xref: /kernel/linux/linux-6.6/security/selinux/avc.c

154 	struct avc_node *node;
166 			hlist_for_each_entry_rcu(node, head, list)
328 static int avc_add_xperms_decision(struct avc_node *node,
333 	node->ae.xp_node->xp.len++;
338 	list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
353 static int avc_xperms_populate(struct avc_node *node,
377 	node->ae.xp_node = dest;
433 	struct avc_node *node = container_of(rhead, struct avc_node, rhead);
434 	avc_xperms_free(node->ae.xp_node);
435 	kmem_cache_free(avc_node_cachep, node);
439 static void avc_node_delete(struct avc_node *node)
441 	hlist_del_rcu(&node->list);
442 	call_rcu(&node->rhead, avc_node_free);
446 static void avc_node_kill(struct avc_node *node)
448 	avc_xperms_free(node->ae.xp_node);
449 	kmem_cache_free(avc_node_cachep, node);
463 	struct avc_node *node;
479 		hlist_for_each_entry(node, head, list) {
480 			avc_node_delete(node);
498 	struct avc_node *node;
500 	node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT | __GFP_NOWARN);
501 	if (!node)
504 	INIT_HLIST_NODE(&node->list);
512 	return node;
515 static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd)
517 	node->ae.ssid = ssid;
518 	node->ae.tsid = tsid;
519 	node->ae.tclass = tclass;
520 	memcpy(&node->ae.avd, avd, sizeof(node->ae.avd));
525 	struct avc_node *node, *ret = NULL;
531 	hlist_for_each_entry_rcu(node, head, list) {
532 		if (ssid == node->ae.ssid &&
533 		    tclass == node->ae.tclass &&
534 		    tsid == node->ae.tsid) {
535 			ret = node;
557 	struct avc_node *node;
560 	node = avc_search_node(ssid, tsid, tclass);
562 	if (node)
563 		return node;
611 	struct avc_node *pos, *node = NULL;
620 	node = avc_alloc_node();
621 	if (!node)
624 	avc_node_populate(node, ssid, tsid, tclass, avd);
625 	if (avc_xperms_populate(node, xp_node)) {
626 		avc_node_kill(node);
638 			avc_node_replace(node, pos);
642 	hlist_add_head_rcu(&node->list, head);
823  * @xpd: extended_perms_decision to be added to the node
839 	struct avc_node *pos, *node, *orig = NULL;
843 	node = avc_alloc_node();
844 	if (!node) {
869 		avc_node_kill(node);
874 	 * Copy and replace original node.
877 	avc_node_populate(node, ssid, tsid, tclass, &orig->ae.avd);
880 		rc = avc_xperms_populate(node, orig->ae.xp_node);
882 			avc_node_kill(node);
889 		node->ae.avd.allowed |= perms;
890 		if (node->ae.xp_node && (flags & AVC_EXTENDED_PERMS))
891 			avc_xperms_allow_perm(node->ae.xp_node, driver, xperm);
895 		node->ae.avd.allowed &= ~perms;
898 		node->ae.avd.auditallow |= perms;
901 		node->ae.avd.auditallow &= ~perms;
904 		node->ae.avd.auditdeny |= perms;
907 		node->ae.avd.auditdeny &= ~perms;
910 		avc_add_xperms_decision(node, xpd);
913 	avc_node_replace(node, orig);
926 	struct avc_node *node;
941 		hlist_for_each_entry(node, head, list)
942 			avc_node_delete(node);
979  * @xp_node: AVC extended permissions node
1013  * permissions to an avc node when extended permissions for that node are
1021 	struct avc_node *node;
1039 	node = avc_lookup(ssid, tsid, tclass);
1040 	if (unlikely(!node)) {
1043 		memcpy(&avd, &node->ae.avd, sizeof(avd));
1044 		xp_node = node->ae.xp_node;
1103  * This is the "we have no node" part of avc_has_perm_noaudit(), which is
1104  * unlikely and needs extra stack space for the new node that we generate, so
1148 	struct avc_node *node;
1154 	node = avc_lookup(ssid, tsid, tclass);
1155 	if (unlikely(!node)) {
1160 	denied = requested & ~node->ae.avd.allowed;
1161 	memcpy(avd, &node->ae.avd, sizeof(*avd));

Indexes created Thu Nov 07 10:32:03 CST 2024