kernel: Fix sepolicy on ColorOS14

2024-03-20 17:43:33 +08:00
parent 0b9f675013
commit 808342bf04
1 changed files with 31 additions and 14 deletions
--- a/kernel/selinux/sepolicy.c
+++ b/kernel/selinux/sepolicy.c
@@ -621,6 +621,22 @@ static bool add_genfscon(struct policydb *db, const char *fs_name,
 	return false;
 }
 static void *ksu_realloc(void *old, size_t new_size, size_t old_size)
 {
 	// we can't use krealloc, because it may be read-only
 	void *new = kzalloc(new_size, GFP_ATOMIC);
 	if (!new) {
 		return NULL;
 	}
 	if (old_size) {
 		memcpy(new, old, old_size);
 	}
 	// we can't use kfree, because it may be read-only
 	// there maybe some leaks, maybe we can check ptr_write, but it's not a big deal
 	// kfree(old);
 	return new;
 }
 static bool add_type(struct policydb *db, const char *type_name, bool attr)
 {
 #ifdef KSU_SUPPORT_ADD_TYPE
@@ -654,29 +670,30 @@ static bool add_type(struct policydb *db, const char *type_name, bool attr)
 	}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
 	size_t new_size = sizeof(struct ebitmap) * db->p_types.nprim;
 	struct ebitmap *new_type_attr_map_array =
-		(krealloc(db->type_attr_map_array, new_size, GFP_ATOMIC));
+		ksu_realloc(db->type_attr_map_array,
-
+			    value * sizeof(struct ebitmap),
-	struct type_datum **new_type_val_to_struct =
+			    (value - 1) * sizeof(struct ebitmap));
 		krealloc(db->type_val_to_struct,
 			 sizeof(*db->type_val_to_struct) * db->p_types.nprim,
 			 GFP_ATOMIC);
 	if (!new_type_attr_map_array) {
 		pr_err("add_type: alloc type_attr_map_array failed\n");
 		return false;
 	}
 	struct type_datum **new_type_val_to_struct =
 		ksu_realloc(db->type_val_to_struct,
 			    sizeof(*db->type_val_to_struct) * value,
 			    sizeof(*db->type_val_to_struct) * (value - 1));
 	if (!new_type_val_to_struct) {
 		pr_err("add_type: alloc type_val_to_struct failed\n");
 		return false;
 	}
 	char **new_val_to_name_types =
-		krealloc(db->sym_val_to_name[SYM_TYPES],
+		ksu_realloc(db->sym_val_to_name[SYM_TYPES],
-			 sizeof(char *) * db->symtab[SYM_TYPES].nprim,
+			    sizeof(char *) * value,
-			 GFP_KERNEL);
+			    sizeof(char *) * (value - 1));
 	if (!new_val_to_name_types) {
 		pr_err("add_type: alloc val_to_name failed\n");
 		return false;