This source file includes following definitions.
- sel_netport_hashfn
- sel_netport_find
- sel_netport_insert
- sel_netport_sid_slow
- sel_netport_sid
- sel_netport_flush
- sel_netport_init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 #include <linux/types.h>
21 #include <linux/rcupdate.h>
22 #include <linux/list.h>
23 #include <linux/slab.h>
24 #include <linux/spinlock.h>
25 #include <linux/in.h>
26 #include <linux/in6.h>
27 #include <linux/ip.h>
28 #include <linux/ipv6.h>
29 #include <net/ip.h>
30 #include <net/ipv6.h>
31
32 #include "netport.h"
33 #include "objsec.h"
34
35 #define SEL_NETPORT_HASH_SIZE 256
36 #define SEL_NETPORT_HASH_BKT_LIMIT 16
37
38 struct sel_netport_bkt {
39 int size;
40 struct list_head list;
41 };
42
43 struct sel_netport {
44 struct netport_security_struct psec;
45
46 struct list_head list;
47 struct rcu_head rcu;
48 };
49
50
51
52
53
54
55
56 static LIST_HEAD(sel_netport_list);
57 static DEFINE_SPINLOCK(sel_netport_lock);
58 static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE];
59
60
61
62
63
64
65
66
67
68
69 static unsigned int sel_netport_hashfn(u16 pnum)
70 {
71 return (pnum & (SEL_NETPORT_HASH_SIZE - 1));
72 }
73
74
75
76
77
78
79
80
81
82
83
84 static struct sel_netport *sel_netport_find(u8 protocol, u16 pnum)
85 {
86 unsigned int idx;
87 struct sel_netport *port;
88
89 idx = sel_netport_hashfn(pnum);
90 list_for_each_entry_rcu(port, &sel_netport_hash[idx].list, list)
91 if (port->psec.port == pnum && port->psec.protocol == protocol)
92 return port;
93
94 return NULL;
95 }
96
97
98
99
100
101
102
103
104
105 static void sel_netport_insert(struct sel_netport *port)
106 {
107 unsigned int idx;
108
109
110
111 idx = sel_netport_hashfn(port->psec.port);
112 list_add_rcu(&port->list, &sel_netport_hash[idx].list);
113 if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
114 struct sel_netport *tail;
115 tail = list_entry(
116 rcu_dereference_protected(
117 sel_netport_hash[idx].list.prev,
118 lockdep_is_held(&sel_netport_lock)),
119 struct sel_netport, list);
120 list_del_rcu(&tail->list);
121 kfree_rcu(tail, rcu);
122 } else
123 sel_netport_hash[idx].size++;
124 }
125
126
127
128
129
130
131
132
133
134
135
136
137
138 static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
139 {
140 int ret;
141 struct sel_netport *port;
142 struct sel_netport *new;
143
144 spin_lock_bh(&sel_netport_lock);
145 port = sel_netport_find(protocol, pnum);
146 if (port != NULL) {
147 *sid = port->psec.sid;
148 spin_unlock_bh(&sel_netport_lock);
149 return 0;
150 }
151
152 ret = security_port_sid(&selinux_state, protocol, pnum, sid);
153 if (ret != 0)
154 goto out;
155 new = kzalloc(sizeof(*new), GFP_ATOMIC);
156 if (new) {
157 new->psec.port = pnum;
158 new->psec.protocol = protocol;
159 new->psec.sid = *sid;
160 sel_netport_insert(new);
161 }
162
163 out:
164 spin_unlock_bh(&sel_netport_lock);
165 if (unlikely(ret))
166 pr_warn("SELinux: failure in %s(), unable to determine network port label\n",
167 __func__);
168 return ret;
169 }
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184 int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid)
185 {
186 struct sel_netport *port;
187
188 rcu_read_lock();
189 port = sel_netport_find(protocol, pnum);
190 if (port != NULL) {
191 *sid = port->psec.sid;
192 rcu_read_unlock();
193 return 0;
194 }
195 rcu_read_unlock();
196
197 return sel_netport_sid_slow(protocol, pnum, sid);
198 }
199
200
201
202
203
204
205
206
207 void sel_netport_flush(void)
208 {
209 unsigned int idx;
210 struct sel_netport *port, *port_tmp;
211
212 spin_lock_bh(&sel_netport_lock);
213 for (idx = 0; idx < SEL_NETPORT_HASH_SIZE; idx++) {
214 list_for_each_entry_safe(port, port_tmp,
215 &sel_netport_hash[idx].list, list) {
216 list_del_rcu(&port->list);
217 kfree_rcu(port, rcu);
218 }
219 sel_netport_hash[idx].size = 0;
220 }
221 spin_unlock_bh(&sel_netport_lock);
222 }
223
224 static __init int sel_netport_init(void)
225 {
226 int iter;
227
228 if (!selinux_enabled)
229 return 0;
230
231 for (iter = 0; iter < SEL_NETPORT_HASH_SIZE; iter++) {
232 INIT_LIST_HEAD(&sel_netport_hash[iter].list);
233 sel_netport_hash[iter].size = 0;
234 }
235
236 return 0;
237 }
238
239 __initcall(sel_netport_init);