Lines Matching +full:0 +full:e
57 * @e: buffer position info
60 * Returns: %0 or error
63 const char *name, const char *info, struct aa_ext *e, in audit_iface() argument
68 if (e) in audit_iface()
69 ad.iface.pos = e->pos - e->start; in audit_iface()
106 if (aa_g_hash_policy && memcmp(l->hash, r->hash, aa_hash_size()) != 0) in aa_rawdata_eq()
108 return memcmp(l->data, r->data, r->compressed_size ?: r->size) == 0; in aa_rawdata_eq()
162 VISIBLE_IF_KUNIT bool aa_inbounds(struct aa_ext *e, size_t size) in aa_inbounds() argument
164 return (size <= e->end - e->pos); in aa_inbounds()
170 * @e: serialized data read head (NOT NULL)
175 VISIBLE_IF_KUNIT size_t aa_unpack_u16_chunk(struct aa_ext *e, char **chunk) in aa_unpack_u16_chunk() argument
177 size_t size = 0; in aa_unpack_u16_chunk()
178 void *pos = e->pos; in aa_unpack_u16_chunk()
180 if (!aa_inbounds(e, sizeof(u16))) in aa_unpack_u16_chunk()
182 size = le16_to_cpu(get_unaligned((__le16 *) e->pos)); in aa_unpack_u16_chunk()
183 e->pos += sizeof(__le16); in aa_unpack_u16_chunk()
184 if (!aa_inbounds(e, size)) in aa_unpack_u16_chunk()
186 *chunk = e->pos; in aa_unpack_u16_chunk()
187 e->pos += size; in aa_unpack_u16_chunk()
191 e->pos = pos; in aa_unpack_u16_chunk()
192 return 0; in aa_unpack_u16_chunk()
197 VISIBLE_IF_KUNIT bool aa_unpack_X(struct aa_ext *e, enum aa_code code) in aa_unpack_X() argument
199 if (!aa_inbounds(e, 1)) in aa_unpack_X()
201 if (*(u8 *) e->pos != code) in aa_unpack_X()
203 e->pos++; in aa_unpack_X()
210 * @e: serialized data extent information (NOT NULL)
224 VISIBLE_IF_KUNIT bool aa_unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name) in aa_unpack_nameX() argument
229 void *pos = e->pos; in aa_unpack_nameX()
234 if (aa_unpack_X(e, AA_NAME)) { in aa_unpack_nameX()
236 size_t size = aa_unpack_u16_chunk(e, &tag); in aa_unpack_nameX()
238 if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag))) in aa_unpack_nameX()
246 if (aa_unpack_X(e, code)) in aa_unpack_nameX()
250 e->pos = pos; in aa_unpack_nameX()
255 static bool unpack_u8(struct aa_ext *e, u8 *data, const char *name) in unpack_u8() argument
257 void *pos = e->pos; in unpack_u8()
259 if (aa_unpack_nameX(e, AA_U8, name)) { in unpack_u8()
260 if (!aa_inbounds(e, sizeof(u8))) in unpack_u8()
263 *data = *((u8 *)e->pos); in unpack_u8()
264 e->pos += sizeof(u8); in unpack_u8()
269 e->pos = pos; in unpack_u8()
273 VISIBLE_IF_KUNIT bool aa_unpack_u32(struct aa_ext *e, u32 *data, const char *name) in aa_unpack_u32() argument
275 void *pos = e->pos; in aa_unpack_u32()
277 if (aa_unpack_nameX(e, AA_U32, name)) { in aa_unpack_u32()
278 if (!aa_inbounds(e, sizeof(u32))) in aa_unpack_u32()
281 *data = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in aa_unpack_u32()
282 e->pos += sizeof(u32); in aa_unpack_u32()
287 e->pos = pos; in aa_unpack_u32()
292 VISIBLE_IF_KUNIT bool aa_unpack_u64(struct aa_ext *e, u64 *data, const char *name) in aa_unpack_u64() argument
294 void *pos = e->pos; in aa_unpack_u64()
296 if (aa_unpack_nameX(e, AA_U64, name)) { in aa_unpack_u64()
297 if (!aa_inbounds(e, sizeof(u64))) in aa_unpack_u64()
300 *data = le64_to_cpu(get_unaligned((__le64 *) e->pos)); in aa_unpack_u64()
301 e->pos += sizeof(u64); in aa_unpack_u64()
306 e->pos = pos; in aa_unpack_u64()
311 static bool aa_unpack_cap_low(struct aa_ext *e, kernel_cap_t *data, const char *name) in aa_unpack_cap_low() argument
315 if (!aa_unpack_u32(e, &val, name)) in aa_unpack_cap_low()
321 static bool aa_unpack_cap_high(struct aa_ext *e, kernel_cap_t *data, const char *name) in aa_unpack_cap_high() argument
325 if (!aa_unpack_u32(e, &val, name)) in aa_unpack_cap_high()
331 VISIBLE_IF_KUNIT bool aa_unpack_array(struct aa_ext *e, const char *name, u16 *size) in aa_unpack_array() argument
333 void *pos = e->pos; in aa_unpack_array()
335 if (aa_unpack_nameX(e, AA_ARRAY, name)) { in aa_unpack_array()
336 if (!aa_inbounds(e, sizeof(u16))) in aa_unpack_array()
338 *size = le16_to_cpu(get_unaligned((__le16 *) e->pos)); in aa_unpack_array()
339 e->pos += sizeof(u16); in aa_unpack_array()
344 e->pos = pos; in aa_unpack_array()
349 VISIBLE_IF_KUNIT size_t aa_unpack_blob(struct aa_ext *e, char **blob, const char *name) in aa_unpack_blob() argument
351 void *pos = e->pos; in aa_unpack_blob()
353 if (aa_unpack_nameX(e, AA_BLOB, name)) { in aa_unpack_blob()
355 if (!aa_inbounds(e, sizeof(u32))) in aa_unpack_blob()
357 size = le32_to_cpu(get_unaligned((__le32 *) e->pos)); in aa_unpack_blob()
358 e->pos += sizeof(u32); in aa_unpack_blob()
359 if (aa_inbounds(e, (size_t) size)) { in aa_unpack_blob()
360 *blob = e->pos; in aa_unpack_blob()
361 e->pos += size; in aa_unpack_blob()
367 e->pos = pos; in aa_unpack_blob()
368 return 0; in aa_unpack_blob()
372 VISIBLE_IF_KUNIT int aa_unpack_str(struct aa_ext *e, const char **string, const char *name) in aa_unpack_str() argument
375 size_t size = 0; in aa_unpack_str()
376 void *pos = e->pos; in aa_unpack_str()
378 if (aa_unpack_nameX(e, AA_STRING, name)) { in aa_unpack_str()
379 size = aa_unpack_u16_chunk(e, &src_str); in aa_unpack_str()
382 if (src_str[size - 1] != 0) in aa_unpack_str()
391 e->pos = pos; in aa_unpack_str()
392 return 0; in aa_unpack_str()
396 VISIBLE_IF_KUNIT int aa_unpack_strdup(struct aa_ext *e, char **string, const char *name) in aa_unpack_strdup() argument
399 void *pos = e->pos; in aa_unpack_strdup()
400 int res = aa_unpack_str(e, &tmp, name); in aa_unpack_strdup()
404 return 0; in aa_unpack_strdup()
408 e->pos = pos; in aa_unpack_strdup()
409 return 0; in aa_unpack_strdup()
419 * @e: serialized data extent information (NOT NULL)
424 static struct aa_dfa *unpack_dfa(struct aa_ext *e, int flags) in unpack_dfa() argument
430 size = aa_unpack_blob(e, &blob, "aadfa"); in unpack_dfa()
437 size_t sz = blob - (char *) e->start - in unpack_dfa()
438 ((e->pos - e->start) & 7); in unpack_dfa()
454 * @e: serialized data extent information (NOT NULL)
459 static bool unpack_trans_table(struct aa_ext *e, struct aa_str_table *strs) in unpack_trans_table() argument
461 void *saved_pos = e->pos; in unpack_trans_table()
465 if (aa_unpack_nameX(e, AA_STRUCT, "xtable")) { in unpack_trans_table()
469 if (!aa_unpack_array(e, NULL, &size)) in unpack_trans_table()
483 for (i = 0; i < size; i++) { in unpack_trans_table()
485 int c, j, pos, size2 = aa_unpack_strdup(e, &str, NULL); in unpack_trans_table()
496 /* count internal # of internal \0 */ in unpack_trans_table()
497 for (c = j = 0; j < size2 - 1; j++) { in unpack_trans_table()
507 /* beginning with : requires an embedded \0, in unpack_trans_table()
508 * verify that exactly 1 internal \0 exists in unpack_trans_table()
509 * trailing \0 already verified by aa_unpack_strdup in unpack_trans_table()
511 * convert \0 back to : for label_parse in unpack_trans_table()
518 /* fail - all other cases with embedded \0 */ in unpack_trans_table()
521 if (!aa_unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_trans_table()
523 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_trans_table()
530 e->pos = saved_pos; in unpack_trans_table()
534 static bool unpack_xattrs(struct aa_ext *e, struct aa_profile *profile) in unpack_xattrs() argument
536 void *pos = e->pos; in unpack_xattrs()
538 if (aa_unpack_nameX(e, AA_STRUCT, "xattrs")) { in unpack_xattrs()
542 if (!aa_unpack_array(e, NULL, &size)) in unpack_xattrs()
548 for (i = 0; i < size; i++) { in unpack_xattrs()
549 if (!aa_unpack_strdup(e, &profile->attach.xattrs[i], NULL)) in unpack_xattrs()
552 if (!aa_unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_xattrs()
554 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_xattrs()
561 e->pos = pos; in unpack_xattrs()
565 static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules) in unpack_secmark() argument
567 void *pos = e->pos; in unpack_secmark()
571 if (aa_unpack_nameX(e, AA_STRUCT, "secmark")) { in unpack_secmark()
572 if (!aa_unpack_array(e, NULL, &size)) in unpack_secmark()
582 for (i = 0; i < size; i++) { in unpack_secmark()
583 if (!unpack_u8(e, &rules->secmark[i].audit, NULL)) in unpack_secmark()
585 if (!unpack_u8(e, &rules->secmark[i].deny, NULL)) in unpack_secmark()
587 if (!aa_unpack_strdup(e, &rules->secmark[i].label, NULL)) in unpack_secmark()
590 if (!aa_unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_secmark()
592 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_secmark()
600 for (i = 0; i < size; i++) in unpack_secmark()
603 rules->secmark_count = 0; in unpack_secmark()
607 e->pos = pos; in unpack_secmark()
611 static bool unpack_rlimits(struct aa_ext *e, struct aa_ruleset *rules) in unpack_rlimits() argument
613 void *pos = e->pos; in unpack_rlimits()
616 if (aa_unpack_nameX(e, AA_STRUCT, "rlimits")) { in unpack_rlimits()
619 u32 tmp = 0; in unpack_rlimits()
620 if (!aa_unpack_u32(e, &tmp, NULL)) in unpack_rlimits()
624 if (!aa_unpack_array(e, NULL, &size) || in unpack_rlimits()
627 for (i = 0; i < size; i++) { in unpack_rlimits()
628 u64 tmp2 = 0; in unpack_rlimits()
630 if (!aa_unpack_u64(e, &tmp2, NULL)) in unpack_rlimits()
634 if (!aa_unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_rlimits()
636 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_rlimits()
642 e->pos = pos; in unpack_rlimits()
646 static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm) in unpack_perm() argument
654 return aa_unpack_u32(e, &reserved, NULL) && in unpack_perm()
655 aa_unpack_u32(e, &perm->allow, NULL) && in unpack_perm()
656 aa_unpack_u32(e, &perm->deny, NULL) && in unpack_perm()
657 aa_unpack_u32(e, &perm->subtree, NULL) && in unpack_perm()
658 aa_unpack_u32(e, &perm->cond, NULL) && in unpack_perm()
659 aa_unpack_u32(e, &perm->kill, NULL) && in unpack_perm()
660 aa_unpack_u32(e, &perm->complain, NULL) && in unpack_perm()
661 aa_unpack_u32(e, &perm->prompt, NULL) && in unpack_perm()
662 aa_unpack_u32(e, &perm->audit, NULL) && in unpack_perm()
663 aa_unpack_u32(e, &perm->quiet, NULL) && in unpack_perm()
664 aa_unpack_u32(e, &perm->hide, NULL) && in unpack_perm()
665 aa_unpack_u32(e, &perm->xindex, NULL) && in unpack_perm()
666 aa_unpack_u32(e, &perm->tag, NULL) && in unpack_perm()
667 aa_unpack_u32(e, &perm->label, NULL); in unpack_perm()
670 static ssize_t unpack_perms_table(struct aa_ext *e, struct aa_perms **perms) in unpack_perms_table() argument
672 void *pos = e->pos; in unpack_perms_table()
673 u16 size = 0; in unpack_perms_table()
680 if (aa_unpack_nameX(e, AA_STRUCT, "perms")) { in unpack_perms_table()
684 if (!aa_unpack_u32(e, &version, "version")) in unpack_perms_table()
686 if (!aa_unpack_array(e, NULL, &size)) in unpack_perms_table()
691 for (i = 0; i < size; i++) { in unpack_perms_table()
692 if (!unpack_perm(e, version, &(*perms)[i])) in unpack_perms_table()
695 if (!aa_unpack_nameX(e, AA_ARRAYEND, NULL)) in unpack_perms_table()
697 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_perms_table()
707 e->pos = pos; in unpack_perms_table()
711 static int unpack_pdb(struct aa_ext *e, struct aa_policydb **policy, in unpack_pdb() argument
716 void *pos = e->pos; in unpack_pdb()
724 size = unpack_perms_table(e, &pdb->perms); in unpack_pdb()
725 if (size < 0) { in unpack_pdb()
742 pdb->dfa = unpack_dfa(e, flags); in unpack_pdb()
760 if (!aa_unpack_u32(e, &pdb->start[0], "start")) in unpack_pdb()
762 pdb->start[0] = DFA_START; in unpack_pdb()
763 if (!aa_unpack_u32(e, &pdb->start[AA_CLASS_FILE], "dfa_start")) { in unpack_pdb()
768 pdb->start[i] = aa_dfa_next(pdb->dfa, pdb->start[0], in unpack_pdb()
778 if (!unpack_trans_table(e, &pdb->trans) && required_trans) { in unpack_pdb()
790 return 0; in unpack_pdb()
794 e->pos = pos; in unpack_pdb()
815 * @e: serialized data extent information (NOT NULL)
820 static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) in unpack_profile() argument
827 struct rhashtable_params params = { 0 }; in unpack_profile()
837 if (!aa_unpack_nameX(e, AA_STRUCT, "profile")) in unpack_profile()
839 if (!aa_unpack_str(e, &name, NULL)) in unpack_profile()
841 if (*name == '\0') in unpack_profile()
868 (void) aa_unpack_str(e, &profile->rename, "rename"); in unpack_profile()
871 (void) aa_unpack_str(e, &profile->attach.xmatch_str, "attach"); in unpack_profile()
874 error = unpack_pdb(e, &profile->attach.xmatch, false, false, &info); in unpack_profile()
882 if (!aa_unpack_u32(e, &tmp, NULL)) { in unpack_profile()
898 (void) aa_unpack_strdup(e, &disconnected, "disconnected"); in unpack_profile()
902 if (!aa_unpack_nameX(e, AA_STRUCT, "flags")) { in unpack_profile()
907 if (!aa_unpack_u32(e, &tmp, NULL)) in unpack_profile()
915 if (!aa_unpack_u32(e, &tmp, NULL)) in unpack_profile()
917 if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) { in unpack_profile()
931 if (!aa_unpack_u32(e, &tmp, NULL)) in unpack_profile()
936 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
940 if (aa_unpack_u32(e, &profile->path_flags, "path_flags")) in unpack_profile()
948 if (!aa_unpack_cap_low(e, &rules->caps.allow, NULL)) in unpack_profile()
950 if (!aa_unpack_cap_low(e, &rules->caps.audit, NULL)) in unpack_profile()
952 if (!aa_unpack_cap_low(e, &rules->caps.quiet, NULL)) in unpack_profile()
954 if (!aa_unpack_cap_low(e, &tmpcap, NULL)) in unpack_profile()
958 if (aa_unpack_nameX(e, AA_STRUCT, "caps64")) { in unpack_profile()
960 if (!aa_unpack_cap_high(e, &rules->caps.allow, NULL)) in unpack_profile()
962 if (!aa_unpack_cap_high(e, &rules->caps.audit, NULL)) in unpack_profile()
964 if (!aa_unpack_cap_high(e, &rules->caps.quiet, NULL)) in unpack_profile()
966 if (!aa_unpack_cap_high(e, &tmpcap, NULL)) in unpack_profile()
968 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
973 if (aa_unpack_nameX(e, AA_STRUCT, "capsx")) { in unpack_profile()
975 if (!aa_unpack_cap_low(e, &rules->caps.extended, NULL)) in unpack_profile()
977 if (!aa_unpack_cap_high(e, &rules->caps.extended, NULL)) in unpack_profile()
979 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
983 if (!unpack_xattrs(e, profile)) { in unpack_profile()
988 if (!unpack_rlimits(e, rules)) { in unpack_profile()
993 if (!unpack_secmark(e, rules)) { in unpack_profile()
998 if (aa_unpack_nameX(e, AA_STRUCT, "policydb")) { in unpack_profile()
1001 error = unpack_pdb(e, &rules->policy, true, false, in unpack_profile()
1006 if (aa_dfa_next(rules->policy->dfa, rules->policy->start[0], in unpack_profile()
1010 rules->policy->start[0], in unpack_profile()
1012 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) in unpack_profile()
1016 e->version); in unpack_profile()
1026 error = unpack_pdb(e, &rules->file, false, true, &info); in unpack_profile()
1046 if (aa_unpack_nameX(e, AA_STRUCT, "data")) { in unpack_profile()
1065 while (aa_unpack_strdup(e, &key, NULL)) { in unpack_profile()
1074 data->size = aa_unpack_blob(e, &data->data, NULL); in unpack_profile()
1093 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) { in unpack_profile()
1099 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL)) { in unpack_profile()
1107 if (error == 0) in unpack_profile()
1118 audit_iface(profile, NULL, name, info, e, error); in unpack_profile()
1126 * @e: serialized data read head (NOT NULL)
1130 * Returns: error or 0 if header is good
1132 static int verify_header(struct aa_ext *e, int required, const char **ns) in verify_header() argument
1139 if (!aa_unpack_u32(e, &e->version, "version")) { in verify_header()
1142 e, error); in verify_header()
1151 if (VERSION_LT(e->version, v5) || VERSION_GT(e->version, v9)) { in verify_header()
1153 e, error); in verify_header()
1158 if (aa_unpack_str(e, &name, "namespace")) { in verify_header()
1159 if (*name == '\0') { in verify_header()
1161 e, error); in verify_header()
1165 audit_iface(NULL, NULL, NULL, "invalid ns change", e, in verify_header()
1174 return 0; in verify_header()
1185 for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) { in verify_dfa_accept_index()
1219 for (i = 0; i < pdb->size; i++) { in verify_perms()
1240 * Returns: 0 if passes verification else error
1249 return 0; in verify_profile()
1282 return 0; in verify_profile()
1314 int ret = 0; in compress_zstd()
1373 return 0; in compress_zstd()
1379 AA_BUG(data->compressed_size > 0); in compress_loaddata()
1385 if (aa_g_rawdata_compression_level != 0) { in compress_loaddata()
1398 return 0; in compress_loaddata()
1420 struct aa_ext e = { in aa_unpack() local
1427 while (e.pos < e.end) { in aa_unpack()
1429 error = verify_header(&e, e.pos == e.start, ns); in aa_unpack()
1433 start = e.pos; in aa_unpack()
1434 profile = unpack_profile(&e, &ns_name); in aa_unpack()
1445 error = aa_calc_profile_hash(profile, e.version, start, in aa_unpack()
1446 e.pos - start); in aa_unpack()
1461 udata->abi = e.version & K_ABI_MASK; in aa_unpack()
1476 return 0; in aa_unpack()