1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
|
From d2e0d1c07d510529e97b544bb007ff06cf1669e4 Mon Sep 17 00:00:00 2001
From: Rafal Krypa <r.krypa@samsung.com>
Date: Fri, 9 Aug 2013 11:47:07 +0200
Subject: [PATCH 1054/1302] Smack: parse multiple rules per write to load2, up
to PAGE_SIZE-1 bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Smack interface for loading rules has always parsed only single rule from
data written to it. This requires user program to call one write() per
each rule it wants to load.
This change makes it possible to write multiple rules, separated by new
line character. Smack will load at most PAGE_SIZE-1 characters and properly
return number of processed bytes. In case when user buffer is larger, it
will be additionally truncated. All characters after last \n will not get
parsed to avoid partial rule near input buffer boundary.
Change-Id: I81766925a9522fcb811fe3046850cdc45067838a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
---
security/smack/smackfs.c | 167 +++++++++++++++++++++++------------------------
1 file changed, 82 insertions(+), 85 deletions(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index a07e93f..80f4b4a 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -368,56 +368,43 @@ static int smk_parse_rule(const char *data, struct smack_parsed_rule *rule,
* @data: string to be parsed, null terminated
* @rule: Will be filled with Smack parsed rule
* @import: if non-zero, import labels
- * @change: if non-zero, data is from /smack/change-rule
+ * @tokens: numer of substrings expected in data
*
- * Returns 0 on success, -1 on failure
+ * Returns number of processed bytes on success, -1 on failure.
*/
-static int smk_parse_long_rule(const char *data, struct smack_parsed_rule *rule,
- int import, int change)
+static ssize_t smk_parse_long_rule(char *data, struct smack_parsed_rule *rule,
+ int import, int tokens)
{
- char *subject;
- char *object;
- char *access1;
- char *access2;
- int datalen;
- int rc = -1;
+ ssize_t cnt = 0;
+ char *tok[4];
+ int i;
- /* This is inefficient */
- datalen = strlen(data);
+ /*
+ * Parsing the rule in-place, filling all white-spaces with '\0'
+ */
+ for (i = 0; i < tokens; ++i) {
+ while (isspace(data[cnt]))
+ data[cnt++] = '\0';
- /* Our first element can be 64 + \0 with no spaces */
- subject = kzalloc(datalen + 1, GFP_KERNEL);
- if (subject == NULL)
- return -1;
- object = kzalloc(datalen, GFP_KERNEL);
- if (object == NULL)
- goto free_out_s;
- access1 = kzalloc(datalen, GFP_KERNEL);
- if (access1 == NULL)
- goto free_out_o;
- access2 = kzalloc(datalen, GFP_KERNEL);
- if (access2 == NULL)
- goto free_out_a;
-
- if (change) {
- if (sscanf(data, "%s %s %s %s",
- subject, object, access1, access2) == 4)
- rc = smk_fill_rule(subject, object, access1, access2,
- rule, import, 0);
- } else {
- if (sscanf(data, "%s %s %s", subject, object, access1) == 3)
- rc = smk_fill_rule(subject, object, access1, NULL,
- rule, import, 0);
+ if (data[cnt] == '\0')
+ /* Unexpected end of data */
+ return -1;
+
+ tok[i] = data + cnt;
+
+ while (data[cnt] && !isspace(data[cnt]))
+ ++cnt;
}
+ while (isspace(data[cnt]))
+ data[cnt++] = '\0';
- kfree(access2);
-free_out_a:
- kfree(access1);
-free_out_o:
- kfree(object);
-free_out_s:
- kfree(subject);
- return rc;
+ while (i < 4)
+ tok[i++] = NULL;
+
+ if (smk_fill_rule(tok[0], tok[1], tok[2], tok[3], rule, import, 0))
+ return -1;
+
+ return cnt;
}
#define SMK_FIXED24_FMT 0 /* Fixed 24byte label format */
@@ -449,9 +436,10 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
{
struct smack_parsed_rule rule;
char *data;
- int datalen;
- int rc = -EINVAL;
- int load = 0;
+ int rc;
+ int trunc = 0;
+ int tokens;
+ ssize_t cnt = 0;
/*
* No partial writes.
@@ -466,11 +454,14 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
*/
if (count != SMK_OLOADLEN && count != SMK_LOADLEN)
return -EINVAL;
- datalen = SMK_LOADLEN;
- } else
- datalen = count + 1;
+ } else {
+ if (count >= PAGE_SIZE) {
+ count = PAGE_SIZE - 1;
+ trunc = 1;
+ }
+ }
- data = kzalloc(datalen, GFP_KERNEL);
+ data = kmalloc(count + 1, GFP_KERNEL);
if (data == NULL)
return -ENOMEM;
@@ -479,36 +470,49 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
goto out;
}
- if (format == SMK_LONG_FMT) {
- /*
- * Be sure the data string is terminated.
- */
- data[count] = '\0';
- if (smk_parse_long_rule(data, &rule, 1, 0))
- goto out;
- } else if (format == SMK_CHANGE_FMT) {
- data[count] = '\0';
- if (smk_parse_long_rule(data, &rule, 1, 1))
- goto out;
- } else {
- /*
- * More on the minor hack for backward compatibility
- */
- if (count == (SMK_OLOADLEN))
- data[SMK_OLOADLEN] = '-';
- if (smk_parse_rule(data, &rule, 1))
+ /*
+ * In case of parsing only part of user buf,
+ * avoid having partial rule at the data buffer
+ */
+ if (trunc) {
+ while (count > 0 && (data[count - 1] != '\n'))
+ --count;
+ if (count == 0) {
+ rc = -EINVAL;
goto out;
+ }
}
- if (rule_list == NULL) {
- load = 1;
- rule_list = &rule.smk_subject->smk_rules;
- rule_lock = &rule.smk_subject->smk_rules_lock;
+ data[count] = '\0';
+ tokens = (format == SMK_CHANGE_FMT ? 4 : 3);
+ while (cnt < count) {
+ if (format == SMK_FIXED24_FMT) {
+ rc = smk_parse_rule(data, &rule, 1);
+ if (rc != 0) {
+ rc = -EINVAL;
+ goto out;
+ }
+ cnt = count;
+ } else {
+ rc = smk_parse_long_rule(data + cnt, &rule, 1, tokens);
+ if (rc <= 0) {
+ rc = -EINVAL;
+ goto out;
+ }
+ cnt += rc;
+ }
+
+ if (rule_list == NULL)
+ rc = smk_set_access(&rule, &rule.smk_subject->smk_rules,
+ &rule.smk_subject->smk_rules_lock, 1);
+ else
+ rc = smk_set_access(&rule, rule_list, rule_lock, 0);
+
+ if (rc)
+ goto out;
}
- rc = smk_set_access(&rule, rule_list, rule_lock, load);
- if (rc == 0)
- rc = count;
+ rc = cnt;
out:
kfree(data);
return rc;
@@ -1829,7 +1833,6 @@ static ssize_t smk_user_access(struct file *file, const char __user *buf,
{
struct smack_parsed_rule rule;
char *data;
- char *cod;
int res;
data = simple_transaction_get(file, buf, count);
@@ -1842,18 +1845,12 @@ static ssize_t smk_user_access(struct file *file, const char __user *buf,
res = smk_parse_rule(data, &rule, 0);
} else {
/*
- * Copy the data to make sure the string is terminated.
+ * simple_transaction_get() returns null-terminated data
*/
- cod = kzalloc(count + 1, GFP_KERNEL);
- if (cod == NULL)
- return -ENOMEM;
- memcpy(cod, data, count);
- cod[count] = '\0';
- res = smk_parse_long_rule(cod, &rule, 0, 0);
- kfree(cod);
+ res = smk_parse_long_rule(data, &rule, 0, 3);
}
- if (res)
+ if (res < 0)
return -EINVAL;
res = smk_access(rule.smk_subject, rule.smk_object,
--
1.8.3.2
|
