1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 { 147 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 148 .sym_num = SYM_NUM, 149 .ocon_num = OCON_NUM, 150 }, 151 { 152 .version = POLICYDB_VERSION_XPERMS_IOCTL, 153 .sym_num = SYM_NUM, 154 .ocon_num = OCON_NUM, 155 }, 156 }; 157 158 static struct policydb_compat_info *policydb_lookup_compat(int version) 159 { 160 int i; 161 struct policydb_compat_info *info = NULL; 162 163 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 164 if (policydb_compat[i].version == version) { 165 info = &policydb_compat[i]; 166 break; 167 } 168 } 169 return info; 170 } 171 172 /* 173 * Initialize the role table. 174 */ 175 static int roles_init(struct policydb *p) 176 { 177 char *key = NULL; 178 int rc; 179 struct role_datum *role; 180 181 rc = -ENOMEM; 182 role = kzalloc(sizeof(*role), GFP_KERNEL); 183 if (!role) 184 goto out; 185 186 rc = -EINVAL; 187 role->value = ++p->p_roles.nprim; 188 if (role->value != OBJECT_R_VAL) 189 goto out; 190 191 rc = -ENOMEM; 192 key = kstrdup(OBJECT_R, GFP_KERNEL); 193 if (!key) 194 goto out; 195 196 rc = hashtab_insert(p->p_roles.table, key, role); 197 if (rc) 198 goto out; 199 200 return 0; 201 out: 202 kfree(key); 203 kfree(role); 204 return rc; 205 } 206 207 static u32 filenametr_hash(struct hashtab *h, const void *k) 208 { 209 const struct filename_trans *ft = k; 210 unsigned long hash; 211 unsigned int byte_num; 212 unsigned char focus; 213 214 hash = ft->stype ^ ft->ttype ^ ft->tclass; 215 216 byte_num = 0; 217 while ((focus = ft->name[byte_num++])) 218 hash = partial_name_hash(focus, hash); 219 return hash & (h->size - 1); 220 } 221 222 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 223 { 224 const struct filename_trans *ft1 = k1; 225 const struct filename_trans *ft2 = k2; 226 int v; 227 228 v = ft1->stype - ft2->stype; 229 if (v) 230 return v; 231 232 v = ft1->ttype - ft2->ttype; 233 if (v) 234 return v; 235 236 v = ft1->tclass - ft2->tclass; 237 if (v) 238 return v; 239 240 return strcmp(ft1->name, ft2->name); 241 242 } 243 244 static u32 rangetr_hash(struct hashtab *h, const void *k) 245 { 246 const struct range_trans *key = k; 247 return (key->source_type + (key->target_type << 3) + 248 (key->target_class << 5)) & (h->size - 1); 249 } 250 251 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 252 { 253 const struct range_trans *key1 = k1, *key2 = k2; 254 int v; 255 256 v = key1->source_type - key2->source_type; 257 if (v) 258 return v; 259 260 v = key1->target_type - key2->target_type; 261 if (v) 262 return v; 263 264 v = key1->target_class - key2->target_class; 265 266 return v; 267 } 268 269 /* 270 * Initialize a policy database structure. 271 */ 272 static int policydb_init(struct policydb *p) 273 { 274 int i, rc; 275 276 memset(p, 0, sizeof(*p)); 277 278 for (i = 0; i < SYM_NUM; i++) { 279 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 280 if (rc) 281 goto out; 282 } 283 284 rc = avtab_init(&p->te_avtab); 285 if (rc) 286 goto out; 287 288 rc = roles_init(p); 289 if (rc) 290 goto out; 291 292 rc = cond_policydb_init(p); 293 if (rc) 294 goto out; 295 296 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 297 if (!p->filename_trans) { 298 rc = -ENOMEM; 299 goto out; 300 } 301 302 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 303 if (!p->range_tr) { 304 rc = -ENOMEM; 305 goto out; 306 } 307 308 ebitmap_init(&p->filename_trans_ttypes); 309 ebitmap_init(&p->policycaps); 310 ebitmap_init(&p->permissive_map); 311 312 return 0; 313 out: 314 hashtab_destroy(p->filename_trans); 315 hashtab_destroy(p->range_tr); 316 for (i = 0; i < SYM_NUM; i++) 317 hashtab_destroy(p->symtab[i].table); 318 return rc; 319 } 320 321 /* 322 * The following *_index functions are used to 323 * define the val_to_name and val_to_struct arrays 324 * in a policy database structure. The val_to_name 325 * arrays are used when converting security context 326 * structures into string representations. The 327 * val_to_struct arrays are used when the attributes 328 * of a class, role, or user are needed. 329 */ 330 331 static int common_index(void *key, void *datum, void *datap) 332 { 333 struct policydb *p; 334 struct common_datum *comdatum; 335 struct flex_array *fa; 336 337 comdatum = datum; 338 p = datap; 339 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 340 return -EINVAL; 341 342 fa = p->sym_val_to_name[SYM_COMMONS]; 343 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 344 GFP_KERNEL | __GFP_ZERO)) 345 BUG(); 346 return 0; 347 } 348 349 static int class_index(void *key, void *datum, void *datap) 350 { 351 struct policydb *p; 352 struct class_datum *cladatum; 353 struct flex_array *fa; 354 355 cladatum = datum; 356 p = datap; 357 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 358 return -EINVAL; 359 fa = p->sym_val_to_name[SYM_CLASSES]; 360 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 361 GFP_KERNEL | __GFP_ZERO)) 362 BUG(); 363 p->class_val_to_struct[cladatum->value - 1] = cladatum; 364 return 0; 365 } 366 367 static int role_index(void *key, void *datum, void *datap) 368 { 369 struct policydb *p; 370 struct role_datum *role; 371 struct flex_array *fa; 372 373 role = datum; 374 p = datap; 375 if (!role->value 376 || role->value > p->p_roles.nprim 377 || role->bounds > p->p_roles.nprim) 378 return -EINVAL; 379 380 fa = p->sym_val_to_name[SYM_ROLES]; 381 if (flex_array_put_ptr(fa, role->value - 1, key, 382 GFP_KERNEL | __GFP_ZERO)) 383 BUG(); 384 p->role_val_to_struct[role->value - 1] = role; 385 return 0; 386 } 387 388 static int type_index(void *key, void *datum, void *datap) 389 { 390 struct policydb *p; 391 struct type_datum *typdatum; 392 struct flex_array *fa; 393 394 typdatum = datum; 395 p = datap; 396 397 if (typdatum->primary) { 398 if (!typdatum->value 399 || typdatum->value > p->p_types.nprim 400 || typdatum->bounds > p->p_types.nprim) 401 return -EINVAL; 402 fa = p->sym_val_to_name[SYM_TYPES]; 403 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 404 GFP_KERNEL | __GFP_ZERO)) 405 BUG(); 406 407 fa = p->type_val_to_struct_array; 408 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 409 GFP_KERNEL | __GFP_ZERO)) 410 BUG(); 411 } 412 413 return 0; 414 } 415 416 static int user_index(void *key, void *datum, void *datap) 417 { 418 struct policydb *p; 419 struct user_datum *usrdatum; 420 struct flex_array *fa; 421 422 usrdatum = datum; 423 p = datap; 424 if (!usrdatum->value 425 || usrdatum->value > p->p_users.nprim 426 || usrdatum->bounds > p->p_users.nprim) 427 return -EINVAL; 428 429 fa = p->sym_val_to_name[SYM_USERS]; 430 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 431 GFP_KERNEL | __GFP_ZERO)) 432 BUG(); 433 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 434 return 0; 435 } 436 437 static int sens_index(void *key, void *datum, void *datap) 438 { 439 struct policydb *p; 440 struct level_datum *levdatum; 441 struct flex_array *fa; 442 443 levdatum = datum; 444 p = datap; 445 446 if (!levdatum->isalias) { 447 if (!levdatum->level->sens || 448 levdatum->level->sens > p->p_levels.nprim) 449 return -EINVAL; 450 fa = p->sym_val_to_name[SYM_LEVELS]; 451 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 452 GFP_KERNEL | __GFP_ZERO)) 453 BUG(); 454 } 455 456 return 0; 457 } 458 459 static int cat_index(void *key, void *datum, void *datap) 460 { 461 struct policydb *p; 462 struct cat_datum *catdatum; 463 struct flex_array *fa; 464 465 catdatum = datum; 466 p = datap; 467 468 if (!catdatum->isalias) { 469 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 470 return -EINVAL; 471 fa = p->sym_val_to_name[SYM_CATS]; 472 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 473 GFP_KERNEL | __GFP_ZERO)) 474 BUG(); 475 } 476 477 return 0; 478 } 479 480 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 481 { 482 common_index, 483 class_index, 484 role_index, 485 type_index, 486 user_index, 487 cond_index_bool, 488 sens_index, 489 cat_index, 490 }; 491 492 #ifdef DEBUG_HASHES 493 static void hash_eval(struct hashtab *h, const char *hash_name) 494 { 495 struct hashtab_info info; 496 497 hashtab_stat(h, &info); 498 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 499 "longest chain length %d\n", hash_name, h->nel, 500 info.slots_used, h->size, info.max_chain_len); 501 } 502 503 static void symtab_hash_eval(struct symtab *s) 504 { 505 int i; 506 507 for (i = 0; i < SYM_NUM; i++) 508 hash_eval(s[i].table, symtab_name[i]); 509 } 510 511 #else 512 static inline void hash_eval(struct hashtab *h, char *hash_name) 513 { 514 } 515 #endif 516 517 /* 518 * Define the other val_to_name and val_to_struct arrays 519 * in a policy database structure. 520 * 521 * Caller must clean up on failure. 522 */ 523 static int policydb_index(struct policydb *p) 524 { 525 int i, rc; 526 527 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 528 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 529 if (p->mls_enabled) 530 printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim, 531 p->p_cats.nprim); 532 printk(KERN_CONT "\n"); 533 534 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 535 p->p_classes.nprim, p->te_avtab.nel); 536 537 #ifdef DEBUG_HASHES 538 avtab_hash_eval(&p->te_avtab, "rules"); 539 symtab_hash_eval(p->symtab); 540 #endif 541 542 rc = -ENOMEM; 543 p->class_val_to_struct = 544 kzalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 545 GFP_KERNEL); 546 if (!p->class_val_to_struct) 547 goto out; 548 549 rc = -ENOMEM; 550 p->role_val_to_struct = 551 kzalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 552 GFP_KERNEL); 553 if (!p->role_val_to_struct) 554 goto out; 555 556 rc = -ENOMEM; 557 p->user_val_to_struct = 558 kzalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 559 GFP_KERNEL); 560 if (!p->user_val_to_struct) 561 goto out; 562 563 /* Yes, I want the sizeof the pointer, not the structure */ 564 rc = -ENOMEM; 565 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 566 p->p_types.nprim, 567 GFP_KERNEL | __GFP_ZERO); 568 if (!p->type_val_to_struct_array) 569 goto out; 570 571 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 572 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 573 if (rc) 574 goto out; 575 576 rc = cond_init_bool_indexes(p); 577 if (rc) 578 goto out; 579 580 for (i = 0; i < SYM_NUM; i++) { 581 rc = -ENOMEM; 582 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 583 p->symtab[i].nprim, 584 GFP_KERNEL | __GFP_ZERO); 585 if (!p->sym_val_to_name[i]) 586 goto out; 587 588 rc = flex_array_prealloc(p->sym_val_to_name[i], 589 0, p->symtab[i].nprim, 590 GFP_KERNEL | __GFP_ZERO); 591 if (rc) 592 goto out; 593 594 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 595 if (rc) 596 goto out; 597 } 598 rc = 0; 599 out: 600 return rc; 601 } 602 603 /* 604 * The following *_destroy functions are used to 605 * free any memory allocated for each kind of 606 * symbol data in the policy database. 607 */ 608 609 static int perm_destroy(void *key, void *datum, void *p) 610 { 611 kfree(key); 612 kfree(datum); 613 return 0; 614 } 615 616 static int common_destroy(void *key, void *datum, void *p) 617 { 618 struct common_datum *comdatum; 619 620 kfree(key); 621 if (datum) { 622 comdatum = datum; 623 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 624 hashtab_destroy(comdatum->permissions.table); 625 } 626 kfree(datum); 627 return 0; 628 } 629 630 static void constraint_expr_destroy(struct constraint_expr *expr) 631 { 632 if (expr) { 633 ebitmap_destroy(&expr->names); 634 if (expr->type_names) { 635 ebitmap_destroy(&expr->type_names->types); 636 ebitmap_destroy(&expr->type_names->negset); 637 kfree(expr->type_names); 638 } 639 kfree(expr); 640 } 641 } 642 643 static int cls_destroy(void *key, void *datum, void *p) 644 { 645 struct class_datum *cladatum; 646 struct constraint_node *constraint, *ctemp; 647 struct constraint_expr *e, *etmp; 648 649 kfree(key); 650 if (datum) { 651 cladatum = datum; 652 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 653 hashtab_destroy(cladatum->permissions.table); 654 constraint = cladatum->constraints; 655 while (constraint) { 656 e = constraint->expr; 657 while (e) { 658 etmp = e; 659 e = e->next; 660 constraint_expr_destroy(etmp); 661 } 662 ctemp = constraint; 663 constraint = constraint->next; 664 kfree(ctemp); 665 } 666 667 constraint = cladatum->validatetrans; 668 while (constraint) { 669 e = constraint->expr; 670 while (e) { 671 etmp = e; 672 e = e->next; 673 constraint_expr_destroy(etmp); 674 } 675 ctemp = constraint; 676 constraint = constraint->next; 677 kfree(ctemp); 678 } 679 kfree(cladatum->comkey); 680 } 681 kfree(datum); 682 return 0; 683 } 684 685 static int role_destroy(void *key, void *datum, void *p) 686 { 687 struct role_datum *role; 688 689 kfree(key); 690 if (datum) { 691 role = datum; 692 ebitmap_destroy(&role->dominates); 693 ebitmap_destroy(&role->types); 694 } 695 kfree(datum); 696 return 0; 697 } 698 699 static int type_destroy(void *key, void *datum, void *p) 700 { 701 kfree(key); 702 kfree(datum); 703 return 0; 704 } 705 706 static int user_destroy(void *key, void *datum, void *p) 707 { 708 struct user_datum *usrdatum; 709 710 kfree(key); 711 if (datum) { 712 usrdatum = datum; 713 ebitmap_destroy(&usrdatum->roles); 714 ebitmap_destroy(&usrdatum->range.level[0].cat); 715 ebitmap_destroy(&usrdatum->range.level[1].cat); 716 ebitmap_destroy(&usrdatum->dfltlevel.cat); 717 } 718 kfree(datum); 719 return 0; 720 } 721 722 static int sens_destroy(void *key, void *datum, void *p) 723 { 724 struct level_datum *levdatum; 725 726 kfree(key); 727 if (datum) { 728 levdatum = datum; 729 ebitmap_destroy(&levdatum->level->cat); 730 kfree(levdatum->level); 731 } 732 kfree(datum); 733 return 0; 734 } 735 736 static int cat_destroy(void *key, void *datum, void *p) 737 { 738 kfree(key); 739 kfree(datum); 740 return 0; 741 } 742 743 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 744 { 745 common_destroy, 746 cls_destroy, 747 role_destroy, 748 type_destroy, 749 user_destroy, 750 cond_destroy_bool, 751 sens_destroy, 752 cat_destroy, 753 }; 754 755 static int filenametr_destroy(void *key, void *datum, void *p) 756 { 757 struct filename_trans *ft = key; 758 kfree(ft->name); 759 kfree(key); 760 kfree(datum); 761 cond_resched(); 762 return 0; 763 } 764 765 static int range_tr_destroy(void *key, void *datum, void *p) 766 { 767 struct mls_range *rt = datum; 768 kfree(key); 769 ebitmap_destroy(&rt->level[0].cat); 770 ebitmap_destroy(&rt->level[1].cat); 771 kfree(datum); 772 cond_resched(); 773 return 0; 774 } 775 776 static void ocontext_destroy(struct ocontext *c, int i) 777 { 778 if (!c) 779 return; 780 781 context_destroy(&c->context[0]); 782 context_destroy(&c->context[1]); 783 if (i == OCON_ISID || i == OCON_FS || 784 i == OCON_NETIF || i == OCON_FSUSE) 785 kfree(c->u.name); 786 kfree(c); 787 } 788 789 /* 790 * Free any memory allocated by a policy database structure. 791 */ 792 void policydb_destroy(struct policydb *p) 793 { 794 struct ocontext *c, *ctmp; 795 struct genfs *g, *gtmp; 796 int i; 797 struct role_allow *ra, *lra = NULL; 798 struct role_trans *tr, *ltr = NULL; 799 800 for (i = 0; i < SYM_NUM; i++) { 801 cond_resched(); 802 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 803 hashtab_destroy(p->symtab[i].table); 804 } 805 806 for (i = 0; i < SYM_NUM; i++) { 807 if (p->sym_val_to_name[i]) 808 flex_array_free(p->sym_val_to_name[i]); 809 } 810 811 kfree(p->class_val_to_struct); 812 kfree(p->role_val_to_struct); 813 kfree(p->user_val_to_struct); 814 if (p->type_val_to_struct_array) 815 flex_array_free(p->type_val_to_struct_array); 816 817 avtab_destroy(&p->te_avtab); 818 819 for (i = 0; i < OCON_NUM; i++) { 820 cond_resched(); 821 c = p->ocontexts[i]; 822 while (c) { 823 ctmp = c; 824 c = c->next; 825 ocontext_destroy(ctmp, i); 826 } 827 p->ocontexts[i] = NULL; 828 } 829 830 g = p->genfs; 831 while (g) { 832 cond_resched(); 833 kfree(g->fstype); 834 c = g->head; 835 while (c) { 836 ctmp = c; 837 c = c->next; 838 ocontext_destroy(ctmp, OCON_FSUSE); 839 } 840 gtmp = g; 841 g = g->next; 842 kfree(gtmp); 843 } 844 p->genfs = NULL; 845 846 cond_policydb_destroy(p); 847 848 for (tr = p->role_tr; tr; tr = tr->next) { 849 cond_resched(); 850 kfree(ltr); 851 ltr = tr; 852 } 853 kfree(ltr); 854 855 for (ra = p->role_allow; ra; ra = ra->next) { 856 cond_resched(); 857 kfree(lra); 858 lra = ra; 859 } 860 kfree(lra); 861 862 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 863 hashtab_destroy(p->filename_trans); 864 865 hashtab_map(p->range_tr, range_tr_destroy, NULL); 866 hashtab_destroy(p->range_tr); 867 868 if (p->type_attr_map_array) { 869 for (i = 0; i < p->p_types.nprim; i++) { 870 struct ebitmap *e; 871 872 e = flex_array_get(p->type_attr_map_array, i); 873 if (!e) 874 continue; 875 ebitmap_destroy(e); 876 } 877 flex_array_free(p->type_attr_map_array); 878 } 879 880 ebitmap_destroy(&p->filename_trans_ttypes); 881 ebitmap_destroy(&p->policycaps); 882 ebitmap_destroy(&p->permissive_map); 883 884 return; 885 } 886 887 /* 888 * Load the initial SIDs specified in a policy database 889 * structure into a SID table. 890 */ 891 int policydb_load_isids(struct policydb *p, struct sidtab *s) 892 { 893 struct ocontext *head, *c; 894 int rc; 895 896 rc = sidtab_init(s); 897 if (rc) { 898 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 899 goto out; 900 } 901 902 head = p->ocontexts[OCON_ISID]; 903 for (c = head; c; c = c->next) { 904 rc = -EINVAL; 905 if (!c->context[0].user) { 906 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 907 c->u.name); 908 goto out; 909 } 910 911 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 912 if (rc) { 913 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 914 c->u.name); 915 goto out; 916 } 917 } 918 rc = 0; 919 out: 920 return rc; 921 } 922 923 int policydb_class_isvalid(struct policydb *p, unsigned int class) 924 { 925 if (!class || class > p->p_classes.nprim) 926 return 0; 927 return 1; 928 } 929 930 int policydb_role_isvalid(struct policydb *p, unsigned int role) 931 { 932 if (!role || role > p->p_roles.nprim) 933 return 0; 934 return 1; 935 } 936 937 int policydb_type_isvalid(struct policydb *p, unsigned int type) 938 { 939 if (!type || type > p->p_types.nprim) 940 return 0; 941 return 1; 942 } 943 944 /* 945 * Return 1 if the fields in the security context 946 * structure `c' are valid. Return 0 otherwise. 947 */ 948 int policydb_context_isvalid(struct policydb *p, struct context *c) 949 { 950 struct role_datum *role; 951 struct user_datum *usrdatum; 952 953 if (!c->role || c->role > p->p_roles.nprim) 954 return 0; 955 956 if (!c->user || c->user > p->p_users.nprim) 957 return 0; 958 959 if (!c->type || c->type > p->p_types.nprim) 960 return 0; 961 962 if (c->role != OBJECT_R_VAL) { 963 /* 964 * Role must be authorized for the type. 965 */ 966 role = p->role_val_to_struct[c->role - 1]; 967 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 968 /* role may not be associated with type */ 969 return 0; 970 971 /* 972 * User must be authorized for the role. 973 */ 974 usrdatum = p->user_val_to_struct[c->user - 1]; 975 if (!usrdatum) 976 return 0; 977 978 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 979 /* user may not be associated with role */ 980 return 0; 981 } 982 983 if (!mls_context_isvalid(p, c)) 984 return 0; 985 986 return 1; 987 } 988 989 /* 990 * Read a MLS range structure from a policydb binary 991 * representation file. 992 */ 993 static int mls_read_range_helper(struct mls_range *r, void *fp) 994 { 995 __le32 buf[2]; 996 u32 items; 997 int rc; 998 999 rc = next_entry(buf, fp, sizeof(u32)); 1000 if (rc) 1001 goto out; 1002 1003 rc = -EINVAL; 1004 items = le32_to_cpu(buf[0]); 1005 if (items > ARRAY_SIZE(buf)) { 1006 printk(KERN_ERR "SELinux: mls: range overflow\n"); 1007 goto out; 1008 } 1009 1010 rc = next_entry(buf, fp, sizeof(u32) * items); 1011 if (rc) { 1012 printk(KERN_ERR "SELinux: mls: truncated range\n"); 1013 goto out; 1014 } 1015 1016 r->level[0].sens = le32_to_cpu(buf[0]); 1017 if (items > 1) 1018 r->level[1].sens = le32_to_cpu(buf[1]); 1019 else 1020 r->level[1].sens = r->level[0].sens; 1021 1022 rc = ebitmap_read(&r->level[0].cat, fp); 1023 if (rc) { 1024 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1025 goto out; 1026 } 1027 if (items > 1) { 1028 rc = ebitmap_read(&r->level[1].cat, fp); 1029 if (rc) { 1030 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1031 goto bad_high; 1032 } 1033 } else { 1034 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1035 if (rc) { 1036 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1037 goto bad_high; 1038 } 1039 } 1040 1041 return 0; 1042 bad_high: 1043 ebitmap_destroy(&r->level[0].cat); 1044 out: 1045 return rc; 1046 } 1047 1048 /* 1049 * Read and validate a security context structure 1050 * from a policydb binary representation file. 1051 */ 1052 static int context_read_and_validate(struct context *c, 1053 struct policydb *p, 1054 void *fp) 1055 { 1056 __le32 buf[3]; 1057 int rc; 1058 1059 rc = next_entry(buf, fp, sizeof buf); 1060 if (rc) { 1061 printk(KERN_ERR "SELinux: context truncated\n"); 1062 goto out; 1063 } 1064 c->user = le32_to_cpu(buf[0]); 1065 c->role = le32_to_cpu(buf[1]); 1066 c->type = le32_to_cpu(buf[2]); 1067 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1068 rc = mls_read_range_helper(&c->range, fp); 1069 if (rc) { 1070 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1071 goto out; 1072 } 1073 } 1074 1075 rc = -EINVAL; 1076 if (!policydb_context_isvalid(p, c)) { 1077 printk(KERN_ERR "SELinux: invalid security context\n"); 1078 context_destroy(c); 1079 goto out; 1080 } 1081 rc = 0; 1082 out: 1083 return rc; 1084 } 1085 1086 /* 1087 * The following *_read functions are used to 1088 * read the symbol data from a policy database 1089 * binary representation file. 1090 */ 1091 1092 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1093 { 1094 int rc; 1095 char *str; 1096 1097 if ((len == 0) || (len == (u32)-1)) 1098 return -EINVAL; 1099 1100 str = kmalloc(len + 1, flags); 1101 if (!str) 1102 return -ENOMEM; 1103 1104 /* it's expected the caller should free the str */ 1105 *strp = str; 1106 1107 rc = next_entry(str, fp, len); 1108 if (rc) 1109 return rc; 1110 1111 str[len] = '\0'; 1112 return 0; 1113 } 1114 1115 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1116 { 1117 char *key = NULL; 1118 struct perm_datum *perdatum; 1119 int rc; 1120 __le32 buf[2]; 1121 u32 len; 1122 1123 rc = -ENOMEM; 1124 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1125 if (!perdatum) 1126 goto bad; 1127 1128 rc = next_entry(buf, fp, sizeof buf); 1129 if (rc) 1130 goto bad; 1131 1132 len = le32_to_cpu(buf[0]); 1133 perdatum->value = le32_to_cpu(buf[1]); 1134 1135 rc = str_read(&key, GFP_KERNEL, fp, len); 1136 if (rc) 1137 goto bad; 1138 1139 rc = hashtab_insert(h, key, perdatum); 1140 if (rc) 1141 goto bad; 1142 1143 return 0; 1144 bad: 1145 perm_destroy(key, perdatum, NULL); 1146 return rc; 1147 } 1148 1149 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1150 { 1151 char *key = NULL; 1152 struct common_datum *comdatum; 1153 __le32 buf[4]; 1154 u32 len, nel; 1155 int i, rc; 1156 1157 rc = -ENOMEM; 1158 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1159 if (!comdatum) 1160 goto bad; 1161 1162 rc = next_entry(buf, fp, sizeof buf); 1163 if (rc) 1164 goto bad; 1165 1166 len = le32_to_cpu(buf[0]); 1167 comdatum->value = le32_to_cpu(buf[1]); 1168 1169 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1170 if (rc) 1171 goto bad; 1172 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1173 nel = le32_to_cpu(buf[3]); 1174 1175 rc = str_read(&key, GFP_KERNEL, fp, len); 1176 if (rc) 1177 goto bad; 1178 1179 for (i = 0; i < nel; i++) { 1180 rc = perm_read(p, comdatum->permissions.table, fp); 1181 if (rc) 1182 goto bad; 1183 } 1184 1185 rc = hashtab_insert(h, key, comdatum); 1186 if (rc) 1187 goto bad; 1188 return 0; 1189 bad: 1190 common_destroy(key, comdatum, NULL); 1191 return rc; 1192 } 1193 1194 static void type_set_init(struct type_set *t) 1195 { 1196 ebitmap_init(&t->types); 1197 ebitmap_init(&t->negset); 1198 } 1199 1200 static int type_set_read(struct type_set *t, void *fp) 1201 { 1202 __le32 buf[1]; 1203 int rc; 1204 1205 if (ebitmap_read(&t->types, fp)) 1206 return -EINVAL; 1207 if (ebitmap_read(&t->negset, fp)) 1208 return -EINVAL; 1209 1210 rc = next_entry(buf, fp, sizeof(u32)); 1211 if (rc < 0) 1212 return -EINVAL; 1213 t->flags = le32_to_cpu(buf[0]); 1214 1215 return 0; 1216 } 1217 1218 1219 static int read_cons_helper(struct policydb *p, 1220 struct constraint_node **nodep, 1221 int ncons, int allowxtarget, void *fp) 1222 { 1223 struct constraint_node *c, *lc; 1224 struct constraint_expr *e, *le; 1225 __le32 buf[3]; 1226 u32 nexpr; 1227 int rc, i, j, depth; 1228 1229 lc = NULL; 1230 for (i = 0; i < ncons; i++) { 1231 c = kzalloc(sizeof(*c), GFP_KERNEL); 1232 if (!c) 1233 return -ENOMEM; 1234 1235 if (lc) 1236 lc->next = c; 1237 else 1238 *nodep = c; 1239 1240 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1241 if (rc) 1242 return rc; 1243 c->permissions = le32_to_cpu(buf[0]); 1244 nexpr = le32_to_cpu(buf[1]); 1245 le = NULL; 1246 depth = -1; 1247 for (j = 0; j < nexpr; j++) { 1248 e = kzalloc(sizeof(*e), GFP_KERNEL); 1249 if (!e) 1250 return -ENOMEM; 1251 1252 if (le) 1253 le->next = e; 1254 else 1255 c->expr = e; 1256 1257 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1258 if (rc) 1259 return rc; 1260 e->expr_type = le32_to_cpu(buf[0]); 1261 e->attr = le32_to_cpu(buf[1]); 1262 e->op = le32_to_cpu(buf[2]); 1263 1264 switch (e->expr_type) { 1265 case CEXPR_NOT: 1266 if (depth < 0) 1267 return -EINVAL; 1268 break; 1269 case CEXPR_AND: 1270 case CEXPR_OR: 1271 if (depth < 1) 1272 return -EINVAL; 1273 depth--; 1274 break; 1275 case CEXPR_ATTR: 1276 if (depth == (CEXPR_MAXDEPTH - 1)) 1277 return -EINVAL; 1278 depth++; 1279 break; 1280 case CEXPR_NAMES: 1281 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1282 return -EINVAL; 1283 if (depth == (CEXPR_MAXDEPTH - 1)) 1284 return -EINVAL; 1285 depth++; 1286 rc = ebitmap_read(&e->names, fp); 1287 if (rc) 1288 return rc; 1289 if (p->policyvers >= 1290 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1291 e->type_names = kzalloc(sizeof 1292 (*e->type_names), 1293 GFP_KERNEL); 1294 if (!e->type_names) 1295 return -ENOMEM; 1296 type_set_init(e->type_names); 1297 rc = type_set_read(e->type_names, fp); 1298 if (rc) 1299 return rc; 1300 } 1301 break; 1302 default: 1303 return -EINVAL; 1304 } 1305 le = e; 1306 } 1307 if (depth != 0) 1308 return -EINVAL; 1309 lc = c; 1310 } 1311 1312 return 0; 1313 } 1314 1315 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1316 { 1317 char *key = NULL; 1318 struct class_datum *cladatum; 1319 __le32 buf[6]; 1320 u32 len, len2, ncons, nel; 1321 int i, rc; 1322 1323 rc = -ENOMEM; 1324 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1325 if (!cladatum) 1326 goto bad; 1327 1328 rc = next_entry(buf, fp, sizeof(u32)*6); 1329 if (rc) 1330 goto bad; 1331 1332 len = le32_to_cpu(buf[0]); 1333 len2 = le32_to_cpu(buf[1]); 1334 cladatum->value = le32_to_cpu(buf[2]); 1335 1336 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1337 if (rc) 1338 goto bad; 1339 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1340 nel = le32_to_cpu(buf[4]); 1341 1342 ncons = le32_to_cpu(buf[5]); 1343 1344 rc = str_read(&key, GFP_KERNEL, fp, len); 1345 if (rc) 1346 goto bad; 1347 1348 if (len2) { 1349 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1350 if (rc) 1351 goto bad; 1352 1353 rc = -EINVAL; 1354 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1355 if (!cladatum->comdatum) { 1356 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1357 goto bad; 1358 } 1359 } 1360 for (i = 0; i < nel; i++) { 1361 rc = perm_read(p, cladatum->permissions.table, fp); 1362 if (rc) 1363 goto bad; 1364 } 1365 1366 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1367 if (rc) 1368 goto bad; 1369 1370 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1371 /* grab the validatetrans rules */ 1372 rc = next_entry(buf, fp, sizeof(u32)); 1373 if (rc) 1374 goto bad; 1375 ncons = le32_to_cpu(buf[0]); 1376 rc = read_cons_helper(p, &cladatum->validatetrans, 1377 ncons, 1, fp); 1378 if (rc) 1379 goto bad; 1380 } 1381 1382 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1383 rc = next_entry(buf, fp, sizeof(u32) * 3); 1384 if (rc) 1385 goto bad; 1386 1387 cladatum->default_user = le32_to_cpu(buf[0]); 1388 cladatum->default_role = le32_to_cpu(buf[1]); 1389 cladatum->default_range = le32_to_cpu(buf[2]); 1390 } 1391 1392 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1393 rc = next_entry(buf, fp, sizeof(u32) * 1); 1394 if (rc) 1395 goto bad; 1396 cladatum->default_type = le32_to_cpu(buf[0]); 1397 } 1398 1399 rc = hashtab_insert(h, key, cladatum); 1400 if (rc) 1401 goto bad; 1402 1403 return 0; 1404 bad: 1405 cls_destroy(key, cladatum, NULL); 1406 return rc; 1407 } 1408 1409 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1410 { 1411 char *key = NULL; 1412 struct role_datum *role; 1413 int rc, to_read = 2; 1414 __le32 buf[3]; 1415 u32 len; 1416 1417 rc = -ENOMEM; 1418 role = kzalloc(sizeof(*role), GFP_KERNEL); 1419 if (!role) 1420 goto bad; 1421 1422 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1423 to_read = 3; 1424 1425 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1426 if (rc) 1427 goto bad; 1428 1429 len = le32_to_cpu(buf[0]); 1430 role->value = le32_to_cpu(buf[1]); 1431 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1432 role->bounds = le32_to_cpu(buf[2]); 1433 1434 rc = str_read(&key, GFP_KERNEL, fp, len); 1435 if (rc) 1436 goto bad; 1437 1438 rc = ebitmap_read(&role->dominates, fp); 1439 if (rc) 1440 goto bad; 1441 1442 rc = ebitmap_read(&role->types, fp); 1443 if (rc) 1444 goto bad; 1445 1446 if (strcmp(key, OBJECT_R) == 0) { 1447 rc = -EINVAL; 1448 if (role->value != OBJECT_R_VAL) { 1449 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1450 OBJECT_R, role->value); 1451 goto bad; 1452 } 1453 rc = 0; 1454 goto bad; 1455 } 1456 1457 rc = hashtab_insert(h, key, role); 1458 if (rc) 1459 goto bad; 1460 return 0; 1461 bad: 1462 role_destroy(key, role, NULL); 1463 return rc; 1464 } 1465 1466 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1467 { 1468 char *key = NULL; 1469 struct type_datum *typdatum; 1470 int rc, to_read = 3; 1471 __le32 buf[4]; 1472 u32 len; 1473 1474 rc = -ENOMEM; 1475 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1476 if (!typdatum) 1477 goto bad; 1478 1479 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1480 to_read = 4; 1481 1482 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1483 if (rc) 1484 goto bad; 1485 1486 len = le32_to_cpu(buf[0]); 1487 typdatum->value = le32_to_cpu(buf[1]); 1488 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1489 u32 prop = le32_to_cpu(buf[2]); 1490 1491 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1492 typdatum->primary = 1; 1493 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1494 typdatum->attribute = 1; 1495 1496 typdatum->bounds = le32_to_cpu(buf[3]); 1497 } else { 1498 typdatum->primary = le32_to_cpu(buf[2]); 1499 } 1500 1501 rc = str_read(&key, GFP_KERNEL, fp, len); 1502 if (rc) 1503 goto bad; 1504 1505 rc = hashtab_insert(h, key, typdatum); 1506 if (rc) 1507 goto bad; 1508 return 0; 1509 bad: 1510 type_destroy(key, typdatum, NULL); 1511 return rc; 1512 } 1513 1514 1515 /* 1516 * Read a MLS level structure from a policydb binary 1517 * representation file. 1518 */ 1519 static int mls_read_level(struct mls_level *lp, void *fp) 1520 { 1521 __le32 buf[1]; 1522 int rc; 1523 1524 memset(lp, 0, sizeof(*lp)); 1525 1526 rc = next_entry(buf, fp, sizeof buf); 1527 if (rc) { 1528 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1529 return rc; 1530 } 1531 lp->sens = le32_to_cpu(buf[0]); 1532 1533 rc = ebitmap_read(&lp->cat, fp); 1534 if (rc) { 1535 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1536 return rc; 1537 } 1538 return 0; 1539 } 1540 1541 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1542 { 1543 char *key = NULL; 1544 struct user_datum *usrdatum; 1545 int rc, to_read = 2; 1546 __le32 buf[3]; 1547 u32 len; 1548 1549 rc = -ENOMEM; 1550 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1551 if (!usrdatum) 1552 goto bad; 1553 1554 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1555 to_read = 3; 1556 1557 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1558 if (rc) 1559 goto bad; 1560 1561 len = le32_to_cpu(buf[0]); 1562 usrdatum->value = le32_to_cpu(buf[1]); 1563 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1564 usrdatum->bounds = le32_to_cpu(buf[2]); 1565 1566 rc = str_read(&key, GFP_KERNEL, fp, len); 1567 if (rc) 1568 goto bad; 1569 1570 rc = ebitmap_read(&usrdatum->roles, fp); 1571 if (rc) 1572 goto bad; 1573 1574 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1575 rc = mls_read_range_helper(&usrdatum->range, fp); 1576 if (rc) 1577 goto bad; 1578 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1579 if (rc) 1580 goto bad; 1581 } 1582 1583 rc = hashtab_insert(h, key, usrdatum); 1584 if (rc) 1585 goto bad; 1586 return 0; 1587 bad: 1588 user_destroy(key, usrdatum, NULL); 1589 return rc; 1590 } 1591 1592 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1593 { 1594 char *key = NULL; 1595 struct level_datum *levdatum; 1596 int rc; 1597 __le32 buf[2]; 1598 u32 len; 1599 1600 rc = -ENOMEM; 1601 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1602 if (!levdatum) 1603 goto bad; 1604 1605 rc = next_entry(buf, fp, sizeof buf); 1606 if (rc) 1607 goto bad; 1608 1609 len = le32_to_cpu(buf[0]); 1610 levdatum->isalias = le32_to_cpu(buf[1]); 1611 1612 rc = str_read(&key, GFP_ATOMIC, fp, len); 1613 if (rc) 1614 goto bad; 1615 1616 rc = -ENOMEM; 1617 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1618 if (!levdatum->level) 1619 goto bad; 1620 1621 rc = mls_read_level(levdatum->level, fp); 1622 if (rc) 1623 goto bad; 1624 1625 rc = hashtab_insert(h, key, levdatum); 1626 if (rc) 1627 goto bad; 1628 return 0; 1629 bad: 1630 sens_destroy(key, levdatum, NULL); 1631 return rc; 1632 } 1633 1634 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1635 { 1636 char *key = NULL; 1637 struct cat_datum *catdatum; 1638 int rc; 1639 __le32 buf[3]; 1640 u32 len; 1641 1642 rc = -ENOMEM; 1643 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1644 if (!catdatum) 1645 goto bad; 1646 1647 rc = next_entry(buf, fp, sizeof buf); 1648 if (rc) 1649 goto bad; 1650 1651 len = le32_to_cpu(buf[0]); 1652 catdatum->value = le32_to_cpu(buf[1]); 1653 catdatum->isalias = le32_to_cpu(buf[2]); 1654 1655 rc = str_read(&key, GFP_ATOMIC, fp, len); 1656 if (rc) 1657 goto bad; 1658 1659 rc = hashtab_insert(h, key, catdatum); 1660 if (rc) 1661 goto bad; 1662 return 0; 1663 bad: 1664 cat_destroy(key, catdatum, NULL); 1665 return rc; 1666 } 1667 1668 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1669 { 1670 common_read, 1671 class_read, 1672 role_read, 1673 type_read, 1674 user_read, 1675 cond_read_bool, 1676 sens_read, 1677 cat_read, 1678 }; 1679 1680 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1681 { 1682 struct user_datum *upper, *user; 1683 struct policydb *p = datap; 1684 int depth = 0; 1685 1686 upper = user = datum; 1687 while (upper->bounds) { 1688 struct ebitmap_node *node; 1689 unsigned long bit; 1690 1691 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1692 printk(KERN_ERR "SELinux: user %s: " 1693 "too deep or looped boundary", 1694 (char *) key); 1695 return -EINVAL; 1696 } 1697 1698 upper = p->user_val_to_struct[upper->bounds - 1]; 1699 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1700 if (ebitmap_get_bit(&upper->roles, bit)) 1701 continue; 1702 1703 printk(KERN_ERR 1704 "SELinux: boundary violated policy: " 1705 "user=%s role=%s bounds=%s\n", 1706 sym_name(p, SYM_USERS, user->value - 1), 1707 sym_name(p, SYM_ROLES, bit), 1708 sym_name(p, SYM_USERS, upper->value - 1)); 1709 1710 return -EINVAL; 1711 } 1712 } 1713 1714 return 0; 1715 } 1716 1717 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1718 { 1719 struct role_datum *upper, *role; 1720 struct policydb *p = datap; 1721 int depth = 0; 1722 1723 upper = role = datum; 1724 while (upper->bounds) { 1725 struct ebitmap_node *node; 1726 unsigned long bit; 1727 1728 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1729 printk(KERN_ERR "SELinux: role %s: " 1730 "too deep or looped bounds\n", 1731 (char *) key); 1732 return -EINVAL; 1733 } 1734 1735 upper = p->role_val_to_struct[upper->bounds - 1]; 1736 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1737 if (ebitmap_get_bit(&upper->types, bit)) 1738 continue; 1739 1740 printk(KERN_ERR 1741 "SELinux: boundary violated policy: " 1742 "role=%s type=%s bounds=%s\n", 1743 sym_name(p, SYM_ROLES, role->value - 1), 1744 sym_name(p, SYM_TYPES, bit), 1745 sym_name(p, SYM_ROLES, upper->value - 1)); 1746 1747 return -EINVAL; 1748 } 1749 } 1750 1751 return 0; 1752 } 1753 1754 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1755 { 1756 struct type_datum *upper; 1757 struct policydb *p = datap; 1758 int depth = 0; 1759 1760 upper = datum; 1761 while (upper->bounds) { 1762 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1763 printk(KERN_ERR "SELinux: type %s: " 1764 "too deep or looped boundary\n", 1765 (char *) key); 1766 return -EINVAL; 1767 } 1768 1769 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1770 upper->bounds - 1); 1771 BUG_ON(!upper); 1772 1773 if (upper->attribute) { 1774 printk(KERN_ERR "SELinux: type %s: " 1775 "bounded by attribute %s", 1776 (char *) key, 1777 sym_name(p, SYM_TYPES, upper->value - 1)); 1778 return -EINVAL; 1779 } 1780 } 1781 1782 return 0; 1783 } 1784 1785 static int policydb_bounds_sanity_check(struct policydb *p) 1786 { 1787 int rc; 1788 1789 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1790 return 0; 1791 1792 rc = hashtab_map(p->p_users.table, 1793 user_bounds_sanity_check, p); 1794 if (rc) 1795 return rc; 1796 1797 rc = hashtab_map(p->p_roles.table, 1798 role_bounds_sanity_check, p); 1799 if (rc) 1800 return rc; 1801 1802 rc = hashtab_map(p->p_types.table, 1803 type_bounds_sanity_check, p); 1804 if (rc) 1805 return rc; 1806 1807 return 0; 1808 } 1809 1810 u16 string_to_security_class(struct policydb *p, const char *name) 1811 { 1812 struct class_datum *cladatum; 1813 1814 cladatum = hashtab_search(p->p_classes.table, name); 1815 if (!cladatum) 1816 return 0; 1817 1818 return cladatum->value; 1819 } 1820 1821 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1822 { 1823 struct class_datum *cladatum; 1824 struct perm_datum *perdatum = NULL; 1825 struct common_datum *comdatum; 1826 1827 if (!tclass || tclass > p->p_classes.nprim) 1828 return 0; 1829 1830 cladatum = p->class_val_to_struct[tclass-1]; 1831 comdatum = cladatum->comdatum; 1832 if (comdatum) 1833 perdatum = hashtab_search(comdatum->permissions.table, 1834 name); 1835 if (!perdatum) 1836 perdatum = hashtab_search(cladatum->permissions.table, 1837 name); 1838 if (!perdatum) 1839 return 0; 1840 1841 return 1U << (perdatum->value-1); 1842 } 1843 1844 static int range_read(struct policydb *p, void *fp) 1845 { 1846 struct range_trans *rt = NULL; 1847 struct mls_range *r = NULL; 1848 int i, rc; 1849 __le32 buf[2]; 1850 u32 nel; 1851 1852 if (p->policyvers < POLICYDB_VERSION_MLS) 1853 return 0; 1854 1855 rc = next_entry(buf, fp, sizeof(u32)); 1856 if (rc) 1857 goto out; 1858 1859 nel = le32_to_cpu(buf[0]); 1860 for (i = 0; i < nel; i++) { 1861 rc = -ENOMEM; 1862 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1863 if (!rt) 1864 goto out; 1865 1866 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1867 if (rc) 1868 goto out; 1869 1870 rt->source_type = le32_to_cpu(buf[0]); 1871 rt->target_type = le32_to_cpu(buf[1]); 1872 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1873 rc = next_entry(buf, fp, sizeof(u32)); 1874 if (rc) 1875 goto out; 1876 rt->target_class = le32_to_cpu(buf[0]); 1877 } else 1878 rt->target_class = p->process_class; 1879 1880 rc = -EINVAL; 1881 if (!policydb_type_isvalid(p, rt->source_type) || 1882 !policydb_type_isvalid(p, rt->target_type) || 1883 !policydb_class_isvalid(p, rt->target_class)) 1884 goto out; 1885 1886 rc = -ENOMEM; 1887 r = kzalloc(sizeof(*r), GFP_KERNEL); 1888 if (!r) 1889 goto out; 1890 1891 rc = mls_read_range_helper(r, fp); 1892 if (rc) 1893 goto out; 1894 1895 rc = -EINVAL; 1896 if (!mls_range_isvalid(p, r)) { 1897 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1898 goto out; 1899 } 1900 1901 rc = hashtab_insert(p->range_tr, rt, r); 1902 if (rc) 1903 goto out; 1904 1905 rt = NULL; 1906 r = NULL; 1907 } 1908 hash_eval(p->range_tr, "rangetr"); 1909 rc = 0; 1910 out: 1911 kfree(rt); 1912 kfree(r); 1913 return rc; 1914 } 1915 1916 static int filename_trans_read(struct policydb *p, void *fp) 1917 { 1918 struct filename_trans *ft; 1919 struct filename_trans_datum *otype; 1920 char *name; 1921 u32 nel, len; 1922 __le32 buf[4]; 1923 int rc, i; 1924 1925 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1926 return 0; 1927 1928 rc = next_entry(buf, fp, sizeof(u32)); 1929 if (rc) 1930 return rc; 1931 nel = le32_to_cpu(buf[0]); 1932 1933 for (i = 0; i < nel; i++) { 1934 ft = NULL; 1935 otype = NULL; 1936 name = NULL; 1937 1938 rc = -ENOMEM; 1939 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1940 if (!ft) 1941 goto out; 1942 1943 rc = -ENOMEM; 1944 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1945 if (!otype) 1946 goto out; 1947 1948 /* length of the path component string */ 1949 rc = next_entry(buf, fp, sizeof(u32)); 1950 if (rc) 1951 goto out; 1952 len = le32_to_cpu(buf[0]); 1953 1954 /* path component string */ 1955 rc = str_read(&name, GFP_KERNEL, fp, len); 1956 if (rc) 1957 goto out; 1958 1959 ft->name = name; 1960 1961 rc = next_entry(buf, fp, sizeof(u32) * 4); 1962 if (rc) 1963 goto out; 1964 1965 ft->stype = le32_to_cpu(buf[0]); 1966 ft->ttype = le32_to_cpu(buf[1]); 1967 ft->tclass = le32_to_cpu(buf[2]); 1968 1969 otype->otype = le32_to_cpu(buf[3]); 1970 1971 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1972 if (rc) 1973 goto out; 1974 1975 rc = hashtab_insert(p->filename_trans, ft, otype); 1976 if (rc) { 1977 /* 1978 * Do not return -EEXIST to the caller, or the system 1979 * will not boot. 1980 */ 1981 if (rc != -EEXIST) 1982 goto out; 1983 /* But free memory to avoid memory leak. */ 1984 kfree(ft); 1985 kfree(name); 1986 kfree(otype); 1987 } 1988 } 1989 hash_eval(p->filename_trans, "filenametr"); 1990 return 0; 1991 out: 1992 kfree(ft); 1993 kfree(name); 1994 kfree(otype); 1995 1996 return rc; 1997 } 1998 1999 static int genfs_read(struct policydb *p, void *fp) 2000 { 2001 int i, j, rc; 2002 u32 nel, nel2, len, len2; 2003 __le32 buf[1]; 2004 struct ocontext *l, *c; 2005 struct ocontext *newc = NULL; 2006 struct genfs *genfs_p, *genfs; 2007 struct genfs *newgenfs = NULL; 2008 2009 rc = next_entry(buf, fp, sizeof(u32)); 2010 if (rc) 2011 goto out; 2012 nel = le32_to_cpu(buf[0]); 2013 2014 for (i = 0; i < nel; i++) { 2015 rc = next_entry(buf, fp, sizeof(u32)); 2016 if (rc) 2017 goto out; 2018 len = le32_to_cpu(buf[0]); 2019 2020 rc = -ENOMEM; 2021 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2022 if (!newgenfs) 2023 goto out; 2024 2025 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2026 if (rc) 2027 goto out; 2028 2029 for (genfs_p = NULL, genfs = p->genfs; genfs; 2030 genfs_p = genfs, genfs = genfs->next) { 2031 rc = -EINVAL; 2032 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2033 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 2034 newgenfs->fstype); 2035 goto out; 2036 } 2037 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2038 break; 2039 } 2040 newgenfs->next = genfs; 2041 if (genfs_p) 2042 genfs_p->next = newgenfs; 2043 else 2044 p->genfs = newgenfs; 2045 genfs = newgenfs; 2046 newgenfs = NULL; 2047 2048 rc = next_entry(buf, fp, sizeof(u32)); 2049 if (rc) 2050 goto out; 2051 2052 nel2 = le32_to_cpu(buf[0]); 2053 for (j = 0; j < nel2; j++) { 2054 rc = next_entry(buf, fp, sizeof(u32)); 2055 if (rc) 2056 goto out; 2057 len = le32_to_cpu(buf[0]); 2058 2059 rc = -ENOMEM; 2060 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2061 if (!newc) 2062 goto out; 2063 2064 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2065 if (rc) 2066 goto out; 2067 2068 rc = next_entry(buf, fp, sizeof(u32)); 2069 if (rc) 2070 goto out; 2071 2072 newc->v.sclass = le32_to_cpu(buf[0]); 2073 rc = context_read_and_validate(&newc->context[0], p, fp); 2074 if (rc) 2075 goto out; 2076 2077 for (l = NULL, c = genfs->head; c; 2078 l = c, c = c->next) { 2079 rc = -EINVAL; 2080 if (!strcmp(newc->u.name, c->u.name) && 2081 (!c->v.sclass || !newc->v.sclass || 2082 newc->v.sclass == c->v.sclass)) { 2083 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2084 genfs->fstype, c->u.name); 2085 goto out; 2086 } 2087 len = strlen(newc->u.name); 2088 len2 = strlen(c->u.name); 2089 if (len > len2) 2090 break; 2091 } 2092 2093 newc->next = c; 2094 if (l) 2095 l->next = newc; 2096 else 2097 genfs->head = newc; 2098 newc = NULL; 2099 } 2100 } 2101 rc = 0; 2102 out: 2103 if (newgenfs) 2104 kfree(newgenfs->fstype); 2105 kfree(newgenfs); 2106 ocontext_destroy(newc, OCON_FSUSE); 2107 2108 return rc; 2109 } 2110 2111 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2112 void *fp) 2113 { 2114 int i, j, rc; 2115 u32 nel, len; 2116 __le32 buf[3]; 2117 struct ocontext *l, *c; 2118 u32 nodebuf[8]; 2119 2120 for (i = 0; i < info->ocon_num; i++) { 2121 rc = next_entry(buf, fp, sizeof(u32)); 2122 if (rc) 2123 goto out; 2124 nel = le32_to_cpu(buf[0]); 2125 2126 l = NULL; 2127 for (j = 0; j < nel; j++) { 2128 rc = -ENOMEM; 2129 c = kzalloc(sizeof(*c), GFP_KERNEL); 2130 if (!c) 2131 goto out; 2132 if (l) 2133 l->next = c; 2134 else 2135 p->ocontexts[i] = c; 2136 l = c; 2137 2138 switch (i) { 2139 case OCON_ISID: 2140 rc = next_entry(buf, fp, sizeof(u32)); 2141 if (rc) 2142 goto out; 2143 2144 c->sid[0] = le32_to_cpu(buf[0]); 2145 rc = context_read_and_validate(&c->context[0], p, fp); 2146 if (rc) 2147 goto out; 2148 break; 2149 case OCON_FS: 2150 case OCON_NETIF: 2151 rc = next_entry(buf, fp, sizeof(u32)); 2152 if (rc) 2153 goto out; 2154 len = le32_to_cpu(buf[0]); 2155 2156 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2157 if (rc) 2158 goto out; 2159 2160 rc = context_read_and_validate(&c->context[0], p, fp); 2161 if (rc) 2162 goto out; 2163 rc = context_read_and_validate(&c->context[1], p, fp); 2164 if (rc) 2165 goto out; 2166 break; 2167 case OCON_PORT: 2168 rc = next_entry(buf, fp, sizeof(u32)*3); 2169 if (rc) 2170 goto out; 2171 c->u.port.protocol = le32_to_cpu(buf[0]); 2172 c->u.port.low_port = le32_to_cpu(buf[1]); 2173 c->u.port.high_port = le32_to_cpu(buf[2]); 2174 rc = context_read_and_validate(&c->context[0], p, fp); 2175 if (rc) 2176 goto out; 2177 break; 2178 case OCON_NODE: 2179 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2180 if (rc) 2181 goto out; 2182 c->u.node.addr = nodebuf[0]; /* network order */ 2183 c->u.node.mask = nodebuf[1]; /* network order */ 2184 rc = context_read_and_validate(&c->context[0], p, fp); 2185 if (rc) 2186 goto out; 2187 break; 2188 case OCON_FSUSE: 2189 rc = next_entry(buf, fp, sizeof(u32)*2); 2190 if (rc) 2191 goto out; 2192 2193 rc = -EINVAL; 2194 c->v.behavior = le32_to_cpu(buf[0]); 2195 /* Determined at runtime, not in policy DB. */ 2196 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2197 goto out; 2198 if (c->v.behavior > SECURITY_FS_USE_MAX) 2199 goto out; 2200 2201 len = le32_to_cpu(buf[1]); 2202 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2203 if (rc) 2204 goto out; 2205 2206 rc = context_read_and_validate(&c->context[0], p, fp); 2207 if (rc) 2208 goto out; 2209 break; 2210 case OCON_NODE6: { 2211 int k; 2212 2213 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2214 if (rc) 2215 goto out; 2216 for (k = 0; k < 4; k++) 2217 c->u.node6.addr[k] = nodebuf[k]; 2218 for (k = 0; k < 4; k++) 2219 c->u.node6.mask[k] = nodebuf[k+4]; 2220 rc = context_read_and_validate(&c->context[0], p, fp); 2221 if (rc) 2222 goto out; 2223 break; 2224 } 2225 } 2226 } 2227 } 2228 rc = 0; 2229 out: 2230 return rc; 2231 } 2232 2233 /* 2234 * Read the configuration data from a policy database binary 2235 * representation file into a policy database structure. 2236 */ 2237 int policydb_read(struct policydb *p, void *fp) 2238 { 2239 struct role_allow *ra, *lra; 2240 struct role_trans *tr, *ltr; 2241 int i, j, rc; 2242 __le32 buf[4]; 2243 u32 len, nprim, nel; 2244 2245 char *policydb_str; 2246 struct policydb_compat_info *info; 2247 2248 rc = policydb_init(p); 2249 if (rc) 2250 return rc; 2251 2252 /* Read the magic number and string length. */ 2253 rc = next_entry(buf, fp, sizeof(u32) * 2); 2254 if (rc) 2255 goto bad; 2256 2257 rc = -EINVAL; 2258 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2259 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2260 "not match expected magic number 0x%x\n", 2261 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2262 goto bad; 2263 } 2264 2265 rc = -EINVAL; 2266 len = le32_to_cpu(buf[1]); 2267 if (len != strlen(POLICYDB_STRING)) { 2268 printk(KERN_ERR "SELinux: policydb string length %d does not " 2269 "match expected length %Zu\n", 2270 len, strlen(POLICYDB_STRING)); 2271 goto bad; 2272 } 2273 2274 rc = -ENOMEM; 2275 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2276 if (!policydb_str) { 2277 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2278 "string of length %d\n", len); 2279 goto bad; 2280 } 2281 2282 rc = next_entry(policydb_str, fp, len); 2283 if (rc) { 2284 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2285 kfree(policydb_str); 2286 goto bad; 2287 } 2288 2289 rc = -EINVAL; 2290 policydb_str[len] = '\0'; 2291 if (strcmp(policydb_str, POLICYDB_STRING)) { 2292 printk(KERN_ERR "SELinux: policydb string %s does not match " 2293 "my string %s\n", policydb_str, POLICYDB_STRING); 2294 kfree(policydb_str); 2295 goto bad; 2296 } 2297 /* Done with policydb_str. */ 2298 kfree(policydb_str); 2299 policydb_str = NULL; 2300 2301 /* Read the version and table sizes. */ 2302 rc = next_entry(buf, fp, sizeof(u32)*4); 2303 if (rc) 2304 goto bad; 2305 2306 rc = -EINVAL; 2307 p->policyvers = le32_to_cpu(buf[0]); 2308 if (p->policyvers < POLICYDB_VERSION_MIN || 2309 p->policyvers > POLICYDB_VERSION_MAX) { 2310 printk(KERN_ERR "SELinux: policydb version %d does not match " 2311 "my version range %d-%d\n", 2312 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2313 goto bad; 2314 } 2315 2316 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2317 p->mls_enabled = 1; 2318 2319 rc = -EINVAL; 2320 if (p->policyvers < POLICYDB_VERSION_MLS) { 2321 printk(KERN_ERR "SELinux: security policydb version %d " 2322 "(MLS) not backwards compatible\n", 2323 p->policyvers); 2324 goto bad; 2325 } 2326 } 2327 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2328 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2329 2330 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2331 rc = ebitmap_read(&p->policycaps, fp); 2332 if (rc) 2333 goto bad; 2334 } 2335 2336 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2337 rc = ebitmap_read(&p->permissive_map, fp); 2338 if (rc) 2339 goto bad; 2340 } 2341 2342 rc = -EINVAL; 2343 info = policydb_lookup_compat(p->policyvers); 2344 if (!info) { 2345 printk(KERN_ERR "SELinux: unable to find policy compat info " 2346 "for version %d\n", p->policyvers); 2347 goto bad; 2348 } 2349 2350 rc = -EINVAL; 2351 if (le32_to_cpu(buf[2]) != info->sym_num || 2352 le32_to_cpu(buf[3]) != info->ocon_num) { 2353 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2354 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2355 le32_to_cpu(buf[3]), 2356 info->sym_num, info->ocon_num); 2357 goto bad; 2358 } 2359 2360 for (i = 0; i < info->sym_num; i++) { 2361 rc = next_entry(buf, fp, sizeof(u32)*2); 2362 if (rc) 2363 goto bad; 2364 nprim = le32_to_cpu(buf[0]); 2365 nel = le32_to_cpu(buf[1]); 2366 for (j = 0; j < nel; j++) { 2367 rc = read_f[i](p, p->symtab[i].table, fp); 2368 if (rc) 2369 goto bad; 2370 } 2371 2372 p->symtab[i].nprim = nprim; 2373 } 2374 2375 rc = -EINVAL; 2376 p->process_class = string_to_security_class(p, "process"); 2377 if (!p->process_class) 2378 goto bad; 2379 2380 rc = avtab_read(&p->te_avtab, fp, p); 2381 if (rc) 2382 goto bad; 2383 2384 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2385 rc = cond_read_list(p, fp); 2386 if (rc) 2387 goto bad; 2388 } 2389 2390 rc = next_entry(buf, fp, sizeof(u32)); 2391 if (rc) 2392 goto bad; 2393 nel = le32_to_cpu(buf[0]); 2394 ltr = NULL; 2395 for (i = 0; i < nel; i++) { 2396 rc = -ENOMEM; 2397 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2398 if (!tr) 2399 goto bad; 2400 if (ltr) 2401 ltr->next = tr; 2402 else 2403 p->role_tr = tr; 2404 rc = next_entry(buf, fp, sizeof(u32)*3); 2405 if (rc) 2406 goto bad; 2407 2408 rc = -EINVAL; 2409 tr->role = le32_to_cpu(buf[0]); 2410 tr->type = le32_to_cpu(buf[1]); 2411 tr->new_role = le32_to_cpu(buf[2]); 2412 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2413 rc = next_entry(buf, fp, sizeof(u32)); 2414 if (rc) 2415 goto bad; 2416 tr->tclass = le32_to_cpu(buf[0]); 2417 } else 2418 tr->tclass = p->process_class; 2419 2420 rc = -EINVAL; 2421 if (!policydb_role_isvalid(p, tr->role) || 2422 !policydb_type_isvalid(p, tr->type) || 2423 !policydb_class_isvalid(p, tr->tclass) || 2424 !policydb_role_isvalid(p, tr->new_role)) 2425 goto bad; 2426 ltr = tr; 2427 } 2428 2429 rc = next_entry(buf, fp, sizeof(u32)); 2430 if (rc) 2431 goto bad; 2432 nel = le32_to_cpu(buf[0]); 2433 lra = NULL; 2434 for (i = 0; i < nel; i++) { 2435 rc = -ENOMEM; 2436 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2437 if (!ra) 2438 goto bad; 2439 if (lra) 2440 lra->next = ra; 2441 else 2442 p->role_allow = ra; 2443 rc = next_entry(buf, fp, sizeof(u32)*2); 2444 if (rc) 2445 goto bad; 2446 2447 rc = -EINVAL; 2448 ra->role = le32_to_cpu(buf[0]); 2449 ra->new_role = le32_to_cpu(buf[1]); 2450 if (!policydb_role_isvalid(p, ra->role) || 2451 !policydb_role_isvalid(p, ra->new_role)) 2452 goto bad; 2453 lra = ra; 2454 } 2455 2456 rc = filename_trans_read(p, fp); 2457 if (rc) 2458 goto bad; 2459 2460 rc = policydb_index(p); 2461 if (rc) 2462 goto bad; 2463 2464 rc = -EINVAL; 2465 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2466 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2467 if (!p->process_trans_perms) 2468 goto bad; 2469 2470 rc = ocontext_read(p, info, fp); 2471 if (rc) 2472 goto bad; 2473 2474 rc = genfs_read(p, fp); 2475 if (rc) 2476 goto bad; 2477 2478 rc = range_read(p, fp); 2479 if (rc) 2480 goto bad; 2481 2482 rc = -ENOMEM; 2483 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2484 p->p_types.nprim, 2485 GFP_KERNEL | __GFP_ZERO); 2486 if (!p->type_attr_map_array) 2487 goto bad; 2488 2489 /* preallocate so we don't have to worry about the put ever failing */ 2490 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2491 GFP_KERNEL | __GFP_ZERO); 2492 if (rc) 2493 goto bad; 2494 2495 for (i = 0; i < p->p_types.nprim; i++) { 2496 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2497 2498 BUG_ON(!e); 2499 ebitmap_init(e); 2500 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2501 rc = ebitmap_read(e, fp); 2502 if (rc) 2503 goto bad; 2504 } 2505 /* add the type itself as the degenerate case */ 2506 rc = ebitmap_set_bit(e, i, 1); 2507 if (rc) 2508 goto bad; 2509 } 2510 2511 rc = policydb_bounds_sanity_check(p); 2512 if (rc) 2513 goto bad; 2514 2515 rc = 0; 2516 out: 2517 return rc; 2518 bad: 2519 policydb_destroy(p); 2520 goto out; 2521 } 2522 2523 /* 2524 * Write a MLS level structure to a policydb binary 2525 * representation file. 2526 */ 2527 static int mls_write_level(struct mls_level *l, void *fp) 2528 { 2529 __le32 buf[1]; 2530 int rc; 2531 2532 buf[0] = cpu_to_le32(l->sens); 2533 rc = put_entry(buf, sizeof(u32), 1, fp); 2534 if (rc) 2535 return rc; 2536 2537 rc = ebitmap_write(&l->cat, fp); 2538 if (rc) 2539 return rc; 2540 2541 return 0; 2542 } 2543 2544 /* 2545 * Write a MLS range structure to a policydb binary 2546 * representation file. 2547 */ 2548 static int mls_write_range_helper(struct mls_range *r, void *fp) 2549 { 2550 __le32 buf[3]; 2551 size_t items; 2552 int rc, eq; 2553 2554 eq = mls_level_eq(&r->level[1], &r->level[0]); 2555 2556 if (eq) 2557 items = 2; 2558 else 2559 items = 3; 2560 buf[0] = cpu_to_le32(items-1); 2561 buf[1] = cpu_to_le32(r->level[0].sens); 2562 if (!eq) 2563 buf[2] = cpu_to_le32(r->level[1].sens); 2564 2565 BUG_ON(items > ARRAY_SIZE(buf)); 2566 2567 rc = put_entry(buf, sizeof(u32), items, fp); 2568 if (rc) 2569 return rc; 2570 2571 rc = ebitmap_write(&r->level[0].cat, fp); 2572 if (rc) 2573 return rc; 2574 if (!eq) { 2575 rc = ebitmap_write(&r->level[1].cat, fp); 2576 if (rc) 2577 return rc; 2578 } 2579 2580 return 0; 2581 } 2582 2583 static int sens_write(void *vkey, void *datum, void *ptr) 2584 { 2585 char *key = vkey; 2586 struct level_datum *levdatum = datum; 2587 struct policy_data *pd = ptr; 2588 void *fp = pd->fp; 2589 __le32 buf[2]; 2590 size_t len; 2591 int rc; 2592 2593 len = strlen(key); 2594 buf[0] = cpu_to_le32(len); 2595 buf[1] = cpu_to_le32(levdatum->isalias); 2596 rc = put_entry(buf, sizeof(u32), 2, fp); 2597 if (rc) 2598 return rc; 2599 2600 rc = put_entry(key, 1, len, fp); 2601 if (rc) 2602 return rc; 2603 2604 rc = mls_write_level(levdatum->level, fp); 2605 if (rc) 2606 return rc; 2607 2608 return 0; 2609 } 2610 2611 static int cat_write(void *vkey, void *datum, void *ptr) 2612 { 2613 char *key = vkey; 2614 struct cat_datum *catdatum = datum; 2615 struct policy_data *pd = ptr; 2616 void *fp = pd->fp; 2617 __le32 buf[3]; 2618 size_t len; 2619 int rc; 2620 2621 len = strlen(key); 2622 buf[0] = cpu_to_le32(len); 2623 buf[1] = cpu_to_le32(catdatum->value); 2624 buf[2] = cpu_to_le32(catdatum->isalias); 2625 rc = put_entry(buf, sizeof(u32), 3, fp); 2626 if (rc) 2627 return rc; 2628 2629 rc = put_entry(key, 1, len, fp); 2630 if (rc) 2631 return rc; 2632 2633 return 0; 2634 } 2635 2636 static int role_trans_write(struct policydb *p, void *fp) 2637 { 2638 struct role_trans *r = p->role_tr; 2639 struct role_trans *tr; 2640 u32 buf[3]; 2641 size_t nel; 2642 int rc; 2643 2644 nel = 0; 2645 for (tr = r; tr; tr = tr->next) 2646 nel++; 2647 buf[0] = cpu_to_le32(nel); 2648 rc = put_entry(buf, sizeof(u32), 1, fp); 2649 if (rc) 2650 return rc; 2651 for (tr = r; tr; tr = tr->next) { 2652 buf[0] = cpu_to_le32(tr->role); 2653 buf[1] = cpu_to_le32(tr->type); 2654 buf[2] = cpu_to_le32(tr->new_role); 2655 rc = put_entry(buf, sizeof(u32), 3, fp); 2656 if (rc) 2657 return rc; 2658 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2659 buf[0] = cpu_to_le32(tr->tclass); 2660 rc = put_entry(buf, sizeof(u32), 1, fp); 2661 if (rc) 2662 return rc; 2663 } 2664 } 2665 2666 return 0; 2667 } 2668 2669 static int role_allow_write(struct role_allow *r, void *fp) 2670 { 2671 struct role_allow *ra; 2672 u32 buf[2]; 2673 size_t nel; 2674 int rc; 2675 2676 nel = 0; 2677 for (ra = r; ra; ra = ra->next) 2678 nel++; 2679 buf[0] = cpu_to_le32(nel); 2680 rc = put_entry(buf, sizeof(u32), 1, fp); 2681 if (rc) 2682 return rc; 2683 for (ra = r; ra; ra = ra->next) { 2684 buf[0] = cpu_to_le32(ra->role); 2685 buf[1] = cpu_to_le32(ra->new_role); 2686 rc = put_entry(buf, sizeof(u32), 2, fp); 2687 if (rc) 2688 return rc; 2689 } 2690 return 0; 2691 } 2692 2693 /* 2694 * Write a security context structure 2695 * to a policydb binary representation file. 2696 */ 2697 static int context_write(struct policydb *p, struct context *c, 2698 void *fp) 2699 { 2700 int rc; 2701 __le32 buf[3]; 2702 2703 buf[0] = cpu_to_le32(c->user); 2704 buf[1] = cpu_to_le32(c->role); 2705 buf[2] = cpu_to_le32(c->type); 2706 2707 rc = put_entry(buf, sizeof(u32), 3, fp); 2708 if (rc) 2709 return rc; 2710 2711 rc = mls_write_range_helper(&c->range, fp); 2712 if (rc) 2713 return rc; 2714 2715 return 0; 2716 } 2717 2718 /* 2719 * The following *_write functions are used to 2720 * write the symbol data to a policy database 2721 * binary representation file. 2722 */ 2723 2724 static int perm_write(void *vkey, void *datum, void *fp) 2725 { 2726 char *key = vkey; 2727 struct perm_datum *perdatum = datum; 2728 __le32 buf[2]; 2729 size_t len; 2730 int rc; 2731 2732 len = strlen(key); 2733 buf[0] = cpu_to_le32(len); 2734 buf[1] = cpu_to_le32(perdatum->value); 2735 rc = put_entry(buf, sizeof(u32), 2, fp); 2736 if (rc) 2737 return rc; 2738 2739 rc = put_entry(key, 1, len, fp); 2740 if (rc) 2741 return rc; 2742 2743 return 0; 2744 } 2745 2746 static int common_write(void *vkey, void *datum, void *ptr) 2747 { 2748 char *key = vkey; 2749 struct common_datum *comdatum = datum; 2750 struct policy_data *pd = ptr; 2751 void *fp = pd->fp; 2752 __le32 buf[4]; 2753 size_t len; 2754 int rc; 2755 2756 len = strlen(key); 2757 buf[0] = cpu_to_le32(len); 2758 buf[1] = cpu_to_le32(comdatum->value); 2759 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2760 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2761 rc = put_entry(buf, sizeof(u32), 4, fp); 2762 if (rc) 2763 return rc; 2764 2765 rc = put_entry(key, 1, len, fp); 2766 if (rc) 2767 return rc; 2768 2769 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2770 if (rc) 2771 return rc; 2772 2773 return 0; 2774 } 2775 2776 static int type_set_write(struct type_set *t, void *fp) 2777 { 2778 int rc; 2779 __le32 buf[1]; 2780 2781 if (ebitmap_write(&t->types, fp)) 2782 return -EINVAL; 2783 if (ebitmap_write(&t->negset, fp)) 2784 return -EINVAL; 2785 2786 buf[0] = cpu_to_le32(t->flags); 2787 rc = put_entry(buf, sizeof(u32), 1, fp); 2788 if (rc) 2789 return -EINVAL; 2790 2791 return 0; 2792 } 2793 2794 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2795 void *fp) 2796 { 2797 struct constraint_node *c; 2798 struct constraint_expr *e; 2799 __le32 buf[3]; 2800 u32 nel; 2801 int rc; 2802 2803 for (c = node; c; c = c->next) { 2804 nel = 0; 2805 for (e = c->expr; e; e = e->next) 2806 nel++; 2807 buf[0] = cpu_to_le32(c->permissions); 2808 buf[1] = cpu_to_le32(nel); 2809 rc = put_entry(buf, sizeof(u32), 2, fp); 2810 if (rc) 2811 return rc; 2812 for (e = c->expr; e; e = e->next) { 2813 buf[0] = cpu_to_le32(e->expr_type); 2814 buf[1] = cpu_to_le32(e->attr); 2815 buf[2] = cpu_to_le32(e->op); 2816 rc = put_entry(buf, sizeof(u32), 3, fp); 2817 if (rc) 2818 return rc; 2819 2820 switch (e->expr_type) { 2821 case CEXPR_NAMES: 2822 rc = ebitmap_write(&e->names, fp); 2823 if (rc) 2824 return rc; 2825 if (p->policyvers >= 2826 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2827 rc = type_set_write(e->type_names, fp); 2828 if (rc) 2829 return rc; 2830 } 2831 break; 2832 default: 2833 break; 2834 } 2835 } 2836 } 2837 2838 return 0; 2839 } 2840 2841 static int class_write(void *vkey, void *datum, void *ptr) 2842 { 2843 char *key = vkey; 2844 struct class_datum *cladatum = datum; 2845 struct policy_data *pd = ptr; 2846 void *fp = pd->fp; 2847 struct policydb *p = pd->p; 2848 struct constraint_node *c; 2849 __le32 buf[6]; 2850 u32 ncons; 2851 size_t len, len2; 2852 int rc; 2853 2854 len = strlen(key); 2855 if (cladatum->comkey) 2856 len2 = strlen(cladatum->comkey); 2857 else 2858 len2 = 0; 2859 2860 ncons = 0; 2861 for (c = cladatum->constraints; c; c = c->next) 2862 ncons++; 2863 2864 buf[0] = cpu_to_le32(len); 2865 buf[1] = cpu_to_le32(len2); 2866 buf[2] = cpu_to_le32(cladatum->value); 2867 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2868 if (cladatum->permissions.table) 2869 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2870 else 2871 buf[4] = 0; 2872 buf[5] = cpu_to_le32(ncons); 2873 rc = put_entry(buf, sizeof(u32), 6, fp); 2874 if (rc) 2875 return rc; 2876 2877 rc = put_entry(key, 1, len, fp); 2878 if (rc) 2879 return rc; 2880 2881 if (cladatum->comkey) { 2882 rc = put_entry(cladatum->comkey, 1, len2, fp); 2883 if (rc) 2884 return rc; 2885 } 2886 2887 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2888 if (rc) 2889 return rc; 2890 2891 rc = write_cons_helper(p, cladatum->constraints, fp); 2892 if (rc) 2893 return rc; 2894 2895 /* write out the validatetrans rule */ 2896 ncons = 0; 2897 for (c = cladatum->validatetrans; c; c = c->next) 2898 ncons++; 2899 2900 buf[0] = cpu_to_le32(ncons); 2901 rc = put_entry(buf, sizeof(u32), 1, fp); 2902 if (rc) 2903 return rc; 2904 2905 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2906 if (rc) 2907 return rc; 2908 2909 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2910 buf[0] = cpu_to_le32(cladatum->default_user); 2911 buf[1] = cpu_to_le32(cladatum->default_role); 2912 buf[2] = cpu_to_le32(cladatum->default_range); 2913 2914 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2915 if (rc) 2916 return rc; 2917 } 2918 2919 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2920 buf[0] = cpu_to_le32(cladatum->default_type); 2921 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2922 if (rc) 2923 return rc; 2924 } 2925 2926 return 0; 2927 } 2928 2929 static int role_write(void *vkey, void *datum, void *ptr) 2930 { 2931 char *key = vkey; 2932 struct role_datum *role = datum; 2933 struct policy_data *pd = ptr; 2934 void *fp = pd->fp; 2935 struct policydb *p = pd->p; 2936 __le32 buf[3]; 2937 size_t items, len; 2938 int rc; 2939 2940 len = strlen(key); 2941 items = 0; 2942 buf[items++] = cpu_to_le32(len); 2943 buf[items++] = cpu_to_le32(role->value); 2944 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2945 buf[items++] = cpu_to_le32(role->bounds); 2946 2947 BUG_ON(items > ARRAY_SIZE(buf)); 2948 2949 rc = put_entry(buf, sizeof(u32), items, fp); 2950 if (rc) 2951 return rc; 2952 2953 rc = put_entry(key, 1, len, fp); 2954 if (rc) 2955 return rc; 2956 2957 rc = ebitmap_write(&role->dominates, fp); 2958 if (rc) 2959 return rc; 2960 2961 rc = ebitmap_write(&role->types, fp); 2962 if (rc) 2963 return rc; 2964 2965 return 0; 2966 } 2967 2968 static int type_write(void *vkey, void *datum, void *ptr) 2969 { 2970 char *key = vkey; 2971 struct type_datum *typdatum = datum; 2972 struct policy_data *pd = ptr; 2973 struct policydb *p = pd->p; 2974 void *fp = pd->fp; 2975 __le32 buf[4]; 2976 int rc; 2977 size_t items, len; 2978 2979 len = strlen(key); 2980 items = 0; 2981 buf[items++] = cpu_to_le32(len); 2982 buf[items++] = cpu_to_le32(typdatum->value); 2983 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2984 u32 properties = 0; 2985 2986 if (typdatum->primary) 2987 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2988 2989 if (typdatum->attribute) 2990 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2991 2992 buf[items++] = cpu_to_le32(properties); 2993 buf[items++] = cpu_to_le32(typdatum->bounds); 2994 } else { 2995 buf[items++] = cpu_to_le32(typdatum->primary); 2996 } 2997 BUG_ON(items > ARRAY_SIZE(buf)); 2998 rc = put_entry(buf, sizeof(u32), items, fp); 2999 if (rc) 3000 return rc; 3001 3002 rc = put_entry(key, 1, len, fp); 3003 if (rc) 3004 return rc; 3005 3006 return 0; 3007 } 3008 3009 static int user_write(void *vkey, void *datum, void *ptr) 3010 { 3011 char *key = vkey; 3012 struct user_datum *usrdatum = datum; 3013 struct policy_data *pd = ptr; 3014 struct policydb *p = pd->p; 3015 void *fp = pd->fp; 3016 __le32 buf[3]; 3017 size_t items, len; 3018 int rc; 3019 3020 len = strlen(key); 3021 items = 0; 3022 buf[items++] = cpu_to_le32(len); 3023 buf[items++] = cpu_to_le32(usrdatum->value); 3024 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3025 buf[items++] = cpu_to_le32(usrdatum->bounds); 3026 BUG_ON(items > ARRAY_SIZE(buf)); 3027 rc = put_entry(buf, sizeof(u32), items, fp); 3028 if (rc) 3029 return rc; 3030 3031 rc = put_entry(key, 1, len, fp); 3032 if (rc) 3033 return rc; 3034 3035 rc = ebitmap_write(&usrdatum->roles, fp); 3036 if (rc) 3037 return rc; 3038 3039 rc = mls_write_range_helper(&usrdatum->range, fp); 3040 if (rc) 3041 return rc; 3042 3043 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3044 if (rc) 3045 return rc; 3046 3047 return 0; 3048 } 3049 3050 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3051 void *datap) = 3052 { 3053 common_write, 3054 class_write, 3055 role_write, 3056 type_write, 3057 user_write, 3058 cond_write_bool, 3059 sens_write, 3060 cat_write, 3061 }; 3062 3063 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3064 void *fp) 3065 { 3066 unsigned int i, j, rc; 3067 size_t nel, len; 3068 __le32 buf[3]; 3069 u32 nodebuf[8]; 3070 struct ocontext *c; 3071 for (i = 0; i < info->ocon_num; i++) { 3072 nel = 0; 3073 for (c = p->ocontexts[i]; c; c = c->next) 3074 nel++; 3075 buf[0] = cpu_to_le32(nel); 3076 rc = put_entry(buf, sizeof(u32), 1, fp); 3077 if (rc) 3078 return rc; 3079 for (c = p->ocontexts[i]; c; c = c->next) { 3080 switch (i) { 3081 case OCON_ISID: 3082 buf[0] = cpu_to_le32(c->sid[0]); 3083 rc = put_entry(buf, sizeof(u32), 1, fp); 3084 if (rc) 3085 return rc; 3086 rc = context_write(p, &c->context[0], fp); 3087 if (rc) 3088 return rc; 3089 break; 3090 case OCON_FS: 3091 case OCON_NETIF: 3092 len = strlen(c->u.name); 3093 buf[0] = cpu_to_le32(len); 3094 rc = put_entry(buf, sizeof(u32), 1, fp); 3095 if (rc) 3096 return rc; 3097 rc = put_entry(c->u.name, 1, len, fp); 3098 if (rc) 3099 return rc; 3100 rc = context_write(p, &c->context[0], fp); 3101 if (rc) 3102 return rc; 3103 rc = context_write(p, &c->context[1], fp); 3104 if (rc) 3105 return rc; 3106 break; 3107 case OCON_PORT: 3108 buf[0] = cpu_to_le32(c->u.port.protocol); 3109 buf[1] = cpu_to_le32(c->u.port.low_port); 3110 buf[2] = cpu_to_le32(c->u.port.high_port); 3111 rc = put_entry(buf, sizeof(u32), 3, fp); 3112 if (rc) 3113 return rc; 3114 rc = context_write(p, &c->context[0], fp); 3115 if (rc) 3116 return rc; 3117 break; 3118 case OCON_NODE: 3119 nodebuf[0] = c->u.node.addr; /* network order */ 3120 nodebuf[1] = c->u.node.mask; /* network order */ 3121 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3122 if (rc) 3123 return rc; 3124 rc = context_write(p, &c->context[0], fp); 3125 if (rc) 3126 return rc; 3127 break; 3128 case OCON_FSUSE: 3129 buf[0] = cpu_to_le32(c->v.behavior); 3130 len = strlen(c->u.name); 3131 buf[1] = cpu_to_le32(len); 3132 rc = put_entry(buf, sizeof(u32), 2, fp); 3133 if (rc) 3134 return rc; 3135 rc = put_entry(c->u.name, 1, len, fp); 3136 if (rc) 3137 return rc; 3138 rc = context_write(p, &c->context[0], fp); 3139 if (rc) 3140 return rc; 3141 break; 3142 case OCON_NODE6: 3143 for (j = 0; j < 4; j++) 3144 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3145 for (j = 0; j < 4; j++) 3146 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3147 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3148 if (rc) 3149 return rc; 3150 rc = context_write(p, &c->context[0], fp); 3151 if (rc) 3152 return rc; 3153 break; 3154 } 3155 } 3156 } 3157 return 0; 3158 } 3159 3160 static int genfs_write(struct policydb *p, void *fp) 3161 { 3162 struct genfs *genfs; 3163 struct ocontext *c; 3164 size_t len; 3165 __le32 buf[1]; 3166 int rc; 3167 3168 len = 0; 3169 for (genfs = p->genfs; genfs; genfs = genfs->next) 3170 len++; 3171 buf[0] = cpu_to_le32(len); 3172 rc = put_entry(buf, sizeof(u32), 1, fp); 3173 if (rc) 3174 return rc; 3175 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3176 len = strlen(genfs->fstype); 3177 buf[0] = cpu_to_le32(len); 3178 rc = put_entry(buf, sizeof(u32), 1, fp); 3179 if (rc) 3180 return rc; 3181 rc = put_entry(genfs->fstype, 1, len, fp); 3182 if (rc) 3183 return rc; 3184 len = 0; 3185 for (c = genfs->head; c; c = c->next) 3186 len++; 3187 buf[0] = cpu_to_le32(len); 3188 rc = put_entry(buf, sizeof(u32), 1, fp); 3189 if (rc) 3190 return rc; 3191 for (c = genfs->head; c; c = c->next) { 3192 len = strlen(c->u.name); 3193 buf[0] = cpu_to_le32(len); 3194 rc = put_entry(buf, sizeof(u32), 1, fp); 3195 if (rc) 3196 return rc; 3197 rc = put_entry(c->u.name, 1, len, fp); 3198 if (rc) 3199 return rc; 3200 buf[0] = cpu_to_le32(c->v.sclass); 3201 rc = put_entry(buf, sizeof(u32), 1, fp); 3202 if (rc) 3203 return rc; 3204 rc = context_write(p, &c->context[0], fp); 3205 if (rc) 3206 return rc; 3207 } 3208 } 3209 return 0; 3210 } 3211 3212 static int hashtab_cnt(void *key, void *data, void *ptr) 3213 { 3214 int *cnt = ptr; 3215 *cnt = *cnt + 1; 3216 3217 return 0; 3218 } 3219 3220 static int range_write_helper(void *key, void *data, void *ptr) 3221 { 3222 __le32 buf[2]; 3223 struct range_trans *rt = key; 3224 struct mls_range *r = data; 3225 struct policy_data *pd = ptr; 3226 void *fp = pd->fp; 3227 struct policydb *p = pd->p; 3228 int rc; 3229 3230 buf[0] = cpu_to_le32(rt->source_type); 3231 buf[1] = cpu_to_le32(rt->target_type); 3232 rc = put_entry(buf, sizeof(u32), 2, fp); 3233 if (rc) 3234 return rc; 3235 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3236 buf[0] = cpu_to_le32(rt->target_class); 3237 rc = put_entry(buf, sizeof(u32), 1, fp); 3238 if (rc) 3239 return rc; 3240 } 3241 rc = mls_write_range_helper(r, fp); 3242 if (rc) 3243 return rc; 3244 3245 return 0; 3246 } 3247 3248 static int range_write(struct policydb *p, void *fp) 3249 { 3250 __le32 buf[1]; 3251 int rc, nel; 3252 struct policy_data pd; 3253 3254 pd.p = p; 3255 pd.fp = fp; 3256 3257 /* count the number of entries in the hashtab */ 3258 nel = 0; 3259 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3260 if (rc) 3261 return rc; 3262 3263 buf[0] = cpu_to_le32(nel); 3264 rc = put_entry(buf, sizeof(u32), 1, fp); 3265 if (rc) 3266 return rc; 3267 3268 /* actually write all of the entries */ 3269 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3270 if (rc) 3271 return rc; 3272 3273 return 0; 3274 } 3275 3276 static int filename_write_helper(void *key, void *data, void *ptr) 3277 { 3278 __le32 buf[4]; 3279 struct filename_trans *ft = key; 3280 struct filename_trans_datum *otype = data; 3281 void *fp = ptr; 3282 int rc; 3283 u32 len; 3284 3285 len = strlen(ft->name); 3286 buf[0] = cpu_to_le32(len); 3287 rc = put_entry(buf, sizeof(u32), 1, fp); 3288 if (rc) 3289 return rc; 3290 3291 rc = put_entry(ft->name, sizeof(char), len, fp); 3292 if (rc) 3293 return rc; 3294 3295 buf[0] = cpu_to_le32(ft->stype); 3296 buf[1] = cpu_to_le32(ft->ttype); 3297 buf[2] = cpu_to_le32(ft->tclass); 3298 buf[3] = cpu_to_le32(otype->otype); 3299 3300 rc = put_entry(buf, sizeof(u32), 4, fp); 3301 if (rc) 3302 return rc; 3303 3304 return 0; 3305 } 3306 3307 static int filename_trans_write(struct policydb *p, void *fp) 3308 { 3309 u32 nel; 3310 __le32 buf[1]; 3311 int rc; 3312 3313 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3314 return 0; 3315 3316 nel = 0; 3317 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3318 if (rc) 3319 return rc; 3320 3321 buf[0] = cpu_to_le32(nel); 3322 rc = put_entry(buf, sizeof(u32), 1, fp); 3323 if (rc) 3324 return rc; 3325 3326 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3327 if (rc) 3328 return rc; 3329 3330 return 0; 3331 } 3332 3333 /* 3334 * Write the configuration data in a policy database 3335 * structure to a policy database binary representation 3336 * file. 3337 */ 3338 int policydb_write(struct policydb *p, void *fp) 3339 { 3340 unsigned int i, num_syms; 3341 int rc; 3342 __le32 buf[4]; 3343 u32 config; 3344 size_t len; 3345 struct policydb_compat_info *info; 3346 3347 /* 3348 * refuse to write policy older than compressed avtab 3349 * to simplify the writer. There are other tests dropped 3350 * since we assume this throughout the writer code. Be 3351 * careful if you ever try to remove this restriction 3352 */ 3353 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3354 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3355 " Because it is less than version %d\n", p->policyvers, 3356 POLICYDB_VERSION_AVTAB); 3357 return -EINVAL; 3358 } 3359 3360 config = 0; 3361 if (p->mls_enabled) 3362 config |= POLICYDB_CONFIG_MLS; 3363 3364 if (p->reject_unknown) 3365 config |= REJECT_UNKNOWN; 3366 if (p->allow_unknown) 3367 config |= ALLOW_UNKNOWN; 3368 3369 /* Write the magic number and string identifiers. */ 3370 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3371 len = strlen(POLICYDB_STRING); 3372 buf[1] = cpu_to_le32(len); 3373 rc = put_entry(buf, sizeof(u32), 2, fp); 3374 if (rc) 3375 return rc; 3376 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3377 if (rc) 3378 return rc; 3379 3380 /* Write the version, config, and table sizes. */ 3381 info = policydb_lookup_compat(p->policyvers); 3382 if (!info) { 3383 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3384 "version %d", p->policyvers); 3385 return -EINVAL; 3386 } 3387 3388 buf[0] = cpu_to_le32(p->policyvers); 3389 buf[1] = cpu_to_le32(config); 3390 buf[2] = cpu_to_le32(info->sym_num); 3391 buf[3] = cpu_to_le32(info->ocon_num); 3392 3393 rc = put_entry(buf, sizeof(u32), 4, fp); 3394 if (rc) 3395 return rc; 3396 3397 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3398 rc = ebitmap_write(&p->policycaps, fp); 3399 if (rc) 3400 return rc; 3401 } 3402 3403 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3404 rc = ebitmap_write(&p->permissive_map, fp); 3405 if (rc) 3406 return rc; 3407 } 3408 3409 num_syms = info->sym_num; 3410 for (i = 0; i < num_syms; i++) { 3411 struct policy_data pd; 3412 3413 pd.fp = fp; 3414 pd.p = p; 3415 3416 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3417 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3418 3419 rc = put_entry(buf, sizeof(u32), 2, fp); 3420 if (rc) 3421 return rc; 3422 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3423 if (rc) 3424 return rc; 3425 } 3426 3427 rc = avtab_write(p, &p->te_avtab, fp); 3428 if (rc) 3429 return rc; 3430 3431 rc = cond_write_list(p, p->cond_list, fp); 3432 if (rc) 3433 return rc; 3434 3435 rc = role_trans_write(p, fp); 3436 if (rc) 3437 return rc; 3438 3439 rc = role_allow_write(p->role_allow, fp); 3440 if (rc) 3441 return rc; 3442 3443 rc = filename_trans_write(p, fp); 3444 if (rc) 3445 return rc; 3446 3447 rc = ocontext_write(p, info, fp); 3448 if (rc) 3449 return rc; 3450 3451 rc = genfs_write(p, fp); 3452 if (rc) 3453 return rc; 3454 3455 rc = range_write(p, fp); 3456 if (rc) 3457 return rc; 3458 3459 for (i = 0; i < p->p_types.nprim; i++) { 3460 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3461 3462 BUG_ON(!e); 3463 rc = ebitmap_write(e, fp); 3464 if (rc) 3465 return rc; 3466 } 3467 3468 return 0; 3469 } 3470