goto out;

	for (i = 0; i < SIDTAB_SIZE; i++) {
		cur = s->htable[i];
		while (cur != NULL) {
			rc = apply(cur->sid, &cur->context, args);
			if (rc)
				goto out;
			cur = cur->next;
		}
	}
out:
	return rc;
}

void sidtab_map_remove_on_error(struct sidtab *s,
				int (*apply) (u32 sid,
					      struct context *context,
					      void *args),
				void *args)
{
	int i, ret;
	struct sidtab_node *last, *cur, *temp;

	if (!s)
		return;

	for (i = 0; i < SIDTAB_SIZE; i++) {
		last = NULL;
		cur = s->htable[i];
		while (cur != NULL) {
			ret = apply(cur->sid, &cur->context, args);
			if (ret) {
				if (last) {
					last->next = cur->next;
				} else {
					s->htable[i] = cur->next;
				}

				temp = cur;
				cur = cur->next;
				context_destroy(&temp->context);
				kfree(temp);
				s->nel--;
			} else {
				last = cur;
				cur = cur->next;
			}
		}
	}

	return;
}

static inline u32 sidtab_search_context(struct sidtab *s,
						  struct context *context)
{
	int i;
	struct sidtab_node *cur;

	for (i = 0; i < SIDTAB_SIZE; i++) {
		cur = s->htable[i];
		while (cur != NULL) {
			if (context_cmp(&cur->context, context))
				return cur->sid;
			cur = cur->next;
		}
	}
	return 0;
}

int sidtab_context_to_sid(struct sidtab *s,
			  struct context *context,
			  u32 *out_sid)
{
	u32 sid;
	int ret = 0;
	unsigned long flags;

	*out_sid = SECSID_NULL;

	sid = sidtab_search_context(s, context);
	if (!sid) {
		SIDTAB_LOCK(s, flags);
		/* Rescan now that we hold the lock. */
		sid = sidtab_search_context(s, context);
		if (sid)
			goto unlock_out;
		/* No SID exists for the context.  Allocate a new one. */
		if (s->next_sid == UINT_MAX || s->shutdown) {
			ret = -ENOMEM;
			goto unlock_out;
		}
		sid = s->next_sid++;
		ret = sidtab_insert(s, sid, context);
		if (ret)
			s->next_sid--;
unlock_out:
		SIDTAB_UNLOCK(s, flags);
	}

	if (ret)
		return ret;

	*out_sid = sid;
	return 0;
}

void sidtab_hash_eval(struct sidtab *h, char *tag)
{
	int i, chain_len, slots_used, max_chain_len;
	struct sidtab_node *cur;

	slots_used = 0;
	max_chain_len = 0;
	for (i = 0; i < SIDTAB_SIZE; i++) {
		cur = h->htable[i];
		if (cur) {
			slots_used++;
			chain_len = 0;
			while (cur) {
				chain_len++;
				cur = cur->next;
			}

			if (chain_len > max_chain_len)
				max_chain_len = chain_len;
		}
	}

	printk(KERN_INFO "%s:  %d entries and %d/%d buckets used, longest "
	       "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
	       max_chain_len);
}

void sidtab_destroy(struct sidtab *s)
{
	int i;
	struct sidtab_node *cur, *temp;

	if (!s)
		return;

	for (i = 0; i < SIDTAB_SIZE; i++) {
		cur = s->htable[i];
		while (cur != NULL) {
			temp = cur;
			cur = cur->next;
			context_destroy(&temp->context);
			kfree(temp);
		}
		s->htable[i] = NULL;
	}
	kfree(s->htable);
	s->htable = NULL;
	s->nel = 0;
	s->next_sid = 1;
}

void sidtab_set(struct sidtab *dst, struct sidtab *src)
{
	unsigned long flags;

	SIDTAB_LOCK(src, flags);
	dst->htable = src->htable;
	dst->nel = src->nel;
	dst->next_sid = src->next_sid;
	dst->shutdown = 0;
	SIDTAB_UNLOCK(src, flags);
}

void sidtab_shutdown(struct sidtab *s)
{
	unsigned long flags;

	SIDTAB_LOCK(s, flags);
	s->shutdown = 1;
	SIDTAB_UNLOCK(s, flags);
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Implementation of the SID table type.
	3	*
	4	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
	5	*/
	6	#include <linux/kernel.h>
	7	#include <linux/slab.h>
	8	#include <linux/spinlock.h>
	9	#include <linux/errno.h>
	10	#include <linux/sched.h>
	11	#include "flask.h"
	12	#include "security.h"
	13	#include "sidtab.h"
	14
	15	#define SIDTAB_HASH(sid) \
	16	(sid & SIDTAB_HASH_MASK)
	17
	18	#define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock)
	19	#define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x)
	20	#define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x)
	21
	22	int sidtab_init(struct sidtab *s)
	23	{
	24	int i;
	25
	26	s->htable = kmalloc(sizeof((s->htable)) SIDTAB_SIZE, GFP_ATOMIC);
	27	if (!s->htable)
	28	return -ENOMEM;
	29	for (i = 0; i < SIDTAB_SIZE; i++)
	30	s->htable[i] = NULL;
	31	s->nel = 0;
	32	s->next_sid = 1;
	33	s->shutdown = 0;
	34	INIT_SIDTAB_LOCK(s);
	35	return 0;
	36	}
	37
	38	int sidtab_insert(struct sidtab s, u32 sid, struct context context)
	39	{
	40	int hvalue, rc = 0;
	41	struct sidtab_node prev, cur, *newnode;
	42
	43	if (!s) {
	44	rc = -ENOMEM;
	45	goto out;
	46	}
	47
	48	hvalue = SIDTAB_HASH(sid);
	49	prev = NULL;
	50	cur = s->htable[hvalue];
	51	while (cur != NULL && sid > cur->sid) {
	52	prev = cur;
	53	cur = cur->next;
	54	}
	55
	56	if (cur && sid == cur->sid) {
	57	rc = -EEXIST;
	58	goto out;
	59	}
	60
	61	newnode = kmalloc(sizeof(*newnode), GFP_ATOMIC);
	62	if (newnode == NULL) {
	63	rc = -ENOMEM;
	64	goto out;
65	}
66	newnode->sid = sid;
67	if (context_cpy(&newnode->context, context)) {
68	kfree(newnode);
69	rc = -ENOMEM;
70	goto out;
71	}
72
73	if (prev) {
74	newnode->next = prev->next;
75	wmb();
76	prev->next = newnode;
77	} else {
78	newnode->next = s->htable[hvalue];
79	wmb();
80	s->htable[hvalue] = newnode;
81	}
82
83	s->nel++;
84	if (sid >= s->next_sid)
85	s->next_sid = sid + 1;
86	out:
87	return rc;
88	}
89
90	struct context sidtab_search(struct sidtab s, u32 sid)
91	{
92	int hvalue;
93	struct sidtab_node *cur;
94
95	if (!s)
96	return NULL;
97
98	hvalue = SIDTAB_HASH(sid);
99	cur = s->htable[hvalue];
100	while (cur != NULL && sid > cur->sid)
101	cur = cur->next;
102
103	if (cur == NULL \|\| sid != cur->sid) {
104	/* Remap invalid SIDs to the unlabeled SID. */
105	sid = SECINITSID_UNLABELED;
106	hvalue = SIDTAB_HASH(sid);
107	cur = s->htable[hvalue];
108	while (cur != NULL && sid > cur->sid)
109	cur = cur->next;
110	if (!cur \|\| sid != cur->sid)
111	return NULL;
112	}
113
114	return &cur->context;
115	}
116
117	int sidtab_map(struct sidtab *s,
118	int (*apply) (u32 sid,
119	struct context *context,
120	void *args),
121	void *args)
122	{
123	int i, rc = 0;
124	struct sidtab_node *cur;
125
126	if (!s)
127	goto out;
128
129	for (i = 0; i < SIDTAB_SIZE; i++) {
130	cur = s->htable[i];
131	while (cur != NULL) {
132	rc = apply(cur->sid, &cur->context, args);
133	if (rc)
134	goto out;
135	cur = cur->next;
136	}
137	}
138	out:
139	return rc;
140	}
141
142	void sidtab_map_remove_on_error(struct sidtab *s,
143	int (*apply) (u32 sid,
144	struct context *context,
145	void *args),
146	void *args)
147	{
148	int i, ret;
149	struct sidtab_node last, cur, *temp;
150
151	if (!s)
152	return;
153
154	for (i = 0; i < SIDTAB_SIZE; i++) {
155	last = NULL;
156	cur = s->htable[i];
157	while (cur != NULL) {
158	ret = apply(cur->sid, &cur->context, args);
159	if (ret) {
160	if (last) {
161	last->next = cur->next;
162	} else {
163	s->htable[i] = cur->next;
164	}
165
166	temp = cur;
167	cur = cur->next;
168	context_destroy(&temp->context);
169	kfree(temp);
170	s->nel--;
171	} else {
172	last = cur;
173	cur = cur->next;
174	}
175	}
176	}
177
178	return;
179	}
180
181	static inline u32 sidtab_search_context(struct sidtab *s,
182	struct context *context)
183	{
184	int i;
185	struct sidtab_node *cur;
186
187	for (i = 0; i < SIDTAB_SIZE; i++) {
188	cur = s->htable[i];
189	while (cur != NULL) {
190	if (context_cmp(&cur->context, context))
191	return cur->sid;
192	cur = cur->next;
193	}
194	}
195	return 0;
196	}
197
198	int sidtab_context_to_sid(struct sidtab *s,
199	struct context *context,
200	u32 *out_sid)
201	{
202	u32 sid;
203	int ret = 0;
204	unsigned long flags;
205
206	*out_sid = SECSID_NULL;
207
208	sid = sidtab_search_context(s, context);
209	if (!sid) {
210	SIDTAB_LOCK(s, flags);
211	/* Rescan now that we hold the lock. */
212	sid = sidtab_search_context(s, context);
213	if (sid)
214	goto unlock_out;
215	/* No SID exists for the context. Allocate a new one. */
216	if (s->next_sid == UINT_MAX \|\| s->shutdown) {
217	ret = -ENOMEM;
218	goto unlock_out;
219	}
220	sid = s->next_sid++;
221	ret = sidtab_insert(s, sid, context);
222	if (ret)
223	s->next_sid--;
224	unlock_out:
225	SIDTAB_UNLOCK(s, flags);
226	}
227
228	if (ret)
229	return ret;
230
231	*out_sid = sid;
232	return 0;
233	}
234
235	void sidtab_hash_eval(struct sidtab h, char tag)
236	{
237	int i, chain_len, slots_used, max_chain_len;
238	struct sidtab_node *cur;
239
240	slots_used = 0;
241	max_chain_len = 0;
242	for (i = 0; i < SIDTAB_SIZE; i++) {
243	cur = h->htable[i];
244	if (cur) {
245	slots_used++;
246	chain_len = 0;
247	while (cur) {
248	chain_len++;
249	cur = cur->next;
250	}
251
252	if (chain_len > max_chain_len)
253	max_chain_len = chain_len;
254	}
255	}
256
257	printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest "
258	"chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
259	max_chain_len);
260	}
261
262	void sidtab_destroy(struct sidtab *s)
263	{
264	int i;
265	struct sidtab_node cur, temp;
266
267	if (!s)
268	return;
269
270	for (i = 0; i < SIDTAB_SIZE; i++) {
271	cur = s->htable[i];
272	while (cur != NULL) {
273	temp = cur;
274	cur = cur->next;
275	context_destroy(&temp->context);
276	kfree(temp);
277	}
278	s->htable[i] = NULL;
279	}
280	kfree(s->htable);
281	s->htable = NULL;
282	s->nel = 0;
283	s->next_sid = 1;
284	}
285
286	void sidtab_set(struct sidtab dst, struct sidtab src)
287	{
288	unsigned long flags;
289
290	SIDTAB_LOCK(src, flags);
291	dst->htable = src->htable;
292	dst->nel = src->nel;
293	dst->next_sid = src->next_sid;
294	dst->shutdown = 0;
295	SIDTAB_UNLOCK(src, flags);
296	}
297
298	void sidtab_shutdown(struct sidtab *s)
299	{
300	unsigned long flags;
301
302	SIDTAB_LOCK(s, flags);
303	s->shutdown = 1;
304	SIDTAB_UNLOCK(s, flags);
305	}