/* Author: Karl MacMillan <kmacmillan@tresys.com>
* Jason Tang <jtang@tresys.com>
* Chris PeBenito <cpebenito@tresys.com>
*
* Copyright (C) 2004-2005 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "policydb_internal.h"
#include "module_internal.h"
#include <sepol/policydb/link.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/module.h>
#include "debug.h"
#include "private.h"
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#define SEPOL_PACKAGE_SECTION_FC 0xf97cff90
#define SEPOL_PACKAGE_SECTION_SEUSER 0x97cff91
#define SEPOL_PACKAGE_SECTION_USER_EXTRA 0x97cff92
#define SEPOL_PACKAGE_SECTION_NETFILTER 0x97cff93
static int policy_file_seek(struct policy_file *fp, size_t offset)
{
switch (fp->type) {
case PF_USE_STDIO:
if (offset > LONG_MAX) {
errno = EFAULT;
return -1;
}
return fseek(fp->fp, (long)offset, SEEK_SET);
case PF_USE_MEMORY:
if (offset > fp->size) {
errno = EFAULT;
return -1;
}
fp->data -= fp->size - fp->len;
fp->data += offset;
fp->len = fp->size - offset;
return 0;
default:
return 0;
}
}
static int policy_file_length(struct policy_file *fp, size_t *out)
{
long prev_offset, end_offset;
int rc;
switch (fp->type) {
case PF_USE_STDIO:
prev_offset = ftell(fp->fp);
if (prev_offset < 0)
return prev_offset;
rc = fseek(fp->fp, 0L, SEEK_END);
if (rc < 0)
return rc;
end_offset = ftell(fp->fp);
if (end_offset < 0)
return end_offset;
rc = fseek(fp->fp, prev_offset, SEEK_SET);
if (rc < 0)
return rc;
*out = end_offset;
break;
case PF_USE_MEMORY:
*out = fp->size;
break;;
default:
*out = 0;
break;
}
return 0;
}
static int module_package_init(sepol_module_package_t * p)
{
memset(p, 0, sizeof(sepol_module_package_t));
if (sepol_policydb_create(&p->policy))
return -1;
p->version = 1;
return 0;
}
static int set_char(char **field, char *data, size_t len)
{
if (*field) {
free(*field);
*field = NULL;
}
if (len) {
*field = malloc(len);
if (!*field)
return -1;
memcpy(*field, data, len);
}
return 0;
}
int sepol_module_package_create(sepol_module_package_t ** p)
{
int rc;
*p = calloc(1, sizeof(sepol_module_package_t));
if (!(*p))
return -1;
rc = module_package_init(*p);
if (rc < 0)
free(*p);
return rc;
}
hidden_def(sepol_module_package_create)
/* Deallocates all memory associated with a module package, including
* the pointer itself. Does nothing if p is NULL.
*/
void sepol_module_package_free(sepol_module_package_t * p)
{
if (p == NULL)
return;
sepol_policydb_free(p->policy);
free(p->file_contexts);
free(p->seusers);
free(p->user_extra);
free(p->netfilter_contexts);
free(p);
}
hidden_def(sepol_module_package_free)
char *sepol_module_package_get_file_contexts(sepol_module_package_t * p)
{
return p->file_contexts;
}
size_t sepol_module_package_get_file_contexts_len(sepol_module_package_t * p)
{
return p->file_contexts_len;
}
char *sepol_module_package_get_seusers(sepol_module_package_t * p)
{
return p->seusers;
}
size_t sepol_module_package_get_seusers_len(sepol_module_package_t * p)
{
return p->seusers_len;
}
char *sepol_module_package_get_user_extra(sepol_module_package_t * p)
{
return p->user_extra;
}
size_t sepol_module_package_get_user_extra_len(sepol_module_package_t * p)
{
return p->user_extra_len;
}
char *sepol_module_package_get_netfilter_contexts(sepol_module_package_t * p)
{
return p->netfilter_contexts;
}
size_t sepol_module_package_get_netfilter_contexts_len(sepol_module_package_t *
p)
{
return p->netfilter_contexts_len;
}
int sepol_module_package_set_file_contexts(sepol_module_package_t * p,
char *data, size_t len)
{
if (set_char(&p->file_contexts, data, len))
return -1;
p->file_contexts_len = len;
return 0;
}
int sepol_module_package_set_seusers(sepol_module_package_t * p,
char *data, size_t len)
{
if (set_char(&p->seusers, data, len))
return -1;
p->seusers_len = len;
return 0;
}
int sepol_module_package_set_user_extra(sepol_module_package_t * p,
char *data, size_t len)
{
if (set_char(&p->user_extra, data, len))
return -1;
p->user_extra_len = len;
return 0;
}
int sepol_module_package_set_netfilter_contexts(sepol_module_package_t * p,
char *data, size_t len)
{
if (set_char(&p->netfilter_contexts, data, len))
return -1;
p->netfilter_contexts_len = len;
return 0;
}
sepol_policydb_t *sepol_module_package_get_policy(sepol_module_package_t * p)
{
return p->policy;
}
/* Append each of the file contexts from each module to the base
* policy's file context. 'base_context' will be reallocated to a
* larger size (and thus it is an in/out reference
* variable). 'base_fc_len' is the length of base's file context; it
* too is a reference variable. Return 0 on success, -1 if out of
* memory. */
static int link_file_contexts(sepol_module_package_t * base,
sepol_module_package_t ** modules,
int num_modules)
{
size_t fc_len;
int i;
char *s;
fc_len = base->file_contexts_len;
for (i = 0; i < num_modules; i++) {
fc_len += modules[i]->file_contexts_len;
}
if ((s = (char *)realloc(base->file_contexts, fc_len)) == NULL) {
return -1;
}
base->file_contexts = s;
for (i = 0; i < num_modules; i++) {
memcpy(base->file_contexts + base->file_contexts_len,
modules[i]->file_contexts,
modules[i]->file_contexts_len);
base->file_contexts_len += modules[i]->file_contexts_len;
}
return 0;
}
/* Append each of the netfilter contexts from each module to the base
* policy's netfilter context. 'base_context' will be reallocated to a
* larger size (and thus it is an in/out reference
* variable). 'base_nc_len' is the length of base's netfilter contexts; it
* too is a reference variable. Return 0 on success, -1 if out of
* memory. */
static int link_netfilter_contexts(sepol_module_package_t * base,
sepol_module_package_t ** modules,
int num_modules)
{
size_t base_nc_len;
int i;
char *base_context;
base_nc_len = base->netfilter_contexts_len;
for (i = 0; i < num_modules; i++) {
base_nc_len += modules[i]->netfilter_contexts_len;
}
if ((base_context =
(char *)realloc(base->netfilter_contexts, base_nc_len)) == NULL) {
return -1;
}
base->netfilter_contexts = base_context;
for (i = 0; i < num_modules; i++) {
memcpy(base->netfilter_contexts + base->netfilter_contexts_len,
modules[i]->netfilter_contexts,
modules[i]->netfilter_contexts_len);
base->netfilter_contexts_len +=
modules[i]->netfilter_contexts_len;
}
return 0;
}
/* Links the module packages into the base. Returns 0 on success, -1
* if a requirement was not met, or -2 for all other errors. */
int sepol_link_packages(sepol_handle_t * handle,
sepol_module_package_t * base,
sepol_module_package_t ** modules, int num_modules,
int verbose)
{
policydb_t **mod_pols = NULL;
int i, retval;
if ((mod_pols = calloc(num_modules, sizeof(*mod_pols))) == NULL) {
ERR(handle, "Out of memory!");
return -2;
}
for (i = 0; i < num_modules; i++) {
mod_pols[i] = &modules[i]->policy->p;
}
retval = link_modules(handle, &base->policy->p, mod_pols, num_modules,
verbose);
free(mod_pols);
if (retval ==
safe_local_iterator.rar_memory
版权申诉
81 浏览量
2022-09-14
22:40:00
上传
评论
收藏 11KB RAR 举报
局外狗
- 粉丝: 64
- 资源: 1万+
最新资源
- 人工智能实验四 感知器算法的设计实现
- java小项目多线程多线程 复制文件 冒泡排序 群聊
- 四数之和(java代码).docx
- 701837906919458TapScanner v3.0.10 (Pro).apk
- 青岛大学人工智能实验二 利用α-β搜索的博弈树算法编写一字棋游戏
- ### 1、项目介绍 本项目Scrapy进行数据爬取,并使用Django框架+PyEcharts实现可视化大屏 效果如下:
- # 微信小程序-健康菜谱 基于微信小程序的一个查找检索菜谱的应用 ### 效果 !动态图(./res/gif/demo
- zabbix-get命令包资源
- 289ssm-mysql-jsp 计算机课程实验管理系统.zip(可运行源码+数据库文件+文档)
- 毕业设计,基于PyQt5实现的可视化界面的Python车牌自动识别系统源码
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈