xref: /openbmc/linux/security/selinux/ss/policydb.c (revision 4464005a12b5c79e1a364e6272ee10a83413f928)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Implementation of the policy database.
4  *
5  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
6  */
7 
8 /*
9  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10  *
11  *	Support for enhanced MLS infrastructure.
12  *
13  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14  *
15  *	Added conditional policy language extensions
16  *
17  * Updated: Hewlett-Packard <paul@paul-moore.com>
18  *
19  *      Added support for the policy capability bitmap
20  *
21  * Update: Mellanox Techonologies
22  *
23  *	Added Infiniband support
24  *
25  * Copyright (C) 2016 Mellanox Techonologies
26  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
29  */
30 
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
35 #include <linux/errno.h>
36 #include <linux/audit.h>
37 #include "security.h"
38 
39 #include "policydb.h"
40 #include "conditional.h"
41 #include "mls.h"
42 #include "services.h"
43 
44 #define _DEBUG_HASHES
45 
46 #ifdef DEBUG_HASHES
47 static const char *symtab_name[SYM_NUM] = {
48 	"common prefixes",
49 	"classes",
50 	"roles",
51 	"types",
52 	"users",
53 	"bools",
54 	"levels",
55 	"categories",
56 };
57 #endif
58 
59 struct policydb_compat_info {
60 	int version;
61 	int sym_num;
62 	int ocon_num;
63 };
64 
65 /* These need to be updated if SYM_NUM or OCON_NUM changes */
66 static struct policydb_compat_info policydb_compat[] = {
67 	{
68 		.version	= POLICYDB_VERSION_BASE,
69 		.sym_num	= SYM_NUM - 3,
70 		.ocon_num	= OCON_NUM - 3,
71 	},
72 	{
73 		.version	= POLICYDB_VERSION_BOOL,
74 		.sym_num	= SYM_NUM - 2,
75 		.ocon_num	= OCON_NUM - 3,
76 	},
77 	{
78 		.version	= POLICYDB_VERSION_IPV6,
79 		.sym_num	= SYM_NUM - 2,
80 		.ocon_num	= OCON_NUM - 2,
81 	},
82 	{
83 		.version	= POLICYDB_VERSION_NLCLASS,
84 		.sym_num	= SYM_NUM - 2,
85 		.ocon_num	= OCON_NUM - 2,
86 	},
87 	{
88 		.version	= POLICYDB_VERSION_MLS,
89 		.sym_num	= SYM_NUM,
90 		.ocon_num	= OCON_NUM - 2,
91 	},
92 	{
93 		.version	= POLICYDB_VERSION_AVTAB,
94 		.sym_num	= SYM_NUM,
95 		.ocon_num	= OCON_NUM - 2,
96 	},
97 	{
98 		.version	= POLICYDB_VERSION_RANGETRANS,
99 		.sym_num	= SYM_NUM,
100 		.ocon_num	= OCON_NUM - 2,
101 	},
102 	{
103 		.version	= POLICYDB_VERSION_POLCAP,
104 		.sym_num	= SYM_NUM,
105 		.ocon_num	= OCON_NUM - 2,
106 	},
107 	{
108 		.version	= POLICYDB_VERSION_PERMISSIVE,
109 		.sym_num	= SYM_NUM,
110 		.ocon_num	= OCON_NUM - 2,
111 	},
112 	{
113 		.version	= POLICYDB_VERSION_BOUNDARY,
114 		.sym_num	= SYM_NUM,
115 		.ocon_num	= OCON_NUM - 2,
116 	},
117 	{
118 		.version	= POLICYDB_VERSION_FILENAME_TRANS,
119 		.sym_num	= SYM_NUM,
120 		.ocon_num	= OCON_NUM - 2,
121 	},
122 	{
123 		.version	= POLICYDB_VERSION_ROLETRANS,
124 		.sym_num	= SYM_NUM,
125 		.ocon_num	= OCON_NUM - 2,
126 	},
127 	{
128 		.version	= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
129 		.sym_num	= SYM_NUM,
130 		.ocon_num	= OCON_NUM - 2,
131 	},
132 	{
133 		.version	= POLICYDB_VERSION_DEFAULT_TYPE,
134 		.sym_num	= SYM_NUM,
135 		.ocon_num	= OCON_NUM - 2,
136 	},
137 	{
138 		.version	= POLICYDB_VERSION_CONSTRAINT_NAMES,
139 		.sym_num	= SYM_NUM,
140 		.ocon_num	= OCON_NUM - 2,
141 	},
142 	{
143 		.version	= POLICYDB_VERSION_XPERMS_IOCTL,
144 		.sym_num	= SYM_NUM,
145 		.ocon_num	= OCON_NUM - 2,
146 	},
147 	{
148 		.version	= POLICYDB_VERSION_INFINIBAND,
149 		.sym_num	= SYM_NUM,
150 		.ocon_num	= OCON_NUM,
151 	},
152 	{
153 		.version	= POLICYDB_VERSION_GLBLUB,
154 		.sym_num	= SYM_NUM,
155 		.ocon_num	= OCON_NUM,
156 	},
157 	{
158 		.version	= POLICYDB_VERSION_COMP_FTRANS,
159 		.sym_num	= SYM_NUM,
160 		.ocon_num	= OCON_NUM,
161 	},
162 };
163 
164 static struct policydb_compat_info *policydb_lookup_compat(int version)
165 {
166 	int i;
167 	struct policydb_compat_info *info = NULL;
168 
169 	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
170 		if (policydb_compat[i].version == version) {
171 			info = &policydb_compat[i];
172 			break;
173 		}
174 	}
175 	return info;
176 }
177 
178 /*
179  * The following *_destroy functions are used to
180  * free any memory allocated for each kind of
181  * symbol data in the policy database.
182  */
183 
184 static int perm_destroy(void *key, void *datum, void *p)
185 {
186 	kfree(key);
187 	kfree(datum);
188 	return 0;
189 }
190 
191 static int common_destroy(void *key, void *datum, void *p)
192 {
193 	struct common_datum *comdatum;
194 
195 	kfree(key);
196 	if (datum) {
197 		comdatum = datum;
198 		hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
199 		hashtab_destroy(&comdatum->permissions.table);
200 	}
201 	kfree(datum);
202 	return 0;
203 }
204 
205 static void constraint_expr_destroy(struct constraint_expr *expr)
206 {
207 	if (expr) {
208 		ebitmap_destroy(&expr->names);
209 		if (expr->type_names) {
210 			ebitmap_destroy(&expr->type_names->types);
211 			ebitmap_destroy(&expr->type_names->negset);
212 			kfree(expr->type_names);
213 		}
214 		kfree(expr);
215 	}
216 }
217 
218 static int cls_destroy(void *key, void *datum, void *p)
219 {
220 	struct class_datum *cladatum;
221 	struct constraint_node *constraint, *ctemp;
222 	struct constraint_expr *e, *etmp;
223 
224 	kfree(key);
225 	if (datum) {
226 		cladatum = datum;
227 		hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
228 		hashtab_destroy(&cladatum->permissions.table);
229 		constraint = cladatum->constraints;
230 		while (constraint) {
231 			e = constraint->expr;
232 			while (e) {
233 				etmp = e;
234 				e = e->next;
235 				constraint_expr_destroy(etmp);
236 			}
237 			ctemp = constraint;
238 			constraint = constraint->next;
239 			kfree(ctemp);
240 		}
241 
242 		constraint = cladatum->validatetrans;
243 		while (constraint) {
244 			e = constraint->expr;
245 			while (e) {
246 				etmp = e;
247 				e = e->next;
248 				constraint_expr_destroy(etmp);
249 			}
250 			ctemp = constraint;
251 			constraint = constraint->next;
252 			kfree(ctemp);
253 		}
254 		kfree(cladatum->comkey);
255 	}
256 	kfree(datum);
257 	return 0;
258 }
259 
260 static int role_destroy(void *key, void *datum, void *p)
261 {
262 	struct role_datum *role;
263 
264 	kfree(key);
265 	if (datum) {
266 		role = datum;
267 		ebitmap_destroy(&role->dominates);
268 		ebitmap_destroy(&role->types);
269 	}
270 	kfree(datum);
271 	return 0;
272 }
273 
274 static int type_destroy(void *key, void *datum, void *p)
275 {
276 	kfree(key);
277 	kfree(datum);
278 	return 0;
279 }
280 
281 static int user_destroy(void *key, void *datum, void *p)
282 {
283 	struct user_datum *usrdatum;
284 
285 	kfree(key);
286 	if (datum) {
287 		usrdatum = datum;
288 		ebitmap_destroy(&usrdatum->roles);
289 		ebitmap_destroy(&usrdatum->range.level[0].cat);
290 		ebitmap_destroy(&usrdatum->range.level[1].cat);
291 		ebitmap_destroy(&usrdatum->dfltlevel.cat);
292 	}
293 	kfree(datum);
294 	return 0;
295 }
296 
297 static int sens_destroy(void *key, void *datum, void *p)
298 {
299 	struct level_datum *levdatum;
300 
301 	kfree(key);
302 	if (datum) {
303 		levdatum = datum;
304 		if (levdatum->level)
305 			ebitmap_destroy(&levdatum->level->cat);
306 		kfree(levdatum->level);
307 	}
308 	kfree(datum);
309 	return 0;
310 }
311 
312 static int cat_destroy(void *key, void *datum, void *p)
313 {
314 	kfree(key);
315 	kfree(datum);
316 	return 0;
317 }
318 
319 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
320 {
321 	common_destroy,
322 	cls_destroy,
323 	role_destroy,
324 	type_destroy,
325 	user_destroy,
326 	cond_destroy_bool,
327 	sens_destroy,
328 	cat_destroy,
329 };
330 
331 static int filenametr_destroy(void *key, void *datum, void *p)
332 {
333 	struct filename_trans_key *ft = key;
334 	struct filename_trans_datum *next, *d = datum;
335 
336 	kfree(ft->name);
337 	kfree(key);
338 	do {
339 		ebitmap_destroy(&d->stypes);
340 		next = d->next;
341 		kfree(d);
342 		d = next;
343 	} while (unlikely(d));
344 	cond_resched();
345 	return 0;
346 }
347 
348 static int range_tr_destroy(void *key, void *datum, void *p)
349 {
350 	struct mls_range *rt = datum;
351 
352 	kfree(key);
353 	ebitmap_destroy(&rt->level[0].cat);
354 	ebitmap_destroy(&rt->level[1].cat);
355 	kfree(datum);
356 	cond_resched();
357 	return 0;
358 }
359 
360 static int role_tr_destroy(void *key, void *datum, void *p)
361 {
362 	kfree(key);
363 	kfree(datum);
364 	return 0;
365 }
366 
367 static void ocontext_destroy(struct ocontext *c, int i)
368 {
369 	if (!c)
370 		return;
371 
372 	context_destroy(&c->context[0]);
373 	context_destroy(&c->context[1]);
374 	if (i == OCON_ISID || i == OCON_FS ||
375 	    i == OCON_NETIF || i == OCON_FSUSE)
376 		kfree(c->u.name);
377 	kfree(c);
378 }
379 
380 /*
381  * Initialize the role table.
382  */
383 static int roles_init(struct policydb *p)
384 {
385 	char *key = NULL;
386 	int rc;
387 	struct role_datum *role;
388 
389 	role = kzalloc(sizeof(*role), GFP_KERNEL);
390 	if (!role)
391 		return -ENOMEM;
392 
393 	rc = -EINVAL;
394 	role->value = ++p->p_roles.nprim;
395 	if (role->value != OBJECT_R_VAL)
396 		goto out;
397 
398 	rc = -ENOMEM;
399 	key = kstrdup(OBJECT_R, GFP_KERNEL);
400 	if (!key)
401 		goto out;
402 
403 	rc = hashtab_insert(&p->p_roles.table, key, role);
404 	if (rc)
405 		goto out;
406 
407 	return 0;
408 out:
409 	kfree(key);
410 	kfree(role);
411 	return rc;
412 }
413 
414 static u32 filenametr_hash(struct hashtab *h, const void *k)
415 {
416 	const struct filename_trans_key *ft = k;
417 	unsigned long hash;
418 	unsigned int byte_num;
419 	unsigned char focus;
420 
421 	hash = ft->ttype ^ ft->tclass;
422 
423 	byte_num = 0;
424 	while ((focus = ft->name[byte_num++]))
425 		hash = partial_name_hash(focus, hash);
426 	return hash & (h->size - 1);
427 }
428 
429 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2)
430 {
431 	const struct filename_trans_key *ft1 = k1;
432 	const struct filename_trans_key *ft2 = k2;
433 	int v;
434 
435 	v = ft1->ttype - ft2->ttype;
436 	if (v)
437 		return v;
438 
439 	v = ft1->tclass - ft2->tclass;
440 	if (v)
441 		return v;
442 
443 	return strcmp(ft1->name, ft2->name);
444 
445 }
446 
447 static u32 rangetr_hash(struct hashtab *h, const void *k)
448 {
449 	const struct range_trans *key = k;
450 
451 	return (key->source_type + (key->target_type << 3) +
452 		(key->target_class << 5)) & (h->size - 1);
453 }
454 
455 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
456 {
457 	const struct range_trans *key1 = k1, *key2 = k2;
458 	int v;
459 
460 	v = key1->source_type - key2->source_type;
461 	if (v)
462 		return v;
463 
464 	v = key1->target_type - key2->target_type;
465 	if (v)
466 		return v;
467 
468 	v = key1->target_class - key2->target_class;
469 
470 	return v;
471 }
472 
473 static u32 role_trans_hash(struct hashtab *h, const void *k)
474 {
475 	const struct role_trans_key *key = k;
476 
477 	return (key->role + (key->type << 3) + (key->tclass << 5)) &
478 		(h->size - 1);
479 }
480 
481 static int role_trans_cmp(struct hashtab *h, const void *k1, const void *k2)
482 {
483 	const struct role_trans_key *key1 = k1, *key2 = k2;
484 	int v;
485 
486 	v = key1->role - key2->role;
487 	if (v)
488 		return v;
489 
490 	v = key1->type - key2->type;
491 	if (v)
492 		return v;
493 
494 	return key1->tclass - key2->tclass;
495 }
496 
497 /*
498  * Initialize a policy database structure.
499  */
500 static void policydb_init(struct policydb *p)
501 {
502 	memset(p, 0, sizeof(*p));
503 
504 	avtab_init(&p->te_avtab);
505 	cond_policydb_init(p);
506 
507 	ebitmap_init(&p->filename_trans_ttypes);
508 	ebitmap_init(&p->policycaps);
509 	ebitmap_init(&p->permissive_map);
510 }
511 
512 /*
513  * The following *_index functions are used to
514  * define the val_to_name and val_to_struct arrays
515  * in a policy database structure.  The val_to_name
516  * arrays are used when converting security context
517  * structures into string representations.  The
518  * val_to_struct arrays are used when the attributes
519  * of a class, role, or user are needed.
520  */
521 
522 static int common_index(void *key, void *datum, void *datap)
523 {
524 	struct policydb *p;
525 	struct common_datum *comdatum;
526 
527 	comdatum = datum;
528 	p = datap;
529 	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
530 		return -EINVAL;
531 
532 	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
533 
534 	return 0;
535 }
536 
537 static int class_index(void *key, void *datum, void *datap)
538 {
539 	struct policydb *p;
540 	struct class_datum *cladatum;
541 
542 	cladatum = datum;
543 	p = datap;
544 	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
545 		return -EINVAL;
546 
547 	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
548 	p->class_val_to_struct[cladatum->value - 1] = cladatum;
549 	return 0;
550 }
551 
552 static int role_index(void *key, void *datum, void *datap)
553 {
554 	struct policydb *p;
555 	struct role_datum *role;
556 
557 	role = datum;
558 	p = datap;
559 	if (!role->value
560 	    || role->value > p->p_roles.nprim
561 	    || role->bounds > p->p_roles.nprim)
562 		return -EINVAL;
563 
564 	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
565 	p->role_val_to_struct[role->value - 1] = role;
566 	return 0;
567 }
568 
569 static int type_index(void *key, void *datum, void *datap)
570 {
571 	struct policydb *p;
572 	struct type_datum *typdatum;
573 
574 	typdatum = datum;
575 	p = datap;
576 
577 	if (typdatum->primary) {
578 		if (!typdatum->value
579 		    || typdatum->value > p->p_types.nprim
580 		    || typdatum->bounds > p->p_types.nprim)
581 			return -EINVAL;
582 		p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
583 		p->type_val_to_struct[typdatum->value - 1] = typdatum;
584 	}
585 
586 	return 0;
587 }
588 
589 static int user_index(void *key, void *datum, void *datap)
590 {
591 	struct policydb *p;
592 	struct user_datum *usrdatum;
593 
594 	usrdatum = datum;
595 	p = datap;
596 	if (!usrdatum->value
597 	    || usrdatum->value > p->p_users.nprim
598 	    || usrdatum->bounds > p->p_users.nprim)
599 		return -EINVAL;
600 
601 	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
602 	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
603 	return 0;
604 }
605 
606 static int sens_index(void *key, void *datum, void *datap)
607 {
608 	struct policydb *p;
609 	struct level_datum *levdatum;
610 
611 	levdatum = datum;
612 	p = datap;
613 
614 	if (!levdatum->isalias) {
615 		if (!levdatum->level->sens ||
616 		    levdatum->level->sens > p->p_levels.nprim)
617 			return -EINVAL;
618 
619 		p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
620 	}
621 
622 	return 0;
623 }
624 
625 static int cat_index(void *key, void *datum, void *datap)
626 {
627 	struct policydb *p;
628 	struct cat_datum *catdatum;
629 
630 	catdatum = datum;
631 	p = datap;
632 
633 	if (!catdatum->isalias) {
634 		if (!catdatum->value || catdatum->value > p->p_cats.nprim)
635 			return -EINVAL;
636 
637 		p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
638 	}
639 
640 	return 0;
641 }
642 
643 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
644 {
645 	common_index,
646 	class_index,
647 	role_index,
648 	type_index,
649 	user_index,
650 	cond_index_bool,
651 	sens_index,
652 	cat_index,
653 };
654 
655 #ifdef DEBUG_HASHES
656 static void hash_eval(struct hashtab *h, const char *hash_name)
657 {
658 	struct hashtab_info info;
659 
660 	hashtab_stat(h, &info);
661 	pr_debug("SELinux: %s:  %d entries and %d/%d buckets used, longest chain length %d\n",
662 		 hash_name, h->nel, info.slots_used, h->size,
663 		 info.max_chain_len);
664 }
665 
666 static void symtab_hash_eval(struct symtab *s)
667 {
668 	int i;
669 
670 	for (i = 0; i < SYM_NUM; i++)
671 		hash_eval(&s[i].table, symtab_name[i]);
672 }
673 
674 #else
675 static inline void hash_eval(struct hashtab *h, char *hash_name)
676 {
677 }
678 #endif
679 
680 /*
681  * Define the other val_to_name and val_to_struct arrays
682  * in a policy database structure.
683  *
684  * Caller must clean up on failure.
685  */
686 static int policydb_index(struct policydb *p)
687 {
688 	int i, rc;
689 
690 	if (p->mls_enabled)
691 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
692 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
693 			 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
694 	else
695 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools\n",
696 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
697 			 p->p_bools.nprim);
698 
699 	pr_debug("SELinux:  %d classes, %d rules\n",
700 		 p->p_classes.nprim, p->te_avtab.nel);
701 
702 #ifdef DEBUG_HASHES
703 	avtab_hash_eval(&p->te_avtab, "rules");
704 	symtab_hash_eval(p->symtab);
705 #endif
706 
707 	p->class_val_to_struct = kcalloc(p->p_classes.nprim,
708 					 sizeof(*p->class_val_to_struct),
709 					 GFP_KERNEL);
710 	if (!p->class_val_to_struct)
711 		return -ENOMEM;
712 
713 	p->role_val_to_struct = kcalloc(p->p_roles.nprim,
714 					sizeof(*p->role_val_to_struct),
715 					GFP_KERNEL);
716 	if (!p->role_val_to_struct)
717 		return -ENOMEM;
718 
719 	p->user_val_to_struct = kcalloc(p->p_users.nprim,
720 					sizeof(*p->user_val_to_struct),
721 					GFP_KERNEL);
722 	if (!p->user_val_to_struct)
723 		return -ENOMEM;
724 
725 	p->type_val_to_struct = kvcalloc(p->p_types.nprim,
726 					 sizeof(*p->type_val_to_struct),
727 					 GFP_KERNEL);
728 	if (!p->type_val_to_struct)
729 		return -ENOMEM;
730 
731 	rc = cond_init_bool_indexes(p);
732 	if (rc)
733 		goto out;
734 
735 	for (i = 0; i < SYM_NUM; i++) {
736 		p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
737 						 sizeof(char *),
738 						 GFP_KERNEL);
739 		if (!p->sym_val_to_name[i])
740 			return -ENOMEM;
741 
742 		rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
743 		if (rc)
744 			goto out;
745 	}
746 	rc = 0;
747 out:
748 	return rc;
749 }
750 
751 /*
752  * Free any memory allocated by a policy database structure.
753  */
754 void policydb_destroy(struct policydb *p)
755 {
756 	struct ocontext *c, *ctmp;
757 	struct genfs *g, *gtmp;
758 	int i;
759 	struct role_allow *ra, *lra = NULL;
760 
761 	for (i = 0; i < SYM_NUM; i++) {
762 		cond_resched();
763 		hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
764 		hashtab_destroy(&p->symtab[i].table);
765 	}
766 
767 	for (i = 0; i < SYM_NUM; i++)
768 		kvfree(p->sym_val_to_name[i]);
769 
770 	kfree(p->class_val_to_struct);
771 	kfree(p->role_val_to_struct);
772 	kfree(p->user_val_to_struct);
773 	kvfree(p->type_val_to_struct);
774 
775 	avtab_destroy(&p->te_avtab);
776 
777 	for (i = 0; i < OCON_NUM; i++) {
778 		cond_resched();
779 		c = p->ocontexts[i];
780 		while (c) {
781 			ctmp = c;
782 			c = c->next;
783 			ocontext_destroy(ctmp, i);
784 		}
785 		p->ocontexts[i] = NULL;
786 	}
787 
788 	g = p->genfs;
789 	while (g) {
790 		cond_resched();
791 		kfree(g->fstype);
792 		c = g->head;
793 		while (c) {
794 			ctmp = c;
795 			c = c->next;
796 			ocontext_destroy(ctmp, OCON_FSUSE);
797 		}
798 		gtmp = g;
799 		g = g->next;
800 		kfree(gtmp);
801 	}
802 	p->genfs = NULL;
803 
804 	cond_policydb_destroy(p);
805 
806 	hashtab_map(&p->role_tr, role_tr_destroy, NULL);
807 	hashtab_destroy(&p->role_tr);
808 
809 	for (ra = p->role_allow; ra; ra = ra->next) {
810 		cond_resched();
811 		kfree(lra);
812 		lra = ra;
813 	}
814 	kfree(lra);
815 
816 	hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
817 	hashtab_destroy(&p->filename_trans);
818 
819 	hashtab_map(&p->range_tr, range_tr_destroy, NULL);
820 	hashtab_destroy(&p->range_tr);
821 
822 	if (p->type_attr_map_array) {
823 		for (i = 0; i < p->p_types.nprim; i++)
824 			ebitmap_destroy(&p->type_attr_map_array[i]);
825 		kvfree(p->type_attr_map_array);
826 	}
827 
828 	ebitmap_destroy(&p->filename_trans_ttypes);
829 	ebitmap_destroy(&p->policycaps);
830 	ebitmap_destroy(&p->permissive_map);
831 }
832 
833 /*
834  * Load the initial SIDs specified in a policy database
835  * structure into a SID table.
836  */
837 int policydb_load_isids(struct policydb *p, struct sidtab *s)
838 {
839 	struct ocontext *head, *c;
840 	int rc;
841 
842 	rc = sidtab_init(s);
843 	if (rc) {
844 		pr_err("SELinux:  out of memory on SID table init\n");
845 		goto out;
846 	}
847 
848 	head = p->ocontexts[OCON_ISID];
849 	for (c = head; c; c = c->next) {
850 		u32 sid = c->sid[0];
851 		const char *name = security_get_initial_sid_context(sid);
852 
853 		if (sid == SECSID_NULL) {
854 			pr_err("SELinux:  SID 0 was assigned a context.\n");
855 			sidtab_destroy(s);
856 			goto out;
857 		}
858 
859 		/* Ignore initial SIDs unused by this kernel. */
860 		if (!name)
861 			continue;
862 
863 		rc = sidtab_set_initial(s, sid, &c->context[0]);
864 		if (rc) {
865 			pr_err("SELinux:  unable to load initial SID %s.\n",
866 			       name);
867 			sidtab_destroy(s);
868 			goto out;
869 		}
870 	}
871 	rc = 0;
872 out:
873 	return rc;
874 }
875 
876 int policydb_class_isvalid(struct policydb *p, unsigned int class)
877 {
878 	if (!class || class > p->p_classes.nprim)
879 		return 0;
880 	return 1;
881 }
882 
883 int policydb_role_isvalid(struct policydb *p, unsigned int role)
884 {
885 	if (!role || role > p->p_roles.nprim)
886 		return 0;
887 	return 1;
888 }
889 
890 int policydb_type_isvalid(struct policydb *p, unsigned int type)
891 {
892 	if (!type || type > p->p_types.nprim)
893 		return 0;
894 	return 1;
895 }
896 
897 /*
898  * Return 1 if the fields in the security context
899  * structure `c' are valid.  Return 0 otherwise.
900  */
901 int policydb_context_isvalid(struct policydb *p, struct context *c)
902 {
903 	struct role_datum *role;
904 	struct user_datum *usrdatum;
905 
906 	if (!c->role || c->role > p->p_roles.nprim)
907 		return 0;
908 
909 	if (!c->user || c->user > p->p_users.nprim)
910 		return 0;
911 
912 	if (!c->type || c->type > p->p_types.nprim)
913 		return 0;
914 
915 	if (c->role != OBJECT_R_VAL) {
916 		/*
917 		 * Role must be authorized for the type.
918 		 */
919 		role = p->role_val_to_struct[c->role - 1];
920 		if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
921 			/* role may not be associated with type */
922 			return 0;
923 
924 		/*
925 		 * User must be authorized for the role.
926 		 */
927 		usrdatum = p->user_val_to_struct[c->user - 1];
928 		if (!usrdatum)
929 			return 0;
930 
931 		if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
932 			/* user may not be associated with role */
933 			return 0;
934 	}
935 
936 	if (!mls_context_isvalid(p, c))
937 		return 0;
938 
939 	return 1;
940 }
941 
942 /*
943  * Read a MLS range structure from a policydb binary
944  * representation file.
945  */
946 static int mls_read_range_helper(struct mls_range *r, void *fp)
947 {
948 	__le32 buf[2];
949 	u32 items;
950 	int rc;
951 
952 	rc = next_entry(buf, fp, sizeof(u32));
953 	if (rc)
954 		goto out;
955 
956 	rc = -EINVAL;
957 	items = le32_to_cpu(buf[0]);
958 	if (items > ARRAY_SIZE(buf)) {
959 		pr_err("SELinux: mls:  range overflow\n");
960 		goto out;
961 	}
962 
963 	rc = next_entry(buf, fp, sizeof(u32) * items);
964 	if (rc) {
965 		pr_err("SELinux: mls:  truncated range\n");
966 		goto out;
967 	}
968 
969 	r->level[0].sens = le32_to_cpu(buf[0]);
970 	if (items > 1)
971 		r->level[1].sens = le32_to_cpu(buf[1]);
972 	else
973 		r->level[1].sens = r->level[0].sens;
974 
975 	rc = ebitmap_read(&r->level[0].cat, fp);
976 	if (rc) {
977 		pr_err("SELinux: mls:  error reading low categories\n");
978 		goto out;
979 	}
980 	if (items > 1) {
981 		rc = ebitmap_read(&r->level[1].cat, fp);
982 		if (rc) {
983 			pr_err("SELinux: mls:  error reading high categories\n");
984 			goto bad_high;
985 		}
986 	} else {
987 		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
988 		if (rc) {
989 			pr_err("SELinux: mls:  out of memory\n");
990 			goto bad_high;
991 		}
992 	}
993 
994 	return 0;
995 bad_high:
996 	ebitmap_destroy(&r->level[0].cat);
997 out:
998 	return rc;
999 }
1000 
1001 /*
1002  * Read and validate a security context structure
1003  * from a policydb binary representation file.
1004  */
1005 static int context_read_and_validate(struct context *c,
1006 				     struct policydb *p,
1007 				     void *fp)
1008 {
1009 	__le32 buf[3];
1010 	int rc;
1011 
1012 	rc = next_entry(buf, fp, sizeof buf);
1013 	if (rc) {
1014 		pr_err("SELinux: context truncated\n");
1015 		goto out;
1016 	}
1017 	c->user = le32_to_cpu(buf[0]);
1018 	c->role = le32_to_cpu(buf[1]);
1019 	c->type = le32_to_cpu(buf[2]);
1020 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1021 		rc = mls_read_range_helper(&c->range, fp);
1022 		if (rc) {
1023 			pr_err("SELinux: error reading MLS range of context\n");
1024 			goto out;
1025 		}
1026 	}
1027 
1028 	rc = -EINVAL;
1029 	if (!policydb_context_isvalid(p, c)) {
1030 		pr_err("SELinux:  invalid security context\n");
1031 		context_destroy(c);
1032 		goto out;
1033 	}
1034 	rc = 0;
1035 out:
1036 	return rc;
1037 }
1038 
1039 /*
1040  * The following *_read functions are used to
1041  * read the symbol data from a policy database
1042  * binary representation file.
1043  */
1044 
1045 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1046 {
1047 	int rc;
1048 	char *str;
1049 
1050 	if ((len == 0) || (len == (u32)-1))
1051 		return -EINVAL;
1052 
1053 	str = kmalloc(len + 1, flags | __GFP_NOWARN);
1054 	if (!str)
1055 		return -ENOMEM;
1056 
1057 	rc = next_entry(str, fp, len);
1058 	if (rc) {
1059 		kfree(str);
1060 		return rc;
1061 	}
1062 
1063 	str[len] = '\0';
1064 	*strp = str;
1065 	return 0;
1066 }
1067 
1068 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
1069 {
1070 	char *key = NULL;
1071 	struct perm_datum *perdatum;
1072 	int rc;
1073 	__le32 buf[2];
1074 	u32 len;
1075 
1076 	perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1077 	if (!perdatum)
1078 		return -ENOMEM;
1079 
1080 	rc = next_entry(buf, fp, sizeof buf);
1081 	if (rc)
1082 		goto bad;
1083 
1084 	len = le32_to_cpu(buf[0]);
1085 	perdatum->value = le32_to_cpu(buf[1]);
1086 
1087 	rc = str_read(&key, GFP_KERNEL, fp, len);
1088 	if (rc)
1089 		goto bad;
1090 
1091 	rc = hashtab_insert(h, key, perdatum);
1092 	if (rc)
1093 		goto bad;
1094 
1095 	return 0;
1096 bad:
1097 	perm_destroy(key, perdatum, NULL);
1098 	return rc;
1099 }
1100 
1101 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
1102 {
1103 	char *key = NULL;
1104 	struct common_datum *comdatum;
1105 	__le32 buf[4];
1106 	u32 len, nel;
1107 	int i, rc;
1108 
1109 	comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1110 	if (!comdatum)
1111 		return -ENOMEM;
1112 
1113 	rc = next_entry(buf, fp, sizeof buf);
1114 	if (rc)
1115 		goto bad;
1116 
1117 	len = le32_to_cpu(buf[0]);
1118 	comdatum->value = le32_to_cpu(buf[1]);
1119 	nel = le32_to_cpu(buf[3]);
1120 
1121 	rc = symtab_init(&comdatum->permissions, nel);
1122 	if (rc)
1123 		goto bad;
1124 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1125 
1126 	rc = str_read(&key, GFP_KERNEL, fp, len);
1127 	if (rc)
1128 		goto bad;
1129 
1130 	for (i = 0; i < nel; i++) {
1131 		rc = perm_read(p, &comdatum->permissions.table, fp);
1132 		if (rc)
1133 			goto bad;
1134 	}
1135 
1136 	rc = hashtab_insert(h, key, comdatum);
1137 	if (rc)
1138 		goto bad;
1139 	return 0;
1140 bad:
1141 	common_destroy(key, comdatum, NULL);
1142 	return rc;
1143 }
1144 
1145 static void type_set_init(struct type_set *t)
1146 {
1147 	ebitmap_init(&t->types);
1148 	ebitmap_init(&t->negset);
1149 }
1150 
1151 static int type_set_read(struct type_set *t, void *fp)
1152 {
1153 	__le32 buf[1];
1154 	int rc;
1155 
1156 	if (ebitmap_read(&t->types, fp))
1157 		return -EINVAL;
1158 	if (ebitmap_read(&t->negset, fp))
1159 		return -EINVAL;
1160 
1161 	rc = next_entry(buf, fp, sizeof(u32));
1162 	if (rc < 0)
1163 		return -EINVAL;
1164 	t->flags = le32_to_cpu(buf[0]);
1165 
1166 	return 0;
1167 }
1168 
1169 
1170 static int read_cons_helper(struct policydb *p,
1171 				struct constraint_node **nodep,
1172 				int ncons, int allowxtarget, void *fp)
1173 {
1174 	struct constraint_node *c, *lc;
1175 	struct constraint_expr *e, *le;
1176 	__le32 buf[3];
1177 	u32 nexpr;
1178 	int rc, i, j, depth;
1179 
1180 	lc = NULL;
1181 	for (i = 0; i < ncons; i++) {
1182 		c = kzalloc(sizeof(*c), GFP_KERNEL);
1183 		if (!c)
1184 			return -ENOMEM;
1185 
1186 		if (lc)
1187 			lc->next = c;
1188 		else
1189 			*nodep = c;
1190 
1191 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1192 		if (rc)
1193 			return rc;
1194 		c->permissions = le32_to_cpu(buf[0]);
1195 		nexpr = le32_to_cpu(buf[1]);
1196 		le = NULL;
1197 		depth = -1;
1198 		for (j = 0; j < nexpr; j++) {
1199 			e = kzalloc(sizeof(*e), GFP_KERNEL);
1200 			if (!e)
1201 				return -ENOMEM;
1202 
1203 			if (le)
1204 				le->next = e;
1205 			else
1206 				c->expr = e;
1207 
1208 			rc = next_entry(buf, fp, (sizeof(u32) * 3));
1209 			if (rc)
1210 				return rc;
1211 			e->expr_type = le32_to_cpu(buf[0]);
1212 			e->attr = le32_to_cpu(buf[1]);
1213 			e->op = le32_to_cpu(buf[2]);
1214 
1215 			switch (e->expr_type) {
1216 			case CEXPR_NOT:
1217 				if (depth < 0)
1218 					return -EINVAL;
1219 				break;
1220 			case CEXPR_AND:
1221 			case CEXPR_OR:
1222 				if (depth < 1)
1223 					return -EINVAL;
1224 				depth--;
1225 				break;
1226 			case CEXPR_ATTR:
1227 				if (depth == (CEXPR_MAXDEPTH - 1))
1228 					return -EINVAL;
1229 				depth++;
1230 				break;
1231 			case CEXPR_NAMES:
1232 				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1233 					return -EINVAL;
1234 				if (depth == (CEXPR_MAXDEPTH - 1))
1235 					return -EINVAL;
1236 				depth++;
1237 				rc = ebitmap_read(&e->names, fp);
1238 				if (rc)
1239 					return rc;
1240 				if (p->policyvers >=
1241 				    POLICYDB_VERSION_CONSTRAINT_NAMES) {
1242 					e->type_names = kzalloc(sizeof
1243 						(*e->type_names), GFP_KERNEL);
1244 					if (!e->type_names)
1245 						return -ENOMEM;
1246 					type_set_init(e->type_names);
1247 					rc = type_set_read(e->type_names, fp);
1248 					if (rc)
1249 						return rc;
1250 				}
1251 				break;
1252 			default:
1253 				return -EINVAL;
1254 			}
1255 			le = e;
1256 		}
1257 		if (depth != 0)
1258 			return -EINVAL;
1259 		lc = c;
1260 	}
1261 
1262 	return 0;
1263 }
1264 
1265 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1266 {
1267 	char *key = NULL;
1268 	struct class_datum *cladatum;
1269 	__le32 buf[6];
1270 	u32 len, len2, ncons, nel;
1271 	int i, rc;
1272 
1273 	cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1274 	if (!cladatum)
1275 		return -ENOMEM;
1276 
1277 	rc = next_entry(buf, fp, sizeof(u32)*6);
1278 	if (rc)
1279 		goto bad;
1280 
1281 	len = le32_to_cpu(buf[0]);
1282 	len2 = le32_to_cpu(buf[1]);
1283 	cladatum->value = le32_to_cpu(buf[2]);
1284 	nel = le32_to_cpu(buf[4]);
1285 
1286 	rc = symtab_init(&cladatum->permissions, nel);
1287 	if (rc)
1288 		goto bad;
1289 	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1290 
1291 	ncons = le32_to_cpu(buf[5]);
1292 
1293 	rc = str_read(&key, GFP_KERNEL, fp, len);
1294 	if (rc)
1295 		goto bad;
1296 
1297 	if (len2) {
1298 		rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1299 		if (rc)
1300 			goto bad;
1301 
1302 		rc = -EINVAL;
1303 		cladatum->comdatum = hashtab_search(&p->p_commons.table,
1304 						    cladatum->comkey);
1305 		if (!cladatum->comdatum) {
1306 			pr_err("SELinux:  unknown common %s\n",
1307 			       cladatum->comkey);
1308 			goto bad;
1309 		}
1310 	}
1311 	for (i = 0; i < nel; i++) {
1312 		rc = perm_read(p, &cladatum->permissions.table, fp);
1313 		if (rc)
1314 			goto bad;
1315 	}
1316 
1317 	rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1318 	if (rc)
1319 		goto bad;
1320 
1321 	if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1322 		/* grab the validatetrans rules */
1323 		rc = next_entry(buf, fp, sizeof(u32));
1324 		if (rc)
1325 			goto bad;
1326 		ncons = le32_to_cpu(buf[0]);
1327 		rc = read_cons_helper(p, &cladatum->validatetrans,
1328 				ncons, 1, fp);
1329 		if (rc)
1330 			goto bad;
1331 	}
1332 
1333 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1334 		rc = next_entry(buf, fp, sizeof(u32) * 3);
1335 		if (rc)
1336 			goto bad;
1337 
1338 		cladatum->default_user = le32_to_cpu(buf[0]);
1339 		cladatum->default_role = le32_to_cpu(buf[1]);
1340 		cladatum->default_range = le32_to_cpu(buf[2]);
1341 	}
1342 
1343 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1344 		rc = next_entry(buf, fp, sizeof(u32) * 1);
1345 		if (rc)
1346 			goto bad;
1347 		cladatum->default_type = le32_to_cpu(buf[0]);
1348 	}
1349 
1350 	rc = hashtab_insert(h, key, cladatum);
1351 	if (rc)
1352 		goto bad;
1353 
1354 	return 0;
1355 bad:
1356 	cls_destroy(key, cladatum, NULL);
1357 	return rc;
1358 }
1359 
1360 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1361 {
1362 	char *key = NULL;
1363 	struct role_datum *role;
1364 	int rc, to_read = 2;
1365 	__le32 buf[3];
1366 	u32 len;
1367 
1368 	role = kzalloc(sizeof(*role), GFP_KERNEL);
1369 	if (!role)
1370 		return -ENOMEM;
1371 
1372 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1373 		to_read = 3;
1374 
1375 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1376 	if (rc)
1377 		goto bad;
1378 
1379 	len = le32_to_cpu(buf[0]);
1380 	role->value = le32_to_cpu(buf[1]);
1381 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1382 		role->bounds = le32_to_cpu(buf[2]);
1383 
1384 	rc = str_read(&key, GFP_KERNEL, fp, len);
1385 	if (rc)
1386 		goto bad;
1387 
1388 	rc = ebitmap_read(&role->dominates, fp);
1389 	if (rc)
1390 		goto bad;
1391 
1392 	rc = ebitmap_read(&role->types, fp);
1393 	if (rc)
1394 		goto bad;
1395 
1396 	if (strcmp(key, OBJECT_R) == 0) {
1397 		rc = -EINVAL;
1398 		if (role->value != OBJECT_R_VAL) {
1399 			pr_err("SELinux: Role %s has wrong value %d\n",
1400 			       OBJECT_R, role->value);
1401 			goto bad;
1402 		}
1403 		rc = 0;
1404 		goto bad;
1405 	}
1406 
1407 	rc = hashtab_insert(h, key, role);
1408 	if (rc)
1409 		goto bad;
1410 	return 0;
1411 bad:
1412 	role_destroy(key, role, NULL);
1413 	return rc;
1414 }
1415 
1416 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1417 {
1418 	char *key = NULL;
1419 	struct type_datum *typdatum;
1420 	int rc, to_read = 3;
1421 	__le32 buf[4];
1422 	u32 len;
1423 
1424 	typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1425 	if (!typdatum)
1426 		return -ENOMEM;
1427 
1428 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1429 		to_read = 4;
1430 
1431 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1432 	if (rc)
1433 		goto bad;
1434 
1435 	len = le32_to_cpu(buf[0]);
1436 	typdatum->value = le32_to_cpu(buf[1]);
1437 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1438 		u32 prop = le32_to_cpu(buf[2]);
1439 
1440 		if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1441 			typdatum->primary = 1;
1442 		if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1443 			typdatum->attribute = 1;
1444 
1445 		typdatum->bounds = le32_to_cpu(buf[3]);
1446 	} else {
1447 		typdatum->primary = le32_to_cpu(buf[2]);
1448 	}
1449 
1450 	rc = str_read(&key, GFP_KERNEL, fp, len);
1451 	if (rc)
1452 		goto bad;
1453 
1454 	rc = hashtab_insert(h, key, typdatum);
1455 	if (rc)
1456 		goto bad;
1457 	return 0;
1458 bad:
1459 	type_destroy(key, typdatum, NULL);
1460 	return rc;
1461 }
1462 
1463 
1464 /*
1465  * Read a MLS level structure from a policydb binary
1466  * representation file.
1467  */
1468 static int mls_read_level(struct mls_level *lp, void *fp)
1469 {
1470 	__le32 buf[1];
1471 	int rc;
1472 
1473 	memset(lp, 0, sizeof(*lp));
1474 
1475 	rc = next_entry(buf, fp, sizeof buf);
1476 	if (rc) {
1477 		pr_err("SELinux: mls: truncated level\n");
1478 		return rc;
1479 	}
1480 	lp->sens = le32_to_cpu(buf[0]);
1481 
1482 	rc = ebitmap_read(&lp->cat, fp);
1483 	if (rc) {
1484 		pr_err("SELinux: mls:  error reading level categories\n");
1485 		return rc;
1486 	}
1487 	return 0;
1488 }
1489 
1490 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1491 {
1492 	char *key = NULL;
1493 	struct user_datum *usrdatum;
1494 	int rc, to_read = 2;
1495 	__le32 buf[3];
1496 	u32 len;
1497 
1498 	usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1499 	if (!usrdatum)
1500 		return -ENOMEM;
1501 
1502 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1503 		to_read = 3;
1504 
1505 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1506 	if (rc)
1507 		goto bad;
1508 
1509 	len = le32_to_cpu(buf[0]);
1510 	usrdatum->value = le32_to_cpu(buf[1]);
1511 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1512 		usrdatum->bounds = le32_to_cpu(buf[2]);
1513 
1514 	rc = str_read(&key, GFP_KERNEL, fp, len);
1515 	if (rc)
1516 		goto bad;
1517 
1518 	rc = ebitmap_read(&usrdatum->roles, fp);
1519 	if (rc)
1520 		goto bad;
1521 
1522 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1523 		rc = mls_read_range_helper(&usrdatum->range, fp);
1524 		if (rc)
1525 			goto bad;
1526 		rc = mls_read_level(&usrdatum->dfltlevel, fp);
1527 		if (rc)
1528 			goto bad;
1529 	}
1530 
1531 	rc = hashtab_insert(h, key, usrdatum);
1532 	if (rc)
1533 		goto bad;
1534 	return 0;
1535 bad:
1536 	user_destroy(key, usrdatum, NULL);
1537 	return rc;
1538 }
1539 
1540 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1541 {
1542 	char *key = NULL;
1543 	struct level_datum *levdatum;
1544 	int rc;
1545 	__le32 buf[2];
1546 	u32 len;
1547 
1548 	levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1549 	if (!levdatum)
1550 		return -ENOMEM;
1551 
1552 	rc = next_entry(buf, fp, sizeof buf);
1553 	if (rc)
1554 		goto bad;
1555 
1556 	len = le32_to_cpu(buf[0]);
1557 	levdatum->isalias = le32_to_cpu(buf[1]);
1558 
1559 	rc = str_read(&key, GFP_ATOMIC, fp, len);
1560 	if (rc)
1561 		goto bad;
1562 
1563 	rc = -ENOMEM;
1564 	levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
1565 	if (!levdatum->level)
1566 		goto bad;
1567 
1568 	rc = mls_read_level(levdatum->level, fp);
1569 	if (rc)
1570 		goto bad;
1571 
1572 	rc = hashtab_insert(h, key, levdatum);
1573 	if (rc)
1574 		goto bad;
1575 	return 0;
1576 bad:
1577 	sens_destroy(key, levdatum, NULL);
1578 	return rc;
1579 }
1580 
1581 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1582 {
1583 	char *key = NULL;
1584 	struct cat_datum *catdatum;
1585 	int rc;
1586 	__le32 buf[3];
1587 	u32 len;
1588 
1589 	catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1590 	if (!catdatum)
1591 		return -ENOMEM;
1592 
1593 	rc = next_entry(buf, fp, sizeof buf);
1594 	if (rc)
1595 		goto bad;
1596 
1597 	len = le32_to_cpu(buf[0]);
1598 	catdatum->value = le32_to_cpu(buf[1]);
1599 	catdatum->isalias = le32_to_cpu(buf[2]);
1600 
1601 	rc = str_read(&key, GFP_ATOMIC, fp, len);
1602 	if (rc)
1603 		goto bad;
1604 
1605 	rc = hashtab_insert(h, key, catdatum);
1606 	if (rc)
1607 		goto bad;
1608 	return 0;
1609 bad:
1610 	cat_destroy(key, catdatum, NULL);
1611 	return rc;
1612 }
1613 
1614 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1615 {
1616 	common_read,
1617 	class_read,
1618 	role_read,
1619 	type_read,
1620 	user_read,
1621 	cond_read_bool,
1622 	sens_read,
1623 	cat_read,
1624 };
1625 
1626 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1627 {
1628 	struct user_datum *upper, *user;
1629 	struct policydb *p = datap;
1630 	int depth = 0;
1631 
1632 	upper = user = datum;
1633 	while (upper->bounds) {
1634 		struct ebitmap_node *node;
1635 		unsigned long bit;
1636 
1637 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1638 			pr_err("SELinux: user %s: "
1639 			       "too deep or looped boundary",
1640 			       (char *) key);
1641 			return -EINVAL;
1642 		}
1643 
1644 		upper = p->user_val_to_struct[upper->bounds - 1];
1645 		ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1646 			if (ebitmap_get_bit(&upper->roles, bit))
1647 				continue;
1648 
1649 			pr_err("SELinux: boundary violated policy: "
1650 			       "user=%s role=%s bounds=%s\n",
1651 			       sym_name(p, SYM_USERS, user->value - 1),
1652 			       sym_name(p, SYM_ROLES, bit),
1653 			       sym_name(p, SYM_USERS, upper->value - 1));
1654 
1655 			return -EINVAL;
1656 		}
1657 	}
1658 
1659 	return 0;
1660 }
1661 
1662 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1663 {
1664 	struct role_datum *upper, *role;
1665 	struct policydb *p = datap;
1666 	int depth = 0;
1667 
1668 	upper = role = datum;
1669 	while (upper->bounds) {
1670 		struct ebitmap_node *node;
1671 		unsigned long bit;
1672 
1673 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1674 			pr_err("SELinux: role %s: "
1675 			       "too deep or looped bounds\n",
1676 			       (char *) key);
1677 			return -EINVAL;
1678 		}
1679 
1680 		upper = p->role_val_to_struct[upper->bounds - 1];
1681 		ebitmap_for_each_positive_bit(&role->types, node, bit) {
1682 			if (ebitmap_get_bit(&upper->types, bit))
1683 				continue;
1684 
1685 			pr_err("SELinux: boundary violated policy: "
1686 			       "role=%s type=%s bounds=%s\n",
1687 			       sym_name(p, SYM_ROLES, role->value - 1),
1688 			       sym_name(p, SYM_TYPES, bit),
1689 			       sym_name(p, SYM_ROLES, upper->value - 1));
1690 
1691 			return -EINVAL;
1692 		}
1693 	}
1694 
1695 	return 0;
1696 }
1697 
1698 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1699 {
1700 	struct type_datum *upper;
1701 	struct policydb *p = datap;
1702 	int depth = 0;
1703 
1704 	upper = datum;
1705 	while (upper->bounds) {
1706 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1707 			pr_err("SELinux: type %s: "
1708 			       "too deep or looped boundary\n",
1709 			       (char *) key);
1710 			return -EINVAL;
1711 		}
1712 
1713 		upper = p->type_val_to_struct[upper->bounds - 1];
1714 		BUG_ON(!upper);
1715 
1716 		if (upper->attribute) {
1717 			pr_err("SELinux: type %s: "
1718 			       "bounded by attribute %s",
1719 			       (char *) key,
1720 			       sym_name(p, SYM_TYPES, upper->value - 1));
1721 			return -EINVAL;
1722 		}
1723 	}
1724 
1725 	return 0;
1726 }
1727 
1728 static int policydb_bounds_sanity_check(struct policydb *p)
1729 {
1730 	int rc;
1731 
1732 	if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1733 		return 0;
1734 
1735 	rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1736 	if (rc)
1737 		return rc;
1738 
1739 	rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1740 	if (rc)
1741 		return rc;
1742 
1743 	rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1744 	if (rc)
1745 		return rc;
1746 
1747 	return 0;
1748 }
1749 
1750 u16 string_to_security_class(struct policydb *p, const char *name)
1751 {
1752 	struct class_datum *cladatum;
1753 
1754 	cladatum = hashtab_search(&p->p_classes.table, name);
1755 	if (!cladatum)
1756 		return 0;
1757 
1758 	return cladatum->value;
1759 }
1760 
1761 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1762 {
1763 	struct class_datum *cladatum;
1764 	struct perm_datum *perdatum = NULL;
1765 	struct common_datum *comdatum;
1766 
1767 	if (!tclass || tclass > p->p_classes.nprim)
1768 		return 0;
1769 
1770 	cladatum = p->class_val_to_struct[tclass-1];
1771 	comdatum = cladatum->comdatum;
1772 	if (comdatum)
1773 		perdatum = hashtab_search(&comdatum->permissions.table, name);
1774 	if (!perdatum)
1775 		perdatum = hashtab_search(&cladatum->permissions.table, name);
1776 	if (!perdatum)
1777 		return 0;
1778 
1779 	return 1U << (perdatum->value-1);
1780 }
1781 
1782 static int range_read(struct policydb *p, void *fp)
1783 {
1784 	struct range_trans *rt = NULL;
1785 	struct mls_range *r = NULL;
1786 	int i, rc;
1787 	__le32 buf[2];
1788 	u32 nel;
1789 
1790 	if (p->policyvers < POLICYDB_VERSION_MLS)
1791 		return 0;
1792 
1793 	rc = next_entry(buf, fp, sizeof(u32));
1794 	if (rc)
1795 		return rc;
1796 
1797 	nel = le32_to_cpu(buf[0]);
1798 
1799 	rc = hashtab_init(&p->range_tr, rangetr_hash, rangetr_cmp, nel);
1800 	if (rc)
1801 		return rc;
1802 
1803 	for (i = 0; i < nel; i++) {
1804 		rc = -ENOMEM;
1805 		rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1806 		if (!rt)
1807 			goto out;
1808 
1809 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1810 		if (rc)
1811 			goto out;
1812 
1813 		rt->source_type = le32_to_cpu(buf[0]);
1814 		rt->target_type = le32_to_cpu(buf[1]);
1815 		if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1816 			rc = next_entry(buf, fp, sizeof(u32));
1817 			if (rc)
1818 				goto out;
1819 			rt->target_class = le32_to_cpu(buf[0]);
1820 		} else
1821 			rt->target_class = p->process_class;
1822 
1823 		rc = -EINVAL;
1824 		if (!policydb_type_isvalid(p, rt->source_type) ||
1825 		    !policydb_type_isvalid(p, rt->target_type) ||
1826 		    !policydb_class_isvalid(p, rt->target_class))
1827 			goto out;
1828 
1829 		rc = -ENOMEM;
1830 		r = kzalloc(sizeof(*r), GFP_KERNEL);
1831 		if (!r)
1832 			goto out;
1833 
1834 		rc = mls_read_range_helper(r, fp);
1835 		if (rc)
1836 			goto out;
1837 
1838 		rc = -EINVAL;
1839 		if (!mls_range_isvalid(p, r)) {
1840 			pr_warn("SELinux:  rangetrans:  invalid range\n");
1841 			goto out;
1842 		}
1843 
1844 		rc = hashtab_insert(&p->range_tr, rt, r);
1845 		if (rc)
1846 			goto out;
1847 
1848 		rt = NULL;
1849 		r = NULL;
1850 	}
1851 	hash_eval(&p->range_tr, "rangetr");
1852 	rc = 0;
1853 out:
1854 	kfree(rt);
1855 	kfree(r);
1856 	return rc;
1857 }
1858 
1859 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1860 {
1861 	struct filename_trans_key key, *ft = NULL;
1862 	struct filename_trans_datum *last, *datum = NULL;
1863 	char *name = NULL;
1864 	u32 len, stype, otype;
1865 	__le32 buf[4];
1866 	int rc;
1867 
1868 	/* length of the path component string */
1869 	rc = next_entry(buf, fp, sizeof(u32));
1870 	if (rc)
1871 		return rc;
1872 	len = le32_to_cpu(buf[0]);
1873 
1874 	/* path component string */
1875 	rc = str_read(&name, GFP_KERNEL, fp, len);
1876 	if (rc)
1877 		return rc;
1878 
1879 	rc = next_entry(buf, fp, sizeof(u32) * 4);
1880 	if (rc)
1881 		goto out;
1882 
1883 	stype = le32_to_cpu(buf[0]);
1884 	key.ttype = le32_to_cpu(buf[1]);
1885 	key.tclass = le32_to_cpu(buf[2]);
1886 	key.name = name;
1887 
1888 	otype = le32_to_cpu(buf[3]);
1889 
1890 	last = NULL;
1891 	datum = hashtab_search(&p->filename_trans, &key);
1892 	while (datum) {
1893 		if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1894 			/* conflicting/duplicate rules are ignored */
1895 			datum = NULL;
1896 			goto out;
1897 		}
1898 		if (likely(datum->otype == otype))
1899 			break;
1900 		last = datum;
1901 		datum = datum->next;
1902 	}
1903 	if (!datum) {
1904 		rc = -ENOMEM;
1905 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1906 		if (!datum)
1907 			goto out;
1908 
1909 		ebitmap_init(&datum->stypes);
1910 		datum->otype = otype;
1911 		datum->next = NULL;
1912 
1913 		if (unlikely(last)) {
1914 			last->next = datum;
1915 		} else {
1916 			rc = -ENOMEM;
1917 			ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1918 			if (!ft)
1919 				goto out;
1920 
1921 			rc = hashtab_insert(&p->filename_trans, ft, datum);
1922 			if (rc)
1923 				goto out;
1924 			name = NULL;
1925 
1926 			rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1927 					     key.ttype, 1);
1928 			if (rc)
1929 				return rc;
1930 		}
1931 	}
1932 	kfree(name);
1933 	return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1934 
1935 out:
1936 	kfree(ft);
1937 	kfree(name);
1938 	kfree(datum);
1939 	return rc;
1940 }
1941 
1942 static int filename_trans_read_helper(struct policydb *p, void *fp)
1943 {
1944 	struct filename_trans_key *ft = NULL;
1945 	struct filename_trans_datum **dst, *datum, *first = NULL;
1946 	char *name = NULL;
1947 	u32 len, ttype, tclass, ndatum, i;
1948 	__le32 buf[3];
1949 	int rc;
1950 
1951 	/* length of the path component string */
1952 	rc = next_entry(buf, fp, sizeof(u32));
1953 	if (rc)
1954 		return rc;
1955 	len = le32_to_cpu(buf[0]);
1956 
1957 	/* path component string */
1958 	rc = str_read(&name, GFP_KERNEL, fp, len);
1959 	if (rc)
1960 		return rc;
1961 
1962 	rc = next_entry(buf, fp, sizeof(u32) * 3);
1963 	if (rc)
1964 		goto out;
1965 
1966 	ttype = le32_to_cpu(buf[0]);
1967 	tclass = le32_to_cpu(buf[1]);
1968 
1969 	ndatum = le32_to_cpu(buf[2]);
1970 	if (ndatum == 0) {
1971 		pr_err("SELinux:  Filename transition key with no datum\n");
1972 		rc = -ENOENT;
1973 		goto out;
1974 	}
1975 
1976 	dst = &first;
1977 	for (i = 0; i < ndatum; i++) {
1978 		rc = -ENOMEM;
1979 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1980 		if (!datum)
1981 			goto out;
1982 
1983 		*dst = datum;
1984 
1985 		/* ebitmap_read() will at least init the bitmap */
1986 		rc = ebitmap_read(&datum->stypes, fp);
1987 		if (rc)
1988 			goto out;
1989 
1990 		rc = next_entry(buf, fp, sizeof(u32));
1991 		if (rc)
1992 			goto out;
1993 
1994 		datum->otype = le32_to_cpu(buf[0]);
1995 		datum->next = NULL;
1996 
1997 		dst = &datum->next;
1998 	}
1999 
2000 	rc = -ENOMEM;
2001 	ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2002 	if (!ft)
2003 		goto out;
2004 
2005 	ft->ttype = ttype;
2006 	ft->tclass = tclass;
2007 	ft->name = name;
2008 
2009 	rc = hashtab_insert(&p->filename_trans, ft, first);
2010 	if (rc == -EEXIST)
2011 		pr_err("SELinux:  Duplicate filename transition key\n");
2012 	if (rc)
2013 		goto out;
2014 
2015 	return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2016 
2017 out:
2018 	kfree(ft);
2019 	kfree(name);
2020 	while (first) {
2021 		datum = first;
2022 		first = first->next;
2023 
2024 		ebitmap_destroy(&datum->stypes);
2025 		kfree(datum);
2026 	}
2027 	return rc;
2028 }
2029 
2030 static int filename_trans_read(struct policydb *p, void *fp)
2031 {
2032 	u32 nel;
2033 	__le32 buf[1];
2034 	int rc, i;
2035 
2036 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2037 		return 0;
2038 
2039 	rc = next_entry(buf, fp, sizeof(u32));
2040 	if (rc)
2041 		return rc;
2042 	nel = le32_to_cpu(buf[0]);
2043 
2044 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2045 		p->compat_filename_trans_count = nel;
2046 
2047 		rc = hashtab_init(&p->filename_trans, filenametr_hash,
2048 				  filenametr_cmp, (1 << 11));
2049 		if (rc)
2050 			return rc;
2051 
2052 		for (i = 0; i < nel; i++) {
2053 			rc = filename_trans_read_helper_compat(p, fp);
2054 			if (rc)
2055 				return rc;
2056 		}
2057 	} else {
2058 		rc = hashtab_init(&p->filename_trans, filenametr_hash,
2059 				  filenametr_cmp, nel);
2060 		if (rc)
2061 			return rc;
2062 
2063 		for (i = 0; i < nel; i++) {
2064 			rc = filename_trans_read_helper(p, fp);
2065 			if (rc)
2066 				return rc;
2067 		}
2068 	}
2069 	hash_eval(&p->filename_trans, "filenametr");
2070 	return 0;
2071 }
2072 
2073 static int genfs_read(struct policydb *p, void *fp)
2074 {
2075 	int i, j, rc;
2076 	u32 nel, nel2, len, len2;
2077 	__le32 buf[1];
2078 	struct ocontext *l, *c;
2079 	struct ocontext *newc = NULL;
2080 	struct genfs *genfs_p, *genfs;
2081 	struct genfs *newgenfs = NULL;
2082 
2083 	rc = next_entry(buf, fp, sizeof(u32));
2084 	if (rc)
2085 		return rc;
2086 	nel = le32_to_cpu(buf[0]);
2087 
2088 	for (i = 0; i < nel; i++) {
2089 		rc = next_entry(buf, fp, sizeof(u32));
2090 		if (rc)
2091 			goto out;
2092 		len = le32_to_cpu(buf[0]);
2093 
2094 		rc = -ENOMEM;
2095 		newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2096 		if (!newgenfs)
2097 			goto out;
2098 
2099 		rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2100 		if (rc)
2101 			goto out;
2102 
2103 		for (genfs_p = NULL, genfs = p->genfs; genfs;
2104 		     genfs_p = genfs, genfs = genfs->next) {
2105 			rc = -EINVAL;
2106 			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2107 				pr_err("SELinux:  dup genfs fstype %s\n",
2108 				       newgenfs->fstype);
2109 				goto out;
2110 			}
2111 			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2112 				break;
2113 		}
2114 		newgenfs->next = genfs;
2115 		if (genfs_p)
2116 			genfs_p->next = newgenfs;
2117 		else
2118 			p->genfs = newgenfs;
2119 		genfs = newgenfs;
2120 		newgenfs = NULL;
2121 
2122 		rc = next_entry(buf, fp, sizeof(u32));
2123 		if (rc)
2124 			goto out;
2125 
2126 		nel2 = le32_to_cpu(buf[0]);
2127 		for (j = 0; j < nel2; j++) {
2128 			rc = next_entry(buf, fp, sizeof(u32));
2129 			if (rc)
2130 				goto out;
2131 			len = le32_to_cpu(buf[0]);
2132 
2133 			rc = -ENOMEM;
2134 			newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2135 			if (!newc)
2136 				goto out;
2137 
2138 			rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2139 			if (rc)
2140 				goto out;
2141 
2142 			rc = next_entry(buf, fp, sizeof(u32));
2143 			if (rc)
2144 				goto out;
2145 
2146 			newc->v.sclass = le32_to_cpu(buf[0]);
2147 			rc = context_read_and_validate(&newc->context[0], p, fp);
2148 			if (rc)
2149 				goto out;
2150 
2151 			for (l = NULL, c = genfs->head; c;
2152 			     l = c, c = c->next) {
2153 				rc = -EINVAL;
2154 				if (!strcmp(newc->u.name, c->u.name) &&
2155 				    (!c->v.sclass || !newc->v.sclass ||
2156 				     newc->v.sclass == c->v.sclass)) {
2157 					pr_err("SELinux:  dup genfs entry (%s,%s)\n",
2158 					       genfs->fstype, c->u.name);
2159 					goto out;
2160 				}
2161 				len = strlen(newc->u.name);
2162 				len2 = strlen(c->u.name);
2163 				if (len > len2)
2164 					break;
2165 			}
2166 
2167 			newc->next = c;
2168 			if (l)
2169 				l->next = newc;
2170 			else
2171 				genfs->head = newc;
2172 			newc = NULL;
2173 		}
2174 	}
2175 	rc = 0;
2176 out:
2177 	if (newgenfs) {
2178 		kfree(newgenfs->fstype);
2179 		kfree(newgenfs);
2180 	}
2181 	ocontext_destroy(newc, OCON_FSUSE);
2182 
2183 	return rc;
2184 }
2185 
2186 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
2187 			 void *fp)
2188 {
2189 	int i, j, rc;
2190 	u32 nel, len;
2191 	__be64 prefixbuf[1];
2192 	__le32 buf[3];
2193 	struct ocontext *l, *c;
2194 	u32 nodebuf[8];
2195 
2196 	for (i = 0; i < info->ocon_num; i++) {
2197 		rc = next_entry(buf, fp, sizeof(u32));
2198 		if (rc)
2199 			goto out;
2200 		nel = le32_to_cpu(buf[0]);
2201 
2202 		l = NULL;
2203 		for (j = 0; j < nel; j++) {
2204 			rc = -ENOMEM;
2205 			c = kzalloc(sizeof(*c), GFP_KERNEL);
2206 			if (!c)
2207 				goto out;
2208 			if (l)
2209 				l->next = c;
2210 			else
2211 				p->ocontexts[i] = c;
2212 			l = c;
2213 
2214 			switch (i) {
2215 			case OCON_ISID:
2216 				rc = next_entry(buf, fp, sizeof(u32));
2217 				if (rc)
2218 					goto out;
2219 
2220 				c->sid[0] = le32_to_cpu(buf[0]);
2221 				rc = context_read_and_validate(&c->context[0], p, fp);
2222 				if (rc)
2223 					goto out;
2224 				break;
2225 			case OCON_FS:
2226 			case OCON_NETIF:
2227 				rc = next_entry(buf, fp, sizeof(u32));
2228 				if (rc)
2229 					goto out;
2230 				len = le32_to_cpu(buf[0]);
2231 
2232 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2233 				if (rc)
2234 					goto out;
2235 
2236 				rc = context_read_and_validate(&c->context[0], p, fp);
2237 				if (rc)
2238 					goto out;
2239 				rc = context_read_and_validate(&c->context[1], p, fp);
2240 				if (rc)
2241 					goto out;
2242 				break;
2243 			case OCON_PORT:
2244 				rc = next_entry(buf, fp, sizeof(u32)*3);
2245 				if (rc)
2246 					goto out;
2247 				c->u.port.protocol = le32_to_cpu(buf[0]);
2248 				c->u.port.low_port = le32_to_cpu(buf[1]);
2249 				c->u.port.high_port = le32_to_cpu(buf[2]);
2250 				rc = context_read_and_validate(&c->context[0], p, fp);
2251 				if (rc)
2252 					goto out;
2253 				break;
2254 			case OCON_NODE:
2255 				rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2256 				if (rc)
2257 					goto out;
2258 				c->u.node.addr = nodebuf[0]; /* network order */
2259 				c->u.node.mask = nodebuf[1]; /* network order */
2260 				rc = context_read_and_validate(&c->context[0], p, fp);
2261 				if (rc)
2262 					goto out;
2263 				break;
2264 			case OCON_FSUSE:
2265 				rc = next_entry(buf, fp, sizeof(u32)*2);
2266 				if (rc)
2267 					goto out;
2268 
2269 				rc = -EINVAL;
2270 				c->v.behavior = le32_to_cpu(buf[0]);
2271 				/* Determined at runtime, not in policy DB. */
2272 				if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2273 					goto out;
2274 				if (c->v.behavior > SECURITY_FS_USE_MAX)
2275 					goto out;
2276 
2277 				len = le32_to_cpu(buf[1]);
2278 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2279 				if (rc)
2280 					goto out;
2281 
2282 				rc = context_read_and_validate(&c->context[0], p, fp);
2283 				if (rc)
2284 					goto out;
2285 				break;
2286 			case OCON_NODE6: {
2287 				int k;
2288 
2289 				rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2290 				if (rc)
2291 					goto out;
2292 				for (k = 0; k < 4; k++)
2293 					c->u.node6.addr[k] = nodebuf[k];
2294 				for (k = 0; k < 4; k++)
2295 					c->u.node6.mask[k] = nodebuf[k+4];
2296 				rc = context_read_and_validate(&c->context[0], p, fp);
2297 				if (rc)
2298 					goto out;
2299 				break;
2300 			}
2301 			case OCON_IBPKEY: {
2302 				u32 pkey_lo, pkey_hi;
2303 
2304 				rc = next_entry(prefixbuf, fp, sizeof(u64));
2305 				if (rc)
2306 					goto out;
2307 
2308 				/* we need to have subnet_prefix in CPU order */
2309 				c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2310 
2311 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2312 				if (rc)
2313 					goto out;
2314 
2315 				pkey_lo = le32_to_cpu(buf[0]);
2316 				pkey_hi = le32_to_cpu(buf[1]);
2317 
2318 				if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2319 					rc = -EINVAL;
2320 					goto out;
2321 				}
2322 
2323 				c->u.ibpkey.low_pkey  = pkey_lo;
2324 				c->u.ibpkey.high_pkey = pkey_hi;
2325 
2326 				rc = context_read_and_validate(&c->context[0],
2327 							       p,
2328 							       fp);
2329 				if (rc)
2330 					goto out;
2331 				break;
2332 			}
2333 			case OCON_IBENDPORT: {
2334 				u32 port;
2335 
2336 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2337 				if (rc)
2338 					goto out;
2339 				len = le32_to_cpu(buf[0]);
2340 
2341 				rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2342 				if (rc)
2343 					goto out;
2344 
2345 				port = le32_to_cpu(buf[1]);
2346 				if (port > U8_MAX || port == 0) {
2347 					rc = -EINVAL;
2348 					goto out;
2349 				}
2350 
2351 				c->u.ibendport.port = port;
2352 
2353 				rc = context_read_and_validate(&c->context[0],
2354 							       p,
2355 							       fp);
2356 				if (rc)
2357 					goto out;
2358 				break;
2359 			} /* end case */
2360 			} /* end switch */
2361 		}
2362 	}
2363 	rc = 0;
2364 out:
2365 	return rc;
2366 }
2367 
2368 /*
2369  * Read the configuration data from a policy database binary
2370  * representation file into a policy database structure.
2371  */
2372 int policydb_read(struct policydb *p, void *fp)
2373 {
2374 	struct role_allow *ra, *lra;
2375 	struct role_trans_key *rtk = NULL;
2376 	struct role_trans_datum *rtd = NULL;
2377 	int i, j, rc;
2378 	__le32 buf[4];
2379 	u32 len, nprim, nel;
2380 
2381 	char *policydb_str;
2382 	struct policydb_compat_info *info;
2383 
2384 	policydb_init(p);
2385 
2386 	/* Read the magic number and string length. */
2387 	rc = next_entry(buf, fp, sizeof(u32) * 2);
2388 	if (rc)
2389 		goto bad;
2390 
2391 	rc = -EINVAL;
2392 	if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2393 		pr_err("SELinux:  policydb magic number 0x%x does "
2394 		       "not match expected magic number 0x%x\n",
2395 		       le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2396 		goto bad;
2397 	}
2398 
2399 	rc = -EINVAL;
2400 	len = le32_to_cpu(buf[1]);
2401 	if (len != strlen(POLICYDB_STRING)) {
2402 		pr_err("SELinux:  policydb string length %d does not "
2403 		       "match expected length %zu\n",
2404 		       len, strlen(POLICYDB_STRING));
2405 		goto bad;
2406 	}
2407 
2408 	rc = -ENOMEM;
2409 	policydb_str = kmalloc(len + 1, GFP_KERNEL);
2410 	if (!policydb_str) {
2411 		pr_err("SELinux:  unable to allocate memory for policydb "
2412 		       "string of length %d\n", len);
2413 		goto bad;
2414 	}
2415 
2416 	rc = next_entry(policydb_str, fp, len);
2417 	if (rc) {
2418 		pr_err("SELinux:  truncated policydb string identifier\n");
2419 		kfree(policydb_str);
2420 		goto bad;
2421 	}
2422 
2423 	rc = -EINVAL;
2424 	policydb_str[len] = '\0';
2425 	if (strcmp(policydb_str, POLICYDB_STRING)) {
2426 		pr_err("SELinux:  policydb string %s does not match "
2427 		       "my string %s\n", policydb_str, POLICYDB_STRING);
2428 		kfree(policydb_str);
2429 		goto bad;
2430 	}
2431 	/* Done with policydb_str. */
2432 	kfree(policydb_str);
2433 	policydb_str = NULL;
2434 
2435 	/* Read the version and table sizes. */
2436 	rc = next_entry(buf, fp, sizeof(u32)*4);
2437 	if (rc)
2438 		goto bad;
2439 
2440 	rc = -EINVAL;
2441 	p->policyvers = le32_to_cpu(buf[0]);
2442 	if (p->policyvers < POLICYDB_VERSION_MIN ||
2443 	    p->policyvers > POLICYDB_VERSION_MAX) {
2444 		pr_err("SELinux:  policydb version %d does not match "
2445 		       "my version range %d-%d\n",
2446 		       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2447 		goto bad;
2448 	}
2449 
2450 	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2451 		p->mls_enabled = 1;
2452 
2453 		rc = -EINVAL;
2454 		if (p->policyvers < POLICYDB_VERSION_MLS) {
2455 			pr_err("SELinux: security policydb version %d "
2456 				"(MLS) not backwards compatible\n",
2457 				p->policyvers);
2458 			goto bad;
2459 		}
2460 	}
2461 	p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2462 	p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2463 
2464 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2465 		rc = ebitmap_read(&p->policycaps, fp);
2466 		if (rc)
2467 			goto bad;
2468 	}
2469 
2470 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2471 		rc = ebitmap_read(&p->permissive_map, fp);
2472 		if (rc)
2473 			goto bad;
2474 	}
2475 
2476 	rc = -EINVAL;
2477 	info = policydb_lookup_compat(p->policyvers);
2478 	if (!info) {
2479 		pr_err("SELinux:  unable to find policy compat info "
2480 		       "for version %d\n", p->policyvers);
2481 		goto bad;
2482 	}
2483 
2484 	rc = -EINVAL;
2485 	if (le32_to_cpu(buf[2]) != info->sym_num ||
2486 		le32_to_cpu(buf[3]) != info->ocon_num) {
2487 		pr_err("SELinux:  policydb table sizes (%d,%d) do "
2488 		       "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2489 			le32_to_cpu(buf[3]),
2490 		       info->sym_num, info->ocon_num);
2491 		goto bad;
2492 	}
2493 
2494 	for (i = 0; i < info->sym_num; i++) {
2495 		rc = next_entry(buf, fp, sizeof(u32)*2);
2496 		if (rc)
2497 			goto bad;
2498 		nprim = le32_to_cpu(buf[0]);
2499 		nel = le32_to_cpu(buf[1]);
2500 
2501 		rc = symtab_init(&p->symtab[i], nel);
2502 		if (rc)
2503 			goto out;
2504 
2505 		if (i == SYM_ROLES) {
2506 			rc = roles_init(p);
2507 			if (rc)
2508 				goto out;
2509 		}
2510 
2511 		for (j = 0; j < nel; j++) {
2512 			rc = read_f[i](p, &p->symtab[i].table, fp);
2513 			if (rc)
2514 				goto bad;
2515 		}
2516 
2517 		p->symtab[i].nprim = nprim;
2518 	}
2519 
2520 	rc = -EINVAL;
2521 	p->process_class = string_to_security_class(p, "process");
2522 	if (!p->process_class)
2523 		goto bad;
2524 
2525 	rc = avtab_read(&p->te_avtab, fp, p);
2526 	if (rc)
2527 		goto bad;
2528 
2529 	if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2530 		rc = cond_read_list(p, fp);
2531 		if (rc)
2532 			goto bad;
2533 	}
2534 
2535 	rc = next_entry(buf, fp, sizeof(u32));
2536 	if (rc)
2537 		goto bad;
2538 	nel = le32_to_cpu(buf[0]);
2539 
2540 	rc = hashtab_init(&p->role_tr, role_trans_hash, role_trans_cmp, nel);
2541 	if (rc)
2542 		goto bad;
2543 	for (i = 0; i < nel; i++) {
2544 		rc = -ENOMEM;
2545 		rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2546 		if (!rtk)
2547 			goto bad;
2548 
2549 		rc = -ENOMEM;
2550 		rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2551 		if (!rtd)
2552 			goto bad;
2553 
2554 		rc = next_entry(buf, fp, sizeof(u32)*3);
2555 		if (rc)
2556 			goto bad;
2557 
2558 		rc = -EINVAL;
2559 		rtk->role = le32_to_cpu(buf[0]);
2560 		rtk->type = le32_to_cpu(buf[1]);
2561 		rtd->new_role = le32_to_cpu(buf[2]);
2562 		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2563 			rc = next_entry(buf, fp, sizeof(u32));
2564 			if (rc)
2565 				goto bad;
2566 			rtk->tclass = le32_to_cpu(buf[0]);
2567 		} else
2568 			rtk->tclass = p->process_class;
2569 
2570 		rc = -EINVAL;
2571 		if (!policydb_role_isvalid(p, rtk->role) ||
2572 		    !policydb_type_isvalid(p, rtk->type) ||
2573 		    !policydb_class_isvalid(p, rtk->tclass) ||
2574 		    !policydb_role_isvalid(p, rtd->new_role))
2575 			goto bad;
2576 
2577 		rc = hashtab_insert(&p->role_tr, rtk, rtd);
2578 		if (rc)
2579 			goto bad;
2580 
2581 		rtk = NULL;
2582 		rtd = NULL;
2583 	}
2584 
2585 	rc = next_entry(buf, fp, sizeof(u32));
2586 	if (rc)
2587 		goto bad;
2588 	nel = le32_to_cpu(buf[0]);
2589 	lra = NULL;
2590 	for (i = 0; i < nel; i++) {
2591 		rc = -ENOMEM;
2592 		ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2593 		if (!ra)
2594 			goto bad;
2595 		if (lra)
2596 			lra->next = ra;
2597 		else
2598 			p->role_allow = ra;
2599 		rc = next_entry(buf, fp, sizeof(u32)*2);
2600 		if (rc)
2601 			goto bad;
2602 
2603 		rc = -EINVAL;
2604 		ra->role = le32_to_cpu(buf[0]);
2605 		ra->new_role = le32_to_cpu(buf[1]);
2606 		if (!policydb_role_isvalid(p, ra->role) ||
2607 		    !policydb_role_isvalid(p, ra->new_role))
2608 			goto bad;
2609 		lra = ra;
2610 	}
2611 
2612 	rc = filename_trans_read(p, fp);
2613 	if (rc)
2614 		goto bad;
2615 
2616 	rc = policydb_index(p);
2617 	if (rc)
2618 		goto bad;
2619 
2620 	rc = -EINVAL;
2621 	p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
2622 	p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
2623 	if (!p->process_trans_perms)
2624 		goto bad;
2625 
2626 	rc = ocontext_read(p, info, fp);
2627 	if (rc)
2628 		goto bad;
2629 
2630 	rc = genfs_read(p, fp);
2631 	if (rc)
2632 		goto bad;
2633 
2634 	rc = range_read(p, fp);
2635 	if (rc)
2636 		goto bad;
2637 
2638 	rc = -ENOMEM;
2639 	p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2640 					  sizeof(*p->type_attr_map_array),
2641 					  GFP_KERNEL);
2642 	if (!p->type_attr_map_array)
2643 		goto bad;
2644 
2645 	/* just in case ebitmap_init() becomes more than just a memset(0): */
2646 	for (i = 0; i < p->p_types.nprim; i++)
2647 		ebitmap_init(&p->type_attr_map_array[i]);
2648 
2649 	for (i = 0; i < p->p_types.nprim; i++) {
2650 		struct ebitmap *e = &p->type_attr_map_array[i];
2651 
2652 		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2653 			rc = ebitmap_read(e, fp);
2654 			if (rc)
2655 				goto bad;
2656 		}
2657 		/* add the type itself as the degenerate case */
2658 		rc = ebitmap_set_bit(e, i, 1);
2659 		if (rc)
2660 			goto bad;
2661 	}
2662 
2663 	rc = policydb_bounds_sanity_check(p);
2664 	if (rc)
2665 		goto bad;
2666 
2667 	rc = 0;
2668 out:
2669 	return rc;
2670 bad:
2671 	kfree(rtk);
2672 	kfree(rtd);
2673 	policydb_destroy(p);
2674 	goto out;
2675 }
2676 
2677 /*
2678  * Write a MLS level structure to a policydb binary
2679  * representation file.
2680  */
2681 static int mls_write_level(struct mls_level *l, void *fp)
2682 {
2683 	__le32 buf[1];
2684 	int rc;
2685 
2686 	buf[0] = cpu_to_le32(l->sens);
2687 	rc = put_entry(buf, sizeof(u32), 1, fp);
2688 	if (rc)
2689 		return rc;
2690 
2691 	rc = ebitmap_write(&l->cat, fp);
2692 	if (rc)
2693 		return rc;
2694 
2695 	return 0;
2696 }
2697 
2698 /*
2699  * Write a MLS range structure to a policydb binary
2700  * representation file.
2701  */
2702 static int mls_write_range_helper(struct mls_range *r, void *fp)
2703 {
2704 	__le32 buf[3];
2705 	size_t items;
2706 	int rc, eq;
2707 
2708 	eq = mls_level_eq(&r->level[1], &r->level[0]);
2709 
2710 	if (eq)
2711 		items = 2;
2712 	else
2713 		items = 3;
2714 	buf[0] = cpu_to_le32(items-1);
2715 	buf[1] = cpu_to_le32(r->level[0].sens);
2716 	if (!eq)
2717 		buf[2] = cpu_to_le32(r->level[1].sens);
2718 
2719 	BUG_ON(items > ARRAY_SIZE(buf));
2720 
2721 	rc = put_entry(buf, sizeof(u32), items, fp);
2722 	if (rc)
2723 		return rc;
2724 
2725 	rc = ebitmap_write(&r->level[0].cat, fp);
2726 	if (rc)
2727 		return rc;
2728 	if (!eq) {
2729 		rc = ebitmap_write(&r->level[1].cat, fp);
2730 		if (rc)
2731 			return rc;
2732 	}
2733 
2734 	return 0;
2735 }
2736 
2737 static int sens_write(void *vkey, void *datum, void *ptr)
2738 {
2739 	char *key = vkey;
2740 	struct level_datum *levdatum = datum;
2741 	struct policy_data *pd = ptr;
2742 	void *fp = pd->fp;
2743 	__le32 buf[2];
2744 	size_t len;
2745 	int rc;
2746 
2747 	len = strlen(key);
2748 	buf[0] = cpu_to_le32(len);
2749 	buf[1] = cpu_to_le32(levdatum->isalias);
2750 	rc = put_entry(buf, sizeof(u32), 2, fp);
2751 	if (rc)
2752 		return rc;
2753 
2754 	rc = put_entry(key, 1, len, fp);
2755 	if (rc)
2756 		return rc;
2757 
2758 	rc = mls_write_level(levdatum->level, fp);
2759 	if (rc)
2760 		return rc;
2761 
2762 	return 0;
2763 }
2764 
2765 static int cat_write(void *vkey, void *datum, void *ptr)
2766 {
2767 	char *key = vkey;
2768 	struct cat_datum *catdatum = datum;
2769 	struct policy_data *pd = ptr;
2770 	void *fp = pd->fp;
2771 	__le32 buf[3];
2772 	size_t len;
2773 	int rc;
2774 
2775 	len = strlen(key);
2776 	buf[0] = cpu_to_le32(len);
2777 	buf[1] = cpu_to_le32(catdatum->value);
2778 	buf[2] = cpu_to_le32(catdatum->isalias);
2779 	rc = put_entry(buf, sizeof(u32), 3, fp);
2780 	if (rc)
2781 		return rc;
2782 
2783 	rc = put_entry(key, 1, len, fp);
2784 	if (rc)
2785 		return rc;
2786 
2787 	return 0;
2788 }
2789 
2790 static int role_trans_write_one(void *key, void *datum, void *ptr)
2791 {
2792 	struct role_trans_key *rtk = key;
2793 	struct role_trans_datum *rtd = datum;
2794 	struct policy_data *pd = ptr;
2795 	void *fp = pd->fp;
2796 	struct policydb *p = pd->p;
2797 	__le32 buf[3];
2798 	int rc;
2799 
2800 	buf[0] = cpu_to_le32(rtk->role);
2801 	buf[1] = cpu_to_le32(rtk->type);
2802 	buf[2] = cpu_to_le32(rtd->new_role);
2803 	rc = put_entry(buf, sizeof(u32), 3, fp);
2804 	if (rc)
2805 		return rc;
2806 	if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2807 		buf[0] = cpu_to_le32(rtk->tclass);
2808 		rc = put_entry(buf, sizeof(u32), 1, fp);
2809 		if (rc)
2810 			return rc;
2811 	}
2812 	return 0;
2813 }
2814 
2815 static int role_trans_write(struct policydb *p, void *fp)
2816 {
2817 	struct policy_data pd = { .p = p, .fp = fp };
2818 	__le32 buf[1];
2819 	int rc;
2820 
2821 	buf[0] = cpu_to_le32(p->role_tr.nel);
2822 	rc = put_entry(buf, sizeof(u32), 1, fp);
2823 	if (rc)
2824 		return rc;
2825 
2826 	return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2827 }
2828 
2829 static int role_allow_write(struct role_allow *r, void *fp)
2830 {
2831 	struct role_allow *ra;
2832 	__le32 buf[2];
2833 	size_t nel;
2834 	int rc;
2835 
2836 	nel = 0;
2837 	for (ra = r; ra; ra = ra->next)
2838 		nel++;
2839 	buf[0] = cpu_to_le32(nel);
2840 	rc = put_entry(buf, sizeof(u32), 1, fp);
2841 	if (rc)
2842 		return rc;
2843 	for (ra = r; ra; ra = ra->next) {
2844 		buf[0] = cpu_to_le32(ra->role);
2845 		buf[1] = cpu_to_le32(ra->new_role);
2846 		rc = put_entry(buf, sizeof(u32), 2, fp);
2847 		if (rc)
2848 			return rc;
2849 	}
2850 	return 0;
2851 }
2852 
2853 /*
2854  * Write a security context structure
2855  * to a policydb binary representation file.
2856  */
2857 static int context_write(struct policydb *p, struct context *c,
2858 			 void *fp)
2859 {
2860 	int rc;
2861 	__le32 buf[3];
2862 
2863 	buf[0] = cpu_to_le32(c->user);
2864 	buf[1] = cpu_to_le32(c->role);
2865 	buf[2] = cpu_to_le32(c->type);
2866 
2867 	rc = put_entry(buf, sizeof(u32), 3, fp);
2868 	if (rc)
2869 		return rc;
2870 
2871 	rc = mls_write_range_helper(&c->range, fp);
2872 	if (rc)
2873 		return rc;
2874 
2875 	return 0;
2876 }
2877 
2878 /*
2879  * The following *_write functions are used to
2880  * write the symbol data to a policy database
2881  * binary representation file.
2882  */
2883 
2884 static int perm_write(void *vkey, void *datum, void *fp)
2885 {
2886 	char *key = vkey;
2887 	struct perm_datum *perdatum = datum;
2888 	__le32 buf[2];
2889 	size_t len;
2890 	int rc;
2891 
2892 	len = strlen(key);
2893 	buf[0] = cpu_to_le32(len);
2894 	buf[1] = cpu_to_le32(perdatum->value);
2895 	rc = put_entry(buf, sizeof(u32), 2, fp);
2896 	if (rc)
2897 		return rc;
2898 
2899 	rc = put_entry(key, 1, len, fp);
2900 	if (rc)
2901 		return rc;
2902 
2903 	return 0;
2904 }
2905 
2906 static int common_write(void *vkey, void *datum, void *ptr)
2907 {
2908 	char *key = vkey;
2909 	struct common_datum *comdatum = datum;
2910 	struct policy_data *pd = ptr;
2911 	void *fp = pd->fp;
2912 	__le32 buf[4];
2913 	size_t len;
2914 	int rc;
2915 
2916 	len = strlen(key);
2917 	buf[0] = cpu_to_le32(len);
2918 	buf[1] = cpu_to_le32(comdatum->value);
2919 	buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2920 	buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2921 	rc = put_entry(buf, sizeof(u32), 4, fp);
2922 	if (rc)
2923 		return rc;
2924 
2925 	rc = put_entry(key, 1, len, fp);
2926 	if (rc)
2927 		return rc;
2928 
2929 	rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2930 	if (rc)
2931 		return rc;
2932 
2933 	return 0;
2934 }
2935 
2936 static int type_set_write(struct type_set *t, void *fp)
2937 {
2938 	int rc;
2939 	__le32 buf[1];
2940 
2941 	if (ebitmap_write(&t->types, fp))
2942 		return -EINVAL;
2943 	if (ebitmap_write(&t->negset, fp))
2944 		return -EINVAL;
2945 
2946 	buf[0] = cpu_to_le32(t->flags);
2947 	rc = put_entry(buf, sizeof(u32), 1, fp);
2948 	if (rc)
2949 		return -EINVAL;
2950 
2951 	return 0;
2952 }
2953 
2954 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2955 			     void *fp)
2956 {
2957 	struct constraint_node *c;
2958 	struct constraint_expr *e;
2959 	__le32 buf[3];
2960 	u32 nel;
2961 	int rc;
2962 
2963 	for (c = node; c; c = c->next) {
2964 		nel = 0;
2965 		for (e = c->expr; e; e = e->next)
2966 			nel++;
2967 		buf[0] = cpu_to_le32(c->permissions);
2968 		buf[1] = cpu_to_le32(nel);
2969 		rc = put_entry(buf, sizeof(u32), 2, fp);
2970 		if (rc)
2971 			return rc;
2972 		for (e = c->expr; e; e = e->next) {
2973 			buf[0] = cpu_to_le32(e->expr_type);
2974 			buf[1] = cpu_to_le32(e->attr);
2975 			buf[2] = cpu_to_le32(e->op);
2976 			rc = put_entry(buf, sizeof(u32), 3, fp);
2977 			if (rc)
2978 				return rc;
2979 
2980 			switch (e->expr_type) {
2981 			case CEXPR_NAMES:
2982 				rc = ebitmap_write(&e->names, fp);
2983 				if (rc)
2984 					return rc;
2985 				if (p->policyvers >=
2986 					POLICYDB_VERSION_CONSTRAINT_NAMES) {
2987 					rc = type_set_write(e->type_names, fp);
2988 					if (rc)
2989 						return rc;
2990 				}
2991 				break;
2992 			default:
2993 				break;
2994 			}
2995 		}
2996 	}
2997 
2998 	return 0;
2999 }
3000 
3001 static int class_write(void *vkey, void *datum, void *ptr)
3002 {
3003 	char *key = vkey;
3004 	struct class_datum *cladatum = datum;
3005 	struct policy_data *pd = ptr;
3006 	void *fp = pd->fp;
3007 	struct policydb *p = pd->p;
3008 	struct constraint_node *c;
3009 	__le32 buf[6];
3010 	u32 ncons;
3011 	size_t len, len2;
3012 	int rc;
3013 
3014 	len = strlen(key);
3015 	if (cladatum->comkey)
3016 		len2 = strlen(cladatum->comkey);
3017 	else
3018 		len2 = 0;
3019 
3020 	ncons = 0;
3021 	for (c = cladatum->constraints; c; c = c->next)
3022 		ncons++;
3023 
3024 	buf[0] = cpu_to_le32(len);
3025 	buf[1] = cpu_to_le32(len2);
3026 	buf[2] = cpu_to_le32(cladatum->value);
3027 	buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3028 	buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3029 	buf[5] = cpu_to_le32(ncons);
3030 	rc = put_entry(buf, sizeof(u32), 6, fp);
3031 	if (rc)
3032 		return rc;
3033 
3034 	rc = put_entry(key, 1, len, fp);
3035 	if (rc)
3036 		return rc;
3037 
3038 	if (cladatum->comkey) {
3039 		rc = put_entry(cladatum->comkey, 1, len2, fp);
3040 		if (rc)
3041 			return rc;
3042 	}
3043 
3044 	rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3045 	if (rc)
3046 		return rc;
3047 
3048 	rc = write_cons_helper(p, cladatum->constraints, fp);
3049 	if (rc)
3050 		return rc;
3051 
3052 	/* write out the validatetrans rule */
3053 	ncons = 0;
3054 	for (c = cladatum->validatetrans; c; c = c->next)
3055 		ncons++;
3056 
3057 	buf[0] = cpu_to_le32(ncons);
3058 	rc = put_entry(buf, sizeof(u32), 1, fp);
3059 	if (rc)
3060 		return rc;
3061 
3062 	rc = write_cons_helper(p, cladatum->validatetrans, fp);
3063 	if (rc)
3064 		return rc;
3065 
3066 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3067 		buf[0] = cpu_to_le32(cladatum->default_user);
3068 		buf[1] = cpu_to_le32(cladatum->default_role);
3069 		buf[2] = cpu_to_le32(cladatum->default_range);
3070 
3071 		rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3072 		if (rc)
3073 			return rc;
3074 	}
3075 
3076 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3077 		buf[0] = cpu_to_le32(cladatum->default_type);
3078 		rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3079 		if (rc)
3080 			return rc;
3081 	}
3082 
3083 	return 0;
3084 }
3085 
3086 static int role_write(void *vkey, void *datum, void *ptr)
3087 {
3088 	char *key = vkey;
3089 	struct role_datum *role = datum;
3090 	struct policy_data *pd = ptr;
3091 	void *fp = pd->fp;
3092 	struct policydb *p = pd->p;
3093 	__le32 buf[3];
3094 	size_t items, len;
3095 	int rc;
3096 
3097 	len = strlen(key);
3098 	items = 0;
3099 	buf[items++] = cpu_to_le32(len);
3100 	buf[items++] = cpu_to_le32(role->value);
3101 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3102 		buf[items++] = cpu_to_le32(role->bounds);
3103 
3104 	BUG_ON(items > ARRAY_SIZE(buf));
3105 
3106 	rc = put_entry(buf, sizeof(u32), items, fp);
3107 	if (rc)
3108 		return rc;
3109 
3110 	rc = put_entry(key, 1, len, fp);
3111 	if (rc)
3112 		return rc;
3113 
3114 	rc = ebitmap_write(&role->dominates, fp);
3115 	if (rc)
3116 		return rc;
3117 
3118 	rc = ebitmap_write(&role->types, fp);
3119 	if (rc)
3120 		return rc;
3121 
3122 	return 0;
3123 }
3124 
3125 static int type_write(void *vkey, void *datum, void *ptr)
3126 {
3127 	char *key = vkey;
3128 	struct type_datum *typdatum = datum;
3129 	struct policy_data *pd = ptr;
3130 	struct policydb *p = pd->p;
3131 	void *fp = pd->fp;
3132 	__le32 buf[4];
3133 	int rc;
3134 	size_t items, len;
3135 
3136 	len = strlen(key);
3137 	items = 0;
3138 	buf[items++] = cpu_to_le32(len);
3139 	buf[items++] = cpu_to_le32(typdatum->value);
3140 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3141 		u32 properties = 0;
3142 
3143 		if (typdatum->primary)
3144 			properties |= TYPEDATUM_PROPERTY_PRIMARY;
3145 
3146 		if (typdatum->attribute)
3147 			properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3148 
3149 		buf[items++] = cpu_to_le32(properties);
3150 		buf[items++] = cpu_to_le32(typdatum->bounds);
3151 	} else {
3152 		buf[items++] = cpu_to_le32(typdatum->primary);
3153 	}
3154 	BUG_ON(items > ARRAY_SIZE(buf));
3155 	rc = put_entry(buf, sizeof(u32), items, fp);
3156 	if (rc)
3157 		return rc;
3158 
3159 	rc = put_entry(key, 1, len, fp);
3160 	if (rc)
3161 		return rc;
3162 
3163 	return 0;
3164 }
3165 
3166 static int user_write(void *vkey, void *datum, void *ptr)
3167 {
3168 	char *key = vkey;
3169 	struct user_datum *usrdatum = datum;
3170 	struct policy_data *pd = ptr;
3171 	struct policydb *p = pd->p;
3172 	void *fp = pd->fp;
3173 	__le32 buf[3];
3174 	size_t items, len;
3175 	int rc;
3176 
3177 	len = strlen(key);
3178 	items = 0;
3179 	buf[items++] = cpu_to_le32(len);
3180 	buf[items++] = cpu_to_le32(usrdatum->value);
3181 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3182 		buf[items++] = cpu_to_le32(usrdatum->bounds);
3183 	BUG_ON(items > ARRAY_SIZE(buf));
3184 	rc = put_entry(buf, sizeof(u32), items, fp);
3185 	if (rc)
3186 		return rc;
3187 
3188 	rc = put_entry(key, 1, len, fp);
3189 	if (rc)
3190 		return rc;
3191 
3192 	rc = ebitmap_write(&usrdatum->roles, fp);
3193 	if (rc)
3194 		return rc;
3195 
3196 	rc = mls_write_range_helper(&usrdatum->range, fp);
3197 	if (rc)
3198 		return rc;
3199 
3200 	rc = mls_write_level(&usrdatum->dfltlevel, fp);
3201 	if (rc)
3202 		return rc;
3203 
3204 	return 0;
3205 }
3206 
3207 static int (*write_f[SYM_NUM]) (void *key, void *datum,
3208 				void *datap) =
3209 {
3210 	common_write,
3211 	class_write,
3212 	role_write,
3213 	type_write,
3214 	user_write,
3215 	cond_write_bool,
3216 	sens_write,
3217 	cat_write,
3218 };
3219 
3220 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
3221 			  void *fp)
3222 {
3223 	unsigned int i, j, rc;
3224 	size_t nel, len;
3225 	__be64 prefixbuf[1];
3226 	__le32 buf[3];
3227 	u32 nodebuf[8];
3228 	struct ocontext *c;
3229 	for (i = 0; i < info->ocon_num; i++) {
3230 		nel = 0;
3231 		for (c = p->ocontexts[i]; c; c = c->next)
3232 			nel++;
3233 		buf[0] = cpu_to_le32(nel);
3234 		rc = put_entry(buf, sizeof(u32), 1, fp);
3235 		if (rc)
3236 			return rc;
3237 		for (c = p->ocontexts[i]; c; c = c->next) {
3238 			switch (i) {
3239 			case OCON_ISID:
3240 				buf[0] = cpu_to_le32(c->sid[0]);
3241 				rc = put_entry(buf, sizeof(u32), 1, fp);
3242 				if (rc)
3243 					return rc;
3244 				rc = context_write(p, &c->context[0], fp);
3245 				if (rc)
3246 					return rc;
3247 				break;
3248 			case OCON_FS:
3249 			case OCON_NETIF:
3250 				len = strlen(c->u.name);
3251 				buf[0] = cpu_to_le32(len);
3252 				rc = put_entry(buf, sizeof(u32), 1, fp);
3253 				if (rc)
3254 					return rc;
3255 				rc = put_entry(c->u.name, 1, len, fp);
3256 				if (rc)
3257 					return rc;
3258 				rc = context_write(p, &c->context[0], fp);
3259 				if (rc)
3260 					return rc;
3261 				rc = context_write(p, &c->context[1], fp);
3262 				if (rc)
3263 					return rc;
3264 				break;
3265 			case OCON_PORT:
3266 				buf[0] = cpu_to_le32(c->u.port.protocol);
3267 				buf[1] = cpu_to_le32(c->u.port.low_port);
3268 				buf[2] = cpu_to_le32(c->u.port.high_port);
3269 				rc = put_entry(buf, sizeof(u32), 3, fp);
3270 				if (rc)
3271 					return rc;
3272 				rc = context_write(p, &c->context[0], fp);
3273 				if (rc)
3274 					return rc;
3275 				break;
3276 			case OCON_NODE:
3277 				nodebuf[0] = c->u.node.addr; /* network order */
3278 				nodebuf[1] = c->u.node.mask; /* network order */
3279 				rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3280 				if (rc)
3281 					return rc;
3282 				rc = context_write(p, &c->context[0], fp);
3283 				if (rc)
3284 					return rc;
3285 				break;
3286 			case OCON_FSUSE:
3287 				buf[0] = cpu_to_le32(c->v.behavior);
3288 				len = strlen(c->u.name);
3289 				buf[1] = cpu_to_le32(len);
3290 				rc = put_entry(buf, sizeof(u32), 2, fp);
3291 				if (rc)
3292 					return rc;
3293 				rc = put_entry(c->u.name, 1, len, fp);
3294 				if (rc)
3295 					return rc;
3296 				rc = context_write(p, &c->context[0], fp);
3297 				if (rc)
3298 					return rc;
3299 				break;
3300 			case OCON_NODE6:
3301 				for (j = 0; j < 4; j++)
3302 					nodebuf[j] = c->u.node6.addr[j]; /* network order */
3303 				for (j = 0; j < 4; j++)
3304 					nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3305 				rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3306 				if (rc)
3307 					return rc;
3308 				rc = context_write(p, &c->context[0], fp);
3309 				if (rc)
3310 					return rc;
3311 				break;
3312 			case OCON_IBPKEY:
3313 				/* subnet_prefix is in CPU order */
3314 				prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3315 
3316 				rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3317 				if (rc)
3318 					return rc;
3319 
3320 				buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3321 				buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3322 
3323 				rc = put_entry(buf, sizeof(u32), 2, fp);
3324 				if (rc)
3325 					return rc;
3326 				rc = context_write(p, &c->context[0], fp);
3327 				if (rc)
3328 					return rc;
3329 				break;
3330 			case OCON_IBENDPORT:
3331 				len = strlen(c->u.ibendport.dev_name);
3332 				buf[0] = cpu_to_le32(len);
3333 				buf[1] = cpu_to_le32(c->u.ibendport.port);
3334 				rc = put_entry(buf, sizeof(u32), 2, fp);
3335 				if (rc)
3336 					return rc;
3337 				rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3338 				if (rc)
3339 					return rc;
3340 				rc = context_write(p, &c->context[0], fp);
3341 				if (rc)
3342 					return rc;
3343 				break;
3344 			}
3345 		}
3346 	}
3347 	return 0;
3348 }
3349 
3350 static int genfs_write(struct policydb *p, void *fp)
3351 {
3352 	struct genfs *genfs;
3353 	struct ocontext *c;
3354 	size_t len;
3355 	__le32 buf[1];
3356 	int rc;
3357 
3358 	len = 0;
3359 	for (genfs = p->genfs; genfs; genfs = genfs->next)
3360 		len++;
3361 	buf[0] = cpu_to_le32(len);
3362 	rc = put_entry(buf, sizeof(u32), 1, fp);
3363 	if (rc)
3364 		return rc;
3365 	for (genfs = p->genfs; genfs; genfs = genfs->next) {
3366 		len = strlen(genfs->fstype);
3367 		buf[0] = cpu_to_le32(len);
3368 		rc = put_entry(buf, sizeof(u32), 1, fp);
3369 		if (rc)
3370 			return rc;
3371 		rc = put_entry(genfs->fstype, 1, len, fp);
3372 		if (rc)
3373 			return rc;
3374 		len = 0;
3375 		for (c = genfs->head; c; c = c->next)
3376 			len++;
3377 		buf[0] = cpu_to_le32(len);
3378 		rc = put_entry(buf, sizeof(u32), 1, fp);
3379 		if (rc)
3380 			return rc;
3381 		for (c = genfs->head; c; c = c->next) {
3382 			len = strlen(c->u.name);
3383 			buf[0] = cpu_to_le32(len);
3384 			rc = put_entry(buf, sizeof(u32), 1, fp);
3385 			if (rc)
3386 				return rc;
3387 			rc = put_entry(c->u.name, 1, len, fp);
3388 			if (rc)
3389 				return rc;
3390 			buf[0] = cpu_to_le32(c->v.sclass);
3391 			rc = put_entry(buf, sizeof(u32), 1, fp);
3392 			if (rc)
3393 				return rc;
3394 			rc = context_write(p, &c->context[0], fp);
3395 			if (rc)
3396 				return rc;
3397 		}
3398 	}
3399 	return 0;
3400 }
3401 
3402 static int range_write_helper(void *key, void *data, void *ptr)
3403 {
3404 	__le32 buf[2];
3405 	struct range_trans *rt = key;
3406 	struct mls_range *r = data;
3407 	struct policy_data *pd = ptr;
3408 	void *fp = pd->fp;
3409 	struct policydb *p = pd->p;
3410 	int rc;
3411 
3412 	buf[0] = cpu_to_le32(rt->source_type);
3413 	buf[1] = cpu_to_le32(rt->target_type);
3414 	rc = put_entry(buf, sizeof(u32), 2, fp);
3415 	if (rc)
3416 		return rc;
3417 	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3418 		buf[0] = cpu_to_le32(rt->target_class);
3419 		rc = put_entry(buf, sizeof(u32), 1, fp);
3420 		if (rc)
3421 			return rc;
3422 	}
3423 	rc = mls_write_range_helper(r, fp);
3424 	if (rc)
3425 		return rc;
3426 
3427 	return 0;
3428 }
3429 
3430 static int range_write(struct policydb *p, void *fp)
3431 {
3432 	__le32 buf[1];
3433 	int rc;
3434 	struct policy_data pd;
3435 
3436 	pd.p = p;
3437 	pd.fp = fp;
3438 
3439 	buf[0] = cpu_to_le32(p->range_tr.nel);
3440 	rc = put_entry(buf, sizeof(u32), 1, fp);
3441 	if (rc)
3442 		return rc;
3443 
3444 	/* actually write all of the entries */
3445 	rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3446 	if (rc)
3447 		return rc;
3448 
3449 	return 0;
3450 }
3451 
3452 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3453 {
3454 	struct filename_trans_key *ft = key;
3455 	struct filename_trans_datum *datum = data;
3456 	struct ebitmap_node *node;
3457 	void *fp = ptr;
3458 	__le32 buf[4];
3459 	int rc;
3460 	u32 bit, len = strlen(ft->name);
3461 
3462 	do {
3463 		ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3464 			buf[0] = cpu_to_le32(len);
3465 			rc = put_entry(buf, sizeof(u32), 1, fp);
3466 			if (rc)
3467 				return rc;
3468 
3469 			rc = put_entry(ft->name, sizeof(char), len, fp);
3470 			if (rc)
3471 				return rc;
3472 
3473 			buf[0] = cpu_to_le32(bit + 1);
3474 			buf[1] = cpu_to_le32(ft->ttype);
3475 			buf[2] = cpu_to_le32(ft->tclass);
3476 			buf[3] = cpu_to_le32(datum->otype);
3477 
3478 			rc = put_entry(buf, sizeof(u32), 4, fp);
3479 			if (rc)
3480 				return rc;
3481 		}
3482 
3483 		datum = datum->next;
3484 	} while (unlikely(datum));
3485 
3486 	return 0;
3487 }
3488 
3489 static int filename_write_helper(void *key, void *data, void *ptr)
3490 {
3491 	struct filename_trans_key *ft = key;
3492 	struct filename_trans_datum *datum;
3493 	void *fp = ptr;
3494 	__le32 buf[3];
3495 	int rc;
3496 	u32 ndatum, len = strlen(ft->name);
3497 
3498 	buf[0] = cpu_to_le32(len);
3499 	rc = put_entry(buf, sizeof(u32), 1, fp);
3500 	if (rc)
3501 		return rc;
3502 
3503 	rc = put_entry(ft->name, sizeof(char), len, fp);
3504 	if (rc)
3505 		return rc;
3506 
3507 	ndatum = 0;
3508 	datum = data;
3509 	do {
3510 		ndatum++;
3511 		datum = datum->next;
3512 	} while (unlikely(datum));
3513 
3514 	buf[0] = cpu_to_le32(ft->ttype);
3515 	buf[1] = cpu_to_le32(ft->tclass);
3516 	buf[2] = cpu_to_le32(ndatum);
3517 	rc = put_entry(buf, sizeof(u32), 3, fp);
3518 	if (rc)
3519 		return rc;
3520 
3521 	datum = data;
3522 	do {
3523 		rc = ebitmap_write(&datum->stypes, fp);
3524 		if (rc)
3525 			return rc;
3526 
3527 		buf[0] = cpu_to_le32(datum->otype);
3528 		rc = put_entry(buf, sizeof(u32), 1, fp);
3529 		if (rc)
3530 			return rc;
3531 
3532 		datum = datum->next;
3533 	} while (unlikely(datum));
3534 
3535 	return 0;
3536 }
3537 
3538 static int filename_trans_write(struct policydb *p, void *fp)
3539 {
3540 	__le32 buf[1];
3541 	int rc;
3542 
3543 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3544 		return 0;
3545 
3546 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3547 		buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3548 		rc = put_entry(buf, sizeof(u32), 1, fp);
3549 		if (rc)
3550 			return rc;
3551 
3552 		rc = hashtab_map(&p->filename_trans,
3553 				 filename_write_helper_compat, fp);
3554 	} else {
3555 		buf[0] = cpu_to_le32(p->filename_trans.nel);
3556 		rc = put_entry(buf, sizeof(u32), 1, fp);
3557 		if (rc)
3558 			return rc;
3559 
3560 		rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3561 	}
3562 	return rc;
3563 }
3564 
3565 /*
3566  * Write the configuration data in a policy database
3567  * structure to a policy database binary representation
3568  * file.
3569  */
3570 int policydb_write(struct policydb *p, void *fp)
3571 {
3572 	unsigned int i, num_syms;
3573 	int rc;
3574 	__le32 buf[4];
3575 	u32 config;
3576 	size_t len;
3577 	struct policydb_compat_info *info;
3578 
3579 	/*
3580 	 * refuse to write policy older than compressed avtab
3581 	 * to simplify the writer.  There are other tests dropped
3582 	 * since we assume this throughout the writer code.  Be
3583 	 * careful if you ever try to remove this restriction
3584 	 */
3585 	if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3586 		pr_err("SELinux: refusing to write policy version %d."
3587 		       "  Because it is less than version %d\n", p->policyvers,
3588 		       POLICYDB_VERSION_AVTAB);
3589 		return -EINVAL;
3590 	}
3591 
3592 	config = 0;
3593 	if (p->mls_enabled)
3594 		config |= POLICYDB_CONFIG_MLS;
3595 
3596 	if (p->reject_unknown)
3597 		config |= REJECT_UNKNOWN;
3598 	if (p->allow_unknown)
3599 		config |= ALLOW_UNKNOWN;
3600 
3601 	/* Write the magic number and string identifiers. */
3602 	buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3603 	len = strlen(POLICYDB_STRING);
3604 	buf[1] = cpu_to_le32(len);
3605 	rc = put_entry(buf, sizeof(u32), 2, fp);
3606 	if (rc)
3607 		return rc;
3608 	rc = put_entry(POLICYDB_STRING, 1, len, fp);
3609 	if (rc)
3610 		return rc;
3611 
3612 	/* Write the version, config, and table sizes. */
3613 	info = policydb_lookup_compat(p->policyvers);
3614 	if (!info) {
3615 		pr_err("SELinux: compatibility lookup failed for policy "
3616 		    "version %d", p->policyvers);
3617 		return -EINVAL;
3618 	}
3619 
3620 	buf[0] = cpu_to_le32(p->policyvers);
3621 	buf[1] = cpu_to_le32(config);
3622 	buf[2] = cpu_to_le32(info->sym_num);
3623 	buf[3] = cpu_to_le32(info->ocon_num);
3624 
3625 	rc = put_entry(buf, sizeof(u32), 4, fp);
3626 	if (rc)
3627 		return rc;
3628 
3629 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3630 		rc = ebitmap_write(&p->policycaps, fp);
3631 		if (rc)
3632 			return rc;
3633 	}
3634 
3635 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3636 		rc = ebitmap_write(&p->permissive_map, fp);
3637 		if (rc)
3638 			return rc;
3639 	}
3640 
3641 	num_syms = info->sym_num;
3642 	for (i = 0; i < num_syms; i++) {
3643 		struct policy_data pd;
3644 
3645 		pd.fp = fp;
3646 		pd.p = p;
3647 
3648 		buf[0] = cpu_to_le32(p->symtab[i].nprim);
3649 		buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3650 
3651 		rc = put_entry(buf, sizeof(u32), 2, fp);
3652 		if (rc)
3653 			return rc;
3654 		rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3655 		if (rc)
3656 			return rc;
3657 	}
3658 
3659 	rc = avtab_write(p, &p->te_avtab, fp);
3660 	if (rc)
3661 		return rc;
3662 
3663 	rc = cond_write_list(p, fp);
3664 	if (rc)
3665 		return rc;
3666 
3667 	rc = role_trans_write(p, fp);
3668 	if (rc)
3669 		return rc;
3670 
3671 	rc = role_allow_write(p->role_allow, fp);
3672 	if (rc)
3673 		return rc;
3674 
3675 	rc = filename_trans_write(p, fp);
3676 	if (rc)
3677 		return rc;
3678 
3679 	rc = ocontext_write(p, info, fp);
3680 	if (rc)
3681 		return rc;
3682 
3683 	rc = genfs_write(p, fp);
3684 	if (rc)
3685 		return rc;
3686 
3687 	rc = range_write(p, fp);
3688 	if (rc)
3689 		return rc;
3690 
3691 	for (i = 0; i < p->p_types.nprim; i++) {
3692 		struct ebitmap *e = &p->type_attr_map_array[i];
3693 
3694 		rc = ebitmap_write(e, fp);
3695 		if (rc)
3696 			return rc;
3697 	}
3698 
3699 	return 0;
3700 }
3701