xref: /kernel/linux/linux-5.10/security/safesetid/securityfs.c

72 	struct setid_ruleset *pol =
78 	hash_for_each_safe(pol->rules, bucket, tmp, rule, next)
80 	kfree(pol->policy_str);
81 	kfree(pol);
84 static void release_ruleset(struct setid_ruleset *pol){
85 	call_rcu(&pol->rcu, __release_ruleset);
88 static void insert_rule(struct setid_ruleset *pol, struct setid_rule *rule)
90 	if (pol->type == UID)
91 		hash_add(pol->rules, &rule->next, __kuid_val(rule->src_id.uid));
92 	else if (pol->type == GID)
93 		hash_add(pol->rules, &rule->next, __kgid_val(rule->src_id.gid));
94 	else /* Error, pol->type is neither UID or GID */
98 static int verify_ruleset(struct setid_ruleset *pol)
104 	hash_for_each(pol->rules, bucket, rule, next) {
105 		if (_setid_policy_lookup(pol, rule->dst_id, INVALID_ID) == SIDPOL_DEFAULT) {
106 			if (pol->type == UID) {
110 			} else if (pol->type == GID) {
114 			} else { /* pol->type is an invalid type */
124 			if (pol->type == UID){
128 			} else { /* pol->type must be GID if we've made it to here */
133 			insert_rule(pol, nrule);
142 	struct setid_ruleset *pol;
146 	pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL);
147 	if (!pol)
149 	pol->policy_str = NULL;
150 	pol->type = policy_type;
151 	hash_init(pol->rules);
158 	pol->policy_str = kstrdup(buf, GFP_KERNEL);
159 	if (pol->policy_str == NULL) {
186 		if (_setid_policy_lookup(pol, rule->src_id, rule->dst_id) == SIDPOL_ALLOWED) {
192 		insert_rule(pol, rule);
201 	err = verify_ruleset(pol);
213 		pol = rcu_replace_pointer(safesetid_setuid_rules, pol,
218 		pol = rcu_replace_pointer(safesetid_setgid_rules, pol,
230 	if (pol)
231 		release_ruleset(pol);
267 	struct setid_ruleset *pol;
271 	pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock));
272 	if (pol) {
273 		kbuf = pol->policy_str;

Indexes created Thu Nov 07 10:32:03 CST 2024