194 lines
3.6 KiB
C
194 lines
3.6 KiB
C
|
/*
|
||
|
* Implementation of the userspace SID hashtable.
|
||
|
*
|
||
|
* Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil>
|
||
|
*/
|
||
|
#include <errno.h>
|
||
|
#include <stdio.h>
|
||
|
#include <stdlib.h>
|
||
|
#include <string.h>
|
||
|
#include "selinux_internal.h"
|
||
|
#include <selinux/avc.h>
|
||
|
#include "avc_sidtab.h"
|
||
|
#include "avc_internal.h"
|
||
|
|
||
|
static inline unsigned sidtab_hash(security_context_t key) {
|
||
|
char *p, *keyp;
|
||
|
unsigned int size;
|
||
|
unsigned int val;
|
||
|
|
||
|
val = 0;
|
||
|
keyp = (char*)key;
|
||
|
size = strlen(keyp);
|
||
|
for (p = keyp; (unsigned int)(p - keyp) < size; p++)
|
||
|
val = (val << 4 | (val >> (8*sizeof(unsigned int)-4))) ^ (*p);
|
||
|
return val & (SIDTAB_SIZE - 1);
|
||
|
}
|
||
|
|
||
|
int sidtab_init(struct sidtab *s)
|
||
|
{
|
||
|
int i, rc = 0;
|
||
|
|
||
|
s->htable = (struct sidtab_node **)avc_malloc
|
||
|
(sizeof(struct sidtab_node *) * SIDTAB_SIZE);
|
||
|
|
||
|
if (!s->htable) {
|
||
|
rc = -1;
|
||
|
goto out;
|
||
|
}
|
||
|
for (i = 0; i < SIDTAB_SIZE; i++)
|
||
|
s->htable[i] = NULL;
|
||
|
s->nel = 0;
|
||
|
out:
|
||
|
return rc;
|
||
|
}
|
||
|
|
||
|
int
|
||
|
sidtab_insert(struct sidtab *s, security_context_t ctx)
|
||
|
{
|
||
|
int hvalue, rc = 0;
|
||
|
struct sidtab_node *newnode;
|
||
|
security_context_t newctx;
|
||
|
|
||
|
newnode = (struct sidtab_node*)avc_malloc(sizeof(*newnode));
|
||
|
if (!newnode) {
|
||
|
rc = -1;
|
||
|
goto out;
|
||
|
}
|
||
|
newctx = (security_context_t)strdup(ctx);
|
||
|
if (!newctx) {
|
||
|
rc = -1;
|
||
|
avc_free(newnode);
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
hvalue = sidtab_hash(newctx);
|
||
|
newnode->next = s->htable[hvalue];
|
||
|
newnode->sid_s.ctx = newctx;
|
||
|
newnode->sid_s.refcnt = 0; /* caller should increment */
|
||
|
s->htable[hvalue] = newnode;
|
||
|
s->nel++;
|
||
|
out:
|
||
|
return rc;
|
||
|
}
|
||
|
|
||
|
void
|
||
|
sidtab_remove(struct sidtab *s, security_id_t sid)
|
||
|
{
|
||
|
int hvalue;
|
||
|
struct sidtab_node *cur, *prev;
|
||
|
|
||
|
hvalue = sidtab_hash(sid->ctx);
|
||
|
cur = s->htable[hvalue];
|
||
|
prev = NULL;
|
||
|
while (cur) {
|
||
|
if (sid == &cur->sid_s) {
|
||
|
if (prev)
|
||
|
prev->next = cur->next;
|
||
|
else
|
||
|
s->htable[hvalue] = cur->next;
|
||
|
avc_free(cur);
|
||
|
s->nel--;
|
||
|
return;
|
||
|
} else {
|
||
|
prev = cur;
|
||
|
cur = cur->next;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
security_id_t
|
||
|
sidtab_claim_sid(struct sidtab *s)
|
||
|
{
|
||
|
int i;
|
||
|
struct sidtab_node *cur;
|
||
|
|
||
|
for (i=0; i < SIDTAB_SIZE; i++) {
|
||
|
cur = s->htable[i];
|
||
|
while (cur) {
|
||
|
if (!cur->sid_s.refcnt)
|
||
|
return &cur->sid_s;
|
||
|
cur = cur->next;
|
||
|
}
|
||
|
}
|
||
|
return NULL;
|
||
|
}
|
||
|
|
||
|
int
|
||
|
sidtab_context_to_sid(struct sidtab *s,
|
||
|
security_context_t ctx,
|
||
|
security_id_t *sid)
|
||
|
{
|
||
|
int hvalue, rc = 0;
|
||
|
struct sidtab_node *cur;
|
||
|
|
||
|
*sid = NULL;
|
||
|
hvalue = sidtab_hash(ctx);
|
||
|
|
||
|
loop:
|
||
|
cur = s->htable[hvalue];
|
||
|
while (cur != NULL && strcmp(cur->sid_s.ctx, ctx))
|
||
|
cur = cur->next;
|
||
|
|
||
|
if (cur == NULL) { /* need to make a new entry */
|
||
|
rc = sidtab_insert(s, ctx);
|
||
|
if (rc)
|
||
|
goto out;
|
||
|
goto loop; /* find the newly inserted node */
|
||
|
}
|
||
|
|
||
|
*sid = &cur->sid_s;
|
||
|
out:
|
||
|
return rc;
|
||
|
}
|
||
|
|
||
|
void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen)
|
||
|
{
|
||
|
int i, chain_len, slots_used, max_chain_len;
|
||
|
struct sidtab_node *cur;
|
||
|
|
||
|
slots_used = 0;
|
||
|
max_chain_len = 0;
|
||
|
for (i = 0; i < SIDTAB_SIZE; i++) {
|
||
|
cur = h->htable[i];
|
||
|
if (cur) {
|
||
|
slots_used++;
|
||
|
chain_len = 0;
|
||
|
while (cur) {
|
||
|
chain_len++;
|
||
|
cur = cur->next;
|
||
|
}
|
||
|
|
||
|
if (chain_len > max_chain_len)
|
||
|
max_chain_len = chain_len;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
snprintf(buf, buflen,
|
||
|
"%s: %d SID entries and %d/%d buckets used, longest "
|
||
|
"chain length %d\n", avc_prefix, h->nel, slots_used,
|
||
|
SIDTAB_SIZE, max_chain_len);
|
||
|
}
|
||
|
|
||
|
void sidtab_destroy(struct sidtab *s)
|
||
|
{
|
||
|
int i;
|
||
|
struct sidtab_node *cur, *temp;
|
||
|
|
||
|
if (!s)
|
||
|
return;
|
||
|
|
||
|
for (i = 0; i < SIDTAB_SIZE; i++) {
|
||
|
cur = s->htable[i];
|
||
|
while (cur != NULL) {
|
||
|
temp = cur;
|
||
|
cur = cur->next;
|
||
|
freecon(temp->sid_s.ctx);
|
||
|
avc_free(temp);
|
||
|
}
|
||
|
s->htable[i] = NULL;
|
||
|
}
|
||
|
avc_free(s->htable);
|
||
|
s->htable = NULL;
|
||
|
}
|