xref: /kernel/linux/linux-5.10/security/selinux/avc.c

156 	struct avc_node *node;
168 			hlist_for_each_entry_rcu(node, head, list)
330 static int avc_add_xperms_decision(struct avc_node *node,
335 	node->ae.xp_node->xp.len++;
340 	list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
355 static int avc_xperms_populate(struct avc_node *node,
379 	node->ae.xp_node = dest;
436 	struct avc_node *node = container_of(rhead, struct avc_node, rhead);
437 	avc_xperms_free(node->ae.xp_node);
438 	kmem_cache_free(avc_node_cachep, node);
442 static void avc_node_delete(struct selinux_avc *avc, struct avc_node *node)
444 	hlist_del_rcu(&node->list);
445 	call_rcu(&node->rhead, avc_node_free);
449 static void avc_node_kill(struct selinux_avc *avc, struct avc_node *node)
451 	avc_xperms_free(node->ae.xp_node);
452 	kmem_cache_free(avc_node_cachep, node);
467 	struct avc_node *node;
483 		hlist_for_each_entry(node, head, list) {
484 			avc_node_delete(avc, node);
502 	struct avc_node *node;
504 	node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT | __GFP_NOWARN);
505 	if (!node)
508 	INIT_HLIST_NODE(&node->list);
516 	return node;
519 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
521 	node->ae.ssid = ssid;
522 	node->ae.tsid = tsid;
523 	node->ae.tclass = tclass;
524 	memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
530 	struct avc_node *node, *ret = NULL;
536 	hlist_for_each_entry_rcu(node, head, list) {
537 		if (ssid == node->ae.ssid &&
538 		    tclass == node->ae.tclass &&
539 		    tsid == node->ae.tsid) {
540 			ret = node;
563 	struct avc_node *node;
566 	node = avc_search_node(avc, ssid, tsid, tclass);
568 	if (node)
569 		return node;
621 	struct avc_node *pos, *node = NULL;
630 	node = avc_alloc_node(avc);
631 	if (!node)
634 	avc_node_populate(node, ssid, tsid, tclass, avd);
635 	if (avc_xperms_populate(node, xp_node)) {
636 		avc_node_kill(avc, node);
648 			avc_node_replace(avc, node, pos);
652 	hlist_add_head_rcu(&node->list, head);
655 	return node;
828  * @xpd: extended_perms_decision to be added to the node
844 	struct avc_node *pos, *node, *orig = NULL;
863 	node = avc_alloc_node(avc);
864 	if (!node) {
889 		avc_node_kill(avc, node);
894 	 * Copy and replace original node.
897 	avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd);
900 		rc = avc_xperms_populate(node, orig->ae.xp_node);
902 			avc_node_kill(avc, node);
909 		node->ae.avd.allowed |= perms;
910 		if (node->ae.xp_node && (flags & AVC_EXTENDED_PERMS))
911 			avc_xperms_allow_perm(node->ae.xp_node, driver, xperm);
915 		node->ae.avd.allowed &= ~perms;
918 		node->ae.avd.auditallow |= perms;
921 		node->ae.avd.auditallow &= ~perms;
924 		node->ae.avd.auditdeny |= perms;
927 		node->ae.avd.auditdeny &= ~perms;
930 		avc_add_xperms_decision(node, xpd);
933 	avc_node_replace(avc, node, orig);
946 	struct avc_node *node;
961 		hlist_for_each_entry(node, head, list)
962 			avc_node_delete(avc, node);
1035  * permissions to an avc node when extended permissions for that node are
1044 	struct avc_node *node;
1062 	node = avc_lookup(state->avc, ssid, tsid, tclass);
1063 	if (unlikely(!node)) {
1064 		node = avc_compute_av(state, ssid, tsid, tclass, &avd, xp_node);
1066 		memcpy(&avd, &node->ae.avd, sizeof(avd));
1067 		xp_node = node->ae.xp_node;
1143 	struct avc_node *node;
1153 	node = avc_lookup(state->avc, ssid, tsid, tclass);
1154 	if (unlikely(!node))
1155 		node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
1157 		memcpy(avd, &node->ae.avd, sizeof(*avd));

Indexes created Thu Nov 07 10:32:03 CST 2024