1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 18 * This program is free software; you can redistribute it and/or modify 19 * it under the terms of the GNU General Public License as published by 20 * the Free Software Foundation, version 2. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/sched.h> 25 #include <linux/slab.h> 26 #include <linux/string.h> 27 #include <linux/errno.h> 28 #include "security.h" 29 30 #include "policydb.h" 31 #include "conditional.h" 32 #include "mls.h" 33 34 #define _DEBUG_HASHES 35 36 #ifdef DEBUG_HASHES 37 static char *symtab_name[SYM_NUM] = { 38 "common prefixes", 39 "classes", 40 "roles", 41 "types", 42 "users", 43 "bools", 44 "levels", 45 "categories", 46 }; 47 #endif 48 49 int selinux_mls_enabled = 0; 50 51 static unsigned int symtab_sizes[SYM_NUM] = { 52 2, 53 32, 54 16, 55 512, 56 128, 57 16, 58 16, 59 16, 60 }; 61 62 struct policydb_compat_info { 63 int version; 64 int sym_num; 65 int ocon_num; 66 }; 67 68 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 69 static struct policydb_compat_info policydb_compat[] = { 70 { 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_NUM - 1, 74 }, 75 { 76 .version = POLICYDB_VERSION_BOOL, 77 .sym_num = SYM_NUM - 2, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_IPV6, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM, 84 }, 85 { 86 .version = POLICYDB_VERSION_NLCLASS, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_MLS, 92 .sym_num = SYM_NUM, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_AVTAB, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_RANGETRANS, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 }; 106 107 static struct policydb_compat_info *policydb_lookup_compat(int version) 108 { 109 int i; 110 struct policydb_compat_info *info = NULL; 111 112 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 113 if (policydb_compat[i].version == version) { 114 info = &policydb_compat[i]; 115 break; 116 } 117 } 118 return info; 119 } 120 121 /* 122 * Initialize the role table. 123 */ 124 static int roles_init(struct policydb *p) 125 { 126 char *key = NULL; 127 int rc; 128 struct role_datum *role; 129 130 role = kzalloc(sizeof(*role), GFP_KERNEL); 131 if (!role) { 132 rc = -ENOMEM; 133 goto out; 134 } 135 role->value = ++p->p_roles.nprim; 136 if (role->value != OBJECT_R_VAL) { 137 rc = -EINVAL; 138 goto out_free_role; 139 } 140 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); 141 if (!key) { 142 rc = -ENOMEM; 143 goto out_free_role; 144 } 145 strcpy(key, OBJECT_R); 146 rc = hashtab_insert(p->p_roles.table, key, role); 147 if (rc) 148 goto out_free_key; 149 out: 150 return rc; 151 152 out_free_key: 153 kfree(key); 154 out_free_role: 155 kfree(role); 156 goto out; 157 } 158 159 /* 160 * Initialize a policy database structure. 161 */ 162 static int policydb_init(struct policydb *p) 163 { 164 int i, rc; 165 166 memset(p, 0, sizeof(*p)); 167 168 for (i = 0; i < SYM_NUM; i++) { 169 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 170 if (rc) 171 goto out_free_symtab; 172 } 173 174 rc = avtab_init(&p->te_avtab); 175 if (rc) 176 goto out_free_symtab; 177 178 rc = roles_init(p); 179 if (rc) 180 goto out_free_symtab; 181 182 rc = cond_policydb_init(p); 183 if (rc) 184 goto out_free_symtab; 185 186 out: 187 return rc; 188 189 out_free_symtab: 190 for (i = 0; i < SYM_NUM; i++) 191 hashtab_destroy(p->symtab[i].table); 192 goto out; 193 } 194 195 /* 196 * The following *_index functions are used to 197 * define the val_to_name and val_to_struct arrays 198 * in a policy database structure. The val_to_name 199 * arrays are used when converting security context 200 * structures into string representations. The 201 * val_to_struct arrays are used when the attributes 202 * of a class, role, or user are needed. 203 */ 204 205 static int common_index(void *key, void *datum, void *datap) 206 { 207 struct policydb *p; 208 struct common_datum *comdatum; 209 210 comdatum = datum; 211 p = datap; 212 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 213 return -EINVAL; 214 p->p_common_val_to_name[comdatum->value - 1] = key; 215 return 0; 216 } 217 218 static int class_index(void *key, void *datum, void *datap) 219 { 220 struct policydb *p; 221 struct class_datum *cladatum; 222 223 cladatum = datum; 224 p = datap; 225 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 226 return -EINVAL; 227 p->p_class_val_to_name[cladatum->value - 1] = key; 228 p->class_val_to_struct[cladatum->value - 1] = cladatum; 229 return 0; 230 } 231 232 static int role_index(void *key, void *datum, void *datap) 233 { 234 struct policydb *p; 235 struct role_datum *role; 236 237 role = datum; 238 p = datap; 239 if (!role->value || role->value > p->p_roles.nprim) 240 return -EINVAL; 241 p->p_role_val_to_name[role->value - 1] = key; 242 p->role_val_to_struct[role->value - 1] = role; 243 return 0; 244 } 245 246 static int type_index(void *key, void *datum, void *datap) 247 { 248 struct policydb *p; 249 struct type_datum *typdatum; 250 251 typdatum = datum; 252 p = datap; 253 254 if (typdatum->primary) { 255 if (!typdatum->value || typdatum->value > p->p_types.nprim) 256 return -EINVAL; 257 p->p_type_val_to_name[typdatum->value - 1] = key; 258 } 259 260 return 0; 261 } 262 263 static int user_index(void *key, void *datum, void *datap) 264 { 265 struct policydb *p; 266 struct user_datum *usrdatum; 267 268 usrdatum = datum; 269 p = datap; 270 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 271 return -EINVAL; 272 p->p_user_val_to_name[usrdatum->value - 1] = key; 273 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 274 return 0; 275 } 276 277 static int sens_index(void *key, void *datum, void *datap) 278 { 279 struct policydb *p; 280 struct level_datum *levdatum; 281 282 levdatum = datum; 283 p = datap; 284 285 if (!levdatum->isalias) { 286 if (!levdatum->level->sens || 287 levdatum->level->sens > p->p_levels.nprim) 288 return -EINVAL; 289 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 290 } 291 292 return 0; 293 } 294 295 static int cat_index(void *key, void *datum, void *datap) 296 { 297 struct policydb *p; 298 struct cat_datum *catdatum; 299 300 catdatum = datum; 301 p = datap; 302 303 if (!catdatum->isalias) { 304 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 305 return -EINVAL; 306 p->p_cat_val_to_name[catdatum->value - 1] = key; 307 } 308 309 return 0; 310 } 311 312 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 313 { 314 common_index, 315 class_index, 316 role_index, 317 type_index, 318 user_index, 319 cond_index_bool, 320 sens_index, 321 cat_index, 322 }; 323 324 /* 325 * Define the common val_to_name array and the class 326 * val_to_name and val_to_struct arrays in a policy 327 * database structure. 328 * 329 * Caller must clean up upon failure. 330 */ 331 static int policydb_index_classes(struct policydb *p) 332 { 333 int rc; 334 335 p->p_common_val_to_name = 336 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 337 if (!p->p_common_val_to_name) { 338 rc = -ENOMEM; 339 goto out; 340 } 341 342 rc = hashtab_map(p->p_commons.table, common_index, p); 343 if (rc) 344 goto out; 345 346 p->class_val_to_struct = 347 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 348 if (!p->class_val_to_struct) { 349 rc = -ENOMEM; 350 goto out; 351 } 352 353 p->p_class_val_to_name = 354 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 355 if (!p->p_class_val_to_name) { 356 rc = -ENOMEM; 357 goto out; 358 } 359 360 rc = hashtab_map(p->p_classes.table, class_index, p); 361 out: 362 return rc; 363 } 364 365 #ifdef DEBUG_HASHES 366 static void symtab_hash_eval(struct symtab *s) 367 { 368 int i; 369 370 for (i = 0; i < SYM_NUM; i++) { 371 struct hashtab *h = s[i].table; 372 struct hashtab_info info; 373 374 hashtab_stat(h, &info); 375 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " 376 "longest chain length %d\n", symtab_name[i], h->nel, 377 info.slots_used, h->size, info.max_chain_len); 378 } 379 } 380 #endif 381 382 /* 383 * Define the other val_to_name and val_to_struct arrays 384 * in a policy database structure. 385 * 386 * Caller must clean up on failure. 387 */ 388 static int policydb_index_others(struct policydb *p) 389 { 390 int i, rc = 0; 391 392 printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", 393 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 394 if (selinux_mls_enabled) 395 printk(", %d sens, %d cats", p->p_levels.nprim, 396 p->p_cats.nprim); 397 printk("\n"); 398 399 printk(KERN_DEBUG "security: %d classes, %d rules\n", 400 p->p_classes.nprim, p->te_avtab.nel); 401 402 #ifdef DEBUG_HASHES 403 avtab_hash_eval(&p->te_avtab, "rules"); 404 symtab_hash_eval(p->symtab); 405 #endif 406 407 p->role_val_to_struct = 408 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 409 GFP_KERNEL); 410 if (!p->role_val_to_struct) { 411 rc = -ENOMEM; 412 goto out; 413 } 414 415 p->user_val_to_struct = 416 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 417 GFP_KERNEL); 418 if (!p->user_val_to_struct) { 419 rc = -ENOMEM; 420 goto out; 421 } 422 423 if (cond_init_bool_indexes(p)) { 424 rc = -ENOMEM; 425 goto out; 426 } 427 428 for (i = SYM_ROLES; i < SYM_NUM; i++) { 429 p->sym_val_to_name[i] = 430 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 431 if (!p->sym_val_to_name[i]) { 432 rc = -ENOMEM; 433 goto out; 434 } 435 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 436 if (rc) 437 goto out; 438 } 439 440 out: 441 return rc; 442 } 443 444 /* 445 * The following *_destroy functions are used to 446 * free any memory allocated for each kind of 447 * symbol data in the policy database. 448 */ 449 450 static int perm_destroy(void *key, void *datum, void *p) 451 { 452 kfree(key); 453 kfree(datum); 454 return 0; 455 } 456 457 static int common_destroy(void *key, void *datum, void *p) 458 { 459 struct common_datum *comdatum; 460 461 kfree(key); 462 comdatum = datum; 463 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 464 hashtab_destroy(comdatum->permissions.table); 465 kfree(datum); 466 return 0; 467 } 468 469 static int cls_destroy(void *key, void *datum, void *p) 470 { 471 struct class_datum *cladatum; 472 struct constraint_node *constraint, *ctemp; 473 struct constraint_expr *e, *etmp; 474 475 kfree(key); 476 cladatum = datum; 477 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 478 hashtab_destroy(cladatum->permissions.table); 479 constraint = cladatum->constraints; 480 while (constraint) { 481 e = constraint->expr; 482 while (e) { 483 ebitmap_destroy(&e->names); 484 etmp = e; 485 e = e->next; 486 kfree(etmp); 487 } 488 ctemp = constraint; 489 constraint = constraint->next; 490 kfree(ctemp); 491 } 492 493 constraint = cladatum->validatetrans; 494 while (constraint) { 495 e = constraint->expr; 496 while (e) { 497 ebitmap_destroy(&e->names); 498 etmp = e; 499 e = e->next; 500 kfree(etmp); 501 } 502 ctemp = constraint; 503 constraint = constraint->next; 504 kfree(ctemp); 505 } 506 507 kfree(cladatum->comkey); 508 kfree(datum); 509 return 0; 510 } 511 512 static int role_destroy(void *key, void *datum, void *p) 513 { 514 struct role_datum *role; 515 516 kfree(key); 517 role = datum; 518 ebitmap_destroy(&role->dominates); 519 ebitmap_destroy(&role->types); 520 kfree(datum); 521 return 0; 522 } 523 524 static int type_destroy(void *key, void *datum, void *p) 525 { 526 kfree(key); 527 kfree(datum); 528 return 0; 529 } 530 531 static int user_destroy(void *key, void *datum, void *p) 532 { 533 struct user_datum *usrdatum; 534 535 kfree(key); 536 usrdatum = datum; 537 ebitmap_destroy(&usrdatum->roles); 538 ebitmap_destroy(&usrdatum->range.level[0].cat); 539 ebitmap_destroy(&usrdatum->range.level[1].cat); 540 ebitmap_destroy(&usrdatum->dfltlevel.cat); 541 kfree(datum); 542 return 0; 543 } 544 545 static int sens_destroy(void *key, void *datum, void *p) 546 { 547 struct level_datum *levdatum; 548 549 kfree(key); 550 levdatum = datum; 551 ebitmap_destroy(&levdatum->level->cat); 552 kfree(levdatum->level); 553 kfree(datum); 554 return 0; 555 } 556 557 static int cat_destroy(void *key, void *datum, void *p) 558 { 559 kfree(key); 560 kfree(datum); 561 return 0; 562 } 563 564 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 565 { 566 common_destroy, 567 cls_destroy, 568 role_destroy, 569 type_destroy, 570 user_destroy, 571 cond_destroy_bool, 572 sens_destroy, 573 cat_destroy, 574 }; 575 576 static void ocontext_destroy(struct ocontext *c, int i) 577 { 578 context_destroy(&c->context[0]); 579 context_destroy(&c->context[1]); 580 if (i == OCON_ISID || i == OCON_FS || 581 i == OCON_NETIF || i == OCON_FSUSE) 582 kfree(c->u.name); 583 kfree(c); 584 } 585 586 /* 587 * Free any memory allocated by a policy database structure. 588 */ 589 void policydb_destroy(struct policydb *p) 590 { 591 struct ocontext *c, *ctmp; 592 struct genfs *g, *gtmp; 593 int i; 594 struct role_allow *ra, *lra = NULL; 595 struct role_trans *tr, *ltr = NULL; 596 struct range_trans *rt, *lrt = NULL; 597 598 for (i = 0; i < SYM_NUM; i++) { 599 cond_resched(); 600 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 601 hashtab_destroy(p->symtab[i].table); 602 } 603 604 for (i = 0; i < SYM_NUM; i++) 605 kfree(p->sym_val_to_name[i]); 606 607 kfree(p->class_val_to_struct); 608 kfree(p->role_val_to_struct); 609 kfree(p->user_val_to_struct); 610 611 avtab_destroy(&p->te_avtab); 612 613 for (i = 0; i < OCON_NUM; i++) { 614 cond_resched(); 615 c = p->ocontexts[i]; 616 while (c) { 617 ctmp = c; 618 c = c->next; 619 ocontext_destroy(ctmp,i); 620 } 621 p->ocontexts[i] = NULL; 622 } 623 624 g = p->genfs; 625 while (g) { 626 cond_resched(); 627 kfree(g->fstype); 628 c = g->head; 629 while (c) { 630 ctmp = c; 631 c = c->next; 632 ocontext_destroy(ctmp,OCON_FSUSE); 633 } 634 gtmp = g; 635 g = g->next; 636 kfree(gtmp); 637 } 638 p->genfs = NULL; 639 640 cond_policydb_destroy(p); 641 642 for (tr = p->role_tr; tr; tr = tr->next) { 643 cond_resched(); 644 kfree(ltr); 645 ltr = tr; 646 } 647 kfree(ltr); 648 649 for (ra = p->role_allow; ra; ra = ra -> next) { 650 cond_resched(); 651 kfree(lra); 652 lra = ra; 653 } 654 kfree(lra); 655 656 for (rt = p->range_tr; rt; rt = rt -> next) { 657 cond_resched(); 658 if (lrt) { 659 ebitmap_destroy(&lrt->target_range.level[0].cat); 660 ebitmap_destroy(&lrt->target_range.level[1].cat); 661 kfree(lrt); 662 } 663 lrt = rt; 664 } 665 if (lrt) { 666 ebitmap_destroy(&lrt->target_range.level[0].cat); 667 ebitmap_destroy(&lrt->target_range.level[1].cat); 668 kfree(lrt); 669 } 670 671 if (p->type_attr_map) { 672 for (i = 0; i < p->p_types.nprim; i++) 673 ebitmap_destroy(&p->type_attr_map[i]); 674 } 675 kfree(p->type_attr_map); 676 677 kfree(p->undefined_perms); 678 679 return; 680 } 681 682 /* 683 * Load the initial SIDs specified in a policy database 684 * structure into a SID table. 685 */ 686 int policydb_load_isids(struct policydb *p, struct sidtab *s) 687 { 688 struct ocontext *head, *c; 689 int rc; 690 691 rc = sidtab_init(s); 692 if (rc) { 693 printk(KERN_ERR "security: out of memory on SID table init\n"); 694 goto out; 695 } 696 697 head = p->ocontexts[OCON_ISID]; 698 for (c = head; c; c = c->next) { 699 if (!c->context[0].user) { 700 printk(KERN_ERR "security: SID %s was never " 701 "defined.\n", c->u.name); 702 rc = -EINVAL; 703 goto out; 704 } 705 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 706 printk(KERN_ERR "security: unable to load initial " 707 "SID %s.\n", c->u.name); 708 rc = -EINVAL; 709 goto out; 710 } 711 } 712 out: 713 return rc; 714 } 715 716 /* 717 * Return 1 if the fields in the security context 718 * structure `c' are valid. Return 0 otherwise. 719 */ 720 int policydb_context_isvalid(struct policydb *p, struct context *c) 721 { 722 struct role_datum *role; 723 struct user_datum *usrdatum; 724 725 if (!c->role || c->role > p->p_roles.nprim) 726 return 0; 727 728 if (!c->user || c->user > p->p_users.nprim) 729 return 0; 730 731 if (!c->type || c->type > p->p_types.nprim) 732 return 0; 733 734 if (c->role != OBJECT_R_VAL) { 735 /* 736 * Role must be authorized for the type. 737 */ 738 role = p->role_val_to_struct[c->role - 1]; 739 if (!ebitmap_get_bit(&role->types, 740 c->type - 1)) 741 /* role may not be associated with type */ 742 return 0; 743 744 /* 745 * User must be authorized for the role. 746 */ 747 usrdatum = p->user_val_to_struct[c->user - 1]; 748 if (!usrdatum) 749 return 0; 750 751 if (!ebitmap_get_bit(&usrdatum->roles, 752 c->role - 1)) 753 /* user may not be associated with role */ 754 return 0; 755 } 756 757 if (!mls_context_isvalid(p, c)) 758 return 0; 759 760 return 1; 761 } 762 763 /* 764 * Read a MLS range structure from a policydb binary 765 * representation file. 766 */ 767 static int mls_read_range_helper(struct mls_range *r, void *fp) 768 { 769 __le32 buf[2]; 770 u32 items; 771 int rc; 772 773 rc = next_entry(buf, fp, sizeof(u32)); 774 if (rc < 0) 775 goto out; 776 777 items = le32_to_cpu(buf[0]); 778 if (items > ARRAY_SIZE(buf)) { 779 printk(KERN_ERR "security: mls: range overflow\n"); 780 rc = -EINVAL; 781 goto out; 782 } 783 rc = next_entry(buf, fp, sizeof(u32) * items); 784 if (rc < 0) { 785 printk(KERN_ERR "security: mls: truncated range\n"); 786 goto out; 787 } 788 r->level[0].sens = le32_to_cpu(buf[0]); 789 if (items > 1) 790 r->level[1].sens = le32_to_cpu(buf[1]); 791 else 792 r->level[1].sens = r->level[0].sens; 793 794 rc = ebitmap_read(&r->level[0].cat, fp); 795 if (rc) { 796 printk(KERN_ERR "security: mls: error reading low " 797 "categories\n"); 798 goto out; 799 } 800 if (items > 1) { 801 rc = ebitmap_read(&r->level[1].cat, fp); 802 if (rc) { 803 printk(KERN_ERR "security: mls: error reading high " 804 "categories\n"); 805 goto bad_high; 806 } 807 } else { 808 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 809 if (rc) { 810 printk(KERN_ERR "security: mls: out of memory\n"); 811 goto bad_high; 812 } 813 } 814 815 rc = 0; 816 out: 817 return rc; 818 bad_high: 819 ebitmap_destroy(&r->level[0].cat); 820 goto out; 821 } 822 823 /* 824 * Read and validate a security context structure 825 * from a policydb binary representation file. 826 */ 827 static int context_read_and_validate(struct context *c, 828 struct policydb *p, 829 void *fp) 830 { 831 __le32 buf[3]; 832 int rc; 833 834 rc = next_entry(buf, fp, sizeof buf); 835 if (rc < 0) { 836 printk(KERN_ERR "security: context truncated\n"); 837 goto out; 838 } 839 c->user = le32_to_cpu(buf[0]); 840 c->role = le32_to_cpu(buf[1]); 841 c->type = le32_to_cpu(buf[2]); 842 if (p->policyvers >= POLICYDB_VERSION_MLS) { 843 if (mls_read_range_helper(&c->range, fp)) { 844 printk(KERN_ERR "security: error reading MLS range of " 845 "context\n"); 846 rc = -EINVAL; 847 goto out; 848 } 849 } 850 851 if (!policydb_context_isvalid(p, c)) { 852 printk(KERN_ERR "security: invalid security context\n"); 853 context_destroy(c); 854 rc = -EINVAL; 855 } 856 out: 857 return rc; 858 } 859 860 /* 861 * The following *_read functions are used to 862 * read the symbol data from a policy database 863 * binary representation file. 864 */ 865 866 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 867 { 868 char *key = NULL; 869 struct perm_datum *perdatum; 870 int rc; 871 __le32 buf[2]; 872 u32 len; 873 874 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 875 if (!perdatum) { 876 rc = -ENOMEM; 877 goto out; 878 } 879 880 rc = next_entry(buf, fp, sizeof buf); 881 if (rc < 0) 882 goto bad; 883 884 len = le32_to_cpu(buf[0]); 885 perdatum->value = le32_to_cpu(buf[1]); 886 887 key = kmalloc(len + 1,GFP_KERNEL); 888 if (!key) { 889 rc = -ENOMEM; 890 goto bad; 891 } 892 rc = next_entry(key, fp, len); 893 if (rc < 0) 894 goto bad; 895 key[len] = 0; 896 897 rc = hashtab_insert(h, key, perdatum); 898 if (rc) 899 goto bad; 900 out: 901 return rc; 902 bad: 903 perm_destroy(key, perdatum, NULL); 904 goto out; 905 } 906 907 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 908 { 909 char *key = NULL; 910 struct common_datum *comdatum; 911 __le32 buf[4]; 912 u32 len, nel; 913 int i, rc; 914 915 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 916 if (!comdatum) { 917 rc = -ENOMEM; 918 goto out; 919 } 920 921 rc = next_entry(buf, fp, sizeof buf); 922 if (rc < 0) 923 goto bad; 924 925 len = le32_to_cpu(buf[0]); 926 comdatum->value = le32_to_cpu(buf[1]); 927 928 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 929 if (rc) 930 goto bad; 931 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 932 nel = le32_to_cpu(buf[3]); 933 934 key = kmalloc(len + 1,GFP_KERNEL); 935 if (!key) { 936 rc = -ENOMEM; 937 goto bad; 938 } 939 rc = next_entry(key, fp, len); 940 if (rc < 0) 941 goto bad; 942 key[len] = 0; 943 944 for (i = 0; i < nel; i++) { 945 rc = perm_read(p, comdatum->permissions.table, fp); 946 if (rc) 947 goto bad; 948 } 949 950 rc = hashtab_insert(h, key, comdatum); 951 if (rc) 952 goto bad; 953 out: 954 return rc; 955 bad: 956 common_destroy(key, comdatum, NULL); 957 goto out; 958 } 959 960 static int read_cons_helper(struct constraint_node **nodep, int ncons, 961 int allowxtarget, void *fp) 962 { 963 struct constraint_node *c, *lc; 964 struct constraint_expr *e, *le; 965 __le32 buf[3]; 966 u32 nexpr; 967 int rc, i, j, depth; 968 969 lc = NULL; 970 for (i = 0; i < ncons; i++) { 971 c = kzalloc(sizeof(*c), GFP_KERNEL); 972 if (!c) 973 return -ENOMEM; 974 975 if (lc) { 976 lc->next = c; 977 } else { 978 *nodep = c; 979 } 980 981 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 982 if (rc < 0) 983 return rc; 984 c->permissions = le32_to_cpu(buf[0]); 985 nexpr = le32_to_cpu(buf[1]); 986 le = NULL; 987 depth = -1; 988 for (j = 0; j < nexpr; j++) { 989 e = kzalloc(sizeof(*e), GFP_KERNEL); 990 if (!e) 991 return -ENOMEM; 992 993 if (le) { 994 le->next = e; 995 } else { 996 c->expr = e; 997 } 998 999 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1000 if (rc < 0) 1001 return rc; 1002 e->expr_type = le32_to_cpu(buf[0]); 1003 e->attr = le32_to_cpu(buf[1]); 1004 e->op = le32_to_cpu(buf[2]); 1005 1006 switch (e->expr_type) { 1007 case CEXPR_NOT: 1008 if (depth < 0) 1009 return -EINVAL; 1010 break; 1011 case CEXPR_AND: 1012 case CEXPR_OR: 1013 if (depth < 1) 1014 return -EINVAL; 1015 depth--; 1016 break; 1017 case CEXPR_ATTR: 1018 if (depth == (CEXPR_MAXDEPTH - 1)) 1019 return -EINVAL; 1020 depth++; 1021 break; 1022 case CEXPR_NAMES: 1023 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1024 return -EINVAL; 1025 if (depth == (CEXPR_MAXDEPTH - 1)) 1026 return -EINVAL; 1027 depth++; 1028 if (ebitmap_read(&e->names, fp)) 1029 return -EINVAL; 1030 break; 1031 default: 1032 return -EINVAL; 1033 } 1034 le = e; 1035 } 1036 if (depth != 0) 1037 return -EINVAL; 1038 lc = c; 1039 } 1040 1041 return 0; 1042 } 1043 1044 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1045 { 1046 char *key = NULL; 1047 struct class_datum *cladatum; 1048 __le32 buf[6]; 1049 u32 len, len2, ncons, nel; 1050 int i, rc; 1051 1052 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1053 if (!cladatum) { 1054 rc = -ENOMEM; 1055 goto out; 1056 } 1057 1058 rc = next_entry(buf, fp, sizeof(u32)*6); 1059 if (rc < 0) 1060 goto bad; 1061 1062 len = le32_to_cpu(buf[0]); 1063 len2 = le32_to_cpu(buf[1]); 1064 cladatum->value = le32_to_cpu(buf[2]); 1065 1066 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1067 if (rc) 1068 goto bad; 1069 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1070 nel = le32_to_cpu(buf[4]); 1071 1072 ncons = le32_to_cpu(buf[5]); 1073 1074 key = kmalloc(len + 1,GFP_KERNEL); 1075 if (!key) { 1076 rc = -ENOMEM; 1077 goto bad; 1078 } 1079 rc = next_entry(key, fp, len); 1080 if (rc < 0) 1081 goto bad; 1082 key[len] = 0; 1083 1084 if (len2) { 1085 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); 1086 if (!cladatum->comkey) { 1087 rc = -ENOMEM; 1088 goto bad; 1089 } 1090 rc = next_entry(cladatum->comkey, fp, len2); 1091 if (rc < 0) 1092 goto bad; 1093 cladatum->comkey[len2] = 0; 1094 1095 cladatum->comdatum = hashtab_search(p->p_commons.table, 1096 cladatum->comkey); 1097 if (!cladatum->comdatum) { 1098 printk(KERN_ERR "security: unknown common %s\n", 1099 cladatum->comkey); 1100 rc = -EINVAL; 1101 goto bad; 1102 } 1103 } 1104 for (i = 0; i < nel; i++) { 1105 rc = perm_read(p, cladatum->permissions.table, fp); 1106 if (rc) 1107 goto bad; 1108 } 1109 1110 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1111 if (rc) 1112 goto bad; 1113 1114 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1115 /* grab the validatetrans rules */ 1116 rc = next_entry(buf, fp, sizeof(u32)); 1117 if (rc < 0) 1118 goto bad; 1119 ncons = le32_to_cpu(buf[0]); 1120 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1121 if (rc) 1122 goto bad; 1123 } 1124 1125 rc = hashtab_insert(h, key, cladatum); 1126 if (rc) 1127 goto bad; 1128 1129 rc = 0; 1130 out: 1131 return rc; 1132 bad: 1133 cls_destroy(key, cladatum, NULL); 1134 goto out; 1135 } 1136 1137 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1138 { 1139 char *key = NULL; 1140 struct role_datum *role; 1141 int rc; 1142 __le32 buf[2]; 1143 u32 len; 1144 1145 role = kzalloc(sizeof(*role), GFP_KERNEL); 1146 if (!role) { 1147 rc = -ENOMEM; 1148 goto out; 1149 } 1150 1151 rc = next_entry(buf, fp, sizeof buf); 1152 if (rc < 0) 1153 goto bad; 1154 1155 len = le32_to_cpu(buf[0]); 1156 role->value = le32_to_cpu(buf[1]); 1157 1158 key = kmalloc(len + 1,GFP_KERNEL); 1159 if (!key) { 1160 rc = -ENOMEM; 1161 goto bad; 1162 } 1163 rc = next_entry(key, fp, len); 1164 if (rc < 0) 1165 goto bad; 1166 key[len] = 0; 1167 1168 rc = ebitmap_read(&role->dominates, fp); 1169 if (rc) 1170 goto bad; 1171 1172 rc = ebitmap_read(&role->types, fp); 1173 if (rc) 1174 goto bad; 1175 1176 if (strcmp(key, OBJECT_R) == 0) { 1177 if (role->value != OBJECT_R_VAL) { 1178 printk(KERN_ERR "Role %s has wrong value %d\n", 1179 OBJECT_R, role->value); 1180 rc = -EINVAL; 1181 goto bad; 1182 } 1183 rc = 0; 1184 goto bad; 1185 } 1186 1187 rc = hashtab_insert(h, key, role); 1188 if (rc) 1189 goto bad; 1190 out: 1191 return rc; 1192 bad: 1193 role_destroy(key, role, NULL); 1194 goto out; 1195 } 1196 1197 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1198 { 1199 char *key = NULL; 1200 struct type_datum *typdatum; 1201 int rc; 1202 __le32 buf[3]; 1203 u32 len; 1204 1205 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); 1206 if (!typdatum) { 1207 rc = -ENOMEM; 1208 return rc; 1209 } 1210 1211 rc = next_entry(buf, fp, sizeof buf); 1212 if (rc < 0) 1213 goto bad; 1214 1215 len = le32_to_cpu(buf[0]); 1216 typdatum->value = le32_to_cpu(buf[1]); 1217 typdatum->primary = le32_to_cpu(buf[2]); 1218 1219 key = kmalloc(len + 1,GFP_KERNEL); 1220 if (!key) { 1221 rc = -ENOMEM; 1222 goto bad; 1223 } 1224 rc = next_entry(key, fp, len); 1225 if (rc < 0) 1226 goto bad; 1227 key[len] = 0; 1228 1229 rc = hashtab_insert(h, key, typdatum); 1230 if (rc) 1231 goto bad; 1232 out: 1233 return rc; 1234 bad: 1235 type_destroy(key, typdatum, NULL); 1236 goto out; 1237 } 1238 1239 1240 /* 1241 * Read a MLS level structure from a policydb binary 1242 * representation file. 1243 */ 1244 static int mls_read_level(struct mls_level *lp, void *fp) 1245 { 1246 __le32 buf[1]; 1247 int rc; 1248 1249 memset(lp, 0, sizeof(*lp)); 1250 1251 rc = next_entry(buf, fp, sizeof buf); 1252 if (rc < 0) { 1253 printk(KERN_ERR "security: mls: truncated level\n"); 1254 goto bad; 1255 } 1256 lp->sens = le32_to_cpu(buf[0]); 1257 1258 if (ebitmap_read(&lp->cat, fp)) { 1259 printk(KERN_ERR "security: mls: error reading level " 1260 "categories\n"); 1261 goto bad; 1262 } 1263 return 0; 1264 1265 bad: 1266 return -EINVAL; 1267 } 1268 1269 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1270 { 1271 char *key = NULL; 1272 struct user_datum *usrdatum; 1273 int rc; 1274 __le32 buf[2]; 1275 u32 len; 1276 1277 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1278 if (!usrdatum) { 1279 rc = -ENOMEM; 1280 goto out; 1281 } 1282 1283 rc = next_entry(buf, fp, sizeof buf); 1284 if (rc < 0) 1285 goto bad; 1286 1287 len = le32_to_cpu(buf[0]); 1288 usrdatum->value = le32_to_cpu(buf[1]); 1289 1290 key = kmalloc(len + 1,GFP_KERNEL); 1291 if (!key) { 1292 rc = -ENOMEM; 1293 goto bad; 1294 } 1295 rc = next_entry(key, fp, len); 1296 if (rc < 0) 1297 goto bad; 1298 key[len] = 0; 1299 1300 rc = ebitmap_read(&usrdatum->roles, fp); 1301 if (rc) 1302 goto bad; 1303 1304 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1305 rc = mls_read_range_helper(&usrdatum->range, fp); 1306 if (rc) 1307 goto bad; 1308 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1309 if (rc) 1310 goto bad; 1311 } 1312 1313 rc = hashtab_insert(h, key, usrdatum); 1314 if (rc) 1315 goto bad; 1316 out: 1317 return rc; 1318 bad: 1319 user_destroy(key, usrdatum, NULL); 1320 goto out; 1321 } 1322 1323 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1324 { 1325 char *key = NULL; 1326 struct level_datum *levdatum; 1327 int rc; 1328 __le32 buf[2]; 1329 u32 len; 1330 1331 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1332 if (!levdatum) { 1333 rc = -ENOMEM; 1334 goto out; 1335 } 1336 1337 rc = next_entry(buf, fp, sizeof buf); 1338 if (rc < 0) 1339 goto bad; 1340 1341 len = le32_to_cpu(buf[0]); 1342 levdatum->isalias = le32_to_cpu(buf[1]); 1343 1344 key = kmalloc(len + 1,GFP_ATOMIC); 1345 if (!key) { 1346 rc = -ENOMEM; 1347 goto bad; 1348 } 1349 rc = next_entry(key, fp, len); 1350 if (rc < 0) 1351 goto bad; 1352 key[len] = 0; 1353 1354 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1355 if (!levdatum->level) { 1356 rc = -ENOMEM; 1357 goto bad; 1358 } 1359 if (mls_read_level(levdatum->level, fp)) { 1360 rc = -EINVAL; 1361 goto bad; 1362 } 1363 1364 rc = hashtab_insert(h, key, levdatum); 1365 if (rc) 1366 goto bad; 1367 out: 1368 return rc; 1369 bad: 1370 sens_destroy(key, levdatum, NULL); 1371 goto out; 1372 } 1373 1374 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1375 { 1376 char *key = NULL; 1377 struct cat_datum *catdatum; 1378 int rc; 1379 __le32 buf[3]; 1380 u32 len; 1381 1382 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1383 if (!catdatum) { 1384 rc = -ENOMEM; 1385 goto out; 1386 } 1387 1388 rc = next_entry(buf, fp, sizeof buf); 1389 if (rc < 0) 1390 goto bad; 1391 1392 len = le32_to_cpu(buf[0]); 1393 catdatum->value = le32_to_cpu(buf[1]); 1394 catdatum->isalias = le32_to_cpu(buf[2]); 1395 1396 key = kmalloc(len + 1,GFP_ATOMIC); 1397 if (!key) { 1398 rc = -ENOMEM; 1399 goto bad; 1400 } 1401 rc = next_entry(key, fp, len); 1402 if (rc < 0) 1403 goto bad; 1404 key[len] = 0; 1405 1406 rc = hashtab_insert(h, key, catdatum); 1407 if (rc) 1408 goto bad; 1409 out: 1410 return rc; 1411 1412 bad: 1413 cat_destroy(key, catdatum, NULL); 1414 goto out; 1415 } 1416 1417 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1418 { 1419 common_read, 1420 class_read, 1421 role_read, 1422 type_read, 1423 user_read, 1424 cond_read_bool, 1425 sens_read, 1426 cat_read, 1427 }; 1428 1429 extern int ss_initialized; 1430 1431 /* 1432 * Read the configuration data from a policy database binary 1433 * representation file into a policy database structure. 1434 */ 1435 int policydb_read(struct policydb *p, void *fp) 1436 { 1437 struct role_allow *ra, *lra; 1438 struct role_trans *tr, *ltr; 1439 struct ocontext *l, *c, *newc; 1440 struct genfs *genfs_p, *genfs, *newgenfs; 1441 int i, j, rc; 1442 __le32 buf[8]; 1443 u32 len, len2, config, nprim, nel, nel2; 1444 char *policydb_str; 1445 struct policydb_compat_info *info; 1446 struct range_trans *rt, *lrt; 1447 1448 config = 0; 1449 1450 rc = policydb_init(p); 1451 if (rc) 1452 goto out; 1453 1454 /* Read the magic number and string length. */ 1455 rc = next_entry(buf, fp, sizeof(u32)* 2); 1456 if (rc < 0) 1457 goto bad; 1458 1459 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1460 printk(KERN_ERR "security: policydb magic number 0x%x does " 1461 "not match expected magic number 0x%x\n", 1462 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1463 goto bad; 1464 } 1465 1466 len = le32_to_cpu(buf[1]); 1467 if (len != strlen(POLICYDB_STRING)) { 1468 printk(KERN_ERR "security: policydb string length %d does not " 1469 "match expected length %Zu\n", 1470 len, strlen(POLICYDB_STRING)); 1471 goto bad; 1472 } 1473 policydb_str = kmalloc(len + 1,GFP_KERNEL); 1474 if (!policydb_str) { 1475 printk(KERN_ERR "security: unable to allocate memory for policydb " 1476 "string of length %d\n", len); 1477 rc = -ENOMEM; 1478 goto bad; 1479 } 1480 rc = next_entry(policydb_str, fp, len); 1481 if (rc < 0) { 1482 printk(KERN_ERR "security: truncated policydb string identifier\n"); 1483 kfree(policydb_str); 1484 goto bad; 1485 } 1486 policydb_str[len] = 0; 1487 if (strcmp(policydb_str, POLICYDB_STRING)) { 1488 printk(KERN_ERR "security: policydb string %s does not match " 1489 "my string %s\n", policydb_str, POLICYDB_STRING); 1490 kfree(policydb_str); 1491 goto bad; 1492 } 1493 /* Done with policydb_str. */ 1494 kfree(policydb_str); 1495 policydb_str = NULL; 1496 1497 /* Read the version, config, and table sizes. */ 1498 rc = next_entry(buf, fp, sizeof(u32)*4); 1499 if (rc < 0) 1500 goto bad; 1501 1502 p->policyvers = le32_to_cpu(buf[0]); 1503 if (p->policyvers < POLICYDB_VERSION_MIN || 1504 p->policyvers > POLICYDB_VERSION_MAX) { 1505 printk(KERN_ERR "security: policydb version %d does not match " 1506 "my version range %d-%d\n", 1507 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1508 goto bad; 1509 } 1510 1511 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1512 if (ss_initialized && !selinux_mls_enabled) { 1513 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1514 "policies\n"); 1515 goto bad; 1516 } 1517 selinux_mls_enabled = 1; 1518 config |= POLICYDB_CONFIG_MLS; 1519 1520 if (p->policyvers < POLICYDB_VERSION_MLS) { 1521 printk(KERN_ERR "security policydb version %d (MLS) " 1522 "not backwards compatible\n", p->policyvers); 1523 goto bad; 1524 } 1525 } else { 1526 if (ss_initialized && selinux_mls_enabled) { 1527 printk(KERN_ERR "Cannot switch between MLS and non-MLS " 1528 "policies\n"); 1529 goto bad; 1530 } 1531 } 1532 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1533 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1534 1535 info = policydb_lookup_compat(p->policyvers); 1536 if (!info) { 1537 printk(KERN_ERR "security: unable to find policy compat info " 1538 "for version %d\n", p->policyvers); 1539 goto bad; 1540 } 1541 1542 if (le32_to_cpu(buf[2]) != info->sym_num || 1543 le32_to_cpu(buf[3]) != info->ocon_num) { 1544 printk(KERN_ERR "security: policydb table sizes (%d,%d) do " 1545 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1546 le32_to_cpu(buf[3]), 1547 info->sym_num, info->ocon_num); 1548 goto bad; 1549 } 1550 1551 for (i = 0; i < info->sym_num; i++) { 1552 rc = next_entry(buf, fp, sizeof(u32)*2); 1553 if (rc < 0) 1554 goto bad; 1555 nprim = le32_to_cpu(buf[0]); 1556 nel = le32_to_cpu(buf[1]); 1557 for (j = 0; j < nel; j++) { 1558 rc = read_f[i](p, p->symtab[i].table, fp); 1559 if (rc) 1560 goto bad; 1561 } 1562 1563 p->symtab[i].nprim = nprim; 1564 } 1565 1566 rc = avtab_read(&p->te_avtab, fp, p->policyvers); 1567 if (rc) 1568 goto bad; 1569 1570 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1571 rc = cond_read_list(p, fp); 1572 if (rc) 1573 goto bad; 1574 } 1575 1576 rc = next_entry(buf, fp, sizeof(u32)); 1577 if (rc < 0) 1578 goto bad; 1579 nel = le32_to_cpu(buf[0]); 1580 ltr = NULL; 1581 for (i = 0; i < nel; i++) { 1582 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1583 if (!tr) { 1584 rc = -ENOMEM; 1585 goto bad; 1586 } 1587 if (ltr) { 1588 ltr->next = tr; 1589 } else { 1590 p->role_tr = tr; 1591 } 1592 rc = next_entry(buf, fp, sizeof(u32)*3); 1593 if (rc < 0) 1594 goto bad; 1595 tr->role = le32_to_cpu(buf[0]); 1596 tr->type = le32_to_cpu(buf[1]); 1597 tr->new_role = le32_to_cpu(buf[2]); 1598 ltr = tr; 1599 } 1600 1601 rc = next_entry(buf, fp, sizeof(u32)); 1602 if (rc < 0) 1603 goto bad; 1604 nel = le32_to_cpu(buf[0]); 1605 lra = NULL; 1606 for (i = 0; i < nel; i++) { 1607 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1608 if (!ra) { 1609 rc = -ENOMEM; 1610 goto bad; 1611 } 1612 if (lra) { 1613 lra->next = ra; 1614 } else { 1615 p->role_allow = ra; 1616 } 1617 rc = next_entry(buf, fp, sizeof(u32)*2); 1618 if (rc < 0) 1619 goto bad; 1620 ra->role = le32_to_cpu(buf[0]); 1621 ra->new_role = le32_to_cpu(buf[1]); 1622 lra = ra; 1623 } 1624 1625 rc = policydb_index_classes(p); 1626 if (rc) 1627 goto bad; 1628 1629 rc = policydb_index_others(p); 1630 if (rc) 1631 goto bad; 1632 1633 for (i = 0; i < info->ocon_num; i++) { 1634 rc = next_entry(buf, fp, sizeof(u32)); 1635 if (rc < 0) 1636 goto bad; 1637 nel = le32_to_cpu(buf[0]); 1638 l = NULL; 1639 for (j = 0; j < nel; j++) { 1640 c = kzalloc(sizeof(*c), GFP_KERNEL); 1641 if (!c) { 1642 rc = -ENOMEM; 1643 goto bad; 1644 } 1645 if (l) { 1646 l->next = c; 1647 } else { 1648 p->ocontexts[i] = c; 1649 } 1650 l = c; 1651 rc = -EINVAL; 1652 switch (i) { 1653 case OCON_ISID: 1654 rc = next_entry(buf, fp, sizeof(u32)); 1655 if (rc < 0) 1656 goto bad; 1657 c->sid[0] = le32_to_cpu(buf[0]); 1658 rc = context_read_and_validate(&c->context[0], p, fp); 1659 if (rc) 1660 goto bad; 1661 break; 1662 case OCON_FS: 1663 case OCON_NETIF: 1664 rc = next_entry(buf, fp, sizeof(u32)); 1665 if (rc < 0) 1666 goto bad; 1667 len = le32_to_cpu(buf[0]); 1668 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1669 if (!c->u.name) { 1670 rc = -ENOMEM; 1671 goto bad; 1672 } 1673 rc = next_entry(c->u.name, fp, len); 1674 if (rc < 0) 1675 goto bad; 1676 c->u.name[len] = 0; 1677 rc = context_read_and_validate(&c->context[0], p, fp); 1678 if (rc) 1679 goto bad; 1680 rc = context_read_and_validate(&c->context[1], p, fp); 1681 if (rc) 1682 goto bad; 1683 break; 1684 case OCON_PORT: 1685 rc = next_entry(buf, fp, sizeof(u32)*3); 1686 if (rc < 0) 1687 goto bad; 1688 c->u.port.protocol = le32_to_cpu(buf[0]); 1689 c->u.port.low_port = le32_to_cpu(buf[1]); 1690 c->u.port.high_port = le32_to_cpu(buf[2]); 1691 rc = context_read_and_validate(&c->context[0], p, fp); 1692 if (rc) 1693 goto bad; 1694 break; 1695 case OCON_NODE: 1696 rc = next_entry(buf, fp, sizeof(u32)* 2); 1697 if (rc < 0) 1698 goto bad; 1699 c->u.node.addr = le32_to_cpu(buf[0]); 1700 c->u.node.mask = le32_to_cpu(buf[1]); 1701 rc = context_read_and_validate(&c->context[0], p, fp); 1702 if (rc) 1703 goto bad; 1704 break; 1705 case OCON_FSUSE: 1706 rc = next_entry(buf, fp, sizeof(u32)*2); 1707 if (rc < 0) 1708 goto bad; 1709 c->v.behavior = le32_to_cpu(buf[0]); 1710 if (c->v.behavior > SECURITY_FS_USE_NONE) 1711 goto bad; 1712 len = le32_to_cpu(buf[1]); 1713 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1714 if (!c->u.name) { 1715 rc = -ENOMEM; 1716 goto bad; 1717 } 1718 rc = next_entry(c->u.name, fp, len); 1719 if (rc < 0) 1720 goto bad; 1721 c->u.name[len] = 0; 1722 rc = context_read_and_validate(&c->context[0], p, fp); 1723 if (rc) 1724 goto bad; 1725 break; 1726 case OCON_NODE6: { 1727 int k; 1728 1729 rc = next_entry(buf, fp, sizeof(u32) * 8); 1730 if (rc < 0) 1731 goto bad; 1732 for (k = 0; k < 4; k++) 1733 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1734 for (k = 0; k < 4; k++) 1735 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1736 if (context_read_and_validate(&c->context[0], p, fp)) 1737 goto bad; 1738 break; 1739 } 1740 } 1741 } 1742 } 1743 1744 rc = next_entry(buf, fp, sizeof(u32)); 1745 if (rc < 0) 1746 goto bad; 1747 nel = le32_to_cpu(buf[0]); 1748 genfs_p = NULL; 1749 rc = -EINVAL; 1750 for (i = 0; i < nel; i++) { 1751 rc = next_entry(buf, fp, sizeof(u32)); 1752 if (rc < 0) 1753 goto bad; 1754 len = le32_to_cpu(buf[0]); 1755 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1756 if (!newgenfs) { 1757 rc = -ENOMEM; 1758 goto bad; 1759 } 1760 1761 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1762 if (!newgenfs->fstype) { 1763 rc = -ENOMEM; 1764 kfree(newgenfs); 1765 goto bad; 1766 } 1767 rc = next_entry(newgenfs->fstype, fp, len); 1768 if (rc < 0) { 1769 kfree(newgenfs->fstype); 1770 kfree(newgenfs); 1771 goto bad; 1772 } 1773 newgenfs->fstype[len] = 0; 1774 for (genfs_p = NULL, genfs = p->genfs; genfs; 1775 genfs_p = genfs, genfs = genfs->next) { 1776 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1777 printk(KERN_ERR "security: dup genfs " 1778 "fstype %s\n", newgenfs->fstype); 1779 kfree(newgenfs->fstype); 1780 kfree(newgenfs); 1781 goto bad; 1782 } 1783 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1784 break; 1785 } 1786 newgenfs->next = genfs; 1787 if (genfs_p) 1788 genfs_p->next = newgenfs; 1789 else 1790 p->genfs = newgenfs; 1791 rc = next_entry(buf, fp, sizeof(u32)); 1792 if (rc < 0) 1793 goto bad; 1794 nel2 = le32_to_cpu(buf[0]); 1795 for (j = 0; j < nel2; j++) { 1796 rc = next_entry(buf, fp, sizeof(u32)); 1797 if (rc < 0) 1798 goto bad; 1799 len = le32_to_cpu(buf[0]); 1800 1801 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1802 if (!newc) { 1803 rc = -ENOMEM; 1804 goto bad; 1805 } 1806 1807 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1808 if (!newc->u.name) { 1809 rc = -ENOMEM; 1810 goto bad_newc; 1811 } 1812 rc = next_entry(newc->u.name, fp, len); 1813 if (rc < 0) 1814 goto bad_newc; 1815 newc->u.name[len] = 0; 1816 rc = next_entry(buf, fp, sizeof(u32)); 1817 if (rc < 0) 1818 goto bad_newc; 1819 newc->v.sclass = le32_to_cpu(buf[0]); 1820 if (context_read_and_validate(&newc->context[0], p, fp)) 1821 goto bad_newc; 1822 for (l = NULL, c = newgenfs->head; c; 1823 l = c, c = c->next) { 1824 if (!strcmp(newc->u.name, c->u.name) && 1825 (!c->v.sclass || !newc->v.sclass || 1826 newc->v.sclass == c->v.sclass)) { 1827 printk(KERN_ERR "security: dup genfs " 1828 "entry (%s,%s)\n", 1829 newgenfs->fstype, c->u.name); 1830 goto bad_newc; 1831 } 1832 len = strlen(newc->u.name); 1833 len2 = strlen(c->u.name); 1834 if (len > len2) 1835 break; 1836 } 1837 1838 newc->next = c; 1839 if (l) 1840 l->next = newc; 1841 else 1842 newgenfs->head = newc; 1843 } 1844 } 1845 1846 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1847 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1848 rc = next_entry(buf, fp, sizeof(u32)); 1849 if (rc < 0) 1850 goto bad; 1851 nel = le32_to_cpu(buf[0]); 1852 lrt = NULL; 1853 for (i = 0; i < nel; i++) { 1854 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1855 if (!rt) { 1856 rc = -ENOMEM; 1857 goto bad; 1858 } 1859 if (lrt) 1860 lrt->next = rt; 1861 else 1862 p->range_tr = rt; 1863 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1864 if (rc < 0) 1865 goto bad; 1866 rt->source_type = le32_to_cpu(buf[0]); 1867 rt->target_type = le32_to_cpu(buf[1]); 1868 if (new_rangetr) { 1869 rc = next_entry(buf, fp, sizeof(u32)); 1870 if (rc < 0) 1871 goto bad; 1872 rt->target_class = le32_to_cpu(buf[0]); 1873 } else 1874 rt->target_class = SECCLASS_PROCESS; 1875 rc = mls_read_range_helper(&rt->target_range, fp); 1876 if (rc) 1877 goto bad; 1878 lrt = rt; 1879 } 1880 } 1881 1882 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1883 if (!p->type_attr_map) 1884 goto bad; 1885 1886 for (i = 0; i < p->p_types.nprim; i++) { 1887 ebitmap_init(&p->type_attr_map[i]); 1888 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1889 if (ebitmap_read(&p->type_attr_map[i], fp)) 1890 goto bad; 1891 } 1892 /* add the type itself as the degenerate case */ 1893 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1894 goto bad; 1895 } 1896 1897 rc = 0; 1898 out: 1899 return rc; 1900 bad_newc: 1901 ocontext_destroy(newc,OCON_FSUSE); 1902 bad: 1903 if (!rc) 1904 rc = -EINVAL; 1905 policydb_destroy(p); 1906 goto out; 1907 } 1908