1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul.moore@hp.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 39 #define _DEBUG_HASHES 40 41 #ifdef DEBUG_HASHES 42 static char *symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 #endif 53 54 int selinux_mls_enabled; 55 56 static unsigned int symtab_sizes[SYM_NUM] = { 57 2, 58 32, 59 16, 60 512, 61 128, 62 16, 63 16, 64 16, 65 }; 66 67 struct policydb_compat_info { 68 int version; 69 int sym_num; 70 int ocon_num; 71 }; 72 73 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 74 static struct policydb_compat_info policydb_compat[] = { 75 { 76 .version = POLICYDB_VERSION_BASE, 77 .sym_num = SYM_NUM - 3, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_BOOL, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 1, 84 }, 85 { 86 .version = POLICYDB_VERSION_IPV6, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_NLCLASS, 92 .sym_num = SYM_NUM - 2, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_MLS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_AVTAB, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 { 106 .version = POLICYDB_VERSION_RANGETRANS, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM, 109 }, 110 { 111 .version = POLICYDB_VERSION_POLCAP, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM, 114 }, 115 { 116 .version = POLICYDB_VERSION_PERMISSIVE, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM, 119 } 120 }; 121 122 static struct policydb_compat_info *policydb_lookup_compat(int version) 123 { 124 int i; 125 struct policydb_compat_info *info = NULL; 126 127 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 128 if (policydb_compat[i].version == version) { 129 info = &policydb_compat[i]; 130 break; 131 } 132 } 133 return info; 134 } 135 136 /* 137 * Initialize the role table. 138 */ 139 static int roles_init(struct policydb *p) 140 { 141 char *key = NULL; 142 int rc; 143 struct role_datum *role; 144 145 role = kzalloc(sizeof(*role), GFP_KERNEL); 146 if (!role) { 147 rc = -ENOMEM; 148 goto out; 149 } 150 role->value = ++p->p_roles.nprim; 151 if (role->value != OBJECT_R_VAL) { 152 rc = -EINVAL; 153 goto out_free_role; 154 } 155 key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); 156 if (!key) { 157 rc = -ENOMEM; 158 goto out_free_role; 159 } 160 strcpy(key, OBJECT_R); 161 rc = hashtab_insert(p->p_roles.table, key, role); 162 if (rc) 163 goto out_free_key; 164 out: 165 return rc; 166 167 out_free_key: 168 kfree(key); 169 out_free_role: 170 kfree(role); 171 goto out; 172 } 173 174 /* 175 * Initialize a policy database structure. 176 */ 177 static int policydb_init(struct policydb *p) 178 { 179 int i, rc; 180 181 memset(p, 0, sizeof(*p)); 182 183 for (i = 0; i < SYM_NUM; i++) { 184 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 185 if (rc) 186 goto out_free_symtab; 187 } 188 189 rc = avtab_init(&p->te_avtab); 190 if (rc) 191 goto out_free_symtab; 192 193 rc = roles_init(p); 194 if (rc) 195 goto out_free_symtab; 196 197 rc = cond_policydb_init(p); 198 if (rc) 199 goto out_free_symtab; 200 201 ebitmap_init(&p->policycaps); 202 ebitmap_init(&p->permissive_map); 203 204 out: 205 return rc; 206 207 out_free_symtab: 208 for (i = 0; i < SYM_NUM; i++) 209 hashtab_destroy(p->symtab[i].table); 210 goto out; 211 } 212 213 /* 214 * The following *_index functions are used to 215 * define the val_to_name and val_to_struct arrays 216 * in a policy database structure. The val_to_name 217 * arrays are used when converting security context 218 * structures into string representations. The 219 * val_to_struct arrays are used when the attributes 220 * of a class, role, or user are needed. 221 */ 222 223 static int common_index(void *key, void *datum, void *datap) 224 { 225 struct policydb *p; 226 struct common_datum *comdatum; 227 228 comdatum = datum; 229 p = datap; 230 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 231 return -EINVAL; 232 p->p_common_val_to_name[comdatum->value - 1] = key; 233 return 0; 234 } 235 236 static int class_index(void *key, void *datum, void *datap) 237 { 238 struct policydb *p; 239 struct class_datum *cladatum; 240 241 cladatum = datum; 242 p = datap; 243 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 244 return -EINVAL; 245 p->p_class_val_to_name[cladatum->value - 1] = key; 246 p->class_val_to_struct[cladatum->value - 1] = cladatum; 247 return 0; 248 } 249 250 static int role_index(void *key, void *datum, void *datap) 251 { 252 struct policydb *p; 253 struct role_datum *role; 254 255 role = datum; 256 p = datap; 257 if (!role->value || role->value > p->p_roles.nprim) 258 return -EINVAL; 259 p->p_role_val_to_name[role->value - 1] = key; 260 p->role_val_to_struct[role->value - 1] = role; 261 return 0; 262 } 263 264 static int type_index(void *key, void *datum, void *datap) 265 { 266 struct policydb *p; 267 struct type_datum *typdatum; 268 269 typdatum = datum; 270 p = datap; 271 272 if (typdatum->primary) { 273 if (!typdatum->value || typdatum->value > p->p_types.nprim) 274 return -EINVAL; 275 p->p_type_val_to_name[typdatum->value - 1] = key; 276 } 277 278 return 0; 279 } 280 281 static int user_index(void *key, void *datum, void *datap) 282 { 283 struct policydb *p; 284 struct user_datum *usrdatum; 285 286 usrdatum = datum; 287 p = datap; 288 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 289 return -EINVAL; 290 p->p_user_val_to_name[usrdatum->value - 1] = key; 291 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 292 return 0; 293 } 294 295 static int sens_index(void *key, void *datum, void *datap) 296 { 297 struct policydb *p; 298 struct level_datum *levdatum; 299 300 levdatum = datum; 301 p = datap; 302 303 if (!levdatum->isalias) { 304 if (!levdatum->level->sens || 305 levdatum->level->sens > p->p_levels.nprim) 306 return -EINVAL; 307 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 308 } 309 310 return 0; 311 } 312 313 static int cat_index(void *key, void *datum, void *datap) 314 { 315 struct policydb *p; 316 struct cat_datum *catdatum; 317 318 catdatum = datum; 319 p = datap; 320 321 if (!catdatum->isalias) { 322 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 323 return -EINVAL; 324 p->p_cat_val_to_name[catdatum->value - 1] = key; 325 } 326 327 return 0; 328 } 329 330 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 331 { 332 common_index, 333 class_index, 334 role_index, 335 type_index, 336 user_index, 337 cond_index_bool, 338 sens_index, 339 cat_index, 340 }; 341 342 /* 343 * Define the common val_to_name array and the class 344 * val_to_name and val_to_struct arrays in a policy 345 * database structure. 346 * 347 * Caller must clean up upon failure. 348 */ 349 static int policydb_index_classes(struct policydb *p) 350 { 351 int rc; 352 353 p->p_common_val_to_name = 354 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 355 if (!p->p_common_val_to_name) { 356 rc = -ENOMEM; 357 goto out; 358 } 359 360 rc = hashtab_map(p->p_commons.table, common_index, p); 361 if (rc) 362 goto out; 363 364 p->class_val_to_struct = 365 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 366 if (!p->class_val_to_struct) { 367 rc = -ENOMEM; 368 goto out; 369 } 370 371 p->p_class_val_to_name = 372 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 373 if (!p->p_class_val_to_name) { 374 rc = -ENOMEM; 375 goto out; 376 } 377 378 rc = hashtab_map(p->p_classes.table, class_index, p); 379 out: 380 return rc; 381 } 382 383 #ifdef DEBUG_HASHES 384 static void symtab_hash_eval(struct symtab *s) 385 { 386 int i; 387 388 for (i = 0; i < SYM_NUM; i++) { 389 struct hashtab *h = s[i].table; 390 struct hashtab_info info; 391 392 hashtab_stat(h, &info); 393 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 394 "longest chain length %d\n", symtab_name[i], h->nel, 395 info.slots_used, h->size, info.max_chain_len); 396 } 397 } 398 #endif 399 400 /* 401 * Define the other val_to_name and val_to_struct arrays 402 * in a policy database structure. 403 * 404 * Caller must clean up on failure. 405 */ 406 static int policydb_index_others(struct policydb *p) 407 { 408 int i, rc = 0; 409 410 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 411 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 412 if (selinux_mls_enabled) 413 printk(", %d sens, %d cats", p->p_levels.nprim, 414 p->p_cats.nprim); 415 printk("\n"); 416 417 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 418 p->p_classes.nprim, p->te_avtab.nel); 419 420 #ifdef DEBUG_HASHES 421 avtab_hash_eval(&p->te_avtab, "rules"); 422 symtab_hash_eval(p->symtab); 423 #endif 424 425 p->role_val_to_struct = 426 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 427 GFP_KERNEL); 428 if (!p->role_val_to_struct) { 429 rc = -ENOMEM; 430 goto out; 431 } 432 433 p->user_val_to_struct = 434 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 435 GFP_KERNEL); 436 if (!p->user_val_to_struct) { 437 rc = -ENOMEM; 438 goto out; 439 } 440 441 if (cond_init_bool_indexes(p)) { 442 rc = -ENOMEM; 443 goto out; 444 } 445 446 for (i = SYM_ROLES; i < SYM_NUM; i++) { 447 p->sym_val_to_name[i] = 448 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 449 if (!p->sym_val_to_name[i]) { 450 rc = -ENOMEM; 451 goto out; 452 } 453 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 454 if (rc) 455 goto out; 456 } 457 458 out: 459 return rc; 460 } 461 462 /* 463 * The following *_destroy functions are used to 464 * free any memory allocated for each kind of 465 * symbol data in the policy database. 466 */ 467 468 static int perm_destroy(void *key, void *datum, void *p) 469 { 470 kfree(key); 471 kfree(datum); 472 return 0; 473 } 474 475 static int common_destroy(void *key, void *datum, void *p) 476 { 477 struct common_datum *comdatum; 478 479 kfree(key); 480 comdatum = datum; 481 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 482 hashtab_destroy(comdatum->permissions.table); 483 kfree(datum); 484 return 0; 485 } 486 487 static int cls_destroy(void *key, void *datum, void *p) 488 { 489 struct class_datum *cladatum; 490 struct constraint_node *constraint, *ctemp; 491 struct constraint_expr *e, *etmp; 492 493 kfree(key); 494 cladatum = datum; 495 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 496 hashtab_destroy(cladatum->permissions.table); 497 constraint = cladatum->constraints; 498 while (constraint) { 499 e = constraint->expr; 500 while (e) { 501 ebitmap_destroy(&e->names); 502 etmp = e; 503 e = e->next; 504 kfree(etmp); 505 } 506 ctemp = constraint; 507 constraint = constraint->next; 508 kfree(ctemp); 509 } 510 511 constraint = cladatum->validatetrans; 512 while (constraint) { 513 e = constraint->expr; 514 while (e) { 515 ebitmap_destroy(&e->names); 516 etmp = e; 517 e = e->next; 518 kfree(etmp); 519 } 520 ctemp = constraint; 521 constraint = constraint->next; 522 kfree(ctemp); 523 } 524 525 kfree(cladatum->comkey); 526 kfree(datum); 527 return 0; 528 } 529 530 static int role_destroy(void *key, void *datum, void *p) 531 { 532 struct role_datum *role; 533 534 kfree(key); 535 role = datum; 536 ebitmap_destroy(&role->dominates); 537 ebitmap_destroy(&role->types); 538 kfree(datum); 539 return 0; 540 } 541 542 static int type_destroy(void *key, void *datum, void *p) 543 { 544 kfree(key); 545 kfree(datum); 546 return 0; 547 } 548 549 static int user_destroy(void *key, void *datum, void *p) 550 { 551 struct user_datum *usrdatum; 552 553 kfree(key); 554 usrdatum = datum; 555 ebitmap_destroy(&usrdatum->roles); 556 ebitmap_destroy(&usrdatum->range.level[0].cat); 557 ebitmap_destroy(&usrdatum->range.level[1].cat); 558 ebitmap_destroy(&usrdatum->dfltlevel.cat); 559 kfree(datum); 560 return 0; 561 } 562 563 static int sens_destroy(void *key, void *datum, void *p) 564 { 565 struct level_datum *levdatum; 566 567 kfree(key); 568 levdatum = datum; 569 ebitmap_destroy(&levdatum->level->cat); 570 kfree(levdatum->level); 571 kfree(datum); 572 return 0; 573 } 574 575 static int cat_destroy(void *key, void *datum, void *p) 576 { 577 kfree(key); 578 kfree(datum); 579 return 0; 580 } 581 582 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 583 { 584 common_destroy, 585 cls_destroy, 586 role_destroy, 587 type_destroy, 588 user_destroy, 589 cond_destroy_bool, 590 sens_destroy, 591 cat_destroy, 592 }; 593 594 static void ocontext_destroy(struct ocontext *c, int i) 595 { 596 context_destroy(&c->context[0]); 597 context_destroy(&c->context[1]); 598 if (i == OCON_ISID || i == OCON_FS || 599 i == OCON_NETIF || i == OCON_FSUSE) 600 kfree(c->u.name); 601 kfree(c); 602 } 603 604 /* 605 * Free any memory allocated by a policy database structure. 606 */ 607 void policydb_destroy(struct policydb *p) 608 { 609 struct ocontext *c, *ctmp; 610 struct genfs *g, *gtmp; 611 int i; 612 struct role_allow *ra, *lra = NULL; 613 struct role_trans *tr, *ltr = NULL; 614 struct range_trans *rt, *lrt = NULL; 615 616 for (i = 0; i < SYM_NUM; i++) { 617 cond_resched(); 618 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 619 hashtab_destroy(p->symtab[i].table); 620 } 621 622 for (i = 0; i < SYM_NUM; i++) 623 kfree(p->sym_val_to_name[i]); 624 625 kfree(p->class_val_to_struct); 626 kfree(p->role_val_to_struct); 627 kfree(p->user_val_to_struct); 628 629 avtab_destroy(&p->te_avtab); 630 631 for (i = 0; i < OCON_NUM; i++) { 632 cond_resched(); 633 c = p->ocontexts[i]; 634 while (c) { 635 ctmp = c; 636 c = c->next; 637 ocontext_destroy(ctmp, i); 638 } 639 p->ocontexts[i] = NULL; 640 } 641 642 g = p->genfs; 643 while (g) { 644 cond_resched(); 645 kfree(g->fstype); 646 c = g->head; 647 while (c) { 648 ctmp = c; 649 c = c->next; 650 ocontext_destroy(ctmp, OCON_FSUSE); 651 } 652 gtmp = g; 653 g = g->next; 654 kfree(gtmp); 655 } 656 p->genfs = NULL; 657 658 cond_policydb_destroy(p); 659 660 for (tr = p->role_tr; tr; tr = tr->next) { 661 cond_resched(); 662 kfree(ltr); 663 ltr = tr; 664 } 665 kfree(ltr); 666 667 for (ra = p->role_allow; ra; ra = ra->next) { 668 cond_resched(); 669 kfree(lra); 670 lra = ra; 671 } 672 kfree(lra); 673 674 for (rt = p->range_tr; rt; rt = rt->next) { 675 cond_resched(); 676 if (lrt) { 677 ebitmap_destroy(&lrt->target_range.level[0].cat); 678 ebitmap_destroy(&lrt->target_range.level[1].cat); 679 kfree(lrt); 680 } 681 lrt = rt; 682 } 683 if (lrt) { 684 ebitmap_destroy(&lrt->target_range.level[0].cat); 685 ebitmap_destroy(&lrt->target_range.level[1].cat); 686 kfree(lrt); 687 } 688 689 if (p->type_attr_map) { 690 for (i = 0; i < p->p_types.nprim; i++) 691 ebitmap_destroy(&p->type_attr_map[i]); 692 } 693 kfree(p->type_attr_map); 694 kfree(p->undefined_perms); 695 ebitmap_destroy(&p->policycaps); 696 ebitmap_destroy(&p->permissive_map); 697 698 return; 699 } 700 701 /* 702 * Load the initial SIDs specified in a policy database 703 * structure into a SID table. 704 */ 705 int policydb_load_isids(struct policydb *p, struct sidtab *s) 706 { 707 struct ocontext *head, *c; 708 int rc; 709 710 rc = sidtab_init(s); 711 if (rc) { 712 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 713 goto out; 714 } 715 716 head = p->ocontexts[OCON_ISID]; 717 for (c = head; c; c = c->next) { 718 if (!c->context[0].user) { 719 printk(KERN_ERR "SELinux: SID %s was never " 720 "defined.\n", c->u.name); 721 rc = -EINVAL; 722 goto out; 723 } 724 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 725 printk(KERN_ERR "SELinux: unable to load initial " 726 "SID %s.\n", c->u.name); 727 rc = -EINVAL; 728 goto out; 729 } 730 } 731 out: 732 return rc; 733 } 734 735 int policydb_class_isvalid(struct policydb *p, unsigned int class) 736 { 737 if (!class || class > p->p_classes.nprim) 738 return 0; 739 return 1; 740 } 741 742 int policydb_role_isvalid(struct policydb *p, unsigned int role) 743 { 744 if (!role || role > p->p_roles.nprim) 745 return 0; 746 return 1; 747 } 748 749 int policydb_type_isvalid(struct policydb *p, unsigned int type) 750 { 751 if (!type || type > p->p_types.nprim) 752 return 0; 753 return 1; 754 } 755 756 /* 757 * Return 1 if the fields in the security context 758 * structure `c' are valid. Return 0 otherwise. 759 */ 760 int policydb_context_isvalid(struct policydb *p, struct context *c) 761 { 762 struct role_datum *role; 763 struct user_datum *usrdatum; 764 765 if (!c->role || c->role > p->p_roles.nprim) 766 return 0; 767 768 if (!c->user || c->user > p->p_users.nprim) 769 return 0; 770 771 if (!c->type || c->type > p->p_types.nprim) 772 return 0; 773 774 if (c->role != OBJECT_R_VAL) { 775 /* 776 * Role must be authorized for the type. 777 */ 778 role = p->role_val_to_struct[c->role - 1]; 779 if (!ebitmap_get_bit(&role->types, 780 c->type - 1)) 781 /* role may not be associated with type */ 782 return 0; 783 784 /* 785 * User must be authorized for the role. 786 */ 787 usrdatum = p->user_val_to_struct[c->user - 1]; 788 if (!usrdatum) 789 return 0; 790 791 if (!ebitmap_get_bit(&usrdatum->roles, 792 c->role - 1)) 793 /* user may not be associated with role */ 794 return 0; 795 } 796 797 if (!mls_context_isvalid(p, c)) 798 return 0; 799 800 return 1; 801 } 802 803 /* 804 * Read a MLS range structure from a policydb binary 805 * representation file. 806 */ 807 static int mls_read_range_helper(struct mls_range *r, void *fp) 808 { 809 __le32 buf[2]; 810 u32 items; 811 int rc; 812 813 rc = next_entry(buf, fp, sizeof(u32)); 814 if (rc < 0) 815 goto out; 816 817 items = le32_to_cpu(buf[0]); 818 if (items > ARRAY_SIZE(buf)) { 819 printk(KERN_ERR "SELinux: mls: range overflow\n"); 820 rc = -EINVAL; 821 goto out; 822 } 823 rc = next_entry(buf, fp, sizeof(u32) * items); 824 if (rc < 0) { 825 printk(KERN_ERR "SELinux: mls: truncated range\n"); 826 goto out; 827 } 828 r->level[0].sens = le32_to_cpu(buf[0]); 829 if (items > 1) 830 r->level[1].sens = le32_to_cpu(buf[1]); 831 else 832 r->level[1].sens = r->level[0].sens; 833 834 rc = ebitmap_read(&r->level[0].cat, fp); 835 if (rc) { 836 printk(KERN_ERR "SELinux: mls: error reading low " 837 "categories\n"); 838 goto out; 839 } 840 if (items > 1) { 841 rc = ebitmap_read(&r->level[1].cat, fp); 842 if (rc) { 843 printk(KERN_ERR "SELinux: mls: error reading high " 844 "categories\n"); 845 goto bad_high; 846 } 847 } else { 848 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 849 if (rc) { 850 printk(KERN_ERR "SELinux: mls: out of memory\n"); 851 goto bad_high; 852 } 853 } 854 855 rc = 0; 856 out: 857 return rc; 858 bad_high: 859 ebitmap_destroy(&r->level[0].cat); 860 goto out; 861 } 862 863 /* 864 * Read and validate a security context structure 865 * from a policydb binary representation file. 866 */ 867 static int context_read_and_validate(struct context *c, 868 struct policydb *p, 869 void *fp) 870 { 871 __le32 buf[3]; 872 int rc; 873 874 rc = next_entry(buf, fp, sizeof buf); 875 if (rc < 0) { 876 printk(KERN_ERR "SELinux: context truncated\n"); 877 goto out; 878 } 879 c->user = le32_to_cpu(buf[0]); 880 c->role = le32_to_cpu(buf[1]); 881 c->type = le32_to_cpu(buf[2]); 882 if (p->policyvers >= POLICYDB_VERSION_MLS) { 883 if (mls_read_range_helper(&c->range, fp)) { 884 printk(KERN_ERR "SELinux: error reading MLS range of " 885 "context\n"); 886 rc = -EINVAL; 887 goto out; 888 } 889 } 890 891 if (!policydb_context_isvalid(p, c)) { 892 printk(KERN_ERR "SELinux: invalid security context\n"); 893 context_destroy(c); 894 rc = -EINVAL; 895 } 896 out: 897 return rc; 898 } 899 900 /* 901 * The following *_read functions are used to 902 * read the symbol data from a policy database 903 * binary representation file. 904 */ 905 906 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 907 { 908 char *key = NULL; 909 struct perm_datum *perdatum; 910 int rc; 911 __le32 buf[2]; 912 u32 len; 913 914 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 915 if (!perdatum) { 916 rc = -ENOMEM; 917 goto out; 918 } 919 920 rc = next_entry(buf, fp, sizeof buf); 921 if (rc < 0) 922 goto bad; 923 924 len = le32_to_cpu(buf[0]); 925 perdatum->value = le32_to_cpu(buf[1]); 926 927 key = kmalloc(len + 1, GFP_KERNEL); 928 if (!key) { 929 rc = -ENOMEM; 930 goto bad; 931 } 932 rc = next_entry(key, fp, len); 933 if (rc < 0) 934 goto bad; 935 key[len] = 0; 936 937 rc = hashtab_insert(h, key, perdatum); 938 if (rc) 939 goto bad; 940 out: 941 return rc; 942 bad: 943 perm_destroy(key, perdatum, NULL); 944 goto out; 945 } 946 947 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 948 { 949 char *key = NULL; 950 struct common_datum *comdatum; 951 __le32 buf[4]; 952 u32 len, nel; 953 int i, rc; 954 955 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 956 if (!comdatum) { 957 rc = -ENOMEM; 958 goto out; 959 } 960 961 rc = next_entry(buf, fp, sizeof buf); 962 if (rc < 0) 963 goto bad; 964 965 len = le32_to_cpu(buf[0]); 966 comdatum->value = le32_to_cpu(buf[1]); 967 968 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 969 if (rc) 970 goto bad; 971 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 972 nel = le32_to_cpu(buf[3]); 973 974 key = kmalloc(len + 1, GFP_KERNEL); 975 if (!key) { 976 rc = -ENOMEM; 977 goto bad; 978 } 979 rc = next_entry(key, fp, len); 980 if (rc < 0) 981 goto bad; 982 key[len] = 0; 983 984 for (i = 0; i < nel; i++) { 985 rc = perm_read(p, comdatum->permissions.table, fp); 986 if (rc) 987 goto bad; 988 } 989 990 rc = hashtab_insert(h, key, comdatum); 991 if (rc) 992 goto bad; 993 out: 994 return rc; 995 bad: 996 common_destroy(key, comdatum, NULL); 997 goto out; 998 } 999 1000 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1001 int allowxtarget, void *fp) 1002 { 1003 struct constraint_node *c, *lc; 1004 struct constraint_expr *e, *le; 1005 __le32 buf[3]; 1006 u32 nexpr; 1007 int rc, i, j, depth; 1008 1009 lc = NULL; 1010 for (i = 0; i < ncons; i++) { 1011 c = kzalloc(sizeof(*c), GFP_KERNEL); 1012 if (!c) 1013 return -ENOMEM; 1014 1015 if (lc) 1016 lc->next = c; 1017 else 1018 *nodep = c; 1019 1020 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1021 if (rc < 0) 1022 return rc; 1023 c->permissions = le32_to_cpu(buf[0]); 1024 nexpr = le32_to_cpu(buf[1]); 1025 le = NULL; 1026 depth = -1; 1027 for (j = 0; j < nexpr; j++) { 1028 e = kzalloc(sizeof(*e), GFP_KERNEL); 1029 if (!e) 1030 return -ENOMEM; 1031 1032 if (le) 1033 le->next = e; 1034 else 1035 c->expr = e; 1036 1037 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1038 if (rc < 0) 1039 return rc; 1040 e->expr_type = le32_to_cpu(buf[0]); 1041 e->attr = le32_to_cpu(buf[1]); 1042 e->op = le32_to_cpu(buf[2]); 1043 1044 switch (e->expr_type) { 1045 case CEXPR_NOT: 1046 if (depth < 0) 1047 return -EINVAL; 1048 break; 1049 case CEXPR_AND: 1050 case CEXPR_OR: 1051 if (depth < 1) 1052 return -EINVAL; 1053 depth--; 1054 break; 1055 case CEXPR_ATTR: 1056 if (depth == (CEXPR_MAXDEPTH - 1)) 1057 return -EINVAL; 1058 depth++; 1059 break; 1060 case CEXPR_NAMES: 1061 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1062 return -EINVAL; 1063 if (depth == (CEXPR_MAXDEPTH - 1)) 1064 return -EINVAL; 1065 depth++; 1066 if (ebitmap_read(&e->names, fp)) 1067 return -EINVAL; 1068 break; 1069 default: 1070 return -EINVAL; 1071 } 1072 le = e; 1073 } 1074 if (depth != 0) 1075 return -EINVAL; 1076 lc = c; 1077 } 1078 1079 return 0; 1080 } 1081 1082 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1083 { 1084 char *key = NULL; 1085 struct class_datum *cladatum; 1086 __le32 buf[6]; 1087 u32 len, len2, ncons, nel; 1088 int i, rc; 1089 1090 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1091 if (!cladatum) { 1092 rc = -ENOMEM; 1093 goto out; 1094 } 1095 1096 rc = next_entry(buf, fp, sizeof(u32)*6); 1097 if (rc < 0) 1098 goto bad; 1099 1100 len = le32_to_cpu(buf[0]); 1101 len2 = le32_to_cpu(buf[1]); 1102 cladatum->value = le32_to_cpu(buf[2]); 1103 1104 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1105 if (rc) 1106 goto bad; 1107 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1108 nel = le32_to_cpu(buf[4]); 1109 1110 ncons = le32_to_cpu(buf[5]); 1111 1112 key = kmalloc(len + 1, GFP_KERNEL); 1113 if (!key) { 1114 rc = -ENOMEM; 1115 goto bad; 1116 } 1117 rc = next_entry(key, fp, len); 1118 if (rc < 0) 1119 goto bad; 1120 key[len] = 0; 1121 1122 if (len2) { 1123 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1124 if (!cladatum->comkey) { 1125 rc = -ENOMEM; 1126 goto bad; 1127 } 1128 rc = next_entry(cladatum->comkey, fp, len2); 1129 if (rc < 0) 1130 goto bad; 1131 cladatum->comkey[len2] = 0; 1132 1133 cladatum->comdatum = hashtab_search(p->p_commons.table, 1134 cladatum->comkey); 1135 if (!cladatum->comdatum) { 1136 printk(KERN_ERR "SELinux: unknown common %s\n", 1137 cladatum->comkey); 1138 rc = -EINVAL; 1139 goto bad; 1140 } 1141 } 1142 for (i = 0; i < nel; i++) { 1143 rc = perm_read(p, cladatum->permissions.table, fp); 1144 if (rc) 1145 goto bad; 1146 } 1147 1148 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1149 if (rc) 1150 goto bad; 1151 1152 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1153 /* grab the validatetrans rules */ 1154 rc = next_entry(buf, fp, sizeof(u32)); 1155 if (rc < 0) 1156 goto bad; 1157 ncons = le32_to_cpu(buf[0]); 1158 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1159 if (rc) 1160 goto bad; 1161 } 1162 1163 rc = hashtab_insert(h, key, cladatum); 1164 if (rc) 1165 goto bad; 1166 1167 rc = 0; 1168 out: 1169 return rc; 1170 bad: 1171 cls_destroy(key, cladatum, NULL); 1172 goto out; 1173 } 1174 1175 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1176 { 1177 char *key = NULL; 1178 struct role_datum *role; 1179 int rc; 1180 __le32 buf[2]; 1181 u32 len; 1182 1183 role = kzalloc(sizeof(*role), GFP_KERNEL); 1184 if (!role) { 1185 rc = -ENOMEM; 1186 goto out; 1187 } 1188 1189 rc = next_entry(buf, fp, sizeof buf); 1190 if (rc < 0) 1191 goto bad; 1192 1193 len = le32_to_cpu(buf[0]); 1194 role->value = le32_to_cpu(buf[1]); 1195 1196 key = kmalloc(len + 1, GFP_KERNEL); 1197 if (!key) { 1198 rc = -ENOMEM; 1199 goto bad; 1200 } 1201 rc = next_entry(key, fp, len); 1202 if (rc < 0) 1203 goto bad; 1204 key[len] = 0; 1205 1206 rc = ebitmap_read(&role->dominates, fp); 1207 if (rc) 1208 goto bad; 1209 1210 rc = ebitmap_read(&role->types, fp); 1211 if (rc) 1212 goto bad; 1213 1214 if (strcmp(key, OBJECT_R) == 0) { 1215 if (role->value != OBJECT_R_VAL) { 1216 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1217 OBJECT_R, role->value); 1218 rc = -EINVAL; 1219 goto bad; 1220 } 1221 rc = 0; 1222 goto bad; 1223 } 1224 1225 rc = hashtab_insert(h, key, role); 1226 if (rc) 1227 goto bad; 1228 out: 1229 return rc; 1230 bad: 1231 role_destroy(key, role, NULL); 1232 goto out; 1233 } 1234 1235 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1236 { 1237 char *key = NULL; 1238 struct type_datum *typdatum; 1239 int rc; 1240 __le32 buf[3]; 1241 u32 len; 1242 1243 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1244 if (!typdatum) { 1245 rc = -ENOMEM; 1246 return rc; 1247 } 1248 1249 rc = next_entry(buf, fp, sizeof buf); 1250 if (rc < 0) 1251 goto bad; 1252 1253 len = le32_to_cpu(buf[0]); 1254 typdatum->value = le32_to_cpu(buf[1]); 1255 typdatum->primary = le32_to_cpu(buf[2]); 1256 1257 key = kmalloc(len + 1, GFP_KERNEL); 1258 if (!key) { 1259 rc = -ENOMEM; 1260 goto bad; 1261 } 1262 rc = next_entry(key, fp, len); 1263 if (rc < 0) 1264 goto bad; 1265 key[len] = 0; 1266 1267 rc = hashtab_insert(h, key, typdatum); 1268 if (rc) 1269 goto bad; 1270 out: 1271 return rc; 1272 bad: 1273 type_destroy(key, typdatum, NULL); 1274 goto out; 1275 } 1276 1277 1278 /* 1279 * Read a MLS level structure from a policydb binary 1280 * representation file. 1281 */ 1282 static int mls_read_level(struct mls_level *lp, void *fp) 1283 { 1284 __le32 buf[1]; 1285 int rc; 1286 1287 memset(lp, 0, sizeof(*lp)); 1288 1289 rc = next_entry(buf, fp, sizeof buf); 1290 if (rc < 0) { 1291 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1292 goto bad; 1293 } 1294 lp->sens = le32_to_cpu(buf[0]); 1295 1296 if (ebitmap_read(&lp->cat, fp)) { 1297 printk(KERN_ERR "SELinux: mls: error reading level " 1298 "categories\n"); 1299 goto bad; 1300 } 1301 1302 return 0; 1303 1304 bad: 1305 return -EINVAL; 1306 } 1307 1308 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1309 { 1310 char *key = NULL; 1311 struct user_datum *usrdatum; 1312 int rc; 1313 __le32 buf[2]; 1314 u32 len; 1315 1316 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1317 if (!usrdatum) { 1318 rc = -ENOMEM; 1319 goto out; 1320 } 1321 1322 rc = next_entry(buf, fp, sizeof buf); 1323 if (rc < 0) 1324 goto bad; 1325 1326 len = le32_to_cpu(buf[0]); 1327 usrdatum->value = le32_to_cpu(buf[1]); 1328 1329 key = kmalloc(len + 1, GFP_KERNEL); 1330 if (!key) { 1331 rc = -ENOMEM; 1332 goto bad; 1333 } 1334 rc = next_entry(key, fp, len); 1335 if (rc < 0) 1336 goto bad; 1337 key[len] = 0; 1338 1339 rc = ebitmap_read(&usrdatum->roles, fp); 1340 if (rc) 1341 goto bad; 1342 1343 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1344 rc = mls_read_range_helper(&usrdatum->range, fp); 1345 if (rc) 1346 goto bad; 1347 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1348 if (rc) 1349 goto bad; 1350 } 1351 1352 rc = hashtab_insert(h, key, usrdatum); 1353 if (rc) 1354 goto bad; 1355 out: 1356 return rc; 1357 bad: 1358 user_destroy(key, usrdatum, NULL); 1359 goto out; 1360 } 1361 1362 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1363 { 1364 char *key = NULL; 1365 struct level_datum *levdatum; 1366 int rc; 1367 __le32 buf[2]; 1368 u32 len; 1369 1370 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1371 if (!levdatum) { 1372 rc = -ENOMEM; 1373 goto out; 1374 } 1375 1376 rc = next_entry(buf, fp, sizeof buf); 1377 if (rc < 0) 1378 goto bad; 1379 1380 len = le32_to_cpu(buf[0]); 1381 levdatum->isalias = le32_to_cpu(buf[1]); 1382 1383 key = kmalloc(len + 1, GFP_ATOMIC); 1384 if (!key) { 1385 rc = -ENOMEM; 1386 goto bad; 1387 } 1388 rc = next_entry(key, fp, len); 1389 if (rc < 0) 1390 goto bad; 1391 key[len] = 0; 1392 1393 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1394 if (!levdatum->level) { 1395 rc = -ENOMEM; 1396 goto bad; 1397 } 1398 if (mls_read_level(levdatum->level, fp)) { 1399 rc = -EINVAL; 1400 goto bad; 1401 } 1402 1403 rc = hashtab_insert(h, key, levdatum); 1404 if (rc) 1405 goto bad; 1406 out: 1407 return rc; 1408 bad: 1409 sens_destroy(key, levdatum, NULL); 1410 goto out; 1411 } 1412 1413 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1414 { 1415 char *key = NULL; 1416 struct cat_datum *catdatum; 1417 int rc; 1418 __le32 buf[3]; 1419 u32 len; 1420 1421 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1422 if (!catdatum) { 1423 rc = -ENOMEM; 1424 goto out; 1425 } 1426 1427 rc = next_entry(buf, fp, sizeof buf); 1428 if (rc < 0) 1429 goto bad; 1430 1431 len = le32_to_cpu(buf[0]); 1432 catdatum->value = le32_to_cpu(buf[1]); 1433 catdatum->isalias = le32_to_cpu(buf[2]); 1434 1435 key = kmalloc(len + 1, GFP_ATOMIC); 1436 if (!key) { 1437 rc = -ENOMEM; 1438 goto bad; 1439 } 1440 rc = next_entry(key, fp, len); 1441 if (rc < 0) 1442 goto bad; 1443 key[len] = 0; 1444 1445 rc = hashtab_insert(h, key, catdatum); 1446 if (rc) 1447 goto bad; 1448 out: 1449 return rc; 1450 1451 bad: 1452 cat_destroy(key, catdatum, NULL); 1453 goto out; 1454 } 1455 1456 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1457 { 1458 common_read, 1459 class_read, 1460 role_read, 1461 type_read, 1462 user_read, 1463 cond_read_bool, 1464 sens_read, 1465 cat_read, 1466 }; 1467 1468 extern int ss_initialized; 1469 1470 /* 1471 * Read the configuration data from a policy database binary 1472 * representation file into a policy database structure. 1473 */ 1474 int policydb_read(struct policydb *p, void *fp) 1475 { 1476 struct role_allow *ra, *lra; 1477 struct role_trans *tr, *ltr; 1478 struct ocontext *l, *c, *newc; 1479 struct genfs *genfs_p, *genfs, *newgenfs; 1480 int i, j, rc; 1481 __le32 buf[4]; 1482 u32 nodebuf[8]; 1483 u32 len, len2, config, nprim, nel, nel2; 1484 char *policydb_str; 1485 struct policydb_compat_info *info; 1486 struct range_trans *rt, *lrt; 1487 1488 config = 0; 1489 1490 rc = policydb_init(p); 1491 if (rc) 1492 goto out; 1493 1494 /* Read the magic number and string length. */ 1495 rc = next_entry(buf, fp, sizeof(u32) * 2); 1496 if (rc < 0) 1497 goto bad; 1498 1499 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1500 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 1501 "not match expected magic number 0x%x\n", 1502 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1503 goto bad; 1504 } 1505 1506 len = le32_to_cpu(buf[1]); 1507 if (len != strlen(POLICYDB_STRING)) { 1508 printk(KERN_ERR "SELinux: policydb string length %d does not " 1509 "match expected length %Zu\n", 1510 len, strlen(POLICYDB_STRING)); 1511 goto bad; 1512 } 1513 policydb_str = kmalloc(len + 1, GFP_KERNEL); 1514 if (!policydb_str) { 1515 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 1516 "string of length %d\n", len); 1517 rc = -ENOMEM; 1518 goto bad; 1519 } 1520 rc = next_entry(policydb_str, fp, len); 1521 if (rc < 0) { 1522 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 1523 kfree(policydb_str); 1524 goto bad; 1525 } 1526 policydb_str[len] = 0; 1527 if (strcmp(policydb_str, POLICYDB_STRING)) { 1528 printk(KERN_ERR "SELinux: policydb string %s does not match " 1529 "my string %s\n", policydb_str, POLICYDB_STRING); 1530 kfree(policydb_str); 1531 goto bad; 1532 } 1533 /* Done with policydb_str. */ 1534 kfree(policydb_str); 1535 policydb_str = NULL; 1536 1537 /* Read the version, config, and table sizes. */ 1538 rc = next_entry(buf, fp, sizeof(u32)*4); 1539 if (rc < 0) 1540 goto bad; 1541 1542 p->policyvers = le32_to_cpu(buf[0]); 1543 if (p->policyvers < POLICYDB_VERSION_MIN || 1544 p->policyvers > POLICYDB_VERSION_MAX) { 1545 printk(KERN_ERR "SELinux: policydb version %d does not match " 1546 "my version range %d-%d\n", 1547 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1548 goto bad; 1549 } 1550 1551 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1552 if (ss_initialized && !selinux_mls_enabled) { 1553 printk(KERN_ERR "SELinux: Cannot switch between non-MLS" 1554 " and MLS policies\n"); 1555 goto bad; 1556 } 1557 selinux_mls_enabled = 1; 1558 config |= POLICYDB_CONFIG_MLS; 1559 1560 if (p->policyvers < POLICYDB_VERSION_MLS) { 1561 printk(KERN_ERR "SELinux: security policydb version %d " 1562 "(MLS) not backwards compatible\n", 1563 p->policyvers); 1564 goto bad; 1565 } 1566 } else { 1567 if (ss_initialized && selinux_mls_enabled) { 1568 printk(KERN_ERR "SELinux: Cannot switch between MLS and" 1569 " non-MLS policies\n"); 1570 goto bad; 1571 } 1572 } 1573 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1574 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1575 1576 if (p->policyvers >= POLICYDB_VERSION_POLCAP && 1577 ebitmap_read(&p->policycaps, fp) != 0) 1578 goto bad; 1579 1580 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 1581 ebitmap_read(&p->permissive_map, fp) != 0) 1582 goto bad; 1583 1584 info = policydb_lookup_compat(p->policyvers); 1585 if (!info) { 1586 printk(KERN_ERR "SELinux: unable to find policy compat info " 1587 "for version %d\n", p->policyvers); 1588 goto bad; 1589 } 1590 1591 if (le32_to_cpu(buf[2]) != info->sym_num || 1592 le32_to_cpu(buf[3]) != info->ocon_num) { 1593 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 1594 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1595 le32_to_cpu(buf[3]), 1596 info->sym_num, info->ocon_num); 1597 goto bad; 1598 } 1599 1600 for (i = 0; i < info->sym_num; i++) { 1601 rc = next_entry(buf, fp, sizeof(u32)*2); 1602 if (rc < 0) 1603 goto bad; 1604 nprim = le32_to_cpu(buf[0]); 1605 nel = le32_to_cpu(buf[1]); 1606 for (j = 0; j < nel; j++) { 1607 rc = read_f[i](p, p->symtab[i].table, fp); 1608 if (rc) 1609 goto bad; 1610 } 1611 1612 p->symtab[i].nprim = nprim; 1613 } 1614 1615 rc = avtab_read(&p->te_avtab, fp, p); 1616 if (rc) 1617 goto bad; 1618 1619 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1620 rc = cond_read_list(p, fp); 1621 if (rc) 1622 goto bad; 1623 } 1624 1625 rc = next_entry(buf, fp, sizeof(u32)); 1626 if (rc < 0) 1627 goto bad; 1628 nel = le32_to_cpu(buf[0]); 1629 ltr = NULL; 1630 for (i = 0; i < nel; i++) { 1631 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1632 if (!tr) { 1633 rc = -ENOMEM; 1634 goto bad; 1635 } 1636 if (ltr) 1637 ltr->next = tr; 1638 else 1639 p->role_tr = tr; 1640 rc = next_entry(buf, fp, sizeof(u32)*3); 1641 if (rc < 0) 1642 goto bad; 1643 tr->role = le32_to_cpu(buf[0]); 1644 tr->type = le32_to_cpu(buf[1]); 1645 tr->new_role = le32_to_cpu(buf[2]); 1646 if (!policydb_role_isvalid(p, tr->role) || 1647 !policydb_type_isvalid(p, tr->type) || 1648 !policydb_role_isvalid(p, tr->new_role)) { 1649 rc = -EINVAL; 1650 goto bad; 1651 } 1652 ltr = tr; 1653 } 1654 1655 rc = next_entry(buf, fp, sizeof(u32)); 1656 if (rc < 0) 1657 goto bad; 1658 nel = le32_to_cpu(buf[0]); 1659 lra = NULL; 1660 for (i = 0; i < nel; i++) { 1661 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1662 if (!ra) { 1663 rc = -ENOMEM; 1664 goto bad; 1665 } 1666 if (lra) 1667 lra->next = ra; 1668 else 1669 p->role_allow = ra; 1670 rc = next_entry(buf, fp, sizeof(u32)*2); 1671 if (rc < 0) 1672 goto bad; 1673 ra->role = le32_to_cpu(buf[0]); 1674 ra->new_role = le32_to_cpu(buf[1]); 1675 if (!policydb_role_isvalid(p, ra->role) || 1676 !policydb_role_isvalid(p, ra->new_role)) { 1677 rc = -EINVAL; 1678 goto bad; 1679 } 1680 lra = ra; 1681 } 1682 1683 rc = policydb_index_classes(p); 1684 if (rc) 1685 goto bad; 1686 1687 rc = policydb_index_others(p); 1688 if (rc) 1689 goto bad; 1690 1691 for (i = 0; i < info->ocon_num; i++) { 1692 rc = next_entry(buf, fp, sizeof(u32)); 1693 if (rc < 0) 1694 goto bad; 1695 nel = le32_to_cpu(buf[0]); 1696 l = NULL; 1697 for (j = 0; j < nel; j++) { 1698 c = kzalloc(sizeof(*c), GFP_KERNEL); 1699 if (!c) { 1700 rc = -ENOMEM; 1701 goto bad; 1702 } 1703 if (l) 1704 l->next = c; 1705 else 1706 p->ocontexts[i] = c; 1707 l = c; 1708 rc = -EINVAL; 1709 switch (i) { 1710 case OCON_ISID: 1711 rc = next_entry(buf, fp, sizeof(u32)); 1712 if (rc < 0) 1713 goto bad; 1714 c->sid[0] = le32_to_cpu(buf[0]); 1715 rc = context_read_and_validate(&c->context[0], p, fp); 1716 if (rc) 1717 goto bad; 1718 break; 1719 case OCON_FS: 1720 case OCON_NETIF: 1721 rc = next_entry(buf, fp, sizeof(u32)); 1722 if (rc < 0) 1723 goto bad; 1724 len = le32_to_cpu(buf[0]); 1725 c->u.name = kmalloc(len + 1, GFP_KERNEL); 1726 if (!c->u.name) { 1727 rc = -ENOMEM; 1728 goto bad; 1729 } 1730 rc = next_entry(c->u.name, fp, len); 1731 if (rc < 0) 1732 goto bad; 1733 c->u.name[len] = 0; 1734 rc = context_read_and_validate(&c->context[0], p, fp); 1735 if (rc) 1736 goto bad; 1737 rc = context_read_and_validate(&c->context[1], p, fp); 1738 if (rc) 1739 goto bad; 1740 break; 1741 case OCON_PORT: 1742 rc = next_entry(buf, fp, sizeof(u32)*3); 1743 if (rc < 0) 1744 goto bad; 1745 c->u.port.protocol = le32_to_cpu(buf[0]); 1746 c->u.port.low_port = le32_to_cpu(buf[1]); 1747 c->u.port.high_port = le32_to_cpu(buf[2]); 1748 rc = context_read_and_validate(&c->context[0], p, fp); 1749 if (rc) 1750 goto bad; 1751 break; 1752 case OCON_NODE: 1753 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 1754 if (rc < 0) 1755 goto bad; 1756 c->u.node.addr = nodebuf[0]; /* network order */ 1757 c->u.node.mask = nodebuf[1]; /* network order */ 1758 rc = context_read_and_validate(&c->context[0], p, fp); 1759 if (rc) 1760 goto bad; 1761 break; 1762 case OCON_FSUSE: 1763 rc = next_entry(buf, fp, sizeof(u32)*2); 1764 if (rc < 0) 1765 goto bad; 1766 c->v.behavior = le32_to_cpu(buf[0]); 1767 if (c->v.behavior > SECURITY_FS_USE_NONE) 1768 goto bad; 1769 len = le32_to_cpu(buf[1]); 1770 c->u.name = kmalloc(len + 1, GFP_KERNEL); 1771 if (!c->u.name) { 1772 rc = -ENOMEM; 1773 goto bad; 1774 } 1775 rc = next_entry(c->u.name, fp, len); 1776 if (rc < 0) 1777 goto bad; 1778 c->u.name[len] = 0; 1779 rc = context_read_and_validate(&c->context[0], p, fp); 1780 if (rc) 1781 goto bad; 1782 break; 1783 case OCON_NODE6: { 1784 int k; 1785 1786 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 1787 if (rc < 0) 1788 goto bad; 1789 for (k = 0; k < 4; k++) 1790 c->u.node6.addr[k] = nodebuf[k]; 1791 for (k = 0; k < 4; k++) 1792 c->u.node6.mask[k] = nodebuf[k+4]; 1793 if (context_read_and_validate(&c->context[0], p, fp)) 1794 goto bad; 1795 break; 1796 } 1797 } 1798 } 1799 } 1800 1801 rc = next_entry(buf, fp, sizeof(u32)); 1802 if (rc < 0) 1803 goto bad; 1804 nel = le32_to_cpu(buf[0]); 1805 genfs_p = NULL; 1806 rc = -EINVAL; 1807 for (i = 0; i < nel; i++) { 1808 rc = next_entry(buf, fp, sizeof(u32)); 1809 if (rc < 0) 1810 goto bad; 1811 len = le32_to_cpu(buf[0]); 1812 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1813 if (!newgenfs) { 1814 rc = -ENOMEM; 1815 goto bad; 1816 } 1817 1818 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1819 if (!newgenfs->fstype) { 1820 rc = -ENOMEM; 1821 kfree(newgenfs); 1822 goto bad; 1823 } 1824 rc = next_entry(newgenfs->fstype, fp, len); 1825 if (rc < 0) { 1826 kfree(newgenfs->fstype); 1827 kfree(newgenfs); 1828 goto bad; 1829 } 1830 newgenfs->fstype[len] = 0; 1831 for (genfs_p = NULL, genfs = p->genfs; genfs; 1832 genfs_p = genfs, genfs = genfs->next) { 1833 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1834 printk(KERN_ERR "SELinux: dup genfs " 1835 "fstype %s\n", newgenfs->fstype); 1836 kfree(newgenfs->fstype); 1837 kfree(newgenfs); 1838 goto bad; 1839 } 1840 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1841 break; 1842 } 1843 newgenfs->next = genfs; 1844 if (genfs_p) 1845 genfs_p->next = newgenfs; 1846 else 1847 p->genfs = newgenfs; 1848 rc = next_entry(buf, fp, sizeof(u32)); 1849 if (rc < 0) 1850 goto bad; 1851 nel2 = le32_to_cpu(buf[0]); 1852 for (j = 0; j < nel2; j++) { 1853 rc = next_entry(buf, fp, sizeof(u32)); 1854 if (rc < 0) 1855 goto bad; 1856 len = le32_to_cpu(buf[0]); 1857 1858 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1859 if (!newc) { 1860 rc = -ENOMEM; 1861 goto bad; 1862 } 1863 1864 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 1865 if (!newc->u.name) { 1866 rc = -ENOMEM; 1867 goto bad_newc; 1868 } 1869 rc = next_entry(newc->u.name, fp, len); 1870 if (rc < 0) 1871 goto bad_newc; 1872 newc->u.name[len] = 0; 1873 rc = next_entry(buf, fp, sizeof(u32)); 1874 if (rc < 0) 1875 goto bad_newc; 1876 newc->v.sclass = le32_to_cpu(buf[0]); 1877 if (context_read_and_validate(&newc->context[0], p, fp)) 1878 goto bad_newc; 1879 for (l = NULL, c = newgenfs->head; c; 1880 l = c, c = c->next) { 1881 if (!strcmp(newc->u.name, c->u.name) && 1882 (!c->v.sclass || !newc->v.sclass || 1883 newc->v.sclass == c->v.sclass)) { 1884 printk(KERN_ERR "SELinux: dup genfs " 1885 "entry (%s,%s)\n", 1886 newgenfs->fstype, c->u.name); 1887 goto bad_newc; 1888 } 1889 len = strlen(newc->u.name); 1890 len2 = strlen(c->u.name); 1891 if (len > len2) 1892 break; 1893 } 1894 1895 newc->next = c; 1896 if (l) 1897 l->next = newc; 1898 else 1899 newgenfs->head = newc; 1900 } 1901 } 1902 1903 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1904 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1905 rc = next_entry(buf, fp, sizeof(u32)); 1906 if (rc < 0) 1907 goto bad; 1908 nel = le32_to_cpu(buf[0]); 1909 lrt = NULL; 1910 for (i = 0; i < nel; i++) { 1911 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1912 if (!rt) { 1913 rc = -ENOMEM; 1914 goto bad; 1915 } 1916 if (lrt) 1917 lrt->next = rt; 1918 else 1919 p->range_tr = rt; 1920 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1921 if (rc < 0) 1922 goto bad; 1923 rt->source_type = le32_to_cpu(buf[0]); 1924 rt->target_type = le32_to_cpu(buf[1]); 1925 if (new_rangetr) { 1926 rc = next_entry(buf, fp, sizeof(u32)); 1927 if (rc < 0) 1928 goto bad; 1929 rt->target_class = le32_to_cpu(buf[0]); 1930 } else 1931 rt->target_class = SECCLASS_PROCESS; 1932 if (!policydb_type_isvalid(p, rt->source_type) || 1933 !policydb_type_isvalid(p, rt->target_type) || 1934 !policydb_class_isvalid(p, rt->target_class)) { 1935 rc = -EINVAL; 1936 goto bad; 1937 } 1938 rc = mls_read_range_helper(&rt->target_range, fp); 1939 if (rc) 1940 goto bad; 1941 if (!mls_range_isvalid(p, &rt->target_range)) { 1942 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1943 goto bad; 1944 } 1945 lrt = rt; 1946 } 1947 } 1948 1949 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1950 if (!p->type_attr_map) 1951 goto bad; 1952 1953 for (i = 0; i < p->p_types.nprim; i++) { 1954 ebitmap_init(&p->type_attr_map[i]); 1955 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1956 if (ebitmap_read(&p->type_attr_map[i], fp)) 1957 goto bad; 1958 } 1959 /* add the type itself as the degenerate case */ 1960 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1961 goto bad; 1962 } 1963 1964 rc = 0; 1965 out: 1966 return rc; 1967 bad_newc: 1968 ocontext_destroy(newc, OCON_FSUSE); 1969 bad: 1970 if (!rc) 1971 rc = -EINVAL; 1972 policydb_destroy(p); 1973 goto out; 1974 } 1975