1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 45 static const char *const symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 struct policydb_compat_info { 58 unsigned int version; 59 unsigned int sym_num; 60 unsigned int ocon_num; 61 }; 62 63 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 64 static const struct policydb_compat_info policydb_compat[] = { 65 { 66 .version = POLICYDB_VERSION_BASE, 67 .sym_num = SYM_NUM - 3, 68 .ocon_num = OCON_NUM - 3, 69 }, 70 { 71 .version = POLICYDB_VERSION_BOOL, 72 .sym_num = SYM_NUM - 2, 73 .ocon_num = OCON_NUM - 3, 74 }, 75 { 76 .version = POLICYDB_VERSION_IPV6, 77 .sym_num = SYM_NUM - 2, 78 .ocon_num = OCON_NUM - 2, 79 }, 80 { 81 .version = POLICYDB_VERSION_NLCLASS, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 2, 84 }, 85 { 86 .version = POLICYDB_VERSION_MLS, 87 .sym_num = SYM_NUM, 88 .ocon_num = OCON_NUM - 2, 89 }, 90 { 91 .version = POLICYDB_VERSION_AVTAB, 92 .sym_num = SYM_NUM, 93 .ocon_num = OCON_NUM - 2, 94 }, 95 { 96 .version = POLICYDB_VERSION_RANGETRANS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM - 2, 99 }, 100 { 101 .version = POLICYDB_VERSION_POLCAP, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM - 2, 104 }, 105 { 106 .version = POLICYDB_VERSION_PERMISSIVE, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM - 2, 109 }, 110 { 111 .version = POLICYDB_VERSION_BOUNDARY, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM - 2, 114 }, 115 { 116 .version = POLICYDB_VERSION_FILENAME_TRANS, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM - 2, 119 }, 120 { 121 .version = POLICYDB_VERSION_ROLETRANS, 122 .sym_num = SYM_NUM, 123 .ocon_num = OCON_NUM - 2, 124 }, 125 { 126 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 127 .sym_num = SYM_NUM, 128 .ocon_num = OCON_NUM - 2, 129 }, 130 { 131 .version = POLICYDB_VERSION_DEFAULT_TYPE, 132 .sym_num = SYM_NUM, 133 .ocon_num = OCON_NUM - 2, 134 }, 135 { 136 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 137 .sym_num = SYM_NUM, 138 .ocon_num = OCON_NUM - 2, 139 }, 140 { 141 .version = POLICYDB_VERSION_XPERMS_IOCTL, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NUM - 2, 144 }, 145 { 146 .version = POLICYDB_VERSION_INFINIBAND, 147 .sym_num = SYM_NUM, 148 .ocon_num = OCON_NUM, 149 }, 150 { 151 .version = POLICYDB_VERSION_GLBLUB, 152 .sym_num = SYM_NUM, 153 .ocon_num = OCON_NUM, 154 }, 155 { 156 .version = POLICYDB_VERSION_COMP_FTRANS, 157 .sym_num = SYM_NUM, 158 .ocon_num = OCON_NUM, 159 }, 160 }; 161 162 static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version) 163 { 164 unsigned int i; 165 166 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 167 if (policydb_compat[i].version == version) 168 return &policydb_compat[i]; 169 } 170 171 return NULL; 172 } 173 174 /* 175 * The following *_destroy functions are used to 176 * free any memory allocated for each kind of 177 * symbol data in the policy database. 178 */ 179 180 static int perm_destroy(void *key, void *datum, void *p) 181 { 182 kfree(key); 183 kfree(datum); 184 return 0; 185 } 186 187 static int common_destroy(void *key, void *datum, void *p) 188 { 189 struct common_datum *comdatum; 190 191 kfree(key); 192 if (datum) { 193 comdatum = datum; 194 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 195 hashtab_destroy(&comdatum->permissions.table); 196 } 197 kfree(datum); 198 return 0; 199 } 200 201 static void constraint_expr_destroy(struct constraint_expr *expr) 202 { 203 if (expr) { 204 ebitmap_destroy(&expr->names); 205 if (expr->type_names) { 206 ebitmap_destroy(&expr->type_names->types); 207 ebitmap_destroy(&expr->type_names->negset); 208 kfree(expr->type_names); 209 } 210 kfree(expr); 211 } 212 } 213 214 static int cls_destroy(void *key, void *datum, void *p) 215 { 216 struct class_datum *cladatum; 217 struct constraint_node *constraint, *ctemp; 218 struct constraint_expr *e, *etmp; 219 220 kfree(key); 221 if (datum) { 222 cladatum = datum; 223 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 224 hashtab_destroy(&cladatum->permissions.table); 225 constraint = cladatum->constraints; 226 while (constraint) { 227 e = constraint->expr; 228 while (e) { 229 etmp = e; 230 e = e->next; 231 constraint_expr_destroy(etmp); 232 } 233 ctemp = constraint; 234 constraint = constraint->next; 235 kfree(ctemp); 236 } 237 238 constraint = cladatum->validatetrans; 239 while (constraint) { 240 e = constraint->expr; 241 while (e) { 242 etmp = e; 243 e = e->next; 244 constraint_expr_destroy(etmp); 245 } 246 ctemp = constraint; 247 constraint = constraint->next; 248 kfree(ctemp); 249 } 250 kfree(cladatum->comkey); 251 } 252 kfree(datum); 253 return 0; 254 } 255 256 static int role_destroy(void *key, void *datum, void *p) 257 { 258 struct role_datum *role; 259 260 kfree(key); 261 if (datum) { 262 role = datum; 263 ebitmap_destroy(&role->dominates); 264 ebitmap_destroy(&role->types); 265 } 266 kfree(datum); 267 return 0; 268 } 269 270 static int type_destroy(void *key, void *datum, void *p) 271 { 272 kfree(key); 273 kfree(datum); 274 return 0; 275 } 276 277 static int user_destroy(void *key, void *datum, void *p) 278 { 279 struct user_datum *usrdatum; 280 281 kfree(key); 282 if (datum) { 283 usrdatum = datum; 284 ebitmap_destroy(&usrdatum->roles); 285 ebitmap_destroy(&usrdatum->range.level[0].cat); 286 ebitmap_destroy(&usrdatum->range.level[1].cat); 287 ebitmap_destroy(&usrdatum->dfltlevel.cat); 288 } 289 kfree(datum); 290 return 0; 291 } 292 293 static int sens_destroy(void *key, void *datum, void *p) 294 { 295 struct level_datum *levdatum; 296 297 kfree(key); 298 if (datum) { 299 levdatum = datum; 300 if (levdatum->level) 301 ebitmap_destroy(&levdatum->level->cat); 302 kfree(levdatum->level); 303 } 304 kfree(datum); 305 return 0; 306 } 307 308 static int cat_destroy(void *key, void *datum, void *p) 309 { 310 kfree(key); 311 kfree(datum); 312 return 0; 313 } 314 315 static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = { 316 common_destroy, 317 cls_destroy, 318 role_destroy, 319 type_destroy, 320 user_destroy, 321 cond_destroy_bool, 322 sens_destroy, 323 cat_destroy, 324 }; 325 326 static int filenametr_destroy(void *key, void *datum, void *p) 327 { 328 struct filename_trans_key *ft = key; 329 struct filename_trans_datum *next, *d = datum; 330 331 kfree(ft->name); 332 kfree(key); 333 do { 334 ebitmap_destroy(&d->stypes); 335 next = d->next; 336 kfree(d); 337 d = next; 338 } while (unlikely(d)); 339 cond_resched(); 340 return 0; 341 } 342 343 static int range_tr_destroy(void *key, void *datum, void *p) 344 { 345 struct mls_range *rt = datum; 346 347 kfree(key); 348 ebitmap_destroy(&rt->level[0].cat); 349 ebitmap_destroy(&rt->level[1].cat); 350 kfree(datum); 351 cond_resched(); 352 return 0; 353 } 354 355 static int role_tr_destroy(void *key, void *datum, void *p) 356 { 357 kfree(key); 358 kfree(datum); 359 return 0; 360 } 361 362 static void ocontext_destroy(struct ocontext *c, unsigned int i) 363 { 364 if (!c) 365 return; 366 367 context_destroy(&c->context[0]); 368 context_destroy(&c->context[1]); 369 if (i == OCON_ISID || i == OCON_FS || 370 i == OCON_NETIF || i == OCON_FSUSE) 371 kfree(c->u.name); 372 kfree(c); 373 } 374 375 /* 376 * Initialize the role table. 377 */ 378 static int roles_init(struct policydb *p) 379 { 380 char *key = NULL; 381 int rc; 382 struct role_datum *role; 383 384 role = kzalloc(sizeof(*role), GFP_KERNEL); 385 if (!role) 386 return -ENOMEM; 387 388 rc = -EINVAL; 389 role->value = ++p->p_roles.nprim; 390 if (role->value != OBJECT_R_VAL) 391 goto out; 392 393 rc = -ENOMEM; 394 key = kstrdup(OBJECT_R, GFP_KERNEL); 395 if (!key) 396 goto out; 397 398 rc = symtab_insert(&p->p_roles, key, role); 399 if (rc) 400 goto out; 401 402 return 0; 403 out: 404 kfree(key); 405 kfree(role); 406 return rc; 407 } 408 409 static u32 filenametr_hash(const void *k) 410 { 411 const struct filename_trans_key *ft = k; 412 unsigned long hash; 413 unsigned int byte_num; 414 unsigned char focus; 415 416 hash = ft->ttype ^ ft->tclass; 417 418 byte_num = 0; 419 while ((focus = ft->name[byte_num++])) 420 hash = partial_name_hash(focus, hash); 421 return hash; 422 } 423 424 static int filenametr_cmp(const void *k1, const void *k2) 425 { 426 const struct filename_trans_key *ft1 = k1; 427 const struct filename_trans_key *ft2 = k2; 428 int v; 429 430 v = ft1->ttype - ft2->ttype; 431 if (v) 432 return v; 433 434 v = ft1->tclass - ft2->tclass; 435 if (v) 436 return v; 437 438 return strcmp(ft1->name, ft2->name); 439 440 } 441 442 static const struct hashtab_key_params filenametr_key_params = { 443 .hash = filenametr_hash, 444 .cmp = filenametr_cmp, 445 }; 446 447 struct filename_trans_datum *policydb_filenametr_search( 448 struct policydb *p, struct filename_trans_key *key) 449 { 450 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 451 } 452 453 static u32 rangetr_hash(const void *k) 454 { 455 const struct range_trans *key = k; 456 457 return key->source_type + (key->target_type << 3) + 458 (key->target_class << 5); 459 } 460 461 static int rangetr_cmp(const void *k1, const void *k2) 462 { 463 const struct range_trans *key1 = k1, *key2 = k2; 464 int v; 465 466 v = key1->source_type - key2->source_type; 467 if (v) 468 return v; 469 470 v = key1->target_type - key2->target_type; 471 if (v) 472 return v; 473 474 v = key1->target_class - key2->target_class; 475 476 return v; 477 } 478 479 static const struct hashtab_key_params rangetr_key_params = { 480 .hash = rangetr_hash, 481 .cmp = rangetr_cmp, 482 }; 483 484 struct mls_range *policydb_rangetr_search(struct policydb *p, 485 struct range_trans *key) 486 { 487 return hashtab_search(&p->range_tr, key, rangetr_key_params); 488 } 489 490 static u32 role_trans_hash(const void *k) 491 { 492 const struct role_trans_key *key = k; 493 494 return key->role + (key->type << 3) + (key->tclass << 5); 495 } 496 497 static int role_trans_cmp(const void *k1, const void *k2) 498 { 499 const struct role_trans_key *key1 = k1, *key2 = k2; 500 int v; 501 502 v = key1->role - key2->role; 503 if (v) 504 return v; 505 506 v = key1->type - key2->type; 507 if (v) 508 return v; 509 510 return key1->tclass - key2->tclass; 511 } 512 513 static const struct hashtab_key_params roletr_key_params = { 514 .hash = role_trans_hash, 515 .cmp = role_trans_cmp, 516 }; 517 518 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 519 struct role_trans_key *key) 520 { 521 return hashtab_search(&p->role_tr, key, roletr_key_params); 522 } 523 524 /* 525 * Initialize a policy database structure. 526 */ 527 static void policydb_init(struct policydb *p) 528 { 529 memset(p, 0, sizeof(*p)); 530 531 avtab_init(&p->te_avtab); 532 cond_policydb_init(p); 533 534 ebitmap_init(&p->filename_trans_ttypes); 535 ebitmap_init(&p->policycaps); 536 ebitmap_init(&p->permissive_map); 537 } 538 539 /* 540 * The following *_index functions are used to 541 * define the val_to_name and val_to_struct arrays 542 * in a policy database structure. The val_to_name 543 * arrays are used when converting security context 544 * structures into string representations. The 545 * val_to_struct arrays are used when the attributes 546 * of a class, role, or user are needed. 547 */ 548 549 static int common_index(void *key, void *datum, void *datap) 550 { 551 struct policydb *p; 552 struct common_datum *comdatum; 553 554 comdatum = datum; 555 p = datap; 556 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 557 return -EINVAL; 558 559 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 560 561 return 0; 562 } 563 564 static int class_index(void *key, void *datum, void *datap) 565 { 566 struct policydb *p; 567 struct class_datum *cladatum; 568 569 cladatum = datum; 570 p = datap; 571 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 572 return -EINVAL; 573 574 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 575 p->class_val_to_struct[cladatum->value - 1] = cladatum; 576 return 0; 577 } 578 579 static int role_index(void *key, void *datum, void *datap) 580 { 581 struct policydb *p; 582 struct role_datum *role; 583 584 role = datum; 585 p = datap; 586 if (!role->value 587 || role->value > p->p_roles.nprim 588 || role->bounds > p->p_roles.nprim) 589 return -EINVAL; 590 591 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 592 p->role_val_to_struct[role->value - 1] = role; 593 return 0; 594 } 595 596 static int type_index(void *key, void *datum, void *datap) 597 { 598 struct policydb *p; 599 struct type_datum *typdatum; 600 601 typdatum = datum; 602 p = datap; 603 604 if (typdatum->primary) { 605 if (!typdatum->value 606 || typdatum->value > p->p_types.nprim 607 || typdatum->bounds > p->p_types.nprim) 608 return -EINVAL; 609 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 610 p->type_val_to_struct[typdatum->value - 1] = typdatum; 611 } 612 613 return 0; 614 } 615 616 static int user_index(void *key, void *datum, void *datap) 617 { 618 struct policydb *p; 619 struct user_datum *usrdatum; 620 621 usrdatum = datum; 622 p = datap; 623 if (!usrdatum->value 624 || usrdatum->value > p->p_users.nprim 625 || usrdatum->bounds > p->p_users.nprim) 626 return -EINVAL; 627 628 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 629 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 630 return 0; 631 } 632 633 static int sens_index(void *key, void *datum, void *datap) 634 { 635 struct policydb *p; 636 struct level_datum *levdatum; 637 638 levdatum = datum; 639 p = datap; 640 641 if (!levdatum->isalias) { 642 if (!levdatum->level->sens || 643 levdatum->level->sens > p->p_levels.nprim) 644 return -EINVAL; 645 646 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 647 } 648 649 return 0; 650 } 651 652 static int cat_index(void *key, void *datum, void *datap) 653 { 654 struct policydb *p; 655 struct cat_datum *catdatum; 656 657 catdatum = datum; 658 p = datap; 659 660 if (!catdatum->isalias) { 661 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 662 return -EINVAL; 663 664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 665 } 666 667 return 0; 668 } 669 670 static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = { 671 common_index, 672 class_index, 673 role_index, 674 type_index, 675 user_index, 676 cond_index_bool, 677 sens_index, 678 cat_index, 679 }; 680 681 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 682 static void hash_eval(struct hashtab *h, const char *hash_name) 683 { 684 struct hashtab_info info; 685 686 hashtab_stat(h, &info); 687 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 688 hash_name, h->nel, info.slots_used, h->size, 689 info.max_chain_len); 690 } 691 692 static void symtab_hash_eval(struct symtab *s) 693 { 694 int i; 695 696 for (i = 0; i < SYM_NUM; i++) 697 hash_eval(&s[i].table, symtab_name[i]); 698 } 699 700 #else 701 static inline void hash_eval(struct hashtab *h, const char *hash_name) 702 { 703 } 704 static inline void symtab_hash_eval(struct symtab *s) 705 { 706 } 707 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ 708 709 /* 710 * Define the other val_to_name and val_to_struct arrays 711 * in a policy database structure. 712 * 713 * Caller must clean up on failure. 714 */ 715 static int policydb_index(struct policydb *p) 716 { 717 int i, rc; 718 719 if (p->mls_enabled) 720 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 721 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 722 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 723 else 724 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 725 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 726 p->p_bools.nprim); 727 728 pr_debug("SELinux: %d classes, %d rules\n", 729 p->p_classes.nprim, p->te_avtab.nel); 730 731 avtab_hash_eval(&p->te_avtab, "rules"); 732 symtab_hash_eval(p->symtab); 733 734 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 735 sizeof(*p->class_val_to_struct), 736 GFP_KERNEL); 737 if (!p->class_val_to_struct) 738 return -ENOMEM; 739 740 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 741 sizeof(*p->role_val_to_struct), 742 GFP_KERNEL); 743 if (!p->role_val_to_struct) 744 return -ENOMEM; 745 746 p->user_val_to_struct = kcalloc(p->p_users.nprim, 747 sizeof(*p->user_val_to_struct), 748 GFP_KERNEL); 749 if (!p->user_val_to_struct) 750 return -ENOMEM; 751 752 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 753 sizeof(*p->type_val_to_struct), 754 GFP_KERNEL); 755 if (!p->type_val_to_struct) 756 return -ENOMEM; 757 758 rc = cond_init_bool_indexes(p); 759 if (rc) 760 goto out; 761 762 for (i = 0; i < SYM_NUM; i++) { 763 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 764 sizeof(char *), 765 GFP_KERNEL); 766 if (!p->sym_val_to_name[i]) 767 return -ENOMEM; 768 769 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 770 if (rc) 771 goto out; 772 } 773 rc = 0; 774 out: 775 return rc; 776 } 777 778 /* 779 * Free any memory allocated by a policy database structure. 780 */ 781 void policydb_destroy(struct policydb *p) 782 { 783 struct ocontext *c, *ctmp; 784 struct genfs *g, *gtmp; 785 u32 i; 786 struct role_allow *ra, *lra = NULL; 787 788 for (i = 0; i < SYM_NUM; i++) { 789 cond_resched(); 790 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 791 hashtab_destroy(&p->symtab[i].table); 792 } 793 794 for (i = 0; i < SYM_NUM; i++) 795 kvfree(p->sym_val_to_name[i]); 796 797 kfree(p->class_val_to_struct); 798 kfree(p->role_val_to_struct); 799 kfree(p->user_val_to_struct); 800 kvfree(p->type_val_to_struct); 801 802 avtab_destroy(&p->te_avtab); 803 804 for (i = 0; i < OCON_NUM; i++) { 805 cond_resched(); 806 c = p->ocontexts[i]; 807 while (c) { 808 ctmp = c; 809 c = c->next; 810 ocontext_destroy(ctmp, i); 811 } 812 p->ocontexts[i] = NULL; 813 } 814 815 g = p->genfs; 816 while (g) { 817 cond_resched(); 818 kfree(g->fstype); 819 c = g->head; 820 while (c) { 821 ctmp = c; 822 c = c->next; 823 ocontext_destroy(ctmp, OCON_FSUSE); 824 } 825 gtmp = g; 826 g = g->next; 827 kfree(gtmp); 828 } 829 p->genfs = NULL; 830 831 cond_policydb_destroy(p); 832 833 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 834 hashtab_destroy(&p->role_tr); 835 836 for (ra = p->role_allow; ra; ra = ra->next) { 837 cond_resched(); 838 kfree(lra); 839 lra = ra; 840 } 841 kfree(lra); 842 843 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 844 hashtab_destroy(&p->filename_trans); 845 846 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 847 hashtab_destroy(&p->range_tr); 848 849 if (p->type_attr_map_array) { 850 for (i = 0; i < p->p_types.nprim; i++) 851 ebitmap_destroy(&p->type_attr_map_array[i]); 852 kvfree(p->type_attr_map_array); 853 } 854 855 ebitmap_destroy(&p->filename_trans_ttypes); 856 ebitmap_destroy(&p->policycaps); 857 ebitmap_destroy(&p->permissive_map); 858 } 859 860 /* 861 * Load the initial SIDs specified in a policy database 862 * structure into a SID table. 863 */ 864 int policydb_load_isids(struct policydb *p, struct sidtab *s) 865 { 866 struct ocontext *head, *c; 867 int rc; 868 869 rc = sidtab_init(s); 870 if (rc) { 871 pr_err("SELinux: out of memory on SID table init\n"); 872 return rc; 873 } 874 875 head = p->ocontexts[OCON_ISID]; 876 for (c = head; c; c = c->next) { 877 u32 sid = c->sid[0]; 878 const char *name = security_get_initial_sid_context(sid); 879 880 if (sid == SECSID_NULL) { 881 pr_err("SELinux: SID 0 was assigned a context.\n"); 882 sidtab_destroy(s); 883 return -EINVAL; 884 } 885 886 /* Ignore initial SIDs unused by this kernel. */ 887 if (!name) 888 continue; 889 890 rc = sidtab_set_initial(s, sid, &c->context[0]); 891 if (rc) { 892 pr_err("SELinux: unable to load initial SID %s.\n", 893 name); 894 sidtab_destroy(s); 895 return rc; 896 } 897 } 898 return 0; 899 } 900 901 int policydb_class_isvalid(struct policydb *p, unsigned int class) 902 { 903 if (!class || class > p->p_classes.nprim) 904 return 0; 905 return 1; 906 } 907 908 int policydb_role_isvalid(struct policydb *p, unsigned int role) 909 { 910 if (!role || role > p->p_roles.nprim) 911 return 0; 912 return 1; 913 } 914 915 int policydb_type_isvalid(struct policydb *p, unsigned int type) 916 { 917 if (!type || type > p->p_types.nprim) 918 return 0; 919 return 1; 920 } 921 922 /* 923 * Return 1 if the fields in the security context 924 * structure `c' are valid. Return 0 otherwise. 925 */ 926 int policydb_context_isvalid(struct policydb *p, struct context *c) 927 { 928 struct role_datum *role; 929 struct user_datum *usrdatum; 930 931 if (!c->role || c->role > p->p_roles.nprim) 932 return 0; 933 934 if (!c->user || c->user > p->p_users.nprim) 935 return 0; 936 937 if (!c->type || c->type > p->p_types.nprim) 938 return 0; 939 940 if (c->role != OBJECT_R_VAL) { 941 /* 942 * Role must be authorized for the type. 943 */ 944 role = p->role_val_to_struct[c->role - 1]; 945 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 946 /* role may not be associated with type */ 947 return 0; 948 949 /* 950 * User must be authorized for the role. 951 */ 952 usrdatum = p->user_val_to_struct[c->user - 1]; 953 if (!usrdatum) 954 return 0; 955 956 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 957 /* user may not be associated with role */ 958 return 0; 959 } 960 961 if (!mls_context_isvalid(p, c)) 962 return 0; 963 964 return 1; 965 } 966 967 /* 968 * Read a MLS range structure from a policydb binary 969 * representation file. 970 */ 971 static int mls_read_range_helper(struct mls_range *r, void *fp) 972 { 973 __le32 buf[2]; 974 u32 items; 975 int rc; 976 977 rc = next_entry(buf, fp, sizeof(u32)); 978 if (rc) 979 goto out; 980 981 rc = -EINVAL; 982 items = le32_to_cpu(buf[0]); 983 if (items > ARRAY_SIZE(buf)) { 984 pr_err("SELinux: mls: range overflow\n"); 985 goto out; 986 } 987 988 rc = next_entry(buf, fp, sizeof(u32) * items); 989 if (rc) { 990 pr_err("SELinux: mls: truncated range\n"); 991 goto out; 992 } 993 994 r->level[0].sens = le32_to_cpu(buf[0]); 995 if (items > 1) 996 r->level[1].sens = le32_to_cpu(buf[1]); 997 else 998 r->level[1].sens = r->level[0].sens; 999 1000 rc = ebitmap_read(&r->level[0].cat, fp); 1001 if (rc) { 1002 pr_err("SELinux: mls: error reading low categories\n"); 1003 goto out; 1004 } 1005 if (items > 1) { 1006 rc = ebitmap_read(&r->level[1].cat, fp); 1007 if (rc) { 1008 pr_err("SELinux: mls: error reading high categories\n"); 1009 goto bad_high; 1010 } 1011 } else { 1012 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1013 if (rc) { 1014 pr_err("SELinux: mls: out of memory\n"); 1015 goto bad_high; 1016 } 1017 } 1018 1019 return 0; 1020 bad_high: 1021 ebitmap_destroy(&r->level[0].cat); 1022 out: 1023 return rc; 1024 } 1025 1026 /* 1027 * Read and validate a security context structure 1028 * from a policydb binary representation file. 1029 */ 1030 static int context_read_and_validate(struct context *c, 1031 struct policydb *p, 1032 void *fp) 1033 { 1034 __le32 buf[3]; 1035 int rc; 1036 1037 rc = next_entry(buf, fp, sizeof buf); 1038 if (rc) { 1039 pr_err("SELinux: context truncated\n"); 1040 goto out; 1041 } 1042 c->user = le32_to_cpu(buf[0]); 1043 c->role = le32_to_cpu(buf[1]); 1044 c->type = le32_to_cpu(buf[2]); 1045 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1046 rc = mls_read_range_helper(&c->range, fp); 1047 if (rc) { 1048 pr_err("SELinux: error reading MLS range of context\n"); 1049 goto out; 1050 } 1051 } 1052 1053 rc = -EINVAL; 1054 if (!policydb_context_isvalid(p, c)) { 1055 pr_err("SELinux: invalid security context\n"); 1056 context_destroy(c); 1057 goto out; 1058 } 1059 rc = 0; 1060 out: 1061 return rc; 1062 } 1063 1064 /* 1065 * The following *_read functions are used to 1066 * read the symbol data from a policy database 1067 * binary representation file. 1068 */ 1069 1070 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1071 { 1072 int rc; 1073 char *str; 1074 1075 if ((len == 0) || (len == (u32)-1)) 1076 return -EINVAL; 1077 1078 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1079 if (!str) 1080 return -ENOMEM; 1081 1082 rc = next_entry(str, fp, len); 1083 if (rc) { 1084 kfree(str); 1085 return rc; 1086 } 1087 1088 str[len] = '\0'; 1089 *strp = str; 1090 return 0; 1091 } 1092 1093 static int perm_read(struct policydb *p, struct symtab *s, void *fp) 1094 { 1095 char *key = NULL; 1096 struct perm_datum *perdatum; 1097 int rc; 1098 __le32 buf[2]; 1099 u32 len; 1100 1101 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1102 if (!perdatum) 1103 return -ENOMEM; 1104 1105 rc = next_entry(buf, fp, sizeof buf); 1106 if (rc) 1107 goto bad; 1108 1109 len = le32_to_cpu(buf[0]); 1110 perdatum->value = le32_to_cpu(buf[1]); 1111 1112 rc = str_read(&key, GFP_KERNEL, fp, len); 1113 if (rc) 1114 goto bad; 1115 1116 rc = symtab_insert(s, key, perdatum); 1117 if (rc) 1118 goto bad; 1119 1120 return 0; 1121 bad: 1122 perm_destroy(key, perdatum, NULL); 1123 return rc; 1124 } 1125 1126 static int common_read(struct policydb *p, struct symtab *s, void *fp) 1127 { 1128 char *key = NULL; 1129 struct common_datum *comdatum; 1130 __le32 buf[4]; 1131 u32 i, len, nel; 1132 int rc; 1133 1134 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1135 if (!comdatum) 1136 return -ENOMEM; 1137 1138 rc = next_entry(buf, fp, sizeof buf); 1139 if (rc) 1140 goto bad; 1141 1142 len = le32_to_cpu(buf[0]); 1143 comdatum->value = le32_to_cpu(buf[1]); 1144 nel = le32_to_cpu(buf[3]); 1145 1146 rc = symtab_init(&comdatum->permissions, nel); 1147 if (rc) 1148 goto bad; 1149 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1150 1151 rc = str_read(&key, GFP_KERNEL, fp, len); 1152 if (rc) 1153 goto bad; 1154 1155 for (i = 0; i < nel; i++) { 1156 rc = perm_read(p, &comdatum->permissions, fp); 1157 if (rc) 1158 goto bad; 1159 } 1160 1161 rc = symtab_insert(s, key, comdatum); 1162 if (rc) 1163 goto bad; 1164 return 0; 1165 bad: 1166 common_destroy(key, comdatum, NULL); 1167 return rc; 1168 } 1169 1170 static void type_set_init(struct type_set *t) 1171 { 1172 ebitmap_init(&t->types); 1173 ebitmap_init(&t->negset); 1174 } 1175 1176 static int type_set_read(struct type_set *t, void *fp) 1177 { 1178 __le32 buf[1]; 1179 int rc; 1180 1181 if (ebitmap_read(&t->types, fp)) 1182 return -EINVAL; 1183 if (ebitmap_read(&t->negset, fp)) 1184 return -EINVAL; 1185 1186 rc = next_entry(buf, fp, sizeof(u32)); 1187 if (rc < 0) 1188 return -EINVAL; 1189 t->flags = le32_to_cpu(buf[0]); 1190 1191 return 0; 1192 } 1193 1194 1195 static int read_cons_helper(struct policydb *p, 1196 struct constraint_node **nodep, 1197 u32 ncons, int allowxtarget, void *fp) 1198 { 1199 struct constraint_node *c, *lc; 1200 struct constraint_expr *e, *le; 1201 __le32 buf[3]; 1202 u32 i, j, nexpr; 1203 int rc, depth; 1204 1205 lc = NULL; 1206 for (i = 0; i < ncons; i++) { 1207 c = kzalloc(sizeof(*c), GFP_KERNEL); 1208 if (!c) 1209 return -ENOMEM; 1210 1211 if (lc) 1212 lc->next = c; 1213 else 1214 *nodep = c; 1215 1216 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1217 if (rc) 1218 return rc; 1219 c->permissions = le32_to_cpu(buf[0]); 1220 nexpr = le32_to_cpu(buf[1]); 1221 le = NULL; 1222 depth = -1; 1223 for (j = 0; j < nexpr; j++) { 1224 e = kzalloc(sizeof(*e), GFP_KERNEL); 1225 if (!e) 1226 return -ENOMEM; 1227 1228 if (le) 1229 le->next = e; 1230 else 1231 c->expr = e; 1232 1233 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1234 if (rc) 1235 return rc; 1236 e->expr_type = le32_to_cpu(buf[0]); 1237 e->attr = le32_to_cpu(buf[1]); 1238 e->op = le32_to_cpu(buf[2]); 1239 1240 switch (e->expr_type) { 1241 case CEXPR_NOT: 1242 if (depth < 0) 1243 return -EINVAL; 1244 break; 1245 case CEXPR_AND: 1246 case CEXPR_OR: 1247 if (depth < 1) 1248 return -EINVAL; 1249 depth--; 1250 break; 1251 case CEXPR_ATTR: 1252 if (depth == (CEXPR_MAXDEPTH - 1)) 1253 return -EINVAL; 1254 depth++; 1255 break; 1256 case CEXPR_NAMES: 1257 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1258 return -EINVAL; 1259 if (depth == (CEXPR_MAXDEPTH - 1)) 1260 return -EINVAL; 1261 depth++; 1262 rc = ebitmap_read(&e->names, fp); 1263 if (rc) 1264 return rc; 1265 if (p->policyvers >= 1266 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1267 e->type_names = kzalloc(sizeof 1268 (*e->type_names), GFP_KERNEL); 1269 if (!e->type_names) 1270 return -ENOMEM; 1271 type_set_init(e->type_names); 1272 rc = type_set_read(e->type_names, fp); 1273 if (rc) 1274 return rc; 1275 } 1276 break; 1277 default: 1278 return -EINVAL; 1279 } 1280 le = e; 1281 } 1282 if (depth != 0) 1283 return -EINVAL; 1284 lc = c; 1285 } 1286 1287 return 0; 1288 } 1289 1290 static int class_read(struct policydb *p, struct symtab *s, void *fp) 1291 { 1292 char *key = NULL; 1293 struct class_datum *cladatum; 1294 __le32 buf[6]; 1295 u32 i, len, len2, ncons, nel; 1296 int rc; 1297 1298 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1299 if (!cladatum) 1300 return -ENOMEM; 1301 1302 rc = next_entry(buf, fp, sizeof(u32)*6); 1303 if (rc) 1304 goto bad; 1305 1306 len = le32_to_cpu(buf[0]); 1307 len2 = le32_to_cpu(buf[1]); 1308 cladatum->value = le32_to_cpu(buf[2]); 1309 nel = le32_to_cpu(buf[4]); 1310 1311 rc = symtab_init(&cladatum->permissions, nel); 1312 if (rc) 1313 goto bad; 1314 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1315 1316 ncons = le32_to_cpu(buf[5]); 1317 1318 rc = str_read(&key, GFP_KERNEL, fp, len); 1319 if (rc) 1320 goto bad; 1321 1322 if (len2) { 1323 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1324 if (rc) 1325 goto bad; 1326 1327 rc = -EINVAL; 1328 cladatum->comdatum = symtab_search(&p->p_commons, 1329 cladatum->comkey); 1330 if (!cladatum->comdatum) { 1331 pr_err("SELinux: unknown common %s\n", 1332 cladatum->comkey); 1333 goto bad; 1334 } 1335 } 1336 for (i = 0; i < nel; i++) { 1337 rc = perm_read(p, &cladatum->permissions, fp); 1338 if (rc) 1339 goto bad; 1340 } 1341 1342 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1343 if (rc) 1344 goto bad; 1345 1346 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1347 /* grab the validatetrans rules */ 1348 rc = next_entry(buf, fp, sizeof(u32)); 1349 if (rc) 1350 goto bad; 1351 ncons = le32_to_cpu(buf[0]); 1352 rc = read_cons_helper(p, &cladatum->validatetrans, 1353 ncons, 1, fp); 1354 if (rc) 1355 goto bad; 1356 } 1357 1358 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1359 rc = next_entry(buf, fp, sizeof(u32) * 3); 1360 if (rc) 1361 goto bad; 1362 1363 cladatum->default_user = le32_to_cpu(buf[0]); 1364 cladatum->default_role = le32_to_cpu(buf[1]); 1365 cladatum->default_range = le32_to_cpu(buf[2]); 1366 } 1367 1368 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1369 rc = next_entry(buf, fp, sizeof(u32) * 1); 1370 if (rc) 1371 goto bad; 1372 cladatum->default_type = le32_to_cpu(buf[0]); 1373 } 1374 1375 rc = symtab_insert(s, key, cladatum); 1376 if (rc) 1377 goto bad; 1378 1379 return 0; 1380 bad: 1381 cls_destroy(key, cladatum, NULL); 1382 return rc; 1383 } 1384 1385 static int role_read(struct policydb *p, struct symtab *s, void *fp) 1386 { 1387 char *key = NULL; 1388 struct role_datum *role; 1389 int rc; 1390 unsigned int to_read = 2; 1391 __le32 buf[3]; 1392 u32 len; 1393 1394 role = kzalloc(sizeof(*role), GFP_KERNEL); 1395 if (!role) 1396 return -ENOMEM; 1397 1398 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1399 to_read = 3; 1400 1401 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1402 if (rc) 1403 goto bad; 1404 1405 len = le32_to_cpu(buf[0]); 1406 role->value = le32_to_cpu(buf[1]); 1407 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1408 role->bounds = le32_to_cpu(buf[2]); 1409 1410 rc = str_read(&key, GFP_KERNEL, fp, len); 1411 if (rc) 1412 goto bad; 1413 1414 rc = ebitmap_read(&role->dominates, fp); 1415 if (rc) 1416 goto bad; 1417 1418 rc = ebitmap_read(&role->types, fp); 1419 if (rc) 1420 goto bad; 1421 1422 if (strcmp(key, OBJECT_R) == 0) { 1423 rc = -EINVAL; 1424 if (role->value != OBJECT_R_VAL) { 1425 pr_err("SELinux: Role %s has wrong value %d\n", 1426 OBJECT_R, role->value); 1427 goto bad; 1428 } 1429 rc = 0; 1430 goto bad; 1431 } 1432 1433 rc = symtab_insert(s, key, role); 1434 if (rc) 1435 goto bad; 1436 return 0; 1437 bad: 1438 role_destroy(key, role, NULL); 1439 return rc; 1440 } 1441 1442 static int type_read(struct policydb *p, struct symtab *s, void *fp) 1443 { 1444 char *key = NULL; 1445 struct type_datum *typdatum; 1446 int rc; 1447 unsigned int to_read = 3; 1448 __le32 buf[4]; 1449 u32 len; 1450 1451 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1452 if (!typdatum) 1453 return -ENOMEM; 1454 1455 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1456 to_read = 4; 1457 1458 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1459 if (rc) 1460 goto bad; 1461 1462 len = le32_to_cpu(buf[0]); 1463 typdatum->value = le32_to_cpu(buf[1]); 1464 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1465 u32 prop = le32_to_cpu(buf[2]); 1466 1467 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1468 typdatum->primary = 1; 1469 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1470 typdatum->attribute = 1; 1471 1472 typdatum->bounds = le32_to_cpu(buf[3]); 1473 } else { 1474 typdatum->primary = le32_to_cpu(buf[2]); 1475 } 1476 1477 rc = str_read(&key, GFP_KERNEL, fp, len); 1478 if (rc) 1479 goto bad; 1480 1481 rc = symtab_insert(s, key, typdatum); 1482 if (rc) 1483 goto bad; 1484 return 0; 1485 bad: 1486 type_destroy(key, typdatum, NULL); 1487 return rc; 1488 } 1489 1490 1491 /* 1492 * Read a MLS level structure from a policydb binary 1493 * representation file. 1494 */ 1495 static int mls_read_level(struct mls_level *lp, void *fp) 1496 { 1497 __le32 buf[1]; 1498 int rc; 1499 1500 memset(lp, 0, sizeof(*lp)); 1501 1502 rc = next_entry(buf, fp, sizeof buf); 1503 if (rc) { 1504 pr_err("SELinux: mls: truncated level\n"); 1505 return rc; 1506 } 1507 lp->sens = le32_to_cpu(buf[0]); 1508 1509 rc = ebitmap_read(&lp->cat, fp); 1510 if (rc) { 1511 pr_err("SELinux: mls: error reading level categories\n"); 1512 return rc; 1513 } 1514 return 0; 1515 } 1516 1517 static int user_read(struct policydb *p, struct symtab *s, void *fp) 1518 { 1519 char *key = NULL; 1520 struct user_datum *usrdatum; 1521 int rc; 1522 unsigned int to_read = 2; 1523 __le32 buf[3]; 1524 u32 len; 1525 1526 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1527 if (!usrdatum) 1528 return -ENOMEM; 1529 1530 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1531 to_read = 3; 1532 1533 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1534 if (rc) 1535 goto bad; 1536 1537 len = le32_to_cpu(buf[0]); 1538 usrdatum->value = le32_to_cpu(buf[1]); 1539 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1540 usrdatum->bounds = le32_to_cpu(buf[2]); 1541 1542 rc = str_read(&key, GFP_KERNEL, fp, len); 1543 if (rc) 1544 goto bad; 1545 1546 rc = ebitmap_read(&usrdatum->roles, fp); 1547 if (rc) 1548 goto bad; 1549 1550 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1551 rc = mls_read_range_helper(&usrdatum->range, fp); 1552 if (rc) 1553 goto bad; 1554 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1555 if (rc) 1556 goto bad; 1557 } 1558 1559 rc = symtab_insert(s, key, usrdatum); 1560 if (rc) 1561 goto bad; 1562 return 0; 1563 bad: 1564 user_destroy(key, usrdatum, NULL); 1565 return rc; 1566 } 1567 1568 static int sens_read(struct policydb *p, struct symtab *s, void *fp) 1569 { 1570 char *key = NULL; 1571 struct level_datum *levdatum; 1572 int rc; 1573 __le32 buf[2]; 1574 u32 len; 1575 1576 levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); 1577 if (!levdatum) 1578 return -ENOMEM; 1579 1580 rc = next_entry(buf, fp, sizeof buf); 1581 if (rc) 1582 goto bad; 1583 1584 len = le32_to_cpu(buf[0]); 1585 levdatum->isalias = le32_to_cpu(buf[1]); 1586 1587 rc = str_read(&key, GFP_KERNEL, fp, len); 1588 if (rc) 1589 goto bad; 1590 1591 rc = -ENOMEM; 1592 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_KERNEL); 1593 if (!levdatum->level) 1594 goto bad; 1595 1596 rc = mls_read_level(levdatum->level, fp); 1597 if (rc) 1598 goto bad; 1599 1600 rc = symtab_insert(s, key, levdatum); 1601 if (rc) 1602 goto bad; 1603 return 0; 1604 bad: 1605 sens_destroy(key, levdatum, NULL); 1606 return rc; 1607 } 1608 1609 static int cat_read(struct policydb *p, struct symtab *s, void *fp) 1610 { 1611 char *key = NULL; 1612 struct cat_datum *catdatum; 1613 int rc; 1614 __le32 buf[3]; 1615 u32 len; 1616 1617 catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); 1618 if (!catdatum) 1619 return -ENOMEM; 1620 1621 rc = next_entry(buf, fp, sizeof buf); 1622 if (rc) 1623 goto bad; 1624 1625 len = le32_to_cpu(buf[0]); 1626 catdatum->value = le32_to_cpu(buf[1]); 1627 catdatum->isalias = le32_to_cpu(buf[2]); 1628 1629 rc = str_read(&key, GFP_KERNEL, fp, len); 1630 if (rc) 1631 goto bad; 1632 1633 rc = symtab_insert(s, key, catdatum); 1634 if (rc) 1635 goto bad; 1636 return 0; 1637 bad: 1638 cat_destroy(key, catdatum, NULL); 1639 return rc; 1640 } 1641 1642 static int (*const read_f[SYM_NUM]) (struct policydb *p, 1643 struct symtab *s, void *fp) = { 1644 common_read, 1645 class_read, 1646 role_read, 1647 type_read, 1648 user_read, 1649 cond_read_bool, 1650 sens_read, 1651 cat_read, 1652 }; 1653 1654 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1655 { 1656 struct user_datum *upper, *user; 1657 struct policydb *p = datap; 1658 int depth = 0; 1659 1660 upper = user = datum; 1661 while (upper->bounds) { 1662 struct ebitmap_node *node; 1663 u32 bit; 1664 1665 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1666 pr_err("SELinux: user %s: " 1667 "too deep or looped boundary\n", 1668 (char *) key); 1669 return -EINVAL; 1670 } 1671 1672 upper = p->user_val_to_struct[upper->bounds - 1]; 1673 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1674 if (ebitmap_get_bit(&upper->roles, bit)) 1675 continue; 1676 1677 pr_err("SELinux: boundary violated policy: " 1678 "user=%s role=%s bounds=%s\n", 1679 sym_name(p, SYM_USERS, user->value - 1), 1680 sym_name(p, SYM_ROLES, bit), 1681 sym_name(p, SYM_USERS, upper->value - 1)); 1682 1683 return -EINVAL; 1684 } 1685 } 1686 1687 return 0; 1688 } 1689 1690 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1691 { 1692 struct role_datum *upper, *role; 1693 struct policydb *p = datap; 1694 int depth = 0; 1695 1696 upper = role = datum; 1697 while (upper->bounds) { 1698 struct ebitmap_node *node; 1699 u32 bit; 1700 1701 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1702 pr_err("SELinux: role %s: " 1703 "too deep or looped bounds\n", 1704 (char *) key); 1705 return -EINVAL; 1706 } 1707 1708 upper = p->role_val_to_struct[upper->bounds - 1]; 1709 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1710 if (ebitmap_get_bit(&upper->types, bit)) 1711 continue; 1712 1713 pr_err("SELinux: boundary violated policy: " 1714 "role=%s type=%s bounds=%s\n", 1715 sym_name(p, SYM_ROLES, role->value - 1), 1716 sym_name(p, SYM_TYPES, bit), 1717 sym_name(p, SYM_ROLES, upper->value - 1)); 1718 1719 return -EINVAL; 1720 } 1721 } 1722 1723 return 0; 1724 } 1725 1726 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1727 { 1728 struct type_datum *upper; 1729 struct policydb *p = datap; 1730 int depth = 0; 1731 1732 upper = datum; 1733 while (upper->bounds) { 1734 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1735 pr_err("SELinux: type %s: " 1736 "too deep or looped boundary\n", 1737 (char *) key); 1738 return -EINVAL; 1739 } 1740 1741 upper = p->type_val_to_struct[upper->bounds - 1]; 1742 BUG_ON(!upper); 1743 1744 if (upper->attribute) { 1745 pr_err("SELinux: type %s: " 1746 "bounded by attribute %s\n", 1747 (char *) key, 1748 sym_name(p, SYM_TYPES, upper->value - 1)); 1749 return -EINVAL; 1750 } 1751 } 1752 1753 return 0; 1754 } 1755 1756 static int policydb_bounds_sanity_check(struct policydb *p) 1757 { 1758 int rc; 1759 1760 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1761 return 0; 1762 1763 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1764 if (rc) 1765 return rc; 1766 1767 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1768 if (rc) 1769 return rc; 1770 1771 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1772 if (rc) 1773 return rc; 1774 1775 return 0; 1776 } 1777 1778 u16 string_to_security_class(struct policydb *p, const char *name) 1779 { 1780 struct class_datum *cladatum; 1781 1782 cladatum = symtab_search(&p->p_classes, name); 1783 if (!cladatum) 1784 return 0; 1785 1786 return cladatum->value; 1787 } 1788 1789 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1790 { 1791 struct class_datum *cladatum; 1792 struct perm_datum *perdatum = NULL; 1793 struct common_datum *comdatum; 1794 1795 if (!tclass || tclass > p->p_classes.nprim) 1796 return 0; 1797 1798 cladatum = p->class_val_to_struct[tclass-1]; 1799 comdatum = cladatum->comdatum; 1800 if (comdatum) 1801 perdatum = symtab_search(&comdatum->permissions, name); 1802 if (!perdatum) 1803 perdatum = symtab_search(&cladatum->permissions, name); 1804 if (!perdatum) 1805 return 0; 1806 1807 return 1U << (perdatum->value-1); 1808 } 1809 1810 static int range_read(struct policydb *p, void *fp) 1811 { 1812 struct range_trans *rt = NULL; 1813 struct mls_range *r = NULL; 1814 int rc; 1815 __le32 buf[2]; 1816 u32 i, nel; 1817 1818 if (p->policyvers < POLICYDB_VERSION_MLS) 1819 return 0; 1820 1821 rc = next_entry(buf, fp, sizeof(u32)); 1822 if (rc) 1823 return rc; 1824 1825 nel = le32_to_cpu(buf[0]); 1826 1827 rc = hashtab_init(&p->range_tr, nel); 1828 if (rc) 1829 return rc; 1830 1831 for (i = 0; i < nel; i++) { 1832 rc = -ENOMEM; 1833 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1834 if (!rt) 1835 goto out; 1836 1837 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1838 if (rc) 1839 goto out; 1840 1841 rt->source_type = le32_to_cpu(buf[0]); 1842 rt->target_type = le32_to_cpu(buf[1]); 1843 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1844 rc = next_entry(buf, fp, sizeof(u32)); 1845 if (rc) 1846 goto out; 1847 rt->target_class = le32_to_cpu(buf[0]); 1848 } else 1849 rt->target_class = p->process_class; 1850 1851 rc = -EINVAL; 1852 if (!policydb_type_isvalid(p, rt->source_type) || 1853 !policydb_type_isvalid(p, rt->target_type) || 1854 !policydb_class_isvalid(p, rt->target_class)) 1855 goto out; 1856 1857 rc = -ENOMEM; 1858 r = kzalloc(sizeof(*r), GFP_KERNEL); 1859 if (!r) 1860 goto out; 1861 1862 rc = mls_read_range_helper(r, fp); 1863 if (rc) 1864 goto out; 1865 1866 rc = -EINVAL; 1867 if (!mls_range_isvalid(p, r)) { 1868 pr_warn("SELinux: rangetrans: invalid range\n"); 1869 goto out; 1870 } 1871 1872 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1873 if (rc) 1874 goto out; 1875 1876 rt = NULL; 1877 r = NULL; 1878 } 1879 hash_eval(&p->range_tr, "rangetr"); 1880 rc = 0; 1881 out: 1882 kfree(rt); 1883 kfree(r); 1884 return rc; 1885 } 1886 1887 static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1888 { 1889 struct filename_trans_key key, *ft = NULL; 1890 struct filename_trans_datum *last, *datum = NULL; 1891 char *name = NULL; 1892 u32 len, stype, otype; 1893 __le32 buf[4]; 1894 int rc; 1895 1896 /* length of the path component string */ 1897 rc = next_entry(buf, fp, sizeof(u32)); 1898 if (rc) 1899 return rc; 1900 len = le32_to_cpu(buf[0]); 1901 1902 /* path component string */ 1903 rc = str_read(&name, GFP_KERNEL, fp, len); 1904 if (rc) 1905 return rc; 1906 1907 rc = next_entry(buf, fp, sizeof(u32) * 4); 1908 if (rc) 1909 goto out; 1910 1911 stype = le32_to_cpu(buf[0]); 1912 key.ttype = le32_to_cpu(buf[1]); 1913 key.tclass = le32_to_cpu(buf[2]); 1914 key.name = name; 1915 1916 otype = le32_to_cpu(buf[3]); 1917 1918 last = NULL; 1919 datum = policydb_filenametr_search(p, &key); 1920 while (datum) { 1921 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1922 /* conflicting/duplicate rules are ignored */ 1923 datum = NULL; 1924 goto out; 1925 } 1926 if (likely(datum->otype == otype)) 1927 break; 1928 last = datum; 1929 datum = datum->next; 1930 } 1931 if (!datum) { 1932 rc = -ENOMEM; 1933 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1934 if (!datum) 1935 goto out; 1936 1937 ebitmap_init(&datum->stypes); 1938 datum->otype = otype; 1939 datum->next = NULL; 1940 1941 if (unlikely(last)) { 1942 last->next = datum; 1943 } else { 1944 rc = -ENOMEM; 1945 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1946 if (!ft) 1947 goto out; 1948 1949 rc = hashtab_insert(&p->filename_trans, ft, datum, 1950 filenametr_key_params); 1951 if (rc) 1952 goto out; 1953 name = NULL; 1954 1955 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1956 key.ttype, 1); 1957 if (rc) 1958 return rc; 1959 } 1960 } 1961 kfree(name); 1962 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1963 1964 out: 1965 kfree(ft); 1966 kfree(name); 1967 kfree(datum); 1968 return rc; 1969 } 1970 1971 static int filename_trans_read_helper(struct policydb *p, void *fp) 1972 { 1973 struct filename_trans_key *ft = NULL; 1974 struct filename_trans_datum **dst, *datum, *first = NULL; 1975 char *name = NULL; 1976 u32 len, ttype, tclass, ndatum, i; 1977 __le32 buf[3]; 1978 int rc; 1979 1980 /* length of the path component string */ 1981 rc = next_entry(buf, fp, sizeof(u32)); 1982 if (rc) 1983 return rc; 1984 len = le32_to_cpu(buf[0]); 1985 1986 /* path component string */ 1987 rc = str_read(&name, GFP_KERNEL, fp, len); 1988 if (rc) 1989 return rc; 1990 1991 rc = next_entry(buf, fp, sizeof(u32) * 3); 1992 if (rc) 1993 goto out; 1994 1995 ttype = le32_to_cpu(buf[0]); 1996 tclass = le32_to_cpu(buf[1]); 1997 1998 ndatum = le32_to_cpu(buf[2]); 1999 if (ndatum == 0) { 2000 pr_err("SELinux: Filename transition key with no datum\n"); 2001 rc = -ENOENT; 2002 goto out; 2003 } 2004 2005 dst = &first; 2006 for (i = 0; i < ndatum; i++) { 2007 rc = -ENOMEM; 2008 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2009 if (!datum) 2010 goto out; 2011 2012 datum->next = NULL; 2013 *dst = datum; 2014 2015 /* ebitmap_read() will at least init the bitmap */ 2016 rc = ebitmap_read(&datum->stypes, fp); 2017 if (rc) 2018 goto out; 2019 2020 rc = next_entry(buf, fp, sizeof(u32)); 2021 if (rc) 2022 goto out; 2023 2024 datum->otype = le32_to_cpu(buf[0]); 2025 2026 dst = &datum->next; 2027 } 2028 2029 rc = -ENOMEM; 2030 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2031 if (!ft) 2032 goto out; 2033 2034 ft->ttype = ttype; 2035 ft->tclass = tclass; 2036 ft->name = name; 2037 2038 rc = hashtab_insert(&p->filename_trans, ft, first, 2039 filenametr_key_params); 2040 if (rc == -EEXIST) 2041 pr_err("SELinux: Duplicate filename transition key\n"); 2042 if (rc) 2043 goto out; 2044 2045 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2046 2047 out: 2048 kfree(ft); 2049 kfree(name); 2050 while (first) { 2051 datum = first; 2052 first = first->next; 2053 2054 ebitmap_destroy(&datum->stypes); 2055 kfree(datum); 2056 } 2057 return rc; 2058 } 2059 2060 static int filename_trans_read(struct policydb *p, void *fp) 2061 { 2062 u32 nel, i; 2063 __le32 buf[1]; 2064 int rc; 2065 2066 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2067 return 0; 2068 2069 rc = next_entry(buf, fp, sizeof(u32)); 2070 if (rc) 2071 return rc; 2072 nel = le32_to_cpu(buf[0]); 2073 2074 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2075 p->compat_filename_trans_count = nel; 2076 2077 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2078 if (rc) 2079 return rc; 2080 2081 for (i = 0; i < nel; i++) { 2082 rc = filename_trans_read_helper_compat(p, fp); 2083 if (rc) 2084 return rc; 2085 } 2086 } else { 2087 rc = hashtab_init(&p->filename_trans, nel); 2088 if (rc) 2089 return rc; 2090 2091 for (i = 0; i < nel; i++) { 2092 rc = filename_trans_read_helper(p, fp); 2093 if (rc) 2094 return rc; 2095 } 2096 } 2097 hash_eval(&p->filename_trans, "filenametr"); 2098 return 0; 2099 } 2100 2101 static int genfs_read(struct policydb *p, void *fp) 2102 { 2103 int rc; 2104 u32 i, j, nel, nel2, len, len2; 2105 __le32 buf[1]; 2106 struct ocontext *l, *c; 2107 struct ocontext *newc = NULL; 2108 struct genfs *genfs_p, *genfs; 2109 struct genfs *newgenfs = NULL; 2110 2111 rc = next_entry(buf, fp, sizeof(u32)); 2112 if (rc) 2113 return rc; 2114 nel = le32_to_cpu(buf[0]); 2115 2116 for (i = 0; i < nel; i++) { 2117 rc = next_entry(buf, fp, sizeof(u32)); 2118 if (rc) 2119 goto out; 2120 len = le32_to_cpu(buf[0]); 2121 2122 rc = -ENOMEM; 2123 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2124 if (!newgenfs) 2125 goto out; 2126 2127 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2128 if (rc) 2129 goto out; 2130 2131 for (genfs_p = NULL, genfs = p->genfs; genfs; 2132 genfs_p = genfs, genfs = genfs->next) { 2133 rc = -EINVAL; 2134 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2135 pr_err("SELinux: dup genfs fstype %s\n", 2136 newgenfs->fstype); 2137 goto out; 2138 } 2139 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2140 break; 2141 } 2142 newgenfs->next = genfs; 2143 if (genfs_p) 2144 genfs_p->next = newgenfs; 2145 else 2146 p->genfs = newgenfs; 2147 genfs = newgenfs; 2148 newgenfs = NULL; 2149 2150 rc = next_entry(buf, fp, sizeof(u32)); 2151 if (rc) 2152 goto out; 2153 2154 nel2 = le32_to_cpu(buf[0]); 2155 for (j = 0; j < nel2; j++) { 2156 rc = next_entry(buf, fp, sizeof(u32)); 2157 if (rc) 2158 goto out; 2159 len = le32_to_cpu(buf[0]); 2160 2161 rc = -ENOMEM; 2162 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2163 if (!newc) 2164 goto out; 2165 2166 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2167 if (rc) 2168 goto out; 2169 2170 rc = next_entry(buf, fp, sizeof(u32)); 2171 if (rc) 2172 goto out; 2173 2174 newc->v.sclass = le32_to_cpu(buf[0]); 2175 rc = context_read_and_validate(&newc->context[0], p, fp); 2176 if (rc) 2177 goto out; 2178 2179 for (l = NULL, c = genfs->head; c; 2180 l = c, c = c->next) { 2181 rc = -EINVAL; 2182 if (!strcmp(newc->u.name, c->u.name) && 2183 (!c->v.sclass || !newc->v.sclass || 2184 newc->v.sclass == c->v.sclass)) { 2185 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2186 genfs->fstype, c->u.name); 2187 goto out; 2188 } 2189 len = strlen(newc->u.name); 2190 len2 = strlen(c->u.name); 2191 if (len > len2) 2192 break; 2193 } 2194 2195 newc->next = c; 2196 if (l) 2197 l->next = newc; 2198 else 2199 genfs->head = newc; 2200 newc = NULL; 2201 } 2202 } 2203 rc = 0; 2204 out: 2205 if (newgenfs) { 2206 kfree(newgenfs->fstype); 2207 kfree(newgenfs); 2208 } 2209 ocontext_destroy(newc, OCON_FSUSE); 2210 2211 return rc; 2212 } 2213 2214 static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, 2215 void *fp) 2216 { 2217 int rc; 2218 unsigned int i; 2219 u32 j, nel, len; 2220 __be64 prefixbuf[1]; 2221 __le32 buf[3]; 2222 struct ocontext *l, *c; 2223 u32 nodebuf[8]; 2224 2225 for (i = 0; i < info->ocon_num; i++) { 2226 rc = next_entry(buf, fp, sizeof(u32)); 2227 if (rc) 2228 goto out; 2229 nel = le32_to_cpu(buf[0]); 2230 2231 l = NULL; 2232 for (j = 0; j < nel; j++) { 2233 rc = -ENOMEM; 2234 c = kzalloc(sizeof(*c), GFP_KERNEL); 2235 if (!c) 2236 goto out; 2237 if (l) 2238 l->next = c; 2239 else 2240 p->ocontexts[i] = c; 2241 l = c; 2242 2243 switch (i) { 2244 case OCON_ISID: 2245 rc = next_entry(buf, fp, sizeof(u32)); 2246 if (rc) 2247 goto out; 2248 2249 c->sid[0] = le32_to_cpu(buf[0]); 2250 rc = context_read_and_validate(&c->context[0], p, fp); 2251 if (rc) 2252 goto out; 2253 break; 2254 case OCON_FS: 2255 case OCON_NETIF: 2256 rc = next_entry(buf, fp, sizeof(u32)); 2257 if (rc) 2258 goto out; 2259 len = le32_to_cpu(buf[0]); 2260 2261 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2262 if (rc) 2263 goto out; 2264 2265 if (i == OCON_FS) 2266 pr_warn("SELinux: void and deprecated fs ocon %s\n", 2267 c->u.name); 2268 2269 rc = context_read_and_validate(&c->context[0], p, fp); 2270 if (rc) 2271 goto out; 2272 rc = context_read_and_validate(&c->context[1], p, fp); 2273 if (rc) 2274 goto out; 2275 break; 2276 case OCON_PORT: 2277 rc = next_entry(buf, fp, sizeof(u32)*3); 2278 if (rc) 2279 goto out; 2280 c->u.port.protocol = le32_to_cpu(buf[0]); 2281 c->u.port.low_port = le32_to_cpu(buf[1]); 2282 c->u.port.high_port = le32_to_cpu(buf[2]); 2283 rc = context_read_and_validate(&c->context[0], p, fp); 2284 if (rc) 2285 goto out; 2286 break; 2287 case OCON_NODE: 2288 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2289 if (rc) 2290 goto out; 2291 c->u.node.addr = nodebuf[0]; /* network order */ 2292 c->u.node.mask = nodebuf[1]; /* network order */ 2293 rc = context_read_and_validate(&c->context[0], p, fp); 2294 if (rc) 2295 goto out; 2296 break; 2297 case OCON_FSUSE: 2298 rc = next_entry(buf, fp, sizeof(u32)*2); 2299 if (rc) 2300 goto out; 2301 2302 rc = -EINVAL; 2303 c->v.behavior = le32_to_cpu(buf[0]); 2304 /* Determined at runtime, not in policy DB. */ 2305 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2306 goto out; 2307 if (c->v.behavior > SECURITY_FS_USE_MAX) 2308 goto out; 2309 2310 len = le32_to_cpu(buf[1]); 2311 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2312 if (rc) 2313 goto out; 2314 2315 rc = context_read_and_validate(&c->context[0], p, fp); 2316 if (rc) 2317 goto out; 2318 break; 2319 case OCON_NODE6: { 2320 int k; 2321 2322 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2323 if (rc) 2324 goto out; 2325 for (k = 0; k < 4; k++) 2326 c->u.node6.addr[k] = nodebuf[k]; 2327 for (k = 0; k < 4; k++) 2328 c->u.node6.mask[k] = nodebuf[k+4]; 2329 rc = context_read_and_validate(&c->context[0], p, fp); 2330 if (rc) 2331 goto out; 2332 break; 2333 } 2334 case OCON_IBPKEY: { 2335 u32 pkey_lo, pkey_hi; 2336 2337 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2338 if (rc) 2339 goto out; 2340 2341 /* we need to have subnet_prefix in CPU order */ 2342 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2343 2344 rc = next_entry(buf, fp, sizeof(u32) * 2); 2345 if (rc) 2346 goto out; 2347 2348 pkey_lo = le32_to_cpu(buf[0]); 2349 pkey_hi = le32_to_cpu(buf[1]); 2350 2351 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2352 rc = -EINVAL; 2353 goto out; 2354 } 2355 2356 c->u.ibpkey.low_pkey = pkey_lo; 2357 c->u.ibpkey.high_pkey = pkey_hi; 2358 2359 rc = context_read_and_validate(&c->context[0], 2360 p, 2361 fp); 2362 if (rc) 2363 goto out; 2364 break; 2365 } 2366 case OCON_IBENDPORT: { 2367 u32 port; 2368 2369 rc = next_entry(buf, fp, sizeof(u32) * 2); 2370 if (rc) 2371 goto out; 2372 len = le32_to_cpu(buf[0]); 2373 2374 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2375 if (rc) 2376 goto out; 2377 2378 port = le32_to_cpu(buf[1]); 2379 if (port > U8_MAX || port == 0) { 2380 rc = -EINVAL; 2381 goto out; 2382 } 2383 2384 c->u.ibendport.port = port; 2385 2386 rc = context_read_and_validate(&c->context[0], 2387 p, 2388 fp); 2389 if (rc) 2390 goto out; 2391 break; 2392 } /* end case */ 2393 } /* end switch */ 2394 } 2395 } 2396 rc = 0; 2397 out: 2398 return rc; 2399 } 2400 2401 /* 2402 * Read the configuration data from a policy database binary 2403 * representation file into a policy database structure. 2404 */ 2405 int policydb_read(struct policydb *p, void *fp) 2406 { 2407 struct role_allow *ra, *lra; 2408 struct role_trans_key *rtk = NULL; 2409 struct role_trans_datum *rtd = NULL; 2410 int rc; 2411 __le32 buf[4]; 2412 u32 i, j, len, nprim, nel, perm; 2413 2414 char *policydb_str; 2415 const struct policydb_compat_info *info; 2416 2417 policydb_init(p); 2418 2419 /* Read the magic number and string length. */ 2420 rc = next_entry(buf, fp, sizeof(u32) * 2); 2421 if (rc) 2422 goto bad; 2423 2424 rc = -EINVAL; 2425 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2426 pr_err("SELinux: policydb magic number 0x%x does " 2427 "not match expected magic number 0x%x\n", 2428 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2429 goto bad; 2430 } 2431 2432 rc = -EINVAL; 2433 len = le32_to_cpu(buf[1]); 2434 if (len != strlen(POLICYDB_STRING)) { 2435 pr_err("SELinux: policydb string length %d does not " 2436 "match expected length %zu\n", 2437 len, strlen(POLICYDB_STRING)); 2438 goto bad; 2439 } 2440 2441 rc = -ENOMEM; 2442 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2443 if (!policydb_str) { 2444 pr_err("SELinux: unable to allocate memory for policydb " 2445 "string of length %d\n", len); 2446 goto bad; 2447 } 2448 2449 rc = next_entry(policydb_str, fp, len); 2450 if (rc) { 2451 pr_err("SELinux: truncated policydb string identifier\n"); 2452 kfree(policydb_str); 2453 goto bad; 2454 } 2455 2456 rc = -EINVAL; 2457 policydb_str[len] = '\0'; 2458 if (strcmp(policydb_str, POLICYDB_STRING)) { 2459 pr_err("SELinux: policydb string %s does not match " 2460 "my string %s\n", policydb_str, POLICYDB_STRING); 2461 kfree(policydb_str); 2462 goto bad; 2463 } 2464 /* Done with policydb_str. */ 2465 kfree(policydb_str); 2466 policydb_str = NULL; 2467 2468 /* Read the version and table sizes. */ 2469 rc = next_entry(buf, fp, sizeof(u32)*4); 2470 if (rc) 2471 goto bad; 2472 2473 rc = -EINVAL; 2474 p->policyvers = le32_to_cpu(buf[0]); 2475 if (p->policyvers < POLICYDB_VERSION_MIN || 2476 p->policyvers > POLICYDB_VERSION_MAX) { 2477 pr_err("SELinux: policydb version %d does not match " 2478 "my version range %d-%d\n", 2479 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2480 goto bad; 2481 } 2482 2483 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2484 p->mls_enabled = 1; 2485 2486 rc = -EINVAL; 2487 if (p->policyvers < POLICYDB_VERSION_MLS) { 2488 pr_err("SELinux: security policydb version %d " 2489 "(MLS) not backwards compatible\n", 2490 p->policyvers); 2491 goto bad; 2492 } 2493 } 2494 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2495 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2496 2497 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2498 rc = ebitmap_read(&p->policycaps, fp); 2499 if (rc) 2500 goto bad; 2501 } 2502 2503 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2504 rc = ebitmap_read(&p->permissive_map, fp); 2505 if (rc) 2506 goto bad; 2507 } 2508 2509 rc = -EINVAL; 2510 info = policydb_lookup_compat(p->policyvers); 2511 if (!info) { 2512 pr_err("SELinux: unable to find policy compat info " 2513 "for version %d\n", p->policyvers); 2514 goto bad; 2515 } 2516 2517 rc = -EINVAL; 2518 if (le32_to_cpu(buf[2]) != info->sym_num || 2519 le32_to_cpu(buf[3]) != info->ocon_num) { 2520 pr_err("SELinux: policydb table sizes (%d,%d) do " 2521 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2522 le32_to_cpu(buf[3]), 2523 info->sym_num, info->ocon_num); 2524 goto bad; 2525 } 2526 2527 for (i = 0; i < info->sym_num; i++) { 2528 rc = next_entry(buf, fp, sizeof(u32)*2); 2529 if (rc) 2530 goto bad; 2531 nprim = le32_to_cpu(buf[0]); 2532 nel = le32_to_cpu(buf[1]); 2533 2534 rc = symtab_init(&p->symtab[i], nel); 2535 if (rc) 2536 goto out; 2537 2538 if (i == SYM_ROLES) { 2539 rc = roles_init(p); 2540 if (rc) 2541 goto out; 2542 } 2543 2544 for (j = 0; j < nel; j++) { 2545 rc = read_f[i](p, &p->symtab[i], fp); 2546 if (rc) 2547 goto bad; 2548 } 2549 2550 p->symtab[i].nprim = nprim; 2551 } 2552 2553 rc = -EINVAL; 2554 p->process_class = string_to_security_class(p, "process"); 2555 if (!p->process_class) { 2556 pr_err("SELinux: process class is required, not defined in policy\n"); 2557 goto bad; 2558 } 2559 2560 rc = avtab_read(&p->te_avtab, fp, p); 2561 if (rc) 2562 goto bad; 2563 2564 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2565 rc = cond_read_list(p, fp); 2566 if (rc) 2567 goto bad; 2568 } 2569 2570 rc = next_entry(buf, fp, sizeof(u32)); 2571 if (rc) 2572 goto bad; 2573 nel = le32_to_cpu(buf[0]); 2574 2575 rc = hashtab_init(&p->role_tr, nel); 2576 if (rc) 2577 goto bad; 2578 for (i = 0; i < nel; i++) { 2579 rc = -ENOMEM; 2580 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2581 if (!rtk) 2582 goto bad; 2583 2584 rc = -ENOMEM; 2585 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2586 if (!rtd) 2587 goto bad; 2588 2589 rc = next_entry(buf, fp, sizeof(u32)*3); 2590 if (rc) 2591 goto bad; 2592 2593 rtk->role = le32_to_cpu(buf[0]); 2594 rtk->type = le32_to_cpu(buf[1]); 2595 rtd->new_role = le32_to_cpu(buf[2]); 2596 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2597 rc = next_entry(buf, fp, sizeof(u32)); 2598 if (rc) 2599 goto bad; 2600 rtk->tclass = le32_to_cpu(buf[0]); 2601 } else 2602 rtk->tclass = p->process_class; 2603 2604 rc = -EINVAL; 2605 if (!policydb_role_isvalid(p, rtk->role) || 2606 !policydb_type_isvalid(p, rtk->type) || 2607 !policydb_class_isvalid(p, rtk->tclass) || 2608 !policydb_role_isvalid(p, rtd->new_role)) 2609 goto bad; 2610 2611 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2612 if (rc) 2613 goto bad; 2614 2615 rtk = NULL; 2616 rtd = NULL; 2617 } 2618 2619 rc = next_entry(buf, fp, sizeof(u32)); 2620 if (rc) 2621 goto bad; 2622 nel = le32_to_cpu(buf[0]); 2623 lra = NULL; 2624 for (i = 0; i < nel; i++) { 2625 rc = -ENOMEM; 2626 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2627 if (!ra) 2628 goto bad; 2629 if (lra) 2630 lra->next = ra; 2631 else 2632 p->role_allow = ra; 2633 rc = next_entry(buf, fp, sizeof(u32)*2); 2634 if (rc) 2635 goto bad; 2636 2637 rc = -EINVAL; 2638 ra->role = le32_to_cpu(buf[0]); 2639 ra->new_role = le32_to_cpu(buf[1]); 2640 if (!policydb_role_isvalid(p, ra->role) || 2641 !policydb_role_isvalid(p, ra->new_role)) 2642 goto bad; 2643 lra = ra; 2644 } 2645 2646 rc = filename_trans_read(p, fp); 2647 if (rc) 2648 goto bad; 2649 2650 rc = policydb_index(p); 2651 if (rc) 2652 goto bad; 2653 2654 rc = -EINVAL; 2655 perm = string_to_av_perm(p, p->process_class, "transition"); 2656 if (!perm) { 2657 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2658 goto bad; 2659 } 2660 p->process_trans_perms = perm; 2661 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2662 if (!perm) { 2663 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2664 goto bad; 2665 } 2666 p->process_trans_perms |= perm; 2667 2668 rc = ocontext_read(p, info, fp); 2669 if (rc) 2670 goto bad; 2671 2672 rc = genfs_read(p, fp); 2673 if (rc) 2674 goto bad; 2675 2676 rc = range_read(p, fp); 2677 if (rc) 2678 goto bad; 2679 2680 rc = -ENOMEM; 2681 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2682 sizeof(*p->type_attr_map_array), 2683 GFP_KERNEL); 2684 if (!p->type_attr_map_array) 2685 goto bad; 2686 2687 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2688 for (i = 0; i < p->p_types.nprim; i++) 2689 ebitmap_init(&p->type_attr_map_array[i]); 2690 2691 for (i = 0; i < p->p_types.nprim; i++) { 2692 struct ebitmap *e = &p->type_attr_map_array[i]; 2693 2694 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2695 rc = ebitmap_read(e, fp); 2696 if (rc) 2697 goto bad; 2698 } 2699 /* add the type itself as the degenerate case */ 2700 rc = ebitmap_set_bit(e, i, 1); 2701 if (rc) 2702 goto bad; 2703 } 2704 2705 rc = policydb_bounds_sanity_check(p); 2706 if (rc) 2707 goto bad; 2708 2709 rc = 0; 2710 out: 2711 return rc; 2712 bad: 2713 kfree(rtk); 2714 kfree(rtd); 2715 policydb_destroy(p); 2716 goto out; 2717 } 2718 2719 /* 2720 * Write a MLS level structure to a policydb binary 2721 * representation file. 2722 */ 2723 static int mls_write_level(struct mls_level *l, void *fp) 2724 { 2725 __le32 buf[1]; 2726 int rc; 2727 2728 buf[0] = cpu_to_le32(l->sens); 2729 rc = put_entry(buf, sizeof(u32), 1, fp); 2730 if (rc) 2731 return rc; 2732 2733 rc = ebitmap_write(&l->cat, fp); 2734 if (rc) 2735 return rc; 2736 2737 return 0; 2738 } 2739 2740 /* 2741 * Write a MLS range structure to a policydb binary 2742 * representation file. 2743 */ 2744 static int mls_write_range_helper(struct mls_range *r, void *fp) 2745 { 2746 __le32 buf[3]; 2747 size_t items; 2748 int rc, eq; 2749 2750 eq = mls_level_eq(&r->level[1], &r->level[0]); 2751 2752 if (eq) 2753 items = 2; 2754 else 2755 items = 3; 2756 buf[0] = cpu_to_le32(items-1); 2757 buf[1] = cpu_to_le32(r->level[0].sens); 2758 if (!eq) 2759 buf[2] = cpu_to_le32(r->level[1].sens); 2760 2761 BUG_ON(items > ARRAY_SIZE(buf)); 2762 2763 rc = put_entry(buf, sizeof(u32), items, fp); 2764 if (rc) 2765 return rc; 2766 2767 rc = ebitmap_write(&r->level[0].cat, fp); 2768 if (rc) 2769 return rc; 2770 if (!eq) { 2771 rc = ebitmap_write(&r->level[1].cat, fp); 2772 if (rc) 2773 return rc; 2774 } 2775 2776 return 0; 2777 } 2778 2779 static int sens_write(void *vkey, void *datum, void *ptr) 2780 { 2781 char *key = vkey; 2782 struct level_datum *levdatum = datum; 2783 struct policy_data *pd = ptr; 2784 void *fp = pd->fp; 2785 __le32 buf[2]; 2786 size_t len; 2787 int rc; 2788 2789 len = strlen(key); 2790 buf[0] = cpu_to_le32(len); 2791 buf[1] = cpu_to_le32(levdatum->isalias); 2792 rc = put_entry(buf, sizeof(u32), 2, fp); 2793 if (rc) 2794 return rc; 2795 2796 rc = put_entry(key, 1, len, fp); 2797 if (rc) 2798 return rc; 2799 2800 rc = mls_write_level(levdatum->level, fp); 2801 if (rc) 2802 return rc; 2803 2804 return 0; 2805 } 2806 2807 static int cat_write(void *vkey, void *datum, void *ptr) 2808 { 2809 char *key = vkey; 2810 struct cat_datum *catdatum = datum; 2811 struct policy_data *pd = ptr; 2812 void *fp = pd->fp; 2813 __le32 buf[3]; 2814 size_t len; 2815 int rc; 2816 2817 len = strlen(key); 2818 buf[0] = cpu_to_le32(len); 2819 buf[1] = cpu_to_le32(catdatum->value); 2820 buf[2] = cpu_to_le32(catdatum->isalias); 2821 rc = put_entry(buf, sizeof(u32), 3, fp); 2822 if (rc) 2823 return rc; 2824 2825 rc = put_entry(key, 1, len, fp); 2826 if (rc) 2827 return rc; 2828 2829 return 0; 2830 } 2831 2832 static int role_trans_write_one(void *key, void *datum, void *ptr) 2833 { 2834 struct role_trans_key *rtk = key; 2835 struct role_trans_datum *rtd = datum; 2836 struct policy_data *pd = ptr; 2837 void *fp = pd->fp; 2838 struct policydb *p = pd->p; 2839 __le32 buf[3]; 2840 int rc; 2841 2842 buf[0] = cpu_to_le32(rtk->role); 2843 buf[1] = cpu_to_le32(rtk->type); 2844 buf[2] = cpu_to_le32(rtd->new_role); 2845 rc = put_entry(buf, sizeof(u32), 3, fp); 2846 if (rc) 2847 return rc; 2848 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2849 buf[0] = cpu_to_le32(rtk->tclass); 2850 rc = put_entry(buf, sizeof(u32), 1, fp); 2851 if (rc) 2852 return rc; 2853 } 2854 return 0; 2855 } 2856 2857 static int role_trans_write(struct policydb *p, void *fp) 2858 { 2859 struct policy_data pd = { .p = p, .fp = fp }; 2860 __le32 buf[1]; 2861 int rc; 2862 2863 buf[0] = cpu_to_le32(p->role_tr.nel); 2864 rc = put_entry(buf, sizeof(u32), 1, fp); 2865 if (rc) 2866 return rc; 2867 2868 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2869 } 2870 2871 static int role_allow_write(struct role_allow *r, void *fp) 2872 { 2873 struct role_allow *ra; 2874 __le32 buf[2]; 2875 size_t nel; 2876 int rc; 2877 2878 nel = 0; 2879 for (ra = r; ra; ra = ra->next) 2880 nel++; 2881 buf[0] = cpu_to_le32(nel); 2882 rc = put_entry(buf, sizeof(u32), 1, fp); 2883 if (rc) 2884 return rc; 2885 for (ra = r; ra; ra = ra->next) { 2886 buf[0] = cpu_to_le32(ra->role); 2887 buf[1] = cpu_to_le32(ra->new_role); 2888 rc = put_entry(buf, sizeof(u32), 2, fp); 2889 if (rc) 2890 return rc; 2891 } 2892 return 0; 2893 } 2894 2895 /* 2896 * Write a security context structure 2897 * to a policydb binary representation file. 2898 */ 2899 static int context_write(struct policydb *p, struct context *c, 2900 void *fp) 2901 { 2902 int rc; 2903 __le32 buf[3]; 2904 2905 buf[0] = cpu_to_le32(c->user); 2906 buf[1] = cpu_to_le32(c->role); 2907 buf[2] = cpu_to_le32(c->type); 2908 2909 rc = put_entry(buf, sizeof(u32), 3, fp); 2910 if (rc) 2911 return rc; 2912 2913 rc = mls_write_range_helper(&c->range, fp); 2914 if (rc) 2915 return rc; 2916 2917 return 0; 2918 } 2919 2920 /* 2921 * The following *_write functions are used to 2922 * write the symbol data to a policy database 2923 * binary representation file. 2924 */ 2925 2926 static int perm_write(void *vkey, void *datum, void *fp) 2927 { 2928 char *key = vkey; 2929 struct perm_datum *perdatum = datum; 2930 __le32 buf[2]; 2931 size_t len; 2932 int rc; 2933 2934 len = strlen(key); 2935 buf[0] = cpu_to_le32(len); 2936 buf[1] = cpu_to_le32(perdatum->value); 2937 rc = put_entry(buf, sizeof(u32), 2, fp); 2938 if (rc) 2939 return rc; 2940 2941 rc = put_entry(key, 1, len, fp); 2942 if (rc) 2943 return rc; 2944 2945 return 0; 2946 } 2947 2948 static int common_write(void *vkey, void *datum, void *ptr) 2949 { 2950 char *key = vkey; 2951 struct common_datum *comdatum = datum; 2952 struct policy_data *pd = ptr; 2953 void *fp = pd->fp; 2954 __le32 buf[4]; 2955 size_t len; 2956 int rc; 2957 2958 len = strlen(key); 2959 buf[0] = cpu_to_le32(len); 2960 buf[1] = cpu_to_le32(comdatum->value); 2961 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2962 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2963 rc = put_entry(buf, sizeof(u32), 4, fp); 2964 if (rc) 2965 return rc; 2966 2967 rc = put_entry(key, 1, len, fp); 2968 if (rc) 2969 return rc; 2970 2971 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 2972 if (rc) 2973 return rc; 2974 2975 return 0; 2976 } 2977 2978 static int type_set_write(struct type_set *t, void *fp) 2979 { 2980 int rc; 2981 __le32 buf[1]; 2982 2983 if (ebitmap_write(&t->types, fp)) 2984 return -EINVAL; 2985 if (ebitmap_write(&t->negset, fp)) 2986 return -EINVAL; 2987 2988 buf[0] = cpu_to_le32(t->flags); 2989 rc = put_entry(buf, sizeof(u32), 1, fp); 2990 if (rc) 2991 return -EINVAL; 2992 2993 return 0; 2994 } 2995 2996 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2997 void *fp) 2998 { 2999 struct constraint_node *c; 3000 struct constraint_expr *e; 3001 __le32 buf[3]; 3002 u32 nel; 3003 int rc; 3004 3005 for (c = node; c; c = c->next) { 3006 nel = 0; 3007 for (e = c->expr; e; e = e->next) 3008 nel++; 3009 buf[0] = cpu_to_le32(c->permissions); 3010 buf[1] = cpu_to_le32(nel); 3011 rc = put_entry(buf, sizeof(u32), 2, fp); 3012 if (rc) 3013 return rc; 3014 for (e = c->expr; e; e = e->next) { 3015 buf[0] = cpu_to_le32(e->expr_type); 3016 buf[1] = cpu_to_le32(e->attr); 3017 buf[2] = cpu_to_le32(e->op); 3018 rc = put_entry(buf, sizeof(u32), 3, fp); 3019 if (rc) 3020 return rc; 3021 3022 switch (e->expr_type) { 3023 case CEXPR_NAMES: 3024 rc = ebitmap_write(&e->names, fp); 3025 if (rc) 3026 return rc; 3027 if (p->policyvers >= 3028 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3029 rc = type_set_write(e->type_names, fp); 3030 if (rc) 3031 return rc; 3032 } 3033 break; 3034 default: 3035 break; 3036 } 3037 } 3038 } 3039 3040 return 0; 3041 } 3042 3043 static int class_write(void *vkey, void *datum, void *ptr) 3044 { 3045 char *key = vkey; 3046 struct class_datum *cladatum = datum; 3047 struct policy_data *pd = ptr; 3048 void *fp = pd->fp; 3049 struct policydb *p = pd->p; 3050 struct constraint_node *c; 3051 __le32 buf[6]; 3052 u32 ncons; 3053 size_t len, len2; 3054 int rc; 3055 3056 len = strlen(key); 3057 if (cladatum->comkey) 3058 len2 = strlen(cladatum->comkey); 3059 else 3060 len2 = 0; 3061 3062 ncons = 0; 3063 for (c = cladatum->constraints; c; c = c->next) 3064 ncons++; 3065 3066 buf[0] = cpu_to_le32(len); 3067 buf[1] = cpu_to_le32(len2); 3068 buf[2] = cpu_to_le32(cladatum->value); 3069 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3070 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3071 buf[5] = cpu_to_le32(ncons); 3072 rc = put_entry(buf, sizeof(u32), 6, fp); 3073 if (rc) 3074 return rc; 3075 3076 rc = put_entry(key, 1, len, fp); 3077 if (rc) 3078 return rc; 3079 3080 if (cladatum->comkey) { 3081 rc = put_entry(cladatum->comkey, 1, len2, fp); 3082 if (rc) 3083 return rc; 3084 } 3085 3086 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3087 if (rc) 3088 return rc; 3089 3090 rc = write_cons_helper(p, cladatum->constraints, fp); 3091 if (rc) 3092 return rc; 3093 3094 /* write out the validatetrans rule */ 3095 ncons = 0; 3096 for (c = cladatum->validatetrans; c; c = c->next) 3097 ncons++; 3098 3099 buf[0] = cpu_to_le32(ncons); 3100 rc = put_entry(buf, sizeof(u32), 1, fp); 3101 if (rc) 3102 return rc; 3103 3104 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3105 if (rc) 3106 return rc; 3107 3108 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3109 buf[0] = cpu_to_le32(cladatum->default_user); 3110 buf[1] = cpu_to_le32(cladatum->default_role); 3111 buf[2] = cpu_to_le32(cladatum->default_range); 3112 3113 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3114 if (rc) 3115 return rc; 3116 } 3117 3118 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3119 buf[0] = cpu_to_le32(cladatum->default_type); 3120 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3121 if (rc) 3122 return rc; 3123 } 3124 3125 return 0; 3126 } 3127 3128 static int role_write(void *vkey, void *datum, void *ptr) 3129 { 3130 char *key = vkey; 3131 struct role_datum *role = datum; 3132 struct policy_data *pd = ptr; 3133 void *fp = pd->fp; 3134 struct policydb *p = pd->p; 3135 __le32 buf[3]; 3136 size_t items, len; 3137 int rc; 3138 3139 len = strlen(key); 3140 items = 0; 3141 buf[items++] = cpu_to_le32(len); 3142 buf[items++] = cpu_to_le32(role->value); 3143 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3144 buf[items++] = cpu_to_le32(role->bounds); 3145 3146 BUG_ON(items > ARRAY_SIZE(buf)); 3147 3148 rc = put_entry(buf, sizeof(u32), items, fp); 3149 if (rc) 3150 return rc; 3151 3152 rc = put_entry(key, 1, len, fp); 3153 if (rc) 3154 return rc; 3155 3156 rc = ebitmap_write(&role->dominates, fp); 3157 if (rc) 3158 return rc; 3159 3160 rc = ebitmap_write(&role->types, fp); 3161 if (rc) 3162 return rc; 3163 3164 return 0; 3165 } 3166 3167 static int type_write(void *vkey, void *datum, void *ptr) 3168 { 3169 char *key = vkey; 3170 struct type_datum *typdatum = datum; 3171 struct policy_data *pd = ptr; 3172 struct policydb *p = pd->p; 3173 void *fp = pd->fp; 3174 __le32 buf[4]; 3175 int rc; 3176 size_t items, len; 3177 3178 len = strlen(key); 3179 items = 0; 3180 buf[items++] = cpu_to_le32(len); 3181 buf[items++] = cpu_to_le32(typdatum->value); 3182 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3183 u32 properties = 0; 3184 3185 if (typdatum->primary) 3186 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3187 3188 if (typdatum->attribute) 3189 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3190 3191 buf[items++] = cpu_to_le32(properties); 3192 buf[items++] = cpu_to_le32(typdatum->bounds); 3193 } else { 3194 buf[items++] = cpu_to_le32(typdatum->primary); 3195 } 3196 BUG_ON(items > ARRAY_SIZE(buf)); 3197 rc = put_entry(buf, sizeof(u32), items, fp); 3198 if (rc) 3199 return rc; 3200 3201 rc = put_entry(key, 1, len, fp); 3202 if (rc) 3203 return rc; 3204 3205 return 0; 3206 } 3207 3208 static int user_write(void *vkey, void *datum, void *ptr) 3209 { 3210 char *key = vkey; 3211 struct user_datum *usrdatum = datum; 3212 struct policy_data *pd = ptr; 3213 struct policydb *p = pd->p; 3214 void *fp = pd->fp; 3215 __le32 buf[3]; 3216 size_t items, len; 3217 int rc; 3218 3219 len = strlen(key); 3220 items = 0; 3221 buf[items++] = cpu_to_le32(len); 3222 buf[items++] = cpu_to_le32(usrdatum->value); 3223 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3224 buf[items++] = cpu_to_le32(usrdatum->bounds); 3225 BUG_ON(items > ARRAY_SIZE(buf)); 3226 rc = put_entry(buf, sizeof(u32), items, fp); 3227 if (rc) 3228 return rc; 3229 3230 rc = put_entry(key, 1, len, fp); 3231 if (rc) 3232 return rc; 3233 3234 rc = ebitmap_write(&usrdatum->roles, fp); 3235 if (rc) 3236 return rc; 3237 3238 rc = mls_write_range_helper(&usrdatum->range, fp); 3239 if (rc) 3240 return rc; 3241 3242 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3243 if (rc) 3244 return rc; 3245 3246 return 0; 3247 } 3248 3249 static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { 3250 common_write, 3251 class_write, 3252 role_write, 3253 type_write, 3254 user_write, 3255 cond_write_bool, 3256 sens_write, 3257 cat_write, 3258 }; 3259 3260 static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, 3261 void *fp) 3262 { 3263 unsigned int i, j; 3264 int rc; 3265 size_t nel, len; 3266 __be64 prefixbuf[1]; 3267 __le32 buf[3]; 3268 u32 nodebuf[8]; 3269 struct ocontext *c; 3270 for (i = 0; i < info->ocon_num; i++) { 3271 nel = 0; 3272 for (c = p->ocontexts[i]; c; c = c->next) 3273 nel++; 3274 buf[0] = cpu_to_le32(nel); 3275 rc = put_entry(buf, sizeof(u32), 1, fp); 3276 if (rc) 3277 return rc; 3278 for (c = p->ocontexts[i]; c; c = c->next) { 3279 switch (i) { 3280 case OCON_ISID: 3281 buf[0] = cpu_to_le32(c->sid[0]); 3282 rc = put_entry(buf, sizeof(u32), 1, fp); 3283 if (rc) 3284 return rc; 3285 rc = context_write(p, &c->context[0], fp); 3286 if (rc) 3287 return rc; 3288 break; 3289 case OCON_FS: 3290 case OCON_NETIF: 3291 len = strlen(c->u.name); 3292 buf[0] = cpu_to_le32(len); 3293 rc = put_entry(buf, sizeof(u32), 1, fp); 3294 if (rc) 3295 return rc; 3296 rc = put_entry(c->u.name, 1, len, fp); 3297 if (rc) 3298 return rc; 3299 rc = context_write(p, &c->context[0], fp); 3300 if (rc) 3301 return rc; 3302 rc = context_write(p, &c->context[1], fp); 3303 if (rc) 3304 return rc; 3305 break; 3306 case OCON_PORT: 3307 buf[0] = cpu_to_le32(c->u.port.protocol); 3308 buf[1] = cpu_to_le32(c->u.port.low_port); 3309 buf[2] = cpu_to_le32(c->u.port.high_port); 3310 rc = put_entry(buf, sizeof(u32), 3, fp); 3311 if (rc) 3312 return rc; 3313 rc = context_write(p, &c->context[0], fp); 3314 if (rc) 3315 return rc; 3316 break; 3317 case OCON_NODE: 3318 nodebuf[0] = c->u.node.addr; /* network order */ 3319 nodebuf[1] = c->u.node.mask; /* network order */ 3320 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3321 if (rc) 3322 return rc; 3323 rc = context_write(p, &c->context[0], fp); 3324 if (rc) 3325 return rc; 3326 break; 3327 case OCON_FSUSE: 3328 buf[0] = cpu_to_le32(c->v.behavior); 3329 len = strlen(c->u.name); 3330 buf[1] = cpu_to_le32(len); 3331 rc = put_entry(buf, sizeof(u32), 2, fp); 3332 if (rc) 3333 return rc; 3334 rc = put_entry(c->u.name, 1, len, fp); 3335 if (rc) 3336 return rc; 3337 rc = context_write(p, &c->context[0], fp); 3338 if (rc) 3339 return rc; 3340 break; 3341 case OCON_NODE6: 3342 for (j = 0; j < 4; j++) 3343 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3344 for (j = 0; j < 4; j++) 3345 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3346 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3347 if (rc) 3348 return rc; 3349 rc = context_write(p, &c->context[0], fp); 3350 if (rc) 3351 return rc; 3352 break; 3353 case OCON_IBPKEY: 3354 /* subnet_prefix is in CPU order */ 3355 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3356 3357 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3358 if (rc) 3359 return rc; 3360 3361 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3362 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3363 3364 rc = put_entry(buf, sizeof(u32), 2, fp); 3365 if (rc) 3366 return rc; 3367 rc = context_write(p, &c->context[0], fp); 3368 if (rc) 3369 return rc; 3370 break; 3371 case OCON_IBENDPORT: 3372 len = strlen(c->u.ibendport.dev_name); 3373 buf[0] = cpu_to_le32(len); 3374 buf[1] = cpu_to_le32(c->u.ibendport.port); 3375 rc = put_entry(buf, sizeof(u32), 2, fp); 3376 if (rc) 3377 return rc; 3378 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3379 if (rc) 3380 return rc; 3381 rc = context_write(p, &c->context[0], fp); 3382 if (rc) 3383 return rc; 3384 break; 3385 } 3386 } 3387 } 3388 return 0; 3389 } 3390 3391 static int genfs_write(struct policydb *p, void *fp) 3392 { 3393 struct genfs *genfs; 3394 struct ocontext *c; 3395 size_t len; 3396 __le32 buf[1]; 3397 int rc; 3398 3399 len = 0; 3400 for (genfs = p->genfs; genfs; genfs = genfs->next) 3401 len++; 3402 buf[0] = cpu_to_le32(len); 3403 rc = put_entry(buf, sizeof(u32), 1, fp); 3404 if (rc) 3405 return rc; 3406 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3407 len = strlen(genfs->fstype); 3408 buf[0] = cpu_to_le32(len); 3409 rc = put_entry(buf, sizeof(u32), 1, fp); 3410 if (rc) 3411 return rc; 3412 rc = put_entry(genfs->fstype, 1, len, fp); 3413 if (rc) 3414 return rc; 3415 len = 0; 3416 for (c = genfs->head; c; c = c->next) 3417 len++; 3418 buf[0] = cpu_to_le32(len); 3419 rc = put_entry(buf, sizeof(u32), 1, fp); 3420 if (rc) 3421 return rc; 3422 for (c = genfs->head; c; c = c->next) { 3423 len = strlen(c->u.name); 3424 buf[0] = cpu_to_le32(len); 3425 rc = put_entry(buf, sizeof(u32), 1, fp); 3426 if (rc) 3427 return rc; 3428 rc = put_entry(c->u.name, 1, len, fp); 3429 if (rc) 3430 return rc; 3431 buf[0] = cpu_to_le32(c->v.sclass); 3432 rc = put_entry(buf, sizeof(u32), 1, fp); 3433 if (rc) 3434 return rc; 3435 rc = context_write(p, &c->context[0], fp); 3436 if (rc) 3437 return rc; 3438 } 3439 } 3440 return 0; 3441 } 3442 3443 static int range_write_helper(void *key, void *data, void *ptr) 3444 { 3445 __le32 buf[2]; 3446 struct range_trans *rt = key; 3447 struct mls_range *r = data; 3448 struct policy_data *pd = ptr; 3449 void *fp = pd->fp; 3450 struct policydb *p = pd->p; 3451 int rc; 3452 3453 buf[0] = cpu_to_le32(rt->source_type); 3454 buf[1] = cpu_to_le32(rt->target_type); 3455 rc = put_entry(buf, sizeof(u32), 2, fp); 3456 if (rc) 3457 return rc; 3458 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3459 buf[0] = cpu_to_le32(rt->target_class); 3460 rc = put_entry(buf, sizeof(u32), 1, fp); 3461 if (rc) 3462 return rc; 3463 } 3464 rc = mls_write_range_helper(r, fp); 3465 if (rc) 3466 return rc; 3467 3468 return 0; 3469 } 3470 3471 static int range_write(struct policydb *p, void *fp) 3472 { 3473 __le32 buf[1]; 3474 int rc; 3475 struct policy_data pd; 3476 3477 pd.p = p; 3478 pd.fp = fp; 3479 3480 buf[0] = cpu_to_le32(p->range_tr.nel); 3481 rc = put_entry(buf, sizeof(u32), 1, fp); 3482 if (rc) 3483 return rc; 3484 3485 /* actually write all of the entries */ 3486 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3487 if (rc) 3488 return rc; 3489 3490 return 0; 3491 } 3492 3493 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3494 { 3495 struct filename_trans_key *ft = key; 3496 struct filename_trans_datum *datum = data; 3497 struct ebitmap_node *node; 3498 void *fp = ptr; 3499 __le32 buf[4]; 3500 int rc; 3501 u32 bit, len = strlen(ft->name); 3502 3503 do { 3504 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3505 buf[0] = cpu_to_le32(len); 3506 rc = put_entry(buf, sizeof(u32), 1, fp); 3507 if (rc) 3508 return rc; 3509 3510 rc = put_entry(ft->name, sizeof(char), len, fp); 3511 if (rc) 3512 return rc; 3513 3514 buf[0] = cpu_to_le32(bit + 1); 3515 buf[1] = cpu_to_le32(ft->ttype); 3516 buf[2] = cpu_to_le32(ft->tclass); 3517 buf[3] = cpu_to_le32(datum->otype); 3518 3519 rc = put_entry(buf, sizeof(u32), 4, fp); 3520 if (rc) 3521 return rc; 3522 } 3523 3524 datum = datum->next; 3525 } while (unlikely(datum)); 3526 3527 return 0; 3528 } 3529 3530 static int filename_write_helper(void *key, void *data, void *ptr) 3531 { 3532 struct filename_trans_key *ft = key; 3533 struct filename_trans_datum *datum; 3534 void *fp = ptr; 3535 __le32 buf[3]; 3536 int rc; 3537 u32 ndatum, len = strlen(ft->name); 3538 3539 buf[0] = cpu_to_le32(len); 3540 rc = put_entry(buf, sizeof(u32), 1, fp); 3541 if (rc) 3542 return rc; 3543 3544 rc = put_entry(ft->name, sizeof(char), len, fp); 3545 if (rc) 3546 return rc; 3547 3548 ndatum = 0; 3549 datum = data; 3550 do { 3551 ndatum++; 3552 datum = datum->next; 3553 } while (unlikely(datum)); 3554 3555 buf[0] = cpu_to_le32(ft->ttype); 3556 buf[1] = cpu_to_le32(ft->tclass); 3557 buf[2] = cpu_to_le32(ndatum); 3558 rc = put_entry(buf, sizeof(u32), 3, fp); 3559 if (rc) 3560 return rc; 3561 3562 datum = data; 3563 do { 3564 rc = ebitmap_write(&datum->stypes, fp); 3565 if (rc) 3566 return rc; 3567 3568 buf[0] = cpu_to_le32(datum->otype); 3569 rc = put_entry(buf, sizeof(u32), 1, fp); 3570 if (rc) 3571 return rc; 3572 3573 datum = datum->next; 3574 } while (unlikely(datum)); 3575 3576 return 0; 3577 } 3578 3579 static int filename_trans_write(struct policydb *p, void *fp) 3580 { 3581 __le32 buf[1]; 3582 int rc; 3583 3584 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3585 return 0; 3586 3587 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3588 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3589 rc = put_entry(buf, sizeof(u32), 1, fp); 3590 if (rc) 3591 return rc; 3592 3593 rc = hashtab_map(&p->filename_trans, 3594 filename_write_helper_compat, fp); 3595 } else { 3596 buf[0] = cpu_to_le32(p->filename_trans.nel); 3597 rc = put_entry(buf, sizeof(u32), 1, fp); 3598 if (rc) 3599 return rc; 3600 3601 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3602 } 3603 return rc; 3604 } 3605 3606 /* 3607 * Write the configuration data in a policy database 3608 * structure to a policy database binary representation 3609 * file. 3610 */ 3611 int policydb_write(struct policydb *p, void *fp) 3612 { 3613 unsigned int num_syms; 3614 int rc; 3615 __le32 buf[4]; 3616 u32 config, i; 3617 size_t len; 3618 const struct policydb_compat_info *info; 3619 3620 /* 3621 * refuse to write policy older than compressed avtab 3622 * to simplify the writer. There are other tests dropped 3623 * since we assume this throughout the writer code. Be 3624 * careful if you ever try to remove this restriction 3625 */ 3626 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3627 pr_err("SELinux: refusing to write policy version %d." 3628 " Because it is less than version %d\n", p->policyvers, 3629 POLICYDB_VERSION_AVTAB); 3630 return -EINVAL; 3631 } 3632 3633 config = 0; 3634 if (p->mls_enabled) 3635 config |= POLICYDB_CONFIG_MLS; 3636 3637 if (p->reject_unknown) 3638 config |= REJECT_UNKNOWN; 3639 if (p->allow_unknown) 3640 config |= ALLOW_UNKNOWN; 3641 3642 /* Write the magic number and string identifiers. */ 3643 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3644 len = strlen(POLICYDB_STRING); 3645 buf[1] = cpu_to_le32(len); 3646 rc = put_entry(buf, sizeof(u32), 2, fp); 3647 if (rc) 3648 return rc; 3649 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3650 if (rc) 3651 return rc; 3652 3653 /* Write the version, config, and table sizes. */ 3654 info = policydb_lookup_compat(p->policyvers); 3655 if (!info) { 3656 pr_err("SELinux: compatibility lookup failed for policy " 3657 "version %d\n", p->policyvers); 3658 return -EINVAL; 3659 } 3660 3661 buf[0] = cpu_to_le32(p->policyvers); 3662 buf[1] = cpu_to_le32(config); 3663 buf[2] = cpu_to_le32(info->sym_num); 3664 buf[3] = cpu_to_le32(info->ocon_num); 3665 3666 rc = put_entry(buf, sizeof(u32), 4, fp); 3667 if (rc) 3668 return rc; 3669 3670 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3671 rc = ebitmap_write(&p->policycaps, fp); 3672 if (rc) 3673 return rc; 3674 } 3675 3676 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3677 rc = ebitmap_write(&p->permissive_map, fp); 3678 if (rc) 3679 return rc; 3680 } 3681 3682 num_syms = info->sym_num; 3683 for (i = 0; i < num_syms; i++) { 3684 struct policy_data pd; 3685 3686 pd.fp = fp; 3687 pd.p = p; 3688 3689 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3690 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3691 3692 rc = put_entry(buf, sizeof(u32), 2, fp); 3693 if (rc) 3694 return rc; 3695 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3696 if (rc) 3697 return rc; 3698 } 3699 3700 rc = avtab_write(p, &p->te_avtab, fp); 3701 if (rc) 3702 return rc; 3703 3704 rc = cond_write_list(p, fp); 3705 if (rc) 3706 return rc; 3707 3708 rc = role_trans_write(p, fp); 3709 if (rc) 3710 return rc; 3711 3712 rc = role_allow_write(p->role_allow, fp); 3713 if (rc) 3714 return rc; 3715 3716 rc = filename_trans_write(p, fp); 3717 if (rc) 3718 return rc; 3719 3720 rc = ocontext_write(p, info, fp); 3721 if (rc) 3722 return rc; 3723 3724 rc = genfs_write(p, fp); 3725 if (rc) 3726 return rc; 3727 3728 rc = range_write(p, fp); 3729 if (rc) 3730 return rc; 3731 3732 for (i = 0; i < p->p_types.nprim; i++) { 3733 struct ebitmap *e = &p->type_attr_map_array[i]; 3734 3735 rc = ebitmap_write(e, fp); 3736 if (rc) 3737 return rc; 3738 } 3739 3740 return 0; 3741 } 3742