Lines Matching +full:data +full:- +full:size
1 // SPDX-License-Identifier: GPL-2.0-only
8 * Copyright (C) 1998-2008 Novell/SUSE
9 * Copyright 2009-2010 Canonical Ltd.
12 * policy format documentation see Documentation/admin-guide/LSM/apparmor.rst
39 if (ad->iface.ns) { in audit_cb()
41 audit_log_untrustedstring(ab, ad->iface.ns); in audit_cb()
43 if (ad->name) { in audit_cb()
45 audit_log_untrustedstring(ab, ad->name); in audit_cb()
47 if (ad->iface.pos) in audit_cb()
48 audit_log_format(ab, " offset=%ld", ad->iface.pos); in audit_cb()
52 * audit_iface - do audit message for policy unpacking/load/replace/remove
69 ad.iface.pos = e->pos - e->start; in audit_iface()
72 ad.name = new->base.hname; in audit_iface()
81 void __aa_loaddata_update(struct aa_loaddata *data, long revision) in __aa_loaddata_update() argument
83 AA_BUG(!data); in __aa_loaddata_update()
84 AA_BUG(!data->ns); in __aa_loaddata_update()
85 AA_BUG(!mutex_is_locked(&data->ns->lock)); in __aa_loaddata_update()
86 AA_BUG(data->revision > revision); in __aa_loaddata_update()
88 data->revision = revision; in __aa_loaddata_update()
89 if ((data->dents[AAFS_LOADDATA_REVISION])) { in __aa_loaddata_update()
92 inode = d_inode(data->dents[AAFS_LOADDATA_DIR]); in __aa_loaddata_update()
95 inode = d_inode(data->dents[AAFS_LOADDATA_REVISION]); in __aa_loaddata_update()
102 if (l->size != r->size) in aa_rawdata_eq()
104 if (l->compressed_size != r->compressed_size) in aa_rawdata_eq()
106 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0) in aa_rawdata_eq()
108 return memcmp(l->data, r->data, r->compressed_size ?: r->size) == 0; in aa_rawdata_eq()
118 struct aa_ns *ns = aa_get_ns(d->ns); in do_loaddata_free()
121 mutex_lock_nested(&ns->lock, ns->level); in do_loaddata_free()
123 mutex_unlock(&ns->lock); in do_loaddata_free()
127 kfree_sensitive(d->hash); in do_loaddata_free()
128 kfree_sensitive(d->name); in do_loaddata_free()
129 kvfree(d->data); in do_loaddata_free()
138 INIT_WORK(&d->work, do_loaddata_free); in aa_loaddata_kref()
139 schedule_work(&d->work); in aa_loaddata_kref()
143 struct aa_loaddata *aa_loaddata_alloc(size_t size) in aa_loaddata_alloc() argument
149 return ERR_PTR(-ENOMEM); in aa_loaddata_alloc()
150 d->data = kvzalloc(size, GFP_KERNEL); in aa_loaddata_alloc()
151 if (!d->data) { in aa_loaddata_alloc()
153 return ERR_PTR(-ENOMEM); in aa_loaddata_alloc()
155 kref_init(&d->count); in aa_loaddata_alloc()
156 INIT_LIST_HEAD(&d->list); in aa_loaddata_alloc()
161 /* test if read will be in packed data bounds */
162 VISIBLE_IF_KUNIT bool aa_inbounds(struct aa_ext *e, size_t size) in aa_inbounds() argument
164 return (size <= e->end - e->pos); in aa_inbounds()
169 * aa_unpack_u16_chunk - test and do bounds checking for a u16 size based chunk
170 * @e: serialized data read head (NOT NULL)
171 * @chunk: start address for chunk of data (NOT NULL)
173 * Returns: the size of chunk found with the read head at the end of the chunk.
177 size_t size = 0; in aa_unpack_u16_chunk() local
178 void *pos = e->pos; in aa_unpack_u16_chunk()
182 size = le16_to_cpu(get_unaligned((__le16 *) e->pos)); in aa_unpack_u16_chunk()
183 e->pos += sizeof(__le16); in aa_unpack_u16_chunk()
184 if (!aa_inbounds(e, size)) in aa_unpack_u16_chunk()
186 *chunk = e->pos; in aa_unpack_u16_chunk()
187 e->pos += size; in aa_unpack_u16_chunk()
188 return size; in aa_unpack_u16_chunk()
191 e->pos = pos; in aa_unpack_u16_chunk()
201 if (*(u8 *) e->pos != code) in aa_unpack_X()
203 e->pos++; in aa_unpack_X()
209 * aa_unpack_nameX - check is the next element is of type X with a name of @name
210 * @e: serialized data extent information (NOT NULL)
214 * check that the next serialized data element is of type X and has a tag
229 void *pos = e->pos; in aa_unpack_nameX()
231 * Check for presence of a tagname, and if present name size in aa_unpack_nameX()
236 size_t size = aa_unpack_u16_chunk(e, &tag); in aa_unpack_nameX() local
238 if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag))) in aa_unpack_nameX()
250 e->pos = pos; in aa_unpack_nameX()
255 static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name) in unpack_u8() argument
257 void *pos = e->pos; in unpack_u8()
262 if (data) in unpack_u8()
263 *data = *((u8 *)e->pos); in unpack_u8()
264 e->pos += sizeof(u8); in unpack_u8()
269 e->pos = pos; in unpack_u8()
273 VISIBLE_IF_KUNIT bool aa_unpack_u32(struct aa_ext *e, u32 *data, const char *name) in aa_unpack_u32() argument
275 void *pos = e->pos; in aa_unpack_u32()
280 if (data) in aa_unpack_u32()
281 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in aa_unpack_u32()
282 e->pos += sizeof(u32); in aa_unpack_u32()
287 e->pos = pos; in aa_unpack_u32()
292 VISIBLE_IF_KUNIT bool aa_unpack_u64(struct aa_ext *e, u64 *data, const char *name) in aa_unpack_u64() argument
294 void *pos = e->pos; in aa_unpack_u64()
299 if (data) in aa_unpack_u64()
300 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos)); in aa_unpack_u64()
301 e->pos += sizeof(u64); in aa_unpack_u64()
306 e->pos = pos; in aa_unpack_u64()
311 static bool aa_unpack_cap_low(struct aa_ext *e, kernel_cap_t *data, const char *name) in aa_unpack_cap_low() argument
317 data->val = val; in aa_unpack_cap_low()
321 static bool aa_unpack_cap_high(struct aa_ext *e, kernel_cap_t *data, const char *name) in aa_unpack_cap_high() argument
327 data->val = (u32)data->val | ((u64)val << 32); in aa_unpack_cap_high()
331 VISIBLE_IF_KUNIT bool aa_unpack_array(struct aa_ext *e, const char *name, u16 *size) in aa_unpack_array() argument
333 void *pos = e->pos; in aa_unpack_array()
338 *size = le16_to_cpu(get_unaligned((__le16 *) e->pos)); in aa_unpack_array()
339 e->pos += sizeof(u16); in aa_unpack_array()
344 e->pos = pos; in aa_unpack_array()
351 void *pos = e->pos; in aa_unpack_blob()
354 u32 size; in aa_unpack_blob() local
357 size = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in aa_unpack_blob()
358 e->pos += sizeof(u32); in aa_unpack_blob()
359 if (aa_inbounds(e, (size_t) size)) { in aa_unpack_blob()
360 *blob = e->pos; in aa_unpack_blob()
361 e->pos += size; in aa_unpack_blob()
362 return size; in aa_unpack_blob()
367 e->pos = pos; in aa_unpack_blob()
375 size_t size = 0; in aa_unpack_str() local
376 void *pos = e->pos; in aa_unpack_str()
379 size = aa_unpack_u16_chunk(e, &src_str); in aa_unpack_str()
380 if (size) { in aa_unpack_str()
381 /* strings are null terminated, length is size - 1 */ in aa_unpack_str()
382 if (src_str[size - 1] != 0) in aa_unpack_str()
386 return size; in aa_unpack_str()
391 e->pos = pos; in aa_unpack_str()
399 void *pos = e->pos; in aa_unpack_strdup()
408 e->pos = pos; in aa_unpack_strdup()
418 * unpack_dfa - unpack a file rule dfa
419 * @e: serialized data extent information (NOT NULL)
427 size_t size; in unpack_dfa() local
430 size = aa_unpack_blob(e, &blob, "aadfa"); in unpack_dfa()
431 if (size) { in unpack_dfa()
437 size_t sz = blob - (char *) e->start - in unpack_dfa()
438 ((e->pos - e->start) & 7); in unpack_dfa()
439 size_t pad = ALIGN(sz, 8) - sz; in unpack_dfa()
442 dfa = aa_dfa_unpack(blob + pad, size - pad, flags); in unpack_dfa()
453 * unpack_trans_table - unpack a profile transition table
454 * @e: serialized data extent information (NOT NULL)
461 void *saved_pos = e->pos; in unpack_trans_table()
466 u16 size; in unpack_trans_table() local
469 if (!aa_unpack_array(e, NULL, &size)) in unpack_trans_table()
473 * an array of 2^16 in size atm so no need in unpack_trans_table()
474 * for size check here in unpack_trans_table()
477 table = kcalloc(size, sizeof(char *), GFP_KERNEL); in unpack_trans_table()
481 strs->table = table; in unpack_trans_table()
482 strs->size = size; in unpack_trans_table()
483 for (i = 0; i < size; i++) { in unpack_trans_table()
497 for (c = j = 0; j < size2 - 1; j++) { in unpack_trans_table()
518 /* fail - all other cases with embedded \0 */ in unpack_trans_table()
530 e->pos = saved_pos; in unpack_trans_table()
536 void *pos = e->pos; in unpack_xattrs()
539 u16 size; in unpack_xattrs() local
542 if (!aa_unpack_array(e, NULL, &size)) in unpack_xattrs()
544 profile->attach.xattr_count = size; in unpack_xattrs()
545 profile->attach.xattrs = kcalloc(size, sizeof(char *), GFP_KERNEL); in unpack_xattrs()
546 if (!profile->attach.xattrs) in unpack_xattrs()
548 for (i = 0; i < size; i++) { in unpack_xattrs()
549 if (!aa_unpack_strdup(e, &profile->attach.xattrs[i], NULL)) in unpack_xattrs()
561 e->pos = pos; in unpack_xattrs()
567 void *pos = e->pos; in unpack_secmark()
568 u16 size; in unpack_secmark() local
572 if (!aa_unpack_array(e, NULL, &size)) in unpack_secmark()
575 rules->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
577 if (!rules->secmark) in unpack_secmark()
580 rules->secmark_count = size; in unpack_secmark()
582 for (i = 0; i < size; i++) { in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
599 if (rules->secmark) { in unpack_secmark()
600 for (i = 0; i < size; i++) in unpack_secmark()
601 kfree(rules->secmark[i].label); in unpack_secmark()
602 kfree(rules->secmark); in unpack_secmark()
603 rules->secmark_count = 0; in unpack_secmark()
604 rules->secmark = NULL; in unpack_secmark()
607 e->pos = pos; in unpack_secmark()
613 void *pos = e->pos; in unpack_rlimits()
617 u16 size; in unpack_rlimits() local
622 rules->rlimits.mask = tmp; in unpack_rlimits()
624 if (!aa_unpack_array(e, NULL, &size) || in unpack_rlimits()
625 size > RLIM_NLIMITS) in unpack_rlimits()
627 for (i = 0; i < size; i++) { in unpack_rlimits()
632 rules->rlimits.limits[a].rlim_max = tmp2; in unpack_rlimits()
642 e->pos = pos; in unpack_rlimits()
655 aa_unpack_u32(e, &perm->allow, NULL) && in unpack_perm()
656 aa_unpack_u32(e, &perm->deny, NULL) && in unpack_perm()
657 aa_unpack_u32(e, &perm->subtree, NULL) && in unpack_perm()
658 aa_unpack_u32(e, &perm->cond, NULL) && in unpack_perm()
659 aa_unpack_u32(e, &perm->kill, NULL) && in unpack_perm()
660 aa_unpack_u32(e, &perm->complain, NULL) && in unpack_perm()
661 aa_unpack_u32(e, &perm->prompt, NULL) && in unpack_perm()
662 aa_unpack_u32(e, &perm->audit, NULL) && in unpack_perm()
663 aa_unpack_u32(e, &perm->quiet, NULL) && in unpack_perm()
664 aa_unpack_u32(e, &perm->hide, NULL) && in unpack_perm()
665 aa_unpack_u32(e, &perm->xindex, NULL) && in unpack_perm()
666 aa_unpack_u32(e, &perm->tag, NULL) && in unpack_perm()
667 aa_unpack_u32(e, &perm->label, NULL); in unpack_perm()
672 void *pos = e->pos; in unpack_perms_table()
673 u16 size = 0; in unpack_perms_table() local
686 if (!aa_unpack_array(e, NULL, &size)) in unpack_perms_table()
688 *perms = kcalloc(size, sizeof(struct aa_perms), GFP_KERNEL); in unpack_perms_table()
691 for (i = 0; i < size; i++) { in unpack_perms_table()
702 return size; in unpack_perms_table()
707 e->pos = pos; in unpack_perms_table()
708 return -EPROTO; in unpack_perms_table()
716 void *pos = e->pos; in unpack_pdb()
717 int i, flags, error = -EPROTO; in unpack_pdb()
718 ssize_t size; in unpack_pdb() local
722 return -ENOMEM; in unpack_pdb()
724 size = unpack_perms_table(e, &pdb->perms); in unpack_pdb()
725 if (size < 0) { in unpack_pdb()
726 error = size; in unpack_pdb()
727 pdb->perms = NULL; in unpack_pdb()
728 *info = "failed to unpack - perms"; in unpack_pdb()
731 pdb->size = size; in unpack_pdb()
733 if (pdb->perms) { in unpack_pdb()
742 pdb->dfa = unpack_dfa(e, flags); in unpack_pdb()
743 if (IS_ERR(pdb->dfa)) { in unpack_pdb()
744 error = PTR_ERR(pdb->dfa); in unpack_pdb()
745 pdb->dfa = NULL; in unpack_pdb()
746 *info = "failed to unpack - dfa"; in unpack_pdb()
748 } else if (!pdb->dfa) { in unpack_pdb()
760 if (!aa_unpack_u32(e, &pdb->start[0], "start")) in unpack_pdb()
762 pdb->start[0] = DFA_START; in unpack_pdb()
763 if (!aa_unpack_u32(e, &pdb->start[AA_CLASS_FILE], "dfa_start")) { in unpack_pdb()
765 pdb->start[AA_CLASS_FILE] = DFA_START; in unpack_pdb()
768 pdb->start[i] = aa_dfa_next(pdb->dfa, pdb->start[0], in unpack_pdb()
778 if (!unpack_trans_table(e, &pdb->trans) && required_trans) { in unpack_pdb()
783 if (!pdb->dfa && pdb->trans.table) in unpack_pdb()
784 aa_free_str_table(&pdb->trans); in unpack_pdb()
794 e->pos = pos; in unpack_pdb()
798 static u32 strhash(const void *data, u32 len, u32 seed) in strhash() argument
800 const char * const *key = data; in strhash()
807 const struct aa_data *data = obj; in datacmp() local
808 const char * const *key = arg->key; in datacmp()
810 return strcmp(data->key, *key); in datacmp()
814 * unpack_profile - unpack a serialized profile
815 * @e: serialized data extent information (NOT NULL)
829 struct aa_data *data; in unpack_profile() local
830 int error = -EPROTO; in unpack_profile()
853 error = -ENOMEM; in unpack_profile()
862 error = -ENOMEM; in unpack_profile()
865 rules = list_first_entry(&profile->rules, typeof(*rules), list); in unpack_profile()
868 (void) aa_unpack_str(e, &profile->rename, "rename"); in unpack_profile()
871 (void) aa_unpack_str(e, &profile->attach.xmatch_str, "attach"); in unpack_profile()
874 error = unpack_pdb(e, &profile->attach.xmatch, false, false, &info); in unpack_profile()
881 if (profile->attach.xmatch->dfa) { in unpack_profile()
886 profile->attach.xmatch_len = tmp; in unpack_profile()
887 profile->attach.xmatch->start[AA_CLASS_XMATCH] = DFA_START; in unpack_profile()
888 if (!profile->attach.xmatch->perms) { in unpack_profile()
889 error = aa_compat_map_xmatch(profile->attach.xmatch); in unpack_profile()
899 profile->disconnected = disconnected; in unpack_profile()
910 profile->label.flags |= FLAG_HAT; in unpack_profile()
912 profile->label.flags |= FLAG_DEBUG1; in unpack_profile()
914 profile->label.flags |= FLAG_DEBUG2; in unpack_profile()
917 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) { in unpack_profile()
918 profile->mode = APPARMOR_COMPLAIN; in unpack_profile()
920 profile->mode = APPARMOR_ENFORCE; in unpack_profile()
922 profile->mode = APPARMOR_KILL; in unpack_profile()
924 profile->mode = APPARMOR_UNCONFINED; in unpack_profile()
925 profile->label.flags |= FLAG_UNCONFINED; in unpack_profile()
927 profile->mode = APPARMOR_USER; in unpack_profile()
934 profile->audit = AUDIT_ALL; in unpack_profile()
940 if (aa_unpack_u32(e, &profile->path_flags, "path_flags")) in unpack_profile()
941 profile->path_flags |= profile->label.flags & in unpack_profile()
945 profile->path_flags = PATH_MEDIATE_DELETED; in unpack_profile()
948 if (!aa_unpack_cap_low(e, &rules->caps.allow, NULL)) in unpack_profile()
950 if (!aa_unpack_cap_low(e, &rules->caps.audit, NULL)) in unpack_profile()
952 if (!aa_unpack_cap_low(e, &rules->caps.quiet, NULL)) in unpack_profile()
960 if (!aa_unpack_cap_high(e, &rules->caps.allow, NULL)) in unpack_profile()
962 if (!aa_unpack_cap_high(e, &rules->caps.audit, NULL)) in unpack_profile()
964 if (!aa_unpack_cap_high(e, &rules->caps.quiet, NULL)) in unpack_profile()
975 if (!aa_unpack_cap_low(e, &rules->caps.extended, NULL)) in unpack_profile()
977 if (!aa_unpack_cap_high(e, &rules->caps.extended, NULL)) in unpack_profile()
999 /* generic policy dfa - optional and may be NULL */ in unpack_profile()
1001 error = unpack_pdb(e, &rules->policy, true, false, in unpack_profile()
1006 if (aa_dfa_next(rules->policy->dfa, rules->policy->start[0], in unpack_profile()
1008 rules->policy->start[AA_CLASS_FILE] = in unpack_profile()
1009 aa_dfa_next(rules->policy->dfa, in unpack_profile()
1010 rules->policy->start[0], in unpack_profile()
1014 if (!rules->policy->perms) { in unpack_profile()
1015 error = aa_compat_map_policy(rules->policy, in unpack_profile()
1016 e->version); in unpack_profile()
1023 rules->policy = aa_get_pdb(nullpdb); in unpack_profile()
1026 error = unpack_pdb(e, &rules->file, false, true, &info); in unpack_profile()
1029 } else if (rules->file->dfa) { in unpack_profile()
1030 if (!rules->file->perms) { in unpack_profile()
1031 error = aa_compat_map_file(rules->file); in unpack_profile()
1037 } else if (rules->policy->dfa && in unpack_profile()
1038 rules->policy->start[AA_CLASS_FILE]) { in unpack_profile()
1039 aa_put_pdb(rules->file); in unpack_profile()
1040 rules->file = aa_get_pdb(rules->policy); in unpack_profile()
1042 aa_put_pdb(rules->file); in unpack_profile()
1043 rules->file = aa_get_pdb(nullpdb); in unpack_profile()
1045 error = -EPROTO; in unpack_profile()
1046 if (aa_unpack_nameX(e, AA_STRUCT, "data")) { in unpack_profile()
1048 profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL); in unpack_profile()
1049 if (!profile->data) { in unpack_profile()
1050 error = -ENOMEM; in unpack_profile()
1060 if (rhashtable_init(profile->data, ¶ms)) { in unpack_profile()
1066 data = kzalloc(sizeof(*data), GFP_KERNEL); in unpack_profile()
1067 if (!data) { in unpack_profile()
1069 error = -ENOMEM; in unpack_profile()
1073 data->key = key; in unpack_profile()
1074 data->size = aa_unpack_blob(e, &data->data, NULL); in unpack_profile()
1075 data->data = kvmemdup(data->data, data->size, GFP_KERNEL); in unpack_profile()
1076 if (data->size && !data->data) { in unpack_profile()
1077 kfree_sensitive(data->key); in unpack_profile()
1078 kfree_sensitive(data); in unpack_profile()
1079 error = -ENOMEM; in unpack_profile()
1083 if (rhashtable_insert_fast(profile->data, &data->head, in unpack_profile()
1084 profile->data->p)) { in unpack_profile()
1085 kvfree_sensitive(data->data, data->size); in unpack_profile()
1086 kfree_sensitive(data->key); in unpack_profile()
1087 kfree_sensitive(data); in unpack_profile()
1088 info = "failed to insert data to table"; in unpack_profile()
1094 info = "failed to unpack end of key, value data table"; in unpack_profile()
1109 error = -EPROTO; in unpack_profile()
1125 * verify_header - unpack serialized stream header
1126 * @e: serialized data read head (NOT NULL)
1128 * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
1134 int error = -EPROTONOSUPPORT; in verify_header()
1139 if (!aa_unpack_u32(e, &e->version, "version")) { in verify_header()
1151 if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v9)) { in verify_header()
1170 return -ENOMEM; in verify_header()
1178 * verify_dfa_accept_index - verify accept indexes are in range of perms table
1180 * @table_size: the permission table size the indexes should be within
1185 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { in verify_dfa_accept_index()
1195 if (perm->allow & perm->deny) in verify_perm()
1197 if (perm->subtree & ~perm->allow) in verify_perm()
1199 if (perm->cond & (perm->allow | perm->deny)) in verify_perm()
1201 if (perm->kill & perm->allow) in verify_perm()
1203 if (perm->complain & (perm->allow | perm->deny)) in verify_perm()
1205 if (perm->prompt & (perm->allow | perm->deny)) in verify_perm()
1207 if (perm->complain & perm->prompt) in verify_perm()
1209 if (perm->hide & perm->allow) in verify_perm()
1219 for (i = 0; i < pdb->size; i++) { in verify_perms()
1220 if (!verify_perm(&pdb->perms[i])) in verify_perms()
1223 if ((pdb->perms[i].xindex & AA_X_TYPE_MASK) == AA_X_TABLE && in verify_perms()
1224 (pdb->perms[i].xindex & AA_X_INDEX_MASK) >= pdb->trans.size) in verify_perms()
1226 if (pdb->perms[i].tag && pdb->perms[i].tag >= pdb->trans.size) in verify_perms()
1228 if (pdb->perms[i].label && in verify_perms()
1229 pdb->perms[i].label >= pdb->trans.size) in verify_perms()
1237 * verify_profile - Do post unpack analysis to verify profile consistency
1246 struct aa_ruleset *rules = list_first_entry(&profile->rules, in verify_profile()
1251 if (rules->file->dfa && !verify_dfa_accept_index(rules->file->dfa, in verify_profile()
1252 rules->file->size)) { in verify_profile()
1255 -EPROTO); in verify_profile()
1256 return -EPROTO; in verify_profile()
1258 if (rules->policy->dfa && in verify_profile()
1259 !verify_dfa_accept_index(rules->policy->dfa, rules->policy->size)) { in verify_profile()
1262 -EPROTO); in verify_profile()
1263 return -EPROTO; in verify_profile()
1266 if (!verify_perms(rules->file)) { in verify_profile()
1268 "Unpack: Invalid perm index", NULL, -EPROTO); in verify_profile()
1269 return -EPROTO; in verify_profile()
1271 if (!verify_perms(rules->policy)) { in verify_profile()
1273 "Unpack: Invalid perm index", NULL, -EPROTO); in verify_profile()
1274 return -EPROTO; in verify_profile()
1276 if (!verify_perms(profile->attach.xmatch)) { in verify_profile()
1278 "Unpack: Invalid perm index", NULL, -EPROTO); in verify_profile()
1279 return -EPROTO; in verify_profile()
1288 aa_put_profile(ent->rename); in aa_load_ent_free()
1289 aa_put_profile(ent->old); in aa_load_ent_free()
1290 aa_put_profile(ent->new); in aa_load_ent_free()
1291 kfree(ent->ns_name); in aa_load_ent_free()
1300 INIT_LIST_HEAD(&ent->list); in aa_load_ent_alloc()
1318 ret = -ENOMEM; in compress_zstd()
1324 ret = -ENOMEM; in compress_zstd()
1330 ret = -EINVAL; in compress_zstd()
1336 ret = -EINVAL; in compress_zstd()
1357 ret = -ENOMEM; in compress_zstd()
1377 static int compress_loaddata(struct aa_loaddata *data) in compress_loaddata() argument
1379 AA_BUG(data->compressed_size > 0); in compress_loaddata()
1386 void *udata = data->data; in compress_loaddata()
1387 int error = compress_zstd(udata, data->size, &data->data, in compress_loaddata()
1388 &data->compressed_size); in compress_loaddata()
1390 data->compressed_size = data->size; in compress_loaddata()
1393 if (udata != data->data) in compress_loaddata()
1396 data->compressed_size = data->size; in compress_loaddata()
1402 * aa_unpack - unpack packed binary profile(s) data loaded from user space
1403 * @udata: user data copied to kmem (NOT NULL)
1407 * Unpack user data and return refcounted allocated profile(s) stored in
1421 .start = udata->data, in aa_unpack()
1422 .end = udata->data + udata->size, in aa_unpack()
1423 .pos = udata->data, in aa_unpack()
1446 e.pos - start); in aa_unpack()
1452 error = -ENOMEM; in aa_unpack()
1456 ent->new = profile; in aa_unpack()
1457 ent->ns_name = ns_name; in aa_unpack()
1459 list_add_tail(&ent->list, lh); in aa_unpack()
1461 udata->abi = e.version & K_ABI_MASK; in aa_unpack()
1463 udata->hash = aa_calc_hash(udata->data, udata->size); in aa_unpack()
1464 if (IS_ERR(udata->hash)) { in aa_unpack()
1465 error = PTR_ERR(udata->hash); in aa_unpack()
1466 udata->hash = NULL; in aa_unpack()
1484 list_del_init(&ent->list); in aa_unpack()