1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #define _DEBUG_HASHES 45 46 #ifdef DEBUG_HASHES 47 static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56 }; 57 #endif 58 59 static unsigned int symtab_sizes[SYM_NUM] = { 60 2, 61 32, 62 16, 63 512, 64 128, 65 16, 66 16, 67 16, 68 }; 69 70 struct policydb_compat_info { 71 int version; 72 int sym_num; 73 int ocon_num; 74 }; 75 76 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 77 static struct policydb_compat_info policydb_compat[] = { 78 { 79 .version = POLICYDB_VERSION_BASE, 80 .sym_num = SYM_NUM - 3, 81 .ocon_num = OCON_NUM - 3, 82 }, 83 { 84 .version = POLICYDB_VERSION_BOOL, 85 .sym_num = SYM_NUM - 2, 86 .ocon_num = OCON_NUM - 3, 87 }, 88 { 89 .version = POLICYDB_VERSION_IPV6, 90 .sym_num = SYM_NUM - 2, 91 .ocon_num = OCON_NUM - 2, 92 }, 93 { 94 .version = POLICYDB_VERSION_NLCLASS, 95 .sym_num = SYM_NUM - 2, 96 .ocon_num = OCON_NUM - 2, 97 }, 98 { 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NUM - 2, 102 }, 103 { 104 .version = POLICYDB_VERSION_AVTAB, 105 .sym_num = SYM_NUM, 106 .ocon_num = OCON_NUM - 2, 107 }, 108 { 109 .version = POLICYDB_VERSION_RANGETRANS, 110 .sym_num = SYM_NUM, 111 .ocon_num = OCON_NUM - 2, 112 }, 113 { 114 .version = POLICYDB_VERSION_POLCAP, 115 .sym_num = SYM_NUM, 116 .ocon_num = OCON_NUM - 2, 117 }, 118 { 119 .version = POLICYDB_VERSION_PERMISSIVE, 120 .sym_num = SYM_NUM, 121 .ocon_num = OCON_NUM - 2, 122 }, 123 { 124 .version = POLICYDB_VERSION_BOUNDARY, 125 .sym_num = SYM_NUM, 126 .ocon_num = OCON_NUM - 2, 127 }, 128 { 129 .version = POLICYDB_VERSION_FILENAME_TRANS, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NUM - 2, 132 }, 133 { 134 .version = POLICYDB_VERSION_ROLETRANS, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NUM - 2, 137 }, 138 { 139 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 140 .sym_num = SYM_NUM, 141 .ocon_num = OCON_NUM - 2, 142 }, 143 { 144 .version = POLICYDB_VERSION_DEFAULT_TYPE, 145 .sym_num = SYM_NUM, 146 .ocon_num = OCON_NUM - 2, 147 }, 148 { 149 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 150 .sym_num = SYM_NUM, 151 .ocon_num = OCON_NUM - 2, 152 }, 153 { 154 .version = POLICYDB_VERSION_XPERMS_IOCTL, 155 .sym_num = SYM_NUM, 156 .ocon_num = OCON_NUM - 2, 157 }, 158 { 159 .version = POLICYDB_VERSION_INFINIBAND, 160 .sym_num = SYM_NUM, 161 .ocon_num = OCON_NUM, 162 }, 163 }; 164 165 static struct policydb_compat_info *policydb_lookup_compat(int version) 166 { 167 int i; 168 struct policydb_compat_info *info = NULL; 169 170 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 171 if (policydb_compat[i].version == version) { 172 info = &policydb_compat[i]; 173 break; 174 } 175 } 176 return info; 177 } 178 179 /* 180 * Initialize the role table. 181 */ 182 static int roles_init(struct policydb *p) 183 { 184 char *key = NULL; 185 int rc; 186 struct role_datum *role; 187 188 role = kzalloc(sizeof(*role), GFP_KERNEL); 189 if (!role) 190 return -ENOMEM; 191 192 rc = -EINVAL; 193 role->value = ++p->p_roles.nprim; 194 if (role->value != OBJECT_R_VAL) 195 goto out; 196 197 rc = -ENOMEM; 198 key = kstrdup(OBJECT_R, GFP_KERNEL); 199 if (!key) 200 goto out; 201 202 rc = hashtab_insert(p->p_roles.table, key, role); 203 if (rc) 204 goto out; 205 206 return 0; 207 out: 208 kfree(key); 209 kfree(role); 210 return rc; 211 } 212 213 static u32 filenametr_hash(struct hashtab *h, const void *k) 214 { 215 const struct filename_trans *ft = k; 216 unsigned long hash; 217 unsigned int byte_num; 218 unsigned char focus; 219 220 hash = ft->stype ^ ft->ttype ^ ft->tclass; 221 222 byte_num = 0; 223 while ((focus = ft->name[byte_num++])) 224 hash = partial_name_hash(focus, hash); 225 return hash & (h->size - 1); 226 } 227 228 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 229 { 230 const struct filename_trans *ft1 = k1; 231 const struct filename_trans *ft2 = k2; 232 int v; 233 234 v = ft1->stype - ft2->stype; 235 if (v) 236 return v; 237 238 v = ft1->ttype - ft2->ttype; 239 if (v) 240 return v; 241 242 v = ft1->tclass - ft2->tclass; 243 if (v) 244 return v; 245 246 return strcmp(ft1->name, ft2->name); 247 248 } 249 250 static u32 rangetr_hash(struct hashtab *h, const void *k) 251 { 252 const struct range_trans *key = k; 253 return (key->source_type + (key->target_type << 3) + 254 (key->target_class << 5)) & (h->size - 1); 255 } 256 257 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 258 { 259 const struct range_trans *key1 = k1, *key2 = k2; 260 int v; 261 262 v = key1->source_type - key2->source_type; 263 if (v) 264 return v; 265 266 v = key1->target_type - key2->target_type; 267 if (v) 268 return v; 269 270 v = key1->target_class - key2->target_class; 271 272 return v; 273 } 274 275 /* 276 * Initialize a policy database structure. 277 */ 278 static int policydb_init(struct policydb *p) 279 { 280 int i, rc; 281 282 memset(p, 0, sizeof(*p)); 283 284 for (i = 0; i < SYM_NUM; i++) { 285 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 286 if (rc) 287 goto out; 288 } 289 290 rc = avtab_init(&p->te_avtab); 291 if (rc) 292 goto out; 293 294 rc = roles_init(p); 295 if (rc) 296 goto out; 297 298 rc = cond_policydb_init(p); 299 if (rc) 300 goto out; 301 302 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 303 if (!p->filename_trans) { 304 rc = -ENOMEM; 305 goto out; 306 } 307 308 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 309 if (!p->range_tr) { 310 rc = -ENOMEM; 311 goto out; 312 } 313 314 ebitmap_init(&p->filename_trans_ttypes); 315 ebitmap_init(&p->policycaps); 316 ebitmap_init(&p->permissive_map); 317 318 return 0; 319 out: 320 hashtab_destroy(p->filename_trans); 321 hashtab_destroy(p->range_tr); 322 for (i = 0; i < SYM_NUM; i++) 323 hashtab_destroy(p->symtab[i].table); 324 return rc; 325 } 326 327 /* 328 * The following *_index functions are used to 329 * define the val_to_name and val_to_struct arrays 330 * in a policy database structure. The val_to_name 331 * arrays are used when converting security context 332 * structures into string representations. The 333 * val_to_struct arrays are used when the attributes 334 * of a class, role, or user are needed. 335 */ 336 337 static int common_index(void *key, void *datum, void *datap) 338 { 339 struct policydb *p; 340 struct common_datum *comdatum; 341 342 comdatum = datum; 343 p = datap; 344 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 345 return -EINVAL; 346 347 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 348 349 return 0; 350 } 351 352 static int class_index(void *key, void *datum, void *datap) 353 { 354 struct policydb *p; 355 struct class_datum *cladatum; 356 357 cladatum = datum; 358 p = datap; 359 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 360 return -EINVAL; 361 362 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 363 p->class_val_to_struct[cladatum->value - 1] = cladatum; 364 return 0; 365 } 366 367 static int role_index(void *key, void *datum, void *datap) 368 { 369 struct policydb *p; 370 struct role_datum *role; 371 372 role = datum; 373 p = datap; 374 if (!role->value 375 || role->value > p->p_roles.nprim 376 || role->bounds > p->p_roles.nprim) 377 return -EINVAL; 378 379 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 380 p->role_val_to_struct[role->value - 1] = role; 381 return 0; 382 } 383 384 static int type_index(void *key, void *datum, void *datap) 385 { 386 struct policydb *p; 387 struct type_datum *typdatum; 388 389 typdatum = datum; 390 p = datap; 391 392 if (typdatum->primary) { 393 if (!typdatum->value 394 || typdatum->value > p->p_types.nprim 395 || typdatum->bounds > p->p_types.nprim) 396 return -EINVAL; 397 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 398 p->type_val_to_struct_array[typdatum->value - 1] = typdatum; 399 } 400 401 return 0; 402 } 403 404 static int user_index(void *key, void *datum, void *datap) 405 { 406 struct policydb *p; 407 struct user_datum *usrdatum; 408 409 usrdatum = datum; 410 p = datap; 411 if (!usrdatum->value 412 || usrdatum->value > p->p_users.nprim 413 || usrdatum->bounds > p->p_users.nprim) 414 return -EINVAL; 415 416 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 417 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 418 return 0; 419 } 420 421 static int sens_index(void *key, void *datum, void *datap) 422 { 423 struct policydb *p; 424 struct level_datum *levdatum; 425 426 levdatum = datum; 427 p = datap; 428 429 if (!levdatum->isalias) { 430 if (!levdatum->level->sens || 431 levdatum->level->sens > p->p_levels.nprim) 432 return -EINVAL; 433 434 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 435 } 436 437 return 0; 438 } 439 440 static int cat_index(void *key, void *datum, void *datap) 441 { 442 struct policydb *p; 443 struct cat_datum *catdatum; 444 445 catdatum = datum; 446 p = datap; 447 448 if (!catdatum->isalias) { 449 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 450 return -EINVAL; 451 452 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 453 } 454 455 return 0; 456 } 457 458 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 459 { 460 common_index, 461 class_index, 462 role_index, 463 type_index, 464 user_index, 465 cond_index_bool, 466 sens_index, 467 cat_index, 468 }; 469 470 #ifdef DEBUG_HASHES 471 static void hash_eval(struct hashtab *h, const char *hash_name) 472 { 473 struct hashtab_info info; 474 475 hashtab_stat(h, &info); 476 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, " 477 "longest chain length %d\n", hash_name, h->nel, 478 info.slots_used, h->size, info.max_chain_len); 479 } 480 481 static void symtab_hash_eval(struct symtab *s) 482 { 483 int i; 484 485 for (i = 0; i < SYM_NUM; i++) 486 hash_eval(s[i].table, symtab_name[i]); 487 } 488 489 #else 490 static inline void hash_eval(struct hashtab *h, char *hash_name) 491 { 492 } 493 #endif 494 495 /* 496 * Define the other val_to_name and val_to_struct arrays 497 * in a policy database structure. 498 * 499 * Caller must clean up on failure. 500 */ 501 static int policydb_index(struct policydb *p) 502 { 503 int i, rc; 504 505 if (p->mls_enabled) 506 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 507 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 508 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 509 else 510 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 511 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 512 p->p_bools.nprim); 513 514 pr_debug("SELinux: %d classes, %d rules\n", 515 p->p_classes.nprim, p->te_avtab.nel); 516 517 #ifdef DEBUG_HASHES 518 avtab_hash_eval(&p->te_avtab, "rules"); 519 symtab_hash_eval(p->symtab); 520 #endif 521 522 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 523 sizeof(*p->class_val_to_struct), 524 GFP_KERNEL); 525 if (!p->class_val_to_struct) 526 return -ENOMEM; 527 528 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 529 sizeof(*p->role_val_to_struct), 530 GFP_KERNEL); 531 if (!p->role_val_to_struct) 532 return -ENOMEM; 533 534 p->user_val_to_struct = kcalloc(p->p_users.nprim, 535 sizeof(*p->user_val_to_struct), 536 GFP_KERNEL); 537 if (!p->user_val_to_struct) 538 return -ENOMEM; 539 540 p->type_val_to_struct_array = kvcalloc(p->p_types.nprim, 541 sizeof(*p->type_val_to_struct_array), 542 GFP_KERNEL); 543 if (!p->type_val_to_struct_array) 544 return -ENOMEM; 545 546 rc = cond_init_bool_indexes(p); 547 if (rc) 548 goto out; 549 550 for (i = 0; i < SYM_NUM; i++) { 551 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 552 sizeof(char *), 553 GFP_KERNEL); 554 if (!p->sym_val_to_name[i]) 555 return -ENOMEM; 556 557 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 558 if (rc) 559 goto out; 560 } 561 rc = 0; 562 out: 563 return rc; 564 } 565 566 /* 567 * The following *_destroy functions are used to 568 * free any memory allocated for each kind of 569 * symbol data in the policy database. 570 */ 571 572 static int perm_destroy(void *key, void *datum, void *p) 573 { 574 kfree(key); 575 kfree(datum); 576 return 0; 577 } 578 579 static int common_destroy(void *key, void *datum, void *p) 580 { 581 struct common_datum *comdatum; 582 583 kfree(key); 584 if (datum) { 585 comdatum = datum; 586 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 587 hashtab_destroy(comdatum->permissions.table); 588 } 589 kfree(datum); 590 return 0; 591 } 592 593 static void constraint_expr_destroy(struct constraint_expr *expr) 594 { 595 if (expr) { 596 ebitmap_destroy(&expr->names); 597 if (expr->type_names) { 598 ebitmap_destroy(&expr->type_names->types); 599 ebitmap_destroy(&expr->type_names->negset); 600 kfree(expr->type_names); 601 } 602 kfree(expr); 603 } 604 } 605 606 static int cls_destroy(void *key, void *datum, void *p) 607 { 608 struct class_datum *cladatum; 609 struct constraint_node *constraint, *ctemp; 610 struct constraint_expr *e, *etmp; 611 612 kfree(key); 613 if (datum) { 614 cladatum = datum; 615 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 616 hashtab_destroy(cladatum->permissions.table); 617 constraint = cladatum->constraints; 618 while (constraint) { 619 e = constraint->expr; 620 while (e) { 621 etmp = e; 622 e = e->next; 623 constraint_expr_destroy(etmp); 624 } 625 ctemp = constraint; 626 constraint = constraint->next; 627 kfree(ctemp); 628 } 629 630 constraint = cladatum->validatetrans; 631 while (constraint) { 632 e = constraint->expr; 633 while (e) { 634 etmp = e; 635 e = e->next; 636 constraint_expr_destroy(etmp); 637 } 638 ctemp = constraint; 639 constraint = constraint->next; 640 kfree(ctemp); 641 } 642 kfree(cladatum->comkey); 643 } 644 kfree(datum); 645 return 0; 646 } 647 648 static int role_destroy(void *key, void *datum, void *p) 649 { 650 struct role_datum *role; 651 652 kfree(key); 653 if (datum) { 654 role = datum; 655 ebitmap_destroy(&role->dominates); 656 ebitmap_destroy(&role->types); 657 } 658 kfree(datum); 659 return 0; 660 } 661 662 static int type_destroy(void *key, void *datum, void *p) 663 { 664 kfree(key); 665 kfree(datum); 666 return 0; 667 } 668 669 static int user_destroy(void *key, void *datum, void *p) 670 { 671 struct user_datum *usrdatum; 672 673 kfree(key); 674 if (datum) { 675 usrdatum = datum; 676 ebitmap_destroy(&usrdatum->roles); 677 ebitmap_destroy(&usrdatum->range.level[0].cat); 678 ebitmap_destroy(&usrdatum->range.level[1].cat); 679 ebitmap_destroy(&usrdatum->dfltlevel.cat); 680 } 681 kfree(datum); 682 return 0; 683 } 684 685 static int sens_destroy(void *key, void *datum, void *p) 686 { 687 struct level_datum *levdatum; 688 689 kfree(key); 690 if (datum) { 691 levdatum = datum; 692 if (levdatum->level) 693 ebitmap_destroy(&levdatum->level->cat); 694 kfree(levdatum->level); 695 } 696 kfree(datum); 697 return 0; 698 } 699 700 static int cat_destroy(void *key, void *datum, void *p) 701 { 702 kfree(key); 703 kfree(datum); 704 return 0; 705 } 706 707 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 708 { 709 common_destroy, 710 cls_destroy, 711 role_destroy, 712 type_destroy, 713 user_destroy, 714 cond_destroy_bool, 715 sens_destroy, 716 cat_destroy, 717 }; 718 719 static int filenametr_destroy(void *key, void *datum, void *p) 720 { 721 struct filename_trans *ft = key; 722 kfree(ft->name); 723 kfree(key); 724 kfree(datum); 725 cond_resched(); 726 return 0; 727 } 728 729 static int range_tr_destroy(void *key, void *datum, void *p) 730 { 731 struct mls_range *rt = datum; 732 kfree(key); 733 ebitmap_destroy(&rt->level[0].cat); 734 ebitmap_destroy(&rt->level[1].cat); 735 kfree(datum); 736 cond_resched(); 737 return 0; 738 } 739 740 static void ocontext_destroy(struct ocontext *c, int i) 741 { 742 if (!c) 743 return; 744 745 context_destroy(&c->context[0]); 746 context_destroy(&c->context[1]); 747 if (i == OCON_ISID || i == OCON_FS || 748 i == OCON_NETIF || i == OCON_FSUSE) 749 kfree(c->u.name); 750 kfree(c); 751 } 752 753 /* 754 * Free any memory allocated by a policy database structure. 755 */ 756 void policydb_destroy(struct policydb *p) 757 { 758 struct ocontext *c, *ctmp; 759 struct genfs *g, *gtmp; 760 int i; 761 struct role_allow *ra, *lra = NULL; 762 struct role_trans *tr, *ltr = NULL; 763 764 for (i = 0; i < SYM_NUM; i++) { 765 cond_resched(); 766 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 767 hashtab_destroy(p->symtab[i].table); 768 } 769 770 for (i = 0; i < SYM_NUM; i++) 771 kvfree(p->sym_val_to_name[i]); 772 773 kfree(p->class_val_to_struct); 774 kfree(p->role_val_to_struct); 775 kfree(p->user_val_to_struct); 776 kvfree(p->type_val_to_struct_array); 777 778 avtab_destroy(&p->te_avtab); 779 780 for (i = 0; i < OCON_NUM; i++) { 781 cond_resched(); 782 c = p->ocontexts[i]; 783 while (c) { 784 ctmp = c; 785 c = c->next; 786 ocontext_destroy(ctmp, i); 787 } 788 p->ocontexts[i] = NULL; 789 } 790 791 g = p->genfs; 792 while (g) { 793 cond_resched(); 794 kfree(g->fstype); 795 c = g->head; 796 while (c) { 797 ctmp = c; 798 c = c->next; 799 ocontext_destroy(ctmp, OCON_FSUSE); 800 } 801 gtmp = g; 802 g = g->next; 803 kfree(gtmp); 804 } 805 p->genfs = NULL; 806 807 cond_policydb_destroy(p); 808 809 for (tr = p->role_tr; tr; tr = tr->next) { 810 cond_resched(); 811 kfree(ltr); 812 ltr = tr; 813 } 814 kfree(ltr); 815 816 for (ra = p->role_allow; ra; ra = ra->next) { 817 cond_resched(); 818 kfree(lra); 819 lra = ra; 820 } 821 kfree(lra); 822 823 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 824 hashtab_destroy(p->filename_trans); 825 826 hashtab_map(p->range_tr, range_tr_destroy, NULL); 827 hashtab_destroy(p->range_tr); 828 829 if (p->type_attr_map_array) { 830 for (i = 0; i < p->p_types.nprim; i++) 831 ebitmap_destroy(&p->type_attr_map_array[i]); 832 kvfree(p->type_attr_map_array); 833 } 834 835 ebitmap_destroy(&p->filename_trans_ttypes); 836 ebitmap_destroy(&p->policycaps); 837 ebitmap_destroy(&p->permissive_map); 838 } 839 840 /* 841 * Load the initial SIDs specified in a policy database 842 * structure into a SID table. 843 */ 844 int policydb_load_isids(struct policydb *p, struct sidtab *s) 845 { 846 struct ocontext *head, *c; 847 int rc; 848 849 rc = sidtab_init(s); 850 if (rc) { 851 pr_err("SELinux: out of memory on SID table init\n"); 852 goto out; 853 } 854 855 head = p->ocontexts[OCON_ISID]; 856 for (c = head; c; c = c->next) { 857 rc = -EINVAL; 858 if (!c->context[0].user) { 859 pr_err("SELinux: SID %s was never defined.\n", 860 c->u.name); 861 sidtab_destroy(s); 862 goto out; 863 } 864 if (c->sid[0] == SECSID_NULL || c->sid[0] > SECINITSID_NUM) { 865 pr_err("SELinux: Initial SID %s out of range.\n", 866 c->u.name); 867 sidtab_destroy(s); 868 goto out; 869 } 870 871 rc = sidtab_set_initial(s, c->sid[0], &c->context[0]); 872 if (rc) { 873 pr_err("SELinux: unable to load initial SID %s.\n", 874 c->u.name); 875 sidtab_destroy(s); 876 goto out; 877 } 878 } 879 rc = 0; 880 out: 881 return rc; 882 } 883 884 int policydb_class_isvalid(struct policydb *p, unsigned int class) 885 { 886 if (!class || class > p->p_classes.nprim) 887 return 0; 888 return 1; 889 } 890 891 int policydb_role_isvalid(struct policydb *p, unsigned int role) 892 { 893 if (!role || role > p->p_roles.nprim) 894 return 0; 895 return 1; 896 } 897 898 int policydb_type_isvalid(struct policydb *p, unsigned int type) 899 { 900 if (!type || type > p->p_types.nprim) 901 return 0; 902 return 1; 903 } 904 905 /* 906 * Return 1 if the fields in the security context 907 * structure `c' are valid. Return 0 otherwise. 908 */ 909 int policydb_context_isvalid(struct policydb *p, struct context *c) 910 { 911 struct role_datum *role; 912 struct user_datum *usrdatum; 913 914 if (!c->role || c->role > p->p_roles.nprim) 915 return 0; 916 917 if (!c->user || c->user > p->p_users.nprim) 918 return 0; 919 920 if (!c->type || c->type > p->p_types.nprim) 921 return 0; 922 923 if (c->role != OBJECT_R_VAL) { 924 /* 925 * Role must be authorized for the type. 926 */ 927 role = p->role_val_to_struct[c->role - 1]; 928 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 929 /* role may not be associated with type */ 930 return 0; 931 932 /* 933 * User must be authorized for the role. 934 */ 935 usrdatum = p->user_val_to_struct[c->user - 1]; 936 if (!usrdatum) 937 return 0; 938 939 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 940 /* user may not be associated with role */ 941 return 0; 942 } 943 944 if (!mls_context_isvalid(p, c)) 945 return 0; 946 947 return 1; 948 } 949 950 /* 951 * Read a MLS range structure from a policydb binary 952 * representation file. 953 */ 954 static int mls_read_range_helper(struct mls_range *r, void *fp) 955 { 956 __le32 buf[2]; 957 u32 items; 958 int rc; 959 960 rc = next_entry(buf, fp, sizeof(u32)); 961 if (rc) 962 goto out; 963 964 rc = -EINVAL; 965 items = le32_to_cpu(buf[0]); 966 if (items > ARRAY_SIZE(buf)) { 967 pr_err("SELinux: mls: range overflow\n"); 968 goto out; 969 } 970 971 rc = next_entry(buf, fp, sizeof(u32) * items); 972 if (rc) { 973 pr_err("SELinux: mls: truncated range\n"); 974 goto out; 975 } 976 977 r->level[0].sens = le32_to_cpu(buf[0]); 978 if (items > 1) 979 r->level[1].sens = le32_to_cpu(buf[1]); 980 else 981 r->level[1].sens = r->level[0].sens; 982 983 rc = ebitmap_read(&r->level[0].cat, fp); 984 if (rc) { 985 pr_err("SELinux: mls: error reading low categories\n"); 986 goto out; 987 } 988 if (items > 1) { 989 rc = ebitmap_read(&r->level[1].cat, fp); 990 if (rc) { 991 pr_err("SELinux: mls: error reading high categories\n"); 992 goto bad_high; 993 } 994 } else { 995 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 996 if (rc) { 997 pr_err("SELinux: mls: out of memory\n"); 998 goto bad_high; 999 } 1000 } 1001 1002 return 0; 1003 bad_high: 1004 ebitmap_destroy(&r->level[0].cat); 1005 out: 1006 return rc; 1007 } 1008 1009 /* 1010 * Read and validate a security context structure 1011 * from a policydb binary representation file. 1012 */ 1013 static int context_read_and_validate(struct context *c, 1014 struct policydb *p, 1015 void *fp) 1016 { 1017 __le32 buf[3]; 1018 int rc; 1019 1020 rc = next_entry(buf, fp, sizeof buf); 1021 if (rc) { 1022 pr_err("SELinux: context truncated\n"); 1023 goto out; 1024 } 1025 c->user = le32_to_cpu(buf[0]); 1026 c->role = le32_to_cpu(buf[1]); 1027 c->type = le32_to_cpu(buf[2]); 1028 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1029 rc = mls_read_range_helper(&c->range, fp); 1030 if (rc) { 1031 pr_err("SELinux: error reading MLS range of context\n"); 1032 goto out; 1033 } 1034 } 1035 1036 rc = -EINVAL; 1037 if (!policydb_context_isvalid(p, c)) { 1038 pr_err("SELinux: invalid security context\n"); 1039 context_destroy(c); 1040 goto out; 1041 } 1042 rc = 0; 1043 out: 1044 return rc; 1045 } 1046 1047 /* 1048 * The following *_read functions are used to 1049 * read the symbol data from a policy database 1050 * binary representation file. 1051 */ 1052 1053 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1054 { 1055 int rc; 1056 char *str; 1057 1058 if ((len == 0) || (len == (u32)-1)) 1059 return -EINVAL; 1060 1061 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1062 if (!str) 1063 return -ENOMEM; 1064 1065 /* it's expected the caller should free the str */ 1066 *strp = str; 1067 1068 rc = next_entry(str, fp, len); 1069 if (rc) 1070 return rc; 1071 1072 str[len] = '\0'; 1073 return 0; 1074 } 1075 1076 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1077 { 1078 char *key = NULL; 1079 struct perm_datum *perdatum; 1080 int rc; 1081 __le32 buf[2]; 1082 u32 len; 1083 1084 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1085 if (!perdatum) 1086 return -ENOMEM; 1087 1088 rc = next_entry(buf, fp, sizeof buf); 1089 if (rc) 1090 goto bad; 1091 1092 len = le32_to_cpu(buf[0]); 1093 perdatum->value = le32_to_cpu(buf[1]); 1094 1095 rc = str_read(&key, GFP_KERNEL, fp, len); 1096 if (rc) 1097 goto bad; 1098 1099 rc = hashtab_insert(h, key, perdatum); 1100 if (rc) 1101 goto bad; 1102 1103 return 0; 1104 bad: 1105 perm_destroy(key, perdatum, NULL); 1106 return rc; 1107 } 1108 1109 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1110 { 1111 char *key = NULL; 1112 struct common_datum *comdatum; 1113 __le32 buf[4]; 1114 u32 len, nel; 1115 int i, rc; 1116 1117 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1118 if (!comdatum) 1119 return -ENOMEM; 1120 1121 rc = next_entry(buf, fp, sizeof buf); 1122 if (rc) 1123 goto bad; 1124 1125 len = le32_to_cpu(buf[0]); 1126 comdatum->value = le32_to_cpu(buf[1]); 1127 1128 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1129 if (rc) 1130 goto bad; 1131 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1132 nel = le32_to_cpu(buf[3]); 1133 1134 rc = str_read(&key, GFP_KERNEL, fp, len); 1135 if (rc) 1136 goto bad; 1137 1138 for (i = 0; i < nel; i++) { 1139 rc = perm_read(p, comdatum->permissions.table, fp); 1140 if (rc) 1141 goto bad; 1142 } 1143 1144 rc = hashtab_insert(h, key, comdatum); 1145 if (rc) 1146 goto bad; 1147 return 0; 1148 bad: 1149 common_destroy(key, comdatum, NULL); 1150 return rc; 1151 } 1152 1153 static void type_set_init(struct type_set *t) 1154 { 1155 ebitmap_init(&t->types); 1156 ebitmap_init(&t->negset); 1157 } 1158 1159 static int type_set_read(struct type_set *t, void *fp) 1160 { 1161 __le32 buf[1]; 1162 int rc; 1163 1164 if (ebitmap_read(&t->types, fp)) 1165 return -EINVAL; 1166 if (ebitmap_read(&t->negset, fp)) 1167 return -EINVAL; 1168 1169 rc = next_entry(buf, fp, sizeof(u32)); 1170 if (rc < 0) 1171 return -EINVAL; 1172 t->flags = le32_to_cpu(buf[0]); 1173 1174 return 0; 1175 } 1176 1177 1178 static int read_cons_helper(struct policydb *p, 1179 struct constraint_node **nodep, 1180 int ncons, int allowxtarget, void *fp) 1181 { 1182 struct constraint_node *c, *lc; 1183 struct constraint_expr *e, *le; 1184 __le32 buf[3]; 1185 u32 nexpr; 1186 int rc, i, j, depth; 1187 1188 lc = NULL; 1189 for (i = 0; i < ncons; i++) { 1190 c = kzalloc(sizeof(*c), GFP_KERNEL); 1191 if (!c) 1192 return -ENOMEM; 1193 1194 if (lc) 1195 lc->next = c; 1196 else 1197 *nodep = c; 1198 1199 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1200 if (rc) 1201 return rc; 1202 c->permissions = le32_to_cpu(buf[0]); 1203 nexpr = le32_to_cpu(buf[1]); 1204 le = NULL; 1205 depth = -1; 1206 for (j = 0; j < nexpr; j++) { 1207 e = kzalloc(sizeof(*e), GFP_KERNEL); 1208 if (!e) 1209 return -ENOMEM; 1210 1211 if (le) 1212 le->next = e; 1213 else 1214 c->expr = e; 1215 1216 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1217 if (rc) 1218 return rc; 1219 e->expr_type = le32_to_cpu(buf[0]); 1220 e->attr = le32_to_cpu(buf[1]); 1221 e->op = le32_to_cpu(buf[2]); 1222 1223 switch (e->expr_type) { 1224 case CEXPR_NOT: 1225 if (depth < 0) 1226 return -EINVAL; 1227 break; 1228 case CEXPR_AND: 1229 case CEXPR_OR: 1230 if (depth < 1) 1231 return -EINVAL; 1232 depth--; 1233 break; 1234 case CEXPR_ATTR: 1235 if (depth == (CEXPR_MAXDEPTH - 1)) 1236 return -EINVAL; 1237 depth++; 1238 break; 1239 case CEXPR_NAMES: 1240 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1241 return -EINVAL; 1242 if (depth == (CEXPR_MAXDEPTH - 1)) 1243 return -EINVAL; 1244 depth++; 1245 rc = ebitmap_read(&e->names, fp); 1246 if (rc) 1247 return rc; 1248 if (p->policyvers >= 1249 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1250 e->type_names = kzalloc(sizeof 1251 (*e->type_names), 1252 GFP_KERNEL); 1253 if (!e->type_names) 1254 return -ENOMEM; 1255 type_set_init(e->type_names); 1256 rc = type_set_read(e->type_names, fp); 1257 if (rc) 1258 return rc; 1259 } 1260 break; 1261 default: 1262 return -EINVAL; 1263 } 1264 le = e; 1265 } 1266 if (depth != 0) 1267 return -EINVAL; 1268 lc = c; 1269 } 1270 1271 return 0; 1272 } 1273 1274 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1275 { 1276 char *key = NULL; 1277 struct class_datum *cladatum; 1278 __le32 buf[6]; 1279 u32 len, len2, ncons, nel; 1280 int i, rc; 1281 1282 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1283 if (!cladatum) 1284 return -ENOMEM; 1285 1286 rc = next_entry(buf, fp, sizeof(u32)*6); 1287 if (rc) 1288 goto bad; 1289 1290 len = le32_to_cpu(buf[0]); 1291 len2 = le32_to_cpu(buf[1]); 1292 cladatum->value = le32_to_cpu(buf[2]); 1293 1294 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1295 if (rc) 1296 goto bad; 1297 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1298 nel = le32_to_cpu(buf[4]); 1299 1300 ncons = le32_to_cpu(buf[5]); 1301 1302 rc = str_read(&key, GFP_KERNEL, fp, len); 1303 if (rc) 1304 goto bad; 1305 1306 if (len2) { 1307 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1308 if (rc) 1309 goto bad; 1310 1311 rc = -EINVAL; 1312 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1313 if (!cladatum->comdatum) { 1314 pr_err("SELinux: unknown common %s\n", 1315 cladatum->comkey); 1316 goto bad; 1317 } 1318 } 1319 for (i = 0; i < nel; i++) { 1320 rc = perm_read(p, cladatum->permissions.table, fp); 1321 if (rc) 1322 goto bad; 1323 } 1324 1325 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1326 if (rc) 1327 goto bad; 1328 1329 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1330 /* grab the validatetrans rules */ 1331 rc = next_entry(buf, fp, sizeof(u32)); 1332 if (rc) 1333 goto bad; 1334 ncons = le32_to_cpu(buf[0]); 1335 rc = read_cons_helper(p, &cladatum->validatetrans, 1336 ncons, 1, fp); 1337 if (rc) 1338 goto bad; 1339 } 1340 1341 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1342 rc = next_entry(buf, fp, sizeof(u32) * 3); 1343 if (rc) 1344 goto bad; 1345 1346 cladatum->default_user = le32_to_cpu(buf[0]); 1347 cladatum->default_role = le32_to_cpu(buf[1]); 1348 cladatum->default_range = le32_to_cpu(buf[2]); 1349 } 1350 1351 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1352 rc = next_entry(buf, fp, sizeof(u32) * 1); 1353 if (rc) 1354 goto bad; 1355 cladatum->default_type = le32_to_cpu(buf[0]); 1356 } 1357 1358 rc = hashtab_insert(h, key, cladatum); 1359 if (rc) 1360 goto bad; 1361 1362 return 0; 1363 bad: 1364 cls_destroy(key, cladatum, NULL); 1365 return rc; 1366 } 1367 1368 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1369 { 1370 char *key = NULL; 1371 struct role_datum *role; 1372 int rc, to_read = 2; 1373 __le32 buf[3]; 1374 u32 len; 1375 1376 role = kzalloc(sizeof(*role), GFP_KERNEL); 1377 if (!role) 1378 return -ENOMEM; 1379 1380 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1381 to_read = 3; 1382 1383 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1384 if (rc) 1385 goto bad; 1386 1387 len = le32_to_cpu(buf[0]); 1388 role->value = le32_to_cpu(buf[1]); 1389 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1390 role->bounds = le32_to_cpu(buf[2]); 1391 1392 rc = str_read(&key, GFP_KERNEL, fp, len); 1393 if (rc) 1394 goto bad; 1395 1396 rc = ebitmap_read(&role->dominates, fp); 1397 if (rc) 1398 goto bad; 1399 1400 rc = ebitmap_read(&role->types, fp); 1401 if (rc) 1402 goto bad; 1403 1404 if (strcmp(key, OBJECT_R) == 0) { 1405 rc = -EINVAL; 1406 if (role->value != OBJECT_R_VAL) { 1407 pr_err("SELinux: Role %s has wrong value %d\n", 1408 OBJECT_R, role->value); 1409 goto bad; 1410 } 1411 rc = 0; 1412 goto bad; 1413 } 1414 1415 rc = hashtab_insert(h, key, role); 1416 if (rc) 1417 goto bad; 1418 return 0; 1419 bad: 1420 role_destroy(key, role, NULL); 1421 return rc; 1422 } 1423 1424 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1425 { 1426 char *key = NULL; 1427 struct type_datum *typdatum; 1428 int rc, to_read = 3; 1429 __le32 buf[4]; 1430 u32 len; 1431 1432 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1433 if (!typdatum) 1434 return -ENOMEM; 1435 1436 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1437 to_read = 4; 1438 1439 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1440 if (rc) 1441 goto bad; 1442 1443 len = le32_to_cpu(buf[0]); 1444 typdatum->value = le32_to_cpu(buf[1]); 1445 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1446 u32 prop = le32_to_cpu(buf[2]); 1447 1448 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1449 typdatum->primary = 1; 1450 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1451 typdatum->attribute = 1; 1452 1453 typdatum->bounds = le32_to_cpu(buf[3]); 1454 } else { 1455 typdatum->primary = le32_to_cpu(buf[2]); 1456 } 1457 1458 rc = str_read(&key, GFP_KERNEL, fp, len); 1459 if (rc) 1460 goto bad; 1461 1462 rc = hashtab_insert(h, key, typdatum); 1463 if (rc) 1464 goto bad; 1465 return 0; 1466 bad: 1467 type_destroy(key, typdatum, NULL); 1468 return rc; 1469 } 1470 1471 1472 /* 1473 * Read a MLS level structure from a policydb binary 1474 * representation file. 1475 */ 1476 static int mls_read_level(struct mls_level *lp, void *fp) 1477 { 1478 __le32 buf[1]; 1479 int rc; 1480 1481 memset(lp, 0, sizeof(*lp)); 1482 1483 rc = next_entry(buf, fp, sizeof buf); 1484 if (rc) { 1485 pr_err("SELinux: mls: truncated level\n"); 1486 return rc; 1487 } 1488 lp->sens = le32_to_cpu(buf[0]); 1489 1490 rc = ebitmap_read(&lp->cat, fp); 1491 if (rc) { 1492 pr_err("SELinux: mls: error reading level categories\n"); 1493 return rc; 1494 } 1495 return 0; 1496 } 1497 1498 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1499 { 1500 char *key = NULL; 1501 struct user_datum *usrdatum; 1502 int rc, to_read = 2; 1503 __le32 buf[3]; 1504 u32 len; 1505 1506 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1507 if (!usrdatum) 1508 return -ENOMEM; 1509 1510 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1511 to_read = 3; 1512 1513 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1514 if (rc) 1515 goto bad; 1516 1517 len = le32_to_cpu(buf[0]); 1518 usrdatum->value = le32_to_cpu(buf[1]); 1519 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1520 usrdatum->bounds = le32_to_cpu(buf[2]); 1521 1522 rc = str_read(&key, GFP_KERNEL, fp, len); 1523 if (rc) 1524 goto bad; 1525 1526 rc = ebitmap_read(&usrdatum->roles, fp); 1527 if (rc) 1528 goto bad; 1529 1530 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1531 rc = mls_read_range_helper(&usrdatum->range, fp); 1532 if (rc) 1533 goto bad; 1534 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1535 if (rc) 1536 goto bad; 1537 } 1538 1539 rc = hashtab_insert(h, key, usrdatum); 1540 if (rc) 1541 goto bad; 1542 return 0; 1543 bad: 1544 user_destroy(key, usrdatum, NULL); 1545 return rc; 1546 } 1547 1548 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1549 { 1550 char *key = NULL; 1551 struct level_datum *levdatum; 1552 int rc; 1553 __le32 buf[2]; 1554 u32 len; 1555 1556 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1557 if (!levdatum) 1558 return -ENOMEM; 1559 1560 rc = next_entry(buf, fp, sizeof buf); 1561 if (rc) 1562 goto bad; 1563 1564 len = le32_to_cpu(buf[0]); 1565 levdatum->isalias = le32_to_cpu(buf[1]); 1566 1567 rc = str_read(&key, GFP_ATOMIC, fp, len); 1568 if (rc) 1569 goto bad; 1570 1571 rc = -ENOMEM; 1572 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1573 if (!levdatum->level) 1574 goto bad; 1575 1576 rc = mls_read_level(levdatum->level, fp); 1577 if (rc) 1578 goto bad; 1579 1580 rc = hashtab_insert(h, key, levdatum); 1581 if (rc) 1582 goto bad; 1583 return 0; 1584 bad: 1585 sens_destroy(key, levdatum, NULL); 1586 return rc; 1587 } 1588 1589 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1590 { 1591 char *key = NULL; 1592 struct cat_datum *catdatum; 1593 int rc; 1594 __le32 buf[3]; 1595 u32 len; 1596 1597 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1598 if (!catdatum) 1599 return -ENOMEM; 1600 1601 rc = next_entry(buf, fp, sizeof buf); 1602 if (rc) 1603 goto bad; 1604 1605 len = le32_to_cpu(buf[0]); 1606 catdatum->value = le32_to_cpu(buf[1]); 1607 catdatum->isalias = le32_to_cpu(buf[2]); 1608 1609 rc = str_read(&key, GFP_ATOMIC, fp, len); 1610 if (rc) 1611 goto bad; 1612 1613 rc = hashtab_insert(h, key, catdatum); 1614 if (rc) 1615 goto bad; 1616 return 0; 1617 bad: 1618 cat_destroy(key, catdatum, NULL); 1619 return rc; 1620 } 1621 1622 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1623 { 1624 common_read, 1625 class_read, 1626 role_read, 1627 type_read, 1628 user_read, 1629 cond_read_bool, 1630 sens_read, 1631 cat_read, 1632 }; 1633 1634 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1635 { 1636 struct user_datum *upper, *user; 1637 struct policydb *p = datap; 1638 int depth = 0; 1639 1640 upper = user = datum; 1641 while (upper->bounds) { 1642 struct ebitmap_node *node; 1643 unsigned long bit; 1644 1645 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1646 pr_err("SELinux: user %s: " 1647 "too deep or looped boundary", 1648 (char *) key); 1649 return -EINVAL; 1650 } 1651 1652 upper = p->user_val_to_struct[upper->bounds - 1]; 1653 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1654 if (ebitmap_get_bit(&upper->roles, bit)) 1655 continue; 1656 1657 pr_err("SELinux: boundary violated policy: " 1658 "user=%s role=%s bounds=%s\n", 1659 sym_name(p, SYM_USERS, user->value - 1), 1660 sym_name(p, SYM_ROLES, bit), 1661 sym_name(p, SYM_USERS, upper->value - 1)); 1662 1663 return -EINVAL; 1664 } 1665 } 1666 1667 return 0; 1668 } 1669 1670 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1671 { 1672 struct role_datum *upper, *role; 1673 struct policydb *p = datap; 1674 int depth = 0; 1675 1676 upper = role = datum; 1677 while (upper->bounds) { 1678 struct ebitmap_node *node; 1679 unsigned long bit; 1680 1681 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1682 pr_err("SELinux: role %s: " 1683 "too deep or looped bounds\n", 1684 (char *) key); 1685 return -EINVAL; 1686 } 1687 1688 upper = p->role_val_to_struct[upper->bounds - 1]; 1689 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1690 if (ebitmap_get_bit(&upper->types, bit)) 1691 continue; 1692 1693 pr_err("SELinux: boundary violated policy: " 1694 "role=%s type=%s bounds=%s\n", 1695 sym_name(p, SYM_ROLES, role->value - 1), 1696 sym_name(p, SYM_TYPES, bit), 1697 sym_name(p, SYM_ROLES, upper->value - 1)); 1698 1699 return -EINVAL; 1700 } 1701 } 1702 1703 return 0; 1704 } 1705 1706 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1707 { 1708 struct type_datum *upper; 1709 struct policydb *p = datap; 1710 int depth = 0; 1711 1712 upper = datum; 1713 while (upper->bounds) { 1714 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1715 pr_err("SELinux: type %s: " 1716 "too deep or looped boundary\n", 1717 (char *) key); 1718 return -EINVAL; 1719 } 1720 1721 upper = p->type_val_to_struct_array[upper->bounds - 1]; 1722 BUG_ON(!upper); 1723 1724 if (upper->attribute) { 1725 pr_err("SELinux: type %s: " 1726 "bounded by attribute %s", 1727 (char *) key, 1728 sym_name(p, SYM_TYPES, upper->value - 1)); 1729 return -EINVAL; 1730 } 1731 } 1732 1733 return 0; 1734 } 1735 1736 static int policydb_bounds_sanity_check(struct policydb *p) 1737 { 1738 int rc; 1739 1740 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1741 return 0; 1742 1743 rc = hashtab_map(p->p_users.table, 1744 user_bounds_sanity_check, p); 1745 if (rc) 1746 return rc; 1747 1748 rc = hashtab_map(p->p_roles.table, 1749 role_bounds_sanity_check, p); 1750 if (rc) 1751 return rc; 1752 1753 rc = hashtab_map(p->p_types.table, 1754 type_bounds_sanity_check, p); 1755 if (rc) 1756 return rc; 1757 1758 return 0; 1759 } 1760 1761 u16 string_to_security_class(struct policydb *p, const char *name) 1762 { 1763 struct class_datum *cladatum; 1764 1765 cladatum = hashtab_search(p->p_classes.table, name); 1766 if (!cladatum) 1767 return 0; 1768 1769 return cladatum->value; 1770 } 1771 1772 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1773 { 1774 struct class_datum *cladatum; 1775 struct perm_datum *perdatum = NULL; 1776 struct common_datum *comdatum; 1777 1778 if (!tclass || tclass > p->p_classes.nprim) 1779 return 0; 1780 1781 cladatum = p->class_val_to_struct[tclass-1]; 1782 comdatum = cladatum->comdatum; 1783 if (comdatum) 1784 perdatum = hashtab_search(comdatum->permissions.table, 1785 name); 1786 if (!perdatum) 1787 perdatum = hashtab_search(cladatum->permissions.table, 1788 name); 1789 if (!perdatum) 1790 return 0; 1791 1792 return 1U << (perdatum->value-1); 1793 } 1794 1795 static int range_read(struct policydb *p, void *fp) 1796 { 1797 struct range_trans *rt = NULL; 1798 struct mls_range *r = NULL; 1799 int i, rc; 1800 __le32 buf[2]; 1801 u32 nel; 1802 1803 if (p->policyvers < POLICYDB_VERSION_MLS) 1804 return 0; 1805 1806 rc = next_entry(buf, fp, sizeof(u32)); 1807 if (rc) 1808 return rc; 1809 1810 nel = le32_to_cpu(buf[0]); 1811 for (i = 0; i < nel; i++) { 1812 rc = -ENOMEM; 1813 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1814 if (!rt) 1815 goto out; 1816 1817 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1818 if (rc) 1819 goto out; 1820 1821 rt->source_type = le32_to_cpu(buf[0]); 1822 rt->target_type = le32_to_cpu(buf[1]); 1823 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1824 rc = next_entry(buf, fp, sizeof(u32)); 1825 if (rc) 1826 goto out; 1827 rt->target_class = le32_to_cpu(buf[0]); 1828 } else 1829 rt->target_class = p->process_class; 1830 1831 rc = -EINVAL; 1832 if (!policydb_type_isvalid(p, rt->source_type) || 1833 !policydb_type_isvalid(p, rt->target_type) || 1834 !policydb_class_isvalid(p, rt->target_class)) 1835 goto out; 1836 1837 rc = -ENOMEM; 1838 r = kzalloc(sizeof(*r), GFP_KERNEL); 1839 if (!r) 1840 goto out; 1841 1842 rc = mls_read_range_helper(r, fp); 1843 if (rc) 1844 goto out; 1845 1846 rc = -EINVAL; 1847 if (!mls_range_isvalid(p, r)) { 1848 pr_warn("SELinux: rangetrans: invalid range\n"); 1849 goto out; 1850 } 1851 1852 rc = hashtab_insert(p->range_tr, rt, r); 1853 if (rc) 1854 goto out; 1855 1856 rt = NULL; 1857 r = NULL; 1858 } 1859 hash_eval(p->range_tr, "rangetr"); 1860 rc = 0; 1861 out: 1862 kfree(rt); 1863 kfree(r); 1864 return rc; 1865 } 1866 1867 static int filename_trans_read(struct policydb *p, void *fp) 1868 { 1869 struct filename_trans *ft; 1870 struct filename_trans_datum *otype; 1871 char *name; 1872 u32 nel, len; 1873 __le32 buf[4]; 1874 int rc, i; 1875 1876 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1877 return 0; 1878 1879 rc = next_entry(buf, fp, sizeof(u32)); 1880 if (rc) 1881 return rc; 1882 nel = le32_to_cpu(buf[0]); 1883 1884 for (i = 0; i < nel; i++) { 1885 otype = NULL; 1886 name = NULL; 1887 1888 rc = -ENOMEM; 1889 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1890 if (!ft) 1891 goto out; 1892 1893 rc = -ENOMEM; 1894 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1895 if (!otype) 1896 goto out; 1897 1898 /* length of the path component string */ 1899 rc = next_entry(buf, fp, sizeof(u32)); 1900 if (rc) 1901 goto out; 1902 len = le32_to_cpu(buf[0]); 1903 1904 /* path component string */ 1905 rc = str_read(&name, GFP_KERNEL, fp, len); 1906 if (rc) 1907 goto out; 1908 1909 ft->name = name; 1910 1911 rc = next_entry(buf, fp, sizeof(u32) * 4); 1912 if (rc) 1913 goto out; 1914 1915 ft->stype = le32_to_cpu(buf[0]); 1916 ft->ttype = le32_to_cpu(buf[1]); 1917 ft->tclass = le32_to_cpu(buf[2]); 1918 1919 otype->otype = le32_to_cpu(buf[3]); 1920 1921 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1922 if (rc) 1923 goto out; 1924 1925 rc = hashtab_insert(p->filename_trans, ft, otype); 1926 if (rc) { 1927 /* 1928 * Do not return -EEXIST to the caller, or the system 1929 * will not boot. 1930 */ 1931 if (rc != -EEXIST) 1932 goto out; 1933 /* But free memory to avoid memory leak. */ 1934 kfree(ft); 1935 kfree(name); 1936 kfree(otype); 1937 } 1938 } 1939 hash_eval(p->filename_trans, "filenametr"); 1940 return 0; 1941 out: 1942 kfree(ft); 1943 kfree(name); 1944 kfree(otype); 1945 1946 return rc; 1947 } 1948 1949 static int genfs_read(struct policydb *p, void *fp) 1950 { 1951 int i, j, rc; 1952 u32 nel, nel2, len, len2; 1953 __le32 buf[1]; 1954 struct ocontext *l, *c; 1955 struct ocontext *newc = NULL; 1956 struct genfs *genfs_p, *genfs; 1957 struct genfs *newgenfs = NULL; 1958 1959 rc = next_entry(buf, fp, sizeof(u32)); 1960 if (rc) 1961 return rc; 1962 nel = le32_to_cpu(buf[0]); 1963 1964 for (i = 0; i < nel; i++) { 1965 rc = next_entry(buf, fp, sizeof(u32)); 1966 if (rc) 1967 goto out; 1968 len = le32_to_cpu(buf[0]); 1969 1970 rc = -ENOMEM; 1971 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1972 if (!newgenfs) 1973 goto out; 1974 1975 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 1976 if (rc) 1977 goto out; 1978 1979 for (genfs_p = NULL, genfs = p->genfs; genfs; 1980 genfs_p = genfs, genfs = genfs->next) { 1981 rc = -EINVAL; 1982 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1983 pr_err("SELinux: dup genfs fstype %s\n", 1984 newgenfs->fstype); 1985 goto out; 1986 } 1987 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1988 break; 1989 } 1990 newgenfs->next = genfs; 1991 if (genfs_p) 1992 genfs_p->next = newgenfs; 1993 else 1994 p->genfs = newgenfs; 1995 genfs = newgenfs; 1996 newgenfs = NULL; 1997 1998 rc = next_entry(buf, fp, sizeof(u32)); 1999 if (rc) 2000 goto out; 2001 2002 nel2 = le32_to_cpu(buf[0]); 2003 for (j = 0; j < nel2; j++) { 2004 rc = next_entry(buf, fp, sizeof(u32)); 2005 if (rc) 2006 goto out; 2007 len = le32_to_cpu(buf[0]); 2008 2009 rc = -ENOMEM; 2010 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2011 if (!newc) 2012 goto out; 2013 2014 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2015 if (rc) 2016 goto out; 2017 2018 rc = next_entry(buf, fp, sizeof(u32)); 2019 if (rc) 2020 goto out; 2021 2022 newc->v.sclass = le32_to_cpu(buf[0]); 2023 rc = context_read_and_validate(&newc->context[0], p, fp); 2024 if (rc) 2025 goto out; 2026 2027 for (l = NULL, c = genfs->head; c; 2028 l = c, c = c->next) { 2029 rc = -EINVAL; 2030 if (!strcmp(newc->u.name, c->u.name) && 2031 (!c->v.sclass || !newc->v.sclass || 2032 newc->v.sclass == c->v.sclass)) { 2033 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2034 genfs->fstype, c->u.name); 2035 goto out; 2036 } 2037 len = strlen(newc->u.name); 2038 len2 = strlen(c->u.name); 2039 if (len > len2) 2040 break; 2041 } 2042 2043 newc->next = c; 2044 if (l) 2045 l->next = newc; 2046 else 2047 genfs->head = newc; 2048 newc = NULL; 2049 } 2050 } 2051 rc = 0; 2052 out: 2053 if (newgenfs) { 2054 kfree(newgenfs->fstype); 2055 kfree(newgenfs); 2056 } 2057 ocontext_destroy(newc, OCON_FSUSE); 2058 2059 return rc; 2060 } 2061 2062 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2063 void *fp) 2064 { 2065 int i, j, rc; 2066 u32 nel, len; 2067 __be64 prefixbuf[1]; 2068 __le32 buf[3]; 2069 struct ocontext *l, *c; 2070 u32 nodebuf[8]; 2071 2072 for (i = 0; i < info->ocon_num; i++) { 2073 rc = next_entry(buf, fp, sizeof(u32)); 2074 if (rc) 2075 goto out; 2076 nel = le32_to_cpu(buf[0]); 2077 2078 l = NULL; 2079 for (j = 0; j < nel; j++) { 2080 rc = -ENOMEM; 2081 c = kzalloc(sizeof(*c), GFP_KERNEL); 2082 if (!c) 2083 goto out; 2084 if (l) 2085 l->next = c; 2086 else 2087 p->ocontexts[i] = c; 2088 l = c; 2089 2090 switch (i) { 2091 case OCON_ISID: 2092 rc = next_entry(buf, fp, sizeof(u32)); 2093 if (rc) 2094 goto out; 2095 2096 c->sid[0] = le32_to_cpu(buf[0]); 2097 rc = context_read_and_validate(&c->context[0], p, fp); 2098 if (rc) 2099 goto out; 2100 break; 2101 case OCON_FS: 2102 case OCON_NETIF: 2103 rc = next_entry(buf, fp, sizeof(u32)); 2104 if (rc) 2105 goto out; 2106 len = le32_to_cpu(buf[0]); 2107 2108 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2109 if (rc) 2110 goto out; 2111 2112 rc = context_read_and_validate(&c->context[0], p, fp); 2113 if (rc) 2114 goto out; 2115 rc = context_read_and_validate(&c->context[1], p, fp); 2116 if (rc) 2117 goto out; 2118 break; 2119 case OCON_PORT: 2120 rc = next_entry(buf, fp, sizeof(u32)*3); 2121 if (rc) 2122 goto out; 2123 c->u.port.protocol = le32_to_cpu(buf[0]); 2124 c->u.port.low_port = le32_to_cpu(buf[1]); 2125 c->u.port.high_port = le32_to_cpu(buf[2]); 2126 rc = context_read_and_validate(&c->context[0], p, fp); 2127 if (rc) 2128 goto out; 2129 break; 2130 case OCON_NODE: 2131 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2132 if (rc) 2133 goto out; 2134 c->u.node.addr = nodebuf[0]; /* network order */ 2135 c->u.node.mask = nodebuf[1]; /* network order */ 2136 rc = context_read_and_validate(&c->context[0], p, fp); 2137 if (rc) 2138 goto out; 2139 break; 2140 case OCON_FSUSE: 2141 rc = next_entry(buf, fp, sizeof(u32)*2); 2142 if (rc) 2143 goto out; 2144 2145 rc = -EINVAL; 2146 c->v.behavior = le32_to_cpu(buf[0]); 2147 /* Determined at runtime, not in policy DB. */ 2148 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2149 goto out; 2150 if (c->v.behavior > SECURITY_FS_USE_MAX) 2151 goto out; 2152 2153 len = le32_to_cpu(buf[1]); 2154 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2155 if (rc) 2156 goto out; 2157 2158 rc = context_read_and_validate(&c->context[0], p, fp); 2159 if (rc) 2160 goto out; 2161 break; 2162 case OCON_NODE6: { 2163 int k; 2164 2165 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2166 if (rc) 2167 goto out; 2168 for (k = 0; k < 4; k++) 2169 c->u.node6.addr[k] = nodebuf[k]; 2170 for (k = 0; k < 4; k++) 2171 c->u.node6.mask[k] = nodebuf[k+4]; 2172 rc = context_read_and_validate(&c->context[0], p, fp); 2173 if (rc) 2174 goto out; 2175 break; 2176 } 2177 case OCON_IBPKEY: { 2178 u32 pkey_lo, pkey_hi; 2179 2180 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2181 if (rc) 2182 goto out; 2183 2184 /* we need to have subnet_prefix in CPU order */ 2185 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2186 2187 rc = next_entry(buf, fp, sizeof(u32) * 2); 2188 if (rc) 2189 goto out; 2190 2191 pkey_lo = le32_to_cpu(buf[0]); 2192 pkey_hi = le32_to_cpu(buf[1]); 2193 2194 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2195 rc = -EINVAL; 2196 goto out; 2197 } 2198 2199 c->u.ibpkey.low_pkey = pkey_lo; 2200 c->u.ibpkey.high_pkey = pkey_hi; 2201 2202 rc = context_read_and_validate(&c->context[0], 2203 p, 2204 fp); 2205 if (rc) 2206 goto out; 2207 break; 2208 } 2209 case OCON_IBENDPORT: { 2210 u32 port; 2211 2212 rc = next_entry(buf, fp, sizeof(u32) * 2); 2213 if (rc) 2214 goto out; 2215 len = le32_to_cpu(buf[0]); 2216 2217 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2218 if (rc) 2219 goto out; 2220 2221 port = le32_to_cpu(buf[1]); 2222 if (port > U8_MAX || port == 0) { 2223 rc = -EINVAL; 2224 goto out; 2225 } 2226 2227 c->u.ibendport.port = port; 2228 2229 rc = context_read_and_validate(&c->context[0], 2230 p, 2231 fp); 2232 if (rc) 2233 goto out; 2234 break; 2235 } /* end case */ 2236 } /* end switch */ 2237 } 2238 } 2239 rc = 0; 2240 out: 2241 return rc; 2242 } 2243 2244 /* 2245 * Read the configuration data from a policy database binary 2246 * representation file into a policy database structure. 2247 */ 2248 int policydb_read(struct policydb *p, void *fp) 2249 { 2250 struct role_allow *ra, *lra; 2251 struct role_trans *tr, *ltr; 2252 int i, j, rc; 2253 __le32 buf[4]; 2254 u32 len, nprim, nel; 2255 2256 char *policydb_str; 2257 struct policydb_compat_info *info; 2258 2259 rc = policydb_init(p); 2260 if (rc) 2261 return rc; 2262 2263 /* Read the magic number and string length. */ 2264 rc = next_entry(buf, fp, sizeof(u32) * 2); 2265 if (rc) 2266 goto bad; 2267 2268 rc = -EINVAL; 2269 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2270 pr_err("SELinux: policydb magic number 0x%x does " 2271 "not match expected magic number 0x%x\n", 2272 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2273 goto bad; 2274 } 2275 2276 rc = -EINVAL; 2277 len = le32_to_cpu(buf[1]); 2278 if (len != strlen(POLICYDB_STRING)) { 2279 pr_err("SELinux: policydb string length %d does not " 2280 "match expected length %zu\n", 2281 len, strlen(POLICYDB_STRING)); 2282 goto bad; 2283 } 2284 2285 rc = -ENOMEM; 2286 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2287 if (!policydb_str) { 2288 pr_err("SELinux: unable to allocate memory for policydb " 2289 "string of length %d\n", len); 2290 goto bad; 2291 } 2292 2293 rc = next_entry(policydb_str, fp, len); 2294 if (rc) { 2295 pr_err("SELinux: truncated policydb string identifier\n"); 2296 kfree(policydb_str); 2297 goto bad; 2298 } 2299 2300 rc = -EINVAL; 2301 policydb_str[len] = '\0'; 2302 if (strcmp(policydb_str, POLICYDB_STRING)) { 2303 pr_err("SELinux: policydb string %s does not match " 2304 "my string %s\n", policydb_str, POLICYDB_STRING); 2305 kfree(policydb_str); 2306 goto bad; 2307 } 2308 /* Done with policydb_str. */ 2309 kfree(policydb_str); 2310 policydb_str = NULL; 2311 2312 /* Read the version and table sizes. */ 2313 rc = next_entry(buf, fp, sizeof(u32)*4); 2314 if (rc) 2315 goto bad; 2316 2317 rc = -EINVAL; 2318 p->policyvers = le32_to_cpu(buf[0]); 2319 if (p->policyvers < POLICYDB_VERSION_MIN || 2320 p->policyvers > POLICYDB_VERSION_MAX) { 2321 pr_err("SELinux: policydb version %d does not match " 2322 "my version range %d-%d\n", 2323 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2324 goto bad; 2325 } 2326 2327 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2328 p->mls_enabled = 1; 2329 2330 rc = -EINVAL; 2331 if (p->policyvers < POLICYDB_VERSION_MLS) { 2332 pr_err("SELinux: security policydb version %d " 2333 "(MLS) not backwards compatible\n", 2334 p->policyvers); 2335 goto bad; 2336 } 2337 } 2338 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2339 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2340 2341 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2342 rc = ebitmap_read(&p->policycaps, fp); 2343 if (rc) 2344 goto bad; 2345 } 2346 2347 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2348 rc = ebitmap_read(&p->permissive_map, fp); 2349 if (rc) 2350 goto bad; 2351 } 2352 2353 rc = -EINVAL; 2354 info = policydb_lookup_compat(p->policyvers); 2355 if (!info) { 2356 pr_err("SELinux: unable to find policy compat info " 2357 "for version %d\n", p->policyvers); 2358 goto bad; 2359 } 2360 2361 rc = -EINVAL; 2362 if (le32_to_cpu(buf[2]) != info->sym_num || 2363 le32_to_cpu(buf[3]) != info->ocon_num) { 2364 pr_err("SELinux: policydb table sizes (%d,%d) do " 2365 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2366 le32_to_cpu(buf[3]), 2367 info->sym_num, info->ocon_num); 2368 goto bad; 2369 } 2370 2371 for (i = 0; i < info->sym_num; i++) { 2372 rc = next_entry(buf, fp, sizeof(u32)*2); 2373 if (rc) 2374 goto bad; 2375 nprim = le32_to_cpu(buf[0]); 2376 nel = le32_to_cpu(buf[1]); 2377 for (j = 0; j < nel; j++) { 2378 rc = read_f[i](p, p->symtab[i].table, fp); 2379 if (rc) 2380 goto bad; 2381 } 2382 2383 p->symtab[i].nprim = nprim; 2384 } 2385 2386 rc = -EINVAL; 2387 p->process_class = string_to_security_class(p, "process"); 2388 if (!p->process_class) 2389 goto bad; 2390 2391 rc = avtab_read(&p->te_avtab, fp, p); 2392 if (rc) 2393 goto bad; 2394 2395 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2396 rc = cond_read_list(p, fp); 2397 if (rc) 2398 goto bad; 2399 } 2400 2401 rc = next_entry(buf, fp, sizeof(u32)); 2402 if (rc) 2403 goto bad; 2404 nel = le32_to_cpu(buf[0]); 2405 ltr = NULL; 2406 for (i = 0; i < nel; i++) { 2407 rc = -ENOMEM; 2408 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2409 if (!tr) 2410 goto bad; 2411 if (ltr) 2412 ltr->next = tr; 2413 else 2414 p->role_tr = tr; 2415 rc = next_entry(buf, fp, sizeof(u32)*3); 2416 if (rc) 2417 goto bad; 2418 2419 rc = -EINVAL; 2420 tr->role = le32_to_cpu(buf[0]); 2421 tr->type = le32_to_cpu(buf[1]); 2422 tr->new_role = le32_to_cpu(buf[2]); 2423 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2424 rc = next_entry(buf, fp, sizeof(u32)); 2425 if (rc) 2426 goto bad; 2427 tr->tclass = le32_to_cpu(buf[0]); 2428 } else 2429 tr->tclass = p->process_class; 2430 2431 rc = -EINVAL; 2432 if (!policydb_role_isvalid(p, tr->role) || 2433 !policydb_type_isvalid(p, tr->type) || 2434 !policydb_class_isvalid(p, tr->tclass) || 2435 !policydb_role_isvalid(p, tr->new_role)) 2436 goto bad; 2437 ltr = tr; 2438 } 2439 2440 rc = next_entry(buf, fp, sizeof(u32)); 2441 if (rc) 2442 goto bad; 2443 nel = le32_to_cpu(buf[0]); 2444 lra = NULL; 2445 for (i = 0; i < nel; i++) { 2446 rc = -ENOMEM; 2447 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2448 if (!ra) 2449 goto bad; 2450 if (lra) 2451 lra->next = ra; 2452 else 2453 p->role_allow = ra; 2454 rc = next_entry(buf, fp, sizeof(u32)*2); 2455 if (rc) 2456 goto bad; 2457 2458 rc = -EINVAL; 2459 ra->role = le32_to_cpu(buf[0]); 2460 ra->new_role = le32_to_cpu(buf[1]); 2461 if (!policydb_role_isvalid(p, ra->role) || 2462 !policydb_role_isvalid(p, ra->new_role)) 2463 goto bad; 2464 lra = ra; 2465 } 2466 2467 rc = filename_trans_read(p, fp); 2468 if (rc) 2469 goto bad; 2470 2471 rc = policydb_index(p); 2472 if (rc) 2473 goto bad; 2474 2475 rc = -EINVAL; 2476 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2477 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2478 if (!p->process_trans_perms) 2479 goto bad; 2480 2481 rc = ocontext_read(p, info, fp); 2482 if (rc) 2483 goto bad; 2484 2485 rc = genfs_read(p, fp); 2486 if (rc) 2487 goto bad; 2488 2489 rc = range_read(p, fp); 2490 if (rc) 2491 goto bad; 2492 2493 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2494 sizeof(*p->type_attr_map_array), 2495 GFP_KERNEL); 2496 if (!p->type_attr_map_array) 2497 goto bad; 2498 2499 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2500 for (i = 0; i < p->p_types.nprim; i++) 2501 ebitmap_init(&p->type_attr_map_array[i]); 2502 2503 for (i = 0; i < p->p_types.nprim; i++) { 2504 struct ebitmap *e = &p->type_attr_map_array[i]; 2505 2506 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2507 rc = ebitmap_read(e, fp); 2508 if (rc) 2509 goto bad; 2510 } 2511 /* add the type itself as the degenerate case */ 2512 rc = ebitmap_set_bit(e, i, 1); 2513 if (rc) 2514 goto bad; 2515 } 2516 2517 rc = policydb_bounds_sanity_check(p); 2518 if (rc) 2519 goto bad; 2520 2521 rc = 0; 2522 out: 2523 return rc; 2524 bad: 2525 policydb_destroy(p); 2526 goto out; 2527 } 2528 2529 /* 2530 * Write a MLS level structure to a policydb binary 2531 * representation file. 2532 */ 2533 static int mls_write_level(struct mls_level *l, void *fp) 2534 { 2535 __le32 buf[1]; 2536 int rc; 2537 2538 buf[0] = cpu_to_le32(l->sens); 2539 rc = put_entry(buf, sizeof(u32), 1, fp); 2540 if (rc) 2541 return rc; 2542 2543 rc = ebitmap_write(&l->cat, fp); 2544 if (rc) 2545 return rc; 2546 2547 return 0; 2548 } 2549 2550 /* 2551 * Write a MLS range structure to a policydb binary 2552 * representation file. 2553 */ 2554 static int mls_write_range_helper(struct mls_range *r, void *fp) 2555 { 2556 __le32 buf[3]; 2557 size_t items; 2558 int rc, eq; 2559 2560 eq = mls_level_eq(&r->level[1], &r->level[0]); 2561 2562 if (eq) 2563 items = 2; 2564 else 2565 items = 3; 2566 buf[0] = cpu_to_le32(items-1); 2567 buf[1] = cpu_to_le32(r->level[0].sens); 2568 if (!eq) 2569 buf[2] = cpu_to_le32(r->level[1].sens); 2570 2571 BUG_ON(items > ARRAY_SIZE(buf)); 2572 2573 rc = put_entry(buf, sizeof(u32), items, fp); 2574 if (rc) 2575 return rc; 2576 2577 rc = ebitmap_write(&r->level[0].cat, fp); 2578 if (rc) 2579 return rc; 2580 if (!eq) { 2581 rc = ebitmap_write(&r->level[1].cat, fp); 2582 if (rc) 2583 return rc; 2584 } 2585 2586 return 0; 2587 } 2588 2589 static int sens_write(void *vkey, void *datum, void *ptr) 2590 { 2591 char *key = vkey; 2592 struct level_datum *levdatum = datum; 2593 struct policy_data *pd = ptr; 2594 void *fp = pd->fp; 2595 __le32 buf[2]; 2596 size_t len; 2597 int rc; 2598 2599 len = strlen(key); 2600 buf[0] = cpu_to_le32(len); 2601 buf[1] = cpu_to_le32(levdatum->isalias); 2602 rc = put_entry(buf, sizeof(u32), 2, fp); 2603 if (rc) 2604 return rc; 2605 2606 rc = put_entry(key, 1, len, fp); 2607 if (rc) 2608 return rc; 2609 2610 rc = mls_write_level(levdatum->level, fp); 2611 if (rc) 2612 return rc; 2613 2614 return 0; 2615 } 2616 2617 static int cat_write(void *vkey, void *datum, void *ptr) 2618 { 2619 char *key = vkey; 2620 struct cat_datum *catdatum = datum; 2621 struct policy_data *pd = ptr; 2622 void *fp = pd->fp; 2623 __le32 buf[3]; 2624 size_t len; 2625 int rc; 2626 2627 len = strlen(key); 2628 buf[0] = cpu_to_le32(len); 2629 buf[1] = cpu_to_le32(catdatum->value); 2630 buf[2] = cpu_to_le32(catdatum->isalias); 2631 rc = put_entry(buf, sizeof(u32), 3, fp); 2632 if (rc) 2633 return rc; 2634 2635 rc = put_entry(key, 1, len, fp); 2636 if (rc) 2637 return rc; 2638 2639 return 0; 2640 } 2641 2642 static int role_trans_write(struct policydb *p, void *fp) 2643 { 2644 struct role_trans *r = p->role_tr; 2645 struct role_trans *tr; 2646 u32 buf[3]; 2647 size_t nel; 2648 int rc; 2649 2650 nel = 0; 2651 for (tr = r; tr; tr = tr->next) 2652 nel++; 2653 buf[0] = cpu_to_le32(nel); 2654 rc = put_entry(buf, sizeof(u32), 1, fp); 2655 if (rc) 2656 return rc; 2657 for (tr = r; tr; tr = tr->next) { 2658 buf[0] = cpu_to_le32(tr->role); 2659 buf[1] = cpu_to_le32(tr->type); 2660 buf[2] = cpu_to_le32(tr->new_role); 2661 rc = put_entry(buf, sizeof(u32), 3, fp); 2662 if (rc) 2663 return rc; 2664 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2665 buf[0] = cpu_to_le32(tr->tclass); 2666 rc = put_entry(buf, sizeof(u32), 1, fp); 2667 if (rc) 2668 return rc; 2669 } 2670 } 2671 2672 return 0; 2673 } 2674 2675 static int role_allow_write(struct role_allow *r, void *fp) 2676 { 2677 struct role_allow *ra; 2678 u32 buf[2]; 2679 size_t nel; 2680 int rc; 2681 2682 nel = 0; 2683 for (ra = r; ra; ra = ra->next) 2684 nel++; 2685 buf[0] = cpu_to_le32(nel); 2686 rc = put_entry(buf, sizeof(u32), 1, fp); 2687 if (rc) 2688 return rc; 2689 for (ra = r; ra; ra = ra->next) { 2690 buf[0] = cpu_to_le32(ra->role); 2691 buf[1] = cpu_to_le32(ra->new_role); 2692 rc = put_entry(buf, sizeof(u32), 2, fp); 2693 if (rc) 2694 return rc; 2695 } 2696 return 0; 2697 } 2698 2699 /* 2700 * Write a security context structure 2701 * to a policydb binary representation file. 2702 */ 2703 static int context_write(struct policydb *p, struct context *c, 2704 void *fp) 2705 { 2706 int rc; 2707 __le32 buf[3]; 2708 2709 buf[0] = cpu_to_le32(c->user); 2710 buf[1] = cpu_to_le32(c->role); 2711 buf[2] = cpu_to_le32(c->type); 2712 2713 rc = put_entry(buf, sizeof(u32), 3, fp); 2714 if (rc) 2715 return rc; 2716 2717 rc = mls_write_range_helper(&c->range, fp); 2718 if (rc) 2719 return rc; 2720 2721 return 0; 2722 } 2723 2724 /* 2725 * The following *_write functions are used to 2726 * write the symbol data to a policy database 2727 * binary representation file. 2728 */ 2729 2730 static int perm_write(void *vkey, void *datum, void *fp) 2731 { 2732 char *key = vkey; 2733 struct perm_datum *perdatum = datum; 2734 __le32 buf[2]; 2735 size_t len; 2736 int rc; 2737 2738 len = strlen(key); 2739 buf[0] = cpu_to_le32(len); 2740 buf[1] = cpu_to_le32(perdatum->value); 2741 rc = put_entry(buf, sizeof(u32), 2, fp); 2742 if (rc) 2743 return rc; 2744 2745 rc = put_entry(key, 1, len, fp); 2746 if (rc) 2747 return rc; 2748 2749 return 0; 2750 } 2751 2752 static int common_write(void *vkey, void *datum, void *ptr) 2753 { 2754 char *key = vkey; 2755 struct common_datum *comdatum = datum; 2756 struct policy_data *pd = ptr; 2757 void *fp = pd->fp; 2758 __le32 buf[4]; 2759 size_t len; 2760 int rc; 2761 2762 len = strlen(key); 2763 buf[0] = cpu_to_le32(len); 2764 buf[1] = cpu_to_le32(comdatum->value); 2765 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2766 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2767 rc = put_entry(buf, sizeof(u32), 4, fp); 2768 if (rc) 2769 return rc; 2770 2771 rc = put_entry(key, 1, len, fp); 2772 if (rc) 2773 return rc; 2774 2775 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2776 if (rc) 2777 return rc; 2778 2779 return 0; 2780 } 2781 2782 static int type_set_write(struct type_set *t, void *fp) 2783 { 2784 int rc; 2785 __le32 buf[1]; 2786 2787 if (ebitmap_write(&t->types, fp)) 2788 return -EINVAL; 2789 if (ebitmap_write(&t->negset, fp)) 2790 return -EINVAL; 2791 2792 buf[0] = cpu_to_le32(t->flags); 2793 rc = put_entry(buf, sizeof(u32), 1, fp); 2794 if (rc) 2795 return -EINVAL; 2796 2797 return 0; 2798 } 2799 2800 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2801 void *fp) 2802 { 2803 struct constraint_node *c; 2804 struct constraint_expr *e; 2805 __le32 buf[3]; 2806 u32 nel; 2807 int rc; 2808 2809 for (c = node; c; c = c->next) { 2810 nel = 0; 2811 for (e = c->expr; e; e = e->next) 2812 nel++; 2813 buf[0] = cpu_to_le32(c->permissions); 2814 buf[1] = cpu_to_le32(nel); 2815 rc = put_entry(buf, sizeof(u32), 2, fp); 2816 if (rc) 2817 return rc; 2818 for (e = c->expr; e; e = e->next) { 2819 buf[0] = cpu_to_le32(e->expr_type); 2820 buf[1] = cpu_to_le32(e->attr); 2821 buf[2] = cpu_to_le32(e->op); 2822 rc = put_entry(buf, sizeof(u32), 3, fp); 2823 if (rc) 2824 return rc; 2825 2826 switch (e->expr_type) { 2827 case CEXPR_NAMES: 2828 rc = ebitmap_write(&e->names, fp); 2829 if (rc) 2830 return rc; 2831 if (p->policyvers >= 2832 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2833 rc = type_set_write(e->type_names, fp); 2834 if (rc) 2835 return rc; 2836 } 2837 break; 2838 default: 2839 break; 2840 } 2841 } 2842 } 2843 2844 return 0; 2845 } 2846 2847 static int class_write(void *vkey, void *datum, void *ptr) 2848 { 2849 char *key = vkey; 2850 struct class_datum *cladatum = datum; 2851 struct policy_data *pd = ptr; 2852 void *fp = pd->fp; 2853 struct policydb *p = pd->p; 2854 struct constraint_node *c; 2855 __le32 buf[6]; 2856 u32 ncons; 2857 size_t len, len2; 2858 int rc; 2859 2860 len = strlen(key); 2861 if (cladatum->comkey) 2862 len2 = strlen(cladatum->comkey); 2863 else 2864 len2 = 0; 2865 2866 ncons = 0; 2867 for (c = cladatum->constraints; c; c = c->next) 2868 ncons++; 2869 2870 buf[0] = cpu_to_le32(len); 2871 buf[1] = cpu_to_le32(len2); 2872 buf[2] = cpu_to_le32(cladatum->value); 2873 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2874 if (cladatum->permissions.table) 2875 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2876 else 2877 buf[4] = 0; 2878 buf[5] = cpu_to_le32(ncons); 2879 rc = put_entry(buf, sizeof(u32), 6, fp); 2880 if (rc) 2881 return rc; 2882 2883 rc = put_entry(key, 1, len, fp); 2884 if (rc) 2885 return rc; 2886 2887 if (cladatum->comkey) { 2888 rc = put_entry(cladatum->comkey, 1, len2, fp); 2889 if (rc) 2890 return rc; 2891 } 2892 2893 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2894 if (rc) 2895 return rc; 2896 2897 rc = write_cons_helper(p, cladatum->constraints, fp); 2898 if (rc) 2899 return rc; 2900 2901 /* write out the validatetrans rule */ 2902 ncons = 0; 2903 for (c = cladatum->validatetrans; c; c = c->next) 2904 ncons++; 2905 2906 buf[0] = cpu_to_le32(ncons); 2907 rc = put_entry(buf, sizeof(u32), 1, fp); 2908 if (rc) 2909 return rc; 2910 2911 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2912 if (rc) 2913 return rc; 2914 2915 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2916 buf[0] = cpu_to_le32(cladatum->default_user); 2917 buf[1] = cpu_to_le32(cladatum->default_role); 2918 buf[2] = cpu_to_le32(cladatum->default_range); 2919 2920 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2921 if (rc) 2922 return rc; 2923 } 2924 2925 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2926 buf[0] = cpu_to_le32(cladatum->default_type); 2927 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2928 if (rc) 2929 return rc; 2930 } 2931 2932 return 0; 2933 } 2934 2935 static int role_write(void *vkey, void *datum, void *ptr) 2936 { 2937 char *key = vkey; 2938 struct role_datum *role = datum; 2939 struct policy_data *pd = ptr; 2940 void *fp = pd->fp; 2941 struct policydb *p = pd->p; 2942 __le32 buf[3]; 2943 size_t items, len; 2944 int rc; 2945 2946 len = strlen(key); 2947 items = 0; 2948 buf[items++] = cpu_to_le32(len); 2949 buf[items++] = cpu_to_le32(role->value); 2950 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2951 buf[items++] = cpu_to_le32(role->bounds); 2952 2953 BUG_ON(items > ARRAY_SIZE(buf)); 2954 2955 rc = put_entry(buf, sizeof(u32), items, fp); 2956 if (rc) 2957 return rc; 2958 2959 rc = put_entry(key, 1, len, fp); 2960 if (rc) 2961 return rc; 2962 2963 rc = ebitmap_write(&role->dominates, fp); 2964 if (rc) 2965 return rc; 2966 2967 rc = ebitmap_write(&role->types, fp); 2968 if (rc) 2969 return rc; 2970 2971 return 0; 2972 } 2973 2974 static int type_write(void *vkey, void *datum, void *ptr) 2975 { 2976 char *key = vkey; 2977 struct type_datum *typdatum = datum; 2978 struct policy_data *pd = ptr; 2979 struct policydb *p = pd->p; 2980 void *fp = pd->fp; 2981 __le32 buf[4]; 2982 int rc; 2983 size_t items, len; 2984 2985 len = strlen(key); 2986 items = 0; 2987 buf[items++] = cpu_to_le32(len); 2988 buf[items++] = cpu_to_le32(typdatum->value); 2989 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2990 u32 properties = 0; 2991 2992 if (typdatum->primary) 2993 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2994 2995 if (typdatum->attribute) 2996 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2997 2998 buf[items++] = cpu_to_le32(properties); 2999 buf[items++] = cpu_to_le32(typdatum->bounds); 3000 } else { 3001 buf[items++] = cpu_to_le32(typdatum->primary); 3002 } 3003 BUG_ON(items > ARRAY_SIZE(buf)); 3004 rc = put_entry(buf, sizeof(u32), items, fp); 3005 if (rc) 3006 return rc; 3007 3008 rc = put_entry(key, 1, len, fp); 3009 if (rc) 3010 return rc; 3011 3012 return 0; 3013 } 3014 3015 static int user_write(void *vkey, void *datum, void *ptr) 3016 { 3017 char *key = vkey; 3018 struct user_datum *usrdatum = datum; 3019 struct policy_data *pd = ptr; 3020 struct policydb *p = pd->p; 3021 void *fp = pd->fp; 3022 __le32 buf[3]; 3023 size_t items, len; 3024 int rc; 3025 3026 len = strlen(key); 3027 items = 0; 3028 buf[items++] = cpu_to_le32(len); 3029 buf[items++] = cpu_to_le32(usrdatum->value); 3030 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3031 buf[items++] = cpu_to_le32(usrdatum->bounds); 3032 BUG_ON(items > ARRAY_SIZE(buf)); 3033 rc = put_entry(buf, sizeof(u32), items, fp); 3034 if (rc) 3035 return rc; 3036 3037 rc = put_entry(key, 1, len, fp); 3038 if (rc) 3039 return rc; 3040 3041 rc = ebitmap_write(&usrdatum->roles, fp); 3042 if (rc) 3043 return rc; 3044 3045 rc = mls_write_range_helper(&usrdatum->range, fp); 3046 if (rc) 3047 return rc; 3048 3049 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3050 if (rc) 3051 return rc; 3052 3053 return 0; 3054 } 3055 3056 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3057 void *datap) = 3058 { 3059 common_write, 3060 class_write, 3061 role_write, 3062 type_write, 3063 user_write, 3064 cond_write_bool, 3065 sens_write, 3066 cat_write, 3067 }; 3068 3069 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3070 void *fp) 3071 { 3072 unsigned int i, j, rc; 3073 size_t nel, len; 3074 __be64 prefixbuf[1]; 3075 __le32 buf[3]; 3076 u32 nodebuf[8]; 3077 struct ocontext *c; 3078 for (i = 0; i < info->ocon_num; i++) { 3079 nel = 0; 3080 for (c = p->ocontexts[i]; c; c = c->next) 3081 nel++; 3082 buf[0] = cpu_to_le32(nel); 3083 rc = put_entry(buf, sizeof(u32), 1, fp); 3084 if (rc) 3085 return rc; 3086 for (c = p->ocontexts[i]; c; c = c->next) { 3087 switch (i) { 3088 case OCON_ISID: 3089 buf[0] = cpu_to_le32(c->sid[0]); 3090 rc = put_entry(buf, sizeof(u32), 1, fp); 3091 if (rc) 3092 return rc; 3093 rc = context_write(p, &c->context[0], fp); 3094 if (rc) 3095 return rc; 3096 break; 3097 case OCON_FS: 3098 case OCON_NETIF: 3099 len = strlen(c->u.name); 3100 buf[0] = cpu_to_le32(len); 3101 rc = put_entry(buf, sizeof(u32), 1, fp); 3102 if (rc) 3103 return rc; 3104 rc = put_entry(c->u.name, 1, len, fp); 3105 if (rc) 3106 return rc; 3107 rc = context_write(p, &c->context[0], fp); 3108 if (rc) 3109 return rc; 3110 rc = context_write(p, &c->context[1], fp); 3111 if (rc) 3112 return rc; 3113 break; 3114 case OCON_PORT: 3115 buf[0] = cpu_to_le32(c->u.port.protocol); 3116 buf[1] = cpu_to_le32(c->u.port.low_port); 3117 buf[2] = cpu_to_le32(c->u.port.high_port); 3118 rc = put_entry(buf, sizeof(u32), 3, fp); 3119 if (rc) 3120 return rc; 3121 rc = context_write(p, &c->context[0], fp); 3122 if (rc) 3123 return rc; 3124 break; 3125 case OCON_NODE: 3126 nodebuf[0] = c->u.node.addr; /* network order */ 3127 nodebuf[1] = c->u.node.mask; /* network order */ 3128 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3129 if (rc) 3130 return rc; 3131 rc = context_write(p, &c->context[0], fp); 3132 if (rc) 3133 return rc; 3134 break; 3135 case OCON_FSUSE: 3136 buf[0] = cpu_to_le32(c->v.behavior); 3137 len = strlen(c->u.name); 3138 buf[1] = cpu_to_le32(len); 3139 rc = put_entry(buf, sizeof(u32), 2, fp); 3140 if (rc) 3141 return rc; 3142 rc = put_entry(c->u.name, 1, len, fp); 3143 if (rc) 3144 return rc; 3145 rc = context_write(p, &c->context[0], fp); 3146 if (rc) 3147 return rc; 3148 break; 3149 case OCON_NODE6: 3150 for (j = 0; j < 4; j++) 3151 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3152 for (j = 0; j < 4; j++) 3153 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3154 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3155 if (rc) 3156 return rc; 3157 rc = context_write(p, &c->context[0], fp); 3158 if (rc) 3159 return rc; 3160 break; 3161 case OCON_IBPKEY: 3162 /* subnet_prefix is in CPU order */ 3163 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3164 3165 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3166 if (rc) 3167 return rc; 3168 3169 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3170 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3171 3172 rc = put_entry(buf, sizeof(u32), 2, fp); 3173 if (rc) 3174 return rc; 3175 rc = context_write(p, &c->context[0], fp); 3176 if (rc) 3177 return rc; 3178 break; 3179 case OCON_IBENDPORT: 3180 len = strlen(c->u.ibendport.dev_name); 3181 buf[0] = cpu_to_le32(len); 3182 buf[1] = cpu_to_le32(c->u.ibendport.port); 3183 rc = put_entry(buf, sizeof(u32), 2, fp); 3184 if (rc) 3185 return rc; 3186 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3187 if (rc) 3188 return rc; 3189 rc = context_write(p, &c->context[0], fp); 3190 if (rc) 3191 return rc; 3192 break; 3193 } 3194 } 3195 } 3196 return 0; 3197 } 3198 3199 static int genfs_write(struct policydb *p, void *fp) 3200 { 3201 struct genfs *genfs; 3202 struct ocontext *c; 3203 size_t len; 3204 __le32 buf[1]; 3205 int rc; 3206 3207 len = 0; 3208 for (genfs = p->genfs; genfs; genfs = genfs->next) 3209 len++; 3210 buf[0] = cpu_to_le32(len); 3211 rc = put_entry(buf, sizeof(u32), 1, fp); 3212 if (rc) 3213 return rc; 3214 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3215 len = strlen(genfs->fstype); 3216 buf[0] = cpu_to_le32(len); 3217 rc = put_entry(buf, sizeof(u32), 1, fp); 3218 if (rc) 3219 return rc; 3220 rc = put_entry(genfs->fstype, 1, len, fp); 3221 if (rc) 3222 return rc; 3223 len = 0; 3224 for (c = genfs->head; c; c = c->next) 3225 len++; 3226 buf[0] = cpu_to_le32(len); 3227 rc = put_entry(buf, sizeof(u32), 1, fp); 3228 if (rc) 3229 return rc; 3230 for (c = genfs->head; c; c = c->next) { 3231 len = strlen(c->u.name); 3232 buf[0] = cpu_to_le32(len); 3233 rc = put_entry(buf, sizeof(u32), 1, fp); 3234 if (rc) 3235 return rc; 3236 rc = put_entry(c->u.name, 1, len, fp); 3237 if (rc) 3238 return rc; 3239 buf[0] = cpu_to_le32(c->v.sclass); 3240 rc = put_entry(buf, sizeof(u32), 1, fp); 3241 if (rc) 3242 return rc; 3243 rc = context_write(p, &c->context[0], fp); 3244 if (rc) 3245 return rc; 3246 } 3247 } 3248 return 0; 3249 } 3250 3251 static int hashtab_cnt(void *key, void *data, void *ptr) 3252 { 3253 int *cnt = ptr; 3254 *cnt = *cnt + 1; 3255 3256 return 0; 3257 } 3258 3259 static int range_write_helper(void *key, void *data, void *ptr) 3260 { 3261 __le32 buf[2]; 3262 struct range_trans *rt = key; 3263 struct mls_range *r = data; 3264 struct policy_data *pd = ptr; 3265 void *fp = pd->fp; 3266 struct policydb *p = pd->p; 3267 int rc; 3268 3269 buf[0] = cpu_to_le32(rt->source_type); 3270 buf[1] = cpu_to_le32(rt->target_type); 3271 rc = put_entry(buf, sizeof(u32), 2, fp); 3272 if (rc) 3273 return rc; 3274 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3275 buf[0] = cpu_to_le32(rt->target_class); 3276 rc = put_entry(buf, sizeof(u32), 1, fp); 3277 if (rc) 3278 return rc; 3279 } 3280 rc = mls_write_range_helper(r, fp); 3281 if (rc) 3282 return rc; 3283 3284 return 0; 3285 } 3286 3287 static int range_write(struct policydb *p, void *fp) 3288 { 3289 __le32 buf[1]; 3290 int rc, nel; 3291 struct policy_data pd; 3292 3293 pd.p = p; 3294 pd.fp = fp; 3295 3296 /* count the number of entries in the hashtab */ 3297 nel = 0; 3298 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3299 if (rc) 3300 return rc; 3301 3302 buf[0] = cpu_to_le32(nel); 3303 rc = put_entry(buf, sizeof(u32), 1, fp); 3304 if (rc) 3305 return rc; 3306 3307 /* actually write all of the entries */ 3308 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3309 if (rc) 3310 return rc; 3311 3312 return 0; 3313 } 3314 3315 static int filename_write_helper(void *key, void *data, void *ptr) 3316 { 3317 __le32 buf[4]; 3318 struct filename_trans *ft = key; 3319 struct filename_trans_datum *otype = data; 3320 void *fp = ptr; 3321 int rc; 3322 u32 len; 3323 3324 len = strlen(ft->name); 3325 buf[0] = cpu_to_le32(len); 3326 rc = put_entry(buf, sizeof(u32), 1, fp); 3327 if (rc) 3328 return rc; 3329 3330 rc = put_entry(ft->name, sizeof(char), len, fp); 3331 if (rc) 3332 return rc; 3333 3334 buf[0] = cpu_to_le32(ft->stype); 3335 buf[1] = cpu_to_le32(ft->ttype); 3336 buf[2] = cpu_to_le32(ft->tclass); 3337 buf[3] = cpu_to_le32(otype->otype); 3338 3339 rc = put_entry(buf, sizeof(u32), 4, fp); 3340 if (rc) 3341 return rc; 3342 3343 return 0; 3344 } 3345 3346 static int filename_trans_write(struct policydb *p, void *fp) 3347 { 3348 u32 nel; 3349 __le32 buf[1]; 3350 int rc; 3351 3352 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3353 return 0; 3354 3355 nel = 0; 3356 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3357 if (rc) 3358 return rc; 3359 3360 buf[0] = cpu_to_le32(nel); 3361 rc = put_entry(buf, sizeof(u32), 1, fp); 3362 if (rc) 3363 return rc; 3364 3365 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3366 if (rc) 3367 return rc; 3368 3369 return 0; 3370 } 3371 3372 /* 3373 * Write the configuration data in a policy database 3374 * structure to a policy database binary representation 3375 * file. 3376 */ 3377 int policydb_write(struct policydb *p, void *fp) 3378 { 3379 unsigned int i, num_syms; 3380 int rc; 3381 __le32 buf[4]; 3382 u32 config; 3383 size_t len; 3384 struct policydb_compat_info *info; 3385 3386 /* 3387 * refuse to write policy older than compressed avtab 3388 * to simplify the writer. There are other tests dropped 3389 * since we assume this throughout the writer code. Be 3390 * careful if you ever try to remove this restriction 3391 */ 3392 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3393 pr_err("SELinux: refusing to write policy version %d." 3394 " Because it is less than version %d\n", p->policyvers, 3395 POLICYDB_VERSION_AVTAB); 3396 return -EINVAL; 3397 } 3398 3399 config = 0; 3400 if (p->mls_enabled) 3401 config |= POLICYDB_CONFIG_MLS; 3402 3403 if (p->reject_unknown) 3404 config |= REJECT_UNKNOWN; 3405 if (p->allow_unknown) 3406 config |= ALLOW_UNKNOWN; 3407 3408 /* Write the magic number and string identifiers. */ 3409 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3410 len = strlen(POLICYDB_STRING); 3411 buf[1] = cpu_to_le32(len); 3412 rc = put_entry(buf, sizeof(u32), 2, fp); 3413 if (rc) 3414 return rc; 3415 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3416 if (rc) 3417 return rc; 3418 3419 /* Write the version, config, and table sizes. */ 3420 info = policydb_lookup_compat(p->policyvers); 3421 if (!info) { 3422 pr_err("SELinux: compatibility lookup failed for policy " 3423 "version %d", p->policyvers); 3424 return -EINVAL; 3425 } 3426 3427 buf[0] = cpu_to_le32(p->policyvers); 3428 buf[1] = cpu_to_le32(config); 3429 buf[2] = cpu_to_le32(info->sym_num); 3430 buf[3] = cpu_to_le32(info->ocon_num); 3431 3432 rc = put_entry(buf, sizeof(u32), 4, fp); 3433 if (rc) 3434 return rc; 3435 3436 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3437 rc = ebitmap_write(&p->policycaps, fp); 3438 if (rc) 3439 return rc; 3440 } 3441 3442 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3443 rc = ebitmap_write(&p->permissive_map, fp); 3444 if (rc) 3445 return rc; 3446 } 3447 3448 num_syms = info->sym_num; 3449 for (i = 0; i < num_syms; i++) { 3450 struct policy_data pd; 3451 3452 pd.fp = fp; 3453 pd.p = p; 3454 3455 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3456 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3457 3458 rc = put_entry(buf, sizeof(u32), 2, fp); 3459 if (rc) 3460 return rc; 3461 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3462 if (rc) 3463 return rc; 3464 } 3465 3466 rc = avtab_write(p, &p->te_avtab, fp); 3467 if (rc) 3468 return rc; 3469 3470 rc = cond_write_list(p, p->cond_list, fp); 3471 if (rc) 3472 return rc; 3473 3474 rc = role_trans_write(p, fp); 3475 if (rc) 3476 return rc; 3477 3478 rc = role_allow_write(p->role_allow, fp); 3479 if (rc) 3480 return rc; 3481 3482 rc = filename_trans_write(p, fp); 3483 if (rc) 3484 return rc; 3485 3486 rc = ocontext_write(p, info, fp); 3487 if (rc) 3488 return rc; 3489 3490 rc = genfs_write(p, fp); 3491 if (rc) 3492 return rc; 3493 3494 rc = range_write(p, fp); 3495 if (rc) 3496 return rc; 3497 3498 for (i = 0; i < p->p_types.nprim; i++) { 3499 struct ebitmap *e = &p->type_attr_map_array[i]; 3500 3501 rc = ebitmap_write(e, fp); 3502 if (rc) 3503 return rc; 3504 } 3505 3506 return 0; 3507 } 3508