xref: /kernel/linux/linux-6.6/security/apparmor/policy_unpack.c

565 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules)
575 		rules->secmark = kcalloc(size, sizeof(struct aa_secmark),
577 		if (!rules->secmark)
580 		rules->secmark_count = size;
583 			if (!unpack_u8(e, &rules->secmark[i].audit, NULL))
585 			if (!unpack_u8(e, &rules->secmark[i].deny, NULL))
587 			if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL))
599 	if (rules->secmark) {
601 			kfree(rules->secmark[i].label);
602 		kfree(rules->secmark);
603 		rules->secmark_count = 0;
604 		rules->secmark = NULL;
611 static bool unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules)
622 		rules->rlimits.mask = tmp;
632 			rules->rlimits.limits[a].rlim_max = tmp2;
804 	struct aa_ruleset *rules;
847 	rules = list_first_entry(&profile->rules, typeof(*rules), list);
930 	if (!aa_unpack_cap_low(e, &rules->caps.allow, NULL))
932 	if (!aa_unpack_cap_low(e, &rules->caps.audit, NULL))
934 	if (!aa_unpack_cap_low(e, &rules->caps.quiet, NULL))
942 		if (!aa_unpack_cap_high(e, &rules->caps.allow, NULL))
944 		if (!aa_unpack_cap_high(e, &rules->caps.audit, NULL))
946 		if (!aa_unpack_cap_high(e, &rules->caps.quiet, NULL))
957 		if (!aa_unpack_cap_low(e, &rules->caps.extended, NULL))
959 		if (!aa_unpack_cap_high(e, &rules->caps.extended, NULL))
970 	if (!unpack_rlimits(e, rules)) {
975 	if (!unpack_secmark(e, rules)) {
976 		info = "failed to unpack profile secmark rules";
983 		error = unpack_pdb(e, &rules->policy, true, false,
988 		if (aa_dfa_next(rules->policy.dfa, rules->policy.start[0],
990 			rules->policy.start[AA_CLASS_FILE] =
991 			  aa_dfa_next(rules->policy.dfa,
992 				      rules->policy.start[0],
996 		if (!rules->policy.perms) {
997 			error = aa_compat_map_policy(&rules->policy,
1005 		rules->policy.dfa = aa_get_dfa(nulldfa);
1006 		rules->policy.perms = kcalloc(2, sizeof(struct aa_perms),
1008 		if (!rules->policy.perms)
1010 		rules->policy.size = 2;
1012 	/* get file rules */
1013 	error = unpack_pdb(e, &rules->file, false, true, &info);
1016 	} else if (rules->file.dfa) {
1017 		if (!rules->file.perms) {
1018 			error = aa_compat_map_file(&rules->file);
1024 	} else if (rules->policy.dfa &&
1025 		   rules->policy.start[AA_CLASS_FILE]) {
1026 		rules->file.dfa = aa_get_dfa(rules->policy.dfa);
1027 		rules->file.start[AA_CLASS_FILE] = rules->policy.start[AA_CLASS_FILE];
1028 		rules->file.perms = kcalloc(rules->policy.size,
1031 		if (!rules->file.perms)
1033 		memcpy(rules->file.perms, rules->policy.perms,
1034 		       rules->policy.size * sizeof(struct aa_perms));
1035 		rules->file.size = rules->policy.size;
1037 		rules->file.dfa = aa_get_dfa(nulldfa);
1038 		rules->file.perms = kcalloc(2, sizeof(struct aa_perms),
1040 		if (!rules->file.perms)
1042 		rules->file.size = 2;
1244 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
1245 						    typeof(*rules), list);
1246 	if (!rules)
1249 	if ((rules->file.dfa && !verify_dfa_accept_index(rules->file.dfa,
1250 							 rules->file.size)) ||
1251 	    (rules->policy.dfa &&
1252 	     !verify_dfa_accept_index(rules->policy.dfa, rules->policy.size))) {
1258 	if (!verify_perms(&rules->file)) {
1263 	if (!verify_perms(&rules->policy)) {

Indexes created Thu Nov 07 10:32:03 CST 2024