1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #define _DEBUG_HASHES 45 46 #ifdef DEBUG_HASHES 47 static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56 }; 57 #endif 58 59 static unsigned int symtab_sizes[SYM_NUM] = { 60 2, 61 32, 62 16, 63 512, 64 128, 65 16, 66 16, 67 16, 68 }; 69 70 struct policydb_compat_info { 71 int version; 72 int sym_num; 73 int ocon_num; 74 }; 75 76 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 77 static struct policydb_compat_info policydb_compat[] = { 78 { 79 .version = POLICYDB_VERSION_BASE, 80 .sym_num = SYM_NUM - 3, 81 .ocon_num = OCON_NUM - 3, 82 }, 83 { 84 .version = POLICYDB_VERSION_BOOL, 85 .sym_num = SYM_NUM - 2, 86 .ocon_num = OCON_NUM - 3, 87 }, 88 { 89 .version = POLICYDB_VERSION_IPV6, 90 .sym_num = SYM_NUM - 2, 91 .ocon_num = OCON_NUM - 2, 92 }, 93 { 94 .version = POLICYDB_VERSION_NLCLASS, 95 .sym_num = SYM_NUM - 2, 96 .ocon_num = OCON_NUM - 2, 97 }, 98 { 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NUM - 2, 102 }, 103 { 104 .version = POLICYDB_VERSION_AVTAB, 105 .sym_num = SYM_NUM, 106 .ocon_num = OCON_NUM - 2, 107 }, 108 { 109 .version = POLICYDB_VERSION_RANGETRANS, 110 .sym_num = SYM_NUM, 111 .ocon_num = OCON_NUM - 2, 112 }, 113 { 114 .version = POLICYDB_VERSION_POLCAP, 115 .sym_num = SYM_NUM, 116 .ocon_num = OCON_NUM - 2, 117 }, 118 { 119 .version = POLICYDB_VERSION_PERMISSIVE, 120 .sym_num = SYM_NUM, 121 .ocon_num = OCON_NUM - 2, 122 }, 123 { 124 .version = POLICYDB_VERSION_BOUNDARY, 125 .sym_num = SYM_NUM, 126 .ocon_num = OCON_NUM - 2, 127 }, 128 { 129 .version = POLICYDB_VERSION_FILENAME_TRANS, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NUM - 2, 132 }, 133 { 134 .version = POLICYDB_VERSION_ROLETRANS, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NUM - 2, 137 }, 138 { 139 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 140 .sym_num = SYM_NUM, 141 .ocon_num = OCON_NUM - 2, 142 }, 143 { 144 .version = POLICYDB_VERSION_DEFAULT_TYPE, 145 .sym_num = SYM_NUM, 146 .ocon_num = OCON_NUM - 2, 147 }, 148 { 149 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 150 .sym_num = SYM_NUM, 151 .ocon_num = OCON_NUM - 2, 152 }, 153 { 154 .version = POLICYDB_VERSION_XPERMS_IOCTL, 155 .sym_num = SYM_NUM, 156 .ocon_num = OCON_NUM - 2, 157 }, 158 { 159 .version = POLICYDB_VERSION_INFINIBAND, 160 .sym_num = SYM_NUM, 161 .ocon_num = OCON_NUM, 162 }, 163 }; 164 165 static struct policydb_compat_info *policydb_lookup_compat(int version) 166 { 167 int i; 168 struct policydb_compat_info *info = NULL; 169 170 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 171 if (policydb_compat[i].version == version) { 172 info = &policydb_compat[i]; 173 break; 174 } 175 } 176 return info; 177 } 178 179 /* 180 * Initialize the role table. 181 */ 182 static int roles_init(struct policydb *p) 183 { 184 char *key = NULL; 185 int rc; 186 struct role_datum *role; 187 188 role = kzalloc(sizeof(*role), GFP_KERNEL); 189 if (!role) 190 return -ENOMEM; 191 192 rc = -EINVAL; 193 role->value = ++p->p_roles.nprim; 194 if (role->value != OBJECT_R_VAL) 195 goto out; 196 197 rc = -ENOMEM; 198 key = kstrdup(OBJECT_R, GFP_KERNEL); 199 if (!key) 200 goto out; 201 202 rc = hashtab_insert(p->p_roles.table, key, role); 203 if (rc) 204 goto out; 205 206 return 0; 207 out: 208 kfree(key); 209 kfree(role); 210 return rc; 211 } 212 213 static u32 filenametr_hash(struct hashtab *h, const void *k) 214 { 215 const struct filename_trans *ft = k; 216 unsigned long hash; 217 unsigned int byte_num; 218 unsigned char focus; 219 220 hash = ft->stype ^ ft->ttype ^ ft->tclass; 221 222 byte_num = 0; 223 while ((focus = ft->name[byte_num++])) 224 hash = partial_name_hash(focus, hash); 225 return hash & (h->size - 1); 226 } 227 228 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 229 { 230 const struct filename_trans *ft1 = k1; 231 const struct filename_trans *ft2 = k2; 232 int v; 233 234 v = ft1->stype - ft2->stype; 235 if (v) 236 return v; 237 238 v = ft1->ttype - ft2->ttype; 239 if (v) 240 return v; 241 242 v = ft1->tclass - ft2->tclass; 243 if (v) 244 return v; 245 246 return strcmp(ft1->name, ft2->name); 247 248 } 249 250 static u32 rangetr_hash(struct hashtab *h, const void *k) 251 { 252 const struct range_trans *key = k; 253 return (key->source_type + (key->target_type << 3) + 254 (key->target_class << 5)) & (h->size - 1); 255 } 256 257 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 258 { 259 const struct range_trans *key1 = k1, *key2 = k2; 260 int v; 261 262 v = key1->source_type - key2->source_type; 263 if (v) 264 return v; 265 266 v = key1->target_type - key2->target_type; 267 if (v) 268 return v; 269 270 v = key1->target_class - key2->target_class; 271 272 return v; 273 } 274 275 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap); 276 277 /* 278 * Initialize a policy database structure. 279 */ 280 static int policydb_init(struct policydb *p) 281 { 282 int i, rc; 283 284 memset(p, 0, sizeof(*p)); 285 286 for (i = 0; i < SYM_NUM; i++) { 287 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 288 if (rc) 289 goto out; 290 } 291 292 rc = avtab_init(&p->te_avtab); 293 if (rc) 294 goto out; 295 296 rc = roles_init(p); 297 if (rc) 298 goto out; 299 300 rc = cond_policydb_init(p); 301 if (rc) 302 goto out; 303 304 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 305 if (!p->filename_trans) { 306 rc = -ENOMEM; 307 goto out; 308 } 309 310 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 311 if (!p->range_tr) { 312 rc = -ENOMEM; 313 goto out; 314 } 315 316 ebitmap_init(&p->filename_trans_ttypes); 317 ebitmap_init(&p->policycaps); 318 ebitmap_init(&p->permissive_map); 319 320 return 0; 321 out: 322 hashtab_destroy(p->filename_trans); 323 hashtab_destroy(p->range_tr); 324 for (i = 0; i < SYM_NUM; i++) { 325 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 326 hashtab_destroy(p->symtab[i].table); 327 } 328 return rc; 329 } 330 331 /* 332 * The following *_index functions are used to 333 * define the val_to_name and val_to_struct arrays 334 * in a policy database structure. The val_to_name 335 * arrays are used when converting security context 336 * structures into string representations. The 337 * val_to_struct arrays are used when the attributes 338 * of a class, role, or user are needed. 339 */ 340 341 static int common_index(void *key, void *datum, void *datap) 342 { 343 struct policydb *p; 344 struct common_datum *comdatum; 345 346 comdatum = datum; 347 p = datap; 348 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 349 return -EINVAL; 350 351 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 352 353 return 0; 354 } 355 356 static int class_index(void *key, void *datum, void *datap) 357 { 358 struct policydb *p; 359 struct class_datum *cladatum; 360 361 cladatum = datum; 362 p = datap; 363 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 364 return -EINVAL; 365 366 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 367 p->class_val_to_struct[cladatum->value - 1] = cladatum; 368 return 0; 369 } 370 371 static int role_index(void *key, void *datum, void *datap) 372 { 373 struct policydb *p; 374 struct role_datum *role; 375 376 role = datum; 377 p = datap; 378 if (!role->value 379 || role->value > p->p_roles.nprim 380 || role->bounds > p->p_roles.nprim) 381 return -EINVAL; 382 383 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 384 p->role_val_to_struct[role->value - 1] = role; 385 return 0; 386 } 387 388 static int type_index(void *key, void *datum, void *datap) 389 { 390 struct policydb *p; 391 struct type_datum *typdatum; 392 393 typdatum = datum; 394 p = datap; 395 396 if (typdatum->primary) { 397 if (!typdatum->value 398 || typdatum->value > p->p_types.nprim 399 || typdatum->bounds > p->p_types.nprim) 400 return -EINVAL; 401 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 402 p->type_val_to_struct_array[typdatum->value - 1] = typdatum; 403 } 404 405 return 0; 406 } 407 408 static int user_index(void *key, void *datum, void *datap) 409 { 410 struct policydb *p; 411 struct user_datum *usrdatum; 412 413 usrdatum = datum; 414 p = datap; 415 if (!usrdatum->value 416 || usrdatum->value > p->p_users.nprim 417 || usrdatum->bounds > p->p_users.nprim) 418 return -EINVAL; 419 420 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 421 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 422 return 0; 423 } 424 425 static int sens_index(void *key, void *datum, void *datap) 426 { 427 struct policydb *p; 428 struct level_datum *levdatum; 429 430 levdatum = datum; 431 p = datap; 432 433 if (!levdatum->isalias) { 434 if (!levdatum->level->sens || 435 levdatum->level->sens > p->p_levels.nprim) 436 return -EINVAL; 437 438 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 439 } 440 441 return 0; 442 } 443 444 static int cat_index(void *key, void *datum, void *datap) 445 { 446 struct policydb *p; 447 struct cat_datum *catdatum; 448 449 catdatum = datum; 450 p = datap; 451 452 if (!catdatum->isalias) { 453 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 454 return -EINVAL; 455 456 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 457 } 458 459 return 0; 460 } 461 462 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 463 { 464 common_index, 465 class_index, 466 role_index, 467 type_index, 468 user_index, 469 cond_index_bool, 470 sens_index, 471 cat_index, 472 }; 473 474 #ifdef DEBUG_HASHES 475 static void hash_eval(struct hashtab *h, const char *hash_name) 476 { 477 struct hashtab_info info; 478 479 hashtab_stat(h, &info); 480 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, " 481 "longest chain length %d\n", hash_name, h->nel, 482 info.slots_used, h->size, info.max_chain_len); 483 } 484 485 static void symtab_hash_eval(struct symtab *s) 486 { 487 int i; 488 489 for (i = 0; i < SYM_NUM; i++) 490 hash_eval(s[i].table, symtab_name[i]); 491 } 492 493 #else 494 static inline void hash_eval(struct hashtab *h, char *hash_name) 495 { 496 } 497 #endif 498 499 /* 500 * Define the other val_to_name and val_to_struct arrays 501 * in a policy database structure. 502 * 503 * Caller must clean up on failure. 504 */ 505 static int policydb_index(struct policydb *p) 506 { 507 int i, rc; 508 509 if (p->mls_enabled) 510 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 511 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 512 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 513 else 514 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 515 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 516 p->p_bools.nprim); 517 518 pr_debug("SELinux: %d classes, %d rules\n", 519 p->p_classes.nprim, p->te_avtab.nel); 520 521 #ifdef DEBUG_HASHES 522 avtab_hash_eval(&p->te_avtab, "rules"); 523 symtab_hash_eval(p->symtab); 524 #endif 525 526 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 527 sizeof(*p->class_val_to_struct), 528 GFP_KERNEL); 529 if (!p->class_val_to_struct) 530 return -ENOMEM; 531 532 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 533 sizeof(*p->role_val_to_struct), 534 GFP_KERNEL); 535 if (!p->role_val_to_struct) 536 return -ENOMEM; 537 538 p->user_val_to_struct = kcalloc(p->p_users.nprim, 539 sizeof(*p->user_val_to_struct), 540 GFP_KERNEL); 541 if (!p->user_val_to_struct) 542 return -ENOMEM; 543 544 p->type_val_to_struct_array = kvcalloc(p->p_types.nprim, 545 sizeof(*p->type_val_to_struct_array), 546 GFP_KERNEL); 547 if (!p->type_val_to_struct_array) 548 return -ENOMEM; 549 550 rc = cond_init_bool_indexes(p); 551 if (rc) 552 goto out; 553 554 for (i = 0; i < SYM_NUM; i++) { 555 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 556 sizeof(char *), 557 GFP_KERNEL); 558 if (!p->sym_val_to_name[i]) 559 return -ENOMEM; 560 561 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 562 if (rc) 563 goto out; 564 } 565 rc = 0; 566 out: 567 return rc; 568 } 569 570 /* 571 * The following *_destroy functions are used to 572 * free any memory allocated for each kind of 573 * symbol data in the policy database. 574 */ 575 576 static int perm_destroy(void *key, void *datum, void *p) 577 { 578 kfree(key); 579 kfree(datum); 580 return 0; 581 } 582 583 static int common_destroy(void *key, void *datum, void *p) 584 { 585 struct common_datum *comdatum; 586 587 kfree(key); 588 if (datum) { 589 comdatum = datum; 590 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 591 hashtab_destroy(comdatum->permissions.table); 592 } 593 kfree(datum); 594 return 0; 595 } 596 597 static void constraint_expr_destroy(struct constraint_expr *expr) 598 { 599 if (expr) { 600 ebitmap_destroy(&expr->names); 601 if (expr->type_names) { 602 ebitmap_destroy(&expr->type_names->types); 603 ebitmap_destroy(&expr->type_names->negset); 604 kfree(expr->type_names); 605 } 606 kfree(expr); 607 } 608 } 609 610 static int cls_destroy(void *key, void *datum, void *p) 611 { 612 struct class_datum *cladatum; 613 struct constraint_node *constraint, *ctemp; 614 struct constraint_expr *e, *etmp; 615 616 kfree(key); 617 if (datum) { 618 cladatum = datum; 619 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 620 hashtab_destroy(cladatum->permissions.table); 621 constraint = cladatum->constraints; 622 while (constraint) { 623 e = constraint->expr; 624 while (e) { 625 etmp = e; 626 e = e->next; 627 constraint_expr_destroy(etmp); 628 } 629 ctemp = constraint; 630 constraint = constraint->next; 631 kfree(ctemp); 632 } 633 634 constraint = cladatum->validatetrans; 635 while (constraint) { 636 e = constraint->expr; 637 while (e) { 638 etmp = e; 639 e = e->next; 640 constraint_expr_destroy(etmp); 641 } 642 ctemp = constraint; 643 constraint = constraint->next; 644 kfree(ctemp); 645 } 646 kfree(cladatum->comkey); 647 } 648 kfree(datum); 649 return 0; 650 } 651 652 static int role_destroy(void *key, void *datum, void *p) 653 { 654 struct role_datum *role; 655 656 kfree(key); 657 if (datum) { 658 role = datum; 659 ebitmap_destroy(&role->dominates); 660 ebitmap_destroy(&role->types); 661 } 662 kfree(datum); 663 return 0; 664 } 665 666 static int type_destroy(void *key, void *datum, void *p) 667 { 668 kfree(key); 669 kfree(datum); 670 return 0; 671 } 672 673 static int user_destroy(void *key, void *datum, void *p) 674 { 675 struct user_datum *usrdatum; 676 677 kfree(key); 678 if (datum) { 679 usrdatum = datum; 680 ebitmap_destroy(&usrdatum->roles); 681 ebitmap_destroy(&usrdatum->range.level[0].cat); 682 ebitmap_destroy(&usrdatum->range.level[1].cat); 683 ebitmap_destroy(&usrdatum->dfltlevel.cat); 684 } 685 kfree(datum); 686 return 0; 687 } 688 689 static int sens_destroy(void *key, void *datum, void *p) 690 { 691 struct level_datum *levdatum; 692 693 kfree(key); 694 if (datum) { 695 levdatum = datum; 696 if (levdatum->level) 697 ebitmap_destroy(&levdatum->level->cat); 698 kfree(levdatum->level); 699 } 700 kfree(datum); 701 return 0; 702 } 703 704 static int cat_destroy(void *key, void *datum, void *p) 705 { 706 kfree(key); 707 kfree(datum); 708 return 0; 709 } 710 711 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 712 { 713 common_destroy, 714 cls_destroy, 715 role_destroy, 716 type_destroy, 717 user_destroy, 718 cond_destroy_bool, 719 sens_destroy, 720 cat_destroy, 721 }; 722 723 static int filenametr_destroy(void *key, void *datum, void *p) 724 { 725 struct filename_trans *ft = key; 726 kfree(ft->name); 727 kfree(key); 728 kfree(datum); 729 cond_resched(); 730 return 0; 731 } 732 733 static int range_tr_destroy(void *key, void *datum, void *p) 734 { 735 struct mls_range *rt = datum; 736 kfree(key); 737 ebitmap_destroy(&rt->level[0].cat); 738 ebitmap_destroy(&rt->level[1].cat); 739 kfree(datum); 740 cond_resched(); 741 return 0; 742 } 743 744 static void ocontext_destroy(struct ocontext *c, int i) 745 { 746 if (!c) 747 return; 748 749 context_destroy(&c->context[0]); 750 context_destroy(&c->context[1]); 751 if (i == OCON_ISID || i == OCON_FS || 752 i == OCON_NETIF || i == OCON_FSUSE) 753 kfree(c->u.name); 754 kfree(c); 755 } 756 757 /* 758 * Free any memory allocated by a policy database structure. 759 */ 760 void policydb_destroy(struct policydb *p) 761 { 762 struct ocontext *c, *ctmp; 763 struct genfs *g, *gtmp; 764 int i; 765 struct role_allow *ra, *lra = NULL; 766 struct role_trans *tr, *ltr = NULL; 767 768 for (i = 0; i < SYM_NUM; i++) { 769 cond_resched(); 770 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 771 hashtab_destroy(p->symtab[i].table); 772 } 773 774 for (i = 0; i < SYM_NUM; i++) 775 kvfree(p->sym_val_to_name[i]); 776 777 kfree(p->class_val_to_struct); 778 kfree(p->role_val_to_struct); 779 kfree(p->user_val_to_struct); 780 kvfree(p->type_val_to_struct_array); 781 782 avtab_destroy(&p->te_avtab); 783 784 for (i = 0; i < OCON_NUM; i++) { 785 cond_resched(); 786 c = p->ocontexts[i]; 787 while (c) { 788 ctmp = c; 789 c = c->next; 790 ocontext_destroy(ctmp, i); 791 } 792 p->ocontexts[i] = NULL; 793 } 794 795 g = p->genfs; 796 while (g) { 797 cond_resched(); 798 kfree(g->fstype); 799 c = g->head; 800 while (c) { 801 ctmp = c; 802 c = c->next; 803 ocontext_destroy(ctmp, OCON_FSUSE); 804 } 805 gtmp = g; 806 g = g->next; 807 kfree(gtmp); 808 } 809 p->genfs = NULL; 810 811 cond_policydb_destroy(p); 812 813 for (tr = p->role_tr; tr; tr = tr->next) { 814 cond_resched(); 815 kfree(ltr); 816 ltr = tr; 817 } 818 kfree(ltr); 819 820 for (ra = p->role_allow; ra; ra = ra->next) { 821 cond_resched(); 822 kfree(lra); 823 lra = ra; 824 } 825 kfree(lra); 826 827 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 828 hashtab_destroy(p->filename_trans); 829 830 hashtab_map(p->range_tr, range_tr_destroy, NULL); 831 hashtab_destroy(p->range_tr); 832 833 if (p->type_attr_map_array) { 834 for (i = 0; i < p->p_types.nprim; i++) 835 ebitmap_destroy(&p->type_attr_map_array[i]); 836 kvfree(p->type_attr_map_array); 837 } 838 839 ebitmap_destroy(&p->filename_trans_ttypes); 840 ebitmap_destroy(&p->policycaps); 841 ebitmap_destroy(&p->permissive_map); 842 } 843 844 /* 845 * Load the initial SIDs specified in a policy database 846 * structure into a SID table. 847 */ 848 int policydb_load_isids(struct policydb *p, struct sidtab *s) 849 { 850 struct ocontext *head, *c; 851 int rc; 852 853 rc = sidtab_init(s); 854 if (rc) { 855 pr_err("SELinux: out of memory on SID table init\n"); 856 goto out; 857 } 858 859 head = p->ocontexts[OCON_ISID]; 860 for (c = head; c; c = c->next) { 861 rc = -EINVAL; 862 if (!c->context[0].user) { 863 pr_err("SELinux: SID %s was never defined.\n", 864 c->u.name); 865 sidtab_destroy(s); 866 goto out; 867 } 868 if (c->sid[0] == SECSID_NULL || c->sid[0] > SECINITSID_NUM) { 869 pr_err("SELinux: Initial SID %s out of range.\n", 870 c->u.name); 871 sidtab_destroy(s); 872 goto out; 873 } 874 875 rc = sidtab_set_initial(s, c->sid[0], &c->context[0]); 876 if (rc) { 877 pr_err("SELinux: unable to load initial SID %s.\n", 878 c->u.name); 879 sidtab_destroy(s); 880 goto out; 881 } 882 } 883 rc = 0; 884 out: 885 return rc; 886 } 887 888 int policydb_class_isvalid(struct policydb *p, unsigned int class) 889 { 890 if (!class || class > p->p_classes.nprim) 891 return 0; 892 return 1; 893 } 894 895 int policydb_role_isvalid(struct policydb *p, unsigned int role) 896 { 897 if (!role || role > p->p_roles.nprim) 898 return 0; 899 return 1; 900 } 901 902 int policydb_type_isvalid(struct policydb *p, unsigned int type) 903 { 904 if (!type || type > p->p_types.nprim) 905 return 0; 906 return 1; 907 } 908 909 /* 910 * Return 1 if the fields in the security context 911 * structure `c' are valid. Return 0 otherwise. 912 */ 913 int policydb_context_isvalid(struct policydb *p, struct context *c) 914 { 915 struct role_datum *role; 916 struct user_datum *usrdatum; 917 918 if (!c->role || c->role > p->p_roles.nprim) 919 return 0; 920 921 if (!c->user || c->user > p->p_users.nprim) 922 return 0; 923 924 if (!c->type || c->type > p->p_types.nprim) 925 return 0; 926 927 if (c->role != OBJECT_R_VAL) { 928 /* 929 * Role must be authorized for the type. 930 */ 931 role = p->role_val_to_struct[c->role - 1]; 932 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 933 /* role may not be associated with type */ 934 return 0; 935 936 /* 937 * User must be authorized for the role. 938 */ 939 usrdatum = p->user_val_to_struct[c->user - 1]; 940 if (!usrdatum) 941 return 0; 942 943 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 944 /* user may not be associated with role */ 945 return 0; 946 } 947 948 if (!mls_context_isvalid(p, c)) 949 return 0; 950 951 return 1; 952 } 953 954 /* 955 * Read a MLS range structure from a policydb binary 956 * representation file. 957 */ 958 static int mls_read_range_helper(struct mls_range *r, void *fp) 959 { 960 __le32 buf[2]; 961 u32 items; 962 int rc; 963 964 rc = next_entry(buf, fp, sizeof(u32)); 965 if (rc) 966 goto out; 967 968 rc = -EINVAL; 969 items = le32_to_cpu(buf[0]); 970 if (items > ARRAY_SIZE(buf)) { 971 pr_err("SELinux: mls: range overflow\n"); 972 goto out; 973 } 974 975 rc = next_entry(buf, fp, sizeof(u32) * items); 976 if (rc) { 977 pr_err("SELinux: mls: truncated range\n"); 978 goto out; 979 } 980 981 r->level[0].sens = le32_to_cpu(buf[0]); 982 if (items > 1) 983 r->level[1].sens = le32_to_cpu(buf[1]); 984 else 985 r->level[1].sens = r->level[0].sens; 986 987 rc = ebitmap_read(&r->level[0].cat, fp); 988 if (rc) { 989 pr_err("SELinux: mls: error reading low categories\n"); 990 goto out; 991 } 992 if (items > 1) { 993 rc = ebitmap_read(&r->level[1].cat, fp); 994 if (rc) { 995 pr_err("SELinux: mls: error reading high categories\n"); 996 goto bad_high; 997 } 998 } else { 999 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1000 if (rc) { 1001 pr_err("SELinux: mls: out of memory\n"); 1002 goto bad_high; 1003 } 1004 } 1005 1006 return 0; 1007 bad_high: 1008 ebitmap_destroy(&r->level[0].cat); 1009 out: 1010 return rc; 1011 } 1012 1013 /* 1014 * Read and validate a security context structure 1015 * from a policydb binary representation file. 1016 */ 1017 static int context_read_and_validate(struct context *c, 1018 struct policydb *p, 1019 void *fp) 1020 { 1021 __le32 buf[3]; 1022 int rc; 1023 1024 rc = next_entry(buf, fp, sizeof buf); 1025 if (rc) { 1026 pr_err("SELinux: context truncated\n"); 1027 goto out; 1028 } 1029 c->user = le32_to_cpu(buf[0]); 1030 c->role = le32_to_cpu(buf[1]); 1031 c->type = le32_to_cpu(buf[2]); 1032 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1033 rc = mls_read_range_helper(&c->range, fp); 1034 if (rc) { 1035 pr_err("SELinux: error reading MLS range of context\n"); 1036 goto out; 1037 } 1038 } 1039 1040 rc = -EINVAL; 1041 if (!policydb_context_isvalid(p, c)) { 1042 pr_err("SELinux: invalid security context\n"); 1043 context_destroy(c); 1044 goto out; 1045 } 1046 rc = 0; 1047 out: 1048 return rc; 1049 } 1050 1051 /* 1052 * The following *_read functions are used to 1053 * read the symbol data from a policy database 1054 * binary representation file. 1055 */ 1056 1057 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1058 { 1059 int rc; 1060 char *str; 1061 1062 if ((len == 0) || (len == (u32)-1)) 1063 return -EINVAL; 1064 1065 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1066 if (!str) 1067 return -ENOMEM; 1068 1069 /* it's expected the caller should free the str */ 1070 *strp = str; 1071 1072 rc = next_entry(str, fp, len); 1073 if (rc) 1074 return rc; 1075 1076 str[len] = '\0'; 1077 return 0; 1078 } 1079 1080 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1081 { 1082 char *key = NULL; 1083 struct perm_datum *perdatum; 1084 int rc; 1085 __le32 buf[2]; 1086 u32 len; 1087 1088 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1089 if (!perdatum) 1090 return -ENOMEM; 1091 1092 rc = next_entry(buf, fp, sizeof buf); 1093 if (rc) 1094 goto bad; 1095 1096 len = le32_to_cpu(buf[0]); 1097 perdatum->value = le32_to_cpu(buf[1]); 1098 1099 rc = str_read(&key, GFP_KERNEL, fp, len); 1100 if (rc) 1101 goto bad; 1102 1103 rc = hashtab_insert(h, key, perdatum); 1104 if (rc) 1105 goto bad; 1106 1107 return 0; 1108 bad: 1109 perm_destroy(key, perdatum, NULL); 1110 return rc; 1111 } 1112 1113 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1114 { 1115 char *key = NULL; 1116 struct common_datum *comdatum; 1117 __le32 buf[4]; 1118 u32 len, nel; 1119 int i, rc; 1120 1121 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1122 if (!comdatum) 1123 return -ENOMEM; 1124 1125 rc = next_entry(buf, fp, sizeof buf); 1126 if (rc) 1127 goto bad; 1128 1129 len = le32_to_cpu(buf[0]); 1130 comdatum->value = le32_to_cpu(buf[1]); 1131 1132 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1133 if (rc) 1134 goto bad; 1135 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1136 nel = le32_to_cpu(buf[3]); 1137 1138 rc = str_read(&key, GFP_KERNEL, fp, len); 1139 if (rc) 1140 goto bad; 1141 1142 for (i = 0; i < nel; i++) { 1143 rc = perm_read(p, comdatum->permissions.table, fp); 1144 if (rc) 1145 goto bad; 1146 } 1147 1148 rc = hashtab_insert(h, key, comdatum); 1149 if (rc) 1150 goto bad; 1151 return 0; 1152 bad: 1153 common_destroy(key, comdatum, NULL); 1154 return rc; 1155 } 1156 1157 static void type_set_init(struct type_set *t) 1158 { 1159 ebitmap_init(&t->types); 1160 ebitmap_init(&t->negset); 1161 } 1162 1163 static int type_set_read(struct type_set *t, void *fp) 1164 { 1165 __le32 buf[1]; 1166 int rc; 1167 1168 if (ebitmap_read(&t->types, fp)) 1169 return -EINVAL; 1170 if (ebitmap_read(&t->negset, fp)) 1171 return -EINVAL; 1172 1173 rc = next_entry(buf, fp, sizeof(u32)); 1174 if (rc < 0) 1175 return -EINVAL; 1176 t->flags = le32_to_cpu(buf[0]); 1177 1178 return 0; 1179 } 1180 1181 1182 static int read_cons_helper(struct policydb *p, 1183 struct constraint_node **nodep, 1184 int ncons, int allowxtarget, void *fp) 1185 { 1186 struct constraint_node *c, *lc; 1187 struct constraint_expr *e, *le; 1188 __le32 buf[3]; 1189 u32 nexpr; 1190 int rc, i, j, depth; 1191 1192 lc = NULL; 1193 for (i = 0; i < ncons; i++) { 1194 c = kzalloc(sizeof(*c), GFP_KERNEL); 1195 if (!c) 1196 return -ENOMEM; 1197 1198 if (lc) 1199 lc->next = c; 1200 else 1201 *nodep = c; 1202 1203 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1204 if (rc) 1205 return rc; 1206 c->permissions = le32_to_cpu(buf[0]); 1207 nexpr = le32_to_cpu(buf[1]); 1208 le = NULL; 1209 depth = -1; 1210 for (j = 0; j < nexpr; j++) { 1211 e = kzalloc(sizeof(*e), GFP_KERNEL); 1212 if (!e) 1213 return -ENOMEM; 1214 1215 if (le) 1216 le->next = e; 1217 else 1218 c->expr = e; 1219 1220 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1221 if (rc) 1222 return rc; 1223 e->expr_type = le32_to_cpu(buf[0]); 1224 e->attr = le32_to_cpu(buf[1]); 1225 e->op = le32_to_cpu(buf[2]); 1226 1227 switch (e->expr_type) { 1228 case CEXPR_NOT: 1229 if (depth < 0) 1230 return -EINVAL; 1231 break; 1232 case CEXPR_AND: 1233 case CEXPR_OR: 1234 if (depth < 1) 1235 return -EINVAL; 1236 depth--; 1237 break; 1238 case CEXPR_ATTR: 1239 if (depth == (CEXPR_MAXDEPTH - 1)) 1240 return -EINVAL; 1241 depth++; 1242 break; 1243 case CEXPR_NAMES: 1244 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1245 return -EINVAL; 1246 if (depth == (CEXPR_MAXDEPTH - 1)) 1247 return -EINVAL; 1248 depth++; 1249 rc = ebitmap_read(&e->names, fp); 1250 if (rc) 1251 return rc; 1252 if (p->policyvers >= 1253 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1254 e->type_names = kzalloc(sizeof 1255 (*e->type_names), 1256 GFP_KERNEL); 1257 if (!e->type_names) 1258 return -ENOMEM; 1259 type_set_init(e->type_names); 1260 rc = type_set_read(e->type_names, fp); 1261 if (rc) 1262 return rc; 1263 } 1264 break; 1265 default: 1266 return -EINVAL; 1267 } 1268 le = e; 1269 } 1270 if (depth != 0) 1271 return -EINVAL; 1272 lc = c; 1273 } 1274 1275 return 0; 1276 } 1277 1278 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1279 { 1280 char *key = NULL; 1281 struct class_datum *cladatum; 1282 __le32 buf[6]; 1283 u32 len, len2, ncons, nel; 1284 int i, rc; 1285 1286 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1287 if (!cladatum) 1288 return -ENOMEM; 1289 1290 rc = next_entry(buf, fp, sizeof(u32)*6); 1291 if (rc) 1292 goto bad; 1293 1294 len = le32_to_cpu(buf[0]); 1295 len2 = le32_to_cpu(buf[1]); 1296 cladatum->value = le32_to_cpu(buf[2]); 1297 1298 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1299 if (rc) 1300 goto bad; 1301 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1302 nel = le32_to_cpu(buf[4]); 1303 1304 ncons = le32_to_cpu(buf[5]); 1305 1306 rc = str_read(&key, GFP_KERNEL, fp, len); 1307 if (rc) 1308 goto bad; 1309 1310 if (len2) { 1311 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1312 if (rc) 1313 goto bad; 1314 1315 rc = -EINVAL; 1316 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1317 if (!cladatum->comdatum) { 1318 pr_err("SELinux: unknown common %s\n", 1319 cladatum->comkey); 1320 goto bad; 1321 } 1322 } 1323 for (i = 0; i < nel; i++) { 1324 rc = perm_read(p, cladatum->permissions.table, fp); 1325 if (rc) 1326 goto bad; 1327 } 1328 1329 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1330 if (rc) 1331 goto bad; 1332 1333 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1334 /* grab the validatetrans rules */ 1335 rc = next_entry(buf, fp, sizeof(u32)); 1336 if (rc) 1337 goto bad; 1338 ncons = le32_to_cpu(buf[0]); 1339 rc = read_cons_helper(p, &cladatum->validatetrans, 1340 ncons, 1, fp); 1341 if (rc) 1342 goto bad; 1343 } 1344 1345 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1346 rc = next_entry(buf, fp, sizeof(u32) * 3); 1347 if (rc) 1348 goto bad; 1349 1350 cladatum->default_user = le32_to_cpu(buf[0]); 1351 cladatum->default_role = le32_to_cpu(buf[1]); 1352 cladatum->default_range = le32_to_cpu(buf[2]); 1353 } 1354 1355 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1356 rc = next_entry(buf, fp, sizeof(u32) * 1); 1357 if (rc) 1358 goto bad; 1359 cladatum->default_type = le32_to_cpu(buf[0]); 1360 } 1361 1362 rc = hashtab_insert(h, key, cladatum); 1363 if (rc) 1364 goto bad; 1365 1366 return 0; 1367 bad: 1368 cls_destroy(key, cladatum, NULL); 1369 return rc; 1370 } 1371 1372 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1373 { 1374 char *key = NULL; 1375 struct role_datum *role; 1376 int rc, to_read = 2; 1377 __le32 buf[3]; 1378 u32 len; 1379 1380 role = kzalloc(sizeof(*role), GFP_KERNEL); 1381 if (!role) 1382 return -ENOMEM; 1383 1384 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1385 to_read = 3; 1386 1387 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1388 if (rc) 1389 goto bad; 1390 1391 len = le32_to_cpu(buf[0]); 1392 role->value = le32_to_cpu(buf[1]); 1393 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1394 role->bounds = le32_to_cpu(buf[2]); 1395 1396 rc = str_read(&key, GFP_KERNEL, fp, len); 1397 if (rc) 1398 goto bad; 1399 1400 rc = ebitmap_read(&role->dominates, fp); 1401 if (rc) 1402 goto bad; 1403 1404 rc = ebitmap_read(&role->types, fp); 1405 if (rc) 1406 goto bad; 1407 1408 if (strcmp(key, OBJECT_R) == 0) { 1409 rc = -EINVAL; 1410 if (role->value != OBJECT_R_VAL) { 1411 pr_err("SELinux: Role %s has wrong value %d\n", 1412 OBJECT_R, role->value); 1413 goto bad; 1414 } 1415 rc = 0; 1416 goto bad; 1417 } 1418 1419 rc = hashtab_insert(h, key, role); 1420 if (rc) 1421 goto bad; 1422 return 0; 1423 bad: 1424 role_destroy(key, role, NULL); 1425 return rc; 1426 } 1427 1428 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1429 { 1430 char *key = NULL; 1431 struct type_datum *typdatum; 1432 int rc, to_read = 3; 1433 __le32 buf[4]; 1434 u32 len; 1435 1436 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1437 if (!typdatum) 1438 return -ENOMEM; 1439 1440 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1441 to_read = 4; 1442 1443 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1444 if (rc) 1445 goto bad; 1446 1447 len = le32_to_cpu(buf[0]); 1448 typdatum->value = le32_to_cpu(buf[1]); 1449 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1450 u32 prop = le32_to_cpu(buf[2]); 1451 1452 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1453 typdatum->primary = 1; 1454 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1455 typdatum->attribute = 1; 1456 1457 typdatum->bounds = le32_to_cpu(buf[3]); 1458 } else { 1459 typdatum->primary = le32_to_cpu(buf[2]); 1460 } 1461 1462 rc = str_read(&key, GFP_KERNEL, fp, len); 1463 if (rc) 1464 goto bad; 1465 1466 rc = hashtab_insert(h, key, typdatum); 1467 if (rc) 1468 goto bad; 1469 return 0; 1470 bad: 1471 type_destroy(key, typdatum, NULL); 1472 return rc; 1473 } 1474 1475 1476 /* 1477 * Read a MLS level structure from a policydb binary 1478 * representation file. 1479 */ 1480 static int mls_read_level(struct mls_level *lp, void *fp) 1481 { 1482 __le32 buf[1]; 1483 int rc; 1484 1485 memset(lp, 0, sizeof(*lp)); 1486 1487 rc = next_entry(buf, fp, sizeof buf); 1488 if (rc) { 1489 pr_err("SELinux: mls: truncated level\n"); 1490 return rc; 1491 } 1492 lp->sens = le32_to_cpu(buf[0]); 1493 1494 rc = ebitmap_read(&lp->cat, fp); 1495 if (rc) { 1496 pr_err("SELinux: mls: error reading level categories\n"); 1497 return rc; 1498 } 1499 return 0; 1500 } 1501 1502 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1503 { 1504 char *key = NULL; 1505 struct user_datum *usrdatum; 1506 int rc, to_read = 2; 1507 __le32 buf[3]; 1508 u32 len; 1509 1510 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1511 if (!usrdatum) 1512 return -ENOMEM; 1513 1514 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1515 to_read = 3; 1516 1517 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1518 if (rc) 1519 goto bad; 1520 1521 len = le32_to_cpu(buf[0]); 1522 usrdatum->value = le32_to_cpu(buf[1]); 1523 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1524 usrdatum->bounds = le32_to_cpu(buf[2]); 1525 1526 rc = str_read(&key, GFP_KERNEL, fp, len); 1527 if (rc) 1528 goto bad; 1529 1530 rc = ebitmap_read(&usrdatum->roles, fp); 1531 if (rc) 1532 goto bad; 1533 1534 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1535 rc = mls_read_range_helper(&usrdatum->range, fp); 1536 if (rc) 1537 goto bad; 1538 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1539 if (rc) 1540 goto bad; 1541 } 1542 1543 rc = hashtab_insert(h, key, usrdatum); 1544 if (rc) 1545 goto bad; 1546 return 0; 1547 bad: 1548 user_destroy(key, usrdatum, NULL); 1549 return rc; 1550 } 1551 1552 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1553 { 1554 char *key = NULL; 1555 struct level_datum *levdatum; 1556 int rc; 1557 __le32 buf[2]; 1558 u32 len; 1559 1560 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1561 if (!levdatum) 1562 return -ENOMEM; 1563 1564 rc = next_entry(buf, fp, sizeof buf); 1565 if (rc) 1566 goto bad; 1567 1568 len = le32_to_cpu(buf[0]); 1569 levdatum->isalias = le32_to_cpu(buf[1]); 1570 1571 rc = str_read(&key, GFP_ATOMIC, fp, len); 1572 if (rc) 1573 goto bad; 1574 1575 rc = -ENOMEM; 1576 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1577 if (!levdatum->level) 1578 goto bad; 1579 1580 rc = mls_read_level(levdatum->level, fp); 1581 if (rc) 1582 goto bad; 1583 1584 rc = hashtab_insert(h, key, levdatum); 1585 if (rc) 1586 goto bad; 1587 return 0; 1588 bad: 1589 sens_destroy(key, levdatum, NULL); 1590 return rc; 1591 } 1592 1593 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1594 { 1595 char *key = NULL; 1596 struct cat_datum *catdatum; 1597 int rc; 1598 __le32 buf[3]; 1599 u32 len; 1600 1601 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1602 if (!catdatum) 1603 return -ENOMEM; 1604 1605 rc = next_entry(buf, fp, sizeof buf); 1606 if (rc) 1607 goto bad; 1608 1609 len = le32_to_cpu(buf[0]); 1610 catdatum->value = le32_to_cpu(buf[1]); 1611 catdatum->isalias = le32_to_cpu(buf[2]); 1612 1613 rc = str_read(&key, GFP_ATOMIC, fp, len); 1614 if (rc) 1615 goto bad; 1616 1617 rc = hashtab_insert(h, key, catdatum); 1618 if (rc) 1619 goto bad; 1620 return 0; 1621 bad: 1622 cat_destroy(key, catdatum, NULL); 1623 return rc; 1624 } 1625 1626 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1627 { 1628 common_read, 1629 class_read, 1630 role_read, 1631 type_read, 1632 user_read, 1633 cond_read_bool, 1634 sens_read, 1635 cat_read, 1636 }; 1637 1638 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1639 { 1640 struct user_datum *upper, *user; 1641 struct policydb *p = datap; 1642 int depth = 0; 1643 1644 upper = user = datum; 1645 while (upper->bounds) { 1646 struct ebitmap_node *node; 1647 unsigned long bit; 1648 1649 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1650 pr_err("SELinux: user %s: " 1651 "too deep or looped boundary", 1652 (char *) key); 1653 return -EINVAL; 1654 } 1655 1656 upper = p->user_val_to_struct[upper->bounds - 1]; 1657 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1658 if (ebitmap_get_bit(&upper->roles, bit)) 1659 continue; 1660 1661 pr_err("SELinux: boundary violated policy: " 1662 "user=%s role=%s bounds=%s\n", 1663 sym_name(p, SYM_USERS, user->value - 1), 1664 sym_name(p, SYM_ROLES, bit), 1665 sym_name(p, SYM_USERS, upper->value - 1)); 1666 1667 return -EINVAL; 1668 } 1669 } 1670 1671 return 0; 1672 } 1673 1674 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1675 { 1676 struct role_datum *upper, *role; 1677 struct policydb *p = datap; 1678 int depth = 0; 1679 1680 upper = role = datum; 1681 while (upper->bounds) { 1682 struct ebitmap_node *node; 1683 unsigned long bit; 1684 1685 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1686 pr_err("SELinux: role %s: " 1687 "too deep or looped bounds\n", 1688 (char *) key); 1689 return -EINVAL; 1690 } 1691 1692 upper = p->role_val_to_struct[upper->bounds - 1]; 1693 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1694 if (ebitmap_get_bit(&upper->types, bit)) 1695 continue; 1696 1697 pr_err("SELinux: boundary violated policy: " 1698 "role=%s type=%s bounds=%s\n", 1699 sym_name(p, SYM_ROLES, role->value - 1), 1700 sym_name(p, SYM_TYPES, bit), 1701 sym_name(p, SYM_ROLES, upper->value - 1)); 1702 1703 return -EINVAL; 1704 } 1705 } 1706 1707 return 0; 1708 } 1709 1710 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1711 { 1712 struct type_datum *upper; 1713 struct policydb *p = datap; 1714 int depth = 0; 1715 1716 upper = datum; 1717 while (upper->bounds) { 1718 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1719 pr_err("SELinux: type %s: " 1720 "too deep or looped boundary\n", 1721 (char *) key); 1722 return -EINVAL; 1723 } 1724 1725 upper = p->type_val_to_struct_array[upper->bounds - 1]; 1726 BUG_ON(!upper); 1727 1728 if (upper->attribute) { 1729 pr_err("SELinux: type %s: " 1730 "bounded by attribute %s", 1731 (char *) key, 1732 sym_name(p, SYM_TYPES, upper->value - 1)); 1733 return -EINVAL; 1734 } 1735 } 1736 1737 return 0; 1738 } 1739 1740 static int policydb_bounds_sanity_check(struct policydb *p) 1741 { 1742 int rc; 1743 1744 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1745 return 0; 1746 1747 rc = hashtab_map(p->p_users.table, 1748 user_bounds_sanity_check, p); 1749 if (rc) 1750 return rc; 1751 1752 rc = hashtab_map(p->p_roles.table, 1753 role_bounds_sanity_check, p); 1754 if (rc) 1755 return rc; 1756 1757 rc = hashtab_map(p->p_types.table, 1758 type_bounds_sanity_check, p); 1759 if (rc) 1760 return rc; 1761 1762 return 0; 1763 } 1764 1765 u16 string_to_security_class(struct policydb *p, const char *name) 1766 { 1767 struct class_datum *cladatum; 1768 1769 cladatum = hashtab_search(p->p_classes.table, name); 1770 if (!cladatum) 1771 return 0; 1772 1773 return cladatum->value; 1774 } 1775 1776 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1777 { 1778 struct class_datum *cladatum; 1779 struct perm_datum *perdatum = NULL; 1780 struct common_datum *comdatum; 1781 1782 if (!tclass || tclass > p->p_classes.nprim) 1783 return 0; 1784 1785 cladatum = p->class_val_to_struct[tclass-1]; 1786 comdatum = cladatum->comdatum; 1787 if (comdatum) 1788 perdatum = hashtab_search(comdatum->permissions.table, 1789 name); 1790 if (!perdatum) 1791 perdatum = hashtab_search(cladatum->permissions.table, 1792 name); 1793 if (!perdatum) 1794 return 0; 1795 1796 return 1U << (perdatum->value-1); 1797 } 1798 1799 static int range_read(struct policydb *p, void *fp) 1800 { 1801 struct range_trans *rt = NULL; 1802 struct mls_range *r = NULL; 1803 int i, rc; 1804 __le32 buf[2]; 1805 u32 nel; 1806 1807 if (p->policyvers < POLICYDB_VERSION_MLS) 1808 return 0; 1809 1810 rc = next_entry(buf, fp, sizeof(u32)); 1811 if (rc) 1812 return rc; 1813 1814 nel = le32_to_cpu(buf[0]); 1815 for (i = 0; i < nel; i++) { 1816 rc = -ENOMEM; 1817 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1818 if (!rt) 1819 goto out; 1820 1821 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1822 if (rc) 1823 goto out; 1824 1825 rt->source_type = le32_to_cpu(buf[0]); 1826 rt->target_type = le32_to_cpu(buf[1]); 1827 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1828 rc = next_entry(buf, fp, sizeof(u32)); 1829 if (rc) 1830 goto out; 1831 rt->target_class = le32_to_cpu(buf[0]); 1832 } else 1833 rt->target_class = p->process_class; 1834 1835 rc = -EINVAL; 1836 if (!policydb_type_isvalid(p, rt->source_type) || 1837 !policydb_type_isvalid(p, rt->target_type) || 1838 !policydb_class_isvalid(p, rt->target_class)) 1839 goto out; 1840 1841 rc = -ENOMEM; 1842 r = kzalloc(sizeof(*r), GFP_KERNEL); 1843 if (!r) 1844 goto out; 1845 1846 rc = mls_read_range_helper(r, fp); 1847 if (rc) 1848 goto out; 1849 1850 rc = -EINVAL; 1851 if (!mls_range_isvalid(p, r)) { 1852 pr_warn("SELinux: rangetrans: invalid range\n"); 1853 goto out; 1854 } 1855 1856 rc = hashtab_insert(p->range_tr, rt, r); 1857 if (rc) 1858 goto out; 1859 1860 rt = NULL; 1861 r = NULL; 1862 } 1863 hash_eval(p->range_tr, "rangetr"); 1864 rc = 0; 1865 out: 1866 kfree(rt); 1867 kfree(r); 1868 return rc; 1869 } 1870 1871 static int filename_trans_read(struct policydb *p, void *fp) 1872 { 1873 struct filename_trans *ft; 1874 struct filename_trans_datum *otype; 1875 char *name; 1876 u32 nel, len; 1877 __le32 buf[4]; 1878 int rc, i; 1879 1880 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1881 return 0; 1882 1883 rc = next_entry(buf, fp, sizeof(u32)); 1884 if (rc) 1885 return rc; 1886 nel = le32_to_cpu(buf[0]); 1887 1888 for (i = 0; i < nel; i++) { 1889 otype = NULL; 1890 name = NULL; 1891 1892 rc = -ENOMEM; 1893 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1894 if (!ft) 1895 goto out; 1896 1897 rc = -ENOMEM; 1898 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1899 if (!otype) 1900 goto out; 1901 1902 /* length of the path component string */ 1903 rc = next_entry(buf, fp, sizeof(u32)); 1904 if (rc) 1905 goto out; 1906 len = le32_to_cpu(buf[0]); 1907 1908 /* path component string */ 1909 rc = str_read(&name, GFP_KERNEL, fp, len); 1910 if (rc) 1911 goto out; 1912 1913 ft->name = name; 1914 1915 rc = next_entry(buf, fp, sizeof(u32) * 4); 1916 if (rc) 1917 goto out; 1918 1919 ft->stype = le32_to_cpu(buf[0]); 1920 ft->ttype = le32_to_cpu(buf[1]); 1921 ft->tclass = le32_to_cpu(buf[2]); 1922 1923 otype->otype = le32_to_cpu(buf[3]); 1924 1925 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1926 if (rc) 1927 goto out; 1928 1929 rc = hashtab_insert(p->filename_trans, ft, otype); 1930 if (rc) { 1931 /* 1932 * Do not return -EEXIST to the caller, or the system 1933 * will not boot. 1934 */ 1935 if (rc != -EEXIST) 1936 goto out; 1937 /* But free memory to avoid memory leak. */ 1938 kfree(ft); 1939 kfree(name); 1940 kfree(otype); 1941 } 1942 } 1943 hash_eval(p->filename_trans, "filenametr"); 1944 return 0; 1945 out: 1946 kfree(ft); 1947 kfree(name); 1948 kfree(otype); 1949 1950 return rc; 1951 } 1952 1953 static int genfs_read(struct policydb *p, void *fp) 1954 { 1955 int i, j, rc; 1956 u32 nel, nel2, len, len2; 1957 __le32 buf[1]; 1958 struct ocontext *l, *c; 1959 struct ocontext *newc = NULL; 1960 struct genfs *genfs_p, *genfs; 1961 struct genfs *newgenfs = NULL; 1962 1963 rc = next_entry(buf, fp, sizeof(u32)); 1964 if (rc) 1965 return rc; 1966 nel = le32_to_cpu(buf[0]); 1967 1968 for (i = 0; i < nel; i++) { 1969 rc = next_entry(buf, fp, sizeof(u32)); 1970 if (rc) 1971 goto out; 1972 len = le32_to_cpu(buf[0]); 1973 1974 rc = -ENOMEM; 1975 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1976 if (!newgenfs) 1977 goto out; 1978 1979 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 1980 if (rc) 1981 goto out; 1982 1983 for (genfs_p = NULL, genfs = p->genfs; genfs; 1984 genfs_p = genfs, genfs = genfs->next) { 1985 rc = -EINVAL; 1986 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1987 pr_err("SELinux: dup genfs fstype %s\n", 1988 newgenfs->fstype); 1989 goto out; 1990 } 1991 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1992 break; 1993 } 1994 newgenfs->next = genfs; 1995 if (genfs_p) 1996 genfs_p->next = newgenfs; 1997 else 1998 p->genfs = newgenfs; 1999 genfs = newgenfs; 2000 newgenfs = NULL; 2001 2002 rc = next_entry(buf, fp, sizeof(u32)); 2003 if (rc) 2004 goto out; 2005 2006 nel2 = le32_to_cpu(buf[0]); 2007 for (j = 0; j < nel2; j++) { 2008 rc = next_entry(buf, fp, sizeof(u32)); 2009 if (rc) 2010 goto out; 2011 len = le32_to_cpu(buf[0]); 2012 2013 rc = -ENOMEM; 2014 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2015 if (!newc) 2016 goto out; 2017 2018 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2019 if (rc) 2020 goto out; 2021 2022 rc = next_entry(buf, fp, sizeof(u32)); 2023 if (rc) 2024 goto out; 2025 2026 newc->v.sclass = le32_to_cpu(buf[0]); 2027 rc = context_read_and_validate(&newc->context[0], p, fp); 2028 if (rc) 2029 goto out; 2030 2031 for (l = NULL, c = genfs->head; c; 2032 l = c, c = c->next) { 2033 rc = -EINVAL; 2034 if (!strcmp(newc->u.name, c->u.name) && 2035 (!c->v.sclass || !newc->v.sclass || 2036 newc->v.sclass == c->v.sclass)) { 2037 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2038 genfs->fstype, c->u.name); 2039 goto out; 2040 } 2041 len = strlen(newc->u.name); 2042 len2 = strlen(c->u.name); 2043 if (len > len2) 2044 break; 2045 } 2046 2047 newc->next = c; 2048 if (l) 2049 l->next = newc; 2050 else 2051 genfs->head = newc; 2052 newc = NULL; 2053 } 2054 } 2055 rc = 0; 2056 out: 2057 if (newgenfs) { 2058 kfree(newgenfs->fstype); 2059 kfree(newgenfs); 2060 } 2061 ocontext_destroy(newc, OCON_FSUSE); 2062 2063 return rc; 2064 } 2065 2066 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2067 void *fp) 2068 { 2069 int i, j, rc; 2070 u32 nel, len; 2071 __be64 prefixbuf[1]; 2072 __le32 buf[3]; 2073 struct ocontext *l, *c; 2074 u32 nodebuf[8]; 2075 2076 for (i = 0; i < info->ocon_num; i++) { 2077 rc = next_entry(buf, fp, sizeof(u32)); 2078 if (rc) 2079 goto out; 2080 nel = le32_to_cpu(buf[0]); 2081 2082 l = NULL; 2083 for (j = 0; j < nel; j++) { 2084 rc = -ENOMEM; 2085 c = kzalloc(sizeof(*c), GFP_KERNEL); 2086 if (!c) 2087 goto out; 2088 if (l) 2089 l->next = c; 2090 else 2091 p->ocontexts[i] = c; 2092 l = c; 2093 2094 switch (i) { 2095 case OCON_ISID: 2096 rc = next_entry(buf, fp, sizeof(u32)); 2097 if (rc) 2098 goto out; 2099 2100 c->sid[0] = le32_to_cpu(buf[0]); 2101 rc = context_read_and_validate(&c->context[0], p, fp); 2102 if (rc) 2103 goto out; 2104 break; 2105 case OCON_FS: 2106 case OCON_NETIF: 2107 rc = next_entry(buf, fp, sizeof(u32)); 2108 if (rc) 2109 goto out; 2110 len = le32_to_cpu(buf[0]); 2111 2112 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2113 if (rc) 2114 goto out; 2115 2116 rc = context_read_and_validate(&c->context[0], p, fp); 2117 if (rc) 2118 goto out; 2119 rc = context_read_and_validate(&c->context[1], p, fp); 2120 if (rc) 2121 goto out; 2122 break; 2123 case OCON_PORT: 2124 rc = next_entry(buf, fp, sizeof(u32)*3); 2125 if (rc) 2126 goto out; 2127 c->u.port.protocol = le32_to_cpu(buf[0]); 2128 c->u.port.low_port = le32_to_cpu(buf[1]); 2129 c->u.port.high_port = le32_to_cpu(buf[2]); 2130 rc = context_read_and_validate(&c->context[0], p, fp); 2131 if (rc) 2132 goto out; 2133 break; 2134 case OCON_NODE: 2135 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2136 if (rc) 2137 goto out; 2138 c->u.node.addr = nodebuf[0]; /* network order */ 2139 c->u.node.mask = nodebuf[1]; /* network order */ 2140 rc = context_read_and_validate(&c->context[0], p, fp); 2141 if (rc) 2142 goto out; 2143 break; 2144 case OCON_FSUSE: 2145 rc = next_entry(buf, fp, sizeof(u32)*2); 2146 if (rc) 2147 goto out; 2148 2149 rc = -EINVAL; 2150 c->v.behavior = le32_to_cpu(buf[0]); 2151 /* Determined at runtime, not in policy DB. */ 2152 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2153 goto out; 2154 if (c->v.behavior > SECURITY_FS_USE_MAX) 2155 goto out; 2156 2157 len = le32_to_cpu(buf[1]); 2158 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2159 if (rc) 2160 goto out; 2161 2162 rc = context_read_and_validate(&c->context[0], p, fp); 2163 if (rc) 2164 goto out; 2165 break; 2166 case OCON_NODE6: { 2167 int k; 2168 2169 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2170 if (rc) 2171 goto out; 2172 for (k = 0; k < 4; k++) 2173 c->u.node6.addr[k] = nodebuf[k]; 2174 for (k = 0; k < 4; k++) 2175 c->u.node6.mask[k] = nodebuf[k+4]; 2176 rc = context_read_and_validate(&c->context[0], p, fp); 2177 if (rc) 2178 goto out; 2179 break; 2180 } 2181 case OCON_IBPKEY: { 2182 u32 pkey_lo, pkey_hi; 2183 2184 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2185 if (rc) 2186 goto out; 2187 2188 /* we need to have subnet_prefix in CPU order */ 2189 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2190 2191 rc = next_entry(buf, fp, sizeof(u32) * 2); 2192 if (rc) 2193 goto out; 2194 2195 pkey_lo = le32_to_cpu(buf[0]); 2196 pkey_hi = le32_to_cpu(buf[1]); 2197 2198 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2199 rc = -EINVAL; 2200 goto out; 2201 } 2202 2203 c->u.ibpkey.low_pkey = pkey_lo; 2204 c->u.ibpkey.high_pkey = pkey_hi; 2205 2206 rc = context_read_and_validate(&c->context[0], 2207 p, 2208 fp); 2209 if (rc) 2210 goto out; 2211 break; 2212 } 2213 case OCON_IBENDPORT: { 2214 u32 port; 2215 2216 rc = next_entry(buf, fp, sizeof(u32) * 2); 2217 if (rc) 2218 goto out; 2219 len = le32_to_cpu(buf[0]); 2220 2221 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2222 if (rc) 2223 goto out; 2224 2225 port = le32_to_cpu(buf[1]); 2226 if (port > U8_MAX || port == 0) { 2227 rc = -EINVAL; 2228 goto out; 2229 } 2230 2231 c->u.ibendport.port = port; 2232 2233 rc = context_read_and_validate(&c->context[0], 2234 p, 2235 fp); 2236 if (rc) 2237 goto out; 2238 break; 2239 } /* end case */ 2240 } /* end switch */ 2241 } 2242 } 2243 rc = 0; 2244 out: 2245 return rc; 2246 } 2247 2248 /* 2249 * Read the configuration data from a policy database binary 2250 * representation file into a policy database structure. 2251 */ 2252 int policydb_read(struct policydb *p, void *fp) 2253 { 2254 struct role_allow *ra, *lra; 2255 struct role_trans *tr, *ltr; 2256 int i, j, rc; 2257 __le32 buf[4]; 2258 u32 len, nprim, nel; 2259 2260 char *policydb_str; 2261 struct policydb_compat_info *info; 2262 2263 rc = policydb_init(p); 2264 if (rc) 2265 return rc; 2266 2267 /* Read the magic number and string length. */ 2268 rc = next_entry(buf, fp, sizeof(u32) * 2); 2269 if (rc) 2270 goto bad; 2271 2272 rc = -EINVAL; 2273 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2274 pr_err("SELinux: policydb magic number 0x%x does " 2275 "not match expected magic number 0x%x\n", 2276 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2277 goto bad; 2278 } 2279 2280 rc = -EINVAL; 2281 len = le32_to_cpu(buf[1]); 2282 if (len != strlen(POLICYDB_STRING)) { 2283 pr_err("SELinux: policydb string length %d does not " 2284 "match expected length %zu\n", 2285 len, strlen(POLICYDB_STRING)); 2286 goto bad; 2287 } 2288 2289 rc = -ENOMEM; 2290 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2291 if (!policydb_str) { 2292 pr_err("SELinux: unable to allocate memory for policydb " 2293 "string of length %d\n", len); 2294 goto bad; 2295 } 2296 2297 rc = next_entry(policydb_str, fp, len); 2298 if (rc) { 2299 pr_err("SELinux: truncated policydb string identifier\n"); 2300 kfree(policydb_str); 2301 goto bad; 2302 } 2303 2304 rc = -EINVAL; 2305 policydb_str[len] = '\0'; 2306 if (strcmp(policydb_str, POLICYDB_STRING)) { 2307 pr_err("SELinux: policydb string %s does not match " 2308 "my string %s\n", policydb_str, POLICYDB_STRING); 2309 kfree(policydb_str); 2310 goto bad; 2311 } 2312 /* Done with policydb_str. */ 2313 kfree(policydb_str); 2314 policydb_str = NULL; 2315 2316 /* Read the version and table sizes. */ 2317 rc = next_entry(buf, fp, sizeof(u32)*4); 2318 if (rc) 2319 goto bad; 2320 2321 rc = -EINVAL; 2322 p->policyvers = le32_to_cpu(buf[0]); 2323 if (p->policyvers < POLICYDB_VERSION_MIN || 2324 p->policyvers > POLICYDB_VERSION_MAX) { 2325 pr_err("SELinux: policydb version %d does not match " 2326 "my version range %d-%d\n", 2327 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2328 goto bad; 2329 } 2330 2331 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2332 p->mls_enabled = 1; 2333 2334 rc = -EINVAL; 2335 if (p->policyvers < POLICYDB_VERSION_MLS) { 2336 pr_err("SELinux: security policydb version %d " 2337 "(MLS) not backwards compatible\n", 2338 p->policyvers); 2339 goto bad; 2340 } 2341 } 2342 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2343 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2344 2345 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2346 rc = ebitmap_read(&p->policycaps, fp); 2347 if (rc) 2348 goto bad; 2349 } 2350 2351 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2352 rc = ebitmap_read(&p->permissive_map, fp); 2353 if (rc) 2354 goto bad; 2355 } 2356 2357 rc = -EINVAL; 2358 info = policydb_lookup_compat(p->policyvers); 2359 if (!info) { 2360 pr_err("SELinux: unable to find policy compat info " 2361 "for version %d\n", p->policyvers); 2362 goto bad; 2363 } 2364 2365 rc = -EINVAL; 2366 if (le32_to_cpu(buf[2]) != info->sym_num || 2367 le32_to_cpu(buf[3]) != info->ocon_num) { 2368 pr_err("SELinux: policydb table sizes (%d,%d) do " 2369 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2370 le32_to_cpu(buf[3]), 2371 info->sym_num, info->ocon_num); 2372 goto bad; 2373 } 2374 2375 for (i = 0; i < info->sym_num; i++) { 2376 rc = next_entry(buf, fp, sizeof(u32)*2); 2377 if (rc) 2378 goto bad; 2379 nprim = le32_to_cpu(buf[0]); 2380 nel = le32_to_cpu(buf[1]); 2381 for (j = 0; j < nel; j++) { 2382 rc = read_f[i](p, p->symtab[i].table, fp); 2383 if (rc) 2384 goto bad; 2385 } 2386 2387 p->symtab[i].nprim = nprim; 2388 } 2389 2390 rc = -EINVAL; 2391 p->process_class = string_to_security_class(p, "process"); 2392 if (!p->process_class) 2393 goto bad; 2394 2395 rc = avtab_read(&p->te_avtab, fp, p); 2396 if (rc) 2397 goto bad; 2398 2399 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2400 rc = cond_read_list(p, fp); 2401 if (rc) 2402 goto bad; 2403 } 2404 2405 rc = next_entry(buf, fp, sizeof(u32)); 2406 if (rc) 2407 goto bad; 2408 nel = le32_to_cpu(buf[0]); 2409 ltr = NULL; 2410 for (i = 0; i < nel; i++) { 2411 rc = -ENOMEM; 2412 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2413 if (!tr) 2414 goto bad; 2415 if (ltr) 2416 ltr->next = tr; 2417 else 2418 p->role_tr = tr; 2419 rc = next_entry(buf, fp, sizeof(u32)*3); 2420 if (rc) 2421 goto bad; 2422 2423 rc = -EINVAL; 2424 tr->role = le32_to_cpu(buf[0]); 2425 tr->type = le32_to_cpu(buf[1]); 2426 tr->new_role = le32_to_cpu(buf[2]); 2427 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2428 rc = next_entry(buf, fp, sizeof(u32)); 2429 if (rc) 2430 goto bad; 2431 tr->tclass = le32_to_cpu(buf[0]); 2432 } else 2433 tr->tclass = p->process_class; 2434 2435 rc = -EINVAL; 2436 if (!policydb_role_isvalid(p, tr->role) || 2437 !policydb_type_isvalid(p, tr->type) || 2438 !policydb_class_isvalid(p, tr->tclass) || 2439 !policydb_role_isvalid(p, tr->new_role)) 2440 goto bad; 2441 ltr = tr; 2442 } 2443 2444 rc = next_entry(buf, fp, sizeof(u32)); 2445 if (rc) 2446 goto bad; 2447 nel = le32_to_cpu(buf[0]); 2448 lra = NULL; 2449 for (i = 0; i < nel; i++) { 2450 rc = -ENOMEM; 2451 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2452 if (!ra) 2453 goto bad; 2454 if (lra) 2455 lra->next = ra; 2456 else 2457 p->role_allow = ra; 2458 rc = next_entry(buf, fp, sizeof(u32)*2); 2459 if (rc) 2460 goto bad; 2461 2462 rc = -EINVAL; 2463 ra->role = le32_to_cpu(buf[0]); 2464 ra->new_role = le32_to_cpu(buf[1]); 2465 if (!policydb_role_isvalid(p, ra->role) || 2466 !policydb_role_isvalid(p, ra->new_role)) 2467 goto bad; 2468 lra = ra; 2469 } 2470 2471 rc = filename_trans_read(p, fp); 2472 if (rc) 2473 goto bad; 2474 2475 rc = policydb_index(p); 2476 if (rc) 2477 goto bad; 2478 2479 rc = -EINVAL; 2480 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2481 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2482 if (!p->process_trans_perms) 2483 goto bad; 2484 2485 rc = ocontext_read(p, info, fp); 2486 if (rc) 2487 goto bad; 2488 2489 rc = genfs_read(p, fp); 2490 if (rc) 2491 goto bad; 2492 2493 rc = range_read(p, fp); 2494 if (rc) 2495 goto bad; 2496 2497 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2498 sizeof(*p->type_attr_map_array), 2499 GFP_KERNEL); 2500 if (!p->type_attr_map_array) 2501 goto bad; 2502 2503 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2504 for (i = 0; i < p->p_types.nprim; i++) 2505 ebitmap_init(&p->type_attr_map_array[i]); 2506 2507 for (i = 0; i < p->p_types.nprim; i++) { 2508 struct ebitmap *e = &p->type_attr_map_array[i]; 2509 2510 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2511 rc = ebitmap_read(e, fp); 2512 if (rc) 2513 goto bad; 2514 } 2515 /* add the type itself as the degenerate case */ 2516 rc = ebitmap_set_bit(e, i, 1); 2517 if (rc) 2518 goto bad; 2519 } 2520 2521 rc = policydb_bounds_sanity_check(p); 2522 if (rc) 2523 goto bad; 2524 2525 rc = 0; 2526 out: 2527 return rc; 2528 bad: 2529 policydb_destroy(p); 2530 goto out; 2531 } 2532 2533 /* 2534 * Write a MLS level structure to a policydb binary 2535 * representation file. 2536 */ 2537 static int mls_write_level(struct mls_level *l, void *fp) 2538 { 2539 __le32 buf[1]; 2540 int rc; 2541 2542 buf[0] = cpu_to_le32(l->sens); 2543 rc = put_entry(buf, sizeof(u32), 1, fp); 2544 if (rc) 2545 return rc; 2546 2547 rc = ebitmap_write(&l->cat, fp); 2548 if (rc) 2549 return rc; 2550 2551 return 0; 2552 } 2553 2554 /* 2555 * Write a MLS range structure to a policydb binary 2556 * representation file. 2557 */ 2558 static int mls_write_range_helper(struct mls_range *r, void *fp) 2559 { 2560 __le32 buf[3]; 2561 size_t items; 2562 int rc, eq; 2563 2564 eq = mls_level_eq(&r->level[1], &r->level[0]); 2565 2566 if (eq) 2567 items = 2; 2568 else 2569 items = 3; 2570 buf[0] = cpu_to_le32(items-1); 2571 buf[1] = cpu_to_le32(r->level[0].sens); 2572 if (!eq) 2573 buf[2] = cpu_to_le32(r->level[1].sens); 2574 2575 BUG_ON(items > ARRAY_SIZE(buf)); 2576 2577 rc = put_entry(buf, sizeof(u32), items, fp); 2578 if (rc) 2579 return rc; 2580 2581 rc = ebitmap_write(&r->level[0].cat, fp); 2582 if (rc) 2583 return rc; 2584 if (!eq) { 2585 rc = ebitmap_write(&r->level[1].cat, fp); 2586 if (rc) 2587 return rc; 2588 } 2589 2590 return 0; 2591 } 2592 2593 static int sens_write(void *vkey, void *datum, void *ptr) 2594 { 2595 char *key = vkey; 2596 struct level_datum *levdatum = datum; 2597 struct policy_data *pd = ptr; 2598 void *fp = pd->fp; 2599 __le32 buf[2]; 2600 size_t len; 2601 int rc; 2602 2603 len = strlen(key); 2604 buf[0] = cpu_to_le32(len); 2605 buf[1] = cpu_to_le32(levdatum->isalias); 2606 rc = put_entry(buf, sizeof(u32), 2, fp); 2607 if (rc) 2608 return rc; 2609 2610 rc = put_entry(key, 1, len, fp); 2611 if (rc) 2612 return rc; 2613 2614 rc = mls_write_level(levdatum->level, fp); 2615 if (rc) 2616 return rc; 2617 2618 return 0; 2619 } 2620 2621 static int cat_write(void *vkey, void *datum, void *ptr) 2622 { 2623 char *key = vkey; 2624 struct cat_datum *catdatum = datum; 2625 struct policy_data *pd = ptr; 2626 void *fp = pd->fp; 2627 __le32 buf[3]; 2628 size_t len; 2629 int rc; 2630 2631 len = strlen(key); 2632 buf[0] = cpu_to_le32(len); 2633 buf[1] = cpu_to_le32(catdatum->value); 2634 buf[2] = cpu_to_le32(catdatum->isalias); 2635 rc = put_entry(buf, sizeof(u32), 3, fp); 2636 if (rc) 2637 return rc; 2638 2639 rc = put_entry(key, 1, len, fp); 2640 if (rc) 2641 return rc; 2642 2643 return 0; 2644 } 2645 2646 static int role_trans_write(struct policydb *p, void *fp) 2647 { 2648 struct role_trans *r = p->role_tr; 2649 struct role_trans *tr; 2650 u32 buf[3]; 2651 size_t nel; 2652 int rc; 2653 2654 nel = 0; 2655 for (tr = r; tr; tr = tr->next) 2656 nel++; 2657 buf[0] = cpu_to_le32(nel); 2658 rc = put_entry(buf, sizeof(u32), 1, fp); 2659 if (rc) 2660 return rc; 2661 for (tr = r; tr; tr = tr->next) { 2662 buf[0] = cpu_to_le32(tr->role); 2663 buf[1] = cpu_to_le32(tr->type); 2664 buf[2] = cpu_to_le32(tr->new_role); 2665 rc = put_entry(buf, sizeof(u32), 3, fp); 2666 if (rc) 2667 return rc; 2668 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2669 buf[0] = cpu_to_le32(tr->tclass); 2670 rc = put_entry(buf, sizeof(u32), 1, fp); 2671 if (rc) 2672 return rc; 2673 } 2674 } 2675 2676 return 0; 2677 } 2678 2679 static int role_allow_write(struct role_allow *r, void *fp) 2680 { 2681 struct role_allow *ra; 2682 u32 buf[2]; 2683 size_t nel; 2684 int rc; 2685 2686 nel = 0; 2687 for (ra = r; ra; ra = ra->next) 2688 nel++; 2689 buf[0] = cpu_to_le32(nel); 2690 rc = put_entry(buf, sizeof(u32), 1, fp); 2691 if (rc) 2692 return rc; 2693 for (ra = r; ra; ra = ra->next) { 2694 buf[0] = cpu_to_le32(ra->role); 2695 buf[1] = cpu_to_le32(ra->new_role); 2696 rc = put_entry(buf, sizeof(u32), 2, fp); 2697 if (rc) 2698 return rc; 2699 } 2700 return 0; 2701 } 2702 2703 /* 2704 * Write a security context structure 2705 * to a policydb binary representation file. 2706 */ 2707 static int context_write(struct policydb *p, struct context *c, 2708 void *fp) 2709 { 2710 int rc; 2711 __le32 buf[3]; 2712 2713 buf[0] = cpu_to_le32(c->user); 2714 buf[1] = cpu_to_le32(c->role); 2715 buf[2] = cpu_to_le32(c->type); 2716 2717 rc = put_entry(buf, sizeof(u32), 3, fp); 2718 if (rc) 2719 return rc; 2720 2721 rc = mls_write_range_helper(&c->range, fp); 2722 if (rc) 2723 return rc; 2724 2725 return 0; 2726 } 2727 2728 /* 2729 * The following *_write functions are used to 2730 * write the symbol data to a policy database 2731 * binary representation file. 2732 */ 2733 2734 static int perm_write(void *vkey, void *datum, void *fp) 2735 { 2736 char *key = vkey; 2737 struct perm_datum *perdatum = datum; 2738 __le32 buf[2]; 2739 size_t len; 2740 int rc; 2741 2742 len = strlen(key); 2743 buf[0] = cpu_to_le32(len); 2744 buf[1] = cpu_to_le32(perdatum->value); 2745 rc = put_entry(buf, sizeof(u32), 2, fp); 2746 if (rc) 2747 return rc; 2748 2749 rc = put_entry(key, 1, len, fp); 2750 if (rc) 2751 return rc; 2752 2753 return 0; 2754 } 2755 2756 static int common_write(void *vkey, void *datum, void *ptr) 2757 { 2758 char *key = vkey; 2759 struct common_datum *comdatum = datum; 2760 struct policy_data *pd = ptr; 2761 void *fp = pd->fp; 2762 __le32 buf[4]; 2763 size_t len; 2764 int rc; 2765 2766 len = strlen(key); 2767 buf[0] = cpu_to_le32(len); 2768 buf[1] = cpu_to_le32(comdatum->value); 2769 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2770 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2771 rc = put_entry(buf, sizeof(u32), 4, fp); 2772 if (rc) 2773 return rc; 2774 2775 rc = put_entry(key, 1, len, fp); 2776 if (rc) 2777 return rc; 2778 2779 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2780 if (rc) 2781 return rc; 2782 2783 return 0; 2784 } 2785 2786 static int type_set_write(struct type_set *t, void *fp) 2787 { 2788 int rc; 2789 __le32 buf[1]; 2790 2791 if (ebitmap_write(&t->types, fp)) 2792 return -EINVAL; 2793 if (ebitmap_write(&t->negset, fp)) 2794 return -EINVAL; 2795 2796 buf[0] = cpu_to_le32(t->flags); 2797 rc = put_entry(buf, sizeof(u32), 1, fp); 2798 if (rc) 2799 return -EINVAL; 2800 2801 return 0; 2802 } 2803 2804 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2805 void *fp) 2806 { 2807 struct constraint_node *c; 2808 struct constraint_expr *e; 2809 __le32 buf[3]; 2810 u32 nel; 2811 int rc; 2812 2813 for (c = node; c; c = c->next) { 2814 nel = 0; 2815 for (e = c->expr; e; e = e->next) 2816 nel++; 2817 buf[0] = cpu_to_le32(c->permissions); 2818 buf[1] = cpu_to_le32(nel); 2819 rc = put_entry(buf, sizeof(u32), 2, fp); 2820 if (rc) 2821 return rc; 2822 for (e = c->expr; e; e = e->next) { 2823 buf[0] = cpu_to_le32(e->expr_type); 2824 buf[1] = cpu_to_le32(e->attr); 2825 buf[2] = cpu_to_le32(e->op); 2826 rc = put_entry(buf, sizeof(u32), 3, fp); 2827 if (rc) 2828 return rc; 2829 2830 switch (e->expr_type) { 2831 case CEXPR_NAMES: 2832 rc = ebitmap_write(&e->names, fp); 2833 if (rc) 2834 return rc; 2835 if (p->policyvers >= 2836 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2837 rc = type_set_write(e->type_names, fp); 2838 if (rc) 2839 return rc; 2840 } 2841 break; 2842 default: 2843 break; 2844 } 2845 } 2846 } 2847 2848 return 0; 2849 } 2850 2851 static int class_write(void *vkey, void *datum, void *ptr) 2852 { 2853 char *key = vkey; 2854 struct class_datum *cladatum = datum; 2855 struct policy_data *pd = ptr; 2856 void *fp = pd->fp; 2857 struct policydb *p = pd->p; 2858 struct constraint_node *c; 2859 __le32 buf[6]; 2860 u32 ncons; 2861 size_t len, len2; 2862 int rc; 2863 2864 len = strlen(key); 2865 if (cladatum->comkey) 2866 len2 = strlen(cladatum->comkey); 2867 else 2868 len2 = 0; 2869 2870 ncons = 0; 2871 for (c = cladatum->constraints; c; c = c->next) 2872 ncons++; 2873 2874 buf[0] = cpu_to_le32(len); 2875 buf[1] = cpu_to_le32(len2); 2876 buf[2] = cpu_to_le32(cladatum->value); 2877 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2878 if (cladatum->permissions.table) 2879 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2880 else 2881 buf[4] = 0; 2882 buf[5] = cpu_to_le32(ncons); 2883 rc = put_entry(buf, sizeof(u32), 6, fp); 2884 if (rc) 2885 return rc; 2886 2887 rc = put_entry(key, 1, len, fp); 2888 if (rc) 2889 return rc; 2890 2891 if (cladatum->comkey) { 2892 rc = put_entry(cladatum->comkey, 1, len2, fp); 2893 if (rc) 2894 return rc; 2895 } 2896 2897 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2898 if (rc) 2899 return rc; 2900 2901 rc = write_cons_helper(p, cladatum->constraints, fp); 2902 if (rc) 2903 return rc; 2904 2905 /* write out the validatetrans rule */ 2906 ncons = 0; 2907 for (c = cladatum->validatetrans; c; c = c->next) 2908 ncons++; 2909 2910 buf[0] = cpu_to_le32(ncons); 2911 rc = put_entry(buf, sizeof(u32), 1, fp); 2912 if (rc) 2913 return rc; 2914 2915 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2916 if (rc) 2917 return rc; 2918 2919 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2920 buf[0] = cpu_to_le32(cladatum->default_user); 2921 buf[1] = cpu_to_le32(cladatum->default_role); 2922 buf[2] = cpu_to_le32(cladatum->default_range); 2923 2924 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2925 if (rc) 2926 return rc; 2927 } 2928 2929 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2930 buf[0] = cpu_to_le32(cladatum->default_type); 2931 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2932 if (rc) 2933 return rc; 2934 } 2935 2936 return 0; 2937 } 2938 2939 static int role_write(void *vkey, void *datum, void *ptr) 2940 { 2941 char *key = vkey; 2942 struct role_datum *role = datum; 2943 struct policy_data *pd = ptr; 2944 void *fp = pd->fp; 2945 struct policydb *p = pd->p; 2946 __le32 buf[3]; 2947 size_t items, len; 2948 int rc; 2949 2950 len = strlen(key); 2951 items = 0; 2952 buf[items++] = cpu_to_le32(len); 2953 buf[items++] = cpu_to_le32(role->value); 2954 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2955 buf[items++] = cpu_to_le32(role->bounds); 2956 2957 BUG_ON(items > ARRAY_SIZE(buf)); 2958 2959 rc = put_entry(buf, sizeof(u32), items, fp); 2960 if (rc) 2961 return rc; 2962 2963 rc = put_entry(key, 1, len, fp); 2964 if (rc) 2965 return rc; 2966 2967 rc = ebitmap_write(&role->dominates, fp); 2968 if (rc) 2969 return rc; 2970 2971 rc = ebitmap_write(&role->types, fp); 2972 if (rc) 2973 return rc; 2974 2975 return 0; 2976 } 2977 2978 static int type_write(void *vkey, void *datum, void *ptr) 2979 { 2980 char *key = vkey; 2981 struct type_datum *typdatum = datum; 2982 struct policy_data *pd = ptr; 2983 struct policydb *p = pd->p; 2984 void *fp = pd->fp; 2985 __le32 buf[4]; 2986 int rc; 2987 size_t items, len; 2988 2989 len = strlen(key); 2990 items = 0; 2991 buf[items++] = cpu_to_le32(len); 2992 buf[items++] = cpu_to_le32(typdatum->value); 2993 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2994 u32 properties = 0; 2995 2996 if (typdatum->primary) 2997 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2998 2999 if (typdatum->attribute) 3000 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3001 3002 buf[items++] = cpu_to_le32(properties); 3003 buf[items++] = cpu_to_le32(typdatum->bounds); 3004 } else { 3005 buf[items++] = cpu_to_le32(typdatum->primary); 3006 } 3007 BUG_ON(items > ARRAY_SIZE(buf)); 3008 rc = put_entry(buf, sizeof(u32), items, fp); 3009 if (rc) 3010 return rc; 3011 3012 rc = put_entry(key, 1, len, fp); 3013 if (rc) 3014 return rc; 3015 3016 return 0; 3017 } 3018 3019 static int user_write(void *vkey, void *datum, void *ptr) 3020 { 3021 char *key = vkey; 3022 struct user_datum *usrdatum = datum; 3023 struct policy_data *pd = ptr; 3024 struct policydb *p = pd->p; 3025 void *fp = pd->fp; 3026 __le32 buf[3]; 3027 size_t items, len; 3028 int rc; 3029 3030 len = strlen(key); 3031 items = 0; 3032 buf[items++] = cpu_to_le32(len); 3033 buf[items++] = cpu_to_le32(usrdatum->value); 3034 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3035 buf[items++] = cpu_to_le32(usrdatum->bounds); 3036 BUG_ON(items > ARRAY_SIZE(buf)); 3037 rc = put_entry(buf, sizeof(u32), items, fp); 3038 if (rc) 3039 return rc; 3040 3041 rc = put_entry(key, 1, len, fp); 3042 if (rc) 3043 return rc; 3044 3045 rc = ebitmap_write(&usrdatum->roles, fp); 3046 if (rc) 3047 return rc; 3048 3049 rc = mls_write_range_helper(&usrdatum->range, fp); 3050 if (rc) 3051 return rc; 3052 3053 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3054 if (rc) 3055 return rc; 3056 3057 return 0; 3058 } 3059 3060 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3061 void *datap) = 3062 { 3063 common_write, 3064 class_write, 3065 role_write, 3066 type_write, 3067 user_write, 3068 cond_write_bool, 3069 sens_write, 3070 cat_write, 3071 }; 3072 3073 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3074 void *fp) 3075 { 3076 unsigned int i, j, rc; 3077 size_t nel, len; 3078 __be64 prefixbuf[1]; 3079 __le32 buf[3]; 3080 u32 nodebuf[8]; 3081 struct ocontext *c; 3082 for (i = 0; i < info->ocon_num; i++) { 3083 nel = 0; 3084 for (c = p->ocontexts[i]; c; c = c->next) 3085 nel++; 3086 buf[0] = cpu_to_le32(nel); 3087 rc = put_entry(buf, sizeof(u32), 1, fp); 3088 if (rc) 3089 return rc; 3090 for (c = p->ocontexts[i]; c; c = c->next) { 3091 switch (i) { 3092 case OCON_ISID: 3093 buf[0] = cpu_to_le32(c->sid[0]); 3094 rc = put_entry(buf, sizeof(u32), 1, fp); 3095 if (rc) 3096 return rc; 3097 rc = context_write(p, &c->context[0], fp); 3098 if (rc) 3099 return rc; 3100 break; 3101 case OCON_FS: 3102 case OCON_NETIF: 3103 len = strlen(c->u.name); 3104 buf[0] = cpu_to_le32(len); 3105 rc = put_entry(buf, sizeof(u32), 1, fp); 3106 if (rc) 3107 return rc; 3108 rc = put_entry(c->u.name, 1, len, fp); 3109 if (rc) 3110 return rc; 3111 rc = context_write(p, &c->context[0], fp); 3112 if (rc) 3113 return rc; 3114 rc = context_write(p, &c->context[1], fp); 3115 if (rc) 3116 return rc; 3117 break; 3118 case OCON_PORT: 3119 buf[0] = cpu_to_le32(c->u.port.protocol); 3120 buf[1] = cpu_to_le32(c->u.port.low_port); 3121 buf[2] = cpu_to_le32(c->u.port.high_port); 3122 rc = put_entry(buf, sizeof(u32), 3, fp); 3123 if (rc) 3124 return rc; 3125 rc = context_write(p, &c->context[0], fp); 3126 if (rc) 3127 return rc; 3128 break; 3129 case OCON_NODE: 3130 nodebuf[0] = c->u.node.addr; /* network order */ 3131 nodebuf[1] = c->u.node.mask; /* network order */ 3132 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3133 if (rc) 3134 return rc; 3135 rc = context_write(p, &c->context[0], fp); 3136 if (rc) 3137 return rc; 3138 break; 3139 case OCON_FSUSE: 3140 buf[0] = cpu_to_le32(c->v.behavior); 3141 len = strlen(c->u.name); 3142 buf[1] = cpu_to_le32(len); 3143 rc = put_entry(buf, sizeof(u32), 2, fp); 3144 if (rc) 3145 return rc; 3146 rc = put_entry(c->u.name, 1, len, fp); 3147 if (rc) 3148 return rc; 3149 rc = context_write(p, &c->context[0], fp); 3150 if (rc) 3151 return rc; 3152 break; 3153 case OCON_NODE6: 3154 for (j = 0; j < 4; j++) 3155 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3156 for (j = 0; j < 4; j++) 3157 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3158 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3159 if (rc) 3160 return rc; 3161 rc = context_write(p, &c->context[0], fp); 3162 if (rc) 3163 return rc; 3164 break; 3165 case OCON_IBPKEY: 3166 /* subnet_prefix is in CPU order */ 3167 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3168 3169 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3170 if (rc) 3171 return rc; 3172 3173 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3174 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3175 3176 rc = put_entry(buf, sizeof(u32), 2, fp); 3177 if (rc) 3178 return rc; 3179 rc = context_write(p, &c->context[0], fp); 3180 if (rc) 3181 return rc; 3182 break; 3183 case OCON_IBENDPORT: 3184 len = strlen(c->u.ibendport.dev_name); 3185 buf[0] = cpu_to_le32(len); 3186 buf[1] = cpu_to_le32(c->u.ibendport.port); 3187 rc = put_entry(buf, sizeof(u32), 2, fp); 3188 if (rc) 3189 return rc; 3190 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3191 if (rc) 3192 return rc; 3193 rc = context_write(p, &c->context[0], fp); 3194 if (rc) 3195 return rc; 3196 break; 3197 } 3198 } 3199 } 3200 return 0; 3201 } 3202 3203 static int genfs_write(struct policydb *p, void *fp) 3204 { 3205 struct genfs *genfs; 3206 struct ocontext *c; 3207 size_t len; 3208 __le32 buf[1]; 3209 int rc; 3210 3211 len = 0; 3212 for (genfs = p->genfs; genfs; genfs = genfs->next) 3213 len++; 3214 buf[0] = cpu_to_le32(len); 3215 rc = put_entry(buf, sizeof(u32), 1, fp); 3216 if (rc) 3217 return rc; 3218 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3219 len = strlen(genfs->fstype); 3220 buf[0] = cpu_to_le32(len); 3221 rc = put_entry(buf, sizeof(u32), 1, fp); 3222 if (rc) 3223 return rc; 3224 rc = put_entry(genfs->fstype, 1, len, fp); 3225 if (rc) 3226 return rc; 3227 len = 0; 3228 for (c = genfs->head; c; c = c->next) 3229 len++; 3230 buf[0] = cpu_to_le32(len); 3231 rc = put_entry(buf, sizeof(u32), 1, fp); 3232 if (rc) 3233 return rc; 3234 for (c = genfs->head; c; c = c->next) { 3235 len = strlen(c->u.name); 3236 buf[0] = cpu_to_le32(len); 3237 rc = put_entry(buf, sizeof(u32), 1, fp); 3238 if (rc) 3239 return rc; 3240 rc = put_entry(c->u.name, 1, len, fp); 3241 if (rc) 3242 return rc; 3243 buf[0] = cpu_to_le32(c->v.sclass); 3244 rc = put_entry(buf, sizeof(u32), 1, fp); 3245 if (rc) 3246 return rc; 3247 rc = context_write(p, &c->context[0], fp); 3248 if (rc) 3249 return rc; 3250 } 3251 } 3252 return 0; 3253 } 3254 3255 static int hashtab_cnt(void *key, void *data, void *ptr) 3256 { 3257 int *cnt = ptr; 3258 *cnt = *cnt + 1; 3259 3260 return 0; 3261 } 3262 3263 static int range_write_helper(void *key, void *data, void *ptr) 3264 { 3265 __le32 buf[2]; 3266 struct range_trans *rt = key; 3267 struct mls_range *r = data; 3268 struct policy_data *pd = ptr; 3269 void *fp = pd->fp; 3270 struct policydb *p = pd->p; 3271 int rc; 3272 3273 buf[0] = cpu_to_le32(rt->source_type); 3274 buf[1] = cpu_to_le32(rt->target_type); 3275 rc = put_entry(buf, sizeof(u32), 2, fp); 3276 if (rc) 3277 return rc; 3278 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3279 buf[0] = cpu_to_le32(rt->target_class); 3280 rc = put_entry(buf, sizeof(u32), 1, fp); 3281 if (rc) 3282 return rc; 3283 } 3284 rc = mls_write_range_helper(r, fp); 3285 if (rc) 3286 return rc; 3287 3288 return 0; 3289 } 3290 3291 static int range_write(struct policydb *p, void *fp) 3292 { 3293 __le32 buf[1]; 3294 int rc, nel; 3295 struct policy_data pd; 3296 3297 pd.p = p; 3298 pd.fp = fp; 3299 3300 /* count the number of entries in the hashtab */ 3301 nel = 0; 3302 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3303 if (rc) 3304 return rc; 3305 3306 buf[0] = cpu_to_le32(nel); 3307 rc = put_entry(buf, sizeof(u32), 1, fp); 3308 if (rc) 3309 return rc; 3310 3311 /* actually write all of the entries */ 3312 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3313 if (rc) 3314 return rc; 3315 3316 return 0; 3317 } 3318 3319 static int filename_write_helper(void *key, void *data, void *ptr) 3320 { 3321 __le32 buf[4]; 3322 struct filename_trans *ft = key; 3323 struct filename_trans_datum *otype = data; 3324 void *fp = ptr; 3325 int rc; 3326 u32 len; 3327 3328 len = strlen(ft->name); 3329 buf[0] = cpu_to_le32(len); 3330 rc = put_entry(buf, sizeof(u32), 1, fp); 3331 if (rc) 3332 return rc; 3333 3334 rc = put_entry(ft->name, sizeof(char), len, fp); 3335 if (rc) 3336 return rc; 3337 3338 buf[0] = cpu_to_le32(ft->stype); 3339 buf[1] = cpu_to_le32(ft->ttype); 3340 buf[2] = cpu_to_le32(ft->tclass); 3341 buf[3] = cpu_to_le32(otype->otype); 3342 3343 rc = put_entry(buf, sizeof(u32), 4, fp); 3344 if (rc) 3345 return rc; 3346 3347 return 0; 3348 } 3349 3350 static int filename_trans_write(struct policydb *p, void *fp) 3351 { 3352 u32 nel; 3353 __le32 buf[1]; 3354 int rc; 3355 3356 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3357 return 0; 3358 3359 nel = 0; 3360 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3361 if (rc) 3362 return rc; 3363 3364 buf[0] = cpu_to_le32(nel); 3365 rc = put_entry(buf, sizeof(u32), 1, fp); 3366 if (rc) 3367 return rc; 3368 3369 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3370 if (rc) 3371 return rc; 3372 3373 return 0; 3374 } 3375 3376 /* 3377 * Write the configuration data in a policy database 3378 * structure to a policy database binary representation 3379 * file. 3380 */ 3381 int policydb_write(struct policydb *p, void *fp) 3382 { 3383 unsigned int i, num_syms; 3384 int rc; 3385 __le32 buf[4]; 3386 u32 config; 3387 size_t len; 3388 struct policydb_compat_info *info; 3389 3390 /* 3391 * refuse to write policy older than compressed avtab 3392 * to simplify the writer. There are other tests dropped 3393 * since we assume this throughout the writer code. Be 3394 * careful if you ever try to remove this restriction 3395 */ 3396 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3397 pr_err("SELinux: refusing to write policy version %d." 3398 " Because it is less than version %d\n", p->policyvers, 3399 POLICYDB_VERSION_AVTAB); 3400 return -EINVAL; 3401 } 3402 3403 config = 0; 3404 if (p->mls_enabled) 3405 config |= POLICYDB_CONFIG_MLS; 3406 3407 if (p->reject_unknown) 3408 config |= REJECT_UNKNOWN; 3409 if (p->allow_unknown) 3410 config |= ALLOW_UNKNOWN; 3411 3412 /* Write the magic number and string identifiers. */ 3413 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3414 len = strlen(POLICYDB_STRING); 3415 buf[1] = cpu_to_le32(len); 3416 rc = put_entry(buf, sizeof(u32), 2, fp); 3417 if (rc) 3418 return rc; 3419 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3420 if (rc) 3421 return rc; 3422 3423 /* Write the version, config, and table sizes. */ 3424 info = policydb_lookup_compat(p->policyvers); 3425 if (!info) { 3426 pr_err("SELinux: compatibility lookup failed for policy " 3427 "version %d", p->policyvers); 3428 return -EINVAL; 3429 } 3430 3431 buf[0] = cpu_to_le32(p->policyvers); 3432 buf[1] = cpu_to_le32(config); 3433 buf[2] = cpu_to_le32(info->sym_num); 3434 buf[3] = cpu_to_le32(info->ocon_num); 3435 3436 rc = put_entry(buf, sizeof(u32), 4, fp); 3437 if (rc) 3438 return rc; 3439 3440 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3441 rc = ebitmap_write(&p->policycaps, fp); 3442 if (rc) 3443 return rc; 3444 } 3445 3446 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3447 rc = ebitmap_write(&p->permissive_map, fp); 3448 if (rc) 3449 return rc; 3450 } 3451 3452 num_syms = info->sym_num; 3453 for (i = 0; i < num_syms; i++) { 3454 struct policy_data pd; 3455 3456 pd.fp = fp; 3457 pd.p = p; 3458 3459 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3460 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3461 3462 rc = put_entry(buf, sizeof(u32), 2, fp); 3463 if (rc) 3464 return rc; 3465 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3466 if (rc) 3467 return rc; 3468 } 3469 3470 rc = avtab_write(p, &p->te_avtab, fp); 3471 if (rc) 3472 return rc; 3473 3474 rc = cond_write_list(p, p->cond_list, fp); 3475 if (rc) 3476 return rc; 3477 3478 rc = role_trans_write(p, fp); 3479 if (rc) 3480 return rc; 3481 3482 rc = role_allow_write(p->role_allow, fp); 3483 if (rc) 3484 return rc; 3485 3486 rc = filename_trans_write(p, fp); 3487 if (rc) 3488 return rc; 3489 3490 rc = ocontext_write(p, info, fp); 3491 if (rc) 3492 return rc; 3493 3494 rc = genfs_write(p, fp); 3495 if (rc) 3496 return rc; 3497 3498 rc = range_write(p, fp); 3499 if (rc) 3500 return rc; 3501 3502 for (i = 0; i < p->p_types.nprim; i++) { 3503 struct ebitmap *e = &p->type_attr_map_array[i]; 3504 3505 rc = ebitmap_write(e, fp); 3506 if (rc) 3507 return rc; 3508 } 3509 3510 return 0; 3511 } 3512