1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul.moore@hp.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 39 #define _DEBUG_HASHES 40 41 #ifdef DEBUG_HASHES 42 static char *symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 #endif 53 54 int selinux_mls_enabled; 55 56 static unsigned int symtab_sizes[SYM_NUM] = { 57 2, 58 32, 59 16, 60 512, 61 128, 62 16, 63 16, 64 16, 65 }; 66 67 struct policydb_compat_info { 68 int version; 69 int sym_num; 70 int ocon_num; 71 }; 72 73 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 74 static struct policydb_compat_info policydb_compat[] = { 75 { 76 .version = POLICYDB_VERSION_BASE, 77 .sym_num = SYM_NUM - 3, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_BOOL, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 1, 84 }, 85 { 86 .version = POLICYDB_VERSION_IPV6, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_NLCLASS, 92 .sym_num = SYM_NUM - 2, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_MLS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_AVTAB, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 { 106 .version = POLICYDB_VERSION_RANGETRANS, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM, 109 }, 110 { 111 .version = POLICYDB_VERSION_POLCAP, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM, 114 }, 115 { 116 .version = POLICYDB_VERSION_PERMISSIVE, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM, 119 } 120 }; 121 122 static struct policydb_compat_info *policydb_lookup_compat(int version) 123 { 124 int i; 125 struct policydb_compat_info *info = NULL; 126 127 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 128 if (policydb_compat[i].version == version) { 129 info = &policydb_compat[i]; 130 break; 131 } 132 } 133 return info; 134 } 135 136 /* 137 * Initialize the role table. 138 */ 139 static int roles_init(struct policydb *p) 140 { 141 char *key = NULL; 142 int rc; 143 struct role_datum *role; 144 145 role = kzalloc(sizeof(*role), GFP_KERNEL); 146 if (!role) { 147 rc = -ENOMEM; 148 goto out; 149 } 150 role->value = ++p->p_roles.nprim; 151 if (role->value != OBJECT_R_VAL) { 152 rc = -EINVAL; 153 goto out_free_role; 154 } 155 key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); 156 if (!key) { 157 rc = -ENOMEM; 158 goto out_free_role; 159 } 160 strcpy(key, OBJECT_R); 161 rc = hashtab_insert(p->p_roles.table, key, role); 162 if (rc) 163 goto out_free_key; 164 out: 165 return rc; 166 167 out_free_key: 168 kfree(key); 169 out_free_role: 170 kfree(role); 171 goto out; 172 } 173 174 /* 175 * Initialize a policy database structure. 176 */ 177 static int policydb_init(struct policydb *p) 178 { 179 int i, rc; 180 181 memset(p, 0, sizeof(*p)); 182 183 for (i = 0; i < SYM_NUM; i++) { 184 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 185 if (rc) 186 goto out_free_symtab; 187 } 188 189 rc = avtab_init(&p->te_avtab); 190 if (rc) 191 goto out_free_symtab; 192 193 rc = roles_init(p); 194 if (rc) 195 goto out_free_symtab; 196 197 rc = cond_policydb_init(p); 198 if (rc) 199 goto out_free_symtab; 200 201 ebitmap_init(&p->policycaps); 202 ebitmap_init(&p->permissive_map); 203 204 out: 205 return rc; 206 207 out_free_symtab: 208 for (i = 0; i < SYM_NUM; i++) 209 hashtab_destroy(p->symtab[i].table); 210 goto out; 211 } 212 213 /* 214 * The following *_index functions are used to 215 * define the val_to_name and val_to_struct arrays 216 * in a policy database structure. The val_to_name 217 * arrays are used when converting security context 218 * structures into string representations. The 219 * val_to_struct arrays are used when the attributes 220 * of a class, role, or user are needed. 221 */ 222 223 static int common_index(void *key, void *datum, void *datap) 224 { 225 struct policydb *p; 226 struct common_datum *comdatum; 227 228 comdatum = datum; 229 p = datap; 230 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 231 return -EINVAL; 232 p->p_common_val_to_name[comdatum->value - 1] = key; 233 return 0; 234 } 235 236 static int class_index(void *key, void *datum, void *datap) 237 { 238 struct policydb *p; 239 struct class_datum *cladatum; 240 241 cladatum = datum; 242 p = datap; 243 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 244 return -EINVAL; 245 p->p_class_val_to_name[cladatum->value - 1] = key; 246 p->class_val_to_struct[cladatum->value - 1] = cladatum; 247 return 0; 248 } 249 250 static int role_index(void *key, void *datum, void *datap) 251 { 252 struct policydb *p; 253 struct role_datum *role; 254 255 role = datum; 256 p = datap; 257 if (!role->value || role->value > p->p_roles.nprim) 258 return -EINVAL; 259 p->p_role_val_to_name[role->value - 1] = key; 260 p->role_val_to_struct[role->value - 1] = role; 261 return 0; 262 } 263 264 static int type_index(void *key, void *datum, void *datap) 265 { 266 struct policydb *p; 267 struct type_datum *typdatum; 268 269 typdatum = datum; 270 p = datap; 271 272 if (typdatum->primary) { 273 if (!typdatum->value || typdatum->value > p->p_types.nprim) 274 return -EINVAL; 275 p->p_type_val_to_name[typdatum->value - 1] = key; 276 } 277 278 return 0; 279 } 280 281 static int user_index(void *key, void *datum, void *datap) 282 { 283 struct policydb *p; 284 struct user_datum *usrdatum; 285 286 usrdatum = datum; 287 p = datap; 288 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 289 return -EINVAL; 290 p->p_user_val_to_name[usrdatum->value - 1] = key; 291 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 292 return 0; 293 } 294 295 static int sens_index(void *key, void *datum, void *datap) 296 { 297 struct policydb *p; 298 struct level_datum *levdatum; 299 300 levdatum = datum; 301 p = datap; 302 303 if (!levdatum->isalias) { 304 if (!levdatum->level->sens || 305 levdatum->level->sens > p->p_levels.nprim) 306 return -EINVAL; 307 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 308 } 309 310 return 0; 311 } 312 313 static int cat_index(void *key, void *datum, void *datap) 314 { 315 struct policydb *p; 316 struct cat_datum *catdatum; 317 318 catdatum = datum; 319 p = datap; 320 321 if (!catdatum->isalias) { 322 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 323 return -EINVAL; 324 p->p_cat_val_to_name[catdatum->value - 1] = key; 325 } 326 327 return 0; 328 } 329 330 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 331 { 332 common_index, 333 class_index, 334 role_index, 335 type_index, 336 user_index, 337 cond_index_bool, 338 sens_index, 339 cat_index, 340 }; 341 342 /* 343 * Define the common val_to_name array and the class 344 * val_to_name and val_to_struct arrays in a policy 345 * database structure. 346 * 347 * Caller must clean up upon failure. 348 */ 349 static int policydb_index_classes(struct policydb *p) 350 { 351 int rc; 352 353 p->p_common_val_to_name = 354 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 355 if (!p->p_common_val_to_name) { 356 rc = -ENOMEM; 357 goto out; 358 } 359 360 rc = hashtab_map(p->p_commons.table, common_index, p); 361 if (rc) 362 goto out; 363 364 p->class_val_to_struct = 365 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 366 if (!p->class_val_to_struct) { 367 rc = -ENOMEM; 368 goto out; 369 } 370 371 p->p_class_val_to_name = 372 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 373 if (!p->p_class_val_to_name) { 374 rc = -ENOMEM; 375 goto out; 376 } 377 378 rc = hashtab_map(p->p_classes.table, class_index, p); 379 out: 380 return rc; 381 } 382 383 #ifdef DEBUG_HASHES 384 static void symtab_hash_eval(struct symtab *s) 385 { 386 int i; 387 388 for (i = 0; i < SYM_NUM; i++) { 389 struct hashtab *h = s[i].table; 390 struct hashtab_info info; 391 392 hashtab_stat(h, &info); 393 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 394 "longest chain length %d\n", symtab_name[i], h->nel, 395 info.slots_used, h->size, info.max_chain_len); 396 } 397 } 398 #endif 399 400 /* 401 * Define the other val_to_name and val_to_struct arrays 402 * in a policy database structure. 403 * 404 * Caller must clean up on failure. 405 */ 406 static int policydb_index_others(struct policydb *p) 407 { 408 int i, rc = 0; 409 410 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 411 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 412 if (selinux_mls_enabled) 413 printk(", %d sens, %d cats", p->p_levels.nprim, 414 p->p_cats.nprim); 415 printk("\n"); 416 417 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 418 p->p_classes.nprim, p->te_avtab.nel); 419 420 #ifdef DEBUG_HASHES 421 avtab_hash_eval(&p->te_avtab, "rules"); 422 symtab_hash_eval(p->symtab); 423 #endif 424 425 p->role_val_to_struct = 426 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 427 GFP_KERNEL); 428 if (!p->role_val_to_struct) { 429 rc = -ENOMEM; 430 goto out; 431 } 432 433 p->user_val_to_struct = 434 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 435 GFP_KERNEL); 436 if (!p->user_val_to_struct) { 437 rc = -ENOMEM; 438 goto out; 439 } 440 441 if (cond_init_bool_indexes(p)) { 442 rc = -ENOMEM; 443 goto out; 444 } 445 446 for (i = SYM_ROLES; i < SYM_NUM; i++) { 447 p->sym_val_to_name[i] = 448 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 449 if (!p->sym_val_to_name[i]) { 450 rc = -ENOMEM; 451 goto out; 452 } 453 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 454 if (rc) 455 goto out; 456 } 457 458 out: 459 return rc; 460 } 461 462 /* 463 * The following *_destroy functions are used to 464 * free any memory allocated for each kind of 465 * symbol data in the policy database. 466 */ 467 468 static int perm_destroy(void *key, void *datum, void *p) 469 { 470 kfree(key); 471 kfree(datum); 472 return 0; 473 } 474 475 static int common_destroy(void *key, void *datum, void *p) 476 { 477 struct common_datum *comdatum; 478 479 kfree(key); 480 comdatum = datum; 481 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 482 hashtab_destroy(comdatum->permissions.table); 483 kfree(datum); 484 return 0; 485 } 486 487 static int cls_destroy(void *key, void *datum, void *p) 488 { 489 struct class_datum *cladatum; 490 struct constraint_node *constraint, *ctemp; 491 struct constraint_expr *e, *etmp; 492 493 kfree(key); 494 cladatum = datum; 495 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 496 hashtab_destroy(cladatum->permissions.table); 497 constraint = cladatum->constraints; 498 while (constraint) { 499 e = constraint->expr; 500 while (e) { 501 ebitmap_destroy(&e->names); 502 etmp = e; 503 e = e->next; 504 kfree(etmp); 505 } 506 ctemp = constraint; 507 constraint = constraint->next; 508 kfree(ctemp); 509 } 510 511 constraint = cladatum->validatetrans; 512 while (constraint) { 513 e = constraint->expr; 514 while (e) { 515 ebitmap_destroy(&e->names); 516 etmp = e; 517 e = e->next; 518 kfree(etmp); 519 } 520 ctemp = constraint; 521 constraint = constraint->next; 522 kfree(ctemp); 523 } 524 525 kfree(cladatum->comkey); 526 kfree(datum); 527 return 0; 528 } 529 530 static int role_destroy(void *key, void *datum, void *p) 531 { 532 struct role_datum *role; 533 534 kfree(key); 535 role = datum; 536 ebitmap_destroy(&role->dominates); 537 ebitmap_destroy(&role->types); 538 kfree(datum); 539 return 0; 540 } 541 542 static int type_destroy(void *key, void *datum, void *p) 543 { 544 kfree(key); 545 kfree(datum); 546 return 0; 547 } 548 549 static int user_destroy(void *key, void *datum, void *p) 550 { 551 struct user_datum *usrdatum; 552 553 kfree(key); 554 usrdatum = datum; 555 ebitmap_destroy(&usrdatum->roles); 556 ebitmap_destroy(&usrdatum->range.level[0].cat); 557 ebitmap_destroy(&usrdatum->range.level[1].cat); 558 ebitmap_destroy(&usrdatum->dfltlevel.cat); 559 kfree(datum); 560 return 0; 561 } 562 563 static int sens_destroy(void *key, void *datum, void *p) 564 { 565 struct level_datum *levdatum; 566 567 kfree(key); 568 levdatum = datum; 569 ebitmap_destroy(&levdatum->level->cat); 570 kfree(levdatum->level); 571 kfree(datum); 572 return 0; 573 } 574 575 static int cat_destroy(void *key, void *datum, void *p) 576 { 577 kfree(key); 578 kfree(datum); 579 return 0; 580 } 581 582 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 583 { 584 common_destroy, 585 cls_destroy, 586 role_destroy, 587 type_destroy, 588 user_destroy, 589 cond_destroy_bool, 590 sens_destroy, 591 cat_destroy, 592 }; 593 594 static void ocontext_destroy(struct ocontext *c, int i) 595 { 596 context_destroy(&c->context[0]); 597 context_destroy(&c->context[1]); 598 if (i == OCON_ISID || i == OCON_FS || 599 i == OCON_NETIF || i == OCON_FSUSE) 600 kfree(c->u.name); 601 kfree(c); 602 } 603 604 /* 605 * Free any memory allocated by a policy database structure. 606 */ 607 void policydb_destroy(struct policydb *p) 608 { 609 struct ocontext *c, *ctmp; 610 struct genfs *g, *gtmp; 611 int i; 612 struct role_allow *ra, *lra = NULL; 613 struct role_trans *tr, *ltr = NULL; 614 struct range_trans *rt, *lrt = NULL; 615 616 for (i = 0; i < SYM_NUM; i++) { 617 cond_resched(); 618 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 619 hashtab_destroy(p->symtab[i].table); 620 } 621 622 for (i = 0; i < SYM_NUM; i++) 623 kfree(p->sym_val_to_name[i]); 624 625 kfree(p->class_val_to_struct); 626 kfree(p->role_val_to_struct); 627 kfree(p->user_val_to_struct); 628 629 avtab_destroy(&p->te_avtab); 630 631 for (i = 0; i < OCON_NUM; i++) { 632 cond_resched(); 633 c = p->ocontexts[i]; 634 while (c) { 635 ctmp = c; 636 c = c->next; 637 ocontext_destroy(ctmp, i); 638 } 639 p->ocontexts[i] = NULL; 640 } 641 642 g = p->genfs; 643 while (g) { 644 cond_resched(); 645 kfree(g->fstype); 646 c = g->head; 647 while (c) { 648 ctmp = c; 649 c = c->next; 650 ocontext_destroy(ctmp, OCON_FSUSE); 651 } 652 gtmp = g; 653 g = g->next; 654 kfree(gtmp); 655 } 656 p->genfs = NULL; 657 658 cond_policydb_destroy(p); 659 660 for (tr = p->role_tr; tr; tr = tr->next) { 661 cond_resched(); 662 kfree(ltr); 663 ltr = tr; 664 } 665 kfree(ltr); 666 667 for (ra = p->role_allow; ra; ra = ra->next) { 668 cond_resched(); 669 kfree(lra); 670 lra = ra; 671 } 672 kfree(lra); 673 674 for (rt = p->range_tr; rt; rt = rt->next) { 675 cond_resched(); 676 if (lrt) { 677 ebitmap_destroy(&lrt->target_range.level[0].cat); 678 ebitmap_destroy(&lrt->target_range.level[1].cat); 679 kfree(lrt); 680 } 681 lrt = rt; 682 } 683 if (lrt) { 684 ebitmap_destroy(&lrt->target_range.level[0].cat); 685 ebitmap_destroy(&lrt->target_range.level[1].cat); 686 kfree(lrt); 687 } 688 689 if (p->type_attr_map) { 690 for (i = 0; i < p->p_types.nprim; i++) 691 ebitmap_destroy(&p->type_attr_map[i]); 692 } 693 kfree(p->type_attr_map); 694 kfree(p->undefined_perms); 695 ebitmap_destroy(&p->policycaps); 696 ebitmap_destroy(&p->permissive_map); 697 698 return; 699 } 700 701 /* 702 * Load the initial SIDs specified in a policy database 703 * structure into a SID table. 704 */ 705 int policydb_load_isids(struct policydb *p, struct sidtab *s) 706 { 707 struct ocontext *head, *c; 708 int rc; 709 710 rc = sidtab_init(s); 711 if (rc) { 712 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 713 goto out; 714 } 715 716 head = p->ocontexts[OCON_ISID]; 717 for (c = head; c; c = c->next) { 718 if (!c->context[0].user) { 719 printk(KERN_ERR "SELinux: SID %s was never " 720 "defined.\n", c->u.name); 721 rc = -EINVAL; 722 goto out; 723 } 724 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 725 printk(KERN_ERR "SELinux: unable to load initial " 726 "SID %s.\n", c->u.name); 727 rc = -EINVAL; 728 goto out; 729 } 730 } 731 out: 732 return rc; 733 } 734 735 int policydb_class_isvalid(struct policydb *p, unsigned int class) 736 { 737 if (!class || class > p->p_classes.nprim) 738 return 0; 739 return 1; 740 } 741 742 int policydb_role_isvalid(struct policydb *p, unsigned int role) 743 { 744 if (!role || role > p->p_roles.nprim) 745 return 0; 746 return 1; 747 } 748 749 int policydb_type_isvalid(struct policydb *p, unsigned int type) 750 { 751 if (!type || type > p->p_types.nprim) 752 return 0; 753 return 1; 754 } 755 756 /* 757 * Return 1 if the fields in the security context 758 * structure `c' are valid. Return 0 otherwise. 759 */ 760 int policydb_context_isvalid(struct policydb *p, struct context *c) 761 { 762 struct role_datum *role; 763 struct user_datum *usrdatum; 764 765 if (!c->role || c->role > p->p_roles.nprim) 766 return 0; 767 768 if (!c->user || c->user > p->p_users.nprim) 769 return 0; 770 771 if (!c->type || c->type > p->p_types.nprim) 772 return 0; 773 774 if (c->role != OBJECT_R_VAL) { 775 /* 776 * Role must be authorized for the type. 777 */ 778 role = p->role_val_to_struct[c->role - 1]; 779 if (!ebitmap_get_bit(&role->types, 780 c->type - 1)) 781 /* role may not be associated with type */ 782 return 0; 783 784 /* 785 * User must be authorized for the role. 786 */ 787 usrdatum = p->user_val_to_struct[c->user - 1]; 788 if (!usrdatum) 789 return 0; 790 791 if (!ebitmap_get_bit(&usrdatum->roles, 792 c->role - 1)) 793 /* user may not be associated with role */ 794 return 0; 795 } 796 797 if (!mls_context_isvalid(p, c)) 798 return 0; 799 800 return 1; 801 } 802 803 /* 804 * Read a MLS range structure from a policydb binary 805 * representation file. 806 */ 807 static int mls_read_range_helper(struct mls_range *r, void *fp) 808 { 809 __le32 buf[2]; 810 u32 items; 811 int rc; 812 813 rc = next_entry(buf, fp, sizeof(u32)); 814 if (rc < 0) 815 goto out; 816 817 items = le32_to_cpu(buf[0]); 818 if (items > ARRAY_SIZE(buf)) { 819 printk(KERN_ERR "SELinux: mls: range overflow\n"); 820 rc = -EINVAL; 821 goto out; 822 } 823 rc = next_entry(buf, fp, sizeof(u32) * items); 824 if (rc < 0) { 825 printk(KERN_ERR "SELinux: mls: truncated range\n"); 826 goto out; 827 } 828 r->level[0].sens = le32_to_cpu(buf[0]); 829 if (items > 1) 830 r->level[1].sens = le32_to_cpu(buf[1]); 831 else 832 r->level[1].sens = r->level[0].sens; 833 834 rc = ebitmap_read(&r->level[0].cat, fp); 835 if (rc) { 836 printk(KERN_ERR "SELinux: mls: error reading low " 837 "categories\n"); 838 goto out; 839 } 840 if (items > 1) { 841 rc = ebitmap_read(&r->level[1].cat, fp); 842 if (rc) { 843 printk(KERN_ERR "SELinux: mls: error reading high " 844 "categories\n"); 845 goto bad_high; 846 } 847 } else { 848 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 849 if (rc) { 850 printk(KERN_ERR "SELinux: mls: out of memory\n"); 851 goto bad_high; 852 } 853 } 854 855 rc = 0; 856 out: 857 return rc; 858 bad_high: 859 ebitmap_destroy(&r->level[0].cat); 860 goto out; 861 } 862 863 /* 864 * Read and validate a security context structure 865 * from a policydb binary representation file. 866 */ 867 static int context_read_and_validate(struct context *c, 868 struct policydb *p, 869 void *fp) 870 { 871 __le32 buf[3]; 872 int rc; 873 874 rc = next_entry(buf, fp, sizeof buf); 875 if (rc < 0) { 876 printk(KERN_ERR "SELinux: context truncated\n"); 877 goto out; 878 } 879 c->user = le32_to_cpu(buf[0]); 880 c->role = le32_to_cpu(buf[1]); 881 c->type = le32_to_cpu(buf[2]); 882 if (p->policyvers >= POLICYDB_VERSION_MLS) { 883 if (mls_read_range_helper(&c->range, fp)) { 884 printk(KERN_ERR "SELinux: error reading MLS range of " 885 "context\n"); 886 rc = -EINVAL; 887 goto out; 888 } 889 } 890 891 if (!policydb_context_isvalid(p, c)) { 892 printk(KERN_ERR "SELinux: invalid security context\n"); 893 context_destroy(c); 894 rc = -EINVAL; 895 } 896 out: 897 return rc; 898 } 899 900 /* 901 * The following *_read functions are used to 902 * read the symbol data from a policy database 903 * binary representation file. 904 */ 905 906 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 907 { 908 char *key = NULL; 909 struct perm_datum *perdatum; 910 int rc; 911 __le32 buf[2]; 912 u32 len; 913 914 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 915 if (!perdatum) { 916 rc = -ENOMEM; 917 goto out; 918 } 919 920 rc = next_entry(buf, fp, sizeof buf); 921 if (rc < 0) 922 goto bad; 923 924 len = le32_to_cpu(buf[0]); 925 perdatum->value = le32_to_cpu(buf[1]); 926 927 key = kmalloc(len + 1, GFP_KERNEL); 928 if (!key) { 929 rc = -ENOMEM; 930 goto bad; 931 } 932 rc = next_entry(key, fp, len); 933 if (rc < 0) 934 goto bad; 935 key[len] = 0; 936 937 rc = hashtab_insert(h, key, perdatum); 938 if (rc) 939 goto bad; 940 out: 941 return rc; 942 bad: 943 perm_destroy(key, perdatum, NULL); 944 goto out; 945 } 946 947 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 948 { 949 char *key = NULL; 950 struct common_datum *comdatum; 951 __le32 buf[4]; 952 u32 len, nel; 953 int i, rc; 954 955 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 956 if (!comdatum) { 957 rc = -ENOMEM; 958 goto out; 959 } 960 961 rc = next_entry(buf, fp, sizeof buf); 962 if (rc < 0) 963 goto bad; 964 965 len = le32_to_cpu(buf[0]); 966 comdatum->value = le32_to_cpu(buf[1]); 967 968 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 969 if (rc) 970 goto bad; 971 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 972 nel = le32_to_cpu(buf[3]); 973 974 key = kmalloc(len + 1, GFP_KERNEL); 975 if (!key) { 976 rc = -ENOMEM; 977 goto bad; 978 } 979 rc = next_entry(key, fp, len); 980 if (rc < 0) 981 goto bad; 982 key[len] = 0; 983 984 for (i = 0; i < nel; i++) { 985 rc = perm_read(p, comdatum->permissions.table, fp); 986 if (rc) 987 goto bad; 988 } 989 990 rc = hashtab_insert(h, key, comdatum); 991 if (rc) 992 goto bad; 993 out: 994 return rc; 995 bad: 996 common_destroy(key, comdatum, NULL); 997 goto out; 998 } 999 1000 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1001 int allowxtarget, void *fp) 1002 { 1003 struct constraint_node *c, *lc; 1004 struct constraint_expr *e, *le; 1005 __le32 buf[3]; 1006 u32 nexpr; 1007 int rc, i, j, depth; 1008 1009 lc = NULL; 1010 for (i = 0; i < ncons; i++) { 1011 c = kzalloc(sizeof(*c), GFP_KERNEL); 1012 if (!c) 1013 return -ENOMEM; 1014 1015 if (lc) 1016 lc->next = c; 1017 else 1018 *nodep = c; 1019 1020 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1021 if (rc < 0) 1022 return rc; 1023 c->permissions = le32_to_cpu(buf[0]); 1024 nexpr = le32_to_cpu(buf[1]); 1025 le = NULL; 1026 depth = -1; 1027 for (j = 0; j < nexpr; j++) { 1028 e = kzalloc(sizeof(*e), GFP_KERNEL); 1029 if (!e) 1030 return -ENOMEM; 1031 1032 if (le) 1033 le->next = e; 1034 else 1035 c->expr = e; 1036 1037 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1038 if (rc < 0) 1039 return rc; 1040 e->expr_type = le32_to_cpu(buf[0]); 1041 e->attr = le32_to_cpu(buf[1]); 1042 e->op = le32_to_cpu(buf[2]); 1043 1044 switch (e->expr_type) { 1045 case CEXPR_NOT: 1046 if (depth < 0) 1047 return -EINVAL; 1048 break; 1049 case CEXPR_AND: 1050 case CEXPR_OR: 1051 if (depth < 1) 1052 return -EINVAL; 1053 depth--; 1054 break; 1055 case CEXPR_ATTR: 1056 if (depth == (CEXPR_MAXDEPTH - 1)) 1057 return -EINVAL; 1058 depth++; 1059 break; 1060 case CEXPR_NAMES: 1061 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1062 return -EINVAL; 1063 if (depth == (CEXPR_MAXDEPTH - 1)) 1064 return -EINVAL; 1065 depth++; 1066 if (ebitmap_read(&e->names, fp)) 1067 return -EINVAL; 1068 break; 1069 default: 1070 return -EINVAL; 1071 } 1072 le = e; 1073 } 1074 if (depth != 0) 1075 return -EINVAL; 1076 lc = c; 1077 } 1078 1079 return 0; 1080 } 1081 1082 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1083 { 1084 char *key = NULL; 1085 struct class_datum *cladatum; 1086 __le32 buf[6]; 1087 u32 len, len2, ncons, nel; 1088 int i, rc; 1089 1090 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1091 if (!cladatum) { 1092 rc = -ENOMEM; 1093 goto out; 1094 } 1095 1096 rc = next_entry(buf, fp, sizeof(u32)*6); 1097 if (rc < 0) 1098 goto bad; 1099 1100 len = le32_to_cpu(buf[0]); 1101 len2 = le32_to_cpu(buf[1]); 1102 cladatum->value = le32_to_cpu(buf[2]); 1103 1104 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1105 if (rc) 1106 goto bad; 1107 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1108 nel = le32_to_cpu(buf[4]); 1109 1110 ncons = le32_to_cpu(buf[5]); 1111 1112 key = kmalloc(len + 1, GFP_KERNEL); 1113 if (!key) { 1114 rc = -ENOMEM; 1115 goto bad; 1116 } 1117 rc = next_entry(key, fp, len); 1118 if (rc < 0) 1119 goto bad; 1120 key[len] = 0; 1121 1122 if (len2) { 1123 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1124 if (!cladatum->comkey) { 1125 rc = -ENOMEM; 1126 goto bad; 1127 } 1128 rc = next_entry(cladatum->comkey, fp, len2); 1129 if (rc < 0) 1130 goto bad; 1131 cladatum->comkey[len2] = 0; 1132 1133 cladatum->comdatum = hashtab_search(p->p_commons.table, 1134 cladatum->comkey); 1135 if (!cladatum->comdatum) { 1136 printk(KERN_ERR "SELinux: unknown common %s\n", 1137 cladatum->comkey); 1138 rc = -EINVAL; 1139 goto bad; 1140 } 1141 } 1142 for (i = 0; i < nel; i++) { 1143 rc = perm_read(p, cladatum->permissions.table, fp); 1144 if (rc) 1145 goto bad; 1146 } 1147 1148 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1149 if (rc) 1150 goto bad; 1151 1152 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1153 /* grab the validatetrans rules */ 1154 rc = next_entry(buf, fp, sizeof(u32)); 1155 if (rc < 0) 1156 goto bad; 1157 ncons = le32_to_cpu(buf[0]); 1158 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1159 if (rc) 1160 goto bad; 1161 } 1162 1163 rc = hashtab_insert(h, key, cladatum); 1164 if (rc) 1165 goto bad; 1166 1167 rc = 0; 1168 out: 1169 return rc; 1170 bad: 1171 cls_destroy(key, cladatum, NULL); 1172 goto out; 1173 } 1174 1175 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1176 { 1177 char *key = NULL; 1178 struct role_datum *role; 1179 int rc; 1180 __le32 buf[2]; 1181 u32 len; 1182 1183 role = kzalloc(sizeof(*role), GFP_KERNEL); 1184 if (!role) { 1185 rc = -ENOMEM; 1186 goto out; 1187 } 1188 1189 rc = next_entry(buf, fp, sizeof buf); 1190 if (rc < 0) 1191 goto bad; 1192 1193 len = le32_to_cpu(buf[0]); 1194 role->value = le32_to_cpu(buf[1]); 1195 1196 key = kmalloc(len + 1, GFP_KERNEL); 1197 if (!key) { 1198 rc = -ENOMEM; 1199 goto bad; 1200 } 1201 rc = next_entry(key, fp, len); 1202 if (rc < 0) 1203 goto bad; 1204 key[len] = 0; 1205 1206 rc = ebitmap_read(&role->dominates, fp); 1207 if (rc) 1208 goto bad; 1209 1210 rc = ebitmap_read(&role->types, fp); 1211 if (rc) 1212 goto bad; 1213 1214 if (strcmp(key, OBJECT_R) == 0) { 1215 if (role->value != OBJECT_R_VAL) { 1216 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1217 OBJECT_R, role->value); 1218 rc = -EINVAL; 1219 goto bad; 1220 } 1221 rc = 0; 1222 goto bad; 1223 } 1224 1225 rc = hashtab_insert(h, key, role); 1226 if (rc) 1227 goto bad; 1228 out: 1229 return rc; 1230 bad: 1231 role_destroy(key, role, NULL); 1232 goto out; 1233 } 1234 1235 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1236 { 1237 char *key = NULL; 1238 struct type_datum *typdatum; 1239 int rc; 1240 __le32 buf[3]; 1241 u32 len; 1242 1243 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1244 if (!typdatum) { 1245 rc = -ENOMEM; 1246 return rc; 1247 } 1248 1249 rc = next_entry(buf, fp, sizeof buf); 1250 if (rc < 0) 1251 goto bad; 1252 1253 len = le32_to_cpu(buf[0]); 1254 typdatum->value = le32_to_cpu(buf[1]); 1255 typdatum->primary = le32_to_cpu(buf[2]); 1256 1257 key = kmalloc(len + 1, GFP_KERNEL); 1258 if (!key) { 1259 rc = -ENOMEM; 1260 goto bad; 1261 } 1262 rc = next_entry(key, fp, len); 1263 if (rc < 0) 1264 goto bad; 1265 key[len] = 0; 1266 1267 rc = hashtab_insert(h, key, typdatum); 1268 if (rc) 1269 goto bad; 1270 out: 1271 return rc; 1272 bad: 1273 type_destroy(key, typdatum, NULL); 1274 goto out; 1275 } 1276 1277 1278 /* 1279 * Read a MLS level structure from a policydb binary 1280 * representation file. 1281 */ 1282 static int mls_read_level(struct mls_level *lp, void *fp) 1283 { 1284 __le32 buf[1]; 1285 int rc; 1286 1287 memset(lp, 0, sizeof(*lp)); 1288 1289 rc = next_entry(buf, fp, sizeof buf); 1290 if (rc < 0) { 1291 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1292 goto bad; 1293 } 1294 lp->sens = le32_to_cpu(buf[0]); 1295 1296 if (ebitmap_read(&lp->cat, fp)) { 1297 printk(KERN_ERR "SELinux: mls: error reading level " 1298 "categories\n"); 1299 goto bad; 1300 } 1301 1302 return 0; 1303 1304 bad: 1305 return -EINVAL; 1306 } 1307 1308 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1309 { 1310 char *key = NULL; 1311 struct user_datum *usrdatum; 1312 int rc; 1313 __le32 buf[2]; 1314 u32 len; 1315 1316 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1317 if (!usrdatum) { 1318 rc = -ENOMEM; 1319 goto out; 1320 } 1321 1322 rc = next_entry(buf, fp, sizeof buf); 1323 if (rc < 0) 1324 goto bad; 1325 1326 len = le32_to_cpu(buf[0]); 1327 usrdatum->value = le32_to_cpu(buf[1]); 1328 1329 key = kmalloc(len + 1, GFP_KERNEL); 1330 if (!key) { 1331 rc = -ENOMEM; 1332 goto bad; 1333 } 1334 rc = next_entry(key, fp, len); 1335 if (rc < 0) 1336 goto bad; 1337 key[len] = 0; 1338 1339 rc = ebitmap_read(&usrdatum->roles, fp); 1340 if (rc) 1341 goto bad; 1342 1343 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1344 rc = mls_read_range_helper(&usrdatum->range, fp); 1345 if (rc) 1346 goto bad; 1347 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1348 if (rc) 1349 goto bad; 1350 } 1351 1352 rc = hashtab_insert(h, key, usrdatum); 1353 if (rc) 1354 goto bad; 1355 out: 1356 return rc; 1357 bad: 1358 user_destroy(key, usrdatum, NULL); 1359 goto out; 1360 } 1361 1362 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1363 { 1364 char *key = NULL; 1365 struct level_datum *levdatum; 1366 int rc; 1367 __le32 buf[2]; 1368 u32 len; 1369 1370 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1371 if (!levdatum) { 1372 rc = -ENOMEM; 1373 goto out; 1374 } 1375 1376 rc = next_entry(buf, fp, sizeof buf); 1377 if (rc < 0) 1378 goto bad; 1379 1380 len = le32_to_cpu(buf[0]); 1381 levdatum->isalias = le32_to_cpu(buf[1]); 1382 1383 key = kmalloc(len + 1, GFP_ATOMIC); 1384 if (!key) { 1385 rc = -ENOMEM; 1386 goto bad; 1387 } 1388 rc = next_entry(key, fp, len); 1389 if (rc < 0) 1390 goto bad; 1391 key[len] = 0; 1392 1393 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1394 if (!levdatum->level) { 1395 rc = -ENOMEM; 1396 goto bad; 1397 } 1398 if (mls_read_level(levdatum->level, fp)) { 1399 rc = -EINVAL; 1400 goto bad; 1401 } 1402 1403 rc = hashtab_insert(h, key, levdatum); 1404 if (rc) 1405 goto bad; 1406 out: 1407 return rc; 1408 bad: 1409 sens_destroy(key, levdatum, NULL); 1410 goto out; 1411 } 1412 1413 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1414 { 1415 char *key = NULL; 1416 struct cat_datum *catdatum; 1417 int rc; 1418 __le32 buf[3]; 1419 u32 len; 1420 1421 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1422 if (!catdatum) { 1423 rc = -ENOMEM; 1424 goto out; 1425 } 1426 1427 rc = next_entry(buf, fp, sizeof buf); 1428 if (rc < 0) 1429 goto bad; 1430 1431 len = le32_to_cpu(buf[0]); 1432 catdatum->value = le32_to_cpu(buf[1]); 1433 catdatum->isalias = le32_to_cpu(buf[2]); 1434 1435 key = kmalloc(len + 1, GFP_ATOMIC); 1436 if (!key) { 1437 rc = -ENOMEM; 1438 goto bad; 1439 } 1440 rc = next_entry(key, fp, len); 1441 if (rc < 0) 1442 goto bad; 1443 key[len] = 0; 1444 1445 rc = hashtab_insert(h, key, catdatum); 1446 if (rc) 1447 goto bad; 1448 out: 1449 return rc; 1450 1451 bad: 1452 cat_destroy(key, catdatum, NULL); 1453 goto out; 1454 } 1455 1456 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1457 { 1458 common_read, 1459 class_read, 1460 role_read, 1461 type_read, 1462 user_read, 1463 cond_read_bool, 1464 sens_read, 1465 cat_read, 1466 }; 1467 1468 extern int ss_initialized; 1469 1470 /* 1471 * Read the configuration data from a policy database binary 1472 * representation file into a policy database structure. 1473 */ 1474 int policydb_read(struct policydb *p, void *fp) 1475 { 1476 struct role_allow *ra, *lra; 1477 struct role_trans *tr, *ltr; 1478 struct ocontext *l, *c, *newc; 1479 struct genfs *genfs_p, *genfs, *newgenfs; 1480 int i, j, rc; 1481 __le32 buf[8]; 1482 u32 len, len2, config, nprim, nel, nel2; 1483 char *policydb_str; 1484 struct policydb_compat_info *info; 1485 struct range_trans *rt, *lrt; 1486 1487 config = 0; 1488 1489 rc = policydb_init(p); 1490 if (rc) 1491 goto out; 1492 1493 /* Read the magic number and string length. */ 1494 rc = next_entry(buf, fp, sizeof(u32) * 2); 1495 if (rc < 0) 1496 goto bad; 1497 1498 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1499 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 1500 "not match expected magic number 0x%x\n", 1501 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1502 goto bad; 1503 } 1504 1505 len = le32_to_cpu(buf[1]); 1506 if (len != strlen(POLICYDB_STRING)) { 1507 printk(KERN_ERR "SELinux: policydb string length %d does not " 1508 "match expected length %Zu\n", 1509 len, strlen(POLICYDB_STRING)); 1510 goto bad; 1511 } 1512 policydb_str = kmalloc(len + 1, GFP_KERNEL); 1513 if (!policydb_str) { 1514 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 1515 "string of length %d\n", len); 1516 rc = -ENOMEM; 1517 goto bad; 1518 } 1519 rc = next_entry(policydb_str, fp, len); 1520 if (rc < 0) { 1521 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 1522 kfree(policydb_str); 1523 goto bad; 1524 } 1525 policydb_str[len] = 0; 1526 if (strcmp(policydb_str, POLICYDB_STRING)) { 1527 printk(KERN_ERR "SELinux: policydb string %s does not match " 1528 "my string %s\n", policydb_str, POLICYDB_STRING); 1529 kfree(policydb_str); 1530 goto bad; 1531 } 1532 /* Done with policydb_str. */ 1533 kfree(policydb_str); 1534 policydb_str = NULL; 1535 1536 /* Read the version, config, and table sizes. */ 1537 rc = next_entry(buf, fp, sizeof(u32)*4); 1538 if (rc < 0) 1539 goto bad; 1540 1541 p->policyvers = le32_to_cpu(buf[0]); 1542 if (p->policyvers < POLICYDB_VERSION_MIN || 1543 p->policyvers > POLICYDB_VERSION_MAX) { 1544 printk(KERN_ERR "SELinux: policydb version %d does not match " 1545 "my version range %d-%d\n", 1546 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1547 goto bad; 1548 } 1549 1550 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1551 if (ss_initialized && !selinux_mls_enabled) { 1552 printk(KERN_ERR "SELinux: Cannot switch between non-MLS" 1553 " and MLS policies\n"); 1554 goto bad; 1555 } 1556 selinux_mls_enabled = 1; 1557 config |= POLICYDB_CONFIG_MLS; 1558 1559 if (p->policyvers < POLICYDB_VERSION_MLS) { 1560 printk(KERN_ERR "SELinux: security policydb version %d " 1561 "(MLS) not backwards compatible\n", 1562 p->policyvers); 1563 goto bad; 1564 } 1565 } else { 1566 if (ss_initialized && selinux_mls_enabled) { 1567 printk(KERN_ERR "SELinux: Cannot switch between MLS and" 1568 " non-MLS policies\n"); 1569 goto bad; 1570 } 1571 } 1572 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1573 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1574 1575 if (p->policyvers >= POLICYDB_VERSION_POLCAP && 1576 ebitmap_read(&p->policycaps, fp) != 0) 1577 goto bad; 1578 1579 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 1580 ebitmap_read(&p->permissive_map, fp) != 0) 1581 goto bad; 1582 1583 info = policydb_lookup_compat(p->policyvers); 1584 if (!info) { 1585 printk(KERN_ERR "SELinux: unable to find policy compat info " 1586 "for version %d\n", p->policyvers); 1587 goto bad; 1588 } 1589 1590 if (le32_to_cpu(buf[2]) != info->sym_num || 1591 le32_to_cpu(buf[3]) != info->ocon_num) { 1592 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 1593 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1594 le32_to_cpu(buf[3]), 1595 info->sym_num, info->ocon_num); 1596 goto bad; 1597 } 1598 1599 for (i = 0; i < info->sym_num; i++) { 1600 rc = next_entry(buf, fp, sizeof(u32)*2); 1601 if (rc < 0) 1602 goto bad; 1603 nprim = le32_to_cpu(buf[0]); 1604 nel = le32_to_cpu(buf[1]); 1605 for (j = 0; j < nel; j++) { 1606 rc = read_f[i](p, p->symtab[i].table, fp); 1607 if (rc) 1608 goto bad; 1609 } 1610 1611 p->symtab[i].nprim = nprim; 1612 } 1613 1614 rc = avtab_read(&p->te_avtab, fp, p); 1615 if (rc) 1616 goto bad; 1617 1618 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1619 rc = cond_read_list(p, fp); 1620 if (rc) 1621 goto bad; 1622 } 1623 1624 rc = next_entry(buf, fp, sizeof(u32)); 1625 if (rc < 0) 1626 goto bad; 1627 nel = le32_to_cpu(buf[0]); 1628 ltr = NULL; 1629 for (i = 0; i < nel; i++) { 1630 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1631 if (!tr) { 1632 rc = -ENOMEM; 1633 goto bad; 1634 } 1635 if (ltr) 1636 ltr->next = tr; 1637 else 1638 p->role_tr = tr; 1639 rc = next_entry(buf, fp, sizeof(u32)*3); 1640 if (rc < 0) 1641 goto bad; 1642 tr->role = le32_to_cpu(buf[0]); 1643 tr->type = le32_to_cpu(buf[1]); 1644 tr->new_role = le32_to_cpu(buf[2]); 1645 if (!policydb_role_isvalid(p, tr->role) || 1646 !policydb_type_isvalid(p, tr->type) || 1647 !policydb_role_isvalid(p, tr->new_role)) { 1648 rc = -EINVAL; 1649 goto bad; 1650 } 1651 ltr = tr; 1652 } 1653 1654 rc = next_entry(buf, fp, sizeof(u32)); 1655 if (rc < 0) 1656 goto bad; 1657 nel = le32_to_cpu(buf[0]); 1658 lra = NULL; 1659 for (i = 0; i < nel; i++) { 1660 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1661 if (!ra) { 1662 rc = -ENOMEM; 1663 goto bad; 1664 } 1665 if (lra) 1666 lra->next = ra; 1667 else 1668 p->role_allow = ra; 1669 rc = next_entry(buf, fp, sizeof(u32)*2); 1670 if (rc < 0) 1671 goto bad; 1672 ra->role = le32_to_cpu(buf[0]); 1673 ra->new_role = le32_to_cpu(buf[1]); 1674 if (!policydb_role_isvalid(p, ra->role) || 1675 !policydb_role_isvalid(p, ra->new_role)) { 1676 rc = -EINVAL; 1677 goto bad; 1678 } 1679 lra = ra; 1680 } 1681 1682 rc = policydb_index_classes(p); 1683 if (rc) 1684 goto bad; 1685 1686 rc = policydb_index_others(p); 1687 if (rc) 1688 goto bad; 1689 1690 for (i = 0; i < info->ocon_num; i++) { 1691 rc = next_entry(buf, fp, sizeof(u32)); 1692 if (rc < 0) 1693 goto bad; 1694 nel = le32_to_cpu(buf[0]); 1695 l = NULL; 1696 for (j = 0; j < nel; j++) { 1697 c = kzalloc(sizeof(*c), GFP_KERNEL); 1698 if (!c) { 1699 rc = -ENOMEM; 1700 goto bad; 1701 } 1702 if (l) 1703 l->next = c; 1704 else 1705 p->ocontexts[i] = c; 1706 l = c; 1707 rc = -EINVAL; 1708 switch (i) { 1709 case OCON_ISID: 1710 rc = next_entry(buf, fp, sizeof(u32)); 1711 if (rc < 0) 1712 goto bad; 1713 c->sid[0] = le32_to_cpu(buf[0]); 1714 rc = context_read_and_validate(&c->context[0], p, fp); 1715 if (rc) 1716 goto bad; 1717 break; 1718 case OCON_FS: 1719 case OCON_NETIF: 1720 rc = next_entry(buf, fp, sizeof(u32)); 1721 if (rc < 0) 1722 goto bad; 1723 len = le32_to_cpu(buf[0]); 1724 c->u.name = kmalloc(len + 1, GFP_KERNEL); 1725 if (!c->u.name) { 1726 rc = -ENOMEM; 1727 goto bad; 1728 } 1729 rc = next_entry(c->u.name, fp, len); 1730 if (rc < 0) 1731 goto bad; 1732 c->u.name[len] = 0; 1733 rc = context_read_and_validate(&c->context[0], p, fp); 1734 if (rc) 1735 goto bad; 1736 rc = context_read_and_validate(&c->context[1], p, fp); 1737 if (rc) 1738 goto bad; 1739 break; 1740 case OCON_PORT: 1741 rc = next_entry(buf, fp, sizeof(u32)*3); 1742 if (rc < 0) 1743 goto bad; 1744 c->u.port.protocol = le32_to_cpu(buf[0]); 1745 c->u.port.low_port = le32_to_cpu(buf[1]); 1746 c->u.port.high_port = le32_to_cpu(buf[2]); 1747 rc = context_read_and_validate(&c->context[0], p, fp); 1748 if (rc) 1749 goto bad; 1750 break; 1751 case OCON_NODE: 1752 rc = next_entry(buf, fp, sizeof(u32) * 2); 1753 if (rc < 0) 1754 goto bad; 1755 c->u.node.addr = le32_to_cpu(buf[0]); 1756 c->u.node.mask = le32_to_cpu(buf[1]); 1757 rc = context_read_and_validate(&c->context[0], p, fp); 1758 if (rc) 1759 goto bad; 1760 break; 1761 case OCON_FSUSE: 1762 rc = next_entry(buf, fp, sizeof(u32)*2); 1763 if (rc < 0) 1764 goto bad; 1765 c->v.behavior = le32_to_cpu(buf[0]); 1766 if (c->v.behavior > SECURITY_FS_USE_NONE) 1767 goto bad; 1768 len = le32_to_cpu(buf[1]); 1769 c->u.name = kmalloc(len + 1, GFP_KERNEL); 1770 if (!c->u.name) { 1771 rc = -ENOMEM; 1772 goto bad; 1773 } 1774 rc = next_entry(c->u.name, fp, len); 1775 if (rc < 0) 1776 goto bad; 1777 c->u.name[len] = 0; 1778 rc = context_read_and_validate(&c->context[0], p, fp); 1779 if (rc) 1780 goto bad; 1781 break; 1782 case OCON_NODE6: { 1783 int k; 1784 1785 rc = next_entry(buf, fp, sizeof(u32) * 8); 1786 if (rc < 0) 1787 goto bad; 1788 for (k = 0; k < 4; k++) 1789 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1790 for (k = 0; k < 4; k++) 1791 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1792 if (context_read_and_validate(&c->context[0], p, fp)) 1793 goto bad; 1794 break; 1795 } 1796 } 1797 } 1798 } 1799 1800 rc = next_entry(buf, fp, sizeof(u32)); 1801 if (rc < 0) 1802 goto bad; 1803 nel = le32_to_cpu(buf[0]); 1804 genfs_p = NULL; 1805 rc = -EINVAL; 1806 for (i = 0; i < nel; i++) { 1807 rc = next_entry(buf, fp, sizeof(u32)); 1808 if (rc < 0) 1809 goto bad; 1810 len = le32_to_cpu(buf[0]); 1811 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1812 if (!newgenfs) { 1813 rc = -ENOMEM; 1814 goto bad; 1815 } 1816 1817 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1818 if (!newgenfs->fstype) { 1819 rc = -ENOMEM; 1820 kfree(newgenfs); 1821 goto bad; 1822 } 1823 rc = next_entry(newgenfs->fstype, fp, len); 1824 if (rc < 0) { 1825 kfree(newgenfs->fstype); 1826 kfree(newgenfs); 1827 goto bad; 1828 } 1829 newgenfs->fstype[len] = 0; 1830 for (genfs_p = NULL, genfs = p->genfs; genfs; 1831 genfs_p = genfs, genfs = genfs->next) { 1832 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1833 printk(KERN_ERR "SELinux: dup genfs " 1834 "fstype %s\n", newgenfs->fstype); 1835 kfree(newgenfs->fstype); 1836 kfree(newgenfs); 1837 goto bad; 1838 } 1839 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1840 break; 1841 } 1842 newgenfs->next = genfs; 1843 if (genfs_p) 1844 genfs_p->next = newgenfs; 1845 else 1846 p->genfs = newgenfs; 1847 rc = next_entry(buf, fp, sizeof(u32)); 1848 if (rc < 0) 1849 goto bad; 1850 nel2 = le32_to_cpu(buf[0]); 1851 for (j = 0; j < nel2; j++) { 1852 rc = next_entry(buf, fp, sizeof(u32)); 1853 if (rc < 0) 1854 goto bad; 1855 len = le32_to_cpu(buf[0]); 1856 1857 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1858 if (!newc) { 1859 rc = -ENOMEM; 1860 goto bad; 1861 } 1862 1863 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 1864 if (!newc->u.name) { 1865 rc = -ENOMEM; 1866 goto bad_newc; 1867 } 1868 rc = next_entry(newc->u.name, fp, len); 1869 if (rc < 0) 1870 goto bad_newc; 1871 newc->u.name[len] = 0; 1872 rc = next_entry(buf, fp, sizeof(u32)); 1873 if (rc < 0) 1874 goto bad_newc; 1875 newc->v.sclass = le32_to_cpu(buf[0]); 1876 if (context_read_and_validate(&newc->context[0], p, fp)) 1877 goto bad_newc; 1878 for (l = NULL, c = newgenfs->head; c; 1879 l = c, c = c->next) { 1880 if (!strcmp(newc->u.name, c->u.name) && 1881 (!c->v.sclass || !newc->v.sclass || 1882 newc->v.sclass == c->v.sclass)) { 1883 printk(KERN_ERR "SELinux: dup genfs " 1884 "entry (%s,%s)\n", 1885 newgenfs->fstype, c->u.name); 1886 goto bad_newc; 1887 } 1888 len = strlen(newc->u.name); 1889 len2 = strlen(c->u.name); 1890 if (len > len2) 1891 break; 1892 } 1893 1894 newc->next = c; 1895 if (l) 1896 l->next = newc; 1897 else 1898 newgenfs->head = newc; 1899 } 1900 } 1901 1902 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1903 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1904 rc = next_entry(buf, fp, sizeof(u32)); 1905 if (rc < 0) 1906 goto bad; 1907 nel = le32_to_cpu(buf[0]); 1908 lrt = NULL; 1909 for (i = 0; i < nel; i++) { 1910 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1911 if (!rt) { 1912 rc = -ENOMEM; 1913 goto bad; 1914 } 1915 if (lrt) 1916 lrt->next = rt; 1917 else 1918 p->range_tr = rt; 1919 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1920 if (rc < 0) 1921 goto bad; 1922 rt->source_type = le32_to_cpu(buf[0]); 1923 rt->target_type = le32_to_cpu(buf[1]); 1924 if (new_rangetr) { 1925 rc = next_entry(buf, fp, sizeof(u32)); 1926 if (rc < 0) 1927 goto bad; 1928 rt->target_class = le32_to_cpu(buf[0]); 1929 } else 1930 rt->target_class = SECCLASS_PROCESS; 1931 if (!policydb_type_isvalid(p, rt->source_type) || 1932 !policydb_type_isvalid(p, rt->target_type) || 1933 !policydb_class_isvalid(p, rt->target_class)) { 1934 rc = -EINVAL; 1935 goto bad; 1936 } 1937 rc = mls_read_range_helper(&rt->target_range, fp); 1938 if (rc) 1939 goto bad; 1940 if (!mls_range_isvalid(p, &rt->target_range)) { 1941 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1942 goto bad; 1943 } 1944 lrt = rt; 1945 } 1946 } 1947 1948 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1949 if (!p->type_attr_map) 1950 goto bad; 1951 1952 for (i = 0; i < p->p_types.nprim; i++) { 1953 ebitmap_init(&p->type_attr_map[i]); 1954 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1955 if (ebitmap_read(&p->type_attr_map[i], fp)) 1956 goto bad; 1957 } 1958 /* add the type itself as the degenerate case */ 1959 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1960 goto bad; 1961 } 1962 1963 rc = 0; 1964 out: 1965 return rc; 1966 bad_newc: 1967 ocontext_destroy(newc, OCON_FSUSE); 1968 bad: 1969 if (!rc) 1970 rc = -EINVAL; 1971 policydb_destroy(p); 1972 goto out; 1973 } 1974