1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #define _DEBUG_HASHES 45 46 #ifdef DEBUG_HASHES 47 static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56 }; 57 #endif 58 59 struct policydb_compat_info { 60 int version; 61 int sym_num; 62 int ocon_num; 63 }; 64 65 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 66 static struct policydb_compat_info policydb_compat[] = { 67 { 68 .version = POLICYDB_VERSION_BASE, 69 .sym_num = SYM_NUM - 3, 70 .ocon_num = OCON_NUM - 3, 71 }, 72 { 73 .version = POLICYDB_VERSION_BOOL, 74 .sym_num = SYM_NUM - 2, 75 .ocon_num = OCON_NUM - 3, 76 }, 77 { 78 .version = POLICYDB_VERSION_IPV6, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_NUM - 2, 81 }, 82 { 83 .version = POLICYDB_VERSION_NLCLASS, 84 .sym_num = SYM_NUM - 2, 85 .ocon_num = OCON_NUM - 2, 86 }, 87 { 88 .version = POLICYDB_VERSION_MLS, 89 .sym_num = SYM_NUM, 90 .ocon_num = OCON_NUM - 2, 91 }, 92 { 93 .version = POLICYDB_VERSION_AVTAB, 94 .sym_num = SYM_NUM, 95 .ocon_num = OCON_NUM - 2, 96 }, 97 { 98 .version = POLICYDB_VERSION_RANGETRANS, 99 .sym_num = SYM_NUM, 100 .ocon_num = OCON_NUM - 2, 101 }, 102 { 103 .version = POLICYDB_VERSION_POLCAP, 104 .sym_num = SYM_NUM, 105 .ocon_num = OCON_NUM - 2, 106 }, 107 { 108 .version = POLICYDB_VERSION_PERMISSIVE, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NUM - 2, 111 }, 112 { 113 .version = POLICYDB_VERSION_BOUNDARY, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NUM - 2, 116 }, 117 { 118 .version = POLICYDB_VERSION_FILENAME_TRANS, 119 .sym_num = SYM_NUM, 120 .ocon_num = OCON_NUM - 2, 121 }, 122 { 123 .version = POLICYDB_VERSION_ROLETRANS, 124 .sym_num = SYM_NUM, 125 .ocon_num = OCON_NUM - 2, 126 }, 127 { 128 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 129 .sym_num = SYM_NUM, 130 .ocon_num = OCON_NUM - 2, 131 }, 132 { 133 .version = POLICYDB_VERSION_DEFAULT_TYPE, 134 .sym_num = SYM_NUM, 135 .ocon_num = OCON_NUM - 2, 136 }, 137 { 138 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 139 .sym_num = SYM_NUM, 140 .ocon_num = OCON_NUM - 2, 141 }, 142 { 143 .version = POLICYDB_VERSION_XPERMS_IOCTL, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NUM - 2, 146 }, 147 { 148 .version = POLICYDB_VERSION_INFINIBAND, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NUM, 151 }, 152 { 153 .version = POLICYDB_VERSION_GLBLUB, 154 .sym_num = SYM_NUM, 155 .ocon_num = OCON_NUM, 156 }, 157 { 158 .version = POLICYDB_VERSION_COMP_FTRANS, 159 .sym_num = SYM_NUM, 160 .ocon_num = OCON_NUM, 161 }, 162 }; 163 164 static struct policydb_compat_info *policydb_lookup_compat(int version) 165 { 166 int i; 167 struct policydb_compat_info *info = NULL; 168 169 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 170 if (policydb_compat[i].version == version) { 171 info = &policydb_compat[i]; 172 break; 173 } 174 } 175 return info; 176 } 177 178 /* 179 * The following *_destroy functions are used to 180 * free any memory allocated for each kind of 181 * symbol data in the policy database. 182 */ 183 184 static int perm_destroy(void *key, void *datum, void *p) 185 { 186 kfree(key); 187 kfree(datum); 188 return 0; 189 } 190 191 static int common_destroy(void *key, void *datum, void *p) 192 { 193 struct common_datum *comdatum; 194 195 kfree(key); 196 if (datum) { 197 comdatum = datum; 198 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 199 hashtab_destroy(&comdatum->permissions.table); 200 } 201 kfree(datum); 202 return 0; 203 } 204 205 static void constraint_expr_destroy(struct constraint_expr *expr) 206 { 207 if (expr) { 208 ebitmap_destroy(&expr->names); 209 if (expr->type_names) { 210 ebitmap_destroy(&expr->type_names->types); 211 ebitmap_destroy(&expr->type_names->negset); 212 kfree(expr->type_names); 213 } 214 kfree(expr); 215 } 216 } 217 218 static int cls_destroy(void *key, void *datum, void *p) 219 { 220 struct class_datum *cladatum; 221 struct constraint_node *constraint, *ctemp; 222 struct constraint_expr *e, *etmp; 223 224 kfree(key); 225 if (datum) { 226 cladatum = datum; 227 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 228 hashtab_destroy(&cladatum->permissions.table); 229 constraint = cladatum->constraints; 230 while (constraint) { 231 e = constraint->expr; 232 while (e) { 233 etmp = e; 234 e = e->next; 235 constraint_expr_destroy(etmp); 236 } 237 ctemp = constraint; 238 constraint = constraint->next; 239 kfree(ctemp); 240 } 241 242 constraint = cladatum->validatetrans; 243 while (constraint) { 244 e = constraint->expr; 245 while (e) { 246 etmp = e; 247 e = e->next; 248 constraint_expr_destroy(etmp); 249 } 250 ctemp = constraint; 251 constraint = constraint->next; 252 kfree(ctemp); 253 } 254 kfree(cladatum->comkey); 255 } 256 kfree(datum); 257 return 0; 258 } 259 260 static int role_destroy(void *key, void *datum, void *p) 261 { 262 struct role_datum *role; 263 264 kfree(key); 265 if (datum) { 266 role = datum; 267 ebitmap_destroy(&role->dominates); 268 ebitmap_destroy(&role->types); 269 } 270 kfree(datum); 271 return 0; 272 } 273 274 static int type_destroy(void *key, void *datum, void *p) 275 { 276 kfree(key); 277 kfree(datum); 278 return 0; 279 } 280 281 static int user_destroy(void *key, void *datum, void *p) 282 { 283 struct user_datum *usrdatum; 284 285 kfree(key); 286 if (datum) { 287 usrdatum = datum; 288 ebitmap_destroy(&usrdatum->roles); 289 ebitmap_destroy(&usrdatum->range.level[0].cat); 290 ebitmap_destroy(&usrdatum->range.level[1].cat); 291 ebitmap_destroy(&usrdatum->dfltlevel.cat); 292 } 293 kfree(datum); 294 return 0; 295 } 296 297 static int sens_destroy(void *key, void *datum, void *p) 298 { 299 struct level_datum *levdatum; 300 301 kfree(key); 302 if (datum) { 303 levdatum = datum; 304 if (levdatum->level) 305 ebitmap_destroy(&levdatum->level->cat); 306 kfree(levdatum->level); 307 } 308 kfree(datum); 309 return 0; 310 } 311 312 static int cat_destroy(void *key, void *datum, void *p) 313 { 314 kfree(key); 315 kfree(datum); 316 return 0; 317 } 318 319 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 320 { 321 common_destroy, 322 cls_destroy, 323 role_destroy, 324 type_destroy, 325 user_destroy, 326 cond_destroy_bool, 327 sens_destroy, 328 cat_destroy, 329 }; 330 331 static int filenametr_destroy(void *key, void *datum, void *p) 332 { 333 struct filename_trans_key *ft = key; 334 struct filename_trans_datum *next, *d = datum; 335 336 kfree(ft->name); 337 kfree(key); 338 do { 339 ebitmap_destroy(&d->stypes); 340 next = d->next; 341 kfree(d); 342 d = next; 343 } while (unlikely(d)); 344 cond_resched(); 345 return 0; 346 } 347 348 static int range_tr_destroy(void *key, void *datum, void *p) 349 { 350 struct mls_range *rt = datum; 351 352 kfree(key); 353 ebitmap_destroy(&rt->level[0].cat); 354 ebitmap_destroy(&rt->level[1].cat); 355 kfree(datum); 356 cond_resched(); 357 return 0; 358 } 359 360 static int role_tr_destroy(void *key, void *datum, void *p) 361 { 362 kfree(key); 363 kfree(datum); 364 return 0; 365 } 366 367 static void ocontext_destroy(struct ocontext *c, int i) 368 { 369 if (!c) 370 return; 371 372 context_destroy(&c->context[0]); 373 context_destroy(&c->context[1]); 374 if (i == OCON_ISID || i == OCON_FS || 375 i == OCON_NETIF || i == OCON_FSUSE) 376 kfree(c->u.name); 377 kfree(c); 378 } 379 380 /* 381 * Initialize the role table. 382 */ 383 static int roles_init(struct policydb *p) 384 { 385 char *key = NULL; 386 int rc; 387 struct role_datum *role; 388 389 role = kzalloc(sizeof(*role), GFP_KERNEL); 390 if (!role) 391 return -ENOMEM; 392 393 rc = -EINVAL; 394 role->value = ++p->p_roles.nprim; 395 if (role->value != OBJECT_R_VAL) 396 goto out; 397 398 rc = -ENOMEM; 399 key = kstrdup(OBJECT_R, GFP_KERNEL); 400 if (!key) 401 goto out; 402 403 rc = symtab_insert(&p->p_roles, key, role); 404 if (rc) 405 goto out; 406 407 return 0; 408 out: 409 kfree(key); 410 kfree(role); 411 return rc; 412 } 413 414 static u32 filenametr_hash(const void *k) 415 { 416 const struct filename_trans_key *ft = k; 417 unsigned long hash; 418 unsigned int byte_num; 419 unsigned char focus; 420 421 hash = ft->ttype ^ ft->tclass; 422 423 byte_num = 0; 424 while ((focus = ft->name[byte_num++])) 425 hash = partial_name_hash(focus, hash); 426 return hash; 427 } 428 429 static int filenametr_cmp(const void *k1, const void *k2) 430 { 431 const struct filename_trans_key *ft1 = k1; 432 const struct filename_trans_key *ft2 = k2; 433 int v; 434 435 v = ft1->ttype - ft2->ttype; 436 if (v) 437 return v; 438 439 v = ft1->tclass - ft2->tclass; 440 if (v) 441 return v; 442 443 return strcmp(ft1->name, ft2->name); 444 445 } 446 447 static const struct hashtab_key_params filenametr_key_params = { 448 .hash = filenametr_hash, 449 .cmp = filenametr_cmp, 450 }; 451 452 struct filename_trans_datum *policydb_filenametr_search( 453 struct policydb *p, struct filename_trans_key *key) 454 { 455 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 456 } 457 458 static u32 rangetr_hash(const void *k) 459 { 460 const struct range_trans *key = k; 461 462 return key->source_type + (key->target_type << 3) + 463 (key->target_class << 5); 464 } 465 466 static int rangetr_cmp(const void *k1, const void *k2) 467 { 468 const struct range_trans *key1 = k1, *key2 = k2; 469 int v; 470 471 v = key1->source_type - key2->source_type; 472 if (v) 473 return v; 474 475 v = key1->target_type - key2->target_type; 476 if (v) 477 return v; 478 479 v = key1->target_class - key2->target_class; 480 481 return v; 482 } 483 484 static const struct hashtab_key_params rangetr_key_params = { 485 .hash = rangetr_hash, 486 .cmp = rangetr_cmp, 487 }; 488 489 struct mls_range *policydb_rangetr_search(struct policydb *p, 490 struct range_trans *key) 491 { 492 return hashtab_search(&p->range_tr, key, rangetr_key_params); 493 } 494 495 static u32 role_trans_hash(const void *k) 496 { 497 const struct role_trans_key *key = k; 498 499 return key->role + (key->type << 3) + (key->tclass << 5); 500 } 501 502 static int role_trans_cmp(const void *k1, const void *k2) 503 { 504 const struct role_trans_key *key1 = k1, *key2 = k2; 505 int v; 506 507 v = key1->role - key2->role; 508 if (v) 509 return v; 510 511 v = key1->type - key2->type; 512 if (v) 513 return v; 514 515 return key1->tclass - key2->tclass; 516 } 517 518 static const struct hashtab_key_params roletr_key_params = { 519 .hash = role_trans_hash, 520 .cmp = role_trans_cmp, 521 }; 522 523 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 524 struct role_trans_key *key) 525 { 526 return hashtab_search(&p->role_tr, key, roletr_key_params); 527 } 528 529 /* 530 * Initialize a policy database structure. 531 */ 532 static void policydb_init(struct policydb *p) 533 { 534 memset(p, 0, sizeof(*p)); 535 536 avtab_init(&p->te_avtab); 537 cond_policydb_init(p); 538 539 ebitmap_init(&p->filename_trans_ttypes); 540 ebitmap_init(&p->policycaps); 541 ebitmap_init(&p->permissive_map); 542 } 543 544 /* 545 * The following *_index functions are used to 546 * define the val_to_name and val_to_struct arrays 547 * in a policy database structure. The val_to_name 548 * arrays are used when converting security context 549 * structures into string representations. The 550 * val_to_struct arrays are used when the attributes 551 * of a class, role, or user are needed. 552 */ 553 554 static int common_index(void *key, void *datum, void *datap) 555 { 556 struct policydb *p; 557 struct common_datum *comdatum; 558 559 comdatum = datum; 560 p = datap; 561 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 562 return -EINVAL; 563 564 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 565 566 return 0; 567 } 568 569 static int class_index(void *key, void *datum, void *datap) 570 { 571 struct policydb *p; 572 struct class_datum *cladatum; 573 574 cladatum = datum; 575 p = datap; 576 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 577 return -EINVAL; 578 579 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 580 p->class_val_to_struct[cladatum->value - 1] = cladatum; 581 return 0; 582 } 583 584 static int role_index(void *key, void *datum, void *datap) 585 { 586 struct policydb *p; 587 struct role_datum *role; 588 589 role = datum; 590 p = datap; 591 if (!role->value 592 || role->value > p->p_roles.nprim 593 || role->bounds > p->p_roles.nprim) 594 return -EINVAL; 595 596 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 597 p->role_val_to_struct[role->value - 1] = role; 598 return 0; 599 } 600 601 static int type_index(void *key, void *datum, void *datap) 602 { 603 struct policydb *p; 604 struct type_datum *typdatum; 605 606 typdatum = datum; 607 p = datap; 608 609 if (typdatum->primary) { 610 if (!typdatum->value 611 || typdatum->value > p->p_types.nprim 612 || typdatum->bounds > p->p_types.nprim) 613 return -EINVAL; 614 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 615 p->type_val_to_struct[typdatum->value - 1] = typdatum; 616 } 617 618 return 0; 619 } 620 621 static int user_index(void *key, void *datum, void *datap) 622 { 623 struct policydb *p; 624 struct user_datum *usrdatum; 625 626 usrdatum = datum; 627 p = datap; 628 if (!usrdatum->value 629 || usrdatum->value > p->p_users.nprim 630 || usrdatum->bounds > p->p_users.nprim) 631 return -EINVAL; 632 633 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 634 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 635 return 0; 636 } 637 638 static int sens_index(void *key, void *datum, void *datap) 639 { 640 struct policydb *p; 641 struct level_datum *levdatum; 642 643 levdatum = datum; 644 p = datap; 645 646 if (!levdatum->isalias) { 647 if (!levdatum->level->sens || 648 levdatum->level->sens > p->p_levels.nprim) 649 return -EINVAL; 650 651 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 652 } 653 654 return 0; 655 } 656 657 static int cat_index(void *key, void *datum, void *datap) 658 { 659 struct policydb *p; 660 struct cat_datum *catdatum; 661 662 catdatum = datum; 663 p = datap; 664 665 if (!catdatum->isalias) { 666 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 667 return -EINVAL; 668 669 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 670 } 671 672 return 0; 673 } 674 675 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 676 { 677 common_index, 678 class_index, 679 role_index, 680 type_index, 681 user_index, 682 cond_index_bool, 683 sens_index, 684 cat_index, 685 }; 686 687 #ifdef DEBUG_HASHES 688 static void hash_eval(struct hashtab *h, const char *hash_name) 689 { 690 struct hashtab_info info; 691 692 hashtab_stat(h, &info); 693 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 694 hash_name, h->nel, info.slots_used, h->size, 695 info.max_chain_len); 696 } 697 698 static void symtab_hash_eval(struct symtab *s) 699 { 700 int i; 701 702 for (i = 0; i < SYM_NUM; i++) 703 hash_eval(&s[i].table, symtab_name[i]); 704 } 705 706 #else 707 static inline void hash_eval(struct hashtab *h, char *hash_name) 708 { 709 } 710 #endif 711 712 /* 713 * Define the other val_to_name and val_to_struct arrays 714 * in a policy database structure. 715 * 716 * Caller must clean up on failure. 717 */ 718 static int policydb_index(struct policydb *p) 719 { 720 int i, rc; 721 722 if (p->mls_enabled) 723 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 724 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 725 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 726 else 727 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 728 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 729 p->p_bools.nprim); 730 731 pr_debug("SELinux: %d classes, %d rules\n", 732 p->p_classes.nprim, p->te_avtab.nel); 733 734 #ifdef DEBUG_HASHES 735 avtab_hash_eval(&p->te_avtab, "rules"); 736 symtab_hash_eval(p->symtab); 737 #endif 738 739 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 740 sizeof(*p->class_val_to_struct), 741 GFP_KERNEL); 742 if (!p->class_val_to_struct) 743 return -ENOMEM; 744 745 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 746 sizeof(*p->role_val_to_struct), 747 GFP_KERNEL); 748 if (!p->role_val_to_struct) 749 return -ENOMEM; 750 751 p->user_val_to_struct = kcalloc(p->p_users.nprim, 752 sizeof(*p->user_val_to_struct), 753 GFP_KERNEL); 754 if (!p->user_val_to_struct) 755 return -ENOMEM; 756 757 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 758 sizeof(*p->type_val_to_struct), 759 GFP_KERNEL); 760 if (!p->type_val_to_struct) 761 return -ENOMEM; 762 763 rc = cond_init_bool_indexes(p); 764 if (rc) 765 goto out; 766 767 for (i = 0; i < SYM_NUM; i++) { 768 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 769 sizeof(char *), 770 GFP_KERNEL); 771 if (!p->sym_val_to_name[i]) 772 return -ENOMEM; 773 774 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 775 if (rc) 776 goto out; 777 } 778 rc = 0; 779 out: 780 return rc; 781 } 782 783 /* 784 * Free any memory allocated by a policy database structure. 785 */ 786 void policydb_destroy(struct policydb *p) 787 { 788 struct ocontext *c, *ctmp; 789 struct genfs *g, *gtmp; 790 int i; 791 struct role_allow *ra, *lra = NULL; 792 793 for (i = 0; i < SYM_NUM; i++) { 794 cond_resched(); 795 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 796 hashtab_destroy(&p->symtab[i].table); 797 } 798 799 for (i = 0; i < SYM_NUM; i++) 800 kvfree(p->sym_val_to_name[i]); 801 802 kfree(p->class_val_to_struct); 803 kfree(p->role_val_to_struct); 804 kfree(p->user_val_to_struct); 805 kvfree(p->type_val_to_struct); 806 807 avtab_destroy(&p->te_avtab); 808 809 for (i = 0; i < OCON_NUM; i++) { 810 cond_resched(); 811 c = p->ocontexts[i]; 812 while (c) { 813 ctmp = c; 814 c = c->next; 815 ocontext_destroy(ctmp, i); 816 } 817 p->ocontexts[i] = NULL; 818 } 819 820 g = p->genfs; 821 while (g) { 822 cond_resched(); 823 kfree(g->fstype); 824 c = g->head; 825 while (c) { 826 ctmp = c; 827 c = c->next; 828 ocontext_destroy(ctmp, OCON_FSUSE); 829 } 830 gtmp = g; 831 g = g->next; 832 kfree(gtmp); 833 } 834 p->genfs = NULL; 835 836 cond_policydb_destroy(p); 837 838 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 839 hashtab_destroy(&p->role_tr); 840 841 for (ra = p->role_allow; ra; ra = ra->next) { 842 cond_resched(); 843 kfree(lra); 844 lra = ra; 845 } 846 kfree(lra); 847 848 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 849 hashtab_destroy(&p->filename_trans); 850 851 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 852 hashtab_destroy(&p->range_tr); 853 854 if (p->type_attr_map_array) { 855 for (i = 0; i < p->p_types.nprim; i++) 856 ebitmap_destroy(&p->type_attr_map_array[i]); 857 kvfree(p->type_attr_map_array); 858 } 859 860 ebitmap_destroy(&p->filename_trans_ttypes); 861 ebitmap_destroy(&p->policycaps); 862 ebitmap_destroy(&p->permissive_map); 863 } 864 865 /* 866 * Load the initial SIDs specified in a policy database 867 * structure into a SID table. 868 */ 869 int policydb_load_isids(struct policydb *p, struct sidtab *s) 870 { 871 struct ocontext *head, *c; 872 int rc; 873 874 rc = sidtab_init(s); 875 if (rc) { 876 pr_err("SELinux: out of memory on SID table init\n"); 877 return rc; 878 } 879 880 head = p->ocontexts[OCON_ISID]; 881 for (c = head; c; c = c->next) { 882 u32 sid = c->sid[0]; 883 const char *name = security_get_initial_sid_context(sid); 884 885 if (sid == SECSID_NULL) { 886 pr_err("SELinux: SID 0 was assigned a context.\n"); 887 sidtab_destroy(s); 888 return -EINVAL; 889 } 890 891 /* Ignore initial SIDs unused by this kernel. */ 892 if (!name) 893 continue; 894 895 rc = sidtab_set_initial(s, sid, &c->context[0]); 896 if (rc) { 897 pr_err("SELinux: unable to load initial SID %s.\n", 898 name); 899 sidtab_destroy(s); 900 return rc; 901 } 902 } 903 return 0; 904 } 905 906 int policydb_class_isvalid(struct policydb *p, unsigned int class) 907 { 908 if (!class || class > p->p_classes.nprim) 909 return 0; 910 return 1; 911 } 912 913 int policydb_role_isvalid(struct policydb *p, unsigned int role) 914 { 915 if (!role || role > p->p_roles.nprim) 916 return 0; 917 return 1; 918 } 919 920 int policydb_type_isvalid(struct policydb *p, unsigned int type) 921 { 922 if (!type || type > p->p_types.nprim) 923 return 0; 924 return 1; 925 } 926 927 /* 928 * Return 1 if the fields in the security context 929 * structure `c' are valid. Return 0 otherwise. 930 */ 931 int policydb_context_isvalid(struct policydb *p, struct context *c) 932 { 933 struct role_datum *role; 934 struct user_datum *usrdatum; 935 936 if (!c->role || c->role > p->p_roles.nprim) 937 return 0; 938 939 if (!c->user || c->user > p->p_users.nprim) 940 return 0; 941 942 if (!c->type || c->type > p->p_types.nprim) 943 return 0; 944 945 if (c->role != OBJECT_R_VAL) { 946 /* 947 * Role must be authorized for the type. 948 */ 949 role = p->role_val_to_struct[c->role - 1]; 950 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 951 /* role may not be associated with type */ 952 return 0; 953 954 /* 955 * User must be authorized for the role. 956 */ 957 usrdatum = p->user_val_to_struct[c->user - 1]; 958 if (!usrdatum) 959 return 0; 960 961 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 962 /* user may not be associated with role */ 963 return 0; 964 } 965 966 if (!mls_context_isvalid(p, c)) 967 return 0; 968 969 return 1; 970 } 971 972 /* 973 * Read a MLS range structure from a policydb binary 974 * representation file. 975 */ 976 static int mls_read_range_helper(struct mls_range *r, void *fp) 977 { 978 __le32 buf[2]; 979 u32 items; 980 int rc; 981 982 rc = next_entry(buf, fp, sizeof(u32)); 983 if (rc) 984 goto out; 985 986 rc = -EINVAL; 987 items = le32_to_cpu(buf[0]); 988 if (items > ARRAY_SIZE(buf)) { 989 pr_err("SELinux: mls: range overflow\n"); 990 goto out; 991 } 992 993 rc = next_entry(buf, fp, sizeof(u32) * items); 994 if (rc) { 995 pr_err("SELinux: mls: truncated range\n"); 996 goto out; 997 } 998 999 r->level[0].sens = le32_to_cpu(buf[0]); 1000 if (items > 1) 1001 r->level[1].sens = le32_to_cpu(buf[1]); 1002 else 1003 r->level[1].sens = r->level[0].sens; 1004 1005 rc = ebitmap_read(&r->level[0].cat, fp); 1006 if (rc) { 1007 pr_err("SELinux: mls: error reading low categories\n"); 1008 goto out; 1009 } 1010 if (items > 1) { 1011 rc = ebitmap_read(&r->level[1].cat, fp); 1012 if (rc) { 1013 pr_err("SELinux: mls: error reading high categories\n"); 1014 goto bad_high; 1015 } 1016 } else { 1017 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1018 if (rc) { 1019 pr_err("SELinux: mls: out of memory\n"); 1020 goto bad_high; 1021 } 1022 } 1023 1024 return 0; 1025 bad_high: 1026 ebitmap_destroy(&r->level[0].cat); 1027 out: 1028 return rc; 1029 } 1030 1031 /* 1032 * Read and validate a security context structure 1033 * from a policydb binary representation file. 1034 */ 1035 static int context_read_and_validate(struct context *c, 1036 struct policydb *p, 1037 void *fp) 1038 { 1039 __le32 buf[3]; 1040 int rc; 1041 1042 rc = next_entry(buf, fp, sizeof buf); 1043 if (rc) { 1044 pr_err("SELinux: context truncated\n"); 1045 goto out; 1046 } 1047 c->user = le32_to_cpu(buf[0]); 1048 c->role = le32_to_cpu(buf[1]); 1049 c->type = le32_to_cpu(buf[2]); 1050 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1051 rc = mls_read_range_helper(&c->range, fp); 1052 if (rc) { 1053 pr_err("SELinux: error reading MLS range of context\n"); 1054 goto out; 1055 } 1056 } 1057 1058 rc = -EINVAL; 1059 if (!policydb_context_isvalid(p, c)) { 1060 pr_err("SELinux: invalid security context\n"); 1061 context_destroy(c); 1062 goto out; 1063 } 1064 rc = 0; 1065 out: 1066 return rc; 1067 } 1068 1069 /* 1070 * The following *_read functions are used to 1071 * read the symbol data from a policy database 1072 * binary representation file. 1073 */ 1074 1075 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1076 { 1077 int rc; 1078 char *str; 1079 1080 if ((len == 0) || (len == (u32)-1)) 1081 return -EINVAL; 1082 1083 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1084 if (!str) 1085 return -ENOMEM; 1086 1087 rc = next_entry(str, fp, len); 1088 if (rc) { 1089 kfree(str); 1090 return rc; 1091 } 1092 1093 str[len] = '\0'; 1094 *strp = str; 1095 return 0; 1096 } 1097 1098 static int perm_read(struct policydb *p, struct symtab *s, void *fp) 1099 { 1100 char *key = NULL; 1101 struct perm_datum *perdatum; 1102 int rc; 1103 __le32 buf[2]; 1104 u32 len; 1105 1106 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1107 if (!perdatum) 1108 return -ENOMEM; 1109 1110 rc = next_entry(buf, fp, sizeof buf); 1111 if (rc) 1112 goto bad; 1113 1114 len = le32_to_cpu(buf[0]); 1115 perdatum->value = le32_to_cpu(buf[1]); 1116 1117 rc = str_read(&key, GFP_KERNEL, fp, len); 1118 if (rc) 1119 goto bad; 1120 1121 rc = symtab_insert(s, key, perdatum); 1122 if (rc) 1123 goto bad; 1124 1125 return 0; 1126 bad: 1127 perm_destroy(key, perdatum, NULL); 1128 return rc; 1129 } 1130 1131 static int common_read(struct policydb *p, struct symtab *s, void *fp) 1132 { 1133 char *key = NULL; 1134 struct common_datum *comdatum; 1135 __le32 buf[4]; 1136 u32 len, nel; 1137 int i, rc; 1138 1139 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1140 if (!comdatum) 1141 return -ENOMEM; 1142 1143 rc = next_entry(buf, fp, sizeof buf); 1144 if (rc) 1145 goto bad; 1146 1147 len = le32_to_cpu(buf[0]); 1148 comdatum->value = le32_to_cpu(buf[1]); 1149 nel = le32_to_cpu(buf[3]); 1150 1151 rc = symtab_init(&comdatum->permissions, nel); 1152 if (rc) 1153 goto bad; 1154 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1155 1156 rc = str_read(&key, GFP_KERNEL, fp, len); 1157 if (rc) 1158 goto bad; 1159 1160 for (i = 0; i < nel; i++) { 1161 rc = perm_read(p, &comdatum->permissions, fp); 1162 if (rc) 1163 goto bad; 1164 } 1165 1166 rc = symtab_insert(s, key, comdatum); 1167 if (rc) 1168 goto bad; 1169 return 0; 1170 bad: 1171 common_destroy(key, comdatum, NULL); 1172 return rc; 1173 } 1174 1175 static void type_set_init(struct type_set *t) 1176 { 1177 ebitmap_init(&t->types); 1178 ebitmap_init(&t->negset); 1179 } 1180 1181 static int type_set_read(struct type_set *t, void *fp) 1182 { 1183 __le32 buf[1]; 1184 int rc; 1185 1186 if (ebitmap_read(&t->types, fp)) 1187 return -EINVAL; 1188 if (ebitmap_read(&t->negset, fp)) 1189 return -EINVAL; 1190 1191 rc = next_entry(buf, fp, sizeof(u32)); 1192 if (rc < 0) 1193 return -EINVAL; 1194 t->flags = le32_to_cpu(buf[0]); 1195 1196 return 0; 1197 } 1198 1199 1200 static int read_cons_helper(struct policydb *p, 1201 struct constraint_node **nodep, 1202 int ncons, int allowxtarget, void *fp) 1203 { 1204 struct constraint_node *c, *lc; 1205 struct constraint_expr *e, *le; 1206 __le32 buf[3]; 1207 u32 nexpr; 1208 int rc, i, j, depth; 1209 1210 lc = NULL; 1211 for (i = 0; i < ncons; i++) { 1212 c = kzalloc(sizeof(*c), GFP_KERNEL); 1213 if (!c) 1214 return -ENOMEM; 1215 1216 if (lc) 1217 lc->next = c; 1218 else 1219 *nodep = c; 1220 1221 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1222 if (rc) 1223 return rc; 1224 c->permissions = le32_to_cpu(buf[0]); 1225 nexpr = le32_to_cpu(buf[1]); 1226 le = NULL; 1227 depth = -1; 1228 for (j = 0; j < nexpr; j++) { 1229 e = kzalloc(sizeof(*e), GFP_KERNEL); 1230 if (!e) 1231 return -ENOMEM; 1232 1233 if (le) 1234 le->next = e; 1235 else 1236 c->expr = e; 1237 1238 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1239 if (rc) 1240 return rc; 1241 e->expr_type = le32_to_cpu(buf[0]); 1242 e->attr = le32_to_cpu(buf[1]); 1243 e->op = le32_to_cpu(buf[2]); 1244 1245 switch (e->expr_type) { 1246 case CEXPR_NOT: 1247 if (depth < 0) 1248 return -EINVAL; 1249 break; 1250 case CEXPR_AND: 1251 case CEXPR_OR: 1252 if (depth < 1) 1253 return -EINVAL; 1254 depth--; 1255 break; 1256 case CEXPR_ATTR: 1257 if (depth == (CEXPR_MAXDEPTH - 1)) 1258 return -EINVAL; 1259 depth++; 1260 break; 1261 case CEXPR_NAMES: 1262 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1263 return -EINVAL; 1264 if (depth == (CEXPR_MAXDEPTH - 1)) 1265 return -EINVAL; 1266 depth++; 1267 rc = ebitmap_read(&e->names, fp); 1268 if (rc) 1269 return rc; 1270 if (p->policyvers >= 1271 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1272 e->type_names = kzalloc(sizeof 1273 (*e->type_names), GFP_KERNEL); 1274 if (!e->type_names) 1275 return -ENOMEM; 1276 type_set_init(e->type_names); 1277 rc = type_set_read(e->type_names, fp); 1278 if (rc) 1279 return rc; 1280 } 1281 break; 1282 default: 1283 return -EINVAL; 1284 } 1285 le = e; 1286 } 1287 if (depth != 0) 1288 return -EINVAL; 1289 lc = c; 1290 } 1291 1292 return 0; 1293 } 1294 1295 static int class_read(struct policydb *p, struct symtab *s, void *fp) 1296 { 1297 char *key = NULL; 1298 struct class_datum *cladatum; 1299 __le32 buf[6]; 1300 u32 len, len2, ncons, nel; 1301 int i, rc; 1302 1303 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1304 if (!cladatum) 1305 return -ENOMEM; 1306 1307 rc = next_entry(buf, fp, sizeof(u32)*6); 1308 if (rc) 1309 goto bad; 1310 1311 len = le32_to_cpu(buf[0]); 1312 len2 = le32_to_cpu(buf[1]); 1313 cladatum->value = le32_to_cpu(buf[2]); 1314 nel = le32_to_cpu(buf[4]); 1315 1316 rc = symtab_init(&cladatum->permissions, nel); 1317 if (rc) 1318 goto bad; 1319 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1320 1321 ncons = le32_to_cpu(buf[5]); 1322 1323 rc = str_read(&key, GFP_KERNEL, fp, len); 1324 if (rc) 1325 goto bad; 1326 1327 if (len2) { 1328 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1329 if (rc) 1330 goto bad; 1331 1332 rc = -EINVAL; 1333 cladatum->comdatum = symtab_search(&p->p_commons, 1334 cladatum->comkey); 1335 if (!cladatum->comdatum) { 1336 pr_err("SELinux: unknown common %s\n", 1337 cladatum->comkey); 1338 goto bad; 1339 } 1340 } 1341 for (i = 0; i < nel; i++) { 1342 rc = perm_read(p, &cladatum->permissions, fp); 1343 if (rc) 1344 goto bad; 1345 } 1346 1347 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1348 if (rc) 1349 goto bad; 1350 1351 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1352 /* grab the validatetrans rules */ 1353 rc = next_entry(buf, fp, sizeof(u32)); 1354 if (rc) 1355 goto bad; 1356 ncons = le32_to_cpu(buf[0]); 1357 rc = read_cons_helper(p, &cladatum->validatetrans, 1358 ncons, 1, fp); 1359 if (rc) 1360 goto bad; 1361 } 1362 1363 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1364 rc = next_entry(buf, fp, sizeof(u32) * 3); 1365 if (rc) 1366 goto bad; 1367 1368 cladatum->default_user = le32_to_cpu(buf[0]); 1369 cladatum->default_role = le32_to_cpu(buf[1]); 1370 cladatum->default_range = le32_to_cpu(buf[2]); 1371 } 1372 1373 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1374 rc = next_entry(buf, fp, sizeof(u32) * 1); 1375 if (rc) 1376 goto bad; 1377 cladatum->default_type = le32_to_cpu(buf[0]); 1378 } 1379 1380 rc = symtab_insert(s, key, cladatum); 1381 if (rc) 1382 goto bad; 1383 1384 return 0; 1385 bad: 1386 cls_destroy(key, cladatum, NULL); 1387 return rc; 1388 } 1389 1390 static int role_read(struct policydb *p, struct symtab *s, void *fp) 1391 { 1392 char *key = NULL; 1393 struct role_datum *role; 1394 int rc, to_read = 2; 1395 __le32 buf[3]; 1396 u32 len; 1397 1398 role = kzalloc(sizeof(*role), GFP_KERNEL); 1399 if (!role) 1400 return -ENOMEM; 1401 1402 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1403 to_read = 3; 1404 1405 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1406 if (rc) 1407 goto bad; 1408 1409 len = le32_to_cpu(buf[0]); 1410 role->value = le32_to_cpu(buf[1]); 1411 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1412 role->bounds = le32_to_cpu(buf[2]); 1413 1414 rc = str_read(&key, GFP_KERNEL, fp, len); 1415 if (rc) 1416 goto bad; 1417 1418 rc = ebitmap_read(&role->dominates, fp); 1419 if (rc) 1420 goto bad; 1421 1422 rc = ebitmap_read(&role->types, fp); 1423 if (rc) 1424 goto bad; 1425 1426 if (strcmp(key, OBJECT_R) == 0) { 1427 rc = -EINVAL; 1428 if (role->value != OBJECT_R_VAL) { 1429 pr_err("SELinux: Role %s has wrong value %d\n", 1430 OBJECT_R, role->value); 1431 goto bad; 1432 } 1433 rc = 0; 1434 goto bad; 1435 } 1436 1437 rc = symtab_insert(s, key, role); 1438 if (rc) 1439 goto bad; 1440 return 0; 1441 bad: 1442 role_destroy(key, role, NULL); 1443 return rc; 1444 } 1445 1446 static int type_read(struct policydb *p, struct symtab *s, void *fp) 1447 { 1448 char *key = NULL; 1449 struct type_datum *typdatum; 1450 int rc, to_read = 3; 1451 __le32 buf[4]; 1452 u32 len; 1453 1454 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1455 if (!typdatum) 1456 return -ENOMEM; 1457 1458 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1459 to_read = 4; 1460 1461 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1462 if (rc) 1463 goto bad; 1464 1465 len = le32_to_cpu(buf[0]); 1466 typdatum->value = le32_to_cpu(buf[1]); 1467 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1468 u32 prop = le32_to_cpu(buf[2]); 1469 1470 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1471 typdatum->primary = 1; 1472 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1473 typdatum->attribute = 1; 1474 1475 typdatum->bounds = le32_to_cpu(buf[3]); 1476 } else { 1477 typdatum->primary = le32_to_cpu(buf[2]); 1478 } 1479 1480 rc = str_read(&key, GFP_KERNEL, fp, len); 1481 if (rc) 1482 goto bad; 1483 1484 rc = symtab_insert(s, key, typdatum); 1485 if (rc) 1486 goto bad; 1487 return 0; 1488 bad: 1489 type_destroy(key, typdatum, NULL); 1490 return rc; 1491 } 1492 1493 1494 /* 1495 * Read a MLS level structure from a policydb binary 1496 * representation file. 1497 */ 1498 static int mls_read_level(struct mls_level *lp, void *fp) 1499 { 1500 __le32 buf[1]; 1501 int rc; 1502 1503 memset(lp, 0, sizeof(*lp)); 1504 1505 rc = next_entry(buf, fp, sizeof buf); 1506 if (rc) { 1507 pr_err("SELinux: mls: truncated level\n"); 1508 return rc; 1509 } 1510 lp->sens = le32_to_cpu(buf[0]); 1511 1512 rc = ebitmap_read(&lp->cat, fp); 1513 if (rc) { 1514 pr_err("SELinux: mls: error reading level categories\n"); 1515 return rc; 1516 } 1517 return 0; 1518 } 1519 1520 static int user_read(struct policydb *p, struct symtab *s, void *fp) 1521 { 1522 char *key = NULL; 1523 struct user_datum *usrdatum; 1524 int rc, to_read = 2; 1525 __le32 buf[3]; 1526 u32 len; 1527 1528 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1529 if (!usrdatum) 1530 return -ENOMEM; 1531 1532 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1533 to_read = 3; 1534 1535 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1536 if (rc) 1537 goto bad; 1538 1539 len = le32_to_cpu(buf[0]); 1540 usrdatum->value = le32_to_cpu(buf[1]); 1541 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1542 usrdatum->bounds = le32_to_cpu(buf[2]); 1543 1544 rc = str_read(&key, GFP_KERNEL, fp, len); 1545 if (rc) 1546 goto bad; 1547 1548 rc = ebitmap_read(&usrdatum->roles, fp); 1549 if (rc) 1550 goto bad; 1551 1552 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1553 rc = mls_read_range_helper(&usrdatum->range, fp); 1554 if (rc) 1555 goto bad; 1556 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1557 if (rc) 1558 goto bad; 1559 } 1560 1561 rc = symtab_insert(s, key, usrdatum); 1562 if (rc) 1563 goto bad; 1564 return 0; 1565 bad: 1566 user_destroy(key, usrdatum, NULL); 1567 return rc; 1568 } 1569 1570 static int sens_read(struct policydb *p, struct symtab *s, void *fp) 1571 { 1572 char *key = NULL; 1573 struct level_datum *levdatum; 1574 int rc; 1575 __le32 buf[2]; 1576 u32 len; 1577 1578 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1579 if (!levdatum) 1580 return -ENOMEM; 1581 1582 rc = next_entry(buf, fp, sizeof buf); 1583 if (rc) 1584 goto bad; 1585 1586 len = le32_to_cpu(buf[0]); 1587 levdatum->isalias = le32_to_cpu(buf[1]); 1588 1589 rc = str_read(&key, GFP_ATOMIC, fp, len); 1590 if (rc) 1591 goto bad; 1592 1593 rc = -ENOMEM; 1594 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1595 if (!levdatum->level) 1596 goto bad; 1597 1598 rc = mls_read_level(levdatum->level, fp); 1599 if (rc) 1600 goto bad; 1601 1602 rc = symtab_insert(s, key, levdatum); 1603 if (rc) 1604 goto bad; 1605 return 0; 1606 bad: 1607 sens_destroy(key, levdatum, NULL); 1608 return rc; 1609 } 1610 1611 static int cat_read(struct policydb *p, struct symtab *s, void *fp) 1612 { 1613 char *key = NULL; 1614 struct cat_datum *catdatum; 1615 int rc; 1616 __le32 buf[3]; 1617 u32 len; 1618 1619 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1620 if (!catdatum) 1621 return -ENOMEM; 1622 1623 rc = next_entry(buf, fp, sizeof buf); 1624 if (rc) 1625 goto bad; 1626 1627 len = le32_to_cpu(buf[0]); 1628 catdatum->value = le32_to_cpu(buf[1]); 1629 catdatum->isalias = le32_to_cpu(buf[2]); 1630 1631 rc = str_read(&key, GFP_ATOMIC, fp, len); 1632 if (rc) 1633 goto bad; 1634 1635 rc = symtab_insert(s, key, catdatum); 1636 if (rc) 1637 goto bad; 1638 return 0; 1639 bad: 1640 cat_destroy(key, catdatum, NULL); 1641 return rc; 1642 } 1643 1644 static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) = 1645 { 1646 common_read, 1647 class_read, 1648 role_read, 1649 type_read, 1650 user_read, 1651 cond_read_bool, 1652 sens_read, 1653 cat_read, 1654 }; 1655 1656 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1657 { 1658 struct user_datum *upper, *user; 1659 struct policydb *p = datap; 1660 int depth = 0; 1661 1662 upper = user = datum; 1663 while (upper->bounds) { 1664 struct ebitmap_node *node; 1665 unsigned long bit; 1666 1667 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1668 pr_err("SELinux: user %s: " 1669 "too deep or looped boundary", 1670 (char *) key); 1671 return -EINVAL; 1672 } 1673 1674 upper = p->user_val_to_struct[upper->bounds - 1]; 1675 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1676 if (ebitmap_get_bit(&upper->roles, bit)) 1677 continue; 1678 1679 pr_err("SELinux: boundary violated policy: " 1680 "user=%s role=%s bounds=%s\n", 1681 sym_name(p, SYM_USERS, user->value - 1), 1682 sym_name(p, SYM_ROLES, bit), 1683 sym_name(p, SYM_USERS, upper->value - 1)); 1684 1685 return -EINVAL; 1686 } 1687 } 1688 1689 return 0; 1690 } 1691 1692 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1693 { 1694 struct role_datum *upper, *role; 1695 struct policydb *p = datap; 1696 int depth = 0; 1697 1698 upper = role = datum; 1699 while (upper->bounds) { 1700 struct ebitmap_node *node; 1701 unsigned long bit; 1702 1703 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1704 pr_err("SELinux: role %s: " 1705 "too deep or looped bounds\n", 1706 (char *) key); 1707 return -EINVAL; 1708 } 1709 1710 upper = p->role_val_to_struct[upper->bounds - 1]; 1711 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1712 if (ebitmap_get_bit(&upper->types, bit)) 1713 continue; 1714 1715 pr_err("SELinux: boundary violated policy: " 1716 "role=%s type=%s bounds=%s\n", 1717 sym_name(p, SYM_ROLES, role->value - 1), 1718 sym_name(p, SYM_TYPES, bit), 1719 sym_name(p, SYM_ROLES, upper->value - 1)); 1720 1721 return -EINVAL; 1722 } 1723 } 1724 1725 return 0; 1726 } 1727 1728 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1729 { 1730 struct type_datum *upper; 1731 struct policydb *p = datap; 1732 int depth = 0; 1733 1734 upper = datum; 1735 while (upper->bounds) { 1736 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1737 pr_err("SELinux: type %s: " 1738 "too deep or looped boundary\n", 1739 (char *) key); 1740 return -EINVAL; 1741 } 1742 1743 upper = p->type_val_to_struct[upper->bounds - 1]; 1744 BUG_ON(!upper); 1745 1746 if (upper->attribute) { 1747 pr_err("SELinux: type %s: " 1748 "bounded by attribute %s", 1749 (char *) key, 1750 sym_name(p, SYM_TYPES, upper->value - 1)); 1751 return -EINVAL; 1752 } 1753 } 1754 1755 return 0; 1756 } 1757 1758 static int policydb_bounds_sanity_check(struct policydb *p) 1759 { 1760 int rc; 1761 1762 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1763 return 0; 1764 1765 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1766 if (rc) 1767 return rc; 1768 1769 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1770 if (rc) 1771 return rc; 1772 1773 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1774 if (rc) 1775 return rc; 1776 1777 return 0; 1778 } 1779 1780 u16 string_to_security_class(struct policydb *p, const char *name) 1781 { 1782 struct class_datum *cladatum; 1783 1784 cladatum = symtab_search(&p->p_classes, name); 1785 if (!cladatum) 1786 return 0; 1787 1788 return cladatum->value; 1789 } 1790 1791 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1792 { 1793 struct class_datum *cladatum; 1794 struct perm_datum *perdatum = NULL; 1795 struct common_datum *comdatum; 1796 1797 if (!tclass || tclass > p->p_classes.nprim) 1798 return 0; 1799 1800 cladatum = p->class_val_to_struct[tclass-1]; 1801 comdatum = cladatum->comdatum; 1802 if (comdatum) 1803 perdatum = symtab_search(&comdatum->permissions, name); 1804 if (!perdatum) 1805 perdatum = symtab_search(&cladatum->permissions, name); 1806 if (!perdatum) 1807 return 0; 1808 1809 return 1U << (perdatum->value-1); 1810 } 1811 1812 static int range_read(struct policydb *p, void *fp) 1813 { 1814 struct range_trans *rt = NULL; 1815 struct mls_range *r = NULL; 1816 int i, rc; 1817 __le32 buf[2]; 1818 u32 nel; 1819 1820 if (p->policyvers < POLICYDB_VERSION_MLS) 1821 return 0; 1822 1823 rc = next_entry(buf, fp, sizeof(u32)); 1824 if (rc) 1825 return rc; 1826 1827 nel = le32_to_cpu(buf[0]); 1828 1829 rc = hashtab_init(&p->range_tr, nel); 1830 if (rc) 1831 return rc; 1832 1833 for (i = 0; i < nel; i++) { 1834 rc = -ENOMEM; 1835 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1836 if (!rt) 1837 goto out; 1838 1839 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1840 if (rc) 1841 goto out; 1842 1843 rt->source_type = le32_to_cpu(buf[0]); 1844 rt->target_type = le32_to_cpu(buf[1]); 1845 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1846 rc = next_entry(buf, fp, sizeof(u32)); 1847 if (rc) 1848 goto out; 1849 rt->target_class = le32_to_cpu(buf[0]); 1850 } else 1851 rt->target_class = p->process_class; 1852 1853 rc = -EINVAL; 1854 if (!policydb_type_isvalid(p, rt->source_type) || 1855 !policydb_type_isvalid(p, rt->target_type) || 1856 !policydb_class_isvalid(p, rt->target_class)) 1857 goto out; 1858 1859 rc = -ENOMEM; 1860 r = kzalloc(sizeof(*r), GFP_KERNEL); 1861 if (!r) 1862 goto out; 1863 1864 rc = mls_read_range_helper(r, fp); 1865 if (rc) 1866 goto out; 1867 1868 rc = -EINVAL; 1869 if (!mls_range_isvalid(p, r)) { 1870 pr_warn("SELinux: rangetrans: invalid range\n"); 1871 goto out; 1872 } 1873 1874 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1875 if (rc) 1876 goto out; 1877 1878 rt = NULL; 1879 r = NULL; 1880 } 1881 hash_eval(&p->range_tr, "rangetr"); 1882 rc = 0; 1883 out: 1884 kfree(rt); 1885 kfree(r); 1886 return rc; 1887 } 1888 1889 static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1890 { 1891 struct filename_trans_key key, *ft = NULL; 1892 struct filename_trans_datum *last, *datum = NULL; 1893 char *name = NULL; 1894 u32 len, stype, otype; 1895 __le32 buf[4]; 1896 int rc; 1897 1898 /* length of the path component string */ 1899 rc = next_entry(buf, fp, sizeof(u32)); 1900 if (rc) 1901 return rc; 1902 len = le32_to_cpu(buf[0]); 1903 1904 /* path component string */ 1905 rc = str_read(&name, GFP_KERNEL, fp, len); 1906 if (rc) 1907 return rc; 1908 1909 rc = next_entry(buf, fp, sizeof(u32) * 4); 1910 if (rc) 1911 goto out; 1912 1913 stype = le32_to_cpu(buf[0]); 1914 key.ttype = le32_to_cpu(buf[1]); 1915 key.tclass = le32_to_cpu(buf[2]); 1916 key.name = name; 1917 1918 otype = le32_to_cpu(buf[3]); 1919 1920 last = NULL; 1921 datum = policydb_filenametr_search(p, &key); 1922 while (datum) { 1923 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1924 /* conflicting/duplicate rules are ignored */ 1925 datum = NULL; 1926 goto out; 1927 } 1928 if (likely(datum->otype == otype)) 1929 break; 1930 last = datum; 1931 datum = datum->next; 1932 } 1933 if (!datum) { 1934 rc = -ENOMEM; 1935 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1936 if (!datum) 1937 goto out; 1938 1939 ebitmap_init(&datum->stypes); 1940 datum->otype = otype; 1941 datum->next = NULL; 1942 1943 if (unlikely(last)) { 1944 last->next = datum; 1945 } else { 1946 rc = -ENOMEM; 1947 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1948 if (!ft) 1949 goto out; 1950 1951 rc = hashtab_insert(&p->filename_trans, ft, datum, 1952 filenametr_key_params); 1953 if (rc) 1954 goto out; 1955 name = NULL; 1956 1957 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1958 key.ttype, 1); 1959 if (rc) 1960 return rc; 1961 } 1962 } 1963 kfree(name); 1964 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1965 1966 out: 1967 kfree(ft); 1968 kfree(name); 1969 kfree(datum); 1970 return rc; 1971 } 1972 1973 static int filename_trans_read_helper(struct policydb *p, void *fp) 1974 { 1975 struct filename_trans_key *ft = NULL; 1976 struct filename_trans_datum **dst, *datum, *first = NULL; 1977 char *name = NULL; 1978 u32 len, ttype, tclass, ndatum, i; 1979 __le32 buf[3]; 1980 int rc; 1981 1982 /* length of the path component string */ 1983 rc = next_entry(buf, fp, sizeof(u32)); 1984 if (rc) 1985 return rc; 1986 len = le32_to_cpu(buf[0]); 1987 1988 /* path component string */ 1989 rc = str_read(&name, GFP_KERNEL, fp, len); 1990 if (rc) 1991 return rc; 1992 1993 rc = next_entry(buf, fp, sizeof(u32) * 3); 1994 if (rc) 1995 goto out; 1996 1997 ttype = le32_to_cpu(buf[0]); 1998 tclass = le32_to_cpu(buf[1]); 1999 2000 ndatum = le32_to_cpu(buf[2]); 2001 if (ndatum == 0) { 2002 pr_err("SELinux: Filename transition key with no datum\n"); 2003 rc = -ENOENT; 2004 goto out; 2005 } 2006 2007 dst = &first; 2008 for (i = 0; i < ndatum; i++) { 2009 rc = -ENOMEM; 2010 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2011 if (!datum) 2012 goto out; 2013 2014 *dst = datum; 2015 2016 /* ebitmap_read() will at least init the bitmap */ 2017 rc = ebitmap_read(&datum->stypes, fp); 2018 if (rc) 2019 goto out; 2020 2021 rc = next_entry(buf, fp, sizeof(u32)); 2022 if (rc) 2023 goto out; 2024 2025 datum->otype = le32_to_cpu(buf[0]); 2026 datum->next = NULL; 2027 2028 dst = &datum->next; 2029 } 2030 2031 rc = -ENOMEM; 2032 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2033 if (!ft) 2034 goto out; 2035 2036 ft->ttype = ttype; 2037 ft->tclass = tclass; 2038 ft->name = name; 2039 2040 rc = hashtab_insert(&p->filename_trans, ft, first, 2041 filenametr_key_params); 2042 if (rc == -EEXIST) 2043 pr_err("SELinux: Duplicate filename transition key\n"); 2044 if (rc) 2045 goto out; 2046 2047 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2048 2049 out: 2050 kfree(ft); 2051 kfree(name); 2052 while (first) { 2053 datum = first; 2054 first = first->next; 2055 2056 ebitmap_destroy(&datum->stypes); 2057 kfree(datum); 2058 } 2059 return rc; 2060 } 2061 2062 static int filename_trans_read(struct policydb *p, void *fp) 2063 { 2064 u32 nel; 2065 __le32 buf[1]; 2066 int rc, i; 2067 2068 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2069 return 0; 2070 2071 rc = next_entry(buf, fp, sizeof(u32)); 2072 if (rc) 2073 return rc; 2074 nel = le32_to_cpu(buf[0]); 2075 2076 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2077 p->compat_filename_trans_count = nel; 2078 2079 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2080 if (rc) 2081 return rc; 2082 2083 for (i = 0; i < nel; i++) { 2084 rc = filename_trans_read_helper_compat(p, fp); 2085 if (rc) 2086 return rc; 2087 } 2088 } else { 2089 rc = hashtab_init(&p->filename_trans, nel); 2090 if (rc) 2091 return rc; 2092 2093 for (i = 0; i < nel; i++) { 2094 rc = filename_trans_read_helper(p, fp); 2095 if (rc) 2096 return rc; 2097 } 2098 } 2099 hash_eval(&p->filename_trans, "filenametr"); 2100 return 0; 2101 } 2102 2103 static int genfs_read(struct policydb *p, void *fp) 2104 { 2105 int i, j, rc; 2106 u32 nel, nel2, len, len2; 2107 __le32 buf[1]; 2108 struct ocontext *l, *c; 2109 struct ocontext *newc = NULL; 2110 struct genfs *genfs_p, *genfs; 2111 struct genfs *newgenfs = NULL; 2112 2113 rc = next_entry(buf, fp, sizeof(u32)); 2114 if (rc) 2115 return rc; 2116 nel = le32_to_cpu(buf[0]); 2117 2118 for (i = 0; i < nel; i++) { 2119 rc = next_entry(buf, fp, sizeof(u32)); 2120 if (rc) 2121 goto out; 2122 len = le32_to_cpu(buf[0]); 2123 2124 rc = -ENOMEM; 2125 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2126 if (!newgenfs) 2127 goto out; 2128 2129 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2130 if (rc) 2131 goto out; 2132 2133 for (genfs_p = NULL, genfs = p->genfs; genfs; 2134 genfs_p = genfs, genfs = genfs->next) { 2135 rc = -EINVAL; 2136 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2137 pr_err("SELinux: dup genfs fstype %s\n", 2138 newgenfs->fstype); 2139 goto out; 2140 } 2141 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2142 break; 2143 } 2144 newgenfs->next = genfs; 2145 if (genfs_p) 2146 genfs_p->next = newgenfs; 2147 else 2148 p->genfs = newgenfs; 2149 genfs = newgenfs; 2150 newgenfs = NULL; 2151 2152 rc = next_entry(buf, fp, sizeof(u32)); 2153 if (rc) 2154 goto out; 2155 2156 nel2 = le32_to_cpu(buf[0]); 2157 for (j = 0; j < nel2; j++) { 2158 rc = next_entry(buf, fp, sizeof(u32)); 2159 if (rc) 2160 goto out; 2161 len = le32_to_cpu(buf[0]); 2162 2163 rc = -ENOMEM; 2164 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2165 if (!newc) 2166 goto out; 2167 2168 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2169 if (rc) 2170 goto out; 2171 2172 rc = next_entry(buf, fp, sizeof(u32)); 2173 if (rc) 2174 goto out; 2175 2176 newc->v.sclass = le32_to_cpu(buf[0]); 2177 rc = context_read_and_validate(&newc->context[0], p, fp); 2178 if (rc) 2179 goto out; 2180 2181 for (l = NULL, c = genfs->head; c; 2182 l = c, c = c->next) { 2183 rc = -EINVAL; 2184 if (!strcmp(newc->u.name, c->u.name) && 2185 (!c->v.sclass || !newc->v.sclass || 2186 newc->v.sclass == c->v.sclass)) { 2187 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2188 genfs->fstype, c->u.name); 2189 goto out; 2190 } 2191 len = strlen(newc->u.name); 2192 len2 = strlen(c->u.name); 2193 if (len > len2) 2194 break; 2195 } 2196 2197 newc->next = c; 2198 if (l) 2199 l->next = newc; 2200 else 2201 genfs->head = newc; 2202 newc = NULL; 2203 } 2204 } 2205 rc = 0; 2206 out: 2207 if (newgenfs) { 2208 kfree(newgenfs->fstype); 2209 kfree(newgenfs); 2210 } 2211 ocontext_destroy(newc, OCON_FSUSE); 2212 2213 return rc; 2214 } 2215 2216 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2217 void *fp) 2218 { 2219 int i, j, rc; 2220 u32 nel, len; 2221 __be64 prefixbuf[1]; 2222 __le32 buf[3]; 2223 struct ocontext *l, *c; 2224 u32 nodebuf[8]; 2225 2226 for (i = 0; i < info->ocon_num; i++) { 2227 rc = next_entry(buf, fp, sizeof(u32)); 2228 if (rc) 2229 goto out; 2230 nel = le32_to_cpu(buf[0]); 2231 2232 l = NULL; 2233 for (j = 0; j < nel; j++) { 2234 rc = -ENOMEM; 2235 c = kzalloc(sizeof(*c), GFP_KERNEL); 2236 if (!c) 2237 goto out; 2238 if (l) 2239 l->next = c; 2240 else 2241 p->ocontexts[i] = c; 2242 l = c; 2243 2244 switch (i) { 2245 case OCON_ISID: 2246 rc = next_entry(buf, fp, sizeof(u32)); 2247 if (rc) 2248 goto out; 2249 2250 c->sid[0] = le32_to_cpu(buf[0]); 2251 rc = context_read_and_validate(&c->context[0], p, fp); 2252 if (rc) 2253 goto out; 2254 break; 2255 case OCON_FS: 2256 case OCON_NETIF: 2257 rc = next_entry(buf, fp, sizeof(u32)); 2258 if (rc) 2259 goto out; 2260 len = le32_to_cpu(buf[0]); 2261 2262 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2263 if (rc) 2264 goto out; 2265 2266 rc = context_read_and_validate(&c->context[0], p, fp); 2267 if (rc) 2268 goto out; 2269 rc = context_read_and_validate(&c->context[1], p, fp); 2270 if (rc) 2271 goto out; 2272 break; 2273 case OCON_PORT: 2274 rc = next_entry(buf, fp, sizeof(u32)*3); 2275 if (rc) 2276 goto out; 2277 c->u.port.protocol = le32_to_cpu(buf[0]); 2278 c->u.port.low_port = le32_to_cpu(buf[1]); 2279 c->u.port.high_port = le32_to_cpu(buf[2]); 2280 rc = context_read_and_validate(&c->context[0], p, fp); 2281 if (rc) 2282 goto out; 2283 break; 2284 case OCON_NODE: 2285 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2286 if (rc) 2287 goto out; 2288 c->u.node.addr = nodebuf[0]; /* network order */ 2289 c->u.node.mask = nodebuf[1]; /* network order */ 2290 rc = context_read_and_validate(&c->context[0], p, fp); 2291 if (rc) 2292 goto out; 2293 break; 2294 case OCON_FSUSE: 2295 rc = next_entry(buf, fp, sizeof(u32)*2); 2296 if (rc) 2297 goto out; 2298 2299 rc = -EINVAL; 2300 c->v.behavior = le32_to_cpu(buf[0]); 2301 /* Determined at runtime, not in policy DB. */ 2302 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2303 goto out; 2304 if (c->v.behavior > SECURITY_FS_USE_MAX) 2305 goto out; 2306 2307 len = le32_to_cpu(buf[1]); 2308 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2309 if (rc) 2310 goto out; 2311 2312 rc = context_read_and_validate(&c->context[0], p, fp); 2313 if (rc) 2314 goto out; 2315 break; 2316 case OCON_NODE6: { 2317 int k; 2318 2319 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2320 if (rc) 2321 goto out; 2322 for (k = 0; k < 4; k++) 2323 c->u.node6.addr[k] = nodebuf[k]; 2324 for (k = 0; k < 4; k++) 2325 c->u.node6.mask[k] = nodebuf[k+4]; 2326 rc = context_read_and_validate(&c->context[0], p, fp); 2327 if (rc) 2328 goto out; 2329 break; 2330 } 2331 case OCON_IBPKEY: { 2332 u32 pkey_lo, pkey_hi; 2333 2334 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2335 if (rc) 2336 goto out; 2337 2338 /* we need to have subnet_prefix in CPU order */ 2339 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2340 2341 rc = next_entry(buf, fp, sizeof(u32) * 2); 2342 if (rc) 2343 goto out; 2344 2345 pkey_lo = le32_to_cpu(buf[0]); 2346 pkey_hi = le32_to_cpu(buf[1]); 2347 2348 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2349 rc = -EINVAL; 2350 goto out; 2351 } 2352 2353 c->u.ibpkey.low_pkey = pkey_lo; 2354 c->u.ibpkey.high_pkey = pkey_hi; 2355 2356 rc = context_read_and_validate(&c->context[0], 2357 p, 2358 fp); 2359 if (rc) 2360 goto out; 2361 break; 2362 } 2363 case OCON_IBENDPORT: { 2364 u32 port; 2365 2366 rc = next_entry(buf, fp, sizeof(u32) * 2); 2367 if (rc) 2368 goto out; 2369 len = le32_to_cpu(buf[0]); 2370 2371 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2372 if (rc) 2373 goto out; 2374 2375 port = le32_to_cpu(buf[1]); 2376 if (port > U8_MAX || port == 0) { 2377 rc = -EINVAL; 2378 goto out; 2379 } 2380 2381 c->u.ibendport.port = port; 2382 2383 rc = context_read_and_validate(&c->context[0], 2384 p, 2385 fp); 2386 if (rc) 2387 goto out; 2388 break; 2389 } /* end case */ 2390 } /* end switch */ 2391 } 2392 } 2393 rc = 0; 2394 out: 2395 return rc; 2396 } 2397 2398 /* 2399 * Read the configuration data from a policy database binary 2400 * representation file into a policy database structure. 2401 */ 2402 int policydb_read(struct policydb *p, void *fp) 2403 { 2404 struct role_allow *ra, *lra; 2405 struct role_trans_key *rtk = NULL; 2406 struct role_trans_datum *rtd = NULL; 2407 int i, j, rc; 2408 __le32 buf[4]; 2409 u32 len, nprim, nel, perm; 2410 2411 char *policydb_str; 2412 struct policydb_compat_info *info; 2413 2414 policydb_init(p); 2415 2416 /* Read the magic number and string length. */ 2417 rc = next_entry(buf, fp, sizeof(u32) * 2); 2418 if (rc) 2419 goto bad; 2420 2421 rc = -EINVAL; 2422 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2423 pr_err("SELinux: policydb magic number 0x%x does " 2424 "not match expected magic number 0x%x\n", 2425 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2426 goto bad; 2427 } 2428 2429 rc = -EINVAL; 2430 len = le32_to_cpu(buf[1]); 2431 if (len != strlen(POLICYDB_STRING)) { 2432 pr_err("SELinux: policydb string length %d does not " 2433 "match expected length %zu\n", 2434 len, strlen(POLICYDB_STRING)); 2435 goto bad; 2436 } 2437 2438 rc = -ENOMEM; 2439 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2440 if (!policydb_str) { 2441 pr_err("SELinux: unable to allocate memory for policydb " 2442 "string of length %d\n", len); 2443 goto bad; 2444 } 2445 2446 rc = next_entry(policydb_str, fp, len); 2447 if (rc) { 2448 pr_err("SELinux: truncated policydb string identifier\n"); 2449 kfree(policydb_str); 2450 goto bad; 2451 } 2452 2453 rc = -EINVAL; 2454 policydb_str[len] = '\0'; 2455 if (strcmp(policydb_str, POLICYDB_STRING)) { 2456 pr_err("SELinux: policydb string %s does not match " 2457 "my string %s\n", policydb_str, POLICYDB_STRING); 2458 kfree(policydb_str); 2459 goto bad; 2460 } 2461 /* Done with policydb_str. */ 2462 kfree(policydb_str); 2463 policydb_str = NULL; 2464 2465 /* Read the version and table sizes. */ 2466 rc = next_entry(buf, fp, sizeof(u32)*4); 2467 if (rc) 2468 goto bad; 2469 2470 rc = -EINVAL; 2471 p->policyvers = le32_to_cpu(buf[0]); 2472 if (p->policyvers < POLICYDB_VERSION_MIN || 2473 p->policyvers > POLICYDB_VERSION_MAX) { 2474 pr_err("SELinux: policydb version %d does not match " 2475 "my version range %d-%d\n", 2476 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2477 goto bad; 2478 } 2479 2480 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2481 p->mls_enabled = 1; 2482 2483 rc = -EINVAL; 2484 if (p->policyvers < POLICYDB_VERSION_MLS) { 2485 pr_err("SELinux: security policydb version %d " 2486 "(MLS) not backwards compatible\n", 2487 p->policyvers); 2488 goto bad; 2489 } 2490 } 2491 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2492 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2493 2494 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2495 rc = ebitmap_read(&p->policycaps, fp); 2496 if (rc) 2497 goto bad; 2498 } 2499 2500 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2501 rc = ebitmap_read(&p->permissive_map, fp); 2502 if (rc) 2503 goto bad; 2504 } 2505 2506 rc = -EINVAL; 2507 info = policydb_lookup_compat(p->policyvers); 2508 if (!info) { 2509 pr_err("SELinux: unable to find policy compat info " 2510 "for version %d\n", p->policyvers); 2511 goto bad; 2512 } 2513 2514 rc = -EINVAL; 2515 if (le32_to_cpu(buf[2]) != info->sym_num || 2516 le32_to_cpu(buf[3]) != info->ocon_num) { 2517 pr_err("SELinux: policydb table sizes (%d,%d) do " 2518 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2519 le32_to_cpu(buf[3]), 2520 info->sym_num, info->ocon_num); 2521 goto bad; 2522 } 2523 2524 for (i = 0; i < info->sym_num; i++) { 2525 rc = next_entry(buf, fp, sizeof(u32)*2); 2526 if (rc) 2527 goto bad; 2528 nprim = le32_to_cpu(buf[0]); 2529 nel = le32_to_cpu(buf[1]); 2530 2531 rc = symtab_init(&p->symtab[i], nel); 2532 if (rc) 2533 goto out; 2534 2535 if (i == SYM_ROLES) { 2536 rc = roles_init(p); 2537 if (rc) 2538 goto out; 2539 } 2540 2541 for (j = 0; j < nel; j++) { 2542 rc = read_f[i](p, &p->symtab[i], fp); 2543 if (rc) 2544 goto bad; 2545 } 2546 2547 p->symtab[i].nprim = nprim; 2548 } 2549 2550 rc = -EINVAL; 2551 p->process_class = string_to_security_class(p, "process"); 2552 if (!p->process_class) { 2553 pr_err("SELinux: process class is required, not defined in policy\n"); 2554 goto bad; 2555 } 2556 2557 rc = avtab_read(&p->te_avtab, fp, p); 2558 if (rc) 2559 goto bad; 2560 2561 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2562 rc = cond_read_list(p, fp); 2563 if (rc) 2564 goto bad; 2565 } 2566 2567 rc = next_entry(buf, fp, sizeof(u32)); 2568 if (rc) 2569 goto bad; 2570 nel = le32_to_cpu(buf[0]); 2571 2572 rc = hashtab_init(&p->role_tr, nel); 2573 if (rc) 2574 goto bad; 2575 for (i = 0; i < nel; i++) { 2576 rc = -ENOMEM; 2577 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2578 if (!rtk) 2579 goto bad; 2580 2581 rc = -ENOMEM; 2582 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2583 if (!rtd) 2584 goto bad; 2585 2586 rc = next_entry(buf, fp, sizeof(u32)*3); 2587 if (rc) 2588 goto bad; 2589 2590 rtk->role = le32_to_cpu(buf[0]); 2591 rtk->type = le32_to_cpu(buf[1]); 2592 rtd->new_role = le32_to_cpu(buf[2]); 2593 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2594 rc = next_entry(buf, fp, sizeof(u32)); 2595 if (rc) 2596 goto bad; 2597 rtk->tclass = le32_to_cpu(buf[0]); 2598 } else 2599 rtk->tclass = p->process_class; 2600 2601 rc = -EINVAL; 2602 if (!policydb_role_isvalid(p, rtk->role) || 2603 !policydb_type_isvalid(p, rtk->type) || 2604 !policydb_class_isvalid(p, rtk->tclass) || 2605 !policydb_role_isvalid(p, rtd->new_role)) 2606 goto bad; 2607 2608 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2609 if (rc) 2610 goto bad; 2611 2612 rtk = NULL; 2613 rtd = NULL; 2614 } 2615 2616 rc = next_entry(buf, fp, sizeof(u32)); 2617 if (rc) 2618 goto bad; 2619 nel = le32_to_cpu(buf[0]); 2620 lra = NULL; 2621 for (i = 0; i < nel; i++) { 2622 rc = -ENOMEM; 2623 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2624 if (!ra) 2625 goto bad; 2626 if (lra) 2627 lra->next = ra; 2628 else 2629 p->role_allow = ra; 2630 rc = next_entry(buf, fp, sizeof(u32)*2); 2631 if (rc) 2632 goto bad; 2633 2634 rc = -EINVAL; 2635 ra->role = le32_to_cpu(buf[0]); 2636 ra->new_role = le32_to_cpu(buf[1]); 2637 if (!policydb_role_isvalid(p, ra->role) || 2638 !policydb_role_isvalid(p, ra->new_role)) 2639 goto bad; 2640 lra = ra; 2641 } 2642 2643 rc = filename_trans_read(p, fp); 2644 if (rc) 2645 goto bad; 2646 2647 rc = policydb_index(p); 2648 if (rc) 2649 goto bad; 2650 2651 rc = -EINVAL; 2652 perm = string_to_av_perm(p, p->process_class, "transition"); 2653 if (!perm) { 2654 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2655 goto bad; 2656 } 2657 p->process_trans_perms = perm; 2658 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2659 if (!perm) { 2660 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2661 goto bad; 2662 } 2663 p->process_trans_perms |= perm; 2664 2665 rc = ocontext_read(p, info, fp); 2666 if (rc) 2667 goto bad; 2668 2669 rc = genfs_read(p, fp); 2670 if (rc) 2671 goto bad; 2672 2673 rc = range_read(p, fp); 2674 if (rc) 2675 goto bad; 2676 2677 rc = -ENOMEM; 2678 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2679 sizeof(*p->type_attr_map_array), 2680 GFP_KERNEL); 2681 if (!p->type_attr_map_array) 2682 goto bad; 2683 2684 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2685 for (i = 0; i < p->p_types.nprim; i++) 2686 ebitmap_init(&p->type_attr_map_array[i]); 2687 2688 for (i = 0; i < p->p_types.nprim; i++) { 2689 struct ebitmap *e = &p->type_attr_map_array[i]; 2690 2691 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2692 rc = ebitmap_read(e, fp); 2693 if (rc) 2694 goto bad; 2695 } 2696 /* add the type itself as the degenerate case */ 2697 rc = ebitmap_set_bit(e, i, 1); 2698 if (rc) 2699 goto bad; 2700 } 2701 2702 rc = policydb_bounds_sanity_check(p); 2703 if (rc) 2704 goto bad; 2705 2706 rc = 0; 2707 out: 2708 return rc; 2709 bad: 2710 kfree(rtk); 2711 kfree(rtd); 2712 policydb_destroy(p); 2713 goto out; 2714 } 2715 2716 /* 2717 * Write a MLS level structure to a policydb binary 2718 * representation file. 2719 */ 2720 static int mls_write_level(struct mls_level *l, void *fp) 2721 { 2722 __le32 buf[1]; 2723 int rc; 2724 2725 buf[0] = cpu_to_le32(l->sens); 2726 rc = put_entry(buf, sizeof(u32), 1, fp); 2727 if (rc) 2728 return rc; 2729 2730 rc = ebitmap_write(&l->cat, fp); 2731 if (rc) 2732 return rc; 2733 2734 return 0; 2735 } 2736 2737 /* 2738 * Write a MLS range structure to a policydb binary 2739 * representation file. 2740 */ 2741 static int mls_write_range_helper(struct mls_range *r, void *fp) 2742 { 2743 __le32 buf[3]; 2744 size_t items; 2745 int rc, eq; 2746 2747 eq = mls_level_eq(&r->level[1], &r->level[0]); 2748 2749 if (eq) 2750 items = 2; 2751 else 2752 items = 3; 2753 buf[0] = cpu_to_le32(items-1); 2754 buf[1] = cpu_to_le32(r->level[0].sens); 2755 if (!eq) 2756 buf[2] = cpu_to_le32(r->level[1].sens); 2757 2758 BUG_ON(items > ARRAY_SIZE(buf)); 2759 2760 rc = put_entry(buf, sizeof(u32), items, fp); 2761 if (rc) 2762 return rc; 2763 2764 rc = ebitmap_write(&r->level[0].cat, fp); 2765 if (rc) 2766 return rc; 2767 if (!eq) { 2768 rc = ebitmap_write(&r->level[1].cat, fp); 2769 if (rc) 2770 return rc; 2771 } 2772 2773 return 0; 2774 } 2775 2776 static int sens_write(void *vkey, void *datum, void *ptr) 2777 { 2778 char *key = vkey; 2779 struct level_datum *levdatum = datum; 2780 struct policy_data *pd = ptr; 2781 void *fp = pd->fp; 2782 __le32 buf[2]; 2783 size_t len; 2784 int rc; 2785 2786 len = strlen(key); 2787 buf[0] = cpu_to_le32(len); 2788 buf[1] = cpu_to_le32(levdatum->isalias); 2789 rc = put_entry(buf, sizeof(u32), 2, fp); 2790 if (rc) 2791 return rc; 2792 2793 rc = put_entry(key, 1, len, fp); 2794 if (rc) 2795 return rc; 2796 2797 rc = mls_write_level(levdatum->level, fp); 2798 if (rc) 2799 return rc; 2800 2801 return 0; 2802 } 2803 2804 static int cat_write(void *vkey, void *datum, void *ptr) 2805 { 2806 char *key = vkey; 2807 struct cat_datum *catdatum = datum; 2808 struct policy_data *pd = ptr; 2809 void *fp = pd->fp; 2810 __le32 buf[3]; 2811 size_t len; 2812 int rc; 2813 2814 len = strlen(key); 2815 buf[0] = cpu_to_le32(len); 2816 buf[1] = cpu_to_le32(catdatum->value); 2817 buf[2] = cpu_to_le32(catdatum->isalias); 2818 rc = put_entry(buf, sizeof(u32), 3, fp); 2819 if (rc) 2820 return rc; 2821 2822 rc = put_entry(key, 1, len, fp); 2823 if (rc) 2824 return rc; 2825 2826 return 0; 2827 } 2828 2829 static int role_trans_write_one(void *key, void *datum, void *ptr) 2830 { 2831 struct role_trans_key *rtk = key; 2832 struct role_trans_datum *rtd = datum; 2833 struct policy_data *pd = ptr; 2834 void *fp = pd->fp; 2835 struct policydb *p = pd->p; 2836 __le32 buf[3]; 2837 int rc; 2838 2839 buf[0] = cpu_to_le32(rtk->role); 2840 buf[1] = cpu_to_le32(rtk->type); 2841 buf[2] = cpu_to_le32(rtd->new_role); 2842 rc = put_entry(buf, sizeof(u32), 3, fp); 2843 if (rc) 2844 return rc; 2845 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2846 buf[0] = cpu_to_le32(rtk->tclass); 2847 rc = put_entry(buf, sizeof(u32), 1, fp); 2848 if (rc) 2849 return rc; 2850 } 2851 return 0; 2852 } 2853 2854 static int role_trans_write(struct policydb *p, void *fp) 2855 { 2856 struct policy_data pd = { .p = p, .fp = fp }; 2857 __le32 buf[1]; 2858 int rc; 2859 2860 buf[0] = cpu_to_le32(p->role_tr.nel); 2861 rc = put_entry(buf, sizeof(u32), 1, fp); 2862 if (rc) 2863 return rc; 2864 2865 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2866 } 2867 2868 static int role_allow_write(struct role_allow *r, void *fp) 2869 { 2870 struct role_allow *ra; 2871 __le32 buf[2]; 2872 size_t nel; 2873 int rc; 2874 2875 nel = 0; 2876 for (ra = r; ra; ra = ra->next) 2877 nel++; 2878 buf[0] = cpu_to_le32(nel); 2879 rc = put_entry(buf, sizeof(u32), 1, fp); 2880 if (rc) 2881 return rc; 2882 for (ra = r; ra; ra = ra->next) { 2883 buf[0] = cpu_to_le32(ra->role); 2884 buf[1] = cpu_to_le32(ra->new_role); 2885 rc = put_entry(buf, sizeof(u32), 2, fp); 2886 if (rc) 2887 return rc; 2888 } 2889 return 0; 2890 } 2891 2892 /* 2893 * Write a security context structure 2894 * to a policydb binary representation file. 2895 */ 2896 static int context_write(struct policydb *p, struct context *c, 2897 void *fp) 2898 { 2899 int rc; 2900 __le32 buf[3]; 2901 2902 buf[0] = cpu_to_le32(c->user); 2903 buf[1] = cpu_to_le32(c->role); 2904 buf[2] = cpu_to_le32(c->type); 2905 2906 rc = put_entry(buf, sizeof(u32), 3, fp); 2907 if (rc) 2908 return rc; 2909 2910 rc = mls_write_range_helper(&c->range, fp); 2911 if (rc) 2912 return rc; 2913 2914 return 0; 2915 } 2916 2917 /* 2918 * The following *_write functions are used to 2919 * write the symbol data to a policy database 2920 * binary representation file. 2921 */ 2922 2923 static int perm_write(void *vkey, void *datum, void *fp) 2924 { 2925 char *key = vkey; 2926 struct perm_datum *perdatum = datum; 2927 __le32 buf[2]; 2928 size_t len; 2929 int rc; 2930 2931 len = strlen(key); 2932 buf[0] = cpu_to_le32(len); 2933 buf[1] = cpu_to_le32(perdatum->value); 2934 rc = put_entry(buf, sizeof(u32), 2, fp); 2935 if (rc) 2936 return rc; 2937 2938 rc = put_entry(key, 1, len, fp); 2939 if (rc) 2940 return rc; 2941 2942 return 0; 2943 } 2944 2945 static int common_write(void *vkey, void *datum, void *ptr) 2946 { 2947 char *key = vkey; 2948 struct common_datum *comdatum = datum; 2949 struct policy_data *pd = ptr; 2950 void *fp = pd->fp; 2951 __le32 buf[4]; 2952 size_t len; 2953 int rc; 2954 2955 len = strlen(key); 2956 buf[0] = cpu_to_le32(len); 2957 buf[1] = cpu_to_le32(comdatum->value); 2958 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2959 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2960 rc = put_entry(buf, sizeof(u32), 4, fp); 2961 if (rc) 2962 return rc; 2963 2964 rc = put_entry(key, 1, len, fp); 2965 if (rc) 2966 return rc; 2967 2968 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 2969 if (rc) 2970 return rc; 2971 2972 return 0; 2973 } 2974 2975 static int type_set_write(struct type_set *t, void *fp) 2976 { 2977 int rc; 2978 __le32 buf[1]; 2979 2980 if (ebitmap_write(&t->types, fp)) 2981 return -EINVAL; 2982 if (ebitmap_write(&t->negset, fp)) 2983 return -EINVAL; 2984 2985 buf[0] = cpu_to_le32(t->flags); 2986 rc = put_entry(buf, sizeof(u32), 1, fp); 2987 if (rc) 2988 return -EINVAL; 2989 2990 return 0; 2991 } 2992 2993 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2994 void *fp) 2995 { 2996 struct constraint_node *c; 2997 struct constraint_expr *e; 2998 __le32 buf[3]; 2999 u32 nel; 3000 int rc; 3001 3002 for (c = node; c; c = c->next) { 3003 nel = 0; 3004 for (e = c->expr; e; e = e->next) 3005 nel++; 3006 buf[0] = cpu_to_le32(c->permissions); 3007 buf[1] = cpu_to_le32(nel); 3008 rc = put_entry(buf, sizeof(u32), 2, fp); 3009 if (rc) 3010 return rc; 3011 for (e = c->expr; e; e = e->next) { 3012 buf[0] = cpu_to_le32(e->expr_type); 3013 buf[1] = cpu_to_le32(e->attr); 3014 buf[2] = cpu_to_le32(e->op); 3015 rc = put_entry(buf, sizeof(u32), 3, fp); 3016 if (rc) 3017 return rc; 3018 3019 switch (e->expr_type) { 3020 case CEXPR_NAMES: 3021 rc = ebitmap_write(&e->names, fp); 3022 if (rc) 3023 return rc; 3024 if (p->policyvers >= 3025 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3026 rc = type_set_write(e->type_names, fp); 3027 if (rc) 3028 return rc; 3029 } 3030 break; 3031 default: 3032 break; 3033 } 3034 } 3035 } 3036 3037 return 0; 3038 } 3039 3040 static int class_write(void *vkey, void *datum, void *ptr) 3041 { 3042 char *key = vkey; 3043 struct class_datum *cladatum = datum; 3044 struct policy_data *pd = ptr; 3045 void *fp = pd->fp; 3046 struct policydb *p = pd->p; 3047 struct constraint_node *c; 3048 __le32 buf[6]; 3049 u32 ncons; 3050 size_t len, len2; 3051 int rc; 3052 3053 len = strlen(key); 3054 if (cladatum->comkey) 3055 len2 = strlen(cladatum->comkey); 3056 else 3057 len2 = 0; 3058 3059 ncons = 0; 3060 for (c = cladatum->constraints; c; c = c->next) 3061 ncons++; 3062 3063 buf[0] = cpu_to_le32(len); 3064 buf[1] = cpu_to_le32(len2); 3065 buf[2] = cpu_to_le32(cladatum->value); 3066 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3067 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3068 buf[5] = cpu_to_le32(ncons); 3069 rc = put_entry(buf, sizeof(u32), 6, fp); 3070 if (rc) 3071 return rc; 3072 3073 rc = put_entry(key, 1, len, fp); 3074 if (rc) 3075 return rc; 3076 3077 if (cladatum->comkey) { 3078 rc = put_entry(cladatum->comkey, 1, len2, fp); 3079 if (rc) 3080 return rc; 3081 } 3082 3083 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3084 if (rc) 3085 return rc; 3086 3087 rc = write_cons_helper(p, cladatum->constraints, fp); 3088 if (rc) 3089 return rc; 3090 3091 /* write out the validatetrans rule */ 3092 ncons = 0; 3093 for (c = cladatum->validatetrans; c; c = c->next) 3094 ncons++; 3095 3096 buf[0] = cpu_to_le32(ncons); 3097 rc = put_entry(buf, sizeof(u32), 1, fp); 3098 if (rc) 3099 return rc; 3100 3101 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3102 if (rc) 3103 return rc; 3104 3105 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3106 buf[0] = cpu_to_le32(cladatum->default_user); 3107 buf[1] = cpu_to_le32(cladatum->default_role); 3108 buf[2] = cpu_to_le32(cladatum->default_range); 3109 3110 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3111 if (rc) 3112 return rc; 3113 } 3114 3115 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3116 buf[0] = cpu_to_le32(cladatum->default_type); 3117 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3118 if (rc) 3119 return rc; 3120 } 3121 3122 return 0; 3123 } 3124 3125 static int role_write(void *vkey, void *datum, void *ptr) 3126 { 3127 char *key = vkey; 3128 struct role_datum *role = datum; 3129 struct policy_data *pd = ptr; 3130 void *fp = pd->fp; 3131 struct policydb *p = pd->p; 3132 __le32 buf[3]; 3133 size_t items, len; 3134 int rc; 3135 3136 len = strlen(key); 3137 items = 0; 3138 buf[items++] = cpu_to_le32(len); 3139 buf[items++] = cpu_to_le32(role->value); 3140 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3141 buf[items++] = cpu_to_le32(role->bounds); 3142 3143 BUG_ON(items > ARRAY_SIZE(buf)); 3144 3145 rc = put_entry(buf, sizeof(u32), items, fp); 3146 if (rc) 3147 return rc; 3148 3149 rc = put_entry(key, 1, len, fp); 3150 if (rc) 3151 return rc; 3152 3153 rc = ebitmap_write(&role->dominates, fp); 3154 if (rc) 3155 return rc; 3156 3157 rc = ebitmap_write(&role->types, fp); 3158 if (rc) 3159 return rc; 3160 3161 return 0; 3162 } 3163 3164 static int type_write(void *vkey, void *datum, void *ptr) 3165 { 3166 char *key = vkey; 3167 struct type_datum *typdatum = datum; 3168 struct policy_data *pd = ptr; 3169 struct policydb *p = pd->p; 3170 void *fp = pd->fp; 3171 __le32 buf[4]; 3172 int rc; 3173 size_t items, len; 3174 3175 len = strlen(key); 3176 items = 0; 3177 buf[items++] = cpu_to_le32(len); 3178 buf[items++] = cpu_to_le32(typdatum->value); 3179 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3180 u32 properties = 0; 3181 3182 if (typdatum->primary) 3183 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3184 3185 if (typdatum->attribute) 3186 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3187 3188 buf[items++] = cpu_to_le32(properties); 3189 buf[items++] = cpu_to_le32(typdatum->bounds); 3190 } else { 3191 buf[items++] = cpu_to_le32(typdatum->primary); 3192 } 3193 BUG_ON(items > ARRAY_SIZE(buf)); 3194 rc = put_entry(buf, sizeof(u32), items, fp); 3195 if (rc) 3196 return rc; 3197 3198 rc = put_entry(key, 1, len, fp); 3199 if (rc) 3200 return rc; 3201 3202 return 0; 3203 } 3204 3205 static int user_write(void *vkey, void *datum, void *ptr) 3206 { 3207 char *key = vkey; 3208 struct user_datum *usrdatum = datum; 3209 struct policy_data *pd = ptr; 3210 struct policydb *p = pd->p; 3211 void *fp = pd->fp; 3212 __le32 buf[3]; 3213 size_t items, len; 3214 int rc; 3215 3216 len = strlen(key); 3217 items = 0; 3218 buf[items++] = cpu_to_le32(len); 3219 buf[items++] = cpu_to_le32(usrdatum->value); 3220 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3221 buf[items++] = cpu_to_le32(usrdatum->bounds); 3222 BUG_ON(items > ARRAY_SIZE(buf)); 3223 rc = put_entry(buf, sizeof(u32), items, fp); 3224 if (rc) 3225 return rc; 3226 3227 rc = put_entry(key, 1, len, fp); 3228 if (rc) 3229 return rc; 3230 3231 rc = ebitmap_write(&usrdatum->roles, fp); 3232 if (rc) 3233 return rc; 3234 3235 rc = mls_write_range_helper(&usrdatum->range, fp); 3236 if (rc) 3237 return rc; 3238 3239 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3240 if (rc) 3241 return rc; 3242 3243 return 0; 3244 } 3245 3246 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3247 void *datap) = 3248 { 3249 common_write, 3250 class_write, 3251 role_write, 3252 type_write, 3253 user_write, 3254 cond_write_bool, 3255 sens_write, 3256 cat_write, 3257 }; 3258 3259 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3260 void *fp) 3261 { 3262 unsigned int i, j, rc; 3263 size_t nel, len; 3264 __be64 prefixbuf[1]; 3265 __le32 buf[3]; 3266 u32 nodebuf[8]; 3267 struct ocontext *c; 3268 for (i = 0; i < info->ocon_num; i++) { 3269 nel = 0; 3270 for (c = p->ocontexts[i]; c; c = c->next) 3271 nel++; 3272 buf[0] = cpu_to_le32(nel); 3273 rc = put_entry(buf, sizeof(u32), 1, fp); 3274 if (rc) 3275 return rc; 3276 for (c = p->ocontexts[i]; c; c = c->next) { 3277 switch (i) { 3278 case OCON_ISID: 3279 buf[0] = cpu_to_le32(c->sid[0]); 3280 rc = put_entry(buf, sizeof(u32), 1, fp); 3281 if (rc) 3282 return rc; 3283 rc = context_write(p, &c->context[0], fp); 3284 if (rc) 3285 return rc; 3286 break; 3287 case OCON_FS: 3288 case OCON_NETIF: 3289 len = strlen(c->u.name); 3290 buf[0] = cpu_to_le32(len); 3291 rc = put_entry(buf, sizeof(u32), 1, fp); 3292 if (rc) 3293 return rc; 3294 rc = put_entry(c->u.name, 1, len, fp); 3295 if (rc) 3296 return rc; 3297 rc = context_write(p, &c->context[0], fp); 3298 if (rc) 3299 return rc; 3300 rc = context_write(p, &c->context[1], fp); 3301 if (rc) 3302 return rc; 3303 break; 3304 case OCON_PORT: 3305 buf[0] = cpu_to_le32(c->u.port.protocol); 3306 buf[1] = cpu_to_le32(c->u.port.low_port); 3307 buf[2] = cpu_to_le32(c->u.port.high_port); 3308 rc = put_entry(buf, sizeof(u32), 3, fp); 3309 if (rc) 3310 return rc; 3311 rc = context_write(p, &c->context[0], fp); 3312 if (rc) 3313 return rc; 3314 break; 3315 case OCON_NODE: 3316 nodebuf[0] = c->u.node.addr; /* network order */ 3317 nodebuf[1] = c->u.node.mask; /* network order */ 3318 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3319 if (rc) 3320 return rc; 3321 rc = context_write(p, &c->context[0], fp); 3322 if (rc) 3323 return rc; 3324 break; 3325 case OCON_FSUSE: 3326 buf[0] = cpu_to_le32(c->v.behavior); 3327 len = strlen(c->u.name); 3328 buf[1] = cpu_to_le32(len); 3329 rc = put_entry(buf, sizeof(u32), 2, fp); 3330 if (rc) 3331 return rc; 3332 rc = put_entry(c->u.name, 1, len, fp); 3333 if (rc) 3334 return rc; 3335 rc = context_write(p, &c->context[0], fp); 3336 if (rc) 3337 return rc; 3338 break; 3339 case OCON_NODE6: 3340 for (j = 0; j < 4; j++) 3341 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3342 for (j = 0; j < 4; j++) 3343 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3344 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3345 if (rc) 3346 return rc; 3347 rc = context_write(p, &c->context[0], fp); 3348 if (rc) 3349 return rc; 3350 break; 3351 case OCON_IBPKEY: 3352 /* subnet_prefix is in CPU order */ 3353 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3354 3355 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3356 if (rc) 3357 return rc; 3358 3359 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3360 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3361 3362 rc = put_entry(buf, sizeof(u32), 2, fp); 3363 if (rc) 3364 return rc; 3365 rc = context_write(p, &c->context[0], fp); 3366 if (rc) 3367 return rc; 3368 break; 3369 case OCON_IBENDPORT: 3370 len = strlen(c->u.ibendport.dev_name); 3371 buf[0] = cpu_to_le32(len); 3372 buf[1] = cpu_to_le32(c->u.ibendport.port); 3373 rc = put_entry(buf, sizeof(u32), 2, fp); 3374 if (rc) 3375 return rc; 3376 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3377 if (rc) 3378 return rc; 3379 rc = context_write(p, &c->context[0], fp); 3380 if (rc) 3381 return rc; 3382 break; 3383 } 3384 } 3385 } 3386 return 0; 3387 } 3388 3389 static int genfs_write(struct policydb *p, void *fp) 3390 { 3391 struct genfs *genfs; 3392 struct ocontext *c; 3393 size_t len; 3394 __le32 buf[1]; 3395 int rc; 3396 3397 len = 0; 3398 for (genfs = p->genfs; genfs; genfs = genfs->next) 3399 len++; 3400 buf[0] = cpu_to_le32(len); 3401 rc = put_entry(buf, sizeof(u32), 1, fp); 3402 if (rc) 3403 return rc; 3404 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3405 len = strlen(genfs->fstype); 3406 buf[0] = cpu_to_le32(len); 3407 rc = put_entry(buf, sizeof(u32), 1, fp); 3408 if (rc) 3409 return rc; 3410 rc = put_entry(genfs->fstype, 1, len, fp); 3411 if (rc) 3412 return rc; 3413 len = 0; 3414 for (c = genfs->head; c; c = c->next) 3415 len++; 3416 buf[0] = cpu_to_le32(len); 3417 rc = put_entry(buf, sizeof(u32), 1, fp); 3418 if (rc) 3419 return rc; 3420 for (c = genfs->head; c; c = c->next) { 3421 len = strlen(c->u.name); 3422 buf[0] = cpu_to_le32(len); 3423 rc = put_entry(buf, sizeof(u32), 1, fp); 3424 if (rc) 3425 return rc; 3426 rc = put_entry(c->u.name, 1, len, fp); 3427 if (rc) 3428 return rc; 3429 buf[0] = cpu_to_le32(c->v.sclass); 3430 rc = put_entry(buf, sizeof(u32), 1, fp); 3431 if (rc) 3432 return rc; 3433 rc = context_write(p, &c->context[0], fp); 3434 if (rc) 3435 return rc; 3436 } 3437 } 3438 return 0; 3439 } 3440 3441 static int range_write_helper(void *key, void *data, void *ptr) 3442 { 3443 __le32 buf[2]; 3444 struct range_trans *rt = key; 3445 struct mls_range *r = data; 3446 struct policy_data *pd = ptr; 3447 void *fp = pd->fp; 3448 struct policydb *p = pd->p; 3449 int rc; 3450 3451 buf[0] = cpu_to_le32(rt->source_type); 3452 buf[1] = cpu_to_le32(rt->target_type); 3453 rc = put_entry(buf, sizeof(u32), 2, fp); 3454 if (rc) 3455 return rc; 3456 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3457 buf[0] = cpu_to_le32(rt->target_class); 3458 rc = put_entry(buf, sizeof(u32), 1, fp); 3459 if (rc) 3460 return rc; 3461 } 3462 rc = mls_write_range_helper(r, fp); 3463 if (rc) 3464 return rc; 3465 3466 return 0; 3467 } 3468 3469 static int range_write(struct policydb *p, void *fp) 3470 { 3471 __le32 buf[1]; 3472 int rc; 3473 struct policy_data pd; 3474 3475 pd.p = p; 3476 pd.fp = fp; 3477 3478 buf[0] = cpu_to_le32(p->range_tr.nel); 3479 rc = put_entry(buf, sizeof(u32), 1, fp); 3480 if (rc) 3481 return rc; 3482 3483 /* actually write all of the entries */ 3484 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3485 if (rc) 3486 return rc; 3487 3488 return 0; 3489 } 3490 3491 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3492 { 3493 struct filename_trans_key *ft = key; 3494 struct filename_trans_datum *datum = data; 3495 struct ebitmap_node *node; 3496 void *fp = ptr; 3497 __le32 buf[4]; 3498 int rc; 3499 u32 bit, len = strlen(ft->name); 3500 3501 do { 3502 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3503 buf[0] = cpu_to_le32(len); 3504 rc = put_entry(buf, sizeof(u32), 1, fp); 3505 if (rc) 3506 return rc; 3507 3508 rc = put_entry(ft->name, sizeof(char), len, fp); 3509 if (rc) 3510 return rc; 3511 3512 buf[0] = cpu_to_le32(bit + 1); 3513 buf[1] = cpu_to_le32(ft->ttype); 3514 buf[2] = cpu_to_le32(ft->tclass); 3515 buf[3] = cpu_to_le32(datum->otype); 3516 3517 rc = put_entry(buf, sizeof(u32), 4, fp); 3518 if (rc) 3519 return rc; 3520 } 3521 3522 datum = datum->next; 3523 } while (unlikely(datum)); 3524 3525 return 0; 3526 } 3527 3528 static int filename_write_helper(void *key, void *data, void *ptr) 3529 { 3530 struct filename_trans_key *ft = key; 3531 struct filename_trans_datum *datum; 3532 void *fp = ptr; 3533 __le32 buf[3]; 3534 int rc; 3535 u32 ndatum, len = strlen(ft->name); 3536 3537 buf[0] = cpu_to_le32(len); 3538 rc = put_entry(buf, sizeof(u32), 1, fp); 3539 if (rc) 3540 return rc; 3541 3542 rc = put_entry(ft->name, sizeof(char), len, fp); 3543 if (rc) 3544 return rc; 3545 3546 ndatum = 0; 3547 datum = data; 3548 do { 3549 ndatum++; 3550 datum = datum->next; 3551 } while (unlikely(datum)); 3552 3553 buf[0] = cpu_to_le32(ft->ttype); 3554 buf[1] = cpu_to_le32(ft->tclass); 3555 buf[2] = cpu_to_le32(ndatum); 3556 rc = put_entry(buf, sizeof(u32), 3, fp); 3557 if (rc) 3558 return rc; 3559 3560 datum = data; 3561 do { 3562 rc = ebitmap_write(&datum->stypes, fp); 3563 if (rc) 3564 return rc; 3565 3566 buf[0] = cpu_to_le32(datum->otype); 3567 rc = put_entry(buf, sizeof(u32), 1, fp); 3568 if (rc) 3569 return rc; 3570 3571 datum = datum->next; 3572 } while (unlikely(datum)); 3573 3574 return 0; 3575 } 3576 3577 static int filename_trans_write(struct policydb *p, void *fp) 3578 { 3579 __le32 buf[1]; 3580 int rc; 3581 3582 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3583 return 0; 3584 3585 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3586 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3587 rc = put_entry(buf, sizeof(u32), 1, fp); 3588 if (rc) 3589 return rc; 3590 3591 rc = hashtab_map(&p->filename_trans, 3592 filename_write_helper_compat, fp); 3593 } else { 3594 buf[0] = cpu_to_le32(p->filename_trans.nel); 3595 rc = put_entry(buf, sizeof(u32), 1, fp); 3596 if (rc) 3597 return rc; 3598 3599 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3600 } 3601 return rc; 3602 } 3603 3604 /* 3605 * Write the configuration data in a policy database 3606 * structure to a policy database binary representation 3607 * file. 3608 */ 3609 int policydb_write(struct policydb *p, void *fp) 3610 { 3611 unsigned int i, num_syms; 3612 int rc; 3613 __le32 buf[4]; 3614 u32 config; 3615 size_t len; 3616 struct policydb_compat_info *info; 3617 3618 /* 3619 * refuse to write policy older than compressed avtab 3620 * to simplify the writer. There are other tests dropped 3621 * since we assume this throughout the writer code. Be 3622 * careful if you ever try to remove this restriction 3623 */ 3624 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3625 pr_err("SELinux: refusing to write policy version %d." 3626 " Because it is less than version %d\n", p->policyvers, 3627 POLICYDB_VERSION_AVTAB); 3628 return -EINVAL; 3629 } 3630 3631 config = 0; 3632 if (p->mls_enabled) 3633 config |= POLICYDB_CONFIG_MLS; 3634 3635 if (p->reject_unknown) 3636 config |= REJECT_UNKNOWN; 3637 if (p->allow_unknown) 3638 config |= ALLOW_UNKNOWN; 3639 3640 /* Write the magic number and string identifiers. */ 3641 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3642 len = strlen(POLICYDB_STRING); 3643 buf[1] = cpu_to_le32(len); 3644 rc = put_entry(buf, sizeof(u32), 2, fp); 3645 if (rc) 3646 return rc; 3647 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3648 if (rc) 3649 return rc; 3650 3651 /* Write the version, config, and table sizes. */ 3652 info = policydb_lookup_compat(p->policyvers); 3653 if (!info) { 3654 pr_err("SELinux: compatibility lookup failed for policy " 3655 "version %d", p->policyvers); 3656 return -EINVAL; 3657 } 3658 3659 buf[0] = cpu_to_le32(p->policyvers); 3660 buf[1] = cpu_to_le32(config); 3661 buf[2] = cpu_to_le32(info->sym_num); 3662 buf[3] = cpu_to_le32(info->ocon_num); 3663 3664 rc = put_entry(buf, sizeof(u32), 4, fp); 3665 if (rc) 3666 return rc; 3667 3668 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3669 rc = ebitmap_write(&p->policycaps, fp); 3670 if (rc) 3671 return rc; 3672 } 3673 3674 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3675 rc = ebitmap_write(&p->permissive_map, fp); 3676 if (rc) 3677 return rc; 3678 } 3679 3680 num_syms = info->sym_num; 3681 for (i = 0; i < num_syms; i++) { 3682 struct policy_data pd; 3683 3684 pd.fp = fp; 3685 pd.p = p; 3686 3687 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3688 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3689 3690 rc = put_entry(buf, sizeof(u32), 2, fp); 3691 if (rc) 3692 return rc; 3693 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3694 if (rc) 3695 return rc; 3696 } 3697 3698 rc = avtab_write(p, &p->te_avtab, fp); 3699 if (rc) 3700 return rc; 3701 3702 rc = cond_write_list(p, fp); 3703 if (rc) 3704 return rc; 3705 3706 rc = role_trans_write(p, fp); 3707 if (rc) 3708 return rc; 3709 3710 rc = role_allow_write(p->role_allow, fp); 3711 if (rc) 3712 return rc; 3713 3714 rc = filename_trans_write(p, fp); 3715 if (rc) 3716 return rc; 3717 3718 rc = ocontext_write(p, info, fp); 3719 if (rc) 3720 return rc; 3721 3722 rc = genfs_write(p, fp); 3723 if (rc) 3724 return rc; 3725 3726 rc = range_write(p, fp); 3727 if (rc) 3728 return rc; 3729 3730 for (i = 0; i < p->p_types.nprim; i++) { 3731 struct ebitmap *e = &p->type_attr_map_array[i]; 3732 3733 rc = ebitmap_write(e, fp); 3734 if (rc) 3735 return rc; 3736 } 3737 3738 return 0; 3739 } 3740