xref: /linux-6.3-rc2/security/apparmor/policy_unpack.c

562 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules)  in unpack_secmark()  argument
572 		rules->secmark = kcalloc(size, sizeof(struct aa_secmark),  in unpack_secmark()
574 		if (!rules->secmark)  in unpack_secmark()
577 		rules->secmark_count = size;  in unpack_secmark()
580 			if (!unpack_u8(e, &rules->secmark[i].audit, NULL))  in unpack_secmark()
582 			if (!unpack_u8(e, &rules->secmark[i].deny, NULL))  in unpack_secmark()
584 			if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL))  in unpack_secmark()
596 	if (rules->secmark) {  in unpack_secmark()
598 			kfree(rules->secmark[i].label);  in unpack_secmark()
599 		kfree(rules->secmark);  in unpack_secmark()
600 		rules->secmark_count = 0;  in unpack_secmark()
601 		rules->secmark = NULL;  in unpack_secmark()
608 static bool unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules)  in unpack_rlimits()  argument
619 		rules->rlimits.mask = tmp;  in unpack_rlimits()
629 			rules->rlimits.limits[a].rlim_max = tmp2;  in unpack_rlimits()
801 	struct aa_ruleset *rules;  in unpack_profile()  local
840 	rules = list_first_entry(&profile->rules, typeof(*rules), list);  in unpack_profile()
920 	if (!aa_unpack_cap_low(e, &rules->caps.allow, NULL))  in unpack_profile()
922 	if (!aa_unpack_cap_low(e, &rules->caps.audit, NULL))  in unpack_profile()
924 	if (!aa_unpack_cap_low(e, &rules->caps.quiet, NULL))  in unpack_profile()
932 		if (!aa_unpack_cap_high(e, &rules->caps.allow, NULL))  in unpack_profile()
934 		if (!aa_unpack_cap_high(e, &rules->caps.audit, NULL))  in unpack_profile()
936 		if (!aa_unpack_cap_high(e, &rules->caps.quiet, NULL))  in unpack_profile()
947 		if (!aa_unpack_cap_low(e, &rules->caps.extended, NULL))  in unpack_profile()
949 		if (!aa_unpack_cap_high(e, &rules->caps.extended, NULL))  in unpack_profile()
960 	if (!unpack_rlimits(e, rules)) {  in unpack_profile()
965 	if (!unpack_secmark(e, rules)) {  in unpack_profile()
973 		error = unpack_pdb(e, &rules->policy, true, false,  in unpack_profile()
978 		if (aa_dfa_next(rules->policy.dfa, rules->policy.start[0],  in unpack_profile()
980 			rules->policy.start[AA_CLASS_FILE] =  in unpack_profile()
981 			  aa_dfa_next(rules->policy.dfa,  in unpack_profile()
982 				      rules->policy.start[0],  in unpack_profile()
986 		error = aa_compat_map_policy(&rules->policy, e->version);  in unpack_profile()
992 		rules->policy.dfa = aa_get_dfa(nulldfa);  in unpack_profile()
995 	error = unpack_pdb(e, &rules->file, false, true, &info);  in unpack_profile()
998 	} else if (rules->file.dfa) {  in unpack_profile()
999 		error = aa_compat_map_file(&rules->file);  in unpack_profile()
1004 	} else if (rules->policy.dfa &&  in unpack_profile()
1005 		   rules->policy.start[AA_CLASS_FILE]) {  in unpack_profile()
1006 		rules->file.dfa = aa_get_dfa(rules->policy.dfa);  in unpack_profile()
1007 		rules->file.start[AA_CLASS_FILE] = rules->policy.start[AA_CLASS_FILE];  in unpack_profile()
1009 		rules->file.dfa = aa_get_dfa(nulldfa);  in unpack_profile()
1210 	struct aa_ruleset *rules = list_first_entry(&profile->rules,  in verify_profile()  local
1211 						    typeof(*rules), list);  in verify_profile()
1212 	if (!rules)  in verify_profile()
1215 	if ((rules->file.dfa && !verify_dfa_xindex(rules->file.dfa,  in verify_profile()
1216 						  rules->file.trans.size)) ||  in verify_profile()
1217 	    (rules->policy.dfa &&  in verify_profile()
1218 	     !verify_dfa_xindex(rules->policy.dfa, rules->policy.trans.size))) {  in verify_profile()
1224 	if (!verify_perms(&rules->file)) {  in verify_profile()
1229 	if (!verify_perms(&rules->policy)) {  in verify_profile()

Last Index update Sun Aug 20 00:18:20 CST 2023