1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #define _DEBUG_HASHES 45 46 #ifdef DEBUG_HASHES 47 static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56 }; 57 #endif 58 59 struct policydb_compat_info { 60 int version; 61 int sym_num; 62 int ocon_num; 63 }; 64 65 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 66 static struct policydb_compat_info policydb_compat[] = { 67 { 68 .version = POLICYDB_VERSION_BASE, 69 .sym_num = SYM_NUM - 3, 70 .ocon_num = OCON_NUM - 3, 71 }, 72 { 73 .version = POLICYDB_VERSION_BOOL, 74 .sym_num = SYM_NUM - 2, 75 .ocon_num = OCON_NUM - 3, 76 }, 77 { 78 .version = POLICYDB_VERSION_IPV6, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_NUM - 2, 81 }, 82 { 83 .version = POLICYDB_VERSION_NLCLASS, 84 .sym_num = SYM_NUM - 2, 85 .ocon_num = OCON_NUM - 2, 86 }, 87 { 88 .version = POLICYDB_VERSION_MLS, 89 .sym_num = SYM_NUM, 90 .ocon_num = OCON_NUM - 2, 91 }, 92 { 93 .version = POLICYDB_VERSION_AVTAB, 94 .sym_num = SYM_NUM, 95 .ocon_num = OCON_NUM - 2, 96 }, 97 { 98 .version = POLICYDB_VERSION_RANGETRANS, 99 .sym_num = SYM_NUM, 100 .ocon_num = OCON_NUM - 2, 101 }, 102 { 103 .version = POLICYDB_VERSION_POLCAP, 104 .sym_num = SYM_NUM, 105 .ocon_num = OCON_NUM - 2, 106 }, 107 { 108 .version = POLICYDB_VERSION_PERMISSIVE, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NUM - 2, 111 }, 112 { 113 .version = POLICYDB_VERSION_BOUNDARY, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NUM - 2, 116 }, 117 { 118 .version = POLICYDB_VERSION_FILENAME_TRANS, 119 .sym_num = SYM_NUM, 120 .ocon_num = OCON_NUM - 2, 121 }, 122 { 123 .version = POLICYDB_VERSION_ROLETRANS, 124 .sym_num = SYM_NUM, 125 .ocon_num = OCON_NUM - 2, 126 }, 127 { 128 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 129 .sym_num = SYM_NUM, 130 .ocon_num = OCON_NUM - 2, 131 }, 132 { 133 .version = POLICYDB_VERSION_DEFAULT_TYPE, 134 .sym_num = SYM_NUM, 135 .ocon_num = OCON_NUM - 2, 136 }, 137 { 138 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 139 .sym_num = SYM_NUM, 140 .ocon_num = OCON_NUM - 2, 141 }, 142 { 143 .version = POLICYDB_VERSION_XPERMS_IOCTL, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NUM - 2, 146 }, 147 { 148 .version = POLICYDB_VERSION_INFINIBAND, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NUM, 151 }, 152 { 153 .version = POLICYDB_VERSION_GLBLUB, 154 .sym_num = SYM_NUM, 155 .ocon_num = OCON_NUM, 156 }, 157 }; 158 159 static struct policydb_compat_info *policydb_lookup_compat(int version) 160 { 161 int i; 162 struct policydb_compat_info *info = NULL; 163 164 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 165 if (policydb_compat[i].version == version) { 166 info = &policydb_compat[i]; 167 break; 168 } 169 } 170 return info; 171 } 172 173 /* 174 * The following *_destroy functions are used to 175 * free any memory allocated for each kind of 176 * symbol data in the policy database. 177 */ 178 179 static int perm_destroy(void *key, void *datum, void *p) 180 { 181 kfree(key); 182 kfree(datum); 183 return 0; 184 } 185 186 static int common_destroy(void *key, void *datum, void *p) 187 { 188 struct common_datum *comdatum; 189 190 kfree(key); 191 if (datum) { 192 comdatum = datum; 193 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 194 hashtab_destroy(comdatum->permissions.table); 195 } 196 kfree(datum); 197 return 0; 198 } 199 200 static void constraint_expr_destroy(struct constraint_expr *expr) 201 { 202 if (expr) { 203 ebitmap_destroy(&expr->names); 204 if (expr->type_names) { 205 ebitmap_destroy(&expr->type_names->types); 206 ebitmap_destroy(&expr->type_names->negset); 207 kfree(expr->type_names); 208 } 209 kfree(expr); 210 } 211 } 212 213 static int cls_destroy(void *key, void *datum, void *p) 214 { 215 struct class_datum *cladatum; 216 struct constraint_node *constraint, *ctemp; 217 struct constraint_expr *e, *etmp; 218 219 kfree(key); 220 if (datum) { 221 cladatum = datum; 222 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 223 hashtab_destroy(cladatum->permissions.table); 224 constraint = cladatum->constraints; 225 while (constraint) { 226 e = constraint->expr; 227 while (e) { 228 etmp = e; 229 e = e->next; 230 constraint_expr_destroy(etmp); 231 } 232 ctemp = constraint; 233 constraint = constraint->next; 234 kfree(ctemp); 235 } 236 237 constraint = cladatum->validatetrans; 238 while (constraint) { 239 e = constraint->expr; 240 while (e) { 241 etmp = e; 242 e = e->next; 243 constraint_expr_destroy(etmp); 244 } 245 ctemp = constraint; 246 constraint = constraint->next; 247 kfree(ctemp); 248 } 249 kfree(cladatum->comkey); 250 } 251 kfree(datum); 252 return 0; 253 } 254 255 static int role_destroy(void *key, void *datum, void *p) 256 { 257 struct role_datum *role; 258 259 kfree(key); 260 if (datum) { 261 role = datum; 262 ebitmap_destroy(&role->dominates); 263 ebitmap_destroy(&role->types); 264 } 265 kfree(datum); 266 return 0; 267 } 268 269 static int type_destroy(void *key, void *datum, void *p) 270 { 271 kfree(key); 272 kfree(datum); 273 return 0; 274 } 275 276 static int user_destroy(void *key, void *datum, void *p) 277 { 278 struct user_datum *usrdatum; 279 280 kfree(key); 281 if (datum) { 282 usrdatum = datum; 283 ebitmap_destroy(&usrdatum->roles); 284 ebitmap_destroy(&usrdatum->range.level[0].cat); 285 ebitmap_destroy(&usrdatum->range.level[1].cat); 286 ebitmap_destroy(&usrdatum->dfltlevel.cat); 287 } 288 kfree(datum); 289 return 0; 290 } 291 292 static int sens_destroy(void *key, void *datum, void *p) 293 { 294 struct level_datum *levdatum; 295 296 kfree(key); 297 if (datum) { 298 levdatum = datum; 299 if (levdatum->level) 300 ebitmap_destroy(&levdatum->level->cat); 301 kfree(levdatum->level); 302 } 303 kfree(datum); 304 return 0; 305 } 306 307 static int cat_destroy(void *key, void *datum, void *p) 308 { 309 kfree(key); 310 kfree(datum); 311 return 0; 312 } 313 314 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 315 { 316 common_destroy, 317 cls_destroy, 318 role_destroy, 319 type_destroy, 320 user_destroy, 321 cond_destroy_bool, 322 sens_destroy, 323 cat_destroy, 324 }; 325 326 static int filenametr_destroy(void *key, void *datum, void *p) 327 { 328 struct filename_trans_key *ft = key; 329 struct filename_trans_datum *next, *d = datum; 330 331 kfree(ft->name); 332 kfree(key); 333 do { 334 ebitmap_destroy(&d->stypes); 335 next = d->next; 336 kfree(d); 337 d = next; 338 } while (unlikely(d)); 339 cond_resched(); 340 return 0; 341 } 342 343 static int range_tr_destroy(void *key, void *datum, void *p) 344 { 345 struct mls_range *rt = datum; 346 347 kfree(key); 348 ebitmap_destroy(&rt->level[0].cat); 349 ebitmap_destroy(&rt->level[1].cat); 350 kfree(datum); 351 cond_resched(); 352 return 0; 353 } 354 355 static void ocontext_destroy(struct ocontext *c, int i) 356 { 357 if (!c) 358 return; 359 360 context_destroy(&c->context[0]); 361 context_destroy(&c->context[1]); 362 if (i == OCON_ISID || i == OCON_FS || 363 i == OCON_NETIF || i == OCON_FSUSE) 364 kfree(c->u.name); 365 kfree(c); 366 } 367 368 /* 369 * Initialize the role table. 370 */ 371 static int roles_init(struct policydb *p) 372 { 373 char *key = NULL; 374 int rc; 375 struct role_datum *role; 376 377 role = kzalloc(sizeof(*role), GFP_KERNEL); 378 if (!role) 379 return -ENOMEM; 380 381 rc = -EINVAL; 382 role->value = ++p->p_roles.nprim; 383 if (role->value != OBJECT_R_VAL) 384 goto out; 385 386 rc = -ENOMEM; 387 key = kstrdup(OBJECT_R, GFP_KERNEL); 388 if (!key) 389 goto out; 390 391 rc = hashtab_insert(p->p_roles.table, key, role); 392 if (rc) 393 goto out; 394 395 return 0; 396 out: 397 kfree(key); 398 kfree(role); 399 return rc; 400 } 401 402 static u32 filenametr_hash(struct hashtab *h, const void *k) 403 { 404 const struct filename_trans_key *ft = k; 405 unsigned long hash; 406 unsigned int byte_num; 407 unsigned char focus; 408 409 hash = ft->ttype ^ ft->tclass; 410 411 byte_num = 0; 412 while ((focus = ft->name[byte_num++])) 413 hash = partial_name_hash(focus, hash); 414 return hash & (h->size - 1); 415 } 416 417 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 418 { 419 const struct filename_trans_key *ft1 = k1; 420 const struct filename_trans_key *ft2 = k2; 421 int v; 422 423 v = ft1->ttype - ft2->ttype; 424 if (v) 425 return v; 426 427 v = ft1->tclass - ft2->tclass; 428 if (v) 429 return v; 430 431 return strcmp(ft1->name, ft2->name); 432 433 } 434 435 static u32 rangetr_hash(struct hashtab *h, const void *k) 436 { 437 const struct range_trans *key = k; 438 439 return (key->source_type + (key->target_type << 3) + 440 (key->target_class << 5)) & (h->size - 1); 441 } 442 443 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 444 { 445 const struct range_trans *key1 = k1, *key2 = k2; 446 int v; 447 448 v = key1->source_type - key2->source_type; 449 if (v) 450 return v; 451 452 v = key1->target_type - key2->target_type; 453 if (v) 454 return v; 455 456 v = key1->target_class - key2->target_class; 457 458 return v; 459 } 460 461 /* 462 * Initialize a policy database structure. 463 */ 464 static int policydb_init(struct policydb *p) 465 { 466 memset(p, 0, sizeof(*p)); 467 468 avtab_init(&p->te_avtab); 469 cond_policydb_init(p); 470 471 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, 472 (1 << 11)); 473 if (!p->filename_trans) 474 return -ENOMEM; 475 476 ebitmap_init(&p->filename_trans_ttypes); 477 ebitmap_init(&p->policycaps); 478 ebitmap_init(&p->permissive_map); 479 480 return 0; 481 } 482 483 /* 484 * The following *_index functions are used to 485 * define the val_to_name and val_to_struct arrays 486 * in a policy database structure. The val_to_name 487 * arrays are used when converting security context 488 * structures into string representations. The 489 * val_to_struct arrays are used when the attributes 490 * of a class, role, or user are needed. 491 */ 492 493 static int common_index(void *key, void *datum, void *datap) 494 { 495 struct policydb *p; 496 struct common_datum *comdatum; 497 498 comdatum = datum; 499 p = datap; 500 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 501 return -EINVAL; 502 503 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 504 505 return 0; 506 } 507 508 static int class_index(void *key, void *datum, void *datap) 509 { 510 struct policydb *p; 511 struct class_datum *cladatum; 512 513 cladatum = datum; 514 p = datap; 515 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 516 return -EINVAL; 517 518 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 519 p->class_val_to_struct[cladatum->value - 1] = cladatum; 520 return 0; 521 } 522 523 static int role_index(void *key, void *datum, void *datap) 524 { 525 struct policydb *p; 526 struct role_datum *role; 527 528 role = datum; 529 p = datap; 530 if (!role->value 531 || role->value > p->p_roles.nprim 532 || role->bounds > p->p_roles.nprim) 533 return -EINVAL; 534 535 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 536 p->role_val_to_struct[role->value - 1] = role; 537 return 0; 538 } 539 540 static int type_index(void *key, void *datum, void *datap) 541 { 542 struct policydb *p; 543 struct type_datum *typdatum; 544 545 typdatum = datum; 546 p = datap; 547 548 if (typdatum->primary) { 549 if (!typdatum->value 550 || typdatum->value > p->p_types.nprim 551 || typdatum->bounds > p->p_types.nprim) 552 return -EINVAL; 553 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 554 p->type_val_to_struct[typdatum->value - 1] = typdatum; 555 } 556 557 return 0; 558 } 559 560 static int user_index(void *key, void *datum, void *datap) 561 { 562 struct policydb *p; 563 struct user_datum *usrdatum; 564 565 usrdatum = datum; 566 p = datap; 567 if (!usrdatum->value 568 || usrdatum->value > p->p_users.nprim 569 || usrdatum->bounds > p->p_users.nprim) 570 return -EINVAL; 571 572 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 573 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 574 return 0; 575 } 576 577 static int sens_index(void *key, void *datum, void *datap) 578 { 579 struct policydb *p; 580 struct level_datum *levdatum; 581 582 levdatum = datum; 583 p = datap; 584 585 if (!levdatum->isalias) { 586 if (!levdatum->level->sens || 587 levdatum->level->sens > p->p_levels.nprim) 588 return -EINVAL; 589 590 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 591 } 592 593 return 0; 594 } 595 596 static int cat_index(void *key, void *datum, void *datap) 597 { 598 struct policydb *p; 599 struct cat_datum *catdatum; 600 601 catdatum = datum; 602 p = datap; 603 604 if (!catdatum->isalias) { 605 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 606 return -EINVAL; 607 608 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 609 } 610 611 return 0; 612 } 613 614 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 615 { 616 common_index, 617 class_index, 618 role_index, 619 type_index, 620 user_index, 621 cond_index_bool, 622 sens_index, 623 cat_index, 624 }; 625 626 #ifdef DEBUG_HASHES 627 static void hash_eval(struct hashtab *h, const char *hash_name) 628 { 629 struct hashtab_info info; 630 631 hashtab_stat(h, &info); 632 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 633 hash_name, h->nel, info.slots_used, h->size, 634 info.max_chain_len); 635 } 636 637 static void symtab_hash_eval(struct symtab *s) 638 { 639 int i; 640 641 for (i = 0; i < SYM_NUM; i++) 642 hash_eval(s[i].table, symtab_name[i]); 643 } 644 645 #else 646 static inline void hash_eval(struct hashtab *h, char *hash_name) 647 { 648 } 649 #endif 650 651 /* 652 * Define the other val_to_name and val_to_struct arrays 653 * in a policy database structure. 654 * 655 * Caller must clean up on failure. 656 */ 657 static int policydb_index(struct policydb *p) 658 { 659 int i, rc; 660 661 if (p->mls_enabled) 662 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 663 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 664 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 665 else 666 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 667 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 668 p->p_bools.nprim); 669 670 pr_debug("SELinux: %d classes, %d rules\n", 671 p->p_classes.nprim, p->te_avtab.nel); 672 673 #ifdef DEBUG_HASHES 674 avtab_hash_eval(&p->te_avtab, "rules"); 675 symtab_hash_eval(p->symtab); 676 #endif 677 678 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 679 sizeof(*p->class_val_to_struct), 680 GFP_KERNEL); 681 if (!p->class_val_to_struct) 682 return -ENOMEM; 683 684 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 685 sizeof(*p->role_val_to_struct), 686 GFP_KERNEL); 687 if (!p->role_val_to_struct) 688 return -ENOMEM; 689 690 p->user_val_to_struct = kcalloc(p->p_users.nprim, 691 sizeof(*p->user_val_to_struct), 692 GFP_KERNEL); 693 if (!p->user_val_to_struct) 694 return -ENOMEM; 695 696 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 697 sizeof(*p->type_val_to_struct), 698 GFP_KERNEL); 699 if (!p->type_val_to_struct) 700 return -ENOMEM; 701 702 rc = cond_init_bool_indexes(p); 703 if (rc) 704 goto out; 705 706 for (i = 0; i < SYM_NUM; i++) { 707 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 708 sizeof(char *), 709 GFP_KERNEL); 710 if (!p->sym_val_to_name[i]) 711 return -ENOMEM; 712 713 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 714 if (rc) 715 goto out; 716 } 717 rc = 0; 718 out: 719 return rc; 720 } 721 722 /* 723 * Free any memory allocated by a policy database structure. 724 */ 725 void policydb_destroy(struct policydb *p) 726 { 727 struct ocontext *c, *ctmp; 728 struct genfs *g, *gtmp; 729 int i; 730 struct role_allow *ra, *lra = NULL; 731 struct role_trans *tr, *ltr = NULL; 732 733 for (i = 0; i < SYM_NUM; i++) { 734 cond_resched(); 735 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 736 hashtab_destroy(p->symtab[i].table); 737 } 738 739 for (i = 0; i < SYM_NUM; i++) 740 kvfree(p->sym_val_to_name[i]); 741 742 kfree(p->class_val_to_struct); 743 kfree(p->role_val_to_struct); 744 kfree(p->user_val_to_struct); 745 kvfree(p->type_val_to_struct); 746 747 avtab_destroy(&p->te_avtab); 748 749 for (i = 0; i < OCON_NUM; i++) { 750 cond_resched(); 751 c = p->ocontexts[i]; 752 while (c) { 753 ctmp = c; 754 c = c->next; 755 ocontext_destroy(ctmp, i); 756 } 757 p->ocontexts[i] = NULL; 758 } 759 760 g = p->genfs; 761 while (g) { 762 cond_resched(); 763 kfree(g->fstype); 764 c = g->head; 765 while (c) { 766 ctmp = c; 767 c = c->next; 768 ocontext_destroy(ctmp, OCON_FSUSE); 769 } 770 gtmp = g; 771 g = g->next; 772 kfree(gtmp); 773 } 774 p->genfs = NULL; 775 776 cond_policydb_destroy(p); 777 778 for (tr = p->role_tr; tr; tr = tr->next) { 779 cond_resched(); 780 kfree(ltr); 781 ltr = tr; 782 } 783 kfree(ltr); 784 785 for (ra = p->role_allow; ra; ra = ra->next) { 786 cond_resched(); 787 kfree(lra); 788 lra = ra; 789 } 790 kfree(lra); 791 792 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 793 hashtab_destroy(p->filename_trans); 794 795 hashtab_map(p->range_tr, range_tr_destroy, NULL); 796 hashtab_destroy(p->range_tr); 797 798 if (p->type_attr_map_array) { 799 for (i = 0; i < p->p_types.nprim; i++) 800 ebitmap_destroy(&p->type_attr_map_array[i]); 801 kvfree(p->type_attr_map_array); 802 } 803 804 ebitmap_destroy(&p->filename_trans_ttypes); 805 ebitmap_destroy(&p->policycaps); 806 ebitmap_destroy(&p->permissive_map); 807 } 808 809 /* 810 * Load the initial SIDs specified in a policy database 811 * structure into a SID table. 812 */ 813 int policydb_load_isids(struct policydb *p, struct sidtab *s) 814 { 815 struct ocontext *head, *c; 816 int rc; 817 818 rc = sidtab_init(s); 819 if (rc) { 820 pr_err("SELinux: out of memory on SID table init\n"); 821 goto out; 822 } 823 824 head = p->ocontexts[OCON_ISID]; 825 for (c = head; c; c = c->next) { 826 u32 sid = c->sid[0]; 827 const char *name = security_get_initial_sid_context(sid); 828 829 if (sid == SECSID_NULL) { 830 pr_err("SELinux: SID 0 was assigned a context.\n"); 831 sidtab_destroy(s); 832 goto out; 833 } 834 835 /* Ignore initial SIDs unused by this kernel. */ 836 if (!name) 837 continue; 838 839 rc = context_add_hash(p, &c->context[0]); 840 if (rc) { 841 sidtab_destroy(s); 842 goto out; 843 } 844 rc = sidtab_set_initial(s, sid, &c->context[0]); 845 if (rc) { 846 pr_err("SELinux: unable to load initial SID %s.\n", 847 name); 848 sidtab_destroy(s); 849 goto out; 850 } 851 } 852 rc = 0; 853 out: 854 return rc; 855 } 856 857 int policydb_class_isvalid(struct policydb *p, unsigned int class) 858 { 859 if (!class || class > p->p_classes.nprim) 860 return 0; 861 return 1; 862 } 863 864 int policydb_role_isvalid(struct policydb *p, unsigned int role) 865 { 866 if (!role || role > p->p_roles.nprim) 867 return 0; 868 return 1; 869 } 870 871 int policydb_type_isvalid(struct policydb *p, unsigned int type) 872 { 873 if (!type || type > p->p_types.nprim) 874 return 0; 875 return 1; 876 } 877 878 /* 879 * Return 1 if the fields in the security context 880 * structure `c' are valid. Return 0 otherwise. 881 */ 882 int policydb_context_isvalid(struct policydb *p, struct context *c) 883 { 884 struct role_datum *role; 885 struct user_datum *usrdatum; 886 887 if (!c->role || c->role > p->p_roles.nprim) 888 return 0; 889 890 if (!c->user || c->user > p->p_users.nprim) 891 return 0; 892 893 if (!c->type || c->type > p->p_types.nprim) 894 return 0; 895 896 if (c->role != OBJECT_R_VAL) { 897 /* 898 * Role must be authorized for the type. 899 */ 900 role = p->role_val_to_struct[c->role - 1]; 901 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 902 /* role may not be associated with type */ 903 return 0; 904 905 /* 906 * User must be authorized for the role. 907 */ 908 usrdatum = p->user_val_to_struct[c->user - 1]; 909 if (!usrdatum) 910 return 0; 911 912 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 913 /* user may not be associated with role */ 914 return 0; 915 } 916 917 if (!mls_context_isvalid(p, c)) 918 return 0; 919 920 return 1; 921 } 922 923 /* 924 * Read a MLS range structure from a policydb binary 925 * representation file. 926 */ 927 static int mls_read_range_helper(struct mls_range *r, void *fp) 928 { 929 __le32 buf[2]; 930 u32 items; 931 int rc; 932 933 rc = next_entry(buf, fp, sizeof(u32)); 934 if (rc) 935 goto out; 936 937 rc = -EINVAL; 938 items = le32_to_cpu(buf[0]); 939 if (items > ARRAY_SIZE(buf)) { 940 pr_err("SELinux: mls: range overflow\n"); 941 goto out; 942 } 943 944 rc = next_entry(buf, fp, sizeof(u32) * items); 945 if (rc) { 946 pr_err("SELinux: mls: truncated range\n"); 947 goto out; 948 } 949 950 r->level[0].sens = le32_to_cpu(buf[0]); 951 if (items > 1) 952 r->level[1].sens = le32_to_cpu(buf[1]); 953 else 954 r->level[1].sens = r->level[0].sens; 955 956 rc = ebitmap_read(&r->level[0].cat, fp); 957 if (rc) { 958 pr_err("SELinux: mls: error reading low categories\n"); 959 goto out; 960 } 961 if (items > 1) { 962 rc = ebitmap_read(&r->level[1].cat, fp); 963 if (rc) { 964 pr_err("SELinux: mls: error reading high categories\n"); 965 goto bad_high; 966 } 967 } else { 968 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 969 if (rc) { 970 pr_err("SELinux: mls: out of memory\n"); 971 goto bad_high; 972 } 973 } 974 975 return 0; 976 bad_high: 977 ebitmap_destroy(&r->level[0].cat); 978 out: 979 return rc; 980 } 981 982 /* 983 * Read and validate a security context structure 984 * from a policydb binary representation file. 985 */ 986 static int context_read_and_validate(struct context *c, 987 struct policydb *p, 988 void *fp) 989 { 990 __le32 buf[3]; 991 int rc; 992 993 rc = next_entry(buf, fp, sizeof buf); 994 if (rc) { 995 pr_err("SELinux: context truncated\n"); 996 goto out; 997 } 998 c->user = le32_to_cpu(buf[0]); 999 c->role = le32_to_cpu(buf[1]); 1000 c->type = le32_to_cpu(buf[2]); 1001 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1002 rc = mls_read_range_helper(&c->range, fp); 1003 if (rc) { 1004 pr_err("SELinux: error reading MLS range of context\n"); 1005 goto out; 1006 } 1007 } 1008 1009 rc = -EINVAL; 1010 if (!policydb_context_isvalid(p, c)) { 1011 pr_err("SELinux: invalid security context\n"); 1012 context_destroy(c); 1013 goto out; 1014 } 1015 rc = 0; 1016 out: 1017 return rc; 1018 } 1019 1020 /* 1021 * The following *_read functions are used to 1022 * read the symbol data from a policy database 1023 * binary representation file. 1024 */ 1025 1026 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1027 { 1028 int rc; 1029 char *str; 1030 1031 if ((len == 0) || (len == (u32)-1)) 1032 return -EINVAL; 1033 1034 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1035 if (!str) 1036 return -ENOMEM; 1037 1038 /* it's expected the caller should free the str */ 1039 *strp = str; 1040 1041 rc = next_entry(str, fp, len); 1042 if (rc) 1043 return rc; 1044 1045 str[len] = '\0'; 1046 return 0; 1047 } 1048 1049 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1050 { 1051 char *key = NULL; 1052 struct perm_datum *perdatum; 1053 int rc; 1054 __le32 buf[2]; 1055 u32 len; 1056 1057 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1058 if (!perdatum) 1059 return -ENOMEM; 1060 1061 rc = next_entry(buf, fp, sizeof buf); 1062 if (rc) 1063 goto bad; 1064 1065 len = le32_to_cpu(buf[0]); 1066 perdatum->value = le32_to_cpu(buf[1]); 1067 1068 rc = str_read(&key, GFP_KERNEL, fp, len); 1069 if (rc) 1070 goto bad; 1071 1072 rc = hashtab_insert(h, key, perdatum); 1073 if (rc) 1074 goto bad; 1075 1076 return 0; 1077 bad: 1078 perm_destroy(key, perdatum, NULL); 1079 return rc; 1080 } 1081 1082 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1083 { 1084 char *key = NULL; 1085 struct common_datum *comdatum; 1086 __le32 buf[4]; 1087 u32 len, nel; 1088 int i, rc; 1089 1090 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1091 if (!comdatum) 1092 return -ENOMEM; 1093 1094 rc = next_entry(buf, fp, sizeof buf); 1095 if (rc) 1096 goto bad; 1097 1098 len = le32_to_cpu(buf[0]); 1099 comdatum->value = le32_to_cpu(buf[1]); 1100 nel = le32_to_cpu(buf[3]); 1101 1102 rc = symtab_init(&comdatum->permissions, nel); 1103 if (rc) 1104 goto bad; 1105 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1106 1107 rc = str_read(&key, GFP_KERNEL, fp, len); 1108 if (rc) 1109 goto bad; 1110 1111 for (i = 0; i < nel; i++) { 1112 rc = perm_read(p, comdatum->permissions.table, fp); 1113 if (rc) 1114 goto bad; 1115 } 1116 1117 rc = hashtab_insert(h, key, comdatum); 1118 if (rc) 1119 goto bad; 1120 return 0; 1121 bad: 1122 common_destroy(key, comdatum, NULL); 1123 return rc; 1124 } 1125 1126 static void type_set_init(struct type_set *t) 1127 { 1128 ebitmap_init(&t->types); 1129 ebitmap_init(&t->negset); 1130 } 1131 1132 static int type_set_read(struct type_set *t, void *fp) 1133 { 1134 __le32 buf[1]; 1135 int rc; 1136 1137 if (ebitmap_read(&t->types, fp)) 1138 return -EINVAL; 1139 if (ebitmap_read(&t->negset, fp)) 1140 return -EINVAL; 1141 1142 rc = next_entry(buf, fp, sizeof(u32)); 1143 if (rc < 0) 1144 return -EINVAL; 1145 t->flags = le32_to_cpu(buf[0]); 1146 1147 return 0; 1148 } 1149 1150 1151 static int read_cons_helper(struct policydb *p, 1152 struct constraint_node **nodep, 1153 int ncons, int allowxtarget, void *fp) 1154 { 1155 struct constraint_node *c, *lc; 1156 struct constraint_expr *e, *le; 1157 __le32 buf[3]; 1158 u32 nexpr; 1159 int rc, i, j, depth; 1160 1161 lc = NULL; 1162 for (i = 0; i < ncons; i++) { 1163 c = kzalloc(sizeof(*c), GFP_KERNEL); 1164 if (!c) 1165 return -ENOMEM; 1166 1167 if (lc) 1168 lc->next = c; 1169 else 1170 *nodep = c; 1171 1172 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1173 if (rc) 1174 return rc; 1175 c->permissions = le32_to_cpu(buf[0]); 1176 nexpr = le32_to_cpu(buf[1]); 1177 le = NULL; 1178 depth = -1; 1179 for (j = 0; j < nexpr; j++) { 1180 e = kzalloc(sizeof(*e), GFP_KERNEL); 1181 if (!e) 1182 return -ENOMEM; 1183 1184 if (le) 1185 le->next = e; 1186 else 1187 c->expr = e; 1188 1189 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1190 if (rc) 1191 return rc; 1192 e->expr_type = le32_to_cpu(buf[0]); 1193 e->attr = le32_to_cpu(buf[1]); 1194 e->op = le32_to_cpu(buf[2]); 1195 1196 switch (e->expr_type) { 1197 case CEXPR_NOT: 1198 if (depth < 0) 1199 return -EINVAL; 1200 break; 1201 case CEXPR_AND: 1202 case CEXPR_OR: 1203 if (depth < 1) 1204 return -EINVAL; 1205 depth--; 1206 break; 1207 case CEXPR_ATTR: 1208 if (depth == (CEXPR_MAXDEPTH - 1)) 1209 return -EINVAL; 1210 depth++; 1211 break; 1212 case CEXPR_NAMES: 1213 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1214 return -EINVAL; 1215 if (depth == (CEXPR_MAXDEPTH - 1)) 1216 return -EINVAL; 1217 depth++; 1218 rc = ebitmap_read(&e->names, fp); 1219 if (rc) 1220 return rc; 1221 if (p->policyvers >= 1222 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1223 e->type_names = kzalloc(sizeof 1224 (*e->type_names), GFP_KERNEL); 1225 if (!e->type_names) 1226 return -ENOMEM; 1227 type_set_init(e->type_names); 1228 rc = type_set_read(e->type_names, fp); 1229 if (rc) 1230 return rc; 1231 } 1232 break; 1233 default: 1234 return -EINVAL; 1235 } 1236 le = e; 1237 } 1238 if (depth != 0) 1239 return -EINVAL; 1240 lc = c; 1241 } 1242 1243 return 0; 1244 } 1245 1246 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1247 { 1248 char *key = NULL; 1249 struct class_datum *cladatum; 1250 __le32 buf[6]; 1251 u32 len, len2, ncons, nel; 1252 int i, rc; 1253 1254 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1255 if (!cladatum) 1256 return -ENOMEM; 1257 1258 rc = next_entry(buf, fp, sizeof(u32)*6); 1259 if (rc) 1260 goto bad; 1261 1262 len = le32_to_cpu(buf[0]); 1263 len2 = le32_to_cpu(buf[1]); 1264 cladatum->value = le32_to_cpu(buf[2]); 1265 nel = le32_to_cpu(buf[4]); 1266 1267 rc = symtab_init(&cladatum->permissions, nel); 1268 if (rc) 1269 goto bad; 1270 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1271 1272 ncons = le32_to_cpu(buf[5]); 1273 1274 rc = str_read(&key, GFP_KERNEL, fp, len); 1275 if (rc) 1276 goto bad; 1277 1278 if (len2) { 1279 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1280 if (rc) 1281 goto bad; 1282 1283 rc = -EINVAL; 1284 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1285 if (!cladatum->comdatum) { 1286 pr_err("SELinux: unknown common %s\n", 1287 cladatum->comkey); 1288 goto bad; 1289 } 1290 } 1291 for (i = 0; i < nel; i++) { 1292 rc = perm_read(p, cladatum->permissions.table, fp); 1293 if (rc) 1294 goto bad; 1295 } 1296 1297 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1298 if (rc) 1299 goto bad; 1300 1301 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1302 /* grab the validatetrans rules */ 1303 rc = next_entry(buf, fp, sizeof(u32)); 1304 if (rc) 1305 goto bad; 1306 ncons = le32_to_cpu(buf[0]); 1307 rc = read_cons_helper(p, &cladatum->validatetrans, 1308 ncons, 1, fp); 1309 if (rc) 1310 goto bad; 1311 } 1312 1313 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1314 rc = next_entry(buf, fp, sizeof(u32) * 3); 1315 if (rc) 1316 goto bad; 1317 1318 cladatum->default_user = le32_to_cpu(buf[0]); 1319 cladatum->default_role = le32_to_cpu(buf[1]); 1320 cladatum->default_range = le32_to_cpu(buf[2]); 1321 } 1322 1323 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1324 rc = next_entry(buf, fp, sizeof(u32) * 1); 1325 if (rc) 1326 goto bad; 1327 cladatum->default_type = le32_to_cpu(buf[0]); 1328 } 1329 1330 rc = hashtab_insert(h, key, cladatum); 1331 if (rc) 1332 goto bad; 1333 1334 return 0; 1335 bad: 1336 cls_destroy(key, cladatum, NULL); 1337 return rc; 1338 } 1339 1340 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1341 { 1342 char *key = NULL; 1343 struct role_datum *role; 1344 int rc, to_read = 2; 1345 __le32 buf[3]; 1346 u32 len; 1347 1348 role = kzalloc(sizeof(*role), GFP_KERNEL); 1349 if (!role) 1350 return -ENOMEM; 1351 1352 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1353 to_read = 3; 1354 1355 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1356 if (rc) 1357 goto bad; 1358 1359 len = le32_to_cpu(buf[0]); 1360 role->value = le32_to_cpu(buf[1]); 1361 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1362 role->bounds = le32_to_cpu(buf[2]); 1363 1364 rc = str_read(&key, GFP_KERNEL, fp, len); 1365 if (rc) 1366 goto bad; 1367 1368 rc = ebitmap_read(&role->dominates, fp); 1369 if (rc) 1370 goto bad; 1371 1372 rc = ebitmap_read(&role->types, fp); 1373 if (rc) 1374 goto bad; 1375 1376 if (strcmp(key, OBJECT_R) == 0) { 1377 rc = -EINVAL; 1378 if (role->value != OBJECT_R_VAL) { 1379 pr_err("SELinux: Role %s has wrong value %d\n", 1380 OBJECT_R, role->value); 1381 goto bad; 1382 } 1383 rc = 0; 1384 goto bad; 1385 } 1386 1387 rc = hashtab_insert(h, key, role); 1388 if (rc) 1389 goto bad; 1390 return 0; 1391 bad: 1392 role_destroy(key, role, NULL); 1393 return rc; 1394 } 1395 1396 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1397 { 1398 char *key = NULL; 1399 struct type_datum *typdatum; 1400 int rc, to_read = 3; 1401 __le32 buf[4]; 1402 u32 len; 1403 1404 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1405 if (!typdatum) 1406 return -ENOMEM; 1407 1408 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1409 to_read = 4; 1410 1411 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1412 if (rc) 1413 goto bad; 1414 1415 len = le32_to_cpu(buf[0]); 1416 typdatum->value = le32_to_cpu(buf[1]); 1417 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1418 u32 prop = le32_to_cpu(buf[2]); 1419 1420 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1421 typdatum->primary = 1; 1422 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1423 typdatum->attribute = 1; 1424 1425 typdatum->bounds = le32_to_cpu(buf[3]); 1426 } else { 1427 typdatum->primary = le32_to_cpu(buf[2]); 1428 } 1429 1430 rc = str_read(&key, GFP_KERNEL, fp, len); 1431 if (rc) 1432 goto bad; 1433 1434 rc = hashtab_insert(h, key, typdatum); 1435 if (rc) 1436 goto bad; 1437 return 0; 1438 bad: 1439 type_destroy(key, typdatum, NULL); 1440 return rc; 1441 } 1442 1443 1444 /* 1445 * Read a MLS level structure from a policydb binary 1446 * representation file. 1447 */ 1448 static int mls_read_level(struct mls_level *lp, void *fp) 1449 { 1450 __le32 buf[1]; 1451 int rc; 1452 1453 memset(lp, 0, sizeof(*lp)); 1454 1455 rc = next_entry(buf, fp, sizeof buf); 1456 if (rc) { 1457 pr_err("SELinux: mls: truncated level\n"); 1458 return rc; 1459 } 1460 lp->sens = le32_to_cpu(buf[0]); 1461 1462 rc = ebitmap_read(&lp->cat, fp); 1463 if (rc) { 1464 pr_err("SELinux: mls: error reading level categories\n"); 1465 return rc; 1466 } 1467 return 0; 1468 } 1469 1470 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1471 { 1472 char *key = NULL; 1473 struct user_datum *usrdatum; 1474 int rc, to_read = 2; 1475 __le32 buf[3]; 1476 u32 len; 1477 1478 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1479 if (!usrdatum) 1480 return -ENOMEM; 1481 1482 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1483 to_read = 3; 1484 1485 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1486 if (rc) 1487 goto bad; 1488 1489 len = le32_to_cpu(buf[0]); 1490 usrdatum->value = le32_to_cpu(buf[1]); 1491 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1492 usrdatum->bounds = le32_to_cpu(buf[2]); 1493 1494 rc = str_read(&key, GFP_KERNEL, fp, len); 1495 if (rc) 1496 goto bad; 1497 1498 rc = ebitmap_read(&usrdatum->roles, fp); 1499 if (rc) 1500 goto bad; 1501 1502 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1503 rc = mls_read_range_helper(&usrdatum->range, fp); 1504 if (rc) 1505 goto bad; 1506 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1507 if (rc) 1508 goto bad; 1509 } 1510 1511 rc = hashtab_insert(h, key, usrdatum); 1512 if (rc) 1513 goto bad; 1514 return 0; 1515 bad: 1516 user_destroy(key, usrdatum, NULL); 1517 return rc; 1518 } 1519 1520 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1521 { 1522 char *key = NULL; 1523 struct level_datum *levdatum; 1524 int rc; 1525 __le32 buf[2]; 1526 u32 len; 1527 1528 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1529 if (!levdatum) 1530 return -ENOMEM; 1531 1532 rc = next_entry(buf, fp, sizeof buf); 1533 if (rc) 1534 goto bad; 1535 1536 len = le32_to_cpu(buf[0]); 1537 levdatum->isalias = le32_to_cpu(buf[1]); 1538 1539 rc = str_read(&key, GFP_ATOMIC, fp, len); 1540 if (rc) 1541 goto bad; 1542 1543 rc = -ENOMEM; 1544 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1545 if (!levdatum->level) 1546 goto bad; 1547 1548 rc = mls_read_level(levdatum->level, fp); 1549 if (rc) 1550 goto bad; 1551 1552 rc = hashtab_insert(h, key, levdatum); 1553 if (rc) 1554 goto bad; 1555 return 0; 1556 bad: 1557 sens_destroy(key, levdatum, NULL); 1558 return rc; 1559 } 1560 1561 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1562 { 1563 char *key = NULL; 1564 struct cat_datum *catdatum; 1565 int rc; 1566 __le32 buf[3]; 1567 u32 len; 1568 1569 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1570 if (!catdatum) 1571 return -ENOMEM; 1572 1573 rc = next_entry(buf, fp, sizeof buf); 1574 if (rc) 1575 goto bad; 1576 1577 len = le32_to_cpu(buf[0]); 1578 catdatum->value = le32_to_cpu(buf[1]); 1579 catdatum->isalias = le32_to_cpu(buf[2]); 1580 1581 rc = str_read(&key, GFP_ATOMIC, fp, len); 1582 if (rc) 1583 goto bad; 1584 1585 rc = hashtab_insert(h, key, catdatum); 1586 if (rc) 1587 goto bad; 1588 return 0; 1589 bad: 1590 cat_destroy(key, catdatum, NULL); 1591 return rc; 1592 } 1593 1594 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1595 { 1596 common_read, 1597 class_read, 1598 role_read, 1599 type_read, 1600 user_read, 1601 cond_read_bool, 1602 sens_read, 1603 cat_read, 1604 }; 1605 1606 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1607 { 1608 struct user_datum *upper, *user; 1609 struct policydb *p = datap; 1610 int depth = 0; 1611 1612 upper = user = datum; 1613 while (upper->bounds) { 1614 struct ebitmap_node *node; 1615 unsigned long bit; 1616 1617 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1618 pr_err("SELinux: user %s: " 1619 "too deep or looped boundary", 1620 (char *) key); 1621 return -EINVAL; 1622 } 1623 1624 upper = p->user_val_to_struct[upper->bounds - 1]; 1625 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1626 if (ebitmap_get_bit(&upper->roles, bit)) 1627 continue; 1628 1629 pr_err("SELinux: boundary violated policy: " 1630 "user=%s role=%s bounds=%s\n", 1631 sym_name(p, SYM_USERS, user->value - 1), 1632 sym_name(p, SYM_ROLES, bit), 1633 sym_name(p, SYM_USERS, upper->value - 1)); 1634 1635 return -EINVAL; 1636 } 1637 } 1638 1639 return 0; 1640 } 1641 1642 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1643 { 1644 struct role_datum *upper, *role; 1645 struct policydb *p = datap; 1646 int depth = 0; 1647 1648 upper = role = datum; 1649 while (upper->bounds) { 1650 struct ebitmap_node *node; 1651 unsigned long bit; 1652 1653 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1654 pr_err("SELinux: role %s: " 1655 "too deep or looped bounds\n", 1656 (char *) key); 1657 return -EINVAL; 1658 } 1659 1660 upper = p->role_val_to_struct[upper->bounds - 1]; 1661 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1662 if (ebitmap_get_bit(&upper->types, bit)) 1663 continue; 1664 1665 pr_err("SELinux: boundary violated policy: " 1666 "role=%s type=%s bounds=%s\n", 1667 sym_name(p, SYM_ROLES, role->value - 1), 1668 sym_name(p, SYM_TYPES, bit), 1669 sym_name(p, SYM_ROLES, upper->value - 1)); 1670 1671 return -EINVAL; 1672 } 1673 } 1674 1675 return 0; 1676 } 1677 1678 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1679 { 1680 struct type_datum *upper; 1681 struct policydb *p = datap; 1682 int depth = 0; 1683 1684 upper = datum; 1685 while (upper->bounds) { 1686 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1687 pr_err("SELinux: type %s: " 1688 "too deep or looped boundary\n", 1689 (char *) key); 1690 return -EINVAL; 1691 } 1692 1693 upper = p->type_val_to_struct[upper->bounds - 1]; 1694 BUG_ON(!upper); 1695 1696 if (upper->attribute) { 1697 pr_err("SELinux: type %s: " 1698 "bounded by attribute %s", 1699 (char *) key, 1700 sym_name(p, SYM_TYPES, upper->value - 1)); 1701 return -EINVAL; 1702 } 1703 } 1704 1705 return 0; 1706 } 1707 1708 static int policydb_bounds_sanity_check(struct policydb *p) 1709 { 1710 int rc; 1711 1712 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1713 return 0; 1714 1715 rc = hashtab_map(p->p_users.table, 1716 user_bounds_sanity_check, p); 1717 if (rc) 1718 return rc; 1719 1720 rc = hashtab_map(p->p_roles.table, 1721 role_bounds_sanity_check, p); 1722 if (rc) 1723 return rc; 1724 1725 rc = hashtab_map(p->p_types.table, 1726 type_bounds_sanity_check, p); 1727 if (rc) 1728 return rc; 1729 1730 return 0; 1731 } 1732 1733 u16 string_to_security_class(struct policydb *p, const char *name) 1734 { 1735 struct class_datum *cladatum; 1736 1737 cladatum = hashtab_search(p->p_classes.table, name); 1738 if (!cladatum) 1739 return 0; 1740 1741 return cladatum->value; 1742 } 1743 1744 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1745 { 1746 struct class_datum *cladatum; 1747 struct perm_datum *perdatum = NULL; 1748 struct common_datum *comdatum; 1749 1750 if (!tclass || tclass > p->p_classes.nprim) 1751 return 0; 1752 1753 cladatum = p->class_val_to_struct[tclass-1]; 1754 comdatum = cladatum->comdatum; 1755 if (comdatum) 1756 perdatum = hashtab_search(comdatum->permissions.table, 1757 name); 1758 if (!perdatum) 1759 perdatum = hashtab_search(cladatum->permissions.table, 1760 name); 1761 if (!perdatum) 1762 return 0; 1763 1764 return 1U << (perdatum->value-1); 1765 } 1766 1767 static int range_read(struct policydb *p, void *fp) 1768 { 1769 struct range_trans *rt = NULL; 1770 struct mls_range *r = NULL; 1771 int i, rc; 1772 __le32 buf[2]; 1773 u32 nel; 1774 1775 if (p->policyvers < POLICYDB_VERSION_MLS) 1776 return 0; 1777 1778 rc = next_entry(buf, fp, sizeof(u32)); 1779 if (rc) 1780 return rc; 1781 1782 nel = le32_to_cpu(buf[0]); 1783 1784 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, nel); 1785 if (!p->range_tr) 1786 return -ENOMEM; 1787 1788 for (i = 0; i < nel; i++) { 1789 rc = -ENOMEM; 1790 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1791 if (!rt) 1792 goto out; 1793 1794 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1795 if (rc) 1796 goto out; 1797 1798 rt->source_type = le32_to_cpu(buf[0]); 1799 rt->target_type = le32_to_cpu(buf[1]); 1800 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1801 rc = next_entry(buf, fp, sizeof(u32)); 1802 if (rc) 1803 goto out; 1804 rt->target_class = le32_to_cpu(buf[0]); 1805 } else 1806 rt->target_class = p->process_class; 1807 1808 rc = -EINVAL; 1809 if (!policydb_type_isvalid(p, rt->source_type) || 1810 !policydb_type_isvalid(p, rt->target_type) || 1811 !policydb_class_isvalid(p, rt->target_class)) 1812 goto out; 1813 1814 rc = -ENOMEM; 1815 r = kzalloc(sizeof(*r), GFP_KERNEL); 1816 if (!r) 1817 goto out; 1818 1819 rc = mls_read_range_helper(r, fp); 1820 if (rc) 1821 goto out; 1822 1823 rc = -EINVAL; 1824 if (!mls_range_isvalid(p, r)) { 1825 pr_warn("SELinux: rangetrans: invalid range\n"); 1826 goto out; 1827 } 1828 1829 rc = hashtab_insert(p->range_tr, rt, r); 1830 if (rc) 1831 goto out; 1832 1833 rt = NULL; 1834 r = NULL; 1835 } 1836 hash_eval(p->range_tr, "rangetr"); 1837 rc = 0; 1838 out: 1839 kfree(rt); 1840 kfree(r); 1841 return rc; 1842 } 1843 1844 static int filename_trans_read_one(struct policydb *p, void *fp) 1845 { 1846 struct filename_trans_key key, *ft = NULL; 1847 struct filename_trans_datum *last, *datum = NULL; 1848 char *name = NULL; 1849 u32 len, stype, otype; 1850 __le32 buf[4]; 1851 int rc; 1852 1853 /* length of the path component string */ 1854 rc = next_entry(buf, fp, sizeof(u32)); 1855 if (rc) 1856 return rc; 1857 len = le32_to_cpu(buf[0]); 1858 1859 /* path component string */ 1860 rc = str_read(&name, GFP_KERNEL, fp, len); 1861 if (rc) 1862 return rc; 1863 1864 rc = next_entry(buf, fp, sizeof(u32) * 4); 1865 if (rc) 1866 goto out; 1867 1868 stype = le32_to_cpu(buf[0]); 1869 key.ttype = le32_to_cpu(buf[1]); 1870 key.tclass = le32_to_cpu(buf[2]); 1871 key.name = name; 1872 1873 otype = le32_to_cpu(buf[3]); 1874 1875 last = NULL; 1876 datum = hashtab_search(p->filename_trans, &key); 1877 while (datum) { 1878 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1879 /* conflicting/duplicate rules are ignored */ 1880 datum = NULL; 1881 goto out; 1882 } 1883 if (likely(datum->otype == otype)) 1884 break; 1885 last = datum; 1886 datum = datum->next; 1887 } 1888 if (!datum) { 1889 rc = -ENOMEM; 1890 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1891 if (!datum) 1892 goto out; 1893 1894 ebitmap_init(&datum->stypes); 1895 datum->otype = otype; 1896 datum->next = NULL; 1897 1898 if (unlikely(last)) { 1899 last->next = datum; 1900 } else { 1901 rc = -ENOMEM; 1902 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1903 if (!ft) 1904 goto out; 1905 1906 rc = hashtab_insert(p->filename_trans, ft, datum); 1907 if (rc) 1908 goto out; 1909 name = NULL; 1910 1911 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1912 key.ttype, 1); 1913 if (rc) 1914 return rc; 1915 } 1916 } 1917 kfree(name); 1918 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1919 1920 out: 1921 kfree(ft); 1922 kfree(name); 1923 kfree(datum); 1924 return rc; 1925 } 1926 1927 static int filename_trans_read(struct policydb *p, void *fp) 1928 { 1929 u32 nel; 1930 __le32 buf[1]; 1931 int rc, i; 1932 1933 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1934 return 0; 1935 1936 rc = next_entry(buf, fp, sizeof(u32)); 1937 if (rc) 1938 return rc; 1939 nel = le32_to_cpu(buf[0]); 1940 1941 p->filename_trans_count = nel; 1942 1943 for (i = 0; i < nel; i++) { 1944 rc = filename_trans_read_one(p, fp); 1945 if (rc) 1946 return rc; 1947 } 1948 hash_eval(p->filename_trans, "filenametr"); 1949 return 0; 1950 } 1951 1952 static int genfs_read(struct policydb *p, void *fp) 1953 { 1954 int i, j, rc; 1955 u32 nel, nel2, len, len2; 1956 __le32 buf[1]; 1957 struct ocontext *l, *c; 1958 struct ocontext *newc = NULL; 1959 struct genfs *genfs_p, *genfs; 1960 struct genfs *newgenfs = NULL; 1961 1962 rc = next_entry(buf, fp, sizeof(u32)); 1963 if (rc) 1964 return rc; 1965 nel = le32_to_cpu(buf[0]); 1966 1967 for (i = 0; i < nel; i++) { 1968 rc = next_entry(buf, fp, sizeof(u32)); 1969 if (rc) 1970 goto out; 1971 len = le32_to_cpu(buf[0]); 1972 1973 rc = -ENOMEM; 1974 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1975 if (!newgenfs) 1976 goto out; 1977 1978 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 1979 if (rc) 1980 goto out; 1981 1982 for (genfs_p = NULL, genfs = p->genfs; genfs; 1983 genfs_p = genfs, genfs = genfs->next) { 1984 rc = -EINVAL; 1985 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1986 pr_err("SELinux: dup genfs fstype %s\n", 1987 newgenfs->fstype); 1988 goto out; 1989 } 1990 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1991 break; 1992 } 1993 newgenfs->next = genfs; 1994 if (genfs_p) 1995 genfs_p->next = newgenfs; 1996 else 1997 p->genfs = newgenfs; 1998 genfs = newgenfs; 1999 newgenfs = NULL; 2000 2001 rc = next_entry(buf, fp, sizeof(u32)); 2002 if (rc) 2003 goto out; 2004 2005 nel2 = le32_to_cpu(buf[0]); 2006 for (j = 0; j < nel2; j++) { 2007 rc = next_entry(buf, fp, sizeof(u32)); 2008 if (rc) 2009 goto out; 2010 len = le32_to_cpu(buf[0]); 2011 2012 rc = -ENOMEM; 2013 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2014 if (!newc) 2015 goto out; 2016 2017 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2018 if (rc) 2019 goto out; 2020 2021 rc = next_entry(buf, fp, sizeof(u32)); 2022 if (rc) 2023 goto out; 2024 2025 newc->v.sclass = le32_to_cpu(buf[0]); 2026 rc = context_read_and_validate(&newc->context[0], p, fp); 2027 if (rc) 2028 goto out; 2029 2030 for (l = NULL, c = genfs->head; c; 2031 l = c, c = c->next) { 2032 rc = -EINVAL; 2033 if (!strcmp(newc->u.name, c->u.name) && 2034 (!c->v.sclass || !newc->v.sclass || 2035 newc->v.sclass == c->v.sclass)) { 2036 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2037 genfs->fstype, c->u.name); 2038 goto out; 2039 } 2040 len = strlen(newc->u.name); 2041 len2 = strlen(c->u.name); 2042 if (len > len2) 2043 break; 2044 } 2045 2046 newc->next = c; 2047 if (l) 2048 l->next = newc; 2049 else 2050 genfs->head = newc; 2051 newc = NULL; 2052 } 2053 } 2054 rc = 0; 2055 out: 2056 if (newgenfs) { 2057 kfree(newgenfs->fstype); 2058 kfree(newgenfs); 2059 } 2060 ocontext_destroy(newc, OCON_FSUSE); 2061 2062 return rc; 2063 } 2064 2065 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2066 void *fp) 2067 { 2068 int i, j, rc; 2069 u32 nel, len; 2070 __be64 prefixbuf[1]; 2071 __le32 buf[3]; 2072 struct ocontext *l, *c; 2073 u32 nodebuf[8]; 2074 2075 for (i = 0; i < info->ocon_num; i++) { 2076 rc = next_entry(buf, fp, sizeof(u32)); 2077 if (rc) 2078 goto out; 2079 nel = le32_to_cpu(buf[0]); 2080 2081 l = NULL; 2082 for (j = 0; j < nel; j++) { 2083 rc = -ENOMEM; 2084 c = kzalloc(sizeof(*c), GFP_KERNEL); 2085 if (!c) 2086 goto out; 2087 if (l) 2088 l->next = c; 2089 else 2090 p->ocontexts[i] = c; 2091 l = c; 2092 2093 switch (i) { 2094 case OCON_ISID: 2095 rc = next_entry(buf, fp, sizeof(u32)); 2096 if (rc) 2097 goto out; 2098 2099 c->sid[0] = le32_to_cpu(buf[0]); 2100 rc = context_read_and_validate(&c->context[0], p, fp); 2101 if (rc) 2102 goto out; 2103 break; 2104 case OCON_FS: 2105 case OCON_NETIF: 2106 rc = next_entry(buf, fp, sizeof(u32)); 2107 if (rc) 2108 goto out; 2109 len = le32_to_cpu(buf[0]); 2110 2111 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2112 if (rc) 2113 goto out; 2114 2115 rc = context_read_and_validate(&c->context[0], p, fp); 2116 if (rc) 2117 goto out; 2118 rc = context_read_and_validate(&c->context[1], p, fp); 2119 if (rc) 2120 goto out; 2121 break; 2122 case OCON_PORT: 2123 rc = next_entry(buf, fp, sizeof(u32)*3); 2124 if (rc) 2125 goto out; 2126 c->u.port.protocol = le32_to_cpu(buf[0]); 2127 c->u.port.low_port = le32_to_cpu(buf[1]); 2128 c->u.port.high_port = le32_to_cpu(buf[2]); 2129 rc = context_read_and_validate(&c->context[0], p, fp); 2130 if (rc) 2131 goto out; 2132 break; 2133 case OCON_NODE: 2134 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2135 if (rc) 2136 goto out; 2137 c->u.node.addr = nodebuf[0]; /* network order */ 2138 c->u.node.mask = nodebuf[1]; /* network order */ 2139 rc = context_read_and_validate(&c->context[0], p, fp); 2140 if (rc) 2141 goto out; 2142 break; 2143 case OCON_FSUSE: 2144 rc = next_entry(buf, fp, sizeof(u32)*2); 2145 if (rc) 2146 goto out; 2147 2148 rc = -EINVAL; 2149 c->v.behavior = le32_to_cpu(buf[0]); 2150 /* Determined at runtime, not in policy DB. */ 2151 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2152 goto out; 2153 if (c->v.behavior > SECURITY_FS_USE_MAX) 2154 goto out; 2155 2156 len = le32_to_cpu(buf[1]); 2157 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2158 if (rc) 2159 goto out; 2160 2161 rc = context_read_and_validate(&c->context[0], p, fp); 2162 if (rc) 2163 goto out; 2164 break; 2165 case OCON_NODE6: { 2166 int k; 2167 2168 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2169 if (rc) 2170 goto out; 2171 for (k = 0; k < 4; k++) 2172 c->u.node6.addr[k] = nodebuf[k]; 2173 for (k = 0; k < 4; k++) 2174 c->u.node6.mask[k] = nodebuf[k+4]; 2175 rc = context_read_and_validate(&c->context[0], p, fp); 2176 if (rc) 2177 goto out; 2178 break; 2179 } 2180 case OCON_IBPKEY: { 2181 u32 pkey_lo, pkey_hi; 2182 2183 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2184 if (rc) 2185 goto out; 2186 2187 /* we need to have subnet_prefix in CPU order */ 2188 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2189 2190 rc = next_entry(buf, fp, sizeof(u32) * 2); 2191 if (rc) 2192 goto out; 2193 2194 pkey_lo = le32_to_cpu(buf[0]); 2195 pkey_hi = le32_to_cpu(buf[1]); 2196 2197 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2198 rc = -EINVAL; 2199 goto out; 2200 } 2201 2202 c->u.ibpkey.low_pkey = pkey_lo; 2203 c->u.ibpkey.high_pkey = pkey_hi; 2204 2205 rc = context_read_and_validate(&c->context[0], 2206 p, 2207 fp); 2208 if (rc) 2209 goto out; 2210 break; 2211 } 2212 case OCON_IBENDPORT: { 2213 u32 port; 2214 2215 rc = next_entry(buf, fp, sizeof(u32) * 2); 2216 if (rc) 2217 goto out; 2218 len = le32_to_cpu(buf[0]); 2219 2220 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2221 if (rc) 2222 goto out; 2223 2224 port = le32_to_cpu(buf[1]); 2225 if (port > U8_MAX || port == 0) { 2226 rc = -EINVAL; 2227 goto out; 2228 } 2229 2230 c->u.ibendport.port = port; 2231 2232 rc = context_read_and_validate(&c->context[0], 2233 p, 2234 fp); 2235 if (rc) 2236 goto out; 2237 break; 2238 } /* end case */ 2239 } /* end switch */ 2240 } 2241 } 2242 rc = 0; 2243 out: 2244 return rc; 2245 } 2246 2247 /* 2248 * Read the configuration data from a policy database binary 2249 * representation file into a policy database structure. 2250 */ 2251 int policydb_read(struct policydb *p, void *fp) 2252 { 2253 struct role_allow *ra, *lra; 2254 struct role_trans *tr, *ltr; 2255 int i, j, rc; 2256 __le32 buf[4]; 2257 u32 len, nprim, nel; 2258 2259 char *policydb_str; 2260 struct policydb_compat_info *info; 2261 2262 rc = policydb_init(p); 2263 if (rc) 2264 return rc; 2265 2266 /* Read the magic number and string length. */ 2267 rc = next_entry(buf, fp, sizeof(u32) * 2); 2268 if (rc) 2269 goto bad; 2270 2271 rc = -EINVAL; 2272 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2273 pr_err("SELinux: policydb magic number 0x%x does " 2274 "not match expected magic number 0x%x\n", 2275 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2276 goto bad; 2277 } 2278 2279 rc = -EINVAL; 2280 len = le32_to_cpu(buf[1]); 2281 if (len != strlen(POLICYDB_STRING)) { 2282 pr_err("SELinux: policydb string length %d does not " 2283 "match expected length %zu\n", 2284 len, strlen(POLICYDB_STRING)); 2285 goto bad; 2286 } 2287 2288 rc = -ENOMEM; 2289 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2290 if (!policydb_str) { 2291 pr_err("SELinux: unable to allocate memory for policydb " 2292 "string of length %d\n", len); 2293 goto bad; 2294 } 2295 2296 rc = next_entry(policydb_str, fp, len); 2297 if (rc) { 2298 pr_err("SELinux: truncated policydb string identifier\n"); 2299 kfree(policydb_str); 2300 goto bad; 2301 } 2302 2303 rc = -EINVAL; 2304 policydb_str[len] = '\0'; 2305 if (strcmp(policydb_str, POLICYDB_STRING)) { 2306 pr_err("SELinux: policydb string %s does not match " 2307 "my string %s\n", policydb_str, POLICYDB_STRING); 2308 kfree(policydb_str); 2309 goto bad; 2310 } 2311 /* Done with policydb_str. */ 2312 kfree(policydb_str); 2313 policydb_str = NULL; 2314 2315 /* Read the version and table sizes. */ 2316 rc = next_entry(buf, fp, sizeof(u32)*4); 2317 if (rc) 2318 goto bad; 2319 2320 rc = -EINVAL; 2321 p->policyvers = le32_to_cpu(buf[0]); 2322 if (p->policyvers < POLICYDB_VERSION_MIN || 2323 p->policyvers > POLICYDB_VERSION_MAX) { 2324 pr_err("SELinux: policydb version %d does not match " 2325 "my version range %d-%d\n", 2326 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2327 goto bad; 2328 } 2329 2330 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2331 p->mls_enabled = 1; 2332 2333 rc = -EINVAL; 2334 if (p->policyvers < POLICYDB_VERSION_MLS) { 2335 pr_err("SELinux: security policydb version %d " 2336 "(MLS) not backwards compatible\n", 2337 p->policyvers); 2338 goto bad; 2339 } 2340 } 2341 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2342 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2343 2344 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2345 rc = ebitmap_read(&p->policycaps, fp); 2346 if (rc) 2347 goto bad; 2348 } 2349 2350 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2351 rc = ebitmap_read(&p->permissive_map, fp); 2352 if (rc) 2353 goto bad; 2354 } 2355 2356 rc = -EINVAL; 2357 info = policydb_lookup_compat(p->policyvers); 2358 if (!info) { 2359 pr_err("SELinux: unable to find policy compat info " 2360 "for version %d\n", p->policyvers); 2361 goto bad; 2362 } 2363 2364 rc = -EINVAL; 2365 if (le32_to_cpu(buf[2]) != info->sym_num || 2366 le32_to_cpu(buf[3]) != info->ocon_num) { 2367 pr_err("SELinux: policydb table sizes (%d,%d) do " 2368 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2369 le32_to_cpu(buf[3]), 2370 info->sym_num, info->ocon_num); 2371 goto bad; 2372 } 2373 2374 for (i = 0; i < info->sym_num; i++) { 2375 rc = next_entry(buf, fp, sizeof(u32)*2); 2376 if (rc) 2377 goto bad; 2378 nprim = le32_to_cpu(buf[0]); 2379 nel = le32_to_cpu(buf[1]); 2380 2381 rc = symtab_init(&p->symtab[i], nel); 2382 if (rc) 2383 goto out; 2384 2385 if (i == SYM_ROLES) { 2386 rc = roles_init(p); 2387 if (rc) 2388 goto out; 2389 } 2390 2391 for (j = 0; j < nel; j++) { 2392 rc = read_f[i](p, p->symtab[i].table, fp); 2393 if (rc) 2394 goto bad; 2395 } 2396 2397 p->symtab[i].nprim = nprim; 2398 } 2399 2400 rc = -EINVAL; 2401 p->process_class = string_to_security_class(p, "process"); 2402 if (!p->process_class) 2403 goto bad; 2404 2405 rc = avtab_read(&p->te_avtab, fp, p); 2406 if (rc) 2407 goto bad; 2408 2409 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2410 rc = cond_read_list(p, fp); 2411 if (rc) 2412 goto bad; 2413 } 2414 2415 rc = next_entry(buf, fp, sizeof(u32)); 2416 if (rc) 2417 goto bad; 2418 nel = le32_to_cpu(buf[0]); 2419 ltr = NULL; 2420 for (i = 0; i < nel; i++) { 2421 rc = -ENOMEM; 2422 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2423 if (!tr) 2424 goto bad; 2425 if (ltr) 2426 ltr->next = tr; 2427 else 2428 p->role_tr = tr; 2429 rc = next_entry(buf, fp, sizeof(u32)*3); 2430 if (rc) 2431 goto bad; 2432 2433 rc = -EINVAL; 2434 tr->role = le32_to_cpu(buf[0]); 2435 tr->type = le32_to_cpu(buf[1]); 2436 tr->new_role = le32_to_cpu(buf[2]); 2437 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2438 rc = next_entry(buf, fp, sizeof(u32)); 2439 if (rc) 2440 goto bad; 2441 tr->tclass = le32_to_cpu(buf[0]); 2442 } else 2443 tr->tclass = p->process_class; 2444 2445 rc = -EINVAL; 2446 if (!policydb_role_isvalid(p, tr->role) || 2447 !policydb_type_isvalid(p, tr->type) || 2448 !policydb_class_isvalid(p, tr->tclass) || 2449 !policydb_role_isvalid(p, tr->new_role)) 2450 goto bad; 2451 ltr = tr; 2452 } 2453 2454 rc = next_entry(buf, fp, sizeof(u32)); 2455 if (rc) 2456 goto bad; 2457 nel = le32_to_cpu(buf[0]); 2458 lra = NULL; 2459 for (i = 0; i < nel; i++) { 2460 rc = -ENOMEM; 2461 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2462 if (!ra) 2463 goto bad; 2464 if (lra) 2465 lra->next = ra; 2466 else 2467 p->role_allow = ra; 2468 rc = next_entry(buf, fp, sizeof(u32)*2); 2469 if (rc) 2470 goto bad; 2471 2472 rc = -EINVAL; 2473 ra->role = le32_to_cpu(buf[0]); 2474 ra->new_role = le32_to_cpu(buf[1]); 2475 if (!policydb_role_isvalid(p, ra->role) || 2476 !policydb_role_isvalid(p, ra->new_role)) 2477 goto bad; 2478 lra = ra; 2479 } 2480 2481 rc = filename_trans_read(p, fp); 2482 if (rc) 2483 goto bad; 2484 2485 rc = policydb_index(p); 2486 if (rc) 2487 goto bad; 2488 2489 rc = -EINVAL; 2490 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2491 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2492 if (!p->process_trans_perms) 2493 goto bad; 2494 2495 rc = ocontext_read(p, info, fp); 2496 if (rc) 2497 goto bad; 2498 2499 rc = genfs_read(p, fp); 2500 if (rc) 2501 goto bad; 2502 2503 rc = range_read(p, fp); 2504 if (rc) 2505 goto bad; 2506 2507 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2508 sizeof(*p->type_attr_map_array), 2509 GFP_KERNEL); 2510 if (!p->type_attr_map_array) 2511 goto bad; 2512 2513 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2514 for (i = 0; i < p->p_types.nprim; i++) 2515 ebitmap_init(&p->type_attr_map_array[i]); 2516 2517 for (i = 0; i < p->p_types.nprim; i++) { 2518 struct ebitmap *e = &p->type_attr_map_array[i]; 2519 2520 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2521 rc = ebitmap_read(e, fp); 2522 if (rc) 2523 goto bad; 2524 } 2525 /* add the type itself as the degenerate case */ 2526 rc = ebitmap_set_bit(e, i, 1); 2527 if (rc) 2528 goto bad; 2529 } 2530 2531 rc = policydb_bounds_sanity_check(p); 2532 if (rc) 2533 goto bad; 2534 2535 rc = 0; 2536 out: 2537 return rc; 2538 bad: 2539 policydb_destroy(p); 2540 goto out; 2541 } 2542 2543 /* 2544 * Write a MLS level structure to a policydb binary 2545 * representation file. 2546 */ 2547 static int mls_write_level(struct mls_level *l, void *fp) 2548 { 2549 __le32 buf[1]; 2550 int rc; 2551 2552 buf[0] = cpu_to_le32(l->sens); 2553 rc = put_entry(buf, sizeof(u32), 1, fp); 2554 if (rc) 2555 return rc; 2556 2557 rc = ebitmap_write(&l->cat, fp); 2558 if (rc) 2559 return rc; 2560 2561 return 0; 2562 } 2563 2564 /* 2565 * Write a MLS range structure to a policydb binary 2566 * representation file. 2567 */ 2568 static int mls_write_range_helper(struct mls_range *r, void *fp) 2569 { 2570 __le32 buf[3]; 2571 size_t items; 2572 int rc, eq; 2573 2574 eq = mls_level_eq(&r->level[1], &r->level[0]); 2575 2576 if (eq) 2577 items = 2; 2578 else 2579 items = 3; 2580 buf[0] = cpu_to_le32(items-1); 2581 buf[1] = cpu_to_le32(r->level[0].sens); 2582 if (!eq) 2583 buf[2] = cpu_to_le32(r->level[1].sens); 2584 2585 BUG_ON(items > ARRAY_SIZE(buf)); 2586 2587 rc = put_entry(buf, sizeof(u32), items, fp); 2588 if (rc) 2589 return rc; 2590 2591 rc = ebitmap_write(&r->level[0].cat, fp); 2592 if (rc) 2593 return rc; 2594 if (!eq) { 2595 rc = ebitmap_write(&r->level[1].cat, fp); 2596 if (rc) 2597 return rc; 2598 } 2599 2600 return 0; 2601 } 2602 2603 static int sens_write(void *vkey, void *datum, void *ptr) 2604 { 2605 char *key = vkey; 2606 struct level_datum *levdatum = datum; 2607 struct policy_data *pd = ptr; 2608 void *fp = pd->fp; 2609 __le32 buf[2]; 2610 size_t len; 2611 int rc; 2612 2613 len = strlen(key); 2614 buf[0] = cpu_to_le32(len); 2615 buf[1] = cpu_to_le32(levdatum->isalias); 2616 rc = put_entry(buf, sizeof(u32), 2, fp); 2617 if (rc) 2618 return rc; 2619 2620 rc = put_entry(key, 1, len, fp); 2621 if (rc) 2622 return rc; 2623 2624 rc = mls_write_level(levdatum->level, fp); 2625 if (rc) 2626 return rc; 2627 2628 return 0; 2629 } 2630 2631 static int cat_write(void *vkey, void *datum, void *ptr) 2632 { 2633 char *key = vkey; 2634 struct cat_datum *catdatum = datum; 2635 struct policy_data *pd = ptr; 2636 void *fp = pd->fp; 2637 __le32 buf[3]; 2638 size_t len; 2639 int rc; 2640 2641 len = strlen(key); 2642 buf[0] = cpu_to_le32(len); 2643 buf[1] = cpu_to_le32(catdatum->value); 2644 buf[2] = cpu_to_le32(catdatum->isalias); 2645 rc = put_entry(buf, sizeof(u32), 3, fp); 2646 if (rc) 2647 return rc; 2648 2649 rc = put_entry(key, 1, len, fp); 2650 if (rc) 2651 return rc; 2652 2653 return 0; 2654 } 2655 2656 static int role_trans_write(struct policydb *p, void *fp) 2657 { 2658 struct role_trans *r = p->role_tr; 2659 struct role_trans *tr; 2660 __le32 buf[3]; 2661 size_t nel; 2662 int rc; 2663 2664 nel = 0; 2665 for (tr = r; tr; tr = tr->next) 2666 nel++; 2667 buf[0] = cpu_to_le32(nel); 2668 rc = put_entry(buf, sizeof(u32), 1, fp); 2669 if (rc) 2670 return rc; 2671 for (tr = r; tr; tr = tr->next) { 2672 buf[0] = cpu_to_le32(tr->role); 2673 buf[1] = cpu_to_le32(tr->type); 2674 buf[2] = cpu_to_le32(tr->new_role); 2675 rc = put_entry(buf, sizeof(u32), 3, fp); 2676 if (rc) 2677 return rc; 2678 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2679 buf[0] = cpu_to_le32(tr->tclass); 2680 rc = put_entry(buf, sizeof(u32), 1, fp); 2681 if (rc) 2682 return rc; 2683 } 2684 } 2685 2686 return 0; 2687 } 2688 2689 static int role_allow_write(struct role_allow *r, void *fp) 2690 { 2691 struct role_allow *ra; 2692 __le32 buf[2]; 2693 size_t nel; 2694 int rc; 2695 2696 nel = 0; 2697 for (ra = r; ra; ra = ra->next) 2698 nel++; 2699 buf[0] = cpu_to_le32(nel); 2700 rc = put_entry(buf, sizeof(u32), 1, fp); 2701 if (rc) 2702 return rc; 2703 for (ra = r; ra; ra = ra->next) { 2704 buf[0] = cpu_to_le32(ra->role); 2705 buf[1] = cpu_to_le32(ra->new_role); 2706 rc = put_entry(buf, sizeof(u32), 2, fp); 2707 if (rc) 2708 return rc; 2709 } 2710 return 0; 2711 } 2712 2713 /* 2714 * Write a security context structure 2715 * to a policydb binary representation file. 2716 */ 2717 static int context_write(struct policydb *p, struct context *c, 2718 void *fp) 2719 { 2720 int rc; 2721 __le32 buf[3]; 2722 2723 buf[0] = cpu_to_le32(c->user); 2724 buf[1] = cpu_to_le32(c->role); 2725 buf[2] = cpu_to_le32(c->type); 2726 2727 rc = put_entry(buf, sizeof(u32), 3, fp); 2728 if (rc) 2729 return rc; 2730 2731 rc = mls_write_range_helper(&c->range, fp); 2732 if (rc) 2733 return rc; 2734 2735 return 0; 2736 } 2737 2738 /* 2739 * The following *_write functions are used to 2740 * write the symbol data to a policy database 2741 * binary representation file. 2742 */ 2743 2744 static int perm_write(void *vkey, void *datum, void *fp) 2745 { 2746 char *key = vkey; 2747 struct perm_datum *perdatum = datum; 2748 __le32 buf[2]; 2749 size_t len; 2750 int rc; 2751 2752 len = strlen(key); 2753 buf[0] = cpu_to_le32(len); 2754 buf[1] = cpu_to_le32(perdatum->value); 2755 rc = put_entry(buf, sizeof(u32), 2, fp); 2756 if (rc) 2757 return rc; 2758 2759 rc = put_entry(key, 1, len, fp); 2760 if (rc) 2761 return rc; 2762 2763 return 0; 2764 } 2765 2766 static int common_write(void *vkey, void *datum, void *ptr) 2767 { 2768 char *key = vkey; 2769 struct common_datum *comdatum = datum; 2770 struct policy_data *pd = ptr; 2771 void *fp = pd->fp; 2772 __le32 buf[4]; 2773 size_t len; 2774 int rc; 2775 2776 len = strlen(key); 2777 buf[0] = cpu_to_le32(len); 2778 buf[1] = cpu_to_le32(comdatum->value); 2779 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2780 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2781 rc = put_entry(buf, sizeof(u32), 4, fp); 2782 if (rc) 2783 return rc; 2784 2785 rc = put_entry(key, 1, len, fp); 2786 if (rc) 2787 return rc; 2788 2789 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2790 if (rc) 2791 return rc; 2792 2793 return 0; 2794 } 2795 2796 static int type_set_write(struct type_set *t, void *fp) 2797 { 2798 int rc; 2799 __le32 buf[1]; 2800 2801 if (ebitmap_write(&t->types, fp)) 2802 return -EINVAL; 2803 if (ebitmap_write(&t->negset, fp)) 2804 return -EINVAL; 2805 2806 buf[0] = cpu_to_le32(t->flags); 2807 rc = put_entry(buf, sizeof(u32), 1, fp); 2808 if (rc) 2809 return -EINVAL; 2810 2811 return 0; 2812 } 2813 2814 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2815 void *fp) 2816 { 2817 struct constraint_node *c; 2818 struct constraint_expr *e; 2819 __le32 buf[3]; 2820 u32 nel; 2821 int rc; 2822 2823 for (c = node; c; c = c->next) { 2824 nel = 0; 2825 for (e = c->expr; e; e = e->next) 2826 nel++; 2827 buf[0] = cpu_to_le32(c->permissions); 2828 buf[1] = cpu_to_le32(nel); 2829 rc = put_entry(buf, sizeof(u32), 2, fp); 2830 if (rc) 2831 return rc; 2832 for (e = c->expr; e; e = e->next) { 2833 buf[0] = cpu_to_le32(e->expr_type); 2834 buf[1] = cpu_to_le32(e->attr); 2835 buf[2] = cpu_to_le32(e->op); 2836 rc = put_entry(buf, sizeof(u32), 3, fp); 2837 if (rc) 2838 return rc; 2839 2840 switch (e->expr_type) { 2841 case CEXPR_NAMES: 2842 rc = ebitmap_write(&e->names, fp); 2843 if (rc) 2844 return rc; 2845 if (p->policyvers >= 2846 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2847 rc = type_set_write(e->type_names, fp); 2848 if (rc) 2849 return rc; 2850 } 2851 break; 2852 default: 2853 break; 2854 } 2855 } 2856 } 2857 2858 return 0; 2859 } 2860 2861 static int class_write(void *vkey, void *datum, void *ptr) 2862 { 2863 char *key = vkey; 2864 struct class_datum *cladatum = datum; 2865 struct policy_data *pd = ptr; 2866 void *fp = pd->fp; 2867 struct policydb *p = pd->p; 2868 struct constraint_node *c; 2869 __le32 buf[6]; 2870 u32 ncons; 2871 size_t len, len2; 2872 int rc; 2873 2874 len = strlen(key); 2875 if (cladatum->comkey) 2876 len2 = strlen(cladatum->comkey); 2877 else 2878 len2 = 0; 2879 2880 ncons = 0; 2881 for (c = cladatum->constraints; c; c = c->next) 2882 ncons++; 2883 2884 buf[0] = cpu_to_le32(len); 2885 buf[1] = cpu_to_le32(len2); 2886 buf[2] = cpu_to_le32(cladatum->value); 2887 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2888 if (cladatum->permissions.table) 2889 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2890 else 2891 buf[4] = 0; 2892 buf[5] = cpu_to_le32(ncons); 2893 rc = put_entry(buf, sizeof(u32), 6, fp); 2894 if (rc) 2895 return rc; 2896 2897 rc = put_entry(key, 1, len, fp); 2898 if (rc) 2899 return rc; 2900 2901 if (cladatum->comkey) { 2902 rc = put_entry(cladatum->comkey, 1, len2, fp); 2903 if (rc) 2904 return rc; 2905 } 2906 2907 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2908 if (rc) 2909 return rc; 2910 2911 rc = write_cons_helper(p, cladatum->constraints, fp); 2912 if (rc) 2913 return rc; 2914 2915 /* write out the validatetrans rule */ 2916 ncons = 0; 2917 for (c = cladatum->validatetrans; c; c = c->next) 2918 ncons++; 2919 2920 buf[0] = cpu_to_le32(ncons); 2921 rc = put_entry(buf, sizeof(u32), 1, fp); 2922 if (rc) 2923 return rc; 2924 2925 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2926 if (rc) 2927 return rc; 2928 2929 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2930 buf[0] = cpu_to_le32(cladatum->default_user); 2931 buf[1] = cpu_to_le32(cladatum->default_role); 2932 buf[2] = cpu_to_le32(cladatum->default_range); 2933 2934 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2935 if (rc) 2936 return rc; 2937 } 2938 2939 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2940 buf[0] = cpu_to_le32(cladatum->default_type); 2941 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2942 if (rc) 2943 return rc; 2944 } 2945 2946 return 0; 2947 } 2948 2949 static int role_write(void *vkey, void *datum, void *ptr) 2950 { 2951 char *key = vkey; 2952 struct role_datum *role = datum; 2953 struct policy_data *pd = ptr; 2954 void *fp = pd->fp; 2955 struct policydb *p = pd->p; 2956 __le32 buf[3]; 2957 size_t items, len; 2958 int rc; 2959 2960 len = strlen(key); 2961 items = 0; 2962 buf[items++] = cpu_to_le32(len); 2963 buf[items++] = cpu_to_le32(role->value); 2964 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2965 buf[items++] = cpu_to_le32(role->bounds); 2966 2967 BUG_ON(items > ARRAY_SIZE(buf)); 2968 2969 rc = put_entry(buf, sizeof(u32), items, fp); 2970 if (rc) 2971 return rc; 2972 2973 rc = put_entry(key, 1, len, fp); 2974 if (rc) 2975 return rc; 2976 2977 rc = ebitmap_write(&role->dominates, fp); 2978 if (rc) 2979 return rc; 2980 2981 rc = ebitmap_write(&role->types, fp); 2982 if (rc) 2983 return rc; 2984 2985 return 0; 2986 } 2987 2988 static int type_write(void *vkey, void *datum, void *ptr) 2989 { 2990 char *key = vkey; 2991 struct type_datum *typdatum = datum; 2992 struct policy_data *pd = ptr; 2993 struct policydb *p = pd->p; 2994 void *fp = pd->fp; 2995 __le32 buf[4]; 2996 int rc; 2997 size_t items, len; 2998 2999 len = strlen(key); 3000 items = 0; 3001 buf[items++] = cpu_to_le32(len); 3002 buf[items++] = cpu_to_le32(typdatum->value); 3003 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3004 u32 properties = 0; 3005 3006 if (typdatum->primary) 3007 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3008 3009 if (typdatum->attribute) 3010 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3011 3012 buf[items++] = cpu_to_le32(properties); 3013 buf[items++] = cpu_to_le32(typdatum->bounds); 3014 } else { 3015 buf[items++] = cpu_to_le32(typdatum->primary); 3016 } 3017 BUG_ON(items > ARRAY_SIZE(buf)); 3018 rc = put_entry(buf, sizeof(u32), items, fp); 3019 if (rc) 3020 return rc; 3021 3022 rc = put_entry(key, 1, len, fp); 3023 if (rc) 3024 return rc; 3025 3026 return 0; 3027 } 3028 3029 static int user_write(void *vkey, void *datum, void *ptr) 3030 { 3031 char *key = vkey; 3032 struct user_datum *usrdatum = datum; 3033 struct policy_data *pd = ptr; 3034 struct policydb *p = pd->p; 3035 void *fp = pd->fp; 3036 __le32 buf[3]; 3037 size_t items, len; 3038 int rc; 3039 3040 len = strlen(key); 3041 items = 0; 3042 buf[items++] = cpu_to_le32(len); 3043 buf[items++] = cpu_to_le32(usrdatum->value); 3044 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3045 buf[items++] = cpu_to_le32(usrdatum->bounds); 3046 BUG_ON(items > ARRAY_SIZE(buf)); 3047 rc = put_entry(buf, sizeof(u32), items, fp); 3048 if (rc) 3049 return rc; 3050 3051 rc = put_entry(key, 1, len, fp); 3052 if (rc) 3053 return rc; 3054 3055 rc = ebitmap_write(&usrdatum->roles, fp); 3056 if (rc) 3057 return rc; 3058 3059 rc = mls_write_range_helper(&usrdatum->range, fp); 3060 if (rc) 3061 return rc; 3062 3063 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3064 if (rc) 3065 return rc; 3066 3067 return 0; 3068 } 3069 3070 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3071 void *datap) = 3072 { 3073 common_write, 3074 class_write, 3075 role_write, 3076 type_write, 3077 user_write, 3078 cond_write_bool, 3079 sens_write, 3080 cat_write, 3081 }; 3082 3083 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3084 void *fp) 3085 { 3086 unsigned int i, j, rc; 3087 size_t nel, len; 3088 __be64 prefixbuf[1]; 3089 __le32 buf[3]; 3090 u32 nodebuf[8]; 3091 struct ocontext *c; 3092 for (i = 0; i < info->ocon_num; i++) { 3093 nel = 0; 3094 for (c = p->ocontexts[i]; c; c = c->next) 3095 nel++; 3096 buf[0] = cpu_to_le32(nel); 3097 rc = put_entry(buf, sizeof(u32), 1, fp); 3098 if (rc) 3099 return rc; 3100 for (c = p->ocontexts[i]; c; c = c->next) { 3101 switch (i) { 3102 case OCON_ISID: 3103 buf[0] = cpu_to_le32(c->sid[0]); 3104 rc = put_entry(buf, sizeof(u32), 1, fp); 3105 if (rc) 3106 return rc; 3107 rc = context_write(p, &c->context[0], fp); 3108 if (rc) 3109 return rc; 3110 break; 3111 case OCON_FS: 3112 case OCON_NETIF: 3113 len = strlen(c->u.name); 3114 buf[0] = cpu_to_le32(len); 3115 rc = put_entry(buf, sizeof(u32), 1, fp); 3116 if (rc) 3117 return rc; 3118 rc = put_entry(c->u.name, 1, len, fp); 3119 if (rc) 3120 return rc; 3121 rc = context_write(p, &c->context[0], fp); 3122 if (rc) 3123 return rc; 3124 rc = context_write(p, &c->context[1], fp); 3125 if (rc) 3126 return rc; 3127 break; 3128 case OCON_PORT: 3129 buf[0] = cpu_to_le32(c->u.port.protocol); 3130 buf[1] = cpu_to_le32(c->u.port.low_port); 3131 buf[2] = cpu_to_le32(c->u.port.high_port); 3132 rc = put_entry(buf, sizeof(u32), 3, fp); 3133 if (rc) 3134 return rc; 3135 rc = context_write(p, &c->context[0], fp); 3136 if (rc) 3137 return rc; 3138 break; 3139 case OCON_NODE: 3140 nodebuf[0] = c->u.node.addr; /* network order */ 3141 nodebuf[1] = c->u.node.mask; /* network order */ 3142 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3143 if (rc) 3144 return rc; 3145 rc = context_write(p, &c->context[0], fp); 3146 if (rc) 3147 return rc; 3148 break; 3149 case OCON_FSUSE: 3150 buf[0] = cpu_to_le32(c->v.behavior); 3151 len = strlen(c->u.name); 3152 buf[1] = cpu_to_le32(len); 3153 rc = put_entry(buf, sizeof(u32), 2, fp); 3154 if (rc) 3155 return rc; 3156 rc = put_entry(c->u.name, 1, len, fp); 3157 if (rc) 3158 return rc; 3159 rc = context_write(p, &c->context[0], fp); 3160 if (rc) 3161 return rc; 3162 break; 3163 case OCON_NODE6: 3164 for (j = 0; j < 4; j++) 3165 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3166 for (j = 0; j < 4; j++) 3167 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3168 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3169 if (rc) 3170 return rc; 3171 rc = context_write(p, &c->context[0], fp); 3172 if (rc) 3173 return rc; 3174 break; 3175 case OCON_IBPKEY: 3176 /* subnet_prefix is in CPU order */ 3177 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3178 3179 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3180 if (rc) 3181 return rc; 3182 3183 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3184 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3185 3186 rc = put_entry(buf, sizeof(u32), 2, fp); 3187 if (rc) 3188 return rc; 3189 rc = context_write(p, &c->context[0], fp); 3190 if (rc) 3191 return rc; 3192 break; 3193 case OCON_IBENDPORT: 3194 len = strlen(c->u.ibendport.dev_name); 3195 buf[0] = cpu_to_le32(len); 3196 buf[1] = cpu_to_le32(c->u.ibendport.port); 3197 rc = put_entry(buf, sizeof(u32), 2, fp); 3198 if (rc) 3199 return rc; 3200 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3201 if (rc) 3202 return rc; 3203 rc = context_write(p, &c->context[0], fp); 3204 if (rc) 3205 return rc; 3206 break; 3207 } 3208 } 3209 } 3210 return 0; 3211 } 3212 3213 static int genfs_write(struct policydb *p, void *fp) 3214 { 3215 struct genfs *genfs; 3216 struct ocontext *c; 3217 size_t len; 3218 __le32 buf[1]; 3219 int rc; 3220 3221 len = 0; 3222 for (genfs = p->genfs; genfs; genfs = genfs->next) 3223 len++; 3224 buf[0] = cpu_to_le32(len); 3225 rc = put_entry(buf, sizeof(u32), 1, fp); 3226 if (rc) 3227 return rc; 3228 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3229 len = strlen(genfs->fstype); 3230 buf[0] = cpu_to_le32(len); 3231 rc = put_entry(buf, sizeof(u32), 1, fp); 3232 if (rc) 3233 return rc; 3234 rc = put_entry(genfs->fstype, 1, len, fp); 3235 if (rc) 3236 return rc; 3237 len = 0; 3238 for (c = genfs->head; c; c = c->next) 3239 len++; 3240 buf[0] = cpu_to_le32(len); 3241 rc = put_entry(buf, sizeof(u32), 1, fp); 3242 if (rc) 3243 return rc; 3244 for (c = genfs->head; c; c = c->next) { 3245 len = strlen(c->u.name); 3246 buf[0] = cpu_to_le32(len); 3247 rc = put_entry(buf, sizeof(u32), 1, fp); 3248 if (rc) 3249 return rc; 3250 rc = put_entry(c->u.name, 1, len, fp); 3251 if (rc) 3252 return rc; 3253 buf[0] = cpu_to_le32(c->v.sclass); 3254 rc = put_entry(buf, sizeof(u32), 1, fp); 3255 if (rc) 3256 return rc; 3257 rc = context_write(p, &c->context[0], fp); 3258 if (rc) 3259 return rc; 3260 } 3261 } 3262 return 0; 3263 } 3264 3265 static int hashtab_cnt(void *key, void *data, void *ptr) 3266 { 3267 int *cnt = ptr; 3268 *cnt = *cnt + 1; 3269 3270 return 0; 3271 } 3272 3273 static int range_write_helper(void *key, void *data, void *ptr) 3274 { 3275 __le32 buf[2]; 3276 struct range_trans *rt = key; 3277 struct mls_range *r = data; 3278 struct policy_data *pd = ptr; 3279 void *fp = pd->fp; 3280 struct policydb *p = pd->p; 3281 int rc; 3282 3283 buf[0] = cpu_to_le32(rt->source_type); 3284 buf[1] = cpu_to_le32(rt->target_type); 3285 rc = put_entry(buf, sizeof(u32), 2, fp); 3286 if (rc) 3287 return rc; 3288 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3289 buf[0] = cpu_to_le32(rt->target_class); 3290 rc = put_entry(buf, sizeof(u32), 1, fp); 3291 if (rc) 3292 return rc; 3293 } 3294 rc = mls_write_range_helper(r, fp); 3295 if (rc) 3296 return rc; 3297 3298 return 0; 3299 } 3300 3301 static int range_write(struct policydb *p, void *fp) 3302 { 3303 __le32 buf[1]; 3304 int rc, nel; 3305 struct policy_data pd; 3306 3307 pd.p = p; 3308 pd.fp = fp; 3309 3310 /* count the number of entries in the hashtab */ 3311 nel = 0; 3312 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3313 if (rc) 3314 return rc; 3315 3316 buf[0] = cpu_to_le32(nel); 3317 rc = put_entry(buf, sizeof(u32), 1, fp); 3318 if (rc) 3319 return rc; 3320 3321 /* actually write all of the entries */ 3322 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3323 if (rc) 3324 return rc; 3325 3326 return 0; 3327 } 3328 3329 static int filename_write_helper(void *key, void *data, void *ptr) 3330 { 3331 struct filename_trans_key *ft = key; 3332 struct filename_trans_datum *datum = data; 3333 struct ebitmap_node *node; 3334 void *fp = ptr; 3335 __le32 buf[4]; 3336 int rc; 3337 u32 bit, len = strlen(ft->name); 3338 3339 do { 3340 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3341 buf[0] = cpu_to_le32(len); 3342 rc = put_entry(buf, sizeof(u32), 1, fp); 3343 if (rc) 3344 return rc; 3345 3346 rc = put_entry(ft->name, sizeof(char), len, fp); 3347 if (rc) 3348 return rc; 3349 3350 buf[0] = cpu_to_le32(bit + 1); 3351 buf[1] = cpu_to_le32(ft->ttype); 3352 buf[2] = cpu_to_le32(ft->tclass); 3353 buf[3] = cpu_to_le32(datum->otype); 3354 3355 rc = put_entry(buf, sizeof(u32), 4, fp); 3356 if (rc) 3357 return rc; 3358 } 3359 3360 datum = datum->next; 3361 } while (unlikely(datum)); 3362 3363 return 0; 3364 } 3365 3366 static int filename_trans_write(struct policydb *p, void *fp) 3367 { 3368 __le32 buf[1]; 3369 int rc; 3370 3371 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3372 return 0; 3373 3374 buf[0] = cpu_to_le32(p->filename_trans_count); 3375 rc = put_entry(buf, sizeof(u32), 1, fp); 3376 if (rc) 3377 return rc; 3378 3379 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3380 if (rc) 3381 return rc; 3382 3383 return 0; 3384 } 3385 3386 /* 3387 * Write the configuration data in a policy database 3388 * structure to a policy database binary representation 3389 * file. 3390 */ 3391 int policydb_write(struct policydb *p, void *fp) 3392 { 3393 unsigned int i, num_syms; 3394 int rc; 3395 __le32 buf[4]; 3396 u32 config; 3397 size_t len; 3398 struct policydb_compat_info *info; 3399 3400 /* 3401 * refuse to write policy older than compressed avtab 3402 * to simplify the writer. There are other tests dropped 3403 * since we assume this throughout the writer code. Be 3404 * careful if you ever try to remove this restriction 3405 */ 3406 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3407 pr_err("SELinux: refusing to write policy version %d." 3408 " Because it is less than version %d\n", p->policyvers, 3409 POLICYDB_VERSION_AVTAB); 3410 return -EINVAL; 3411 } 3412 3413 config = 0; 3414 if (p->mls_enabled) 3415 config |= POLICYDB_CONFIG_MLS; 3416 3417 if (p->reject_unknown) 3418 config |= REJECT_UNKNOWN; 3419 if (p->allow_unknown) 3420 config |= ALLOW_UNKNOWN; 3421 3422 /* Write the magic number and string identifiers. */ 3423 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3424 len = strlen(POLICYDB_STRING); 3425 buf[1] = cpu_to_le32(len); 3426 rc = put_entry(buf, sizeof(u32), 2, fp); 3427 if (rc) 3428 return rc; 3429 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3430 if (rc) 3431 return rc; 3432 3433 /* Write the version, config, and table sizes. */ 3434 info = policydb_lookup_compat(p->policyvers); 3435 if (!info) { 3436 pr_err("SELinux: compatibility lookup failed for policy " 3437 "version %d", p->policyvers); 3438 return -EINVAL; 3439 } 3440 3441 buf[0] = cpu_to_le32(p->policyvers); 3442 buf[1] = cpu_to_le32(config); 3443 buf[2] = cpu_to_le32(info->sym_num); 3444 buf[3] = cpu_to_le32(info->ocon_num); 3445 3446 rc = put_entry(buf, sizeof(u32), 4, fp); 3447 if (rc) 3448 return rc; 3449 3450 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3451 rc = ebitmap_write(&p->policycaps, fp); 3452 if (rc) 3453 return rc; 3454 } 3455 3456 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3457 rc = ebitmap_write(&p->permissive_map, fp); 3458 if (rc) 3459 return rc; 3460 } 3461 3462 num_syms = info->sym_num; 3463 for (i = 0; i < num_syms; i++) { 3464 struct policy_data pd; 3465 3466 pd.fp = fp; 3467 pd.p = p; 3468 3469 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3470 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3471 3472 rc = put_entry(buf, sizeof(u32), 2, fp); 3473 if (rc) 3474 return rc; 3475 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3476 if (rc) 3477 return rc; 3478 } 3479 3480 rc = avtab_write(p, &p->te_avtab, fp); 3481 if (rc) 3482 return rc; 3483 3484 rc = cond_write_list(p, fp); 3485 if (rc) 3486 return rc; 3487 3488 rc = role_trans_write(p, fp); 3489 if (rc) 3490 return rc; 3491 3492 rc = role_allow_write(p->role_allow, fp); 3493 if (rc) 3494 return rc; 3495 3496 rc = filename_trans_write(p, fp); 3497 if (rc) 3498 return rc; 3499 3500 rc = ocontext_write(p, info, fp); 3501 if (rc) 3502 return rc; 3503 3504 rc = genfs_write(p, fp); 3505 if (rc) 3506 return rc; 3507 3508 rc = range_write(p, fp); 3509 if (rc) 3510 return rc; 3511 3512 for (i = 0; i < p->p_types.nprim; i++) { 3513 struct ebitmap *e = &p->type_attr_map_array[i]; 3514 3515 rc = ebitmap_write(e, fp); 3516 if (rc) 3517 return rc; 3518 } 3519 3520 return 0; 3521 } 3522