Lines Matching +full:0 +full:e

30 #define K_ABI_MASK 0x3ff
31 #define FORCE_COMPLAIN_FLAG 0x800
100 * @e: buffer position info
103 * Returns: %0 or error
106 const char *name, const char *info, struct aa_ext *e, in audit_iface() argument
111 if (e) in audit_iface()
112 aad(&sa)->iface.pos = e->pos - e->start; in audit_iface()
146 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0) in aa_rawdata_eq()
148 return memcmp(l->data, r->data, r->compressed_size ?: r->size) == 0; in aa_rawdata_eq()
202 static bool inbounds(struct aa_ext *e, size_t size) in inbounds() argument
204 return (size <= e->end - e->pos); in inbounds()
218 * @e: serialized data read head (NOT NULL)
223 static size_t unpack_u16_chunk(struct aa_ext *e, char **chunk) in unpack_u16_chunk() argument
225 size_t size = 0; in unpack_u16_chunk()
226 void *pos = e->pos; in unpack_u16_chunk()
228 if (!inbounds(e, sizeof(u16))) in unpack_u16_chunk()
230 size = le16_to_cpu(get_unaligned((__le16 *) e->pos)); in unpack_u16_chunk()
231 e->pos += sizeof(__le16); in unpack_u16_chunk()
232 if (!inbounds(e, size)) in unpack_u16_chunk()
234 *chunk = e->pos; in unpack_u16_chunk()
235 e->pos += size; in unpack_u16_chunk()
239 e->pos = pos; in unpack_u16_chunk()
240 return 0; in unpack_u16_chunk()
244 static bool unpack_X(struct aa_ext *e, enum aa_code code) in unpack_X() argument
246 if (!inbounds(e, 1)) in unpack_X()
248 if (*(u8 *) e->pos != code) in unpack_X()
250 e->pos++; in unpack_X()
256 * @e: serialized data extent information (NOT NULL)
270 static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) in unpack_nameX() argument
275 void *pos = e->pos; in unpack_nameX()
280 if (unpack_X(e, AA_NAME)) { in unpack_nameX()
282 size_t size = unpack_u16_chunk(e, &tag); in unpack_nameX()
284 if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag))) in unpack_nameX()
292 if (unpack_X(e, code)) in unpack_nameX()
296 e->pos = pos; in unpack_nameX()
300 static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name) in unpack_u8() argument
302 void *pos = e->pos; in unpack_u8()
304 if (unpack_nameX(e, AA_U8, name)) { in unpack_u8()
305 if (!inbounds(e, sizeof(u8))) in unpack_u8()
308 *data = *((u8 *)e->pos); in unpack_u8()
309 e->pos += sizeof(u8); in unpack_u8()
314 e->pos = pos; in unpack_u8()
318 static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) in unpack_u32() argument
320 void *pos = e->pos; in unpack_u32()
322 if (unpack_nameX(e, AA_U32, name)) { in unpack_u32()
323 if (!inbounds(e, sizeof(u32))) in unpack_u32()
326 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in unpack_u32()
327 e->pos += sizeof(u32); in unpack_u32()
332 e->pos = pos; in unpack_u32()
336 static bool unpack_u64(struct aa_ext *e, u64 *data, const char *name) in unpack_u64() argument
338 void *pos = e->pos; in unpack_u64()
340 if (unpack_nameX(e, AA_U64, name)) { in unpack_u64()
341 if (!inbounds(e, sizeof(u64))) in unpack_u64()
344 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos)); in unpack_u64()
345 e->pos += sizeof(u64); in unpack_u64()
350 e->pos = pos; in unpack_u64()
354 static size_t unpack_array(struct aa_ext *e, const char *name) in unpack_array() argument
356 void *pos = e->pos; in unpack_array()
358 if (unpack_nameX(e, AA_ARRAY, name)) { in unpack_array()
360 if (!inbounds(e, sizeof(u16))) in unpack_array()
362 size = (int)le16_to_cpu(get_unaligned((__le16 *) e->pos)); in unpack_array()
363 e->pos += sizeof(u16); in unpack_array()
368 e->pos = pos; in unpack_array()
369 return 0; in unpack_array()
372 static size_t unpack_blob(struct aa_ext *e, char **blob, const char *name) in unpack_blob() argument
374 void *pos = e->pos; in unpack_blob()
376 if (unpack_nameX(e, AA_BLOB, name)) { in unpack_blob()
378 if (!inbounds(e, sizeof(u32))) in unpack_blob()
380 size = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in unpack_blob()
381 e->pos += sizeof(u32); in unpack_blob()
382 if (inbounds(e, (size_t) size)) { in unpack_blob()
383 *blob = e->pos; in unpack_blob()
384 e->pos += size; in unpack_blob()
390 e->pos = pos; in unpack_blob()
391 return 0; in unpack_blob()
394 static int unpack_str(struct aa_ext *e, const char **string, const char *name) in unpack_str() argument
397 size_t size = 0; in unpack_str()
398 void *pos = e->pos; in unpack_str()
400 if (unpack_nameX(e, AA_STRING, name)) { in unpack_str()
401 size = unpack_u16_chunk(e, &src_str); in unpack_str()
404 if (src_str[size - 1] != 0) in unpack_str()
413 e->pos = pos; in unpack_str()
414 return 0; in unpack_str()
417 static int unpack_strdup(struct aa_ext *e, char **string, const char *name) in unpack_strdup() argument
420 void *pos = e->pos; in unpack_strdup()
421 int res = unpack_str(e, &tmp, name); in unpack_strdup()
425 return 0; in unpack_strdup()
429 e->pos = pos; in unpack_strdup()
430 return 0; in unpack_strdup()
439 * @e: serialized data extent information (NOT NULL)
443 static struct aa_dfa *unpack_dfa(struct aa_ext *e) in unpack_dfa() argument
449 size = unpack_blob(e, &blob, "aadfa"); in unpack_dfa()
456 size_t sz = blob - (char *) e->start - in unpack_dfa()
457 ((e->pos - e->start) & 7); in unpack_dfa()
475 * @e: serialized data extent information (NOT NULL)
480 static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile) in unpack_trans_table() argument
482 void *saved_pos = e->pos; in unpack_trans_table()
485 if (unpack_nameX(e, AA_STRUCT, "xtable")) { in unpack_trans_table()
488 size = unpack_array(e, NULL); in unpack_trans_table()
489 /* currently 4 exec bits and entries 0-3 are reserved iupcx */ in unpack_trans_table()
498 for (i = 0; i < size; i++) { in unpack_trans_table()
500 int c, j, pos, size2 = unpack_strdup(e, &str, NULL); in unpack_trans_table()
511 /* count internal # of internal \0 */ in unpack_trans_table()
512 for (c = j = 0; j < size2 - 1; j++) { in unpack_trans_table()
522 /* beginning with : requires an embedded \0, in unpack_trans_table()
523 * verify that exactly 1 internal \0 exists in unpack_trans_table()
524 * trailing \0 already verified by unpack_strdup in unpack_trans_table()
526 * convert \0 back to : for label_parse in unpack_trans_table()
533 /* fail - all other cases with embedded \0 */ in unpack_trans_table()
536 if (!unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_trans_table()
538 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_trans_table()
545 e->pos = saved_pos; in unpack_trans_table()
549 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) in unpack_xattrs() argument
551 void *pos = e->pos; in unpack_xattrs()
553 if (unpack_nameX(e, AA_STRUCT, "xattrs")) { in unpack_xattrs()
556 size = unpack_array(e, NULL); in unpack_xattrs()
561 for (i = 0; i < size; i++) { in unpack_xattrs()
562 if (!unpack_strdup(e, &profile->xattrs[i], NULL)) in unpack_xattrs()
565 if (!unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_xattrs()
567 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_xattrs()
574 e->pos = pos; in unpack_xattrs()
578 static bool unpack_secmark(struct aa_ext *e, struct aa_profile *profile) in unpack_secmark() argument
580 void *pos = e->pos; in unpack_secmark()
583 if (unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark()
584 size = unpack_array(e, NULL); in unpack_secmark()
593 for (i = 0; i < size; i++) { in unpack_secmark()
594 if (!unpack_u8(e, &profile->secmark[i].audit, NULL)) in unpack_secmark()
596 if (!unpack_u8(e, &profile->secmark[i].deny, NULL)) in unpack_secmark()
598 if (!unpack_strdup(e, &profile->secmark[i].label, NULL)) in unpack_secmark()
601 if (!unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_secmark()
603 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_secmark()
611 for (i = 0; i < size; i++) in unpack_secmark()
614 profile->secmark_count = 0; in unpack_secmark()
618 e->pos = pos; in unpack_secmark()
622 static bool unpack_rlimits(struct aa_ext *e, struct aa_profile *profile) in unpack_rlimits() argument
624 void *pos = e->pos; in unpack_rlimits()
627 if (unpack_nameX(e, AA_STRUCT, "rlimits")) { in unpack_rlimits()
629 u32 tmp = 0; in unpack_rlimits()
630 if (!unpack_u32(e, &tmp, NULL)) in unpack_rlimits()
634 size = unpack_array(e, NULL); in unpack_rlimits()
637 for (i = 0; i < size; i++) { in unpack_rlimits()
638 u64 tmp2 = 0; in unpack_rlimits()
640 if (!unpack_u64(e, &tmp2, NULL)) in unpack_rlimits()
644 if (!unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_rlimits()
646 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_rlimits()
652 e->pos = pos; in unpack_rlimits()
673 * @e: serialized data extent information (NOT NULL)
678 static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) in unpack_profile() argument
684 struct rhashtable_params params = { 0 }; in unpack_profile()
694 if (!unpack_nameX(e, AA_STRUCT, "profile")) in unpack_profile()
696 if (!unpack_str(e, &name, NULL)) in unpack_profile()
698 if (*name == '\0') in unpack_profile()
716 (void) unpack_str(e, &profile->rename, "rename"); in unpack_profile()
719 (void) unpack_str(e, &profile->attach, "attach"); in unpack_profile()
722 profile->xmatch = unpack_dfa(e); in unpack_profile()
731 if (!unpack_u32(e, &tmp, NULL)) { in unpack_profile()
739 (void) unpack_str(e, &profile->disconnected, "disconnected"); in unpack_profile()
742 if (!unpack_nameX(e, AA_STRUCT, "flags")) { in unpack_profile()
747 if (!unpack_u32(e, &tmp, NULL)) in unpack_profile()
755 if (!unpack_u32(e, &tmp, NULL)) in unpack_profile()
757 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) { in unpack_profile()
769 if (!unpack_u32(e, &tmp, NULL)) in unpack_profile()
774 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
778 if (unpack_u32(e, &profile->path_flags, "path_flags")) in unpack_profile()
786 if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL)) in unpack_profile()
788 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
790 if (!unpack_u32(e, &(profile->caps.quiet.cap[0]), NULL)) in unpack_profile()
792 if (!unpack_u32(e, &tmpcap.cap[0], NULL)) in unpack_profile()
796 if (unpack_nameX(e, AA_STRUCT, "caps64")) { in unpack_profile()
798 if (!unpack_u32(e, &(profile->caps.allow.cap[1]), NULL)) in unpack_profile()
800 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
802 if (!unpack_u32(e, &(profile->caps.quiet.cap[1]), NULL)) in unpack_profile()
804 if (!unpack_u32(e, &(tmpcap.cap[1]), NULL)) in unpack_profile()
806 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
811 if (unpack_nameX(e, AA_STRUCT, "capsx")) { in unpack_profile()
813 if (!unpack_u32(e, &(profile->caps.extended.cap[0]), NULL)) in unpack_profile()
815 if (!unpack_u32(e, &(profile->caps.extended.cap[1]), NULL)) in unpack_profile()
817 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
821 if (!unpack_xattrs(e, profile)) { in unpack_profile()
826 if (!unpack_rlimits(e, profile)) { in unpack_profile()
831 if (!unpack_secmark(e, profile)) { in unpack_profile()
836 if (unpack_nameX(e, AA_STRUCT, "policydb")) { in unpack_profile()
839 profile->policy.dfa = unpack_dfa(e); in unpack_profile()
848 if (!unpack_u32(e, &profile->policy.start[0], "start")) in unpack_profile()
850 profile->policy.start[0] = DFA_START; in unpack_profile()
855 profile->policy.start[0], in unpack_profile()
858 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
864 profile->file.dfa = unpack_dfa(e); in unpack_profile()
871 if (!unpack_u32(e, &profile->file.start, "dfa_start")) in unpack_profile()
881 if (!unpack_trans_table(e, profile)) { in unpack_profile()
886 if (unpack_nameX(e, AA_STRUCT, "data")) { in unpack_profile()
904 while (unpack_strdup(e, &key, NULL)) { in unpack_profile()
912 data->size = unpack_blob(e, &data->data, NULL); in unpack_profile()
924 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) { in unpack_profile()
930 if (!unpack_nameX(e, AA_STRUCTEND, NULL)) { in unpack_profile()
942 audit_iface(profile, NULL, name, info, e, error); in unpack_profile()
950 * @e: serialized data read head (NOT NULL)
954 * Returns: error or 0 if header is good
956 static int verify_header(struct aa_ext *e, int required, const char **ns) in verify_header() argument
963 if (!unpack_u32(e, &e->version, "version")) { in verify_header()
966 e, error); in verify_header()
975 if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v7)) { in verify_header()
977 e, error); in verify_header()
982 if (unpack_str(e, &name, "namespace")) { in verify_header()
983 if (*name == '\0') { in verify_header()
985 e, error); in verify_header()
989 audit_iface(NULL, NULL, NULL, "invalid ns change", e, in verify_header()
998 return 0; in verify_header()
1015 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { in verify_dfa_xindex()
1028 * Returns: 0 if passes verification else error
1040 return 0; in verify_profile()
1071 memset(&strm, 0, sizeof(strm)); in deflate_compress()
1104 error = 0; in deflate_compress()
1139 return 0; in deflate_compress()
1146 AA_BUG(data->compressed_size > 0); in compress_loaddata()
1152 if (aa_g_rawdata_compression_level != 0) { in compress_loaddata()
1164 return 0; in compress_loaddata()
1185 struct aa_ext e = { in aa_unpack() local
1192 while (e.pos < e.end) { in aa_unpack()
1195 error = verify_header(&e, e.pos == e.start, ns); in aa_unpack()
1199 start = e.pos; in aa_unpack()
1200 profile = unpack_profile(&e, &ns_name); in aa_unpack()
1211 error = aa_calc_profile_hash(profile, e.version, start, in aa_unpack()
1212 e.pos - start); in aa_unpack()
1226 udata->abi = e.version & K_ABI_MASK; in aa_unpack()
1241 return 0; in aa_unpack()