#define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */
#define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */
#define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */
+#define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */
#define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */
-/*
- * CIPSO 2.2 standard is 239, but Smack wants to use the
- * categories in a structured way that limits the value to
- * the bits in 23 bytes, hence the unusual number.
- */
-#define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */
+#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
/*
* Flag for transmute access
struct smack_known *kp;
char *sp;
int found = 0;
- int acat;
- int kcat;
if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
/*
list_for_each_entry(kp, &smack_known_list, list) {
if (sap->attr.mls.lvl != kp->smk_netlabel.attr.mls.lvl)
continue;
- /*
- * Compare the catsets. Use the netlbl APIs.
- */
- if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
- if ((kp->smk_netlabel.flags &
- NETLBL_SECATTR_MLS_CAT) == 0)
- found = 1;
- break;
- }
- for (acat = -1, kcat = -1; acat == kcat; ) {
- acat = netlbl_secattr_catmap_walk(
- sap->attr.mls.cat, acat + 1);
- kcat = netlbl_secattr_catmap_walk(
- kp->smk_netlabel.attr.mls.cat,
- kcat + 1);
- if (acat < 0 || kcat < 0)
- break;
- }
- if (acat == kcat) {
- found = 1;
- break;
- }
+ if (memcmp(sap->attr.mls.cat,
+ kp->smk_netlabel.attr.mls.cat,
+ SMK_CIPSOLEN) != 0)
+ continue;
+ found = 1;
+ break;
}
rcu_read_unlock();
for (i = 0; i < catlen; i++) {
rule += SMK_DIGITLEN;
ret = sscanf(rule, "%u", &cat);
- if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
+ if (ret != 1 || cat > SMACK_CIPSO_MAXCATVAL)
goto out;
smack_catset_bit(cat, mapcatset);
projects / kernel / linux-3.0.git / commitdiff