/src/selinux/libsepol/src/policydb_convert.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include <stdlib.h> |
2 | | |
3 | | #include "private.h" |
4 | | #include "debug.h" |
5 | | |
6 | | #include <sepol/policydb/policydb.h> |
7 | | |
8 | | /* Construct a policydb from the supplied (data, len) pair */ |
9 | | |
10 | | int policydb_from_image(sepol_handle_t * handle, |
11 | | void *data, size_t len, policydb_t * policydb) |
12 | 0 | { |
13 | |
|
14 | 0 | policy_file_t pf; |
15 | |
|
16 | 0 | policy_file_init(&pf); |
17 | 0 | pf.type = PF_USE_MEMORY; |
18 | 0 | pf.data = data; |
19 | 0 | pf.len = len; |
20 | 0 | pf.handle = handle; |
21 | |
|
22 | 0 | if (policydb_read(policydb, &pf, 0)) { |
23 | 0 | policydb_destroy(policydb); |
24 | 0 | ERR(handle, "policy image is invalid"); |
25 | 0 | errno = EINVAL; |
26 | 0 | return STATUS_ERR; |
27 | 0 | } |
28 | | |
29 | 0 | return STATUS_SUCCESS; |
30 | 0 | } |
31 | | |
32 | | /* Write a policydb to a memory region, and return the (data, len) pair. */ |
33 | | |
34 | | int policydb_to_image(sepol_handle_t * handle, |
35 | | policydb_t * policydb, void **newdata, size_t * newlen) |
36 | 0 | { |
37 | |
|
38 | 0 | void *tmp_data = NULL; |
39 | 0 | size_t tmp_len; |
40 | 0 | policy_file_t pf; |
41 | 0 | struct policydb tmp_policydb; |
42 | | |
43 | | /* Compute the length for the new policy image. */ |
44 | 0 | policy_file_init(&pf); |
45 | 0 | pf.type = PF_LEN; |
46 | 0 | pf.handle = handle; |
47 | 0 | if (policydb_write(policydb, &pf)) { |
48 | 0 | ERR(handle, "could not compute policy length"); |
49 | 0 | errno = EINVAL; |
50 | 0 | goto err; |
51 | 0 | } |
52 | | |
53 | | /* Allocate the new policy image. */ |
54 | 0 | pf.type = PF_USE_MEMORY; |
55 | 0 | pf.data = malloc(pf.len); |
56 | 0 | if (!pf.data) { |
57 | 0 | ERR(handle, "out of memory"); |
58 | 0 | goto err; |
59 | 0 | } |
60 | | |
61 | | /* Need to save len and data prior to modification by policydb_write. */ |
62 | 0 | tmp_len = pf.len; |
63 | 0 | tmp_data = pf.data; |
64 | | |
65 | | /* Write out the new policy image. */ |
66 | 0 | if (policydb_write(policydb, &pf)) { |
67 | 0 | ERR(handle, "could not write policy"); |
68 | 0 | errno = EINVAL; |
69 | 0 | goto err; |
70 | 0 | } |
71 | | |
72 | | /* Verify the new policy image. */ |
73 | 0 | pf.type = PF_USE_MEMORY; |
74 | 0 | pf.data = tmp_data; |
75 | 0 | pf.len = tmp_len; |
76 | 0 | if (policydb_init(&tmp_policydb)) { |
77 | 0 | ERR(handle, "Out of memory"); |
78 | 0 | errno = ENOMEM; |
79 | 0 | goto err; |
80 | 0 | } |
81 | 0 | if (policydb_read(&tmp_policydb, &pf, 0)) { |
82 | 0 | ERR(handle, "new policy image is invalid"); |
83 | 0 | errno = EINVAL; |
84 | 0 | goto err; |
85 | 0 | } |
86 | 0 | policydb_destroy(&tmp_policydb); |
87 | | |
88 | | /* Update (newdata, newlen) */ |
89 | 0 | *newdata = tmp_data; |
90 | 0 | *newlen = tmp_len; |
91 | | |
92 | | /* Recover */ |
93 | 0 | return STATUS_SUCCESS; |
94 | | |
95 | 0 | err: |
96 | 0 | ERR(handle, "could not create policy image"); |
97 | | |
98 | | /* Recover */ |
99 | 0 | free(tmp_data); |
100 | 0 | return STATUS_ERR; |
101 | 0 | } |