policydb.c has lots of different standards on how to handle return paths on
error. For the most part transition to
rc=errno
if (failure)
goto out;
[...]
out:
cleanup()
return rc;
Instead of doing cleanup mid function, or having multiple returns or other
options. This doesn't do that for every function, but most of the complex
functions which have cleanup routines on error.
Signed-off-by: Eric Paris <eparis@redhat.com>
int rc;
struct role_datum *role;
int rc;
struct role_datum *role;
role = kzalloc(sizeof(*role), GFP_KERNEL);
role = kzalloc(sizeof(*role), GFP_KERNEL);
- if (!role) {
- rc = -ENOMEM;
role->value = ++p->p_roles.nprim;
role->value = ++p->p_roles.nprim;
- if (role->value != OBJECT_R_VAL) {
- rc = -EINVAL;
- goto out_free_role;
- }
+ if (role->value != OBJECT_R_VAL)
+ goto out;
+
+ rc = -ENOMEM;
key = kstrdup(OBJECT_R, GFP_KERNEL);
key = kstrdup(OBJECT_R, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
- goto out_free_role;
- }
+ if (!key)
+ goto out;
+
rc = hashtab_insert(p->p_roles.table, key, role);
if (rc)
rc = hashtab_insert(p->p_roles.table, key, role);
if (rc)
- goto out_free_key;
-out:
- return rc;
}
static u32 rangetr_hash(struct hashtab *h, const void *k)
}
static u32 rangetr_hash(struct hashtab *h, const void *k)
for (i = 0; i < SYM_NUM; i++) {
rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
if (rc)
for (i = 0; i < SYM_NUM; i++) {
rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
if (rc)
}
rc = avtab_init(&p->te_avtab);
if (rc)
}
rc = avtab_init(&p->te_avtab);
if (rc)
rc = roles_init(p);
if (rc)
rc = roles_init(p);
if (rc)
rc = cond_policydb_init(p);
if (rc)
rc = cond_policydb_init(p);
if (rc)
p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
if (!p->range_tr)
p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
if (!p->range_tr)
ebitmap_init(&p->policycaps);
ebitmap_init(&p->permissive_map);
ebitmap_init(&p->policycaps);
ebitmap_init(&p->permissive_map);
- return rc;
-
-out_free_symtab:
for (i = 0; i < SYM_NUM; i++)
hashtab_destroy(p->symtab[i].table);
for (i = 0; i < SYM_NUM; i++)
hashtab_destroy(p->symtab[i].table);
p->p_common_val_to_name =
kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
p->p_common_val_to_name =
kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
- if (!p->p_common_val_to_name) {
- rc = -ENOMEM;
+ if (!p->p_common_val_to_name)
rc = hashtab_map(p->p_commons.table, common_index, p);
if (rc)
goto out;
rc = hashtab_map(p->p_commons.table, common_index, p);
if (rc)
goto out;
p->class_val_to_struct =
kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
p->class_val_to_struct =
kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
- if (!p->class_val_to_struct) {
- rc = -ENOMEM;
+ if (!p->class_val_to_struct)
p->p_class_val_to_name =
kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
p->p_class_val_to_name =
kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
- if (!p->p_class_val_to_name) {
- rc = -ENOMEM;
+ if (!p->p_class_val_to_name)
rc = hashtab_map(p->p_classes.table, class_index, p);
out:
rc = hashtab_map(p->p_classes.table, class_index, p);
out:
*/
static int policydb_index_others(struct policydb *p)
{
*/
static int policydb_index_others(struct policydb *p)
{
printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
symtab_hash_eval(p->symtab);
#endif
symtab_hash_eval(p->symtab);
#endif
p->role_val_to_struct =
kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
GFP_KERNEL);
p->role_val_to_struct =
kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
GFP_KERNEL);
- if (!p->role_val_to_struct) {
- rc = -ENOMEM;
+ if (!p->role_val_to_struct)
p->user_val_to_struct =
kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
GFP_KERNEL);
p->user_val_to_struct =
kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
GFP_KERNEL);
- if (!p->user_val_to_struct) {
- rc = -ENOMEM;
+ if (!p->user_val_to_struct)
p->type_val_to_struct =
kmalloc(p->p_types.nprim * sizeof(*(p->type_val_to_struct)),
GFP_KERNEL);
p->type_val_to_struct =
kmalloc(p->p_types.nprim * sizeof(*(p->type_val_to_struct)),
GFP_KERNEL);
- if (!p->type_val_to_struct) {
- rc = -ENOMEM;
+ if (!p->type_val_to_struct)
- if (cond_init_bool_indexes(p)) {
- rc = -ENOMEM;
+ rc = -ENOMEM;
+ if (cond_init_bool_indexes(p))
for (i = SYM_ROLES; i < SYM_NUM; i++) {
for (i = SYM_ROLES; i < SYM_NUM; i++) {
p->sym_val_to_name[i] =
kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
p->sym_val_to_name[i] =
kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
- if (!p->sym_val_to_name[i]) {
- rc = -ENOMEM;
+ if (!p->sym_val_to_name[i])
rc = hashtab_map(p->symtab[i].table, index_f[i], p);
if (rc)
goto out;
}
rc = hashtab_map(p->symtab[i].table, index_f[i], p);
if (rc)
goto out;
}
struct common_datum *comdatum;
kfree(key);
struct common_datum *comdatum;
kfree(key);
- comdatum = datum;
- hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
- hashtab_destroy(comdatum->permissions.table);
+ if (datum) {
+ comdatum = datum;
+ hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
+ hashtab_destroy(comdatum->permissions.table);
+ }
kfree(datum);
return 0;
}
kfree(datum);
return 0;
}
struct constraint_expr *e, *etmp;
kfree(key);
struct constraint_expr *e, *etmp;
kfree(key);
- cladatum = datum;
- hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
- hashtab_destroy(cladatum->permissions.table);
- constraint = cladatum->constraints;
- while (constraint) {
- e = constraint->expr;
- while (e) {
- ebitmap_destroy(&e->names);
- etmp = e;
- e = e->next;
- kfree(etmp);
+ if (datum) {
+ cladatum = datum;
+ hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
+ hashtab_destroy(cladatum->permissions.table);
+ constraint = cladatum->constraints;
+ while (constraint) {
+ e = constraint->expr;
+ while (e) {
+ ebitmap_destroy(&e->names);
+ etmp = e;
+ e = e->next;
+ kfree(etmp);
+ }
+ ctemp = constraint;
+ constraint = constraint->next;
+ kfree(ctemp);
- ctemp = constraint;
- constraint = constraint->next;
- kfree(ctemp);
- }
-
- constraint = cladatum->validatetrans;
- while (constraint) {
- e = constraint->expr;
- while (e) {
- ebitmap_destroy(&e->names);
- etmp = e;
- e = e->next;
- kfree(etmp);
+
+ constraint = cladatum->validatetrans;
+ while (constraint) {
+ e = constraint->expr;
+ while (e) {
+ ebitmap_destroy(&e->names);
+ etmp = e;
+ e = e->next;
+ kfree(etmp);
+ }
+ ctemp = constraint;
+ constraint = constraint->next;
+ kfree(ctemp);
- ctemp = constraint;
- constraint = constraint->next;
- kfree(ctemp);
- }
- kfree(cladatum->comkey);
+ kfree(cladatum->comkey);
+ }
kfree(datum);
return 0;
}
kfree(datum);
return 0;
}
struct role_datum *role;
kfree(key);
struct role_datum *role;
kfree(key);
- role = datum;
- ebitmap_destroy(&role->dominates);
- ebitmap_destroy(&role->types);
+ if (datum) {
+ role = datum;
+ ebitmap_destroy(&role->dominates);
+ ebitmap_destroy(&role->types);
+ }
kfree(datum);
return 0;
}
kfree(datum);
return 0;
}
struct user_datum *usrdatum;
kfree(key);
struct user_datum *usrdatum;
kfree(key);
- usrdatum = datum;
- ebitmap_destroy(&usrdatum->roles);
- ebitmap_destroy(&usrdatum->range.level[0].cat);
- ebitmap_destroy(&usrdatum->range.level[1].cat);
- ebitmap_destroy(&usrdatum->dfltlevel.cat);
+ if (datum) {
+ usrdatum = datum;
+ ebitmap_destroy(&usrdatum->roles);
+ ebitmap_destroy(&usrdatum->range.level[0].cat);
+ ebitmap_destroy(&usrdatum->range.level[1].cat);
+ ebitmap_destroy(&usrdatum->dfltlevel.cat);
+ }
kfree(datum);
return 0;
}
kfree(datum);
return 0;
}
struct level_datum *levdatum;
kfree(key);
struct level_datum *levdatum;
kfree(key);
- levdatum = datum;
- ebitmap_destroy(&levdatum->level->cat);
- kfree(levdatum->level);
+ if (datum) {
+ levdatum = datum;
+ ebitmap_destroy(&levdatum->level->cat);
+ kfree(levdatum->level);
+ }
kfree(datum);
return 0;
}
kfree(datum);
return 0;
}
head = p->ocontexts[OCON_ISID];
for (c = head; c; c = c->next) {
head = p->ocontexts[OCON_ISID];
for (c = head; c; c = c->next) {
if (!c->context[0].user) {
if (!c->context[0].user) {
- printk(KERN_ERR "SELinux: SID %s was never "
- "defined.\n", c->u.name);
- rc = -EINVAL;
+ printk(KERN_ERR "SELinux: SID %s was never defined.\n",
+ c->u.name);
- if (sidtab_insert(s, c->sid[0], &c->context[0])) {
- printk(KERN_ERR "SELinux: unable to load initial "
- "SID %s.\n", c->u.name);
- rc = -EINVAL;
+
+ rc = sidtab_insert(s, c->sid[0], &c->context[0]);
+ if (rc) {
+ printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
+ c->u.name);
* Role must be authorized for the type.
*/
role = p->role_val_to_struct[c->role - 1];
* Role must be authorized for the type.
*/
role = p->role_val_to_struct[c->role - 1];
- if (!ebitmap_get_bit(&role->types,
- c->type - 1))
+ if (!ebitmap_get_bit(&role->types, c->type - 1))
/* role may not be associated with type */
return 0;
/* role may not be associated with type */
return 0;
- if (!ebitmap_get_bit(&usrdatum->roles,
- c->role - 1))
+ if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
/* user may not be associated with role */
return 0;
}
/* user may not be associated with role */
return 0;
}
int rc;
rc = next_entry(buf, fp, sizeof(u32));
int rc;
rc = next_entry(buf, fp, sizeof(u32));
items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) {
printk(KERN_ERR "SELinux: mls: range overflow\n");
items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) {
printk(KERN_ERR "SELinux: mls: range overflow\n");
rc = next_entry(buf, fp, sizeof(u32) * items);
rc = next_entry(buf, fp, sizeof(u32) * items);
printk(KERN_ERR "SELinux: mls: truncated range\n");
goto out;
}
printk(KERN_ERR "SELinux: mls: truncated range\n");
goto out;
}
r->level[0].sens = le32_to_cpu(buf[0]);
if (items > 1)
r->level[1].sens = le32_to_cpu(buf[1]);
r->level[0].sens = le32_to_cpu(buf[0]);
if (items > 1)
r->level[1].sens = le32_to_cpu(buf[1]);
rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading low "
- "categories\n");
+ printk(KERN_ERR "SELinux: mls: error reading low categories\n");
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading high "
- "categories\n");
+ printk(KERN_ERR "SELinux: mls: error reading high categories\n");
goto bad_high;
}
} else {
goto bad_high;
}
} else {
- rc = 0;
-out:
- return rc;
bad_high:
ebitmap_destroy(&r->level[0].cat);
bad_high:
ebitmap_destroy(&r->level[0].cat);
int rc;
rc = next_entry(buf, fp, sizeof buf);
int rc;
rc = next_entry(buf, fp, sizeof buf);
printk(KERN_ERR "SELinux: context truncated\n");
goto out;
}
printk(KERN_ERR "SELinux: context truncated\n");
goto out;
}
c->role = le32_to_cpu(buf[1]);
c->type = le32_to_cpu(buf[2]);
if (p->policyvers >= POLICYDB_VERSION_MLS) {
c->role = le32_to_cpu(buf[1]);
c->type = le32_to_cpu(buf[2]);
if (p->policyvers >= POLICYDB_VERSION_MLS) {
- if (mls_read_range_helper(&c->range, fp)) {
- printk(KERN_ERR "SELinux: error reading MLS range of "
- "context\n");
- rc = -EINVAL;
+ rc = mls_read_range_helper(&c->range, fp);
+ if (rc) {
+ printk(KERN_ERR "SELinux: error reading MLS range of context\n");
if (!policydb_context_isvalid(p, c)) {
printk(KERN_ERR "SELinux: invalid security context\n");
context_destroy(c);
if (!policydb_context_isvalid(p, c)) {
printk(KERN_ERR "SELinux: invalid security context\n");
context_destroy(c);
perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
- if (!perdatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!perdatum)
+ goto bad;
rc = next_entry(buf, fp, sizeof buf);
rc = next_entry(buf, fp, sizeof buf);
goto bad;
len = le32_to_cpu(buf[0]);
perdatum->value = le32_to_cpu(buf[1]);
goto bad;
len = le32_to_cpu(buf[0]);
perdatum->value = le32_to_cpu(buf[1]);
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, perdatum);
if (rc)
goto bad;
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, perdatum);
if (rc)
goto bad;
bad:
perm_destroy(key, perdatum, NULL);
bad:
perm_destroy(key, perdatum, NULL);
}
static int common_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int common_read(struct policydb *p, struct hashtab *h, void *fp)
comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
- if (!comdatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!comdatum)
+ goto bad;
rc = next_entry(buf, fp, sizeof buf);
rc = next_entry(buf, fp, sizeof buf);
goto bad;
len = le32_to_cpu(buf[0]);
goto bad;
len = le32_to_cpu(buf[0]);
comdatum->permissions.nprim = le32_to_cpu(buf[2]);
nel = le32_to_cpu(buf[3]);
comdatum->permissions.nprim = le32_to_cpu(buf[2]);
nel = le32_to_cpu(buf[3]);
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, comdatum);
if (rc)
goto bad;
rc = hashtab_insert(h, key, comdatum);
if (rc)
goto bad;
bad:
common_destroy(key, comdatum, NULL);
bad:
common_destroy(key, comdatum, NULL);
}
static int read_cons_helper(struct constraint_node **nodep, int ncons,
}
static int read_cons_helper(struct constraint_node **nodep, int ncons,
*nodep = c;
rc = next_entry(buf, fp, (sizeof(u32) * 2));
*nodep = c;
rc = next_entry(buf, fp, (sizeof(u32) * 2));
return rc;
c->permissions = le32_to_cpu(buf[0]);
nexpr = le32_to_cpu(buf[1]);
return rc;
c->permissions = le32_to_cpu(buf[0]);
nexpr = le32_to_cpu(buf[1]);
c->expr = e;
rc = next_entry(buf, fp, (sizeof(u32) * 3));
c->expr = e;
rc = next_entry(buf, fp, (sizeof(u32) * 3));
return rc;
e->expr_type = le32_to_cpu(buf[0]);
e->attr = le32_to_cpu(buf[1]);
return rc;
e->expr_type = le32_to_cpu(buf[0]);
e->attr = le32_to_cpu(buf[1]);
if (depth == (CEXPR_MAXDEPTH - 1))
return -EINVAL;
depth++;
if (depth == (CEXPR_MAXDEPTH - 1))
return -EINVAL;
depth++;
- if (ebitmap_read(&e->names, fp))
- return -EINVAL;
+ rc = ebitmap_read(&e->names, fp);
+ if (rc)
+ return rc;
break;
default:
return -EINVAL;
break;
default:
return -EINVAL;
u32 len, len2, ncons, nel;
int i, rc;
u32 len, len2, ncons, nel;
int i, rc;
cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
- if (!cladatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!cladatum)
+ goto bad;
rc = next_entry(buf, fp, sizeof(u32)*6);
rc = next_entry(buf, fp, sizeof(u32)*6);
goto bad;
len = le32_to_cpu(buf[0]);
goto bad;
len = le32_to_cpu(buf[0]);
ncons = le32_to_cpu(buf[5]);
ncons = le32_to_cpu(buf[5]);
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
if (len2) {
goto bad;
key[len] = '\0';
if (len2) {
cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
- if (!cladatum->comkey) {
- rc = -ENOMEM;
rc = next_entry(cladatum->comkey, fp, len2);
rc = next_entry(cladatum->comkey, fp, len2);
goto bad;
cladatum->comkey[len2] = '\0';
goto bad;
cladatum->comkey[len2] = '\0';
- cladatum->comdatum = hashtab_search(p->p_commons.table,
- cladatum->comkey);
+ rc = -EINVAL;
+ cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
if (!cladatum->comdatum) {
if (!cladatum->comdatum) {
- printk(KERN_ERR "SELinux: unknown common %s\n",
- cladatum->comkey);
- rc = -EINVAL;
+ printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
/* grab the validatetrans rules */
rc = next_entry(buf, fp, sizeof(u32));
if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
/* grab the validatetrans rules */
rc = next_entry(buf, fp, sizeof(u32));
goto bad;
ncons = le32_to_cpu(buf[0]);
rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
goto bad;
ncons = le32_to_cpu(buf[0]);
rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
- rc = 0;
-out:
- return rc;
bad:
cls_destroy(key, cladatum, NULL);
bad:
cls_destroy(key, cladatum, NULL);
}
static int role_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int role_read(struct policydb *p, struct hashtab *h, void *fp)
role = kzalloc(sizeof(*role), GFP_KERNEL);
role = kzalloc(sizeof(*role), GFP_KERNEL);
- if (!role) {
- rc = -ENOMEM;
- goto out;
- }
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
goto bad;
len = le32_to_cpu(buf[0]);
goto bad;
len = le32_to_cpu(buf[0]);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
role->bounds = le32_to_cpu(buf[2]);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
role->bounds = le32_to_cpu(buf[2]);
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
goto bad;
key[len] = '\0';
goto bad;
if (strcmp(key, OBJECT_R) == 0) {
goto bad;
if (strcmp(key, OBJECT_R) == 0) {
if (role->value != OBJECT_R_VAL) {
printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
OBJECT_R, role->value);
if (role->value != OBJECT_R_VAL) {
printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
OBJECT_R, role->value);
rc = hashtab_insert(h, key, role);
if (rc)
goto bad;
rc = hashtab_insert(h, key, role);
if (rc)
goto bad;
bad:
role_destroy(key, role, NULL);
bad:
role_destroy(key, role, NULL);
}
static int type_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int type_read(struct policydb *p, struct hashtab *h, void *fp)
typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
- if (!typdatum) {
- rc = -ENOMEM;
- return rc;
- }
+ if (!typdatum)
+ goto bad;
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 4;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 4;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
goto bad;
len = le32_to_cpu(buf[0]);
goto bad;
len = le32_to_cpu(buf[0]);
typdatum->primary = le32_to_cpu(buf[2]);
}
typdatum->primary = le32_to_cpu(buf[2]);
}
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, typdatum);
if (rc)
goto bad;
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, typdatum);
if (rc)
goto bad;
bad:
type_destroy(key, typdatum, NULL);
bad:
type_destroy(key, typdatum, NULL);
memset(lp, 0, sizeof(*lp));
rc = next_entry(buf, fp, sizeof buf);
memset(lp, 0, sizeof(*lp));
rc = next_entry(buf, fp, sizeof buf);
printk(KERN_ERR "SELinux: mls: truncated level\n");
printk(KERN_ERR "SELinux: mls: truncated level\n");
}
lp->sens = le32_to_cpu(buf[0]);
}
lp->sens = le32_to_cpu(buf[0]);
- if (ebitmap_read(&lp->cat, fp)) {
- printk(KERN_ERR "SELinux: mls: error reading level "
- "categories\n");
- goto bad;
+ rc = ebitmap_read(&lp->cat, fp);
+ if (rc) {
+ printk(KERN_ERR "SELinux: mls: error reading level categories\n");
+ return rc;
-
-bad:
- return -EINVAL;
}
static int user_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int user_read(struct policydb *p, struct hashtab *h, void *fp)
usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
- if (!usrdatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!usrdatum)
+ goto bad;
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
to_read = 3;
rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
goto bad;
len = le32_to_cpu(buf[0]);
goto bad;
len = le32_to_cpu(buf[0]);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
usrdatum->bounds = le32_to_cpu(buf[2]);
if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
usrdatum->bounds = le32_to_cpu(buf[2]);
key = kmalloc(len + 1, GFP_KERNEL);
key = kmalloc(len + 1, GFP_KERNEL);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, usrdatum);
if (rc)
goto bad;
rc = hashtab_insert(h, key, usrdatum);
if (rc)
goto bad;
bad:
user_destroy(key, usrdatum, NULL);
bad:
user_destroy(key, usrdatum, NULL);
}
static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
- if (!levdatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!levdatum)
+ goto bad;
rc = next_entry(buf, fp, sizeof buf);
rc = next_entry(buf, fp, sizeof buf);
goto bad;
len = le32_to_cpu(buf[0]);
levdatum->isalias = le32_to_cpu(buf[1]);
goto bad;
len = le32_to_cpu(buf[0]);
levdatum->isalias = le32_to_cpu(buf[1]);
key = kmalloc(len + 1, GFP_ATOMIC);
key = kmalloc(len + 1, GFP_ATOMIC);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
goto bad;
key[len] = '\0';
levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
- if (!levdatum->level) {
- rc = -ENOMEM;
- }
- if (mls_read_level(levdatum->level, fp)) {
- rc = -EINVAL;
+
+ rc = mls_read_level(levdatum->level, fp);
+ if (rc)
rc = hashtab_insert(h, key, levdatum);
if (rc)
goto bad;
rc = hashtab_insert(h, key, levdatum);
if (rc)
goto bad;
bad:
sens_destroy(key, levdatum, NULL);
bad:
sens_destroy(key, levdatum, NULL);
}
static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
}
static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
- if (!catdatum) {
- rc = -ENOMEM;
- goto out;
- }
+ if (!catdatum)
+ goto bad;
rc = next_entry(buf, fp, sizeof buf);
rc = next_entry(buf, fp, sizeof buf);
goto bad;
len = le32_to_cpu(buf[0]);
catdatum->value = le32_to_cpu(buf[1]);
catdatum->isalias = le32_to_cpu(buf[2]);
goto bad;
len = le32_to_cpu(buf[0]);
catdatum->value = le32_to_cpu(buf[1]);
catdatum->isalias = le32_to_cpu(buf[2]);
key = kmalloc(len + 1, GFP_ATOMIC);
key = kmalloc(len + 1, GFP_ATOMIC);
- if (!key) {
- rc = -ENOMEM;
rc = next_entry(key, fp, len);
rc = next_entry(key, fp, len);
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, catdatum);
if (rc)
goto bad;
goto bad;
key[len] = '\0';
rc = hashtab_insert(h, key, catdatum);
if (rc)
goto bad;
bad:
cat_destroy(key, catdatum, NULL);
bad:
cat_destroy(key, catdatum, NULL);
}
static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
}
static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
rc = policydb_init(p);
if (rc)
rc = policydb_init(p);
if (rc)
/* Read the magic number and string length. */
rc = next_entry(buf, fp, sizeof(u32) * 2);
/* Read the magic number and string length. */
rc = next_entry(buf, fp, sizeof(u32) * 2);
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n",
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n",
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string length %d does not "
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string length %d does not "
len, strlen(POLICYDB_STRING));
goto bad;
}
len, strlen(POLICYDB_STRING));
goto bad;
}
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
"string of length %d\n", len);
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
"string of length %d\n", len);
rc = next_entry(policydb_str, fp, len);
rc = next_entry(policydb_str, fp, len);
printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
kfree(policydb_str);
goto bad;
}
printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
kfree(policydb_str);
goto bad;
}
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string %s does not match "
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string %s does not match "
/* Read the version and table sizes. */
rc = next_entry(buf, fp, sizeof(u32)*4);
/* Read the version and table sizes. */
rc = next_entry(buf, fp, sizeof(u32)*4);
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
p->mls_enabled = 1;
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
p->mls_enabled = 1;
if (p->policyvers < POLICYDB_VERSION_MLS) {
printk(KERN_ERR "SELinux: security policydb version %d "
"(MLS) not backwards compatible\n",
if (p->policyvers < POLICYDB_VERSION_MLS) {
printk(KERN_ERR "SELinux: security policydb version %d "
"(MLS) not backwards compatible\n",
p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
- if (p->policyvers >= POLICYDB_VERSION_POLCAP &&
- ebitmap_read(&p->policycaps, fp) != 0)
- goto bad;
+ if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
+ rc = ebitmap_read(&p->policycaps, fp);
+ if (rc)
+ goto bad;
+ }
- if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
- ebitmap_read(&p->permissive_map, fp) != 0)
- goto bad;
+ if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
+ rc = ebitmap_read(&p->permissive_map, fp);
+ if (rc)
+ goto bad;
+ }
info = policydb_lookup_compat(p->policyvers);
if (!info) {
printk(KERN_ERR "SELinux: unable to find policy compat info "
info = policydb_lookup_compat(p->policyvers);
if (!info) {
printk(KERN_ERR "SELinux: unable to find policy compat info "
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
for (i = 0; i < info->sym_num; i++) {
rc = next_entry(buf, fp, sizeof(u32)*2);
for (i = 0; i < info->sym_num; i++) {
rc = next_entry(buf, fp, sizeof(u32)*2);
goto bad;
nprim = le32_to_cpu(buf[0]);
nel = le32_to_cpu(buf[1]);
goto bad;
nprim = le32_to_cpu(buf[0]);
nel = le32_to_cpu(buf[1]);
}
rc = next_entry(buf, fp, sizeof(u32));
}
rc = next_entry(buf, fp, sizeof(u32));
goto bad;
nel = le32_to_cpu(buf[0]);
ltr = NULL;
for (i = 0; i < nel; i++) {
goto bad;
nel = le32_to_cpu(buf[0]);
ltr = NULL;
for (i = 0; i < nel; i++) {
tr = kzalloc(sizeof(*tr), GFP_KERNEL);
tr = kzalloc(sizeof(*tr), GFP_KERNEL);
- if (!tr) {
- rc = -ENOMEM;
if (ltr)
ltr->next = tr;
else
p->role_tr = tr;
rc = next_entry(buf, fp, sizeof(u32)*3);
if (ltr)
ltr->next = tr;
else
p->role_tr = tr;
rc = next_entry(buf, fp, sizeof(u32)*3);
tr->role = le32_to_cpu(buf[0]);
tr->type = le32_to_cpu(buf[1]);
tr->new_role = le32_to_cpu(buf[2]);
if (!policydb_role_isvalid(p, tr->role) ||
!policydb_type_isvalid(p, tr->type) ||
tr->role = le32_to_cpu(buf[0]);
tr->type = le32_to_cpu(buf[1]);
tr->new_role = le32_to_cpu(buf[2]);
if (!policydb_role_isvalid(p, tr->role) ||
!policydb_type_isvalid(p, tr->type) ||
- !policydb_role_isvalid(p, tr->new_role)) {
- rc = -EINVAL;
+ !policydb_role_isvalid(p, tr->new_role))
ltr = tr;
}
rc = next_entry(buf, fp, sizeof(u32));
ltr = tr;
}
rc = next_entry(buf, fp, sizeof(u32));
goto bad;
nel = le32_to_cpu(buf[0]);
lra = NULL;
for (i = 0; i < nel; i++) {
goto bad;
nel = le32_to_cpu(buf[0]);
lra = NULL;
for (i = 0; i < nel; i++) {
ra = kzalloc(sizeof(*ra), GFP_KERNEL);
ra = kzalloc(sizeof(*ra), GFP_KERNEL);
- if (!ra) {
- rc = -ENOMEM;
if (lra)
lra->next = ra;
else
p->role_allow = ra;
rc = next_entry(buf, fp, sizeof(u32)*2);
if (lra)
lra->next = ra;
else
p->role_allow = ra;
rc = next_entry(buf, fp, sizeof(u32)*2);
ra->role = le32_to_cpu(buf[0]);
ra->new_role = le32_to_cpu(buf[1]);
if (!policydb_role_isvalid(p, ra->role) ||
ra->role = le32_to_cpu(buf[0]);
ra->new_role = le32_to_cpu(buf[1]);
if (!policydb_role_isvalid(p, ra->role) ||
- !policydb_role_isvalid(p, ra->new_role)) {
- rc = -EINVAL;
+ !policydb_role_isvalid(p, ra->new_role))
p->process_class = string_to_security_class(p, "process");
if (!p->process_class)
goto bad;
p->process_class = string_to_security_class(p, "process");
if (!p->process_class)
goto bad;
- p->process_trans_perms = string_to_av_perm(p, p->process_class,
- "transition");
- p->process_trans_perms |= string_to_av_perm(p, p->process_class,
- "dyntransition");
+
+ rc = -EINVAL;
+ p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
+ p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
if (!p->process_trans_perms)
goto bad;
if (!p->process_trans_perms)
goto bad;
- if (!rc)
- rc = -EINVAL;
policydb_destroy(p);
goto out;
}
policydb_destroy(p);
goto out;
}
if (!info) {
printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
"version %d", p->policyvers);
if (!info) {
printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
"version %d", p->policyvers);
}
buf[0] = cpu_to_le32(p->policyvers);
}
buf[0] = cpu_to_le32(p->policyvers);