1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 struct policydb_compat_info { 58 int version; 59 int sym_num; 60 int ocon_num; 61 }; 62 63 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 64 static struct policydb_compat_info policydb_compat[] = { 65 { 66 .version = POLICYDB_VERSION_BASE, 67 .sym_num = SYM_NUM - 3, 68 .ocon_num = OCON_NUM - 3, 69 }, 70 { 71 .version = POLICYDB_VERSION_BOOL, 72 .sym_num = SYM_NUM - 2, 73 .ocon_num = OCON_NUM - 3, 74 }, 75 { 76 .version = POLICYDB_VERSION_IPV6, 77 .sym_num = SYM_NUM - 2, 78 .ocon_num = OCON_NUM - 2, 79 }, 80 { 81 .version = POLICYDB_VERSION_NLCLASS, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 2, 84 }, 85 { 86 .version = POLICYDB_VERSION_MLS, 87 .sym_num = SYM_NUM, 88 .ocon_num = OCON_NUM - 2, 89 }, 90 { 91 .version = POLICYDB_VERSION_AVTAB, 92 .sym_num = SYM_NUM, 93 .ocon_num = OCON_NUM - 2, 94 }, 95 { 96 .version = POLICYDB_VERSION_RANGETRANS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM - 2, 99 }, 100 { 101 .version = POLICYDB_VERSION_POLCAP, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM - 2, 104 }, 105 { 106 .version = POLICYDB_VERSION_PERMISSIVE, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM - 2, 109 }, 110 { 111 .version = POLICYDB_VERSION_BOUNDARY, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM - 2, 114 }, 115 { 116 .version = POLICYDB_VERSION_FILENAME_TRANS, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM - 2, 119 }, 120 { 121 .version = POLICYDB_VERSION_ROLETRANS, 122 .sym_num = SYM_NUM, 123 .ocon_num = OCON_NUM - 2, 124 }, 125 { 126 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 127 .sym_num = SYM_NUM, 128 .ocon_num = OCON_NUM - 2, 129 }, 130 { 131 .version = POLICYDB_VERSION_DEFAULT_TYPE, 132 .sym_num = SYM_NUM, 133 .ocon_num = OCON_NUM - 2, 134 }, 135 { 136 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 137 .sym_num = SYM_NUM, 138 .ocon_num = OCON_NUM - 2, 139 }, 140 { 141 .version = POLICYDB_VERSION_XPERMS_IOCTL, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NUM - 2, 144 }, 145 { 146 .version = POLICYDB_VERSION_INFINIBAND, 147 .sym_num = SYM_NUM, 148 .ocon_num = OCON_NUM, 149 }, 150 { 151 .version = POLICYDB_VERSION_GLBLUB, 152 .sym_num = SYM_NUM, 153 .ocon_num = OCON_NUM, 154 }, 155 { 156 .version = POLICYDB_VERSION_COMP_FTRANS, 157 .sym_num = SYM_NUM, 158 .ocon_num = OCON_NUM, 159 }, 160 }; 161 162 static struct policydb_compat_info *policydb_lookup_compat(int version) 163 { 164 int i; 165 struct policydb_compat_info *info = NULL; 166 167 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 168 if (policydb_compat[i].version == version) { 169 info = &policydb_compat[i]; 170 break; 171 } 172 } 173 return info; 174 } 175 176 /* 177 * The following *_destroy functions are used to 178 * free any memory allocated for each kind of 179 * symbol data in the policy database. 180 */ 181 182 static int perm_destroy(void *key, void *datum, void *p) 183 { 184 kfree(key); 185 kfree(datum); 186 return 0; 187 } 188 189 static int common_destroy(void *key, void *datum, void *p) 190 { 191 struct common_datum *comdatum; 192 193 kfree(key); 194 if (datum) { 195 comdatum = datum; 196 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 197 hashtab_destroy(&comdatum->permissions.table); 198 } 199 kfree(datum); 200 return 0; 201 } 202 203 static void constraint_expr_destroy(struct constraint_expr *expr) 204 { 205 if (expr) { 206 ebitmap_destroy(&expr->names); 207 if (expr->type_names) { 208 ebitmap_destroy(&expr->type_names->types); 209 ebitmap_destroy(&expr->type_names->negset); 210 kfree(expr->type_names); 211 } 212 kfree(expr); 213 } 214 } 215 216 static int cls_destroy(void *key, void *datum, void *p) 217 { 218 struct class_datum *cladatum; 219 struct constraint_node *constraint, *ctemp; 220 struct constraint_expr *e, *etmp; 221 222 kfree(key); 223 if (datum) { 224 cladatum = datum; 225 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 226 hashtab_destroy(&cladatum->permissions.table); 227 constraint = cladatum->constraints; 228 while (constraint) { 229 e = constraint->expr; 230 while (e) { 231 etmp = e; 232 e = e->next; 233 constraint_expr_destroy(etmp); 234 } 235 ctemp = constraint; 236 constraint = constraint->next; 237 kfree(ctemp); 238 } 239 240 constraint = cladatum->validatetrans; 241 while (constraint) { 242 e = constraint->expr; 243 while (e) { 244 etmp = e; 245 e = e->next; 246 constraint_expr_destroy(etmp); 247 } 248 ctemp = constraint; 249 constraint = constraint->next; 250 kfree(ctemp); 251 } 252 kfree(cladatum->comkey); 253 } 254 kfree(datum); 255 return 0; 256 } 257 258 static int role_destroy(void *key, void *datum, void *p) 259 { 260 struct role_datum *role; 261 262 kfree(key); 263 if (datum) { 264 role = datum; 265 ebitmap_destroy(&role->dominates); 266 ebitmap_destroy(&role->types); 267 } 268 kfree(datum); 269 return 0; 270 } 271 272 static int type_destroy(void *key, void *datum, void *p) 273 { 274 kfree(key); 275 kfree(datum); 276 return 0; 277 } 278 279 static int user_destroy(void *key, void *datum, void *p) 280 { 281 struct user_datum *usrdatum; 282 283 kfree(key); 284 if (datum) { 285 usrdatum = datum; 286 ebitmap_destroy(&usrdatum->roles); 287 ebitmap_destroy(&usrdatum->range.level[0].cat); 288 ebitmap_destroy(&usrdatum->range.level[1].cat); 289 ebitmap_destroy(&usrdatum->dfltlevel.cat); 290 } 291 kfree(datum); 292 return 0; 293 } 294 295 static int sens_destroy(void *key, void *datum, void *p) 296 { 297 struct level_datum *levdatum; 298 299 kfree(key); 300 if (datum) { 301 levdatum = datum; 302 if (levdatum->level) 303 ebitmap_destroy(&levdatum->level->cat); 304 kfree(levdatum->level); 305 } 306 kfree(datum); 307 return 0; 308 } 309 310 static int cat_destroy(void *key, void *datum, void *p) 311 { 312 kfree(key); 313 kfree(datum); 314 return 0; 315 } 316 317 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 318 { 319 common_destroy, 320 cls_destroy, 321 role_destroy, 322 type_destroy, 323 user_destroy, 324 cond_destroy_bool, 325 sens_destroy, 326 cat_destroy, 327 }; 328 329 static int filenametr_destroy(void *key, void *datum, void *p) 330 { 331 struct filename_trans_key *ft = key; 332 struct filename_trans_datum *next, *d = datum; 333 334 kfree(ft->name); 335 kfree(key); 336 do { 337 ebitmap_destroy(&d->stypes); 338 next = d->next; 339 kfree(d); 340 d = next; 341 } while (unlikely(d)); 342 cond_resched(); 343 return 0; 344 } 345 346 static int range_tr_destroy(void *key, void *datum, void *p) 347 { 348 struct mls_range *rt = datum; 349 350 kfree(key); 351 ebitmap_destroy(&rt->level[0].cat); 352 ebitmap_destroy(&rt->level[1].cat); 353 kfree(datum); 354 cond_resched(); 355 return 0; 356 } 357 358 static int role_tr_destroy(void *key, void *datum, void *p) 359 { 360 kfree(key); 361 kfree(datum); 362 return 0; 363 } 364 365 static void ocontext_destroy(struct ocontext *c, int i) 366 { 367 if (!c) 368 return; 369 370 context_destroy(&c->context[0]); 371 context_destroy(&c->context[1]); 372 if (i == OCON_ISID || i == OCON_FS || 373 i == OCON_NETIF || i == OCON_FSUSE) 374 kfree(c->u.name); 375 kfree(c); 376 } 377 378 /* 379 * Initialize the role table. 380 */ 381 static int roles_init(struct policydb *p) 382 { 383 char *key = NULL; 384 int rc; 385 struct role_datum *role; 386 387 role = kzalloc(sizeof(*role), GFP_KERNEL); 388 if (!role) 389 return -ENOMEM; 390 391 rc = -EINVAL; 392 role->value = ++p->p_roles.nprim; 393 if (role->value != OBJECT_R_VAL) 394 goto out; 395 396 rc = -ENOMEM; 397 key = kstrdup(OBJECT_R, GFP_KERNEL); 398 if (!key) 399 goto out; 400 401 rc = symtab_insert(&p->p_roles, key, role); 402 if (rc) 403 goto out; 404 405 return 0; 406 out: 407 kfree(key); 408 kfree(role); 409 return rc; 410 } 411 412 static u32 filenametr_hash(const void *k) 413 { 414 const struct filename_trans_key *ft = k; 415 unsigned long hash; 416 unsigned int byte_num; 417 unsigned char focus; 418 419 hash = ft->ttype ^ ft->tclass; 420 421 byte_num = 0; 422 while ((focus = ft->name[byte_num++])) 423 hash = partial_name_hash(focus, hash); 424 return hash; 425 } 426 427 static int filenametr_cmp(const void *k1, const void *k2) 428 { 429 const struct filename_trans_key *ft1 = k1; 430 const struct filename_trans_key *ft2 = k2; 431 int v; 432 433 v = ft1->ttype - ft2->ttype; 434 if (v) 435 return v; 436 437 v = ft1->tclass - ft2->tclass; 438 if (v) 439 return v; 440 441 return strcmp(ft1->name, ft2->name); 442 443 } 444 445 static const struct hashtab_key_params filenametr_key_params = { 446 .hash = filenametr_hash, 447 .cmp = filenametr_cmp, 448 }; 449 450 struct filename_trans_datum *policydb_filenametr_search( 451 struct policydb *p, struct filename_trans_key *key) 452 { 453 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 454 } 455 456 static u32 rangetr_hash(const void *k) 457 { 458 const struct range_trans *key = k; 459 460 return key->source_type + (key->target_type << 3) + 461 (key->target_class << 5); 462 } 463 464 static int rangetr_cmp(const void *k1, const void *k2) 465 { 466 const struct range_trans *key1 = k1, *key2 = k2; 467 int v; 468 469 v = key1->source_type - key2->source_type; 470 if (v) 471 return v; 472 473 v = key1->target_type - key2->target_type; 474 if (v) 475 return v; 476 477 v = key1->target_class - key2->target_class; 478 479 return v; 480 } 481 482 static const struct hashtab_key_params rangetr_key_params = { 483 .hash = rangetr_hash, 484 .cmp = rangetr_cmp, 485 }; 486 487 struct mls_range *policydb_rangetr_search(struct policydb *p, 488 struct range_trans *key) 489 { 490 return hashtab_search(&p->range_tr, key, rangetr_key_params); 491 } 492 493 static u32 role_trans_hash(const void *k) 494 { 495 const struct role_trans_key *key = k; 496 497 return key->role + (key->type << 3) + (key->tclass << 5); 498 } 499 500 static int role_trans_cmp(const void *k1, const void *k2) 501 { 502 const struct role_trans_key *key1 = k1, *key2 = k2; 503 int v; 504 505 v = key1->role - key2->role; 506 if (v) 507 return v; 508 509 v = key1->type - key2->type; 510 if (v) 511 return v; 512 513 return key1->tclass - key2->tclass; 514 } 515 516 static const struct hashtab_key_params roletr_key_params = { 517 .hash = role_trans_hash, 518 .cmp = role_trans_cmp, 519 }; 520 521 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 522 struct role_trans_key *key) 523 { 524 return hashtab_search(&p->role_tr, key, roletr_key_params); 525 } 526 527 /* 528 * Initialize a policy database structure. 529 */ 530 static void policydb_init(struct policydb *p) 531 { 532 memset(p, 0, sizeof(*p)); 533 534 avtab_init(&p->te_avtab); 535 cond_policydb_init(p); 536 537 ebitmap_init(&p->filename_trans_ttypes); 538 ebitmap_init(&p->policycaps); 539 ebitmap_init(&p->permissive_map); 540 } 541 542 /* 543 * The following *_index functions are used to 544 * define the val_to_name and val_to_struct arrays 545 * in a policy database structure. The val_to_name 546 * arrays are used when converting security context 547 * structures into string representations. The 548 * val_to_struct arrays are used when the attributes 549 * of a class, role, or user are needed. 550 */ 551 552 static int common_index(void *key, void *datum, void *datap) 553 { 554 struct policydb *p; 555 struct common_datum *comdatum; 556 557 comdatum = datum; 558 p = datap; 559 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 560 return -EINVAL; 561 562 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 563 564 return 0; 565 } 566 567 static int class_index(void *key, void *datum, void *datap) 568 { 569 struct policydb *p; 570 struct class_datum *cladatum; 571 572 cladatum = datum; 573 p = datap; 574 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 575 return -EINVAL; 576 577 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 578 p->class_val_to_struct[cladatum->value - 1] = cladatum; 579 return 0; 580 } 581 582 static int role_index(void *key, void *datum, void *datap) 583 { 584 struct policydb *p; 585 struct role_datum *role; 586 587 role = datum; 588 p = datap; 589 if (!role->value 590 || role->value > p->p_roles.nprim 591 || role->bounds > p->p_roles.nprim) 592 return -EINVAL; 593 594 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 595 p->role_val_to_struct[role->value - 1] = role; 596 return 0; 597 } 598 599 static int type_index(void *key, void *datum, void *datap) 600 { 601 struct policydb *p; 602 struct type_datum *typdatum; 603 604 typdatum = datum; 605 p = datap; 606 607 if (typdatum->primary) { 608 if (!typdatum->value 609 || typdatum->value > p->p_types.nprim 610 || typdatum->bounds > p->p_types.nprim) 611 return -EINVAL; 612 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 613 p->type_val_to_struct[typdatum->value - 1] = typdatum; 614 } 615 616 return 0; 617 } 618 619 static int user_index(void *key, void *datum, void *datap) 620 { 621 struct policydb *p; 622 struct user_datum *usrdatum; 623 624 usrdatum = datum; 625 p = datap; 626 if (!usrdatum->value 627 || usrdatum->value > p->p_users.nprim 628 || usrdatum->bounds > p->p_users.nprim) 629 return -EINVAL; 630 631 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 632 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 633 return 0; 634 } 635 636 static int sens_index(void *key, void *datum, void *datap) 637 { 638 struct policydb *p; 639 struct level_datum *levdatum; 640 641 levdatum = datum; 642 p = datap; 643 644 if (!levdatum->isalias) { 645 if (!levdatum->level->sens || 646 levdatum->level->sens > p->p_levels.nprim) 647 return -EINVAL; 648 649 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 650 } 651 652 return 0; 653 } 654 655 static int cat_index(void *key, void *datum, void *datap) 656 { 657 struct policydb *p; 658 struct cat_datum *catdatum; 659 660 catdatum = datum; 661 p = datap; 662 663 if (!catdatum->isalias) { 664 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 665 return -EINVAL; 666 667 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 668 } 669 670 return 0; 671 } 672 673 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 674 { 675 common_index, 676 class_index, 677 role_index, 678 type_index, 679 user_index, 680 cond_index_bool, 681 sens_index, 682 cat_index, 683 }; 684 685 #ifdef DEBUG_HASHES 686 static void hash_eval(struct hashtab *h, const char *hash_name) 687 { 688 struct hashtab_info info; 689 690 hashtab_stat(h, &info); 691 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 692 hash_name, h->nel, info.slots_used, h->size, 693 info.max_chain_len); 694 } 695 696 static void symtab_hash_eval(struct symtab *s) 697 { 698 int i; 699 700 for (i = 0; i < SYM_NUM; i++) 701 hash_eval(&s[i].table, symtab_name[i]); 702 } 703 704 #else 705 static inline void hash_eval(struct hashtab *h, const char *hash_name) 706 { 707 } 708 #endif 709 710 /* 711 * Define the other val_to_name and val_to_struct arrays 712 * in a policy database structure. 713 * 714 * Caller must clean up on failure. 715 */ 716 static int policydb_index(struct policydb *p) 717 { 718 int i, rc; 719 720 if (p->mls_enabled) 721 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 722 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 723 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 724 else 725 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 726 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 727 p->p_bools.nprim); 728 729 pr_debug("SELinux: %d classes, %d rules\n", 730 p->p_classes.nprim, p->te_avtab.nel); 731 732 #ifdef DEBUG_HASHES 733 avtab_hash_eval(&p->te_avtab, "rules"); 734 symtab_hash_eval(p->symtab); 735 #endif 736 737 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 738 sizeof(*p->class_val_to_struct), 739 GFP_KERNEL); 740 if (!p->class_val_to_struct) 741 return -ENOMEM; 742 743 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 744 sizeof(*p->role_val_to_struct), 745 GFP_KERNEL); 746 if (!p->role_val_to_struct) 747 return -ENOMEM; 748 749 p->user_val_to_struct = kcalloc(p->p_users.nprim, 750 sizeof(*p->user_val_to_struct), 751 GFP_KERNEL); 752 if (!p->user_val_to_struct) 753 return -ENOMEM; 754 755 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 756 sizeof(*p->type_val_to_struct), 757 GFP_KERNEL); 758 if (!p->type_val_to_struct) 759 return -ENOMEM; 760 761 rc = cond_init_bool_indexes(p); 762 if (rc) 763 goto out; 764 765 for (i = 0; i < SYM_NUM; i++) { 766 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 767 sizeof(char *), 768 GFP_KERNEL); 769 if (!p->sym_val_to_name[i]) 770 return -ENOMEM; 771 772 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 773 if (rc) 774 goto out; 775 } 776 rc = 0; 777 out: 778 return rc; 779 } 780 781 /* 782 * Free any memory allocated by a policy database structure. 783 */ 784 void policydb_destroy(struct policydb *p) 785 { 786 struct ocontext *c, *ctmp; 787 struct genfs *g, *gtmp; 788 int i; 789 struct role_allow *ra, *lra = NULL; 790 791 for (i = 0; i < SYM_NUM; i++) { 792 cond_resched(); 793 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 794 hashtab_destroy(&p->symtab[i].table); 795 } 796 797 for (i = 0; i < SYM_NUM; i++) 798 kvfree(p->sym_val_to_name[i]); 799 800 kfree(p->class_val_to_struct); 801 kfree(p->role_val_to_struct); 802 kfree(p->user_val_to_struct); 803 kvfree(p->type_val_to_struct); 804 805 avtab_destroy(&p->te_avtab); 806 807 for (i = 0; i < OCON_NUM; i++) { 808 cond_resched(); 809 c = p->ocontexts[i]; 810 while (c) { 811 ctmp = c; 812 c = c->next; 813 ocontext_destroy(ctmp, i); 814 } 815 p->ocontexts[i] = NULL; 816 } 817 818 g = p->genfs; 819 while (g) { 820 cond_resched(); 821 kfree(g->fstype); 822 c = g->head; 823 while (c) { 824 ctmp = c; 825 c = c->next; 826 ocontext_destroy(ctmp, OCON_FSUSE); 827 } 828 gtmp = g; 829 g = g->next; 830 kfree(gtmp); 831 } 832 p->genfs = NULL; 833 834 cond_policydb_destroy(p); 835 836 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 837 hashtab_destroy(&p->role_tr); 838 839 for (ra = p->role_allow; ra; ra = ra->next) { 840 cond_resched(); 841 kfree(lra); 842 lra = ra; 843 } 844 kfree(lra); 845 846 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 847 hashtab_destroy(&p->filename_trans); 848 849 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 850 hashtab_destroy(&p->range_tr); 851 852 if (p->type_attr_map_array) { 853 for (i = 0; i < p->p_types.nprim; i++) 854 ebitmap_destroy(&p->type_attr_map_array[i]); 855 kvfree(p->type_attr_map_array); 856 } 857 858 ebitmap_destroy(&p->filename_trans_ttypes); 859 ebitmap_destroy(&p->policycaps); 860 ebitmap_destroy(&p->permissive_map); 861 } 862 863 /* 864 * Load the initial SIDs specified in a policy database 865 * structure into a SID table. 866 */ 867 int policydb_load_isids(struct policydb *p, struct sidtab *s) 868 { 869 struct ocontext *head, *c; 870 int rc; 871 872 rc = sidtab_init(s); 873 if (rc) { 874 pr_err("SELinux: out of memory on SID table init\n"); 875 return rc; 876 } 877 878 head = p->ocontexts[OCON_ISID]; 879 for (c = head; c; c = c->next) { 880 u32 sid = c->sid[0]; 881 const char *name = security_get_initial_sid_context(sid); 882 883 if (sid == SECSID_NULL) { 884 pr_err("SELinux: SID 0 was assigned a context.\n"); 885 sidtab_destroy(s); 886 return -EINVAL; 887 } 888 889 /* Ignore initial SIDs unused by this kernel. */ 890 if (!name) 891 continue; 892 893 rc = sidtab_set_initial(s, sid, &c->context[0]); 894 if (rc) { 895 pr_err("SELinux: unable to load initial SID %s.\n", 896 name); 897 sidtab_destroy(s); 898 return rc; 899 } 900 } 901 return 0; 902 } 903 904 int policydb_class_isvalid(struct policydb *p, unsigned int class) 905 { 906 if (!class || class > p->p_classes.nprim) 907 return 0; 908 return 1; 909 } 910 911 int policydb_role_isvalid(struct policydb *p, unsigned int role) 912 { 913 if (!role || role > p->p_roles.nprim) 914 return 0; 915 return 1; 916 } 917 918 int policydb_type_isvalid(struct policydb *p, unsigned int type) 919 { 920 if (!type || type > p->p_types.nprim) 921 return 0; 922 return 1; 923 } 924 925 /* 926 * Return 1 if the fields in the security context 927 * structure `c' are valid. Return 0 otherwise. 928 */ 929 int policydb_context_isvalid(struct policydb *p, struct context *c) 930 { 931 struct role_datum *role; 932 struct user_datum *usrdatum; 933 934 if (!c->role || c->role > p->p_roles.nprim) 935 return 0; 936 937 if (!c->user || c->user > p->p_users.nprim) 938 return 0; 939 940 if (!c->type || c->type > p->p_types.nprim) 941 return 0; 942 943 if (c->role != OBJECT_R_VAL) { 944 /* 945 * Role must be authorized for the type. 946 */ 947 role = p->role_val_to_struct[c->role - 1]; 948 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 949 /* role may not be associated with type */ 950 return 0; 951 952 /* 953 * User must be authorized for the role. 954 */ 955 usrdatum = p->user_val_to_struct[c->user - 1]; 956 if (!usrdatum) 957 return 0; 958 959 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 960 /* user may not be associated with role */ 961 return 0; 962 } 963 964 if (!mls_context_isvalid(p, c)) 965 return 0; 966 967 return 1; 968 } 969 970 /* 971 * Read a MLS range structure from a policydb binary 972 * representation file. 973 */ 974 static int mls_read_range_helper(struct mls_range *r, void *fp) 975 { 976 __le32 buf[2]; 977 u32 items; 978 int rc; 979 980 rc = next_entry(buf, fp, sizeof(u32)); 981 if (rc) 982 goto out; 983 984 rc = -EINVAL; 985 items = le32_to_cpu(buf[0]); 986 if (items > ARRAY_SIZE(buf)) { 987 pr_err("SELinux: mls: range overflow\n"); 988 goto out; 989 } 990 991 rc = next_entry(buf, fp, sizeof(u32) * items); 992 if (rc) { 993 pr_err("SELinux: mls: truncated range\n"); 994 goto out; 995 } 996 997 r->level[0].sens = le32_to_cpu(buf[0]); 998 if (items > 1) 999 r->level[1].sens = le32_to_cpu(buf[1]); 1000 else 1001 r->level[1].sens = r->level[0].sens; 1002 1003 rc = ebitmap_read(&r->level[0].cat, fp); 1004 if (rc) { 1005 pr_err("SELinux: mls: error reading low categories\n"); 1006 goto out; 1007 } 1008 if (items > 1) { 1009 rc = ebitmap_read(&r->level[1].cat, fp); 1010 if (rc) { 1011 pr_err("SELinux: mls: error reading high categories\n"); 1012 goto bad_high; 1013 } 1014 } else { 1015 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1016 if (rc) { 1017 pr_err("SELinux: mls: out of memory\n"); 1018 goto bad_high; 1019 } 1020 } 1021 1022 return 0; 1023 bad_high: 1024 ebitmap_destroy(&r->level[0].cat); 1025 out: 1026 return rc; 1027 } 1028 1029 /* 1030 * Read and validate a security context structure 1031 * from a policydb binary representation file. 1032 */ 1033 static int context_read_and_validate(struct context *c, 1034 struct policydb *p, 1035 void *fp) 1036 { 1037 __le32 buf[3]; 1038 int rc; 1039 1040 rc = next_entry(buf, fp, sizeof buf); 1041 if (rc) { 1042 pr_err("SELinux: context truncated\n"); 1043 goto out; 1044 } 1045 c->user = le32_to_cpu(buf[0]); 1046 c->role = le32_to_cpu(buf[1]); 1047 c->type = le32_to_cpu(buf[2]); 1048 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1049 rc = mls_read_range_helper(&c->range, fp); 1050 if (rc) { 1051 pr_err("SELinux: error reading MLS range of context\n"); 1052 goto out; 1053 } 1054 } 1055 1056 rc = -EINVAL; 1057 if (!policydb_context_isvalid(p, c)) { 1058 pr_err("SELinux: invalid security context\n"); 1059 context_destroy(c); 1060 goto out; 1061 } 1062 rc = 0; 1063 out: 1064 return rc; 1065 } 1066 1067 /* 1068 * The following *_read functions are used to 1069 * read the symbol data from a policy database 1070 * binary representation file. 1071 */ 1072 1073 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1074 { 1075 int rc; 1076 char *str; 1077 1078 if ((len == 0) || (len == (u32)-1)) 1079 return -EINVAL; 1080 1081 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1082 if (!str) 1083 return -ENOMEM; 1084 1085 rc = next_entry(str, fp, len); 1086 if (rc) { 1087 kfree(str); 1088 return rc; 1089 } 1090 1091 str[len] = '\0'; 1092 *strp = str; 1093 return 0; 1094 } 1095 1096 static int perm_read(struct policydb *p, struct symtab *s, void *fp) 1097 { 1098 char *key = NULL; 1099 struct perm_datum *perdatum; 1100 int rc; 1101 __le32 buf[2]; 1102 u32 len; 1103 1104 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1105 if (!perdatum) 1106 return -ENOMEM; 1107 1108 rc = next_entry(buf, fp, sizeof buf); 1109 if (rc) 1110 goto bad; 1111 1112 len = le32_to_cpu(buf[0]); 1113 perdatum->value = le32_to_cpu(buf[1]); 1114 1115 rc = str_read(&key, GFP_KERNEL, fp, len); 1116 if (rc) 1117 goto bad; 1118 1119 rc = symtab_insert(s, key, perdatum); 1120 if (rc) 1121 goto bad; 1122 1123 return 0; 1124 bad: 1125 perm_destroy(key, perdatum, NULL); 1126 return rc; 1127 } 1128 1129 static int common_read(struct policydb *p, struct symtab *s, void *fp) 1130 { 1131 char *key = NULL; 1132 struct common_datum *comdatum; 1133 __le32 buf[4]; 1134 u32 len, nel; 1135 int i, rc; 1136 1137 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1138 if (!comdatum) 1139 return -ENOMEM; 1140 1141 rc = next_entry(buf, fp, sizeof buf); 1142 if (rc) 1143 goto bad; 1144 1145 len = le32_to_cpu(buf[0]); 1146 comdatum->value = le32_to_cpu(buf[1]); 1147 nel = le32_to_cpu(buf[3]); 1148 1149 rc = symtab_init(&comdatum->permissions, nel); 1150 if (rc) 1151 goto bad; 1152 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1153 1154 rc = str_read(&key, GFP_KERNEL, fp, len); 1155 if (rc) 1156 goto bad; 1157 1158 for (i = 0; i < nel; i++) { 1159 rc = perm_read(p, &comdatum->permissions, fp); 1160 if (rc) 1161 goto bad; 1162 } 1163 1164 rc = symtab_insert(s, key, comdatum); 1165 if (rc) 1166 goto bad; 1167 return 0; 1168 bad: 1169 common_destroy(key, comdatum, NULL); 1170 return rc; 1171 } 1172 1173 static void type_set_init(struct type_set *t) 1174 { 1175 ebitmap_init(&t->types); 1176 ebitmap_init(&t->negset); 1177 } 1178 1179 static int type_set_read(struct type_set *t, void *fp) 1180 { 1181 __le32 buf[1]; 1182 int rc; 1183 1184 if (ebitmap_read(&t->types, fp)) 1185 return -EINVAL; 1186 if (ebitmap_read(&t->negset, fp)) 1187 return -EINVAL; 1188 1189 rc = next_entry(buf, fp, sizeof(u32)); 1190 if (rc < 0) 1191 return -EINVAL; 1192 t->flags = le32_to_cpu(buf[0]); 1193 1194 return 0; 1195 } 1196 1197 1198 static int read_cons_helper(struct policydb *p, 1199 struct constraint_node **nodep, 1200 int ncons, int allowxtarget, void *fp) 1201 { 1202 struct constraint_node *c, *lc; 1203 struct constraint_expr *e, *le; 1204 __le32 buf[3]; 1205 u32 nexpr; 1206 int rc, i, j, depth; 1207 1208 lc = NULL; 1209 for (i = 0; i < ncons; i++) { 1210 c = kzalloc(sizeof(*c), GFP_KERNEL); 1211 if (!c) 1212 return -ENOMEM; 1213 1214 if (lc) 1215 lc->next = c; 1216 else 1217 *nodep = c; 1218 1219 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1220 if (rc) 1221 return rc; 1222 c->permissions = le32_to_cpu(buf[0]); 1223 nexpr = le32_to_cpu(buf[1]); 1224 le = NULL; 1225 depth = -1; 1226 for (j = 0; j < nexpr; j++) { 1227 e = kzalloc(sizeof(*e), GFP_KERNEL); 1228 if (!e) 1229 return -ENOMEM; 1230 1231 if (le) 1232 le->next = e; 1233 else 1234 c->expr = e; 1235 1236 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1237 if (rc) 1238 return rc; 1239 e->expr_type = le32_to_cpu(buf[0]); 1240 e->attr = le32_to_cpu(buf[1]); 1241 e->op = le32_to_cpu(buf[2]); 1242 1243 switch (e->expr_type) { 1244 case CEXPR_NOT: 1245 if (depth < 0) 1246 return -EINVAL; 1247 break; 1248 case CEXPR_AND: 1249 case CEXPR_OR: 1250 if (depth < 1) 1251 return -EINVAL; 1252 depth--; 1253 break; 1254 case CEXPR_ATTR: 1255 if (depth == (CEXPR_MAXDEPTH - 1)) 1256 return -EINVAL; 1257 depth++; 1258 break; 1259 case CEXPR_NAMES: 1260 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1261 return -EINVAL; 1262 if (depth == (CEXPR_MAXDEPTH - 1)) 1263 return -EINVAL; 1264 depth++; 1265 rc = ebitmap_read(&e->names, fp); 1266 if (rc) 1267 return rc; 1268 if (p->policyvers >= 1269 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1270 e->type_names = kzalloc(sizeof 1271 (*e->type_names), GFP_KERNEL); 1272 if (!e->type_names) 1273 return -ENOMEM; 1274 type_set_init(e->type_names); 1275 rc = type_set_read(e->type_names, fp); 1276 if (rc) 1277 return rc; 1278 } 1279 break; 1280 default: 1281 return -EINVAL; 1282 } 1283 le = e; 1284 } 1285 if (depth != 0) 1286 return -EINVAL; 1287 lc = c; 1288 } 1289 1290 return 0; 1291 } 1292 1293 static int class_read(struct policydb *p, struct symtab *s, void *fp) 1294 { 1295 char *key = NULL; 1296 struct class_datum *cladatum; 1297 __le32 buf[6]; 1298 u32 len, len2, ncons, nel; 1299 int i, rc; 1300 1301 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1302 if (!cladatum) 1303 return -ENOMEM; 1304 1305 rc = next_entry(buf, fp, sizeof(u32)*6); 1306 if (rc) 1307 goto bad; 1308 1309 len = le32_to_cpu(buf[0]); 1310 len2 = le32_to_cpu(buf[1]); 1311 cladatum->value = le32_to_cpu(buf[2]); 1312 nel = le32_to_cpu(buf[4]); 1313 1314 rc = symtab_init(&cladatum->permissions, nel); 1315 if (rc) 1316 goto bad; 1317 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1318 1319 ncons = le32_to_cpu(buf[5]); 1320 1321 rc = str_read(&key, GFP_KERNEL, fp, len); 1322 if (rc) 1323 goto bad; 1324 1325 if (len2) { 1326 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1327 if (rc) 1328 goto bad; 1329 1330 rc = -EINVAL; 1331 cladatum->comdatum = symtab_search(&p->p_commons, 1332 cladatum->comkey); 1333 if (!cladatum->comdatum) { 1334 pr_err("SELinux: unknown common %s\n", 1335 cladatum->comkey); 1336 goto bad; 1337 } 1338 } 1339 for (i = 0; i < nel; i++) { 1340 rc = perm_read(p, &cladatum->permissions, fp); 1341 if (rc) 1342 goto bad; 1343 } 1344 1345 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1346 if (rc) 1347 goto bad; 1348 1349 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1350 /* grab the validatetrans rules */ 1351 rc = next_entry(buf, fp, sizeof(u32)); 1352 if (rc) 1353 goto bad; 1354 ncons = le32_to_cpu(buf[0]); 1355 rc = read_cons_helper(p, &cladatum->validatetrans, 1356 ncons, 1, fp); 1357 if (rc) 1358 goto bad; 1359 } 1360 1361 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1362 rc = next_entry(buf, fp, sizeof(u32) * 3); 1363 if (rc) 1364 goto bad; 1365 1366 cladatum->default_user = le32_to_cpu(buf[0]); 1367 cladatum->default_role = le32_to_cpu(buf[1]); 1368 cladatum->default_range = le32_to_cpu(buf[2]); 1369 } 1370 1371 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1372 rc = next_entry(buf, fp, sizeof(u32) * 1); 1373 if (rc) 1374 goto bad; 1375 cladatum->default_type = le32_to_cpu(buf[0]); 1376 } 1377 1378 rc = symtab_insert(s, key, cladatum); 1379 if (rc) 1380 goto bad; 1381 1382 return 0; 1383 bad: 1384 cls_destroy(key, cladatum, NULL); 1385 return rc; 1386 } 1387 1388 static int role_read(struct policydb *p, struct symtab *s, void *fp) 1389 { 1390 char *key = NULL; 1391 struct role_datum *role; 1392 int rc, to_read = 2; 1393 __le32 buf[3]; 1394 u32 len; 1395 1396 role = kzalloc(sizeof(*role), GFP_KERNEL); 1397 if (!role) 1398 return -ENOMEM; 1399 1400 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1401 to_read = 3; 1402 1403 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1404 if (rc) 1405 goto bad; 1406 1407 len = le32_to_cpu(buf[0]); 1408 role->value = le32_to_cpu(buf[1]); 1409 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1410 role->bounds = le32_to_cpu(buf[2]); 1411 1412 rc = str_read(&key, GFP_KERNEL, fp, len); 1413 if (rc) 1414 goto bad; 1415 1416 rc = ebitmap_read(&role->dominates, fp); 1417 if (rc) 1418 goto bad; 1419 1420 rc = ebitmap_read(&role->types, fp); 1421 if (rc) 1422 goto bad; 1423 1424 if (strcmp(key, OBJECT_R) == 0) { 1425 rc = -EINVAL; 1426 if (role->value != OBJECT_R_VAL) { 1427 pr_err("SELinux: Role %s has wrong value %d\n", 1428 OBJECT_R, role->value); 1429 goto bad; 1430 } 1431 rc = 0; 1432 goto bad; 1433 } 1434 1435 rc = symtab_insert(s, key, role); 1436 if (rc) 1437 goto bad; 1438 return 0; 1439 bad: 1440 role_destroy(key, role, NULL); 1441 return rc; 1442 } 1443 1444 static int type_read(struct policydb *p, struct symtab *s, void *fp) 1445 { 1446 char *key = NULL; 1447 struct type_datum *typdatum; 1448 int rc, to_read = 3; 1449 __le32 buf[4]; 1450 u32 len; 1451 1452 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1453 if (!typdatum) 1454 return -ENOMEM; 1455 1456 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1457 to_read = 4; 1458 1459 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1460 if (rc) 1461 goto bad; 1462 1463 len = le32_to_cpu(buf[0]); 1464 typdatum->value = le32_to_cpu(buf[1]); 1465 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1466 u32 prop = le32_to_cpu(buf[2]); 1467 1468 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1469 typdatum->primary = 1; 1470 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1471 typdatum->attribute = 1; 1472 1473 typdatum->bounds = le32_to_cpu(buf[3]); 1474 } else { 1475 typdatum->primary = le32_to_cpu(buf[2]); 1476 } 1477 1478 rc = str_read(&key, GFP_KERNEL, fp, len); 1479 if (rc) 1480 goto bad; 1481 1482 rc = symtab_insert(s, key, typdatum); 1483 if (rc) 1484 goto bad; 1485 return 0; 1486 bad: 1487 type_destroy(key, typdatum, NULL); 1488 return rc; 1489 } 1490 1491 1492 /* 1493 * Read a MLS level structure from a policydb binary 1494 * representation file. 1495 */ 1496 static int mls_read_level(struct mls_level *lp, void *fp) 1497 { 1498 __le32 buf[1]; 1499 int rc; 1500 1501 memset(lp, 0, sizeof(*lp)); 1502 1503 rc = next_entry(buf, fp, sizeof buf); 1504 if (rc) { 1505 pr_err("SELinux: mls: truncated level\n"); 1506 return rc; 1507 } 1508 lp->sens = le32_to_cpu(buf[0]); 1509 1510 rc = ebitmap_read(&lp->cat, fp); 1511 if (rc) { 1512 pr_err("SELinux: mls: error reading level categories\n"); 1513 return rc; 1514 } 1515 return 0; 1516 } 1517 1518 static int user_read(struct policydb *p, struct symtab *s, void *fp) 1519 { 1520 char *key = NULL; 1521 struct user_datum *usrdatum; 1522 int rc, to_read = 2; 1523 __le32 buf[3]; 1524 u32 len; 1525 1526 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1527 if (!usrdatum) 1528 return -ENOMEM; 1529 1530 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1531 to_read = 3; 1532 1533 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1534 if (rc) 1535 goto bad; 1536 1537 len = le32_to_cpu(buf[0]); 1538 usrdatum->value = le32_to_cpu(buf[1]); 1539 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1540 usrdatum->bounds = le32_to_cpu(buf[2]); 1541 1542 rc = str_read(&key, GFP_KERNEL, fp, len); 1543 if (rc) 1544 goto bad; 1545 1546 rc = ebitmap_read(&usrdatum->roles, fp); 1547 if (rc) 1548 goto bad; 1549 1550 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1551 rc = mls_read_range_helper(&usrdatum->range, fp); 1552 if (rc) 1553 goto bad; 1554 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1555 if (rc) 1556 goto bad; 1557 } 1558 1559 rc = symtab_insert(s, key, usrdatum); 1560 if (rc) 1561 goto bad; 1562 return 0; 1563 bad: 1564 user_destroy(key, usrdatum, NULL); 1565 return rc; 1566 } 1567 1568 static int sens_read(struct policydb *p, struct symtab *s, void *fp) 1569 { 1570 char *key = NULL; 1571 struct level_datum *levdatum; 1572 int rc; 1573 __le32 buf[2]; 1574 u32 len; 1575 1576 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1577 if (!levdatum) 1578 return -ENOMEM; 1579 1580 rc = next_entry(buf, fp, sizeof buf); 1581 if (rc) 1582 goto bad; 1583 1584 len = le32_to_cpu(buf[0]); 1585 levdatum->isalias = le32_to_cpu(buf[1]); 1586 1587 rc = str_read(&key, GFP_ATOMIC, fp, len); 1588 if (rc) 1589 goto bad; 1590 1591 rc = -ENOMEM; 1592 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1593 if (!levdatum->level) 1594 goto bad; 1595 1596 rc = mls_read_level(levdatum->level, fp); 1597 if (rc) 1598 goto bad; 1599 1600 rc = symtab_insert(s, key, levdatum); 1601 if (rc) 1602 goto bad; 1603 return 0; 1604 bad: 1605 sens_destroy(key, levdatum, NULL); 1606 return rc; 1607 } 1608 1609 static int cat_read(struct policydb *p, struct symtab *s, void *fp) 1610 { 1611 char *key = NULL; 1612 struct cat_datum *catdatum; 1613 int rc; 1614 __le32 buf[3]; 1615 u32 len; 1616 1617 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1618 if (!catdatum) 1619 return -ENOMEM; 1620 1621 rc = next_entry(buf, fp, sizeof buf); 1622 if (rc) 1623 goto bad; 1624 1625 len = le32_to_cpu(buf[0]); 1626 catdatum->value = le32_to_cpu(buf[1]); 1627 catdatum->isalias = le32_to_cpu(buf[2]); 1628 1629 rc = str_read(&key, GFP_ATOMIC, fp, len); 1630 if (rc) 1631 goto bad; 1632 1633 rc = symtab_insert(s, key, catdatum); 1634 if (rc) 1635 goto bad; 1636 return 0; 1637 bad: 1638 cat_destroy(key, catdatum, NULL); 1639 return rc; 1640 } 1641 1642 static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) = 1643 { 1644 common_read, 1645 class_read, 1646 role_read, 1647 type_read, 1648 user_read, 1649 cond_read_bool, 1650 sens_read, 1651 cat_read, 1652 }; 1653 1654 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1655 { 1656 struct user_datum *upper, *user; 1657 struct policydb *p = datap; 1658 int depth = 0; 1659 1660 upper = user = datum; 1661 while (upper->bounds) { 1662 struct ebitmap_node *node; 1663 unsigned long bit; 1664 1665 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1666 pr_err("SELinux: user %s: " 1667 "too deep or looped boundary", 1668 (char *) key); 1669 return -EINVAL; 1670 } 1671 1672 upper = p->user_val_to_struct[upper->bounds - 1]; 1673 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1674 if (ebitmap_get_bit(&upper->roles, bit)) 1675 continue; 1676 1677 pr_err("SELinux: boundary violated policy: " 1678 "user=%s role=%s bounds=%s\n", 1679 sym_name(p, SYM_USERS, user->value - 1), 1680 sym_name(p, SYM_ROLES, bit), 1681 sym_name(p, SYM_USERS, upper->value - 1)); 1682 1683 return -EINVAL; 1684 } 1685 } 1686 1687 return 0; 1688 } 1689 1690 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1691 { 1692 struct role_datum *upper, *role; 1693 struct policydb *p = datap; 1694 int depth = 0; 1695 1696 upper = role = datum; 1697 while (upper->bounds) { 1698 struct ebitmap_node *node; 1699 unsigned long bit; 1700 1701 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1702 pr_err("SELinux: role %s: " 1703 "too deep or looped bounds\n", 1704 (char *) key); 1705 return -EINVAL; 1706 } 1707 1708 upper = p->role_val_to_struct[upper->bounds - 1]; 1709 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1710 if (ebitmap_get_bit(&upper->types, bit)) 1711 continue; 1712 1713 pr_err("SELinux: boundary violated policy: " 1714 "role=%s type=%s bounds=%s\n", 1715 sym_name(p, SYM_ROLES, role->value - 1), 1716 sym_name(p, SYM_TYPES, bit), 1717 sym_name(p, SYM_ROLES, upper->value - 1)); 1718 1719 return -EINVAL; 1720 } 1721 } 1722 1723 return 0; 1724 } 1725 1726 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1727 { 1728 struct type_datum *upper; 1729 struct policydb *p = datap; 1730 int depth = 0; 1731 1732 upper = datum; 1733 while (upper->bounds) { 1734 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1735 pr_err("SELinux: type %s: " 1736 "too deep or looped boundary\n", 1737 (char *) key); 1738 return -EINVAL; 1739 } 1740 1741 upper = p->type_val_to_struct[upper->bounds - 1]; 1742 BUG_ON(!upper); 1743 1744 if (upper->attribute) { 1745 pr_err("SELinux: type %s: " 1746 "bounded by attribute %s", 1747 (char *) key, 1748 sym_name(p, SYM_TYPES, upper->value - 1)); 1749 return -EINVAL; 1750 } 1751 } 1752 1753 return 0; 1754 } 1755 1756 static int policydb_bounds_sanity_check(struct policydb *p) 1757 { 1758 int rc; 1759 1760 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1761 return 0; 1762 1763 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1764 if (rc) 1765 return rc; 1766 1767 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1768 if (rc) 1769 return rc; 1770 1771 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1772 if (rc) 1773 return rc; 1774 1775 return 0; 1776 } 1777 1778 u16 string_to_security_class(struct policydb *p, const char *name) 1779 { 1780 struct class_datum *cladatum; 1781 1782 cladatum = symtab_search(&p->p_classes, name); 1783 if (!cladatum) 1784 return 0; 1785 1786 return cladatum->value; 1787 } 1788 1789 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1790 { 1791 struct class_datum *cladatum; 1792 struct perm_datum *perdatum = NULL; 1793 struct common_datum *comdatum; 1794 1795 if (!tclass || tclass > p->p_classes.nprim) 1796 return 0; 1797 1798 cladatum = p->class_val_to_struct[tclass-1]; 1799 comdatum = cladatum->comdatum; 1800 if (comdatum) 1801 perdatum = symtab_search(&comdatum->permissions, name); 1802 if (!perdatum) 1803 perdatum = symtab_search(&cladatum->permissions, name); 1804 if (!perdatum) 1805 return 0; 1806 1807 return 1U << (perdatum->value-1); 1808 } 1809 1810 static int range_read(struct policydb *p, void *fp) 1811 { 1812 struct range_trans *rt = NULL; 1813 struct mls_range *r = NULL; 1814 int i, rc; 1815 __le32 buf[2]; 1816 u32 nel; 1817 1818 if (p->policyvers < POLICYDB_VERSION_MLS) 1819 return 0; 1820 1821 rc = next_entry(buf, fp, sizeof(u32)); 1822 if (rc) 1823 return rc; 1824 1825 nel = le32_to_cpu(buf[0]); 1826 1827 rc = hashtab_init(&p->range_tr, nel); 1828 if (rc) 1829 return rc; 1830 1831 for (i = 0; i < nel; i++) { 1832 rc = -ENOMEM; 1833 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1834 if (!rt) 1835 goto out; 1836 1837 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1838 if (rc) 1839 goto out; 1840 1841 rt->source_type = le32_to_cpu(buf[0]); 1842 rt->target_type = le32_to_cpu(buf[1]); 1843 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1844 rc = next_entry(buf, fp, sizeof(u32)); 1845 if (rc) 1846 goto out; 1847 rt->target_class = le32_to_cpu(buf[0]); 1848 } else 1849 rt->target_class = p->process_class; 1850 1851 rc = -EINVAL; 1852 if (!policydb_type_isvalid(p, rt->source_type) || 1853 !policydb_type_isvalid(p, rt->target_type) || 1854 !policydb_class_isvalid(p, rt->target_class)) 1855 goto out; 1856 1857 rc = -ENOMEM; 1858 r = kzalloc(sizeof(*r), GFP_KERNEL); 1859 if (!r) 1860 goto out; 1861 1862 rc = mls_read_range_helper(r, fp); 1863 if (rc) 1864 goto out; 1865 1866 rc = -EINVAL; 1867 if (!mls_range_isvalid(p, r)) { 1868 pr_warn("SELinux: rangetrans: invalid range\n"); 1869 goto out; 1870 } 1871 1872 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1873 if (rc) 1874 goto out; 1875 1876 rt = NULL; 1877 r = NULL; 1878 } 1879 hash_eval(&p->range_tr, "rangetr"); 1880 rc = 0; 1881 out: 1882 kfree(rt); 1883 kfree(r); 1884 return rc; 1885 } 1886 1887 static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1888 { 1889 struct filename_trans_key key, *ft = NULL; 1890 struct filename_trans_datum *last, *datum = NULL; 1891 char *name = NULL; 1892 u32 len, stype, otype; 1893 __le32 buf[4]; 1894 int rc; 1895 1896 /* length of the path component string */ 1897 rc = next_entry(buf, fp, sizeof(u32)); 1898 if (rc) 1899 return rc; 1900 len = le32_to_cpu(buf[0]); 1901 1902 /* path component string */ 1903 rc = str_read(&name, GFP_KERNEL, fp, len); 1904 if (rc) 1905 return rc; 1906 1907 rc = next_entry(buf, fp, sizeof(u32) * 4); 1908 if (rc) 1909 goto out; 1910 1911 stype = le32_to_cpu(buf[0]); 1912 key.ttype = le32_to_cpu(buf[1]); 1913 key.tclass = le32_to_cpu(buf[2]); 1914 key.name = name; 1915 1916 otype = le32_to_cpu(buf[3]); 1917 1918 last = NULL; 1919 datum = policydb_filenametr_search(p, &key); 1920 while (datum) { 1921 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1922 /* conflicting/duplicate rules are ignored */ 1923 datum = NULL; 1924 goto out; 1925 } 1926 if (likely(datum->otype == otype)) 1927 break; 1928 last = datum; 1929 datum = datum->next; 1930 } 1931 if (!datum) { 1932 rc = -ENOMEM; 1933 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1934 if (!datum) 1935 goto out; 1936 1937 ebitmap_init(&datum->stypes); 1938 datum->otype = otype; 1939 datum->next = NULL; 1940 1941 if (unlikely(last)) { 1942 last->next = datum; 1943 } else { 1944 rc = -ENOMEM; 1945 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1946 if (!ft) 1947 goto out; 1948 1949 rc = hashtab_insert(&p->filename_trans, ft, datum, 1950 filenametr_key_params); 1951 if (rc) 1952 goto out; 1953 name = NULL; 1954 1955 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1956 key.ttype, 1); 1957 if (rc) 1958 return rc; 1959 } 1960 } 1961 kfree(name); 1962 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1963 1964 out: 1965 kfree(ft); 1966 kfree(name); 1967 kfree(datum); 1968 return rc; 1969 } 1970 1971 static int filename_trans_read_helper(struct policydb *p, void *fp) 1972 { 1973 struct filename_trans_key *ft = NULL; 1974 struct filename_trans_datum **dst, *datum, *first = NULL; 1975 char *name = NULL; 1976 u32 len, ttype, tclass, ndatum, i; 1977 __le32 buf[3]; 1978 int rc; 1979 1980 /* length of the path component string */ 1981 rc = next_entry(buf, fp, sizeof(u32)); 1982 if (rc) 1983 return rc; 1984 len = le32_to_cpu(buf[0]); 1985 1986 /* path component string */ 1987 rc = str_read(&name, GFP_KERNEL, fp, len); 1988 if (rc) 1989 return rc; 1990 1991 rc = next_entry(buf, fp, sizeof(u32) * 3); 1992 if (rc) 1993 goto out; 1994 1995 ttype = le32_to_cpu(buf[0]); 1996 tclass = le32_to_cpu(buf[1]); 1997 1998 ndatum = le32_to_cpu(buf[2]); 1999 if (ndatum == 0) { 2000 pr_err("SELinux: Filename transition key with no datum\n"); 2001 rc = -ENOENT; 2002 goto out; 2003 } 2004 2005 dst = &first; 2006 for (i = 0; i < ndatum; i++) { 2007 rc = -ENOMEM; 2008 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2009 if (!datum) 2010 goto out; 2011 2012 *dst = datum; 2013 2014 /* ebitmap_read() will at least init the bitmap */ 2015 rc = ebitmap_read(&datum->stypes, fp); 2016 if (rc) 2017 goto out; 2018 2019 rc = next_entry(buf, fp, sizeof(u32)); 2020 if (rc) 2021 goto out; 2022 2023 datum->otype = le32_to_cpu(buf[0]); 2024 datum->next = NULL; 2025 2026 dst = &datum->next; 2027 } 2028 2029 rc = -ENOMEM; 2030 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2031 if (!ft) 2032 goto out; 2033 2034 ft->ttype = ttype; 2035 ft->tclass = tclass; 2036 ft->name = name; 2037 2038 rc = hashtab_insert(&p->filename_trans, ft, first, 2039 filenametr_key_params); 2040 if (rc == -EEXIST) 2041 pr_err("SELinux: Duplicate filename transition key\n"); 2042 if (rc) 2043 goto out; 2044 2045 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2046 2047 out: 2048 kfree(ft); 2049 kfree(name); 2050 while (first) { 2051 datum = first; 2052 first = first->next; 2053 2054 ebitmap_destroy(&datum->stypes); 2055 kfree(datum); 2056 } 2057 return rc; 2058 } 2059 2060 static int filename_trans_read(struct policydb *p, void *fp) 2061 { 2062 u32 nel; 2063 __le32 buf[1]; 2064 int rc, i; 2065 2066 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2067 return 0; 2068 2069 rc = next_entry(buf, fp, sizeof(u32)); 2070 if (rc) 2071 return rc; 2072 nel = le32_to_cpu(buf[0]); 2073 2074 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2075 p->compat_filename_trans_count = nel; 2076 2077 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2078 if (rc) 2079 return rc; 2080 2081 for (i = 0; i < nel; i++) { 2082 rc = filename_trans_read_helper_compat(p, fp); 2083 if (rc) 2084 return rc; 2085 } 2086 } else { 2087 rc = hashtab_init(&p->filename_trans, nel); 2088 if (rc) 2089 return rc; 2090 2091 for (i = 0; i < nel; i++) { 2092 rc = filename_trans_read_helper(p, fp); 2093 if (rc) 2094 return rc; 2095 } 2096 } 2097 hash_eval(&p->filename_trans, "filenametr"); 2098 return 0; 2099 } 2100 2101 static int genfs_read(struct policydb *p, void *fp) 2102 { 2103 int i, j, rc; 2104 u32 nel, nel2, len, len2; 2105 __le32 buf[1]; 2106 struct ocontext *l, *c; 2107 struct ocontext *newc = NULL; 2108 struct genfs *genfs_p, *genfs; 2109 struct genfs *newgenfs = NULL; 2110 2111 rc = next_entry(buf, fp, sizeof(u32)); 2112 if (rc) 2113 return rc; 2114 nel = le32_to_cpu(buf[0]); 2115 2116 for (i = 0; i < nel; i++) { 2117 rc = next_entry(buf, fp, sizeof(u32)); 2118 if (rc) 2119 goto out; 2120 len = le32_to_cpu(buf[0]); 2121 2122 rc = -ENOMEM; 2123 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2124 if (!newgenfs) 2125 goto out; 2126 2127 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2128 if (rc) 2129 goto out; 2130 2131 for (genfs_p = NULL, genfs = p->genfs; genfs; 2132 genfs_p = genfs, genfs = genfs->next) { 2133 rc = -EINVAL; 2134 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2135 pr_err("SELinux: dup genfs fstype %s\n", 2136 newgenfs->fstype); 2137 goto out; 2138 } 2139 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2140 break; 2141 } 2142 newgenfs->next = genfs; 2143 if (genfs_p) 2144 genfs_p->next = newgenfs; 2145 else 2146 p->genfs = newgenfs; 2147 genfs = newgenfs; 2148 newgenfs = NULL; 2149 2150 rc = next_entry(buf, fp, sizeof(u32)); 2151 if (rc) 2152 goto out; 2153 2154 nel2 = le32_to_cpu(buf[0]); 2155 for (j = 0; j < nel2; j++) { 2156 rc = next_entry(buf, fp, sizeof(u32)); 2157 if (rc) 2158 goto out; 2159 len = le32_to_cpu(buf[0]); 2160 2161 rc = -ENOMEM; 2162 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2163 if (!newc) 2164 goto out; 2165 2166 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2167 if (rc) 2168 goto out; 2169 2170 rc = next_entry(buf, fp, sizeof(u32)); 2171 if (rc) 2172 goto out; 2173 2174 newc->v.sclass = le32_to_cpu(buf[0]); 2175 rc = context_read_and_validate(&newc->context[0], p, fp); 2176 if (rc) 2177 goto out; 2178 2179 for (l = NULL, c = genfs->head; c; 2180 l = c, c = c->next) { 2181 rc = -EINVAL; 2182 if (!strcmp(newc->u.name, c->u.name) && 2183 (!c->v.sclass || !newc->v.sclass || 2184 newc->v.sclass == c->v.sclass)) { 2185 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2186 genfs->fstype, c->u.name); 2187 goto out; 2188 } 2189 len = strlen(newc->u.name); 2190 len2 = strlen(c->u.name); 2191 if (len > len2) 2192 break; 2193 } 2194 2195 newc->next = c; 2196 if (l) 2197 l->next = newc; 2198 else 2199 genfs->head = newc; 2200 newc = NULL; 2201 } 2202 } 2203 rc = 0; 2204 out: 2205 if (newgenfs) { 2206 kfree(newgenfs->fstype); 2207 kfree(newgenfs); 2208 } 2209 ocontext_destroy(newc, OCON_FSUSE); 2210 2211 return rc; 2212 } 2213 2214 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2215 void *fp) 2216 { 2217 int i, j, rc; 2218 u32 nel, len; 2219 __be64 prefixbuf[1]; 2220 __le32 buf[3]; 2221 struct ocontext *l, *c; 2222 u32 nodebuf[8]; 2223 2224 for (i = 0; i < info->ocon_num; i++) { 2225 rc = next_entry(buf, fp, sizeof(u32)); 2226 if (rc) 2227 goto out; 2228 nel = le32_to_cpu(buf[0]); 2229 2230 l = NULL; 2231 for (j = 0; j < nel; j++) { 2232 rc = -ENOMEM; 2233 c = kzalloc(sizeof(*c), GFP_KERNEL); 2234 if (!c) 2235 goto out; 2236 if (l) 2237 l->next = c; 2238 else 2239 p->ocontexts[i] = c; 2240 l = c; 2241 2242 switch (i) { 2243 case OCON_ISID: 2244 rc = next_entry(buf, fp, sizeof(u32)); 2245 if (rc) 2246 goto out; 2247 2248 c->sid[0] = le32_to_cpu(buf[0]); 2249 rc = context_read_and_validate(&c->context[0], p, fp); 2250 if (rc) 2251 goto out; 2252 break; 2253 case OCON_FS: 2254 case OCON_NETIF: 2255 rc = next_entry(buf, fp, sizeof(u32)); 2256 if (rc) 2257 goto out; 2258 len = le32_to_cpu(buf[0]); 2259 2260 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2261 if (rc) 2262 goto out; 2263 2264 rc = context_read_and_validate(&c->context[0], p, fp); 2265 if (rc) 2266 goto out; 2267 rc = context_read_and_validate(&c->context[1], p, fp); 2268 if (rc) 2269 goto out; 2270 break; 2271 case OCON_PORT: 2272 rc = next_entry(buf, fp, sizeof(u32)*3); 2273 if (rc) 2274 goto out; 2275 c->u.port.protocol = le32_to_cpu(buf[0]); 2276 c->u.port.low_port = le32_to_cpu(buf[1]); 2277 c->u.port.high_port = le32_to_cpu(buf[2]); 2278 rc = context_read_and_validate(&c->context[0], p, fp); 2279 if (rc) 2280 goto out; 2281 break; 2282 case OCON_NODE: 2283 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2284 if (rc) 2285 goto out; 2286 c->u.node.addr = nodebuf[0]; /* network order */ 2287 c->u.node.mask = nodebuf[1]; /* network order */ 2288 rc = context_read_and_validate(&c->context[0], p, fp); 2289 if (rc) 2290 goto out; 2291 break; 2292 case OCON_FSUSE: 2293 rc = next_entry(buf, fp, sizeof(u32)*2); 2294 if (rc) 2295 goto out; 2296 2297 rc = -EINVAL; 2298 c->v.behavior = le32_to_cpu(buf[0]); 2299 /* Determined at runtime, not in policy DB. */ 2300 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2301 goto out; 2302 if (c->v.behavior > SECURITY_FS_USE_MAX) 2303 goto out; 2304 2305 len = le32_to_cpu(buf[1]); 2306 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2307 if (rc) 2308 goto out; 2309 2310 rc = context_read_and_validate(&c->context[0], p, fp); 2311 if (rc) 2312 goto out; 2313 break; 2314 case OCON_NODE6: { 2315 int k; 2316 2317 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2318 if (rc) 2319 goto out; 2320 for (k = 0; k < 4; k++) 2321 c->u.node6.addr[k] = nodebuf[k]; 2322 for (k = 0; k < 4; k++) 2323 c->u.node6.mask[k] = nodebuf[k+4]; 2324 rc = context_read_and_validate(&c->context[0], p, fp); 2325 if (rc) 2326 goto out; 2327 break; 2328 } 2329 case OCON_IBPKEY: { 2330 u32 pkey_lo, pkey_hi; 2331 2332 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2333 if (rc) 2334 goto out; 2335 2336 /* we need to have subnet_prefix in CPU order */ 2337 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2338 2339 rc = next_entry(buf, fp, sizeof(u32) * 2); 2340 if (rc) 2341 goto out; 2342 2343 pkey_lo = le32_to_cpu(buf[0]); 2344 pkey_hi = le32_to_cpu(buf[1]); 2345 2346 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2347 rc = -EINVAL; 2348 goto out; 2349 } 2350 2351 c->u.ibpkey.low_pkey = pkey_lo; 2352 c->u.ibpkey.high_pkey = pkey_hi; 2353 2354 rc = context_read_and_validate(&c->context[0], 2355 p, 2356 fp); 2357 if (rc) 2358 goto out; 2359 break; 2360 } 2361 case OCON_IBENDPORT: { 2362 u32 port; 2363 2364 rc = next_entry(buf, fp, sizeof(u32) * 2); 2365 if (rc) 2366 goto out; 2367 len = le32_to_cpu(buf[0]); 2368 2369 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2370 if (rc) 2371 goto out; 2372 2373 port = le32_to_cpu(buf[1]); 2374 if (port > U8_MAX || port == 0) { 2375 rc = -EINVAL; 2376 goto out; 2377 } 2378 2379 c->u.ibendport.port = port; 2380 2381 rc = context_read_and_validate(&c->context[0], 2382 p, 2383 fp); 2384 if (rc) 2385 goto out; 2386 break; 2387 } /* end case */ 2388 } /* end switch */ 2389 } 2390 } 2391 rc = 0; 2392 out: 2393 return rc; 2394 } 2395 2396 /* 2397 * Read the configuration data from a policy database binary 2398 * representation file into a policy database structure. 2399 */ 2400 int policydb_read(struct policydb *p, void *fp) 2401 { 2402 struct role_allow *ra, *lra; 2403 struct role_trans_key *rtk = NULL; 2404 struct role_trans_datum *rtd = NULL; 2405 int i, j, rc; 2406 __le32 buf[4]; 2407 u32 len, nprim, nel, perm; 2408 2409 char *policydb_str; 2410 struct policydb_compat_info *info; 2411 2412 policydb_init(p); 2413 2414 /* Read the magic number and string length. */ 2415 rc = next_entry(buf, fp, sizeof(u32) * 2); 2416 if (rc) 2417 goto bad; 2418 2419 rc = -EINVAL; 2420 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2421 pr_err("SELinux: policydb magic number 0x%x does " 2422 "not match expected magic number 0x%x\n", 2423 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2424 goto bad; 2425 } 2426 2427 rc = -EINVAL; 2428 len = le32_to_cpu(buf[1]); 2429 if (len != strlen(POLICYDB_STRING)) { 2430 pr_err("SELinux: policydb string length %d does not " 2431 "match expected length %zu\n", 2432 len, strlen(POLICYDB_STRING)); 2433 goto bad; 2434 } 2435 2436 rc = -ENOMEM; 2437 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2438 if (!policydb_str) { 2439 pr_err("SELinux: unable to allocate memory for policydb " 2440 "string of length %d\n", len); 2441 goto bad; 2442 } 2443 2444 rc = next_entry(policydb_str, fp, len); 2445 if (rc) { 2446 pr_err("SELinux: truncated policydb string identifier\n"); 2447 kfree(policydb_str); 2448 goto bad; 2449 } 2450 2451 rc = -EINVAL; 2452 policydb_str[len] = '\0'; 2453 if (strcmp(policydb_str, POLICYDB_STRING)) { 2454 pr_err("SELinux: policydb string %s does not match " 2455 "my string %s\n", policydb_str, POLICYDB_STRING); 2456 kfree(policydb_str); 2457 goto bad; 2458 } 2459 /* Done with policydb_str. */ 2460 kfree(policydb_str); 2461 policydb_str = NULL; 2462 2463 /* Read the version and table sizes. */ 2464 rc = next_entry(buf, fp, sizeof(u32)*4); 2465 if (rc) 2466 goto bad; 2467 2468 rc = -EINVAL; 2469 p->policyvers = le32_to_cpu(buf[0]); 2470 if (p->policyvers < POLICYDB_VERSION_MIN || 2471 p->policyvers > POLICYDB_VERSION_MAX) { 2472 pr_err("SELinux: policydb version %d does not match " 2473 "my version range %d-%d\n", 2474 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2475 goto bad; 2476 } 2477 2478 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2479 p->mls_enabled = 1; 2480 2481 rc = -EINVAL; 2482 if (p->policyvers < POLICYDB_VERSION_MLS) { 2483 pr_err("SELinux: security policydb version %d " 2484 "(MLS) not backwards compatible\n", 2485 p->policyvers); 2486 goto bad; 2487 } 2488 } 2489 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2490 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2491 2492 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2493 rc = ebitmap_read(&p->policycaps, fp); 2494 if (rc) 2495 goto bad; 2496 } 2497 2498 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2499 rc = ebitmap_read(&p->permissive_map, fp); 2500 if (rc) 2501 goto bad; 2502 } 2503 2504 rc = -EINVAL; 2505 info = policydb_lookup_compat(p->policyvers); 2506 if (!info) { 2507 pr_err("SELinux: unable to find policy compat info " 2508 "for version %d\n", p->policyvers); 2509 goto bad; 2510 } 2511 2512 rc = -EINVAL; 2513 if (le32_to_cpu(buf[2]) != info->sym_num || 2514 le32_to_cpu(buf[3]) != info->ocon_num) { 2515 pr_err("SELinux: policydb table sizes (%d,%d) do " 2516 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2517 le32_to_cpu(buf[3]), 2518 info->sym_num, info->ocon_num); 2519 goto bad; 2520 } 2521 2522 for (i = 0; i < info->sym_num; i++) { 2523 rc = next_entry(buf, fp, sizeof(u32)*2); 2524 if (rc) 2525 goto bad; 2526 nprim = le32_to_cpu(buf[0]); 2527 nel = le32_to_cpu(buf[1]); 2528 2529 rc = symtab_init(&p->symtab[i], nel); 2530 if (rc) 2531 goto out; 2532 2533 if (i == SYM_ROLES) { 2534 rc = roles_init(p); 2535 if (rc) 2536 goto out; 2537 } 2538 2539 for (j = 0; j < nel; j++) { 2540 rc = read_f[i](p, &p->symtab[i], fp); 2541 if (rc) 2542 goto bad; 2543 } 2544 2545 p->symtab[i].nprim = nprim; 2546 } 2547 2548 rc = -EINVAL; 2549 p->process_class = string_to_security_class(p, "process"); 2550 if (!p->process_class) { 2551 pr_err("SELinux: process class is required, not defined in policy\n"); 2552 goto bad; 2553 } 2554 2555 rc = avtab_read(&p->te_avtab, fp, p); 2556 if (rc) 2557 goto bad; 2558 2559 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2560 rc = cond_read_list(p, fp); 2561 if (rc) 2562 goto bad; 2563 } 2564 2565 rc = next_entry(buf, fp, sizeof(u32)); 2566 if (rc) 2567 goto bad; 2568 nel = le32_to_cpu(buf[0]); 2569 2570 rc = hashtab_init(&p->role_tr, nel); 2571 if (rc) 2572 goto bad; 2573 for (i = 0; i < nel; i++) { 2574 rc = -ENOMEM; 2575 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2576 if (!rtk) 2577 goto bad; 2578 2579 rc = -ENOMEM; 2580 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2581 if (!rtd) 2582 goto bad; 2583 2584 rc = next_entry(buf, fp, sizeof(u32)*3); 2585 if (rc) 2586 goto bad; 2587 2588 rtk->role = le32_to_cpu(buf[0]); 2589 rtk->type = le32_to_cpu(buf[1]); 2590 rtd->new_role = le32_to_cpu(buf[2]); 2591 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2592 rc = next_entry(buf, fp, sizeof(u32)); 2593 if (rc) 2594 goto bad; 2595 rtk->tclass = le32_to_cpu(buf[0]); 2596 } else 2597 rtk->tclass = p->process_class; 2598 2599 rc = -EINVAL; 2600 if (!policydb_role_isvalid(p, rtk->role) || 2601 !policydb_type_isvalid(p, rtk->type) || 2602 !policydb_class_isvalid(p, rtk->tclass) || 2603 !policydb_role_isvalid(p, rtd->new_role)) 2604 goto bad; 2605 2606 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2607 if (rc) 2608 goto bad; 2609 2610 rtk = NULL; 2611 rtd = NULL; 2612 } 2613 2614 rc = next_entry(buf, fp, sizeof(u32)); 2615 if (rc) 2616 goto bad; 2617 nel = le32_to_cpu(buf[0]); 2618 lra = NULL; 2619 for (i = 0; i < nel; i++) { 2620 rc = -ENOMEM; 2621 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2622 if (!ra) 2623 goto bad; 2624 if (lra) 2625 lra->next = ra; 2626 else 2627 p->role_allow = ra; 2628 rc = next_entry(buf, fp, sizeof(u32)*2); 2629 if (rc) 2630 goto bad; 2631 2632 rc = -EINVAL; 2633 ra->role = le32_to_cpu(buf[0]); 2634 ra->new_role = le32_to_cpu(buf[1]); 2635 if (!policydb_role_isvalid(p, ra->role) || 2636 !policydb_role_isvalid(p, ra->new_role)) 2637 goto bad; 2638 lra = ra; 2639 } 2640 2641 rc = filename_trans_read(p, fp); 2642 if (rc) 2643 goto bad; 2644 2645 rc = policydb_index(p); 2646 if (rc) 2647 goto bad; 2648 2649 rc = -EINVAL; 2650 perm = string_to_av_perm(p, p->process_class, "transition"); 2651 if (!perm) { 2652 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2653 goto bad; 2654 } 2655 p->process_trans_perms = perm; 2656 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2657 if (!perm) { 2658 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2659 goto bad; 2660 } 2661 p->process_trans_perms |= perm; 2662 2663 rc = ocontext_read(p, info, fp); 2664 if (rc) 2665 goto bad; 2666 2667 rc = genfs_read(p, fp); 2668 if (rc) 2669 goto bad; 2670 2671 rc = range_read(p, fp); 2672 if (rc) 2673 goto bad; 2674 2675 rc = -ENOMEM; 2676 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2677 sizeof(*p->type_attr_map_array), 2678 GFP_KERNEL); 2679 if (!p->type_attr_map_array) 2680 goto bad; 2681 2682 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2683 for (i = 0; i < p->p_types.nprim; i++) 2684 ebitmap_init(&p->type_attr_map_array[i]); 2685 2686 for (i = 0; i < p->p_types.nprim; i++) { 2687 struct ebitmap *e = &p->type_attr_map_array[i]; 2688 2689 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2690 rc = ebitmap_read(e, fp); 2691 if (rc) 2692 goto bad; 2693 } 2694 /* add the type itself as the degenerate case */ 2695 rc = ebitmap_set_bit(e, i, 1); 2696 if (rc) 2697 goto bad; 2698 } 2699 2700 rc = policydb_bounds_sanity_check(p); 2701 if (rc) 2702 goto bad; 2703 2704 rc = 0; 2705 out: 2706 return rc; 2707 bad: 2708 kfree(rtk); 2709 kfree(rtd); 2710 policydb_destroy(p); 2711 goto out; 2712 } 2713 2714 /* 2715 * Write a MLS level structure to a policydb binary 2716 * representation file. 2717 */ 2718 static int mls_write_level(struct mls_level *l, void *fp) 2719 { 2720 __le32 buf[1]; 2721 int rc; 2722 2723 buf[0] = cpu_to_le32(l->sens); 2724 rc = put_entry(buf, sizeof(u32), 1, fp); 2725 if (rc) 2726 return rc; 2727 2728 rc = ebitmap_write(&l->cat, fp); 2729 if (rc) 2730 return rc; 2731 2732 return 0; 2733 } 2734 2735 /* 2736 * Write a MLS range structure to a policydb binary 2737 * representation file. 2738 */ 2739 static int mls_write_range_helper(struct mls_range *r, void *fp) 2740 { 2741 __le32 buf[3]; 2742 size_t items; 2743 int rc, eq; 2744 2745 eq = mls_level_eq(&r->level[1], &r->level[0]); 2746 2747 if (eq) 2748 items = 2; 2749 else 2750 items = 3; 2751 buf[0] = cpu_to_le32(items-1); 2752 buf[1] = cpu_to_le32(r->level[0].sens); 2753 if (!eq) 2754 buf[2] = cpu_to_le32(r->level[1].sens); 2755 2756 BUG_ON(items > ARRAY_SIZE(buf)); 2757 2758 rc = put_entry(buf, sizeof(u32), items, fp); 2759 if (rc) 2760 return rc; 2761 2762 rc = ebitmap_write(&r->level[0].cat, fp); 2763 if (rc) 2764 return rc; 2765 if (!eq) { 2766 rc = ebitmap_write(&r->level[1].cat, fp); 2767 if (rc) 2768 return rc; 2769 } 2770 2771 return 0; 2772 } 2773 2774 static int sens_write(void *vkey, void *datum, void *ptr) 2775 { 2776 char *key = vkey; 2777 struct level_datum *levdatum = datum; 2778 struct policy_data *pd = ptr; 2779 void *fp = pd->fp; 2780 __le32 buf[2]; 2781 size_t len; 2782 int rc; 2783 2784 len = strlen(key); 2785 buf[0] = cpu_to_le32(len); 2786 buf[1] = cpu_to_le32(levdatum->isalias); 2787 rc = put_entry(buf, sizeof(u32), 2, fp); 2788 if (rc) 2789 return rc; 2790 2791 rc = put_entry(key, 1, len, fp); 2792 if (rc) 2793 return rc; 2794 2795 rc = mls_write_level(levdatum->level, fp); 2796 if (rc) 2797 return rc; 2798 2799 return 0; 2800 } 2801 2802 static int cat_write(void *vkey, void *datum, void *ptr) 2803 { 2804 char *key = vkey; 2805 struct cat_datum *catdatum = datum; 2806 struct policy_data *pd = ptr; 2807 void *fp = pd->fp; 2808 __le32 buf[3]; 2809 size_t len; 2810 int rc; 2811 2812 len = strlen(key); 2813 buf[0] = cpu_to_le32(len); 2814 buf[1] = cpu_to_le32(catdatum->value); 2815 buf[2] = cpu_to_le32(catdatum->isalias); 2816 rc = put_entry(buf, sizeof(u32), 3, fp); 2817 if (rc) 2818 return rc; 2819 2820 rc = put_entry(key, 1, len, fp); 2821 if (rc) 2822 return rc; 2823 2824 return 0; 2825 } 2826 2827 static int role_trans_write_one(void *key, void *datum, void *ptr) 2828 { 2829 struct role_trans_key *rtk = key; 2830 struct role_trans_datum *rtd = datum; 2831 struct policy_data *pd = ptr; 2832 void *fp = pd->fp; 2833 struct policydb *p = pd->p; 2834 __le32 buf[3]; 2835 int rc; 2836 2837 buf[0] = cpu_to_le32(rtk->role); 2838 buf[1] = cpu_to_le32(rtk->type); 2839 buf[2] = cpu_to_le32(rtd->new_role); 2840 rc = put_entry(buf, sizeof(u32), 3, fp); 2841 if (rc) 2842 return rc; 2843 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2844 buf[0] = cpu_to_le32(rtk->tclass); 2845 rc = put_entry(buf, sizeof(u32), 1, fp); 2846 if (rc) 2847 return rc; 2848 } 2849 return 0; 2850 } 2851 2852 static int role_trans_write(struct policydb *p, void *fp) 2853 { 2854 struct policy_data pd = { .p = p, .fp = fp }; 2855 __le32 buf[1]; 2856 int rc; 2857 2858 buf[0] = cpu_to_le32(p->role_tr.nel); 2859 rc = put_entry(buf, sizeof(u32), 1, fp); 2860 if (rc) 2861 return rc; 2862 2863 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2864 } 2865 2866 static int role_allow_write(struct role_allow *r, void *fp) 2867 { 2868 struct role_allow *ra; 2869 __le32 buf[2]; 2870 size_t nel; 2871 int rc; 2872 2873 nel = 0; 2874 for (ra = r; ra; ra = ra->next) 2875 nel++; 2876 buf[0] = cpu_to_le32(nel); 2877 rc = put_entry(buf, sizeof(u32), 1, fp); 2878 if (rc) 2879 return rc; 2880 for (ra = r; ra; ra = ra->next) { 2881 buf[0] = cpu_to_le32(ra->role); 2882 buf[1] = cpu_to_le32(ra->new_role); 2883 rc = put_entry(buf, sizeof(u32), 2, fp); 2884 if (rc) 2885 return rc; 2886 } 2887 return 0; 2888 } 2889 2890 /* 2891 * Write a security context structure 2892 * to a policydb binary representation file. 2893 */ 2894 static int context_write(struct policydb *p, struct context *c, 2895 void *fp) 2896 { 2897 int rc; 2898 __le32 buf[3]; 2899 2900 buf[0] = cpu_to_le32(c->user); 2901 buf[1] = cpu_to_le32(c->role); 2902 buf[2] = cpu_to_le32(c->type); 2903 2904 rc = put_entry(buf, sizeof(u32), 3, fp); 2905 if (rc) 2906 return rc; 2907 2908 rc = mls_write_range_helper(&c->range, fp); 2909 if (rc) 2910 return rc; 2911 2912 return 0; 2913 } 2914 2915 /* 2916 * The following *_write functions are used to 2917 * write the symbol data to a policy database 2918 * binary representation file. 2919 */ 2920 2921 static int perm_write(void *vkey, void *datum, void *fp) 2922 { 2923 char *key = vkey; 2924 struct perm_datum *perdatum = datum; 2925 __le32 buf[2]; 2926 size_t len; 2927 int rc; 2928 2929 len = strlen(key); 2930 buf[0] = cpu_to_le32(len); 2931 buf[1] = cpu_to_le32(perdatum->value); 2932 rc = put_entry(buf, sizeof(u32), 2, fp); 2933 if (rc) 2934 return rc; 2935 2936 rc = put_entry(key, 1, len, fp); 2937 if (rc) 2938 return rc; 2939 2940 return 0; 2941 } 2942 2943 static int common_write(void *vkey, void *datum, void *ptr) 2944 { 2945 char *key = vkey; 2946 struct common_datum *comdatum = datum; 2947 struct policy_data *pd = ptr; 2948 void *fp = pd->fp; 2949 __le32 buf[4]; 2950 size_t len; 2951 int rc; 2952 2953 len = strlen(key); 2954 buf[0] = cpu_to_le32(len); 2955 buf[1] = cpu_to_le32(comdatum->value); 2956 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2957 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2958 rc = put_entry(buf, sizeof(u32), 4, fp); 2959 if (rc) 2960 return rc; 2961 2962 rc = put_entry(key, 1, len, fp); 2963 if (rc) 2964 return rc; 2965 2966 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 2967 if (rc) 2968 return rc; 2969 2970 return 0; 2971 } 2972 2973 static int type_set_write(struct type_set *t, void *fp) 2974 { 2975 int rc; 2976 __le32 buf[1]; 2977 2978 if (ebitmap_write(&t->types, fp)) 2979 return -EINVAL; 2980 if (ebitmap_write(&t->negset, fp)) 2981 return -EINVAL; 2982 2983 buf[0] = cpu_to_le32(t->flags); 2984 rc = put_entry(buf, sizeof(u32), 1, fp); 2985 if (rc) 2986 return -EINVAL; 2987 2988 return 0; 2989 } 2990 2991 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2992 void *fp) 2993 { 2994 struct constraint_node *c; 2995 struct constraint_expr *e; 2996 __le32 buf[3]; 2997 u32 nel; 2998 int rc; 2999 3000 for (c = node; c; c = c->next) { 3001 nel = 0; 3002 for (e = c->expr; e; e = e->next) 3003 nel++; 3004 buf[0] = cpu_to_le32(c->permissions); 3005 buf[1] = cpu_to_le32(nel); 3006 rc = put_entry(buf, sizeof(u32), 2, fp); 3007 if (rc) 3008 return rc; 3009 for (e = c->expr; e; e = e->next) { 3010 buf[0] = cpu_to_le32(e->expr_type); 3011 buf[1] = cpu_to_le32(e->attr); 3012 buf[2] = cpu_to_le32(e->op); 3013 rc = put_entry(buf, sizeof(u32), 3, fp); 3014 if (rc) 3015 return rc; 3016 3017 switch (e->expr_type) { 3018 case CEXPR_NAMES: 3019 rc = ebitmap_write(&e->names, fp); 3020 if (rc) 3021 return rc; 3022 if (p->policyvers >= 3023 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3024 rc = type_set_write(e->type_names, fp); 3025 if (rc) 3026 return rc; 3027 } 3028 break; 3029 default: 3030 break; 3031 } 3032 } 3033 } 3034 3035 return 0; 3036 } 3037 3038 static int class_write(void *vkey, void *datum, void *ptr) 3039 { 3040 char *key = vkey; 3041 struct class_datum *cladatum = datum; 3042 struct policy_data *pd = ptr; 3043 void *fp = pd->fp; 3044 struct policydb *p = pd->p; 3045 struct constraint_node *c; 3046 __le32 buf[6]; 3047 u32 ncons; 3048 size_t len, len2; 3049 int rc; 3050 3051 len = strlen(key); 3052 if (cladatum->comkey) 3053 len2 = strlen(cladatum->comkey); 3054 else 3055 len2 = 0; 3056 3057 ncons = 0; 3058 for (c = cladatum->constraints; c; c = c->next) 3059 ncons++; 3060 3061 buf[0] = cpu_to_le32(len); 3062 buf[1] = cpu_to_le32(len2); 3063 buf[2] = cpu_to_le32(cladatum->value); 3064 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3065 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3066 buf[5] = cpu_to_le32(ncons); 3067 rc = put_entry(buf, sizeof(u32), 6, fp); 3068 if (rc) 3069 return rc; 3070 3071 rc = put_entry(key, 1, len, fp); 3072 if (rc) 3073 return rc; 3074 3075 if (cladatum->comkey) { 3076 rc = put_entry(cladatum->comkey, 1, len2, fp); 3077 if (rc) 3078 return rc; 3079 } 3080 3081 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3082 if (rc) 3083 return rc; 3084 3085 rc = write_cons_helper(p, cladatum->constraints, fp); 3086 if (rc) 3087 return rc; 3088 3089 /* write out the validatetrans rule */ 3090 ncons = 0; 3091 for (c = cladatum->validatetrans; c; c = c->next) 3092 ncons++; 3093 3094 buf[0] = cpu_to_le32(ncons); 3095 rc = put_entry(buf, sizeof(u32), 1, fp); 3096 if (rc) 3097 return rc; 3098 3099 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3100 if (rc) 3101 return rc; 3102 3103 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3104 buf[0] = cpu_to_le32(cladatum->default_user); 3105 buf[1] = cpu_to_le32(cladatum->default_role); 3106 buf[2] = cpu_to_le32(cladatum->default_range); 3107 3108 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3109 if (rc) 3110 return rc; 3111 } 3112 3113 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3114 buf[0] = cpu_to_le32(cladatum->default_type); 3115 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3116 if (rc) 3117 return rc; 3118 } 3119 3120 return 0; 3121 } 3122 3123 static int role_write(void *vkey, void *datum, void *ptr) 3124 { 3125 char *key = vkey; 3126 struct role_datum *role = datum; 3127 struct policy_data *pd = ptr; 3128 void *fp = pd->fp; 3129 struct policydb *p = pd->p; 3130 __le32 buf[3]; 3131 size_t items, len; 3132 int rc; 3133 3134 len = strlen(key); 3135 items = 0; 3136 buf[items++] = cpu_to_le32(len); 3137 buf[items++] = cpu_to_le32(role->value); 3138 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3139 buf[items++] = cpu_to_le32(role->bounds); 3140 3141 BUG_ON(items > ARRAY_SIZE(buf)); 3142 3143 rc = put_entry(buf, sizeof(u32), items, fp); 3144 if (rc) 3145 return rc; 3146 3147 rc = put_entry(key, 1, len, fp); 3148 if (rc) 3149 return rc; 3150 3151 rc = ebitmap_write(&role->dominates, fp); 3152 if (rc) 3153 return rc; 3154 3155 rc = ebitmap_write(&role->types, fp); 3156 if (rc) 3157 return rc; 3158 3159 return 0; 3160 } 3161 3162 static int type_write(void *vkey, void *datum, void *ptr) 3163 { 3164 char *key = vkey; 3165 struct type_datum *typdatum = datum; 3166 struct policy_data *pd = ptr; 3167 struct policydb *p = pd->p; 3168 void *fp = pd->fp; 3169 __le32 buf[4]; 3170 int rc; 3171 size_t items, len; 3172 3173 len = strlen(key); 3174 items = 0; 3175 buf[items++] = cpu_to_le32(len); 3176 buf[items++] = cpu_to_le32(typdatum->value); 3177 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3178 u32 properties = 0; 3179 3180 if (typdatum->primary) 3181 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3182 3183 if (typdatum->attribute) 3184 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3185 3186 buf[items++] = cpu_to_le32(properties); 3187 buf[items++] = cpu_to_le32(typdatum->bounds); 3188 } else { 3189 buf[items++] = cpu_to_le32(typdatum->primary); 3190 } 3191 BUG_ON(items > ARRAY_SIZE(buf)); 3192 rc = put_entry(buf, sizeof(u32), items, fp); 3193 if (rc) 3194 return rc; 3195 3196 rc = put_entry(key, 1, len, fp); 3197 if (rc) 3198 return rc; 3199 3200 return 0; 3201 } 3202 3203 static int user_write(void *vkey, void *datum, void *ptr) 3204 { 3205 char *key = vkey; 3206 struct user_datum *usrdatum = datum; 3207 struct policy_data *pd = ptr; 3208 struct policydb *p = pd->p; 3209 void *fp = pd->fp; 3210 __le32 buf[3]; 3211 size_t items, len; 3212 int rc; 3213 3214 len = strlen(key); 3215 items = 0; 3216 buf[items++] = cpu_to_le32(len); 3217 buf[items++] = cpu_to_le32(usrdatum->value); 3218 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3219 buf[items++] = cpu_to_le32(usrdatum->bounds); 3220 BUG_ON(items > ARRAY_SIZE(buf)); 3221 rc = put_entry(buf, sizeof(u32), items, fp); 3222 if (rc) 3223 return rc; 3224 3225 rc = put_entry(key, 1, len, fp); 3226 if (rc) 3227 return rc; 3228 3229 rc = ebitmap_write(&usrdatum->roles, fp); 3230 if (rc) 3231 return rc; 3232 3233 rc = mls_write_range_helper(&usrdatum->range, fp); 3234 if (rc) 3235 return rc; 3236 3237 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3238 if (rc) 3239 return rc; 3240 3241 return 0; 3242 } 3243 3244 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3245 void *datap) = 3246 { 3247 common_write, 3248 class_write, 3249 role_write, 3250 type_write, 3251 user_write, 3252 cond_write_bool, 3253 sens_write, 3254 cat_write, 3255 }; 3256 3257 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3258 void *fp) 3259 { 3260 unsigned int i, j, rc; 3261 size_t nel, len; 3262 __be64 prefixbuf[1]; 3263 __le32 buf[3]; 3264 u32 nodebuf[8]; 3265 struct ocontext *c; 3266 for (i = 0; i < info->ocon_num; i++) { 3267 nel = 0; 3268 for (c = p->ocontexts[i]; c; c = c->next) 3269 nel++; 3270 buf[0] = cpu_to_le32(nel); 3271 rc = put_entry(buf, sizeof(u32), 1, fp); 3272 if (rc) 3273 return rc; 3274 for (c = p->ocontexts[i]; c; c = c->next) { 3275 switch (i) { 3276 case OCON_ISID: 3277 buf[0] = cpu_to_le32(c->sid[0]); 3278 rc = put_entry(buf, sizeof(u32), 1, fp); 3279 if (rc) 3280 return rc; 3281 rc = context_write(p, &c->context[0], fp); 3282 if (rc) 3283 return rc; 3284 break; 3285 case OCON_FS: 3286 case OCON_NETIF: 3287 len = strlen(c->u.name); 3288 buf[0] = cpu_to_le32(len); 3289 rc = put_entry(buf, sizeof(u32), 1, fp); 3290 if (rc) 3291 return rc; 3292 rc = put_entry(c->u.name, 1, len, fp); 3293 if (rc) 3294 return rc; 3295 rc = context_write(p, &c->context[0], fp); 3296 if (rc) 3297 return rc; 3298 rc = context_write(p, &c->context[1], fp); 3299 if (rc) 3300 return rc; 3301 break; 3302 case OCON_PORT: 3303 buf[0] = cpu_to_le32(c->u.port.protocol); 3304 buf[1] = cpu_to_le32(c->u.port.low_port); 3305 buf[2] = cpu_to_le32(c->u.port.high_port); 3306 rc = put_entry(buf, sizeof(u32), 3, fp); 3307 if (rc) 3308 return rc; 3309 rc = context_write(p, &c->context[0], fp); 3310 if (rc) 3311 return rc; 3312 break; 3313 case OCON_NODE: 3314 nodebuf[0] = c->u.node.addr; /* network order */ 3315 nodebuf[1] = c->u.node.mask; /* network order */ 3316 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3317 if (rc) 3318 return rc; 3319 rc = context_write(p, &c->context[0], fp); 3320 if (rc) 3321 return rc; 3322 break; 3323 case OCON_FSUSE: 3324 buf[0] = cpu_to_le32(c->v.behavior); 3325 len = strlen(c->u.name); 3326 buf[1] = cpu_to_le32(len); 3327 rc = put_entry(buf, sizeof(u32), 2, fp); 3328 if (rc) 3329 return rc; 3330 rc = put_entry(c->u.name, 1, len, fp); 3331 if (rc) 3332 return rc; 3333 rc = context_write(p, &c->context[0], fp); 3334 if (rc) 3335 return rc; 3336 break; 3337 case OCON_NODE6: 3338 for (j = 0; j < 4; j++) 3339 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3340 for (j = 0; j < 4; j++) 3341 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3342 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3343 if (rc) 3344 return rc; 3345 rc = context_write(p, &c->context[0], fp); 3346 if (rc) 3347 return rc; 3348 break; 3349 case OCON_IBPKEY: 3350 /* subnet_prefix is in CPU order */ 3351 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3352 3353 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3354 if (rc) 3355 return rc; 3356 3357 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3358 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3359 3360 rc = put_entry(buf, sizeof(u32), 2, fp); 3361 if (rc) 3362 return rc; 3363 rc = context_write(p, &c->context[0], fp); 3364 if (rc) 3365 return rc; 3366 break; 3367 case OCON_IBENDPORT: 3368 len = strlen(c->u.ibendport.dev_name); 3369 buf[0] = cpu_to_le32(len); 3370 buf[1] = cpu_to_le32(c->u.ibendport.port); 3371 rc = put_entry(buf, sizeof(u32), 2, fp); 3372 if (rc) 3373 return rc; 3374 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3375 if (rc) 3376 return rc; 3377 rc = context_write(p, &c->context[0], fp); 3378 if (rc) 3379 return rc; 3380 break; 3381 } 3382 } 3383 } 3384 return 0; 3385 } 3386 3387 static int genfs_write(struct policydb *p, void *fp) 3388 { 3389 struct genfs *genfs; 3390 struct ocontext *c; 3391 size_t len; 3392 __le32 buf[1]; 3393 int rc; 3394 3395 len = 0; 3396 for (genfs = p->genfs; genfs; genfs = genfs->next) 3397 len++; 3398 buf[0] = cpu_to_le32(len); 3399 rc = put_entry(buf, sizeof(u32), 1, fp); 3400 if (rc) 3401 return rc; 3402 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3403 len = strlen(genfs->fstype); 3404 buf[0] = cpu_to_le32(len); 3405 rc = put_entry(buf, sizeof(u32), 1, fp); 3406 if (rc) 3407 return rc; 3408 rc = put_entry(genfs->fstype, 1, len, fp); 3409 if (rc) 3410 return rc; 3411 len = 0; 3412 for (c = genfs->head; c; c = c->next) 3413 len++; 3414 buf[0] = cpu_to_le32(len); 3415 rc = put_entry(buf, sizeof(u32), 1, fp); 3416 if (rc) 3417 return rc; 3418 for (c = genfs->head; c; c = c->next) { 3419 len = strlen(c->u.name); 3420 buf[0] = cpu_to_le32(len); 3421 rc = put_entry(buf, sizeof(u32), 1, fp); 3422 if (rc) 3423 return rc; 3424 rc = put_entry(c->u.name, 1, len, fp); 3425 if (rc) 3426 return rc; 3427 buf[0] = cpu_to_le32(c->v.sclass); 3428 rc = put_entry(buf, sizeof(u32), 1, fp); 3429 if (rc) 3430 return rc; 3431 rc = context_write(p, &c->context[0], fp); 3432 if (rc) 3433 return rc; 3434 } 3435 } 3436 return 0; 3437 } 3438 3439 static int range_write_helper(void *key, void *data, void *ptr) 3440 { 3441 __le32 buf[2]; 3442 struct range_trans *rt = key; 3443 struct mls_range *r = data; 3444 struct policy_data *pd = ptr; 3445 void *fp = pd->fp; 3446 struct policydb *p = pd->p; 3447 int rc; 3448 3449 buf[0] = cpu_to_le32(rt->source_type); 3450 buf[1] = cpu_to_le32(rt->target_type); 3451 rc = put_entry(buf, sizeof(u32), 2, fp); 3452 if (rc) 3453 return rc; 3454 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3455 buf[0] = cpu_to_le32(rt->target_class); 3456 rc = put_entry(buf, sizeof(u32), 1, fp); 3457 if (rc) 3458 return rc; 3459 } 3460 rc = mls_write_range_helper(r, fp); 3461 if (rc) 3462 return rc; 3463 3464 return 0; 3465 } 3466 3467 static int range_write(struct policydb *p, void *fp) 3468 { 3469 __le32 buf[1]; 3470 int rc; 3471 struct policy_data pd; 3472 3473 pd.p = p; 3474 pd.fp = fp; 3475 3476 buf[0] = cpu_to_le32(p->range_tr.nel); 3477 rc = put_entry(buf, sizeof(u32), 1, fp); 3478 if (rc) 3479 return rc; 3480 3481 /* actually write all of the entries */ 3482 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3483 if (rc) 3484 return rc; 3485 3486 return 0; 3487 } 3488 3489 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3490 { 3491 struct filename_trans_key *ft = key; 3492 struct filename_trans_datum *datum = data; 3493 struct ebitmap_node *node; 3494 void *fp = ptr; 3495 __le32 buf[4]; 3496 int rc; 3497 u32 bit, len = strlen(ft->name); 3498 3499 do { 3500 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3501 buf[0] = cpu_to_le32(len); 3502 rc = put_entry(buf, sizeof(u32), 1, fp); 3503 if (rc) 3504 return rc; 3505 3506 rc = put_entry(ft->name, sizeof(char), len, fp); 3507 if (rc) 3508 return rc; 3509 3510 buf[0] = cpu_to_le32(bit + 1); 3511 buf[1] = cpu_to_le32(ft->ttype); 3512 buf[2] = cpu_to_le32(ft->tclass); 3513 buf[3] = cpu_to_le32(datum->otype); 3514 3515 rc = put_entry(buf, sizeof(u32), 4, fp); 3516 if (rc) 3517 return rc; 3518 } 3519 3520 datum = datum->next; 3521 } while (unlikely(datum)); 3522 3523 return 0; 3524 } 3525 3526 static int filename_write_helper(void *key, void *data, void *ptr) 3527 { 3528 struct filename_trans_key *ft = key; 3529 struct filename_trans_datum *datum; 3530 void *fp = ptr; 3531 __le32 buf[3]; 3532 int rc; 3533 u32 ndatum, len = strlen(ft->name); 3534 3535 buf[0] = cpu_to_le32(len); 3536 rc = put_entry(buf, sizeof(u32), 1, fp); 3537 if (rc) 3538 return rc; 3539 3540 rc = put_entry(ft->name, sizeof(char), len, fp); 3541 if (rc) 3542 return rc; 3543 3544 ndatum = 0; 3545 datum = data; 3546 do { 3547 ndatum++; 3548 datum = datum->next; 3549 } while (unlikely(datum)); 3550 3551 buf[0] = cpu_to_le32(ft->ttype); 3552 buf[1] = cpu_to_le32(ft->tclass); 3553 buf[2] = cpu_to_le32(ndatum); 3554 rc = put_entry(buf, sizeof(u32), 3, fp); 3555 if (rc) 3556 return rc; 3557 3558 datum = data; 3559 do { 3560 rc = ebitmap_write(&datum->stypes, fp); 3561 if (rc) 3562 return rc; 3563 3564 buf[0] = cpu_to_le32(datum->otype); 3565 rc = put_entry(buf, sizeof(u32), 1, fp); 3566 if (rc) 3567 return rc; 3568 3569 datum = datum->next; 3570 } while (unlikely(datum)); 3571 3572 return 0; 3573 } 3574 3575 static int filename_trans_write(struct policydb *p, void *fp) 3576 { 3577 __le32 buf[1]; 3578 int rc; 3579 3580 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3581 return 0; 3582 3583 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3584 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3585 rc = put_entry(buf, sizeof(u32), 1, fp); 3586 if (rc) 3587 return rc; 3588 3589 rc = hashtab_map(&p->filename_trans, 3590 filename_write_helper_compat, fp); 3591 } else { 3592 buf[0] = cpu_to_le32(p->filename_trans.nel); 3593 rc = put_entry(buf, sizeof(u32), 1, fp); 3594 if (rc) 3595 return rc; 3596 3597 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3598 } 3599 return rc; 3600 } 3601 3602 /* 3603 * Write the configuration data in a policy database 3604 * structure to a policy database binary representation 3605 * file. 3606 */ 3607 int policydb_write(struct policydb *p, void *fp) 3608 { 3609 unsigned int i, num_syms; 3610 int rc; 3611 __le32 buf[4]; 3612 u32 config; 3613 size_t len; 3614 struct policydb_compat_info *info; 3615 3616 /* 3617 * refuse to write policy older than compressed avtab 3618 * to simplify the writer. There are other tests dropped 3619 * since we assume this throughout the writer code. Be 3620 * careful if you ever try to remove this restriction 3621 */ 3622 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3623 pr_err("SELinux: refusing to write policy version %d." 3624 " Because it is less than version %d\n", p->policyvers, 3625 POLICYDB_VERSION_AVTAB); 3626 return -EINVAL; 3627 } 3628 3629 config = 0; 3630 if (p->mls_enabled) 3631 config |= POLICYDB_CONFIG_MLS; 3632 3633 if (p->reject_unknown) 3634 config |= REJECT_UNKNOWN; 3635 if (p->allow_unknown) 3636 config |= ALLOW_UNKNOWN; 3637 3638 /* Write the magic number and string identifiers. */ 3639 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3640 len = strlen(POLICYDB_STRING); 3641 buf[1] = cpu_to_le32(len); 3642 rc = put_entry(buf, sizeof(u32), 2, fp); 3643 if (rc) 3644 return rc; 3645 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3646 if (rc) 3647 return rc; 3648 3649 /* Write the version, config, and table sizes. */ 3650 info = policydb_lookup_compat(p->policyvers); 3651 if (!info) { 3652 pr_err("SELinux: compatibility lookup failed for policy " 3653 "version %d", p->policyvers); 3654 return -EINVAL; 3655 } 3656 3657 buf[0] = cpu_to_le32(p->policyvers); 3658 buf[1] = cpu_to_le32(config); 3659 buf[2] = cpu_to_le32(info->sym_num); 3660 buf[3] = cpu_to_le32(info->ocon_num); 3661 3662 rc = put_entry(buf, sizeof(u32), 4, fp); 3663 if (rc) 3664 return rc; 3665 3666 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3667 rc = ebitmap_write(&p->policycaps, fp); 3668 if (rc) 3669 return rc; 3670 } 3671 3672 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3673 rc = ebitmap_write(&p->permissive_map, fp); 3674 if (rc) 3675 return rc; 3676 } 3677 3678 num_syms = info->sym_num; 3679 for (i = 0; i < num_syms; i++) { 3680 struct policy_data pd; 3681 3682 pd.fp = fp; 3683 pd.p = p; 3684 3685 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3686 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3687 3688 rc = put_entry(buf, sizeof(u32), 2, fp); 3689 if (rc) 3690 return rc; 3691 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3692 if (rc) 3693 return rc; 3694 } 3695 3696 rc = avtab_write(p, &p->te_avtab, fp); 3697 if (rc) 3698 return rc; 3699 3700 rc = cond_write_list(p, fp); 3701 if (rc) 3702 return rc; 3703 3704 rc = role_trans_write(p, fp); 3705 if (rc) 3706 return rc; 3707 3708 rc = role_allow_write(p->role_allow, fp); 3709 if (rc) 3710 return rc; 3711 3712 rc = filename_trans_write(p, fp); 3713 if (rc) 3714 return rc; 3715 3716 rc = ocontext_write(p, info, fp); 3717 if (rc) 3718 return rc; 3719 3720 rc = genfs_write(p, fp); 3721 if (rc) 3722 return rc; 3723 3724 rc = range_write(p, fp); 3725 if (rc) 3726 return rc; 3727 3728 for (i = 0; i < p->p_types.nprim; i++) { 3729 struct ebitmap *e = &p->type_attr_map_array[i]; 3730 3731 rc = ebitmap_write(e, fp); 3732 if (rc) 3733 return rc; 3734 } 3735 3736 return 0; 3737 } 3738