1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Update: Mellanox Techonologies 21 * 22 * Added Infiniband support 23 * 24 * Copyright (C) 2016 Mellanox Techonologies 25 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 26 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 27 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 28 * This program is free software; you can redistribute it and/or modify 29 * it under the terms of the GNU General Public License as published by 30 * the Free Software Foundation, version 2. 31 */ 32 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/slab.h> 36 #include <linux/string.h> 37 #include <linux/errno.h> 38 #include <linux/audit.h> 39 #include "security.h" 40 41 #include "policydb.h" 42 #include "conditional.h" 43 #include "mls.h" 44 #include "services.h" 45 46 #define _DEBUG_HASHES 47 48 #ifdef DEBUG_HASHES 49 static const char *symtab_name[SYM_NUM] = { 50 "common prefixes", 51 "classes", 52 "roles", 53 "types", 54 "users", 55 "bools", 56 "levels", 57 "categories", 58 }; 59 #endif 60 61 static unsigned int symtab_sizes[SYM_NUM] = { 62 2, 63 32, 64 16, 65 512, 66 128, 67 16, 68 16, 69 16, 70 }; 71 72 struct policydb_compat_info { 73 int version; 74 int sym_num; 75 int ocon_num; 76 }; 77 78 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 79 static struct policydb_compat_info policydb_compat[] = { 80 { 81 .version = POLICYDB_VERSION_BASE, 82 .sym_num = SYM_NUM - 3, 83 .ocon_num = OCON_NUM - 3, 84 }, 85 { 86 .version = POLICYDB_VERSION_BOOL, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM - 3, 89 }, 90 { 91 .version = POLICYDB_VERSION_IPV6, 92 .sym_num = SYM_NUM - 2, 93 .ocon_num = OCON_NUM - 2, 94 }, 95 { 96 .version = POLICYDB_VERSION_NLCLASS, 97 .sym_num = SYM_NUM - 2, 98 .ocon_num = OCON_NUM - 2, 99 }, 100 { 101 .version = POLICYDB_VERSION_MLS, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM - 2, 104 }, 105 { 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM - 2, 109 }, 110 { 111 .version = POLICYDB_VERSION_RANGETRANS, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM - 2, 114 }, 115 { 116 .version = POLICYDB_VERSION_POLCAP, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM - 2, 119 }, 120 { 121 .version = POLICYDB_VERSION_PERMISSIVE, 122 .sym_num = SYM_NUM, 123 .ocon_num = OCON_NUM - 2, 124 }, 125 { 126 .version = POLICYDB_VERSION_BOUNDARY, 127 .sym_num = SYM_NUM, 128 .ocon_num = OCON_NUM - 2, 129 }, 130 { 131 .version = POLICYDB_VERSION_FILENAME_TRANS, 132 .sym_num = SYM_NUM, 133 .ocon_num = OCON_NUM - 2, 134 }, 135 { 136 .version = POLICYDB_VERSION_ROLETRANS, 137 .sym_num = SYM_NUM, 138 .ocon_num = OCON_NUM - 2, 139 }, 140 { 141 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NUM - 2, 144 }, 145 { 146 .version = POLICYDB_VERSION_DEFAULT_TYPE, 147 .sym_num = SYM_NUM, 148 .ocon_num = OCON_NUM - 2, 149 }, 150 { 151 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 152 .sym_num = SYM_NUM, 153 .ocon_num = OCON_NUM - 2, 154 }, 155 { 156 .version = POLICYDB_VERSION_XPERMS_IOCTL, 157 .sym_num = SYM_NUM, 158 .ocon_num = OCON_NUM - 2, 159 }, 160 { 161 .version = POLICYDB_VERSION_INFINIBAND, 162 .sym_num = SYM_NUM, 163 .ocon_num = OCON_NUM, 164 }, 165 }; 166 167 static struct policydb_compat_info *policydb_lookup_compat(int version) 168 { 169 int i; 170 struct policydb_compat_info *info = NULL; 171 172 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 173 if (policydb_compat[i].version == version) { 174 info = &policydb_compat[i]; 175 break; 176 } 177 } 178 return info; 179 } 180 181 /* 182 * Initialize the role table. 183 */ 184 static int roles_init(struct policydb *p) 185 { 186 char *key = NULL; 187 int rc; 188 struct role_datum *role; 189 190 role = kzalloc(sizeof(*role), GFP_KERNEL); 191 if (!role) 192 return -ENOMEM; 193 194 rc = -EINVAL; 195 role->value = ++p->p_roles.nprim; 196 if (role->value != OBJECT_R_VAL) 197 goto out; 198 199 rc = -ENOMEM; 200 key = kstrdup(OBJECT_R, GFP_KERNEL); 201 if (!key) 202 goto out; 203 204 rc = hashtab_insert(p->p_roles.table, key, role); 205 if (rc) 206 goto out; 207 208 return 0; 209 out: 210 kfree(key); 211 kfree(role); 212 return rc; 213 } 214 215 static u32 filenametr_hash(struct hashtab *h, const void *k) 216 { 217 const struct filename_trans *ft = k; 218 unsigned long hash; 219 unsigned int byte_num; 220 unsigned char focus; 221 222 hash = ft->stype ^ ft->ttype ^ ft->tclass; 223 224 byte_num = 0; 225 while ((focus = ft->name[byte_num++])) 226 hash = partial_name_hash(focus, hash); 227 return hash & (h->size - 1); 228 } 229 230 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 231 { 232 const struct filename_trans *ft1 = k1; 233 const struct filename_trans *ft2 = k2; 234 int v; 235 236 v = ft1->stype - ft2->stype; 237 if (v) 238 return v; 239 240 v = ft1->ttype - ft2->ttype; 241 if (v) 242 return v; 243 244 v = ft1->tclass - ft2->tclass; 245 if (v) 246 return v; 247 248 return strcmp(ft1->name, ft2->name); 249 250 } 251 252 static u32 rangetr_hash(struct hashtab *h, const void *k) 253 { 254 const struct range_trans *key = k; 255 return (key->source_type + (key->target_type << 3) + 256 (key->target_class << 5)) & (h->size - 1); 257 } 258 259 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 260 { 261 const struct range_trans *key1 = k1, *key2 = k2; 262 int v; 263 264 v = key1->source_type - key2->source_type; 265 if (v) 266 return v; 267 268 v = key1->target_type - key2->target_type; 269 if (v) 270 return v; 271 272 v = key1->target_class - key2->target_class; 273 274 return v; 275 } 276 277 /* 278 * Initialize a policy database structure. 279 */ 280 static int policydb_init(struct policydb *p) 281 { 282 int i, rc; 283 284 memset(p, 0, sizeof(*p)); 285 286 for (i = 0; i < SYM_NUM; i++) { 287 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 288 if (rc) 289 goto out; 290 } 291 292 rc = avtab_init(&p->te_avtab); 293 if (rc) 294 goto out; 295 296 rc = roles_init(p); 297 if (rc) 298 goto out; 299 300 rc = cond_policydb_init(p); 301 if (rc) 302 goto out; 303 304 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 305 if (!p->filename_trans) { 306 rc = -ENOMEM; 307 goto out; 308 } 309 310 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 311 if (!p->range_tr) { 312 rc = -ENOMEM; 313 goto out; 314 } 315 316 ebitmap_init(&p->filename_trans_ttypes); 317 ebitmap_init(&p->policycaps); 318 ebitmap_init(&p->permissive_map); 319 320 return 0; 321 out: 322 hashtab_destroy(p->filename_trans); 323 hashtab_destroy(p->range_tr); 324 for (i = 0; i < SYM_NUM; i++) 325 hashtab_destroy(p->symtab[i].table); 326 return rc; 327 } 328 329 /* 330 * The following *_index functions are used to 331 * define the val_to_name and val_to_struct arrays 332 * in a policy database structure. The val_to_name 333 * arrays are used when converting security context 334 * structures into string representations. The 335 * val_to_struct arrays are used when the attributes 336 * of a class, role, or user are needed. 337 */ 338 339 static int common_index(void *key, void *datum, void *datap) 340 { 341 struct policydb *p; 342 struct common_datum *comdatum; 343 344 comdatum = datum; 345 p = datap; 346 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 347 return -EINVAL; 348 349 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 350 351 return 0; 352 } 353 354 static int class_index(void *key, void *datum, void *datap) 355 { 356 struct policydb *p; 357 struct class_datum *cladatum; 358 359 cladatum = datum; 360 p = datap; 361 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 362 return -EINVAL; 363 364 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 365 p->class_val_to_struct[cladatum->value - 1] = cladatum; 366 return 0; 367 } 368 369 static int role_index(void *key, void *datum, void *datap) 370 { 371 struct policydb *p; 372 struct role_datum *role; 373 374 role = datum; 375 p = datap; 376 if (!role->value 377 || role->value > p->p_roles.nprim 378 || role->bounds > p->p_roles.nprim) 379 return -EINVAL; 380 381 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 382 p->role_val_to_struct[role->value - 1] = role; 383 return 0; 384 } 385 386 static int type_index(void *key, void *datum, void *datap) 387 { 388 struct policydb *p; 389 struct type_datum *typdatum; 390 391 typdatum = datum; 392 p = datap; 393 394 if (typdatum->primary) { 395 if (!typdatum->value 396 || typdatum->value > p->p_types.nprim 397 || typdatum->bounds > p->p_types.nprim) 398 return -EINVAL; 399 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 400 p->type_val_to_struct_array[typdatum->value - 1] = typdatum; 401 } 402 403 return 0; 404 } 405 406 static int user_index(void *key, void *datum, void *datap) 407 { 408 struct policydb *p; 409 struct user_datum *usrdatum; 410 411 usrdatum = datum; 412 p = datap; 413 if (!usrdatum->value 414 || usrdatum->value > p->p_users.nprim 415 || usrdatum->bounds > p->p_users.nprim) 416 return -EINVAL; 417 418 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 419 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 420 return 0; 421 } 422 423 static int sens_index(void *key, void *datum, void *datap) 424 { 425 struct policydb *p; 426 struct level_datum *levdatum; 427 428 levdatum = datum; 429 p = datap; 430 431 if (!levdatum->isalias) { 432 if (!levdatum->level->sens || 433 levdatum->level->sens > p->p_levels.nprim) 434 return -EINVAL; 435 436 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 437 } 438 439 return 0; 440 } 441 442 static int cat_index(void *key, void *datum, void *datap) 443 { 444 struct policydb *p; 445 struct cat_datum *catdatum; 446 447 catdatum = datum; 448 p = datap; 449 450 if (!catdatum->isalias) { 451 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 452 return -EINVAL; 453 454 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 455 } 456 457 return 0; 458 } 459 460 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 461 { 462 common_index, 463 class_index, 464 role_index, 465 type_index, 466 user_index, 467 cond_index_bool, 468 sens_index, 469 cat_index, 470 }; 471 472 #ifdef DEBUG_HASHES 473 static void hash_eval(struct hashtab *h, const char *hash_name) 474 { 475 struct hashtab_info info; 476 477 hashtab_stat(h, &info); 478 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, " 479 "longest chain length %d\n", hash_name, h->nel, 480 info.slots_used, h->size, info.max_chain_len); 481 } 482 483 static void symtab_hash_eval(struct symtab *s) 484 { 485 int i; 486 487 for (i = 0; i < SYM_NUM; i++) 488 hash_eval(s[i].table, symtab_name[i]); 489 } 490 491 #else 492 static inline void hash_eval(struct hashtab *h, char *hash_name) 493 { 494 } 495 #endif 496 497 /* 498 * Define the other val_to_name and val_to_struct arrays 499 * in a policy database structure. 500 * 501 * Caller must clean up on failure. 502 */ 503 static int policydb_index(struct policydb *p) 504 { 505 int i, rc; 506 507 if (p->mls_enabled) 508 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 509 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 510 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 511 else 512 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 513 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 514 p->p_bools.nprim); 515 516 pr_debug("SELinux: %d classes, %d rules\n", 517 p->p_classes.nprim, p->te_avtab.nel); 518 519 #ifdef DEBUG_HASHES 520 avtab_hash_eval(&p->te_avtab, "rules"); 521 symtab_hash_eval(p->symtab); 522 #endif 523 524 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 525 sizeof(*p->class_val_to_struct), 526 GFP_KERNEL); 527 if (!p->class_val_to_struct) 528 return -ENOMEM; 529 530 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 531 sizeof(*p->role_val_to_struct), 532 GFP_KERNEL); 533 if (!p->role_val_to_struct) 534 return -ENOMEM; 535 536 p->user_val_to_struct = kcalloc(p->p_users.nprim, 537 sizeof(*p->user_val_to_struct), 538 GFP_KERNEL); 539 if (!p->user_val_to_struct) 540 return -ENOMEM; 541 542 p->type_val_to_struct_array = kvcalloc(p->p_types.nprim, 543 sizeof(*p->type_val_to_struct_array), 544 GFP_KERNEL); 545 if (!p->type_val_to_struct_array) 546 return -ENOMEM; 547 548 rc = cond_init_bool_indexes(p); 549 if (rc) 550 goto out; 551 552 for (i = 0; i < SYM_NUM; i++) { 553 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 554 sizeof(char *), 555 GFP_KERNEL); 556 if (!p->sym_val_to_name[i]) 557 return -ENOMEM; 558 559 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 560 if (rc) 561 goto out; 562 } 563 rc = 0; 564 out: 565 return rc; 566 } 567 568 /* 569 * The following *_destroy functions are used to 570 * free any memory allocated for each kind of 571 * symbol data in the policy database. 572 */ 573 574 static int perm_destroy(void *key, void *datum, void *p) 575 { 576 kfree(key); 577 kfree(datum); 578 return 0; 579 } 580 581 static int common_destroy(void *key, void *datum, void *p) 582 { 583 struct common_datum *comdatum; 584 585 kfree(key); 586 if (datum) { 587 comdatum = datum; 588 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 589 hashtab_destroy(comdatum->permissions.table); 590 } 591 kfree(datum); 592 return 0; 593 } 594 595 static void constraint_expr_destroy(struct constraint_expr *expr) 596 { 597 if (expr) { 598 ebitmap_destroy(&expr->names); 599 if (expr->type_names) { 600 ebitmap_destroy(&expr->type_names->types); 601 ebitmap_destroy(&expr->type_names->negset); 602 kfree(expr->type_names); 603 } 604 kfree(expr); 605 } 606 } 607 608 static int cls_destroy(void *key, void *datum, void *p) 609 { 610 struct class_datum *cladatum; 611 struct constraint_node *constraint, *ctemp; 612 struct constraint_expr *e, *etmp; 613 614 kfree(key); 615 if (datum) { 616 cladatum = datum; 617 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 618 hashtab_destroy(cladatum->permissions.table); 619 constraint = cladatum->constraints; 620 while (constraint) { 621 e = constraint->expr; 622 while (e) { 623 etmp = e; 624 e = e->next; 625 constraint_expr_destroy(etmp); 626 } 627 ctemp = constraint; 628 constraint = constraint->next; 629 kfree(ctemp); 630 } 631 632 constraint = cladatum->validatetrans; 633 while (constraint) { 634 e = constraint->expr; 635 while (e) { 636 etmp = e; 637 e = e->next; 638 constraint_expr_destroy(etmp); 639 } 640 ctemp = constraint; 641 constraint = constraint->next; 642 kfree(ctemp); 643 } 644 kfree(cladatum->comkey); 645 } 646 kfree(datum); 647 return 0; 648 } 649 650 static int role_destroy(void *key, void *datum, void *p) 651 { 652 struct role_datum *role; 653 654 kfree(key); 655 if (datum) { 656 role = datum; 657 ebitmap_destroy(&role->dominates); 658 ebitmap_destroy(&role->types); 659 } 660 kfree(datum); 661 return 0; 662 } 663 664 static int type_destroy(void *key, void *datum, void *p) 665 { 666 kfree(key); 667 kfree(datum); 668 return 0; 669 } 670 671 static int user_destroy(void *key, void *datum, void *p) 672 { 673 struct user_datum *usrdatum; 674 675 kfree(key); 676 if (datum) { 677 usrdatum = datum; 678 ebitmap_destroy(&usrdatum->roles); 679 ebitmap_destroy(&usrdatum->range.level[0].cat); 680 ebitmap_destroy(&usrdatum->range.level[1].cat); 681 ebitmap_destroy(&usrdatum->dfltlevel.cat); 682 } 683 kfree(datum); 684 return 0; 685 } 686 687 static int sens_destroy(void *key, void *datum, void *p) 688 { 689 struct level_datum *levdatum; 690 691 kfree(key); 692 if (datum) { 693 levdatum = datum; 694 if (levdatum->level) 695 ebitmap_destroy(&levdatum->level->cat); 696 kfree(levdatum->level); 697 } 698 kfree(datum); 699 return 0; 700 } 701 702 static int cat_destroy(void *key, void *datum, void *p) 703 { 704 kfree(key); 705 kfree(datum); 706 return 0; 707 } 708 709 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 710 { 711 common_destroy, 712 cls_destroy, 713 role_destroy, 714 type_destroy, 715 user_destroy, 716 cond_destroy_bool, 717 sens_destroy, 718 cat_destroy, 719 }; 720 721 static int filenametr_destroy(void *key, void *datum, void *p) 722 { 723 struct filename_trans *ft = key; 724 kfree(ft->name); 725 kfree(key); 726 kfree(datum); 727 cond_resched(); 728 return 0; 729 } 730 731 static int range_tr_destroy(void *key, void *datum, void *p) 732 { 733 struct mls_range *rt = datum; 734 kfree(key); 735 ebitmap_destroy(&rt->level[0].cat); 736 ebitmap_destroy(&rt->level[1].cat); 737 kfree(datum); 738 cond_resched(); 739 return 0; 740 } 741 742 static void ocontext_destroy(struct ocontext *c, int i) 743 { 744 if (!c) 745 return; 746 747 context_destroy(&c->context[0]); 748 context_destroy(&c->context[1]); 749 if (i == OCON_ISID || i == OCON_FS || 750 i == OCON_NETIF || i == OCON_FSUSE) 751 kfree(c->u.name); 752 kfree(c); 753 } 754 755 /* 756 * Free any memory allocated by a policy database structure. 757 */ 758 void policydb_destroy(struct policydb *p) 759 { 760 struct ocontext *c, *ctmp; 761 struct genfs *g, *gtmp; 762 int i; 763 struct role_allow *ra, *lra = NULL; 764 struct role_trans *tr, *ltr = NULL; 765 766 for (i = 0; i < SYM_NUM; i++) { 767 cond_resched(); 768 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 769 hashtab_destroy(p->symtab[i].table); 770 } 771 772 for (i = 0; i < SYM_NUM; i++) 773 kvfree(p->sym_val_to_name[i]); 774 775 kfree(p->class_val_to_struct); 776 kfree(p->role_val_to_struct); 777 kfree(p->user_val_to_struct); 778 kvfree(p->type_val_to_struct_array); 779 780 avtab_destroy(&p->te_avtab); 781 782 for (i = 0; i < OCON_NUM; i++) { 783 cond_resched(); 784 c = p->ocontexts[i]; 785 while (c) { 786 ctmp = c; 787 c = c->next; 788 ocontext_destroy(ctmp, i); 789 } 790 p->ocontexts[i] = NULL; 791 } 792 793 g = p->genfs; 794 while (g) { 795 cond_resched(); 796 kfree(g->fstype); 797 c = g->head; 798 while (c) { 799 ctmp = c; 800 c = c->next; 801 ocontext_destroy(ctmp, OCON_FSUSE); 802 } 803 gtmp = g; 804 g = g->next; 805 kfree(gtmp); 806 } 807 p->genfs = NULL; 808 809 cond_policydb_destroy(p); 810 811 for (tr = p->role_tr; tr; tr = tr->next) { 812 cond_resched(); 813 kfree(ltr); 814 ltr = tr; 815 } 816 kfree(ltr); 817 818 for (ra = p->role_allow; ra; ra = ra->next) { 819 cond_resched(); 820 kfree(lra); 821 lra = ra; 822 } 823 kfree(lra); 824 825 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 826 hashtab_destroy(p->filename_trans); 827 828 hashtab_map(p->range_tr, range_tr_destroy, NULL); 829 hashtab_destroy(p->range_tr); 830 831 for (i = 0; i < p->p_types.nprim; i++) 832 ebitmap_destroy(&p->type_attr_map_array[i]); 833 kvfree(p->type_attr_map_array); 834 835 ebitmap_destroy(&p->filename_trans_ttypes); 836 ebitmap_destroy(&p->policycaps); 837 ebitmap_destroy(&p->permissive_map); 838 } 839 840 /* 841 * Load the initial SIDs specified in a policy database 842 * structure into a SID table. 843 */ 844 int policydb_load_isids(struct policydb *p, struct sidtab *s) 845 { 846 struct ocontext *head, *c; 847 int rc; 848 849 rc = sidtab_init(s); 850 if (rc) { 851 pr_err("SELinux: out of memory on SID table init\n"); 852 goto out; 853 } 854 855 head = p->ocontexts[OCON_ISID]; 856 for (c = head; c; c = c->next) { 857 rc = -EINVAL; 858 if (!c->context[0].user) { 859 pr_err("SELinux: SID %s was never defined.\n", 860 c->u.name); 861 sidtab_destroy(s); 862 goto out; 863 } 864 if (c->sid[0] == SECSID_NULL || c->sid[0] > SECINITSID_NUM) { 865 pr_err("SELinux: Initial SID %s out of range.\n", 866 c->u.name); 867 sidtab_destroy(s); 868 goto out; 869 } 870 871 rc = sidtab_set_initial(s, c->sid[0], &c->context[0]); 872 if (rc) { 873 pr_err("SELinux: unable to load initial SID %s.\n", 874 c->u.name); 875 sidtab_destroy(s); 876 goto out; 877 } 878 } 879 rc = 0; 880 out: 881 return rc; 882 } 883 884 int policydb_class_isvalid(struct policydb *p, unsigned int class) 885 { 886 if (!class || class > p->p_classes.nprim) 887 return 0; 888 return 1; 889 } 890 891 int policydb_role_isvalid(struct policydb *p, unsigned int role) 892 { 893 if (!role || role > p->p_roles.nprim) 894 return 0; 895 return 1; 896 } 897 898 int policydb_type_isvalid(struct policydb *p, unsigned int type) 899 { 900 if (!type || type > p->p_types.nprim) 901 return 0; 902 return 1; 903 } 904 905 /* 906 * Return 1 if the fields in the security context 907 * structure `c' are valid. Return 0 otherwise. 908 */ 909 int policydb_context_isvalid(struct policydb *p, struct context *c) 910 { 911 struct role_datum *role; 912 struct user_datum *usrdatum; 913 914 if (!c->role || c->role > p->p_roles.nprim) 915 return 0; 916 917 if (!c->user || c->user > p->p_users.nprim) 918 return 0; 919 920 if (!c->type || c->type > p->p_types.nprim) 921 return 0; 922 923 if (c->role != OBJECT_R_VAL) { 924 /* 925 * Role must be authorized for the type. 926 */ 927 role = p->role_val_to_struct[c->role - 1]; 928 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 929 /* role may not be associated with type */ 930 return 0; 931 932 /* 933 * User must be authorized for the role. 934 */ 935 usrdatum = p->user_val_to_struct[c->user - 1]; 936 if (!usrdatum) 937 return 0; 938 939 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 940 /* user may not be associated with role */ 941 return 0; 942 } 943 944 if (!mls_context_isvalid(p, c)) 945 return 0; 946 947 return 1; 948 } 949 950 /* 951 * Read a MLS range structure from a policydb binary 952 * representation file. 953 */ 954 static int mls_read_range_helper(struct mls_range *r, void *fp) 955 { 956 __le32 buf[2]; 957 u32 items; 958 int rc; 959 960 rc = next_entry(buf, fp, sizeof(u32)); 961 if (rc) 962 goto out; 963 964 rc = -EINVAL; 965 items = le32_to_cpu(buf[0]); 966 if (items > ARRAY_SIZE(buf)) { 967 pr_err("SELinux: mls: range overflow\n"); 968 goto out; 969 } 970 971 rc = next_entry(buf, fp, sizeof(u32) * items); 972 if (rc) { 973 pr_err("SELinux: mls: truncated range\n"); 974 goto out; 975 } 976 977 r->level[0].sens = le32_to_cpu(buf[0]); 978 if (items > 1) 979 r->level[1].sens = le32_to_cpu(buf[1]); 980 else 981 r->level[1].sens = r->level[0].sens; 982 983 rc = ebitmap_read(&r->level[0].cat, fp); 984 if (rc) { 985 pr_err("SELinux: mls: error reading low categories\n"); 986 goto out; 987 } 988 if (items > 1) { 989 rc = ebitmap_read(&r->level[1].cat, fp); 990 if (rc) { 991 pr_err("SELinux: mls: error reading high categories\n"); 992 goto bad_high; 993 } 994 } else { 995 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 996 if (rc) { 997 pr_err("SELinux: mls: out of memory\n"); 998 goto bad_high; 999 } 1000 } 1001 1002 return 0; 1003 bad_high: 1004 ebitmap_destroy(&r->level[0].cat); 1005 out: 1006 return rc; 1007 } 1008 1009 /* 1010 * Read and validate a security context structure 1011 * from a policydb binary representation file. 1012 */ 1013 static int context_read_and_validate(struct context *c, 1014 struct policydb *p, 1015 void *fp) 1016 { 1017 __le32 buf[3]; 1018 int rc; 1019 1020 rc = next_entry(buf, fp, sizeof buf); 1021 if (rc) { 1022 pr_err("SELinux: context truncated\n"); 1023 goto out; 1024 } 1025 c->user = le32_to_cpu(buf[0]); 1026 c->role = le32_to_cpu(buf[1]); 1027 c->type = le32_to_cpu(buf[2]); 1028 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1029 rc = mls_read_range_helper(&c->range, fp); 1030 if (rc) { 1031 pr_err("SELinux: error reading MLS range of context\n"); 1032 goto out; 1033 } 1034 } 1035 1036 rc = -EINVAL; 1037 if (!policydb_context_isvalid(p, c)) { 1038 pr_err("SELinux: invalid security context\n"); 1039 context_destroy(c); 1040 goto out; 1041 } 1042 rc = 0; 1043 out: 1044 return rc; 1045 } 1046 1047 /* 1048 * The following *_read functions are used to 1049 * read the symbol data from a policy database 1050 * binary representation file. 1051 */ 1052 1053 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1054 { 1055 int rc; 1056 char *str; 1057 1058 if ((len == 0) || (len == (u32)-1)) 1059 return -EINVAL; 1060 1061 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1062 if (!str) 1063 return -ENOMEM; 1064 1065 /* it's expected the caller should free the str */ 1066 *strp = str; 1067 1068 rc = next_entry(str, fp, len); 1069 if (rc) 1070 return rc; 1071 1072 str[len] = '\0'; 1073 return 0; 1074 } 1075 1076 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1077 { 1078 char *key = NULL; 1079 struct perm_datum *perdatum; 1080 int rc; 1081 __le32 buf[2]; 1082 u32 len; 1083 1084 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1085 if (!perdatum) 1086 return -ENOMEM; 1087 1088 rc = next_entry(buf, fp, sizeof buf); 1089 if (rc) 1090 goto bad; 1091 1092 len = le32_to_cpu(buf[0]); 1093 perdatum->value = le32_to_cpu(buf[1]); 1094 1095 rc = str_read(&key, GFP_KERNEL, fp, len); 1096 if (rc) 1097 goto bad; 1098 1099 rc = hashtab_insert(h, key, perdatum); 1100 if (rc) 1101 goto bad; 1102 1103 return 0; 1104 bad: 1105 perm_destroy(key, perdatum, NULL); 1106 return rc; 1107 } 1108 1109 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1110 { 1111 char *key = NULL; 1112 struct common_datum *comdatum; 1113 __le32 buf[4]; 1114 u32 len, nel; 1115 int i, rc; 1116 1117 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1118 if (!comdatum) 1119 return -ENOMEM; 1120 1121 rc = next_entry(buf, fp, sizeof buf); 1122 if (rc) 1123 goto bad; 1124 1125 len = le32_to_cpu(buf[0]); 1126 comdatum->value = le32_to_cpu(buf[1]); 1127 1128 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1129 if (rc) 1130 goto bad; 1131 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1132 nel = le32_to_cpu(buf[3]); 1133 1134 rc = str_read(&key, GFP_KERNEL, fp, len); 1135 if (rc) 1136 goto bad; 1137 1138 for (i = 0; i < nel; i++) { 1139 rc = perm_read(p, comdatum->permissions.table, fp); 1140 if (rc) 1141 goto bad; 1142 } 1143 1144 rc = hashtab_insert(h, key, comdatum); 1145 if (rc) 1146 goto bad; 1147 return 0; 1148 bad: 1149 common_destroy(key, comdatum, NULL); 1150 return rc; 1151 } 1152 1153 static void type_set_init(struct type_set *t) 1154 { 1155 ebitmap_init(&t->types); 1156 ebitmap_init(&t->negset); 1157 } 1158 1159 static int type_set_read(struct type_set *t, void *fp) 1160 { 1161 __le32 buf[1]; 1162 int rc; 1163 1164 if (ebitmap_read(&t->types, fp)) 1165 return -EINVAL; 1166 if (ebitmap_read(&t->negset, fp)) 1167 return -EINVAL; 1168 1169 rc = next_entry(buf, fp, sizeof(u32)); 1170 if (rc < 0) 1171 return -EINVAL; 1172 t->flags = le32_to_cpu(buf[0]); 1173 1174 return 0; 1175 } 1176 1177 1178 static int read_cons_helper(struct policydb *p, 1179 struct constraint_node **nodep, 1180 int ncons, int allowxtarget, void *fp) 1181 { 1182 struct constraint_node *c, *lc; 1183 struct constraint_expr *e, *le; 1184 __le32 buf[3]; 1185 u32 nexpr; 1186 int rc, i, j, depth; 1187 1188 lc = NULL; 1189 for (i = 0; i < ncons; i++) { 1190 c = kzalloc(sizeof(*c), GFP_KERNEL); 1191 if (!c) 1192 return -ENOMEM; 1193 1194 if (lc) 1195 lc->next = c; 1196 else 1197 *nodep = c; 1198 1199 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1200 if (rc) 1201 return rc; 1202 c->permissions = le32_to_cpu(buf[0]); 1203 nexpr = le32_to_cpu(buf[1]); 1204 le = NULL; 1205 depth = -1; 1206 for (j = 0; j < nexpr; j++) { 1207 e = kzalloc(sizeof(*e), GFP_KERNEL); 1208 if (!e) 1209 return -ENOMEM; 1210 1211 if (le) 1212 le->next = e; 1213 else 1214 c->expr = e; 1215 1216 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1217 if (rc) 1218 return rc; 1219 e->expr_type = le32_to_cpu(buf[0]); 1220 e->attr = le32_to_cpu(buf[1]); 1221 e->op = le32_to_cpu(buf[2]); 1222 1223 switch (e->expr_type) { 1224 case CEXPR_NOT: 1225 if (depth < 0) 1226 return -EINVAL; 1227 break; 1228 case CEXPR_AND: 1229 case CEXPR_OR: 1230 if (depth < 1) 1231 return -EINVAL; 1232 depth--; 1233 break; 1234 case CEXPR_ATTR: 1235 if (depth == (CEXPR_MAXDEPTH - 1)) 1236 return -EINVAL; 1237 depth++; 1238 break; 1239 case CEXPR_NAMES: 1240 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1241 return -EINVAL; 1242 if (depth == (CEXPR_MAXDEPTH - 1)) 1243 return -EINVAL; 1244 depth++; 1245 rc = ebitmap_read(&e->names, fp); 1246 if (rc) 1247 return rc; 1248 if (p->policyvers >= 1249 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1250 e->type_names = kzalloc(sizeof 1251 (*e->type_names), 1252 GFP_KERNEL); 1253 if (!e->type_names) 1254 return -ENOMEM; 1255 type_set_init(e->type_names); 1256 rc = type_set_read(e->type_names, fp); 1257 if (rc) 1258 return rc; 1259 } 1260 break; 1261 default: 1262 return -EINVAL; 1263 } 1264 le = e; 1265 } 1266 if (depth != 0) 1267 return -EINVAL; 1268 lc = c; 1269 } 1270 1271 return 0; 1272 } 1273 1274 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1275 { 1276 char *key = NULL; 1277 struct class_datum *cladatum; 1278 __le32 buf[6]; 1279 u32 len, len2, ncons, nel; 1280 int i, rc; 1281 1282 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1283 if (!cladatum) 1284 return -ENOMEM; 1285 1286 rc = next_entry(buf, fp, sizeof(u32)*6); 1287 if (rc) 1288 goto bad; 1289 1290 len = le32_to_cpu(buf[0]); 1291 len2 = le32_to_cpu(buf[1]); 1292 cladatum->value = le32_to_cpu(buf[2]); 1293 1294 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1295 if (rc) 1296 goto bad; 1297 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1298 nel = le32_to_cpu(buf[4]); 1299 1300 ncons = le32_to_cpu(buf[5]); 1301 1302 rc = str_read(&key, GFP_KERNEL, fp, len); 1303 if (rc) 1304 goto bad; 1305 1306 if (len2) { 1307 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1308 if (rc) 1309 goto bad; 1310 1311 rc = -EINVAL; 1312 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1313 if (!cladatum->comdatum) { 1314 pr_err("SELinux: unknown common %s\n", 1315 cladatum->comkey); 1316 goto bad; 1317 } 1318 } 1319 for (i = 0; i < nel; i++) { 1320 rc = perm_read(p, cladatum->permissions.table, fp); 1321 if (rc) 1322 goto bad; 1323 } 1324 1325 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1326 if (rc) 1327 goto bad; 1328 1329 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1330 /* grab the validatetrans rules */ 1331 rc = next_entry(buf, fp, sizeof(u32)); 1332 if (rc) 1333 goto bad; 1334 ncons = le32_to_cpu(buf[0]); 1335 rc = read_cons_helper(p, &cladatum->validatetrans, 1336 ncons, 1, fp); 1337 if (rc) 1338 goto bad; 1339 } 1340 1341 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1342 rc = next_entry(buf, fp, sizeof(u32) * 3); 1343 if (rc) 1344 goto bad; 1345 1346 cladatum->default_user = le32_to_cpu(buf[0]); 1347 cladatum->default_role = le32_to_cpu(buf[1]); 1348 cladatum->default_range = le32_to_cpu(buf[2]); 1349 } 1350 1351 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1352 rc = next_entry(buf, fp, sizeof(u32) * 1); 1353 if (rc) 1354 goto bad; 1355 cladatum->default_type = le32_to_cpu(buf[0]); 1356 } 1357 1358 rc = hashtab_insert(h, key, cladatum); 1359 if (rc) 1360 goto bad; 1361 1362 return 0; 1363 bad: 1364 cls_destroy(key, cladatum, NULL); 1365 return rc; 1366 } 1367 1368 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1369 { 1370 char *key = NULL; 1371 struct role_datum *role; 1372 int rc, to_read = 2; 1373 __le32 buf[3]; 1374 u32 len; 1375 1376 role = kzalloc(sizeof(*role), GFP_KERNEL); 1377 if (!role) 1378 return -ENOMEM; 1379 1380 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1381 to_read = 3; 1382 1383 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1384 if (rc) 1385 goto bad; 1386 1387 len = le32_to_cpu(buf[0]); 1388 role->value = le32_to_cpu(buf[1]); 1389 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1390 role->bounds = le32_to_cpu(buf[2]); 1391 1392 rc = str_read(&key, GFP_KERNEL, fp, len); 1393 if (rc) 1394 goto bad; 1395 1396 rc = ebitmap_read(&role->dominates, fp); 1397 if (rc) 1398 goto bad; 1399 1400 rc = ebitmap_read(&role->types, fp); 1401 if (rc) 1402 goto bad; 1403 1404 if (strcmp(key, OBJECT_R) == 0) { 1405 rc = -EINVAL; 1406 if (role->value != OBJECT_R_VAL) { 1407 pr_err("SELinux: Role %s has wrong value %d\n", 1408 OBJECT_R, role->value); 1409 goto bad; 1410 } 1411 rc = 0; 1412 goto bad; 1413 } 1414 1415 rc = hashtab_insert(h, key, role); 1416 if (rc) 1417 goto bad; 1418 return 0; 1419 bad: 1420 role_destroy(key, role, NULL); 1421 return rc; 1422 } 1423 1424 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1425 { 1426 char *key = NULL; 1427 struct type_datum *typdatum; 1428 int rc, to_read = 3; 1429 __le32 buf[4]; 1430 u32 len; 1431 1432 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1433 if (!typdatum) 1434 return -ENOMEM; 1435 1436 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1437 to_read = 4; 1438 1439 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1440 if (rc) 1441 goto bad; 1442 1443 len = le32_to_cpu(buf[0]); 1444 typdatum->value = le32_to_cpu(buf[1]); 1445 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1446 u32 prop = le32_to_cpu(buf[2]); 1447 1448 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1449 typdatum->primary = 1; 1450 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1451 typdatum->attribute = 1; 1452 1453 typdatum->bounds = le32_to_cpu(buf[3]); 1454 } else { 1455 typdatum->primary = le32_to_cpu(buf[2]); 1456 } 1457 1458 rc = str_read(&key, GFP_KERNEL, fp, len); 1459 if (rc) 1460 goto bad; 1461 1462 rc = hashtab_insert(h, key, typdatum); 1463 if (rc) 1464 goto bad; 1465 return 0; 1466 bad: 1467 type_destroy(key, typdatum, NULL); 1468 return rc; 1469 } 1470 1471 1472 /* 1473 * Read a MLS level structure from a policydb binary 1474 * representation file. 1475 */ 1476 static int mls_read_level(struct mls_level *lp, void *fp) 1477 { 1478 __le32 buf[1]; 1479 int rc; 1480 1481 memset(lp, 0, sizeof(*lp)); 1482 1483 rc = next_entry(buf, fp, sizeof buf); 1484 if (rc) { 1485 pr_err("SELinux: mls: truncated level\n"); 1486 return rc; 1487 } 1488 lp->sens = le32_to_cpu(buf[0]); 1489 1490 rc = ebitmap_read(&lp->cat, fp); 1491 if (rc) { 1492 pr_err("SELinux: mls: error reading level categories\n"); 1493 return rc; 1494 } 1495 return 0; 1496 } 1497 1498 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1499 { 1500 char *key = NULL; 1501 struct user_datum *usrdatum; 1502 int rc, to_read = 2; 1503 __le32 buf[3]; 1504 u32 len; 1505 1506 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1507 if (!usrdatum) 1508 return -ENOMEM; 1509 1510 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1511 to_read = 3; 1512 1513 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1514 if (rc) 1515 goto bad; 1516 1517 len = le32_to_cpu(buf[0]); 1518 usrdatum->value = le32_to_cpu(buf[1]); 1519 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1520 usrdatum->bounds = le32_to_cpu(buf[2]); 1521 1522 rc = str_read(&key, GFP_KERNEL, fp, len); 1523 if (rc) 1524 goto bad; 1525 1526 rc = ebitmap_read(&usrdatum->roles, fp); 1527 if (rc) 1528 goto bad; 1529 1530 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1531 rc = mls_read_range_helper(&usrdatum->range, fp); 1532 if (rc) 1533 goto bad; 1534 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1535 if (rc) 1536 goto bad; 1537 } 1538 1539 rc = hashtab_insert(h, key, usrdatum); 1540 if (rc) 1541 goto bad; 1542 return 0; 1543 bad: 1544 user_destroy(key, usrdatum, NULL); 1545 return rc; 1546 } 1547 1548 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1549 { 1550 char *key = NULL; 1551 struct level_datum *levdatum; 1552 int rc; 1553 __le32 buf[2]; 1554 u32 len; 1555 1556 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1557 if (!levdatum) 1558 return -ENOMEM; 1559 1560 rc = next_entry(buf, fp, sizeof buf); 1561 if (rc) 1562 goto bad; 1563 1564 len = le32_to_cpu(buf[0]); 1565 levdatum->isalias = le32_to_cpu(buf[1]); 1566 1567 rc = str_read(&key, GFP_ATOMIC, fp, len); 1568 if (rc) 1569 goto bad; 1570 1571 rc = -ENOMEM; 1572 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1573 if (!levdatum->level) 1574 goto bad; 1575 1576 rc = mls_read_level(levdatum->level, fp); 1577 if (rc) 1578 goto bad; 1579 1580 rc = hashtab_insert(h, key, levdatum); 1581 if (rc) 1582 goto bad; 1583 return 0; 1584 bad: 1585 sens_destroy(key, levdatum, NULL); 1586 return rc; 1587 } 1588 1589 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1590 { 1591 char *key = NULL; 1592 struct cat_datum *catdatum; 1593 int rc; 1594 __le32 buf[3]; 1595 u32 len; 1596 1597 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1598 if (!catdatum) 1599 return -ENOMEM; 1600 1601 rc = next_entry(buf, fp, sizeof buf); 1602 if (rc) 1603 goto bad; 1604 1605 len = le32_to_cpu(buf[0]); 1606 catdatum->value = le32_to_cpu(buf[1]); 1607 catdatum->isalias = le32_to_cpu(buf[2]); 1608 1609 rc = str_read(&key, GFP_ATOMIC, fp, len); 1610 if (rc) 1611 goto bad; 1612 1613 rc = hashtab_insert(h, key, catdatum); 1614 if (rc) 1615 goto bad; 1616 return 0; 1617 bad: 1618 cat_destroy(key, catdatum, NULL); 1619 return rc; 1620 } 1621 1622 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1623 { 1624 common_read, 1625 class_read, 1626 role_read, 1627 type_read, 1628 user_read, 1629 cond_read_bool, 1630 sens_read, 1631 cat_read, 1632 }; 1633 1634 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1635 { 1636 struct user_datum *upper, *user; 1637 struct policydb *p = datap; 1638 int depth = 0; 1639 1640 upper = user = datum; 1641 while (upper->bounds) { 1642 struct ebitmap_node *node; 1643 unsigned long bit; 1644 1645 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1646 pr_err("SELinux: user %s: " 1647 "too deep or looped boundary", 1648 (char *) key); 1649 return -EINVAL; 1650 } 1651 1652 upper = p->user_val_to_struct[upper->bounds - 1]; 1653 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1654 if (ebitmap_get_bit(&upper->roles, bit)) 1655 continue; 1656 1657 pr_err("SELinux: boundary violated policy: " 1658 "user=%s role=%s bounds=%s\n", 1659 sym_name(p, SYM_USERS, user->value - 1), 1660 sym_name(p, SYM_ROLES, bit), 1661 sym_name(p, SYM_USERS, upper->value - 1)); 1662 1663 return -EINVAL; 1664 } 1665 } 1666 1667 return 0; 1668 } 1669 1670 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1671 { 1672 struct role_datum *upper, *role; 1673 struct policydb *p = datap; 1674 int depth = 0; 1675 1676 upper = role = datum; 1677 while (upper->bounds) { 1678 struct ebitmap_node *node; 1679 unsigned long bit; 1680 1681 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1682 pr_err("SELinux: role %s: " 1683 "too deep or looped bounds\n", 1684 (char *) key); 1685 return -EINVAL; 1686 } 1687 1688 upper = p->role_val_to_struct[upper->bounds - 1]; 1689 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1690 if (ebitmap_get_bit(&upper->types, bit)) 1691 continue; 1692 1693 pr_err("SELinux: boundary violated policy: " 1694 "role=%s type=%s bounds=%s\n", 1695 sym_name(p, SYM_ROLES, role->value - 1), 1696 sym_name(p, SYM_TYPES, bit), 1697 sym_name(p, SYM_ROLES, upper->value - 1)); 1698 1699 return -EINVAL; 1700 } 1701 } 1702 1703 return 0; 1704 } 1705 1706 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1707 { 1708 struct type_datum *upper; 1709 struct policydb *p = datap; 1710 int depth = 0; 1711 1712 upper = datum; 1713 while (upper->bounds) { 1714 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1715 pr_err("SELinux: type %s: " 1716 "too deep or looped boundary\n", 1717 (char *) key); 1718 return -EINVAL; 1719 } 1720 1721 upper = p->type_val_to_struct_array[upper->bounds - 1]; 1722 BUG_ON(!upper); 1723 1724 if (upper->attribute) { 1725 pr_err("SELinux: type %s: " 1726 "bounded by attribute %s", 1727 (char *) key, 1728 sym_name(p, SYM_TYPES, upper->value - 1)); 1729 return -EINVAL; 1730 } 1731 } 1732 1733 return 0; 1734 } 1735 1736 static int policydb_bounds_sanity_check(struct policydb *p) 1737 { 1738 int rc; 1739 1740 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1741 return 0; 1742 1743 rc = hashtab_map(p->p_users.table, 1744 user_bounds_sanity_check, p); 1745 if (rc) 1746 return rc; 1747 1748 rc = hashtab_map(p->p_roles.table, 1749 role_bounds_sanity_check, p); 1750 if (rc) 1751 return rc; 1752 1753 rc = hashtab_map(p->p_types.table, 1754 type_bounds_sanity_check, p); 1755 if (rc) 1756 return rc; 1757 1758 return 0; 1759 } 1760 1761 u16 string_to_security_class(struct policydb *p, const char *name) 1762 { 1763 struct class_datum *cladatum; 1764 1765 cladatum = hashtab_search(p->p_classes.table, name); 1766 if (!cladatum) 1767 return 0; 1768 1769 return cladatum->value; 1770 } 1771 1772 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1773 { 1774 struct class_datum *cladatum; 1775 struct perm_datum *perdatum = NULL; 1776 struct common_datum *comdatum; 1777 1778 if (!tclass || tclass > p->p_classes.nprim) 1779 return 0; 1780 1781 cladatum = p->class_val_to_struct[tclass-1]; 1782 comdatum = cladatum->comdatum; 1783 if (comdatum) 1784 perdatum = hashtab_search(comdatum->permissions.table, 1785 name); 1786 if (!perdatum) 1787 perdatum = hashtab_search(cladatum->permissions.table, 1788 name); 1789 if (!perdatum) 1790 return 0; 1791 1792 return 1U << (perdatum->value-1); 1793 } 1794 1795 static int range_read(struct policydb *p, void *fp) 1796 { 1797 struct range_trans *rt = NULL; 1798 struct mls_range *r = NULL; 1799 int i, rc; 1800 __le32 buf[2]; 1801 u32 nel; 1802 1803 if (p->policyvers < POLICYDB_VERSION_MLS) 1804 return 0; 1805 1806 rc = next_entry(buf, fp, sizeof(u32)); 1807 if (rc) 1808 return rc; 1809 1810 nel = le32_to_cpu(buf[0]); 1811 for (i = 0; i < nel; i++) { 1812 rc = -ENOMEM; 1813 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1814 if (!rt) 1815 goto out; 1816 1817 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1818 if (rc) 1819 goto out; 1820 1821 rt->source_type = le32_to_cpu(buf[0]); 1822 rt->target_type = le32_to_cpu(buf[1]); 1823 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1824 rc = next_entry(buf, fp, sizeof(u32)); 1825 if (rc) 1826 goto out; 1827 rt->target_class = le32_to_cpu(buf[0]); 1828 } else 1829 rt->target_class = p->process_class; 1830 1831 rc = -EINVAL; 1832 if (!policydb_type_isvalid(p, rt->source_type) || 1833 !policydb_type_isvalid(p, rt->target_type) || 1834 !policydb_class_isvalid(p, rt->target_class)) 1835 goto out; 1836 1837 rc = -ENOMEM; 1838 r = kzalloc(sizeof(*r), GFP_KERNEL); 1839 if (!r) 1840 goto out; 1841 1842 rc = mls_read_range_helper(r, fp); 1843 if (rc) 1844 goto out; 1845 1846 rc = -EINVAL; 1847 if (!mls_range_isvalid(p, r)) { 1848 pr_warn("SELinux: rangetrans: invalid range\n"); 1849 goto out; 1850 } 1851 1852 rc = hashtab_insert(p->range_tr, rt, r); 1853 if (rc) 1854 goto out; 1855 1856 rt = NULL; 1857 r = NULL; 1858 } 1859 hash_eval(p->range_tr, "rangetr"); 1860 rc = 0; 1861 out: 1862 kfree(rt); 1863 kfree(r); 1864 return rc; 1865 } 1866 1867 static int filename_trans_read(struct policydb *p, void *fp) 1868 { 1869 struct filename_trans *ft; 1870 struct filename_trans_datum *otype; 1871 char *name; 1872 u32 nel, len; 1873 __le32 buf[4]; 1874 int rc, i; 1875 1876 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1877 return 0; 1878 1879 rc = next_entry(buf, fp, sizeof(u32)); 1880 if (rc) 1881 return rc; 1882 nel = le32_to_cpu(buf[0]); 1883 1884 for (i = 0; i < nel; i++) { 1885 otype = NULL; 1886 name = NULL; 1887 1888 rc = -ENOMEM; 1889 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1890 if (!ft) 1891 goto out; 1892 1893 rc = -ENOMEM; 1894 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1895 if (!otype) 1896 goto out; 1897 1898 /* length of the path component string */ 1899 rc = next_entry(buf, fp, sizeof(u32)); 1900 if (rc) 1901 goto out; 1902 len = le32_to_cpu(buf[0]); 1903 1904 /* path component string */ 1905 rc = str_read(&name, GFP_KERNEL, fp, len); 1906 if (rc) 1907 goto out; 1908 1909 ft->name = name; 1910 1911 rc = next_entry(buf, fp, sizeof(u32) * 4); 1912 if (rc) 1913 goto out; 1914 1915 ft->stype = le32_to_cpu(buf[0]); 1916 ft->ttype = le32_to_cpu(buf[1]); 1917 ft->tclass = le32_to_cpu(buf[2]); 1918 1919 otype->otype = le32_to_cpu(buf[3]); 1920 1921 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1922 if (rc) 1923 goto out; 1924 1925 rc = hashtab_insert(p->filename_trans, ft, otype); 1926 if (rc) { 1927 /* 1928 * Do not return -EEXIST to the caller, or the system 1929 * will not boot. 1930 */ 1931 if (rc != -EEXIST) 1932 goto out; 1933 /* But free memory to avoid memory leak. */ 1934 kfree(ft); 1935 kfree(name); 1936 kfree(otype); 1937 } 1938 } 1939 hash_eval(p->filename_trans, "filenametr"); 1940 return 0; 1941 out: 1942 kfree(ft); 1943 kfree(name); 1944 kfree(otype); 1945 1946 return rc; 1947 } 1948 1949 static int genfs_read(struct policydb *p, void *fp) 1950 { 1951 int i, j, rc; 1952 u32 nel, nel2, len, len2; 1953 __le32 buf[1]; 1954 struct ocontext *l, *c; 1955 struct ocontext *newc = NULL; 1956 struct genfs *genfs_p, *genfs; 1957 struct genfs *newgenfs = NULL; 1958 1959 rc = next_entry(buf, fp, sizeof(u32)); 1960 if (rc) 1961 return rc; 1962 nel = le32_to_cpu(buf[0]); 1963 1964 for (i = 0; i < nel; i++) { 1965 rc = next_entry(buf, fp, sizeof(u32)); 1966 if (rc) 1967 goto out; 1968 len = le32_to_cpu(buf[0]); 1969 1970 rc = -ENOMEM; 1971 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1972 if (!newgenfs) 1973 goto out; 1974 1975 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 1976 if (rc) 1977 goto out; 1978 1979 for (genfs_p = NULL, genfs = p->genfs; genfs; 1980 genfs_p = genfs, genfs = genfs->next) { 1981 rc = -EINVAL; 1982 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1983 pr_err("SELinux: dup genfs fstype %s\n", 1984 newgenfs->fstype); 1985 goto out; 1986 } 1987 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1988 break; 1989 } 1990 newgenfs->next = genfs; 1991 if (genfs_p) 1992 genfs_p->next = newgenfs; 1993 else 1994 p->genfs = newgenfs; 1995 genfs = newgenfs; 1996 newgenfs = NULL; 1997 1998 rc = next_entry(buf, fp, sizeof(u32)); 1999 if (rc) 2000 goto out; 2001 2002 nel2 = le32_to_cpu(buf[0]); 2003 for (j = 0; j < nel2; j++) { 2004 rc = next_entry(buf, fp, sizeof(u32)); 2005 if (rc) 2006 goto out; 2007 len = le32_to_cpu(buf[0]); 2008 2009 rc = -ENOMEM; 2010 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2011 if (!newc) 2012 goto out; 2013 2014 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2015 if (rc) 2016 goto out; 2017 2018 rc = next_entry(buf, fp, sizeof(u32)); 2019 if (rc) 2020 goto out; 2021 2022 newc->v.sclass = le32_to_cpu(buf[0]); 2023 rc = context_read_and_validate(&newc->context[0], p, fp); 2024 if (rc) 2025 goto out; 2026 2027 for (l = NULL, c = genfs->head; c; 2028 l = c, c = c->next) { 2029 rc = -EINVAL; 2030 if (!strcmp(newc->u.name, c->u.name) && 2031 (!c->v.sclass || !newc->v.sclass || 2032 newc->v.sclass == c->v.sclass)) { 2033 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2034 genfs->fstype, c->u.name); 2035 goto out; 2036 } 2037 len = strlen(newc->u.name); 2038 len2 = strlen(c->u.name); 2039 if (len > len2) 2040 break; 2041 } 2042 2043 newc->next = c; 2044 if (l) 2045 l->next = newc; 2046 else 2047 genfs->head = newc; 2048 newc = NULL; 2049 } 2050 } 2051 rc = 0; 2052 out: 2053 if (newgenfs) { 2054 kfree(newgenfs->fstype); 2055 kfree(newgenfs); 2056 } 2057 ocontext_destroy(newc, OCON_FSUSE); 2058 2059 return rc; 2060 } 2061 2062 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2063 void *fp) 2064 { 2065 int i, j, rc; 2066 u32 nel, len; 2067 __be64 prefixbuf[1]; 2068 __le32 buf[3]; 2069 struct ocontext *l, *c; 2070 u32 nodebuf[8]; 2071 2072 for (i = 0; i < info->ocon_num; i++) { 2073 rc = next_entry(buf, fp, sizeof(u32)); 2074 if (rc) 2075 goto out; 2076 nel = le32_to_cpu(buf[0]); 2077 2078 l = NULL; 2079 for (j = 0; j < nel; j++) { 2080 rc = -ENOMEM; 2081 c = kzalloc(sizeof(*c), GFP_KERNEL); 2082 if (!c) 2083 goto out; 2084 if (l) 2085 l->next = c; 2086 else 2087 p->ocontexts[i] = c; 2088 l = c; 2089 2090 switch (i) { 2091 case OCON_ISID: 2092 rc = next_entry(buf, fp, sizeof(u32)); 2093 if (rc) 2094 goto out; 2095 2096 c->sid[0] = le32_to_cpu(buf[0]); 2097 rc = context_read_and_validate(&c->context[0], p, fp); 2098 if (rc) 2099 goto out; 2100 break; 2101 case OCON_FS: 2102 case OCON_NETIF: 2103 rc = next_entry(buf, fp, sizeof(u32)); 2104 if (rc) 2105 goto out; 2106 len = le32_to_cpu(buf[0]); 2107 2108 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2109 if (rc) 2110 goto out; 2111 2112 rc = context_read_and_validate(&c->context[0], p, fp); 2113 if (rc) 2114 goto out; 2115 rc = context_read_and_validate(&c->context[1], p, fp); 2116 if (rc) 2117 goto out; 2118 break; 2119 case OCON_PORT: 2120 rc = next_entry(buf, fp, sizeof(u32)*3); 2121 if (rc) 2122 goto out; 2123 c->u.port.protocol = le32_to_cpu(buf[0]); 2124 c->u.port.low_port = le32_to_cpu(buf[1]); 2125 c->u.port.high_port = le32_to_cpu(buf[2]); 2126 rc = context_read_and_validate(&c->context[0], p, fp); 2127 if (rc) 2128 goto out; 2129 break; 2130 case OCON_NODE: 2131 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2132 if (rc) 2133 goto out; 2134 c->u.node.addr = nodebuf[0]; /* network order */ 2135 c->u.node.mask = nodebuf[1]; /* network order */ 2136 rc = context_read_and_validate(&c->context[0], p, fp); 2137 if (rc) 2138 goto out; 2139 break; 2140 case OCON_FSUSE: 2141 rc = next_entry(buf, fp, sizeof(u32)*2); 2142 if (rc) 2143 goto out; 2144 2145 rc = -EINVAL; 2146 c->v.behavior = le32_to_cpu(buf[0]); 2147 /* Determined at runtime, not in policy DB. */ 2148 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2149 goto out; 2150 if (c->v.behavior > SECURITY_FS_USE_MAX) 2151 goto out; 2152 2153 len = le32_to_cpu(buf[1]); 2154 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2155 if (rc) 2156 goto out; 2157 2158 rc = context_read_and_validate(&c->context[0], p, fp); 2159 if (rc) 2160 goto out; 2161 break; 2162 case OCON_NODE6: { 2163 int k; 2164 2165 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2166 if (rc) 2167 goto out; 2168 for (k = 0; k < 4; k++) 2169 c->u.node6.addr[k] = nodebuf[k]; 2170 for (k = 0; k < 4; k++) 2171 c->u.node6.mask[k] = nodebuf[k+4]; 2172 rc = context_read_and_validate(&c->context[0], p, fp); 2173 if (rc) 2174 goto out; 2175 break; 2176 } 2177 case OCON_IBPKEY: { 2178 u32 pkey_lo, pkey_hi; 2179 2180 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2181 if (rc) 2182 goto out; 2183 2184 /* we need to have subnet_prefix in CPU order */ 2185 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2186 2187 rc = next_entry(buf, fp, sizeof(u32) * 2); 2188 if (rc) 2189 goto out; 2190 2191 pkey_lo = le32_to_cpu(buf[0]); 2192 pkey_hi = le32_to_cpu(buf[1]); 2193 2194 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2195 rc = -EINVAL; 2196 goto out; 2197 } 2198 2199 c->u.ibpkey.low_pkey = pkey_lo; 2200 c->u.ibpkey.high_pkey = pkey_hi; 2201 2202 rc = context_read_and_validate(&c->context[0], 2203 p, 2204 fp); 2205 if (rc) 2206 goto out; 2207 break; 2208 } 2209 case OCON_IBENDPORT: { 2210 u32 port; 2211 2212 rc = next_entry(buf, fp, sizeof(u32) * 2); 2213 if (rc) 2214 goto out; 2215 len = le32_to_cpu(buf[0]); 2216 2217 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2218 if (rc) 2219 goto out; 2220 2221 port = le32_to_cpu(buf[1]); 2222 if (port > U8_MAX || port == 0) { 2223 rc = -EINVAL; 2224 goto out; 2225 } 2226 2227 c->u.ibendport.port = port; 2228 2229 rc = context_read_and_validate(&c->context[0], 2230 p, 2231 fp); 2232 if (rc) 2233 goto out; 2234 break; 2235 } /* end case */ 2236 } /* end switch */ 2237 } 2238 } 2239 rc = 0; 2240 out: 2241 return rc; 2242 } 2243 2244 /* 2245 * Read the configuration data from a policy database binary 2246 * representation file into a policy database structure. 2247 */ 2248 int policydb_read(struct policydb *p, void *fp) 2249 { 2250 struct role_allow *ra, *lra; 2251 struct role_trans *tr, *ltr; 2252 int i, j, rc; 2253 __le32 buf[4]; 2254 u32 len, nprim, nel; 2255 2256 char *policydb_str; 2257 struct policydb_compat_info *info; 2258 2259 rc = policydb_init(p); 2260 if (rc) 2261 return rc; 2262 2263 /* Read the magic number and string length. */ 2264 rc = next_entry(buf, fp, sizeof(u32) * 2); 2265 if (rc) 2266 goto bad; 2267 2268 rc = -EINVAL; 2269 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2270 pr_err("SELinux: policydb magic number 0x%x does " 2271 "not match expected magic number 0x%x\n", 2272 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2273 goto bad; 2274 } 2275 2276 rc = -EINVAL; 2277 len = le32_to_cpu(buf[1]); 2278 if (len != strlen(POLICYDB_STRING)) { 2279 pr_err("SELinux: policydb string length %d does not " 2280 "match expected length %zu\n", 2281 len, strlen(POLICYDB_STRING)); 2282 goto bad; 2283 } 2284 2285 rc = -ENOMEM; 2286 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2287 if (!policydb_str) { 2288 pr_err("SELinux: unable to allocate memory for policydb " 2289 "string of length %d\n", len); 2290 goto bad; 2291 } 2292 2293 rc = next_entry(policydb_str, fp, len); 2294 if (rc) { 2295 pr_err("SELinux: truncated policydb string identifier\n"); 2296 kfree(policydb_str); 2297 goto bad; 2298 } 2299 2300 rc = -EINVAL; 2301 policydb_str[len] = '\0'; 2302 if (strcmp(policydb_str, POLICYDB_STRING)) { 2303 pr_err("SELinux: policydb string %s does not match " 2304 "my string %s\n", policydb_str, POLICYDB_STRING); 2305 kfree(policydb_str); 2306 goto bad; 2307 } 2308 /* Done with policydb_str. */ 2309 kfree(policydb_str); 2310 policydb_str = NULL; 2311 2312 /* Read the version and table sizes. */ 2313 rc = next_entry(buf, fp, sizeof(u32)*4); 2314 if (rc) 2315 goto bad; 2316 2317 rc = -EINVAL; 2318 p->policyvers = le32_to_cpu(buf[0]); 2319 if (p->policyvers < POLICYDB_VERSION_MIN || 2320 p->policyvers > POLICYDB_VERSION_MAX) { 2321 pr_err("SELinux: policydb version %d does not match " 2322 "my version range %d-%d\n", 2323 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2324 goto bad; 2325 } 2326 2327 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2328 p->mls_enabled = 1; 2329 2330 rc = -EINVAL; 2331 if (p->policyvers < POLICYDB_VERSION_MLS) { 2332 pr_err("SELinux: security policydb version %d " 2333 "(MLS) not backwards compatible\n", 2334 p->policyvers); 2335 goto bad; 2336 } 2337 } 2338 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2339 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2340 2341 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2342 rc = ebitmap_read(&p->policycaps, fp); 2343 if (rc) 2344 goto bad; 2345 } 2346 2347 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2348 rc = ebitmap_read(&p->permissive_map, fp); 2349 if (rc) 2350 goto bad; 2351 } 2352 2353 rc = -EINVAL; 2354 info = policydb_lookup_compat(p->policyvers); 2355 if (!info) { 2356 pr_err("SELinux: unable to find policy compat info " 2357 "for version %d\n", p->policyvers); 2358 goto bad; 2359 } 2360 2361 rc = -EINVAL; 2362 if (le32_to_cpu(buf[2]) != info->sym_num || 2363 le32_to_cpu(buf[3]) != info->ocon_num) { 2364 pr_err("SELinux: policydb table sizes (%d,%d) do " 2365 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2366 le32_to_cpu(buf[3]), 2367 info->sym_num, info->ocon_num); 2368 goto bad; 2369 } 2370 2371 for (i = 0; i < info->sym_num; i++) { 2372 rc = next_entry(buf, fp, sizeof(u32)*2); 2373 if (rc) 2374 goto bad; 2375 nprim = le32_to_cpu(buf[0]); 2376 nel = le32_to_cpu(buf[1]); 2377 for (j = 0; j < nel; j++) { 2378 rc = read_f[i](p, p->symtab[i].table, fp); 2379 if (rc) 2380 goto bad; 2381 } 2382 2383 p->symtab[i].nprim = nprim; 2384 } 2385 2386 rc = -EINVAL; 2387 p->process_class = string_to_security_class(p, "process"); 2388 if (!p->process_class) 2389 goto bad; 2390 2391 rc = avtab_read(&p->te_avtab, fp, p); 2392 if (rc) 2393 goto bad; 2394 2395 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2396 rc = cond_read_list(p, fp); 2397 if (rc) 2398 goto bad; 2399 } 2400 2401 rc = next_entry(buf, fp, sizeof(u32)); 2402 if (rc) 2403 goto bad; 2404 nel = le32_to_cpu(buf[0]); 2405 ltr = NULL; 2406 for (i = 0; i < nel; i++) { 2407 rc = -ENOMEM; 2408 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2409 if (!tr) 2410 goto bad; 2411 if (ltr) 2412 ltr->next = tr; 2413 else 2414 p->role_tr = tr; 2415 rc = next_entry(buf, fp, sizeof(u32)*3); 2416 if (rc) 2417 goto bad; 2418 2419 rc = -EINVAL; 2420 tr->role = le32_to_cpu(buf[0]); 2421 tr->type = le32_to_cpu(buf[1]); 2422 tr->new_role = le32_to_cpu(buf[2]); 2423 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2424 rc = next_entry(buf, fp, sizeof(u32)); 2425 if (rc) 2426 goto bad; 2427 tr->tclass = le32_to_cpu(buf[0]); 2428 } else 2429 tr->tclass = p->process_class; 2430 2431 rc = -EINVAL; 2432 if (!policydb_role_isvalid(p, tr->role) || 2433 !policydb_type_isvalid(p, tr->type) || 2434 !policydb_class_isvalid(p, tr->tclass) || 2435 !policydb_role_isvalid(p, tr->new_role)) 2436 goto bad; 2437 ltr = tr; 2438 } 2439 2440 rc = next_entry(buf, fp, sizeof(u32)); 2441 if (rc) 2442 goto bad; 2443 nel = le32_to_cpu(buf[0]); 2444 lra = NULL; 2445 for (i = 0; i < nel; i++) { 2446 rc = -ENOMEM; 2447 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2448 if (!ra) 2449 goto bad; 2450 if (lra) 2451 lra->next = ra; 2452 else 2453 p->role_allow = ra; 2454 rc = next_entry(buf, fp, sizeof(u32)*2); 2455 if (rc) 2456 goto bad; 2457 2458 rc = -EINVAL; 2459 ra->role = le32_to_cpu(buf[0]); 2460 ra->new_role = le32_to_cpu(buf[1]); 2461 if (!policydb_role_isvalid(p, ra->role) || 2462 !policydb_role_isvalid(p, ra->new_role)) 2463 goto bad; 2464 lra = ra; 2465 } 2466 2467 rc = filename_trans_read(p, fp); 2468 if (rc) 2469 goto bad; 2470 2471 rc = policydb_index(p); 2472 if (rc) 2473 goto bad; 2474 2475 rc = -EINVAL; 2476 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2477 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2478 if (!p->process_trans_perms) 2479 goto bad; 2480 2481 rc = ocontext_read(p, info, fp); 2482 if (rc) 2483 goto bad; 2484 2485 rc = genfs_read(p, fp); 2486 if (rc) 2487 goto bad; 2488 2489 rc = range_read(p, fp); 2490 if (rc) 2491 goto bad; 2492 2493 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2494 sizeof(*p->type_attr_map_array), 2495 GFP_KERNEL); 2496 if (!p->type_attr_map_array) 2497 goto bad; 2498 2499 for (i = 0; i < p->p_types.nprim; i++) { 2500 struct ebitmap *e = &p->type_attr_map_array[i]; 2501 2502 ebitmap_init(e); 2503 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2504 rc = ebitmap_read(e, fp); 2505 if (rc) 2506 goto bad; 2507 } 2508 /* add the type itself as the degenerate case */ 2509 rc = ebitmap_set_bit(e, i, 1); 2510 if (rc) 2511 goto bad; 2512 } 2513 2514 rc = policydb_bounds_sanity_check(p); 2515 if (rc) 2516 goto bad; 2517 2518 rc = 0; 2519 out: 2520 return rc; 2521 bad: 2522 policydb_destroy(p); 2523 goto out; 2524 } 2525 2526 /* 2527 * Write a MLS level structure to a policydb binary 2528 * representation file. 2529 */ 2530 static int mls_write_level(struct mls_level *l, void *fp) 2531 { 2532 __le32 buf[1]; 2533 int rc; 2534 2535 buf[0] = cpu_to_le32(l->sens); 2536 rc = put_entry(buf, sizeof(u32), 1, fp); 2537 if (rc) 2538 return rc; 2539 2540 rc = ebitmap_write(&l->cat, fp); 2541 if (rc) 2542 return rc; 2543 2544 return 0; 2545 } 2546 2547 /* 2548 * Write a MLS range structure to a policydb binary 2549 * representation file. 2550 */ 2551 static int mls_write_range_helper(struct mls_range *r, void *fp) 2552 { 2553 __le32 buf[3]; 2554 size_t items; 2555 int rc, eq; 2556 2557 eq = mls_level_eq(&r->level[1], &r->level[0]); 2558 2559 if (eq) 2560 items = 2; 2561 else 2562 items = 3; 2563 buf[0] = cpu_to_le32(items-1); 2564 buf[1] = cpu_to_le32(r->level[0].sens); 2565 if (!eq) 2566 buf[2] = cpu_to_le32(r->level[1].sens); 2567 2568 BUG_ON(items > ARRAY_SIZE(buf)); 2569 2570 rc = put_entry(buf, sizeof(u32), items, fp); 2571 if (rc) 2572 return rc; 2573 2574 rc = ebitmap_write(&r->level[0].cat, fp); 2575 if (rc) 2576 return rc; 2577 if (!eq) { 2578 rc = ebitmap_write(&r->level[1].cat, fp); 2579 if (rc) 2580 return rc; 2581 } 2582 2583 return 0; 2584 } 2585 2586 static int sens_write(void *vkey, void *datum, void *ptr) 2587 { 2588 char *key = vkey; 2589 struct level_datum *levdatum = datum; 2590 struct policy_data *pd = ptr; 2591 void *fp = pd->fp; 2592 __le32 buf[2]; 2593 size_t len; 2594 int rc; 2595 2596 len = strlen(key); 2597 buf[0] = cpu_to_le32(len); 2598 buf[1] = cpu_to_le32(levdatum->isalias); 2599 rc = put_entry(buf, sizeof(u32), 2, fp); 2600 if (rc) 2601 return rc; 2602 2603 rc = put_entry(key, 1, len, fp); 2604 if (rc) 2605 return rc; 2606 2607 rc = mls_write_level(levdatum->level, fp); 2608 if (rc) 2609 return rc; 2610 2611 return 0; 2612 } 2613 2614 static int cat_write(void *vkey, void *datum, void *ptr) 2615 { 2616 char *key = vkey; 2617 struct cat_datum *catdatum = datum; 2618 struct policy_data *pd = ptr; 2619 void *fp = pd->fp; 2620 __le32 buf[3]; 2621 size_t len; 2622 int rc; 2623 2624 len = strlen(key); 2625 buf[0] = cpu_to_le32(len); 2626 buf[1] = cpu_to_le32(catdatum->value); 2627 buf[2] = cpu_to_le32(catdatum->isalias); 2628 rc = put_entry(buf, sizeof(u32), 3, fp); 2629 if (rc) 2630 return rc; 2631 2632 rc = put_entry(key, 1, len, fp); 2633 if (rc) 2634 return rc; 2635 2636 return 0; 2637 } 2638 2639 static int role_trans_write(struct policydb *p, void *fp) 2640 { 2641 struct role_trans *r = p->role_tr; 2642 struct role_trans *tr; 2643 u32 buf[3]; 2644 size_t nel; 2645 int rc; 2646 2647 nel = 0; 2648 for (tr = r; tr; tr = tr->next) 2649 nel++; 2650 buf[0] = cpu_to_le32(nel); 2651 rc = put_entry(buf, sizeof(u32), 1, fp); 2652 if (rc) 2653 return rc; 2654 for (tr = r; tr; tr = tr->next) { 2655 buf[0] = cpu_to_le32(tr->role); 2656 buf[1] = cpu_to_le32(tr->type); 2657 buf[2] = cpu_to_le32(tr->new_role); 2658 rc = put_entry(buf, sizeof(u32), 3, fp); 2659 if (rc) 2660 return rc; 2661 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2662 buf[0] = cpu_to_le32(tr->tclass); 2663 rc = put_entry(buf, sizeof(u32), 1, fp); 2664 if (rc) 2665 return rc; 2666 } 2667 } 2668 2669 return 0; 2670 } 2671 2672 static int role_allow_write(struct role_allow *r, void *fp) 2673 { 2674 struct role_allow *ra; 2675 u32 buf[2]; 2676 size_t nel; 2677 int rc; 2678 2679 nel = 0; 2680 for (ra = r; ra; ra = ra->next) 2681 nel++; 2682 buf[0] = cpu_to_le32(nel); 2683 rc = put_entry(buf, sizeof(u32), 1, fp); 2684 if (rc) 2685 return rc; 2686 for (ra = r; ra; ra = ra->next) { 2687 buf[0] = cpu_to_le32(ra->role); 2688 buf[1] = cpu_to_le32(ra->new_role); 2689 rc = put_entry(buf, sizeof(u32), 2, fp); 2690 if (rc) 2691 return rc; 2692 } 2693 return 0; 2694 } 2695 2696 /* 2697 * Write a security context structure 2698 * to a policydb binary representation file. 2699 */ 2700 static int context_write(struct policydb *p, struct context *c, 2701 void *fp) 2702 { 2703 int rc; 2704 __le32 buf[3]; 2705 2706 buf[0] = cpu_to_le32(c->user); 2707 buf[1] = cpu_to_le32(c->role); 2708 buf[2] = cpu_to_le32(c->type); 2709 2710 rc = put_entry(buf, sizeof(u32), 3, fp); 2711 if (rc) 2712 return rc; 2713 2714 rc = mls_write_range_helper(&c->range, fp); 2715 if (rc) 2716 return rc; 2717 2718 return 0; 2719 } 2720 2721 /* 2722 * The following *_write functions are used to 2723 * write the symbol data to a policy database 2724 * binary representation file. 2725 */ 2726 2727 static int perm_write(void *vkey, void *datum, void *fp) 2728 { 2729 char *key = vkey; 2730 struct perm_datum *perdatum = datum; 2731 __le32 buf[2]; 2732 size_t len; 2733 int rc; 2734 2735 len = strlen(key); 2736 buf[0] = cpu_to_le32(len); 2737 buf[1] = cpu_to_le32(perdatum->value); 2738 rc = put_entry(buf, sizeof(u32), 2, fp); 2739 if (rc) 2740 return rc; 2741 2742 rc = put_entry(key, 1, len, fp); 2743 if (rc) 2744 return rc; 2745 2746 return 0; 2747 } 2748 2749 static int common_write(void *vkey, void *datum, void *ptr) 2750 { 2751 char *key = vkey; 2752 struct common_datum *comdatum = datum; 2753 struct policy_data *pd = ptr; 2754 void *fp = pd->fp; 2755 __le32 buf[4]; 2756 size_t len; 2757 int rc; 2758 2759 len = strlen(key); 2760 buf[0] = cpu_to_le32(len); 2761 buf[1] = cpu_to_le32(comdatum->value); 2762 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2763 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2764 rc = put_entry(buf, sizeof(u32), 4, fp); 2765 if (rc) 2766 return rc; 2767 2768 rc = put_entry(key, 1, len, fp); 2769 if (rc) 2770 return rc; 2771 2772 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2773 if (rc) 2774 return rc; 2775 2776 return 0; 2777 } 2778 2779 static int type_set_write(struct type_set *t, void *fp) 2780 { 2781 int rc; 2782 __le32 buf[1]; 2783 2784 if (ebitmap_write(&t->types, fp)) 2785 return -EINVAL; 2786 if (ebitmap_write(&t->negset, fp)) 2787 return -EINVAL; 2788 2789 buf[0] = cpu_to_le32(t->flags); 2790 rc = put_entry(buf, sizeof(u32), 1, fp); 2791 if (rc) 2792 return -EINVAL; 2793 2794 return 0; 2795 } 2796 2797 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2798 void *fp) 2799 { 2800 struct constraint_node *c; 2801 struct constraint_expr *e; 2802 __le32 buf[3]; 2803 u32 nel; 2804 int rc; 2805 2806 for (c = node; c; c = c->next) { 2807 nel = 0; 2808 for (e = c->expr; e; e = e->next) 2809 nel++; 2810 buf[0] = cpu_to_le32(c->permissions); 2811 buf[1] = cpu_to_le32(nel); 2812 rc = put_entry(buf, sizeof(u32), 2, fp); 2813 if (rc) 2814 return rc; 2815 for (e = c->expr; e; e = e->next) { 2816 buf[0] = cpu_to_le32(e->expr_type); 2817 buf[1] = cpu_to_le32(e->attr); 2818 buf[2] = cpu_to_le32(e->op); 2819 rc = put_entry(buf, sizeof(u32), 3, fp); 2820 if (rc) 2821 return rc; 2822 2823 switch (e->expr_type) { 2824 case CEXPR_NAMES: 2825 rc = ebitmap_write(&e->names, fp); 2826 if (rc) 2827 return rc; 2828 if (p->policyvers >= 2829 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2830 rc = type_set_write(e->type_names, fp); 2831 if (rc) 2832 return rc; 2833 } 2834 break; 2835 default: 2836 break; 2837 } 2838 } 2839 } 2840 2841 return 0; 2842 } 2843 2844 static int class_write(void *vkey, void *datum, void *ptr) 2845 { 2846 char *key = vkey; 2847 struct class_datum *cladatum = datum; 2848 struct policy_data *pd = ptr; 2849 void *fp = pd->fp; 2850 struct policydb *p = pd->p; 2851 struct constraint_node *c; 2852 __le32 buf[6]; 2853 u32 ncons; 2854 size_t len, len2; 2855 int rc; 2856 2857 len = strlen(key); 2858 if (cladatum->comkey) 2859 len2 = strlen(cladatum->comkey); 2860 else 2861 len2 = 0; 2862 2863 ncons = 0; 2864 for (c = cladatum->constraints; c; c = c->next) 2865 ncons++; 2866 2867 buf[0] = cpu_to_le32(len); 2868 buf[1] = cpu_to_le32(len2); 2869 buf[2] = cpu_to_le32(cladatum->value); 2870 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2871 if (cladatum->permissions.table) 2872 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2873 else 2874 buf[4] = 0; 2875 buf[5] = cpu_to_le32(ncons); 2876 rc = put_entry(buf, sizeof(u32), 6, fp); 2877 if (rc) 2878 return rc; 2879 2880 rc = put_entry(key, 1, len, fp); 2881 if (rc) 2882 return rc; 2883 2884 if (cladatum->comkey) { 2885 rc = put_entry(cladatum->comkey, 1, len2, fp); 2886 if (rc) 2887 return rc; 2888 } 2889 2890 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2891 if (rc) 2892 return rc; 2893 2894 rc = write_cons_helper(p, cladatum->constraints, fp); 2895 if (rc) 2896 return rc; 2897 2898 /* write out the validatetrans rule */ 2899 ncons = 0; 2900 for (c = cladatum->validatetrans; c; c = c->next) 2901 ncons++; 2902 2903 buf[0] = cpu_to_le32(ncons); 2904 rc = put_entry(buf, sizeof(u32), 1, fp); 2905 if (rc) 2906 return rc; 2907 2908 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2909 if (rc) 2910 return rc; 2911 2912 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2913 buf[0] = cpu_to_le32(cladatum->default_user); 2914 buf[1] = cpu_to_le32(cladatum->default_role); 2915 buf[2] = cpu_to_le32(cladatum->default_range); 2916 2917 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2918 if (rc) 2919 return rc; 2920 } 2921 2922 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2923 buf[0] = cpu_to_le32(cladatum->default_type); 2924 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2925 if (rc) 2926 return rc; 2927 } 2928 2929 return 0; 2930 } 2931 2932 static int role_write(void *vkey, void *datum, void *ptr) 2933 { 2934 char *key = vkey; 2935 struct role_datum *role = datum; 2936 struct policy_data *pd = ptr; 2937 void *fp = pd->fp; 2938 struct policydb *p = pd->p; 2939 __le32 buf[3]; 2940 size_t items, len; 2941 int rc; 2942 2943 len = strlen(key); 2944 items = 0; 2945 buf[items++] = cpu_to_le32(len); 2946 buf[items++] = cpu_to_le32(role->value); 2947 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2948 buf[items++] = cpu_to_le32(role->bounds); 2949 2950 BUG_ON(items > ARRAY_SIZE(buf)); 2951 2952 rc = put_entry(buf, sizeof(u32), items, fp); 2953 if (rc) 2954 return rc; 2955 2956 rc = put_entry(key, 1, len, fp); 2957 if (rc) 2958 return rc; 2959 2960 rc = ebitmap_write(&role->dominates, fp); 2961 if (rc) 2962 return rc; 2963 2964 rc = ebitmap_write(&role->types, fp); 2965 if (rc) 2966 return rc; 2967 2968 return 0; 2969 } 2970 2971 static int type_write(void *vkey, void *datum, void *ptr) 2972 { 2973 char *key = vkey; 2974 struct type_datum *typdatum = datum; 2975 struct policy_data *pd = ptr; 2976 struct policydb *p = pd->p; 2977 void *fp = pd->fp; 2978 __le32 buf[4]; 2979 int rc; 2980 size_t items, len; 2981 2982 len = strlen(key); 2983 items = 0; 2984 buf[items++] = cpu_to_le32(len); 2985 buf[items++] = cpu_to_le32(typdatum->value); 2986 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2987 u32 properties = 0; 2988 2989 if (typdatum->primary) 2990 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2991 2992 if (typdatum->attribute) 2993 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2994 2995 buf[items++] = cpu_to_le32(properties); 2996 buf[items++] = cpu_to_le32(typdatum->bounds); 2997 } else { 2998 buf[items++] = cpu_to_le32(typdatum->primary); 2999 } 3000 BUG_ON(items > ARRAY_SIZE(buf)); 3001 rc = put_entry(buf, sizeof(u32), items, fp); 3002 if (rc) 3003 return rc; 3004 3005 rc = put_entry(key, 1, len, fp); 3006 if (rc) 3007 return rc; 3008 3009 return 0; 3010 } 3011 3012 static int user_write(void *vkey, void *datum, void *ptr) 3013 { 3014 char *key = vkey; 3015 struct user_datum *usrdatum = datum; 3016 struct policy_data *pd = ptr; 3017 struct policydb *p = pd->p; 3018 void *fp = pd->fp; 3019 __le32 buf[3]; 3020 size_t items, len; 3021 int rc; 3022 3023 len = strlen(key); 3024 items = 0; 3025 buf[items++] = cpu_to_le32(len); 3026 buf[items++] = cpu_to_le32(usrdatum->value); 3027 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3028 buf[items++] = cpu_to_le32(usrdatum->bounds); 3029 BUG_ON(items > ARRAY_SIZE(buf)); 3030 rc = put_entry(buf, sizeof(u32), items, fp); 3031 if (rc) 3032 return rc; 3033 3034 rc = put_entry(key, 1, len, fp); 3035 if (rc) 3036 return rc; 3037 3038 rc = ebitmap_write(&usrdatum->roles, fp); 3039 if (rc) 3040 return rc; 3041 3042 rc = mls_write_range_helper(&usrdatum->range, fp); 3043 if (rc) 3044 return rc; 3045 3046 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3047 if (rc) 3048 return rc; 3049 3050 return 0; 3051 } 3052 3053 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3054 void *datap) = 3055 { 3056 common_write, 3057 class_write, 3058 role_write, 3059 type_write, 3060 user_write, 3061 cond_write_bool, 3062 sens_write, 3063 cat_write, 3064 }; 3065 3066 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3067 void *fp) 3068 { 3069 unsigned int i, j, rc; 3070 size_t nel, len; 3071 __be64 prefixbuf[1]; 3072 __le32 buf[3]; 3073 u32 nodebuf[8]; 3074 struct ocontext *c; 3075 for (i = 0; i < info->ocon_num; i++) { 3076 nel = 0; 3077 for (c = p->ocontexts[i]; c; c = c->next) 3078 nel++; 3079 buf[0] = cpu_to_le32(nel); 3080 rc = put_entry(buf, sizeof(u32), 1, fp); 3081 if (rc) 3082 return rc; 3083 for (c = p->ocontexts[i]; c; c = c->next) { 3084 switch (i) { 3085 case OCON_ISID: 3086 buf[0] = cpu_to_le32(c->sid[0]); 3087 rc = put_entry(buf, sizeof(u32), 1, fp); 3088 if (rc) 3089 return rc; 3090 rc = context_write(p, &c->context[0], fp); 3091 if (rc) 3092 return rc; 3093 break; 3094 case OCON_FS: 3095 case OCON_NETIF: 3096 len = strlen(c->u.name); 3097 buf[0] = cpu_to_le32(len); 3098 rc = put_entry(buf, sizeof(u32), 1, fp); 3099 if (rc) 3100 return rc; 3101 rc = put_entry(c->u.name, 1, len, fp); 3102 if (rc) 3103 return rc; 3104 rc = context_write(p, &c->context[0], fp); 3105 if (rc) 3106 return rc; 3107 rc = context_write(p, &c->context[1], fp); 3108 if (rc) 3109 return rc; 3110 break; 3111 case OCON_PORT: 3112 buf[0] = cpu_to_le32(c->u.port.protocol); 3113 buf[1] = cpu_to_le32(c->u.port.low_port); 3114 buf[2] = cpu_to_le32(c->u.port.high_port); 3115 rc = put_entry(buf, sizeof(u32), 3, fp); 3116 if (rc) 3117 return rc; 3118 rc = context_write(p, &c->context[0], fp); 3119 if (rc) 3120 return rc; 3121 break; 3122 case OCON_NODE: 3123 nodebuf[0] = c->u.node.addr; /* network order */ 3124 nodebuf[1] = c->u.node.mask; /* network order */ 3125 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3126 if (rc) 3127 return rc; 3128 rc = context_write(p, &c->context[0], fp); 3129 if (rc) 3130 return rc; 3131 break; 3132 case OCON_FSUSE: 3133 buf[0] = cpu_to_le32(c->v.behavior); 3134 len = strlen(c->u.name); 3135 buf[1] = cpu_to_le32(len); 3136 rc = put_entry(buf, sizeof(u32), 2, fp); 3137 if (rc) 3138 return rc; 3139 rc = put_entry(c->u.name, 1, len, fp); 3140 if (rc) 3141 return rc; 3142 rc = context_write(p, &c->context[0], fp); 3143 if (rc) 3144 return rc; 3145 break; 3146 case OCON_NODE6: 3147 for (j = 0; j < 4; j++) 3148 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3149 for (j = 0; j < 4; j++) 3150 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3151 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3152 if (rc) 3153 return rc; 3154 rc = context_write(p, &c->context[0], fp); 3155 if (rc) 3156 return rc; 3157 break; 3158 case OCON_IBPKEY: 3159 /* subnet_prefix is in CPU order */ 3160 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3161 3162 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3163 if (rc) 3164 return rc; 3165 3166 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3167 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3168 3169 rc = put_entry(buf, sizeof(u32), 2, fp); 3170 if (rc) 3171 return rc; 3172 rc = context_write(p, &c->context[0], fp); 3173 if (rc) 3174 return rc; 3175 break; 3176 case OCON_IBENDPORT: 3177 len = strlen(c->u.ibendport.dev_name); 3178 buf[0] = cpu_to_le32(len); 3179 buf[1] = cpu_to_le32(c->u.ibendport.port); 3180 rc = put_entry(buf, sizeof(u32), 2, fp); 3181 if (rc) 3182 return rc; 3183 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3184 if (rc) 3185 return rc; 3186 rc = context_write(p, &c->context[0], fp); 3187 if (rc) 3188 return rc; 3189 break; 3190 } 3191 } 3192 } 3193 return 0; 3194 } 3195 3196 static int genfs_write(struct policydb *p, void *fp) 3197 { 3198 struct genfs *genfs; 3199 struct ocontext *c; 3200 size_t len; 3201 __le32 buf[1]; 3202 int rc; 3203 3204 len = 0; 3205 for (genfs = p->genfs; genfs; genfs = genfs->next) 3206 len++; 3207 buf[0] = cpu_to_le32(len); 3208 rc = put_entry(buf, sizeof(u32), 1, fp); 3209 if (rc) 3210 return rc; 3211 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3212 len = strlen(genfs->fstype); 3213 buf[0] = cpu_to_le32(len); 3214 rc = put_entry(buf, sizeof(u32), 1, fp); 3215 if (rc) 3216 return rc; 3217 rc = put_entry(genfs->fstype, 1, len, fp); 3218 if (rc) 3219 return rc; 3220 len = 0; 3221 for (c = genfs->head; c; c = c->next) 3222 len++; 3223 buf[0] = cpu_to_le32(len); 3224 rc = put_entry(buf, sizeof(u32), 1, fp); 3225 if (rc) 3226 return rc; 3227 for (c = genfs->head; c; c = c->next) { 3228 len = strlen(c->u.name); 3229 buf[0] = cpu_to_le32(len); 3230 rc = put_entry(buf, sizeof(u32), 1, fp); 3231 if (rc) 3232 return rc; 3233 rc = put_entry(c->u.name, 1, len, fp); 3234 if (rc) 3235 return rc; 3236 buf[0] = cpu_to_le32(c->v.sclass); 3237 rc = put_entry(buf, sizeof(u32), 1, fp); 3238 if (rc) 3239 return rc; 3240 rc = context_write(p, &c->context[0], fp); 3241 if (rc) 3242 return rc; 3243 } 3244 } 3245 return 0; 3246 } 3247 3248 static int hashtab_cnt(void *key, void *data, void *ptr) 3249 { 3250 int *cnt = ptr; 3251 *cnt = *cnt + 1; 3252 3253 return 0; 3254 } 3255 3256 static int range_write_helper(void *key, void *data, void *ptr) 3257 { 3258 __le32 buf[2]; 3259 struct range_trans *rt = key; 3260 struct mls_range *r = data; 3261 struct policy_data *pd = ptr; 3262 void *fp = pd->fp; 3263 struct policydb *p = pd->p; 3264 int rc; 3265 3266 buf[0] = cpu_to_le32(rt->source_type); 3267 buf[1] = cpu_to_le32(rt->target_type); 3268 rc = put_entry(buf, sizeof(u32), 2, fp); 3269 if (rc) 3270 return rc; 3271 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3272 buf[0] = cpu_to_le32(rt->target_class); 3273 rc = put_entry(buf, sizeof(u32), 1, fp); 3274 if (rc) 3275 return rc; 3276 } 3277 rc = mls_write_range_helper(r, fp); 3278 if (rc) 3279 return rc; 3280 3281 return 0; 3282 } 3283 3284 static int range_write(struct policydb *p, void *fp) 3285 { 3286 __le32 buf[1]; 3287 int rc, nel; 3288 struct policy_data pd; 3289 3290 pd.p = p; 3291 pd.fp = fp; 3292 3293 /* count the number of entries in the hashtab */ 3294 nel = 0; 3295 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3296 if (rc) 3297 return rc; 3298 3299 buf[0] = cpu_to_le32(nel); 3300 rc = put_entry(buf, sizeof(u32), 1, fp); 3301 if (rc) 3302 return rc; 3303 3304 /* actually write all of the entries */ 3305 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3306 if (rc) 3307 return rc; 3308 3309 return 0; 3310 } 3311 3312 static int filename_write_helper(void *key, void *data, void *ptr) 3313 { 3314 __le32 buf[4]; 3315 struct filename_trans *ft = key; 3316 struct filename_trans_datum *otype = data; 3317 void *fp = ptr; 3318 int rc; 3319 u32 len; 3320 3321 len = strlen(ft->name); 3322 buf[0] = cpu_to_le32(len); 3323 rc = put_entry(buf, sizeof(u32), 1, fp); 3324 if (rc) 3325 return rc; 3326 3327 rc = put_entry(ft->name, sizeof(char), len, fp); 3328 if (rc) 3329 return rc; 3330 3331 buf[0] = cpu_to_le32(ft->stype); 3332 buf[1] = cpu_to_le32(ft->ttype); 3333 buf[2] = cpu_to_le32(ft->tclass); 3334 buf[3] = cpu_to_le32(otype->otype); 3335 3336 rc = put_entry(buf, sizeof(u32), 4, fp); 3337 if (rc) 3338 return rc; 3339 3340 return 0; 3341 } 3342 3343 static int filename_trans_write(struct policydb *p, void *fp) 3344 { 3345 u32 nel; 3346 __le32 buf[1]; 3347 int rc; 3348 3349 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3350 return 0; 3351 3352 nel = 0; 3353 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3354 if (rc) 3355 return rc; 3356 3357 buf[0] = cpu_to_le32(nel); 3358 rc = put_entry(buf, sizeof(u32), 1, fp); 3359 if (rc) 3360 return rc; 3361 3362 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3363 if (rc) 3364 return rc; 3365 3366 return 0; 3367 } 3368 3369 /* 3370 * Write the configuration data in a policy database 3371 * structure to a policy database binary representation 3372 * file. 3373 */ 3374 int policydb_write(struct policydb *p, void *fp) 3375 { 3376 unsigned int i, num_syms; 3377 int rc; 3378 __le32 buf[4]; 3379 u32 config; 3380 size_t len; 3381 struct policydb_compat_info *info; 3382 3383 /* 3384 * refuse to write policy older than compressed avtab 3385 * to simplify the writer. There are other tests dropped 3386 * since we assume this throughout the writer code. Be 3387 * careful if you ever try to remove this restriction 3388 */ 3389 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3390 pr_err("SELinux: refusing to write policy version %d." 3391 " Because it is less than version %d\n", p->policyvers, 3392 POLICYDB_VERSION_AVTAB); 3393 return -EINVAL; 3394 } 3395 3396 config = 0; 3397 if (p->mls_enabled) 3398 config |= POLICYDB_CONFIG_MLS; 3399 3400 if (p->reject_unknown) 3401 config |= REJECT_UNKNOWN; 3402 if (p->allow_unknown) 3403 config |= ALLOW_UNKNOWN; 3404 3405 /* Write the magic number and string identifiers. */ 3406 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3407 len = strlen(POLICYDB_STRING); 3408 buf[1] = cpu_to_le32(len); 3409 rc = put_entry(buf, sizeof(u32), 2, fp); 3410 if (rc) 3411 return rc; 3412 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3413 if (rc) 3414 return rc; 3415 3416 /* Write the version, config, and table sizes. */ 3417 info = policydb_lookup_compat(p->policyvers); 3418 if (!info) { 3419 pr_err("SELinux: compatibility lookup failed for policy " 3420 "version %d", p->policyvers); 3421 return -EINVAL; 3422 } 3423 3424 buf[0] = cpu_to_le32(p->policyvers); 3425 buf[1] = cpu_to_le32(config); 3426 buf[2] = cpu_to_le32(info->sym_num); 3427 buf[3] = cpu_to_le32(info->ocon_num); 3428 3429 rc = put_entry(buf, sizeof(u32), 4, fp); 3430 if (rc) 3431 return rc; 3432 3433 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3434 rc = ebitmap_write(&p->policycaps, fp); 3435 if (rc) 3436 return rc; 3437 } 3438 3439 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3440 rc = ebitmap_write(&p->permissive_map, fp); 3441 if (rc) 3442 return rc; 3443 } 3444 3445 num_syms = info->sym_num; 3446 for (i = 0; i < num_syms; i++) { 3447 struct policy_data pd; 3448 3449 pd.fp = fp; 3450 pd.p = p; 3451 3452 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3453 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3454 3455 rc = put_entry(buf, sizeof(u32), 2, fp); 3456 if (rc) 3457 return rc; 3458 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3459 if (rc) 3460 return rc; 3461 } 3462 3463 rc = avtab_write(p, &p->te_avtab, fp); 3464 if (rc) 3465 return rc; 3466 3467 rc = cond_write_list(p, p->cond_list, fp); 3468 if (rc) 3469 return rc; 3470 3471 rc = role_trans_write(p, fp); 3472 if (rc) 3473 return rc; 3474 3475 rc = role_allow_write(p->role_allow, fp); 3476 if (rc) 3477 return rc; 3478 3479 rc = filename_trans_write(p, fp); 3480 if (rc) 3481 return rc; 3482 3483 rc = ocontext_write(p, info, fp); 3484 if (rc) 3485 return rc; 3486 3487 rc = genfs_write(p, fp); 3488 if (rc) 3489 return rc; 3490 3491 rc = range_write(p, fp); 3492 if (rc) 3493 return rc; 3494 3495 for (i = 0; i < p->p_types.nprim; i++) { 3496 struct ebitmap *e = &p->type_attr_map_array[i]; 3497 3498 rc = ebitmap_write(e, fp); 3499 if (rc) 3500 return rc; 3501 } 3502 3503 return 0; 3504 } 3505