if (!context) {		printk(KERN_ERR "security_sid_to_context:  unrecognized SID "		       "%d\n", sid);		rc = -EINVAL;		goto out_unlock;	}	rc = context_struct_to_string(context, scontext, scontext_len);out_unlock:	POLICY_RDUNLOCK;out:	return rc;}static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid){	char *scontext2;	struct context context;	struct role_datum *role;	struct type_datum *typdatum;	struct user_datum *usrdatum;	char *scontextp, *p, oldc;	int rc = 0;	if (!ss_initialized) {		int i;		for (i = 1; i < SECINITSID_NUM; i++) {			if (!strcmp(initial_sid_to_string[i], scontext)) {				*sid = i;				goto out;			}		}		*sid = SECINITSID_KERNEL;		goto out;	}	*sid = SECSID_NULL;	/* Copy the string so that we can modify the copy as we parse it.	   The string should already by null terminated, but we append a	   null suffix to the copy to avoid problems with the existing	   attr package, which doesn't view the null terminator as part	   of the attribute value. */	scontext2 = kmalloc(scontext_len+1,GFP_KERNEL);	if (!scontext2) {		rc = -ENOMEM;		goto out;	}	memcpy(scontext2, scontext, scontext_len);	scontext2[scontext_len] = 0;	context_init(&context);	*sid = SECSID_NULL;	POLICY_RDLOCK;	/* Parse the security context. */	rc = -EINVAL;	scontextp = (char *) scontext2;	/* Extract the user. */	p = scontextp;	while (*p && *p != ':')		p++;	if (*p == 0)		goto out_unlock;	*p++ = 0;	usrdatum = hashtab_search(policydb.p_users.table, scontextp);	if (!usrdatum)		goto out_unlock;	context.user = usrdatum->value;	/* Extract role. */	scontextp = p;	while (*p && *p != ':')		p++;	if (*p == 0)		goto out_unlock;	*p++ = 0;	role = hashtab_search(policydb.p_roles.table, scontextp);	if (!role)		goto out_unlock;	context.role = role->value;	/* Extract type. */	scontextp = p;	while (*p && *p != ':')		p++;	oldc = *p;	*p++ = 0;	typdatum = hashtab_search(policydb.p_types.table, scontextp);	if (!typdatum)		goto out_unlock;	context.type = typdatum->value;	rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);	if (rc)		goto out_unlock;	if ((p - scontext2) < scontext_len) {		rc = -EINVAL;		goto out_unlock;	}	/* Check the validity of the new context. */	if (!policydb_context_isvalid(&policydb, &context)) {		rc = -EINVAL;		goto out_unlock;	}	/* Obtain the new sid. */	rc = sidtab_context_to_sid(&sidtab, &context, sid);out_unlock:	POLICY_RDUNLOCK;	context_destroy(&context);	kfree(scontext2);out:	return rc;}/** * security_context_to_sid - Obtain a SID for a given security context. * @scontext: security context * @scontext_len: length in bytes * @sid: security identifier, SID * * Obtains a SID associated with the security context that * has the string representation specified by @scontext. * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient * memory is available, or 0 on success. */int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid){	return security_context_to_sid_core(scontext, scontext_len,	                                    sid, SECSID_NULL);}/** * security_context_to_sid_default - Obtain a SID for a given security context, * falling back to specified default if needed. * * @scontext: security context * @scontext_len: length in bytes * @sid: security identifier, SID * @def_sid: default SID to assign on errror * * Obtains a SID associated with the security context that * has the string representation specified by @scontext. * The default SID is passed to the MLS layer to be used to allow * kernel labeling of the MLS field if the MLS field is not present * (for upgrading to MLS without full relabel). * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient * memory is available, or 0 on success. */int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid){	return security_context_to_sid_core(scontext, scontext_len,	                                    sid, def_sid);}static int compute_sid_handle_invalid_context(	struct context *scontext,	struct context *tcontext,	u16 tclass,	struct context *newcontext){	char *s = NULL, *t = NULL, *n = NULL;	u32 slen, tlen, nlen;	if (context_struct_to_string(scontext, &s, &slen) < 0)		goto out;	if (context_struct_to_string(tcontext, &t, &tlen) < 0)		goto out;	if (context_struct_to_string(newcontext, &n, &nlen) < 0)		goto out;	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,		  "security_compute_sid:  invalid context %s"		  " for scontext=%s"		  " tcontext=%s"		  " tclass=%s",		  n, s, t, policydb.p_class_val_to_name[tclass-1]);out:	kfree(s);	kfree(t);	kfree(n);	if (!selinux_enforcing)		return 0;	return -EACCES;}static int security_compute_sid(u32 ssid,				u32 tsid,				u16 tclass,				u32 specified,				u32 *out_sid){	struct context *scontext = NULL, *tcontext = NULL, newcontext;	struct role_trans *roletr = NULL;	struct avtab_key avkey;	struct avtab_datum *avdatum;	struct avtab_node *node;	int rc = 0;	if (!ss_initialized) {		switch (tclass) {		case SECCLASS_PROCESS:			*out_sid = ssid;			break;		default:			*out_sid = tsid;			break;		}		goto out;	}	POLICY_RDLOCK;	scontext = sidtab_search(&sidtab, ssid);	if (!scontext) {		printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",		       ssid);		rc = -EINVAL;		goto out_unlock;	}	tcontext = sidtab_search(&sidtab, tsid);	if (!tcontext) {		printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",		       tsid);		rc = -EINVAL;		goto out_unlock;	}	context_init(&newcontext);	/* Set the user identity. */	switch (specified) {	case AVTAB_TRANSITION:	case AVTAB_CHANGE:		/* Use the process user identity. */		newcontext.user = scontext->user;		break;	case AVTAB_MEMBER:		/* Use the related object owner. */		newcontext.user = tcontext->user;		break;	}	/* Set the role and type to default values. */	switch (tclass) {	case SECCLASS_PROCESS:		/* Use the current role and type of process. */		newcontext.role = scontext->role;		newcontext.type = scontext->type;		break;	default:		/* Use the well-defined object role. */		newcontext.role = OBJECT_R_VAL;		/* Use the type of the related object. */		newcontext.type = tcontext->type;	}	/* Look for a type transition/member/change rule. */	avkey.source_type = scontext->type;	avkey.target_type = tcontext->type;	avkey.target_class = tclass;	avkey.specified = specified;	avdatum = avtab_search(&policydb.te_avtab, &avkey);	/* If no permanent rule, also check for enabled conditional rules */	if(!avdatum) {		node = avtab_search_node(&policydb.te_cond_avtab, &avkey);		for (; node != NULL; node = avtab_search_node_next(node, specified)) {			if (node->key.specified & AVTAB_ENABLED) {				avdatum = &node->datum;				break;			}		}	}	if (avdatum) {		/* Use the type from the type transition/member/change rule. */		newcontext.type = avdatum->data;	}	/* Check for class-specific changes. */	switch (tclass) {	case SECCLASS_PROCESS:		if (specified & AVTAB_TRANSITION) {			/* Look for a role transition rule. */			for (roletr = policydb.role_tr; roletr;			     roletr = roletr->next) {				if (roletr->role == scontext->role &&				    roletr->type == tcontext->type) {					/* Use the role transition rule. */					newcontext.role = roletr->new_role;					break;				}			}		}		break;	default:		break;	}	/* Set the MLS attributes.	   This is done last because it may allocate memory. */	rc = mls_compute_sid(scontext, tcontext, tclass, specified, &newcontext);	if (rc)		goto out_unlock;	/* Check the validity of the context. */	if (!policydb_context_isvalid(&policydb, &newcontext)) {		rc = compute_sid_handle_invalid_context(scontext,							tcontext,							tclass,							&newcontext);		if (rc)			goto out_unlock;	}	/* Obtain the sid for the context. */	rc = sidtab_context_to_sid(&sidtab, &newcontext, out_sid);out_unlock:	POLICY_RDUNLOCK;	context_destroy(&newcontext);out:	return rc;}/** * security_transition_sid - Compute the SID for a new subject/object. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @out_sid: security identifier for new subject/object * * Compute a SID to use for labeling a new subject or object in the * class @tclass based on a SID pair (@ssid, @tsid). * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM * if insufficient memory is available, or %0 if the new SID was * computed successfully. */int security_transition_sid(u32 ssid,			    u32 tsid,			    u16 tclass,			    u32 *out_sid){	return security_compute_sid(ssid, tsid, tclass, AVTAB_TRANSITION, out_sid);}/** * security_member_sid - Compute the SID for member selection. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @out_sid: security identifier for selected member * * Compute a SID to use when selecting a member of a polyinstantiated * object of class @tclass based on a SID pair (@ssid, @tsid). * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM * if insufficient memory is available, or %0 if the SID was * computed successfully. */int security_member_sid(u32 ssid,			u32 tsid,			u16 tclass,			u32 *out_sid){	return security_compute_sid(ssid, tsid, tclass, AVTAB_MEMBER, out_sid);}/** * security_change_sid - Compute the SID for object relabeling. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class * @out_sid: security identifier for selected member * * Compute a SID to use for relabeling an object of class @tclass * based on a SID pair (@ssid, @tsid). * Return -%EINVAL if any of the parameters are invalid, -%ENOMEM * if insufficient memory is available, or %0 if the SID was * computed successfully. */int security_change_sid(u32 ssid,			u32 tsid,			u16 tclass,			u32 *out_sid){	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);}/* * Verify that each permission that is defined under the * existing policy is still defined with the same value * in the new policy. */static int validate_perm(void *key, void *datum, void *p){	struct hashtab *h;	struct perm_datum *perdatum, *perdatum2;	int rc = 0;	h = p;	perdatum = datum;	perdatum2 = hashtab_search(h, key);	if (!perdatum2) {		printk(KERN_ERR "security:  permission %s disappeared",		       (char *)key);		rc = -ENOENT;		goto out;	}	if (perdatum->value != perdatum2->value) {		printk(KERN_ERR "security:  the value of permission %s changed",		       (char *)key);		rc = -EINVAL;	}out:	return rc;}/* * Verify that each class that is defined under the * existing policy is still defined with the same * attributes in the new policy. */static int validate_class(void *key, void *datum, void *p){	struct policydb *newp;	struct class_datum *cladatum, *cladatum2;	int rc;	newp = p;	cladatum = datum;	cladatum2 = hashtab_search(newp->p_classes.table, key);	if (!cladatum2) {		printk(KERN_ERR "security:  class %s disappeared\n",		       (char *)key);		rc = -ENOENT;		goto out;	}	if (cladatum->value != cladatum2->value) {		printk(KERN_ERR "security:  the value of class %s changed\n",		       (char *)key);		rc = -EINVAL;		goto out;	}	if ((cladatum->comdatum && !cladatum2->comdatum) ||	    (!cladatum->comdatum && cladatum2->comdatum)) {		printk(KERN_ERR "security:  the inherits clause for the access "		       "vector definition for class %s changed\n", (char *)key);		rc = -EINVAL;		goto out;	}	if (cladatum->comdatum) {		rc = hashtab_map(cladatum->comdatum->permissions.table, validate_perm,		                 cladatum2->comdatum->permissions.table);		if (rc) {			printk(" in the access vector definition for class "			       "%s\n", (char *)key);			goto out;		}	}	rc = hashtab_map(cladatum->permissions.table, validate_perm,	                 cladatum2->permissions.table);	if (rc)		printk(" in access vector definition for class %s\n",		       (char *)key);out:	return rc;}/* Clone the SID into the new SID table. */static int clone_sid(u32 sid,		     struct context *context,		     void *arg){	struct sidtab *s = arg;	return sidtab_insert(s, sid, context);}static inline int convert_context_handle_invalid_context(struct context *context){	int rc = 0;	if (selinux_enforcing) {		rc = -EINVAL;	} else {		char *s;		u32 len;		context_struct_to_string(context, &s, &len);		printk(KERN_ERR "security:  context %s is invalid\n", s);		kfree(s);	}	return rc;}struct convert_context_args {	struct policydb *oldp;	struct policydb *newp;};/* * Convert the values in the security context * structure `c' from the values specified * in the policy `p->oldp' to the values specified * in the policy `p->newp'.  Verify that the * context is valid under the new policy. */static int convert_context(u32 key,			   struct context *c,			   void *p){	struct convert_context_args *args;	struct context oldc;	struct role_datum *role;	struct type_datum *typdatum;	struct user_datum *usrdatum;	char *s;	u32 len;	int rc;	args = p;	rc = context_cpy(&oldc, c);	if (rc)		goto out;	rc = -EINVAL;	/* Convert the user. */	usrdatum = hashtab_search(args->newp->p_users.table,	                          args->oldp->p_user_val_to_name[c->user - 1]);	if (!usrdatum) {		goto bad;	}	c->user = usrdatum->value;	/* Convert the role. */	role = hashtab_search(args->newp->p_roles.table,	                      args->oldp->p_role_val_to_name[c->role - 1]);	if (!role) {		goto bad;	}	c->role = role->value;	/* Convert the type. */	typdatum = hashtab_search(args->newp->p_types.table,	                          args->oldp->p_type_val_to_name[c->type - 1]);	if (!typdatum) {		goto bad;	}	c->type = typdatum->value;	rc = mls_convert_context(args->oldp, args->newp, c);	if (rc)		goto bad;	/* Check the validity of the new context. */	if (!policydb_context_isvalid(args->newp, c)) {		rc = convert_context_handle_invalid_context(&oldc);		if (rc)			goto bad;	}	context_destroy(&oldc);out:	return rc;bad:	context_struct_to_string(&oldc, &s, &len);	context_destroy(&oldc);	printk(KERN_ERR "security:  invalidating context %s\n", s);	kfree(s);	goto out;}extern void selinux_complete_init(void);/** * security_load_policy - Load a security policy configuration. * @data: binary policy data * @len: length of data in bytes * * Load a new set of security policy configuration data, * validate it and convert the SID table as necessary. * This function will flush the access vector cache after * loading the new policy. */int security_load_policy(void *data, size_t len){	struct policydb oldpolicydb, newpolicydb;	struct sidtab oldsidtab, newsidtab;