1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 }; 147 148 static struct policydb_compat_info *policydb_lookup_compat(int version) 149 { 150 int i; 151 struct policydb_compat_info *info = NULL; 152 153 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 154 if (policydb_compat[i].version == version) { 155 info = &policydb_compat[i]; 156 break; 157 } 158 } 159 return info; 160 } 161 162 /* 163 * Initialize the role table. 164 */ 165 static int roles_init(struct policydb *p) 166 { 167 char *key = NULL; 168 int rc; 169 struct role_datum *role; 170 171 rc = -ENOMEM; 172 role = kzalloc(sizeof(*role), GFP_KERNEL); 173 if (!role) 174 goto out; 175 176 rc = -EINVAL; 177 role->value = ++p->p_roles.nprim; 178 if (role->value != OBJECT_R_VAL) 179 goto out; 180 181 rc = -ENOMEM; 182 key = kstrdup(OBJECT_R, GFP_KERNEL); 183 if (!key) 184 goto out; 185 186 rc = hashtab_insert(p->p_roles.table, key, role); 187 if (rc) 188 goto out; 189 190 return 0; 191 out: 192 kfree(key); 193 kfree(role); 194 return rc; 195 } 196 197 static u32 filenametr_hash(struct hashtab *h, const void *k) 198 { 199 const struct filename_trans *ft = k; 200 unsigned long hash; 201 unsigned int byte_num; 202 unsigned char focus; 203 204 hash = ft->stype ^ ft->ttype ^ ft->tclass; 205 206 byte_num = 0; 207 while ((focus = ft->name[byte_num++])) 208 hash = partial_name_hash(focus, hash); 209 return hash & (h->size - 1); 210 } 211 212 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 213 { 214 const struct filename_trans *ft1 = k1; 215 const struct filename_trans *ft2 = k2; 216 int v; 217 218 v = ft1->stype - ft2->stype; 219 if (v) 220 return v; 221 222 v = ft1->ttype - ft2->ttype; 223 if (v) 224 return v; 225 226 v = ft1->tclass - ft2->tclass; 227 if (v) 228 return v; 229 230 return strcmp(ft1->name, ft2->name); 231 232 } 233 234 static u32 rangetr_hash(struct hashtab *h, const void *k) 235 { 236 const struct range_trans *key = k; 237 return (key->source_type + (key->target_type << 3) + 238 (key->target_class << 5)) & (h->size - 1); 239 } 240 241 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 242 { 243 const struct range_trans *key1 = k1, *key2 = k2; 244 int v; 245 246 v = key1->source_type - key2->source_type; 247 if (v) 248 return v; 249 250 v = key1->target_type - key2->target_type; 251 if (v) 252 return v; 253 254 v = key1->target_class - key2->target_class; 255 256 return v; 257 } 258 259 /* 260 * Initialize a policy database structure. 261 */ 262 static int policydb_init(struct policydb *p) 263 { 264 int i, rc; 265 266 memset(p, 0, sizeof(*p)); 267 268 for (i = 0; i < SYM_NUM; i++) { 269 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 270 if (rc) 271 goto out; 272 } 273 274 rc = avtab_init(&p->te_avtab); 275 if (rc) 276 goto out; 277 278 rc = roles_init(p); 279 if (rc) 280 goto out; 281 282 rc = cond_policydb_init(p); 283 if (rc) 284 goto out; 285 286 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 287 if (!p->filename_trans) 288 goto out; 289 290 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 291 if (!p->range_tr) 292 goto out; 293 294 ebitmap_init(&p->filename_trans_ttypes); 295 ebitmap_init(&p->policycaps); 296 ebitmap_init(&p->permissive_map); 297 298 return 0; 299 out: 300 hashtab_destroy(p->filename_trans); 301 hashtab_destroy(p->range_tr); 302 for (i = 0; i < SYM_NUM; i++) 303 hashtab_destroy(p->symtab[i].table); 304 return rc; 305 } 306 307 /* 308 * The following *_index functions are used to 309 * define the val_to_name and val_to_struct arrays 310 * in a policy database structure. The val_to_name 311 * arrays are used when converting security context 312 * structures into string representations. The 313 * val_to_struct arrays are used when the attributes 314 * of a class, role, or user are needed. 315 */ 316 317 static int common_index(void *key, void *datum, void *datap) 318 { 319 struct policydb *p; 320 struct common_datum *comdatum; 321 struct flex_array *fa; 322 323 comdatum = datum; 324 p = datap; 325 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 326 return -EINVAL; 327 328 fa = p->sym_val_to_name[SYM_COMMONS]; 329 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 330 GFP_KERNEL | __GFP_ZERO)) 331 BUG(); 332 return 0; 333 } 334 335 static int class_index(void *key, void *datum, void *datap) 336 { 337 struct policydb *p; 338 struct class_datum *cladatum; 339 struct flex_array *fa; 340 341 cladatum = datum; 342 p = datap; 343 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 344 return -EINVAL; 345 fa = p->sym_val_to_name[SYM_CLASSES]; 346 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 347 GFP_KERNEL | __GFP_ZERO)) 348 BUG(); 349 p->class_val_to_struct[cladatum->value - 1] = cladatum; 350 return 0; 351 } 352 353 static int role_index(void *key, void *datum, void *datap) 354 { 355 struct policydb *p; 356 struct role_datum *role; 357 struct flex_array *fa; 358 359 role = datum; 360 p = datap; 361 if (!role->value 362 || role->value > p->p_roles.nprim 363 || role->bounds > p->p_roles.nprim) 364 return -EINVAL; 365 366 fa = p->sym_val_to_name[SYM_ROLES]; 367 if (flex_array_put_ptr(fa, role->value - 1, key, 368 GFP_KERNEL | __GFP_ZERO)) 369 BUG(); 370 p->role_val_to_struct[role->value - 1] = role; 371 return 0; 372 } 373 374 static int type_index(void *key, void *datum, void *datap) 375 { 376 struct policydb *p; 377 struct type_datum *typdatum; 378 struct flex_array *fa; 379 380 typdatum = datum; 381 p = datap; 382 383 if (typdatum->primary) { 384 if (!typdatum->value 385 || typdatum->value > p->p_types.nprim 386 || typdatum->bounds > p->p_types.nprim) 387 return -EINVAL; 388 fa = p->sym_val_to_name[SYM_TYPES]; 389 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 390 GFP_KERNEL | __GFP_ZERO)) 391 BUG(); 392 393 fa = p->type_val_to_struct_array; 394 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 395 GFP_KERNEL | __GFP_ZERO)) 396 BUG(); 397 } 398 399 return 0; 400 } 401 402 static int user_index(void *key, void *datum, void *datap) 403 { 404 struct policydb *p; 405 struct user_datum *usrdatum; 406 struct flex_array *fa; 407 408 usrdatum = datum; 409 p = datap; 410 if (!usrdatum->value 411 || usrdatum->value > p->p_users.nprim 412 || usrdatum->bounds > p->p_users.nprim) 413 return -EINVAL; 414 415 fa = p->sym_val_to_name[SYM_USERS]; 416 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 417 GFP_KERNEL | __GFP_ZERO)) 418 BUG(); 419 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 420 return 0; 421 } 422 423 static int sens_index(void *key, void *datum, void *datap) 424 { 425 struct policydb *p; 426 struct level_datum *levdatum; 427 struct flex_array *fa; 428 429 levdatum = datum; 430 p = datap; 431 432 if (!levdatum->isalias) { 433 if (!levdatum->level->sens || 434 levdatum->level->sens > p->p_levels.nprim) 435 return -EINVAL; 436 fa = p->sym_val_to_name[SYM_LEVELS]; 437 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 438 GFP_KERNEL | __GFP_ZERO)) 439 BUG(); 440 } 441 442 return 0; 443 } 444 445 static int cat_index(void *key, void *datum, void *datap) 446 { 447 struct policydb *p; 448 struct cat_datum *catdatum; 449 struct flex_array *fa; 450 451 catdatum = datum; 452 p = datap; 453 454 if (!catdatum->isalias) { 455 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 456 return -EINVAL; 457 fa = p->sym_val_to_name[SYM_CATS]; 458 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 459 GFP_KERNEL | __GFP_ZERO)) 460 BUG(); 461 } 462 463 return 0; 464 } 465 466 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 467 { 468 common_index, 469 class_index, 470 role_index, 471 type_index, 472 user_index, 473 cond_index_bool, 474 sens_index, 475 cat_index, 476 }; 477 478 #ifdef DEBUG_HASHES 479 static void hash_eval(struct hashtab *h, const char *hash_name) 480 { 481 struct hashtab_info info; 482 483 hashtab_stat(h, &info); 484 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 485 "longest chain length %d\n", hash_name, h->nel, 486 info.slots_used, h->size, info.max_chain_len); 487 } 488 489 static void symtab_hash_eval(struct symtab *s) 490 { 491 int i; 492 493 for (i = 0; i < SYM_NUM; i++) 494 hash_eval(s[i].table, symtab_name[i]); 495 } 496 497 #else 498 static inline void hash_eval(struct hashtab *h, char *hash_name) 499 { 500 } 501 #endif 502 503 /* 504 * Define the other val_to_name and val_to_struct arrays 505 * in a policy database structure. 506 * 507 * Caller must clean up on failure. 508 */ 509 static int policydb_index(struct policydb *p) 510 { 511 int i, rc; 512 513 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 514 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 515 if (p->mls_enabled) 516 printk(", %d sens, %d cats", p->p_levels.nprim, 517 p->p_cats.nprim); 518 printk("\n"); 519 520 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 521 p->p_classes.nprim, p->te_avtab.nel); 522 523 #ifdef DEBUG_HASHES 524 avtab_hash_eval(&p->te_avtab, "rules"); 525 symtab_hash_eval(p->symtab); 526 #endif 527 528 rc = -ENOMEM; 529 p->class_val_to_struct = 530 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 531 GFP_KERNEL); 532 if (!p->class_val_to_struct) 533 goto out; 534 535 rc = -ENOMEM; 536 p->role_val_to_struct = 537 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 538 GFP_KERNEL); 539 if (!p->role_val_to_struct) 540 goto out; 541 542 rc = -ENOMEM; 543 p->user_val_to_struct = 544 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 545 GFP_KERNEL); 546 if (!p->user_val_to_struct) 547 goto out; 548 549 /* Yes, I want the sizeof the pointer, not the structure */ 550 rc = -ENOMEM; 551 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 552 p->p_types.nprim, 553 GFP_KERNEL | __GFP_ZERO); 554 if (!p->type_val_to_struct_array) 555 goto out; 556 557 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 558 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 559 if (rc) 560 goto out; 561 562 rc = cond_init_bool_indexes(p); 563 if (rc) 564 goto out; 565 566 for (i = 0; i < SYM_NUM; i++) { 567 rc = -ENOMEM; 568 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 569 p->symtab[i].nprim, 570 GFP_KERNEL | __GFP_ZERO); 571 if (!p->sym_val_to_name[i]) 572 goto out; 573 574 rc = flex_array_prealloc(p->sym_val_to_name[i], 575 0, p->symtab[i].nprim, 576 GFP_KERNEL | __GFP_ZERO); 577 if (rc) 578 goto out; 579 580 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 581 if (rc) 582 goto out; 583 } 584 rc = 0; 585 out: 586 return rc; 587 } 588 589 /* 590 * The following *_destroy functions are used to 591 * free any memory allocated for each kind of 592 * symbol data in the policy database. 593 */ 594 595 static int perm_destroy(void *key, void *datum, void *p) 596 { 597 kfree(key); 598 kfree(datum); 599 return 0; 600 } 601 602 static int common_destroy(void *key, void *datum, void *p) 603 { 604 struct common_datum *comdatum; 605 606 kfree(key); 607 if (datum) { 608 comdatum = datum; 609 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 610 hashtab_destroy(comdatum->permissions.table); 611 } 612 kfree(datum); 613 return 0; 614 } 615 616 static int cls_destroy(void *key, void *datum, void *p) 617 { 618 struct class_datum *cladatum; 619 struct constraint_node *constraint, *ctemp; 620 struct constraint_expr *e, *etmp; 621 622 kfree(key); 623 if (datum) { 624 cladatum = datum; 625 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 626 hashtab_destroy(cladatum->permissions.table); 627 constraint = cladatum->constraints; 628 while (constraint) { 629 e = constraint->expr; 630 while (e) { 631 ebitmap_destroy(&e->names); 632 etmp = e; 633 e = e->next; 634 kfree(etmp); 635 } 636 ctemp = constraint; 637 constraint = constraint->next; 638 kfree(ctemp); 639 } 640 641 constraint = cladatum->validatetrans; 642 while (constraint) { 643 e = constraint->expr; 644 while (e) { 645 ebitmap_destroy(&e->names); 646 etmp = e; 647 e = e->next; 648 kfree(etmp); 649 } 650 ctemp = constraint; 651 constraint = constraint->next; 652 kfree(ctemp); 653 } 654 655 kfree(cladatum->comkey); 656 } 657 kfree(datum); 658 return 0; 659 } 660 661 static int role_destroy(void *key, void *datum, void *p) 662 { 663 struct role_datum *role; 664 665 kfree(key); 666 if (datum) { 667 role = datum; 668 ebitmap_destroy(&role->dominates); 669 ebitmap_destroy(&role->types); 670 } 671 kfree(datum); 672 return 0; 673 } 674 675 static int type_destroy(void *key, void *datum, void *p) 676 { 677 kfree(key); 678 kfree(datum); 679 return 0; 680 } 681 682 static int user_destroy(void *key, void *datum, void *p) 683 { 684 struct user_datum *usrdatum; 685 686 kfree(key); 687 if (datum) { 688 usrdatum = datum; 689 ebitmap_destroy(&usrdatum->roles); 690 ebitmap_destroy(&usrdatum->range.level[0].cat); 691 ebitmap_destroy(&usrdatum->range.level[1].cat); 692 ebitmap_destroy(&usrdatum->dfltlevel.cat); 693 } 694 kfree(datum); 695 return 0; 696 } 697 698 static int sens_destroy(void *key, void *datum, void *p) 699 { 700 struct level_datum *levdatum; 701 702 kfree(key); 703 if (datum) { 704 levdatum = datum; 705 ebitmap_destroy(&levdatum->level->cat); 706 kfree(levdatum->level); 707 } 708 kfree(datum); 709 return 0; 710 } 711 712 static int cat_destroy(void *key, void *datum, void *p) 713 { 714 kfree(key); 715 kfree(datum); 716 return 0; 717 } 718 719 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 720 { 721 common_destroy, 722 cls_destroy, 723 role_destroy, 724 type_destroy, 725 user_destroy, 726 cond_destroy_bool, 727 sens_destroy, 728 cat_destroy, 729 }; 730 731 static int filenametr_destroy(void *key, void *datum, void *p) 732 { 733 struct filename_trans *ft = key; 734 kfree(ft->name); 735 kfree(key); 736 kfree(datum); 737 cond_resched(); 738 return 0; 739 } 740 741 static int range_tr_destroy(void *key, void *datum, void *p) 742 { 743 struct mls_range *rt = datum; 744 kfree(key); 745 ebitmap_destroy(&rt->level[0].cat); 746 ebitmap_destroy(&rt->level[1].cat); 747 kfree(datum); 748 cond_resched(); 749 return 0; 750 } 751 752 static void ocontext_destroy(struct ocontext *c, int i) 753 { 754 if (!c) 755 return; 756 757 context_destroy(&c->context[0]); 758 context_destroy(&c->context[1]); 759 if (i == OCON_ISID || i == OCON_FS || 760 i == OCON_NETIF || i == OCON_FSUSE) 761 kfree(c->u.name); 762 kfree(c); 763 } 764 765 /* 766 * Free any memory allocated by a policy database structure. 767 */ 768 void policydb_destroy(struct policydb *p) 769 { 770 struct ocontext *c, *ctmp; 771 struct genfs *g, *gtmp; 772 int i; 773 struct role_allow *ra, *lra = NULL; 774 struct role_trans *tr, *ltr = NULL; 775 776 for (i = 0; i < SYM_NUM; i++) { 777 cond_resched(); 778 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 779 hashtab_destroy(p->symtab[i].table); 780 } 781 782 for (i = 0; i < SYM_NUM; i++) { 783 if (p->sym_val_to_name[i]) 784 flex_array_free(p->sym_val_to_name[i]); 785 } 786 787 kfree(p->class_val_to_struct); 788 kfree(p->role_val_to_struct); 789 kfree(p->user_val_to_struct); 790 if (p->type_val_to_struct_array) 791 flex_array_free(p->type_val_to_struct_array); 792 793 avtab_destroy(&p->te_avtab); 794 795 for (i = 0; i < OCON_NUM; i++) { 796 cond_resched(); 797 c = p->ocontexts[i]; 798 while (c) { 799 ctmp = c; 800 c = c->next; 801 ocontext_destroy(ctmp, i); 802 } 803 p->ocontexts[i] = NULL; 804 } 805 806 g = p->genfs; 807 while (g) { 808 cond_resched(); 809 kfree(g->fstype); 810 c = g->head; 811 while (c) { 812 ctmp = c; 813 c = c->next; 814 ocontext_destroy(ctmp, OCON_FSUSE); 815 } 816 gtmp = g; 817 g = g->next; 818 kfree(gtmp); 819 } 820 p->genfs = NULL; 821 822 cond_policydb_destroy(p); 823 824 for (tr = p->role_tr; tr; tr = tr->next) { 825 cond_resched(); 826 kfree(ltr); 827 ltr = tr; 828 } 829 kfree(ltr); 830 831 for (ra = p->role_allow; ra; ra = ra->next) { 832 cond_resched(); 833 kfree(lra); 834 lra = ra; 835 } 836 kfree(lra); 837 838 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 839 hashtab_destroy(p->filename_trans); 840 841 hashtab_map(p->range_tr, range_tr_destroy, NULL); 842 hashtab_destroy(p->range_tr); 843 844 if (p->type_attr_map_array) { 845 for (i = 0; i < p->p_types.nprim; i++) { 846 struct ebitmap *e; 847 848 e = flex_array_get(p->type_attr_map_array, i); 849 if (!e) 850 continue; 851 ebitmap_destroy(e); 852 } 853 flex_array_free(p->type_attr_map_array); 854 } 855 856 ebitmap_destroy(&p->filename_trans_ttypes); 857 ebitmap_destroy(&p->policycaps); 858 ebitmap_destroy(&p->permissive_map); 859 860 return; 861 } 862 863 /* 864 * Load the initial SIDs specified in a policy database 865 * structure into a SID table. 866 */ 867 int policydb_load_isids(struct policydb *p, struct sidtab *s) 868 { 869 struct ocontext *head, *c; 870 int rc; 871 872 rc = sidtab_init(s); 873 if (rc) { 874 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 875 goto out; 876 } 877 878 head = p->ocontexts[OCON_ISID]; 879 for (c = head; c; c = c->next) { 880 rc = -EINVAL; 881 if (!c->context[0].user) { 882 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 883 c->u.name); 884 goto out; 885 } 886 887 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 888 if (rc) { 889 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 890 c->u.name); 891 goto out; 892 } 893 } 894 rc = 0; 895 out: 896 return rc; 897 } 898 899 int policydb_class_isvalid(struct policydb *p, unsigned int class) 900 { 901 if (!class || class > p->p_classes.nprim) 902 return 0; 903 return 1; 904 } 905 906 int policydb_role_isvalid(struct policydb *p, unsigned int role) 907 { 908 if (!role || role > p->p_roles.nprim) 909 return 0; 910 return 1; 911 } 912 913 int policydb_type_isvalid(struct policydb *p, unsigned int type) 914 { 915 if (!type || type > p->p_types.nprim) 916 return 0; 917 return 1; 918 } 919 920 /* 921 * Return 1 if the fields in the security context 922 * structure `c' are valid. Return 0 otherwise. 923 */ 924 int policydb_context_isvalid(struct policydb *p, struct context *c) 925 { 926 struct role_datum *role; 927 struct user_datum *usrdatum; 928 929 if (!c->role || c->role > p->p_roles.nprim) 930 return 0; 931 932 if (!c->user || c->user > p->p_users.nprim) 933 return 0; 934 935 if (!c->type || c->type > p->p_types.nprim) 936 return 0; 937 938 if (c->role != OBJECT_R_VAL) { 939 /* 940 * Role must be authorized for the type. 941 */ 942 role = p->role_val_to_struct[c->role - 1]; 943 if (!ebitmap_get_bit(&role->types, c->type - 1)) 944 /* role may not be associated with type */ 945 return 0; 946 947 /* 948 * User must be authorized for the role. 949 */ 950 usrdatum = p->user_val_to_struct[c->user - 1]; 951 if (!usrdatum) 952 return 0; 953 954 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 955 /* user may not be associated with role */ 956 return 0; 957 } 958 959 if (!mls_context_isvalid(p, c)) 960 return 0; 961 962 return 1; 963 } 964 965 /* 966 * Read a MLS range structure from a policydb binary 967 * representation file. 968 */ 969 static int mls_read_range_helper(struct mls_range *r, void *fp) 970 { 971 __le32 buf[2]; 972 u32 items; 973 int rc; 974 975 rc = next_entry(buf, fp, sizeof(u32)); 976 if (rc) 977 goto out; 978 979 rc = -EINVAL; 980 items = le32_to_cpu(buf[0]); 981 if (items > ARRAY_SIZE(buf)) { 982 printk(KERN_ERR "SELinux: mls: range overflow\n"); 983 goto out; 984 } 985 986 rc = next_entry(buf, fp, sizeof(u32) * items); 987 if (rc) { 988 printk(KERN_ERR "SELinux: mls: truncated range\n"); 989 goto out; 990 } 991 992 r->level[0].sens = le32_to_cpu(buf[0]); 993 if (items > 1) 994 r->level[1].sens = le32_to_cpu(buf[1]); 995 else 996 r->level[1].sens = r->level[0].sens; 997 998 rc = ebitmap_read(&r->level[0].cat, fp); 999 if (rc) { 1000 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1001 goto out; 1002 } 1003 if (items > 1) { 1004 rc = ebitmap_read(&r->level[1].cat, fp); 1005 if (rc) { 1006 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1007 goto bad_high; 1008 } 1009 } else { 1010 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1011 if (rc) { 1012 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1013 goto bad_high; 1014 } 1015 } 1016 1017 return 0; 1018 bad_high: 1019 ebitmap_destroy(&r->level[0].cat); 1020 out: 1021 return rc; 1022 } 1023 1024 /* 1025 * Read and validate a security context structure 1026 * from a policydb binary representation file. 1027 */ 1028 static int context_read_and_validate(struct context *c, 1029 struct policydb *p, 1030 void *fp) 1031 { 1032 __le32 buf[3]; 1033 int rc; 1034 1035 rc = next_entry(buf, fp, sizeof buf); 1036 if (rc) { 1037 printk(KERN_ERR "SELinux: context truncated\n"); 1038 goto out; 1039 } 1040 c->user = le32_to_cpu(buf[0]); 1041 c->role = le32_to_cpu(buf[1]); 1042 c->type = le32_to_cpu(buf[2]); 1043 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1044 rc = mls_read_range_helper(&c->range, fp); 1045 if (rc) { 1046 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1047 goto out; 1048 } 1049 } 1050 1051 rc = -EINVAL; 1052 if (!policydb_context_isvalid(p, c)) { 1053 printk(KERN_ERR "SELinux: invalid security context\n"); 1054 context_destroy(c); 1055 goto out; 1056 } 1057 rc = 0; 1058 out: 1059 return rc; 1060 } 1061 1062 /* 1063 * The following *_read functions are used to 1064 * read the symbol data from a policy database 1065 * binary representation file. 1066 */ 1067 1068 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1069 { 1070 char *key = NULL; 1071 struct perm_datum *perdatum; 1072 int rc; 1073 __le32 buf[2]; 1074 u32 len; 1075 1076 rc = -ENOMEM; 1077 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1078 if (!perdatum) 1079 goto bad; 1080 1081 rc = next_entry(buf, fp, sizeof buf); 1082 if (rc) 1083 goto bad; 1084 1085 len = le32_to_cpu(buf[0]); 1086 perdatum->value = le32_to_cpu(buf[1]); 1087 1088 rc = -ENOMEM; 1089 key = kmalloc(len + 1, GFP_KERNEL); 1090 if (!key) 1091 goto bad; 1092 1093 rc = next_entry(key, fp, len); 1094 if (rc) 1095 goto bad; 1096 key[len] = '\0'; 1097 1098 rc = hashtab_insert(h, key, perdatum); 1099 if (rc) 1100 goto bad; 1101 1102 return 0; 1103 bad: 1104 perm_destroy(key, perdatum, NULL); 1105 return rc; 1106 } 1107 1108 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1109 { 1110 char *key = NULL; 1111 struct common_datum *comdatum; 1112 __le32 buf[4]; 1113 u32 len, nel; 1114 int i, rc; 1115 1116 rc = -ENOMEM; 1117 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1118 if (!comdatum) 1119 goto bad; 1120 1121 rc = next_entry(buf, fp, sizeof buf); 1122 if (rc) 1123 goto bad; 1124 1125 len = le32_to_cpu(buf[0]); 1126 comdatum->value = le32_to_cpu(buf[1]); 1127 1128 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1129 if (rc) 1130 goto bad; 1131 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1132 nel = le32_to_cpu(buf[3]); 1133 1134 rc = -ENOMEM; 1135 key = kmalloc(len + 1, GFP_KERNEL); 1136 if (!key) 1137 goto bad; 1138 1139 rc = next_entry(key, fp, len); 1140 if (rc) 1141 goto bad; 1142 key[len] = '\0'; 1143 1144 for (i = 0; i < nel; i++) { 1145 rc = perm_read(p, comdatum->permissions.table, fp); 1146 if (rc) 1147 goto bad; 1148 } 1149 1150 rc = hashtab_insert(h, key, comdatum); 1151 if (rc) 1152 goto bad; 1153 return 0; 1154 bad: 1155 common_destroy(key, comdatum, NULL); 1156 return rc; 1157 } 1158 1159 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1160 int allowxtarget, void *fp) 1161 { 1162 struct constraint_node *c, *lc; 1163 struct constraint_expr *e, *le; 1164 __le32 buf[3]; 1165 u32 nexpr; 1166 int rc, i, j, depth; 1167 1168 lc = NULL; 1169 for (i = 0; i < ncons; i++) { 1170 c = kzalloc(sizeof(*c), GFP_KERNEL); 1171 if (!c) 1172 return -ENOMEM; 1173 1174 if (lc) 1175 lc->next = c; 1176 else 1177 *nodep = c; 1178 1179 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1180 if (rc) 1181 return rc; 1182 c->permissions = le32_to_cpu(buf[0]); 1183 nexpr = le32_to_cpu(buf[1]); 1184 le = NULL; 1185 depth = -1; 1186 for (j = 0; j < nexpr; j++) { 1187 e = kzalloc(sizeof(*e), GFP_KERNEL); 1188 if (!e) 1189 return -ENOMEM; 1190 1191 if (le) 1192 le->next = e; 1193 else 1194 c->expr = e; 1195 1196 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1197 if (rc) 1198 return rc; 1199 e->expr_type = le32_to_cpu(buf[0]); 1200 e->attr = le32_to_cpu(buf[1]); 1201 e->op = le32_to_cpu(buf[2]); 1202 1203 switch (e->expr_type) { 1204 case CEXPR_NOT: 1205 if (depth < 0) 1206 return -EINVAL; 1207 break; 1208 case CEXPR_AND: 1209 case CEXPR_OR: 1210 if (depth < 1) 1211 return -EINVAL; 1212 depth--; 1213 break; 1214 case CEXPR_ATTR: 1215 if (depth == (CEXPR_MAXDEPTH - 1)) 1216 return -EINVAL; 1217 depth++; 1218 break; 1219 case CEXPR_NAMES: 1220 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1221 return -EINVAL; 1222 if (depth == (CEXPR_MAXDEPTH - 1)) 1223 return -EINVAL; 1224 depth++; 1225 rc = ebitmap_read(&e->names, fp); 1226 if (rc) 1227 return rc; 1228 break; 1229 default: 1230 return -EINVAL; 1231 } 1232 le = e; 1233 } 1234 if (depth != 0) 1235 return -EINVAL; 1236 lc = c; 1237 } 1238 1239 return 0; 1240 } 1241 1242 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1243 { 1244 char *key = NULL; 1245 struct class_datum *cladatum; 1246 __le32 buf[6]; 1247 u32 len, len2, ncons, nel; 1248 int i, rc; 1249 1250 rc = -ENOMEM; 1251 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1252 if (!cladatum) 1253 goto bad; 1254 1255 rc = next_entry(buf, fp, sizeof(u32)*6); 1256 if (rc) 1257 goto bad; 1258 1259 len = le32_to_cpu(buf[0]); 1260 len2 = le32_to_cpu(buf[1]); 1261 cladatum->value = le32_to_cpu(buf[2]); 1262 1263 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1264 if (rc) 1265 goto bad; 1266 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1267 nel = le32_to_cpu(buf[4]); 1268 1269 ncons = le32_to_cpu(buf[5]); 1270 1271 rc = -ENOMEM; 1272 key = kmalloc(len + 1, GFP_KERNEL); 1273 if (!key) 1274 goto bad; 1275 1276 rc = next_entry(key, fp, len); 1277 if (rc) 1278 goto bad; 1279 key[len] = '\0'; 1280 1281 if (len2) { 1282 rc = -ENOMEM; 1283 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1284 if (!cladatum->comkey) 1285 goto bad; 1286 rc = next_entry(cladatum->comkey, fp, len2); 1287 if (rc) 1288 goto bad; 1289 cladatum->comkey[len2] = '\0'; 1290 1291 rc = -EINVAL; 1292 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1293 if (!cladatum->comdatum) { 1294 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1295 goto bad; 1296 } 1297 } 1298 for (i = 0; i < nel; i++) { 1299 rc = perm_read(p, cladatum->permissions.table, fp); 1300 if (rc) 1301 goto bad; 1302 } 1303 1304 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1305 if (rc) 1306 goto bad; 1307 1308 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1309 /* grab the validatetrans rules */ 1310 rc = next_entry(buf, fp, sizeof(u32)); 1311 if (rc) 1312 goto bad; 1313 ncons = le32_to_cpu(buf[0]); 1314 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1315 if (rc) 1316 goto bad; 1317 } 1318 1319 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1320 rc = next_entry(buf, fp, sizeof(u32) * 3); 1321 if (rc) 1322 goto bad; 1323 1324 cladatum->default_user = le32_to_cpu(buf[0]); 1325 cladatum->default_role = le32_to_cpu(buf[1]); 1326 cladatum->default_range = le32_to_cpu(buf[2]); 1327 } 1328 1329 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1330 rc = next_entry(buf, fp, sizeof(u32) * 1); 1331 if (rc) 1332 goto bad; 1333 cladatum->default_type = le32_to_cpu(buf[0]); 1334 } 1335 1336 rc = hashtab_insert(h, key, cladatum); 1337 if (rc) 1338 goto bad; 1339 1340 return 0; 1341 bad: 1342 cls_destroy(key, cladatum, NULL); 1343 return rc; 1344 } 1345 1346 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1347 { 1348 char *key = NULL; 1349 struct role_datum *role; 1350 int rc, to_read = 2; 1351 __le32 buf[3]; 1352 u32 len; 1353 1354 rc = -ENOMEM; 1355 role = kzalloc(sizeof(*role), GFP_KERNEL); 1356 if (!role) 1357 goto bad; 1358 1359 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1360 to_read = 3; 1361 1362 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1363 if (rc) 1364 goto bad; 1365 1366 len = le32_to_cpu(buf[0]); 1367 role->value = le32_to_cpu(buf[1]); 1368 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1369 role->bounds = le32_to_cpu(buf[2]); 1370 1371 rc = -ENOMEM; 1372 key = kmalloc(len + 1, GFP_KERNEL); 1373 if (!key) 1374 goto bad; 1375 1376 rc = next_entry(key, fp, len); 1377 if (rc) 1378 goto bad; 1379 key[len] = '\0'; 1380 1381 rc = ebitmap_read(&role->dominates, fp); 1382 if (rc) 1383 goto bad; 1384 1385 rc = ebitmap_read(&role->types, fp); 1386 if (rc) 1387 goto bad; 1388 1389 if (strcmp(key, OBJECT_R) == 0) { 1390 rc = -EINVAL; 1391 if (role->value != OBJECT_R_VAL) { 1392 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1393 OBJECT_R, role->value); 1394 goto bad; 1395 } 1396 rc = 0; 1397 goto bad; 1398 } 1399 1400 rc = hashtab_insert(h, key, role); 1401 if (rc) 1402 goto bad; 1403 return 0; 1404 bad: 1405 role_destroy(key, role, NULL); 1406 return rc; 1407 } 1408 1409 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1410 { 1411 char *key = NULL; 1412 struct type_datum *typdatum; 1413 int rc, to_read = 3; 1414 __le32 buf[4]; 1415 u32 len; 1416 1417 rc = -ENOMEM; 1418 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1419 if (!typdatum) 1420 goto bad; 1421 1422 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1423 to_read = 4; 1424 1425 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1426 if (rc) 1427 goto bad; 1428 1429 len = le32_to_cpu(buf[0]); 1430 typdatum->value = le32_to_cpu(buf[1]); 1431 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1432 u32 prop = le32_to_cpu(buf[2]); 1433 1434 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1435 typdatum->primary = 1; 1436 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1437 typdatum->attribute = 1; 1438 1439 typdatum->bounds = le32_to_cpu(buf[3]); 1440 } else { 1441 typdatum->primary = le32_to_cpu(buf[2]); 1442 } 1443 1444 rc = -ENOMEM; 1445 key = kmalloc(len + 1, GFP_KERNEL); 1446 if (!key) 1447 goto bad; 1448 rc = next_entry(key, fp, len); 1449 if (rc) 1450 goto bad; 1451 key[len] = '\0'; 1452 1453 rc = hashtab_insert(h, key, typdatum); 1454 if (rc) 1455 goto bad; 1456 return 0; 1457 bad: 1458 type_destroy(key, typdatum, NULL); 1459 return rc; 1460 } 1461 1462 1463 /* 1464 * Read a MLS level structure from a policydb binary 1465 * representation file. 1466 */ 1467 static int mls_read_level(struct mls_level *lp, void *fp) 1468 { 1469 __le32 buf[1]; 1470 int rc; 1471 1472 memset(lp, 0, sizeof(*lp)); 1473 1474 rc = next_entry(buf, fp, sizeof buf); 1475 if (rc) { 1476 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1477 return rc; 1478 } 1479 lp->sens = le32_to_cpu(buf[0]); 1480 1481 rc = ebitmap_read(&lp->cat, fp); 1482 if (rc) { 1483 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1484 return rc; 1485 } 1486 return 0; 1487 } 1488 1489 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1490 { 1491 char *key = NULL; 1492 struct user_datum *usrdatum; 1493 int rc, to_read = 2; 1494 __le32 buf[3]; 1495 u32 len; 1496 1497 rc = -ENOMEM; 1498 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1499 if (!usrdatum) 1500 goto bad; 1501 1502 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1503 to_read = 3; 1504 1505 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1506 if (rc) 1507 goto bad; 1508 1509 len = le32_to_cpu(buf[0]); 1510 usrdatum->value = le32_to_cpu(buf[1]); 1511 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1512 usrdatum->bounds = le32_to_cpu(buf[2]); 1513 1514 rc = -ENOMEM; 1515 key = kmalloc(len + 1, GFP_KERNEL); 1516 if (!key) 1517 goto bad; 1518 rc = next_entry(key, fp, len); 1519 if (rc) 1520 goto bad; 1521 key[len] = '\0'; 1522 1523 rc = ebitmap_read(&usrdatum->roles, fp); 1524 if (rc) 1525 goto bad; 1526 1527 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1528 rc = mls_read_range_helper(&usrdatum->range, fp); 1529 if (rc) 1530 goto bad; 1531 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1532 if (rc) 1533 goto bad; 1534 } 1535 1536 rc = hashtab_insert(h, key, usrdatum); 1537 if (rc) 1538 goto bad; 1539 return 0; 1540 bad: 1541 user_destroy(key, usrdatum, NULL); 1542 return rc; 1543 } 1544 1545 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1546 { 1547 char *key = NULL; 1548 struct level_datum *levdatum; 1549 int rc; 1550 __le32 buf[2]; 1551 u32 len; 1552 1553 rc = -ENOMEM; 1554 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1555 if (!levdatum) 1556 goto bad; 1557 1558 rc = next_entry(buf, fp, sizeof buf); 1559 if (rc) 1560 goto bad; 1561 1562 len = le32_to_cpu(buf[0]); 1563 levdatum->isalias = le32_to_cpu(buf[1]); 1564 1565 rc = -ENOMEM; 1566 key = kmalloc(len + 1, GFP_ATOMIC); 1567 if (!key) 1568 goto bad; 1569 rc = next_entry(key, fp, len); 1570 if (rc) 1571 goto bad; 1572 key[len] = '\0'; 1573 1574 rc = -ENOMEM; 1575 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1576 if (!levdatum->level) 1577 goto bad; 1578 1579 rc = mls_read_level(levdatum->level, fp); 1580 if (rc) 1581 goto bad; 1582 1583 rc = hashtab_insert(h, key, levdatum); 1584 if (rc) 1585 goto bad; 1586 return 0; 1587 bad: 1588 sens_destroy(key, levdatum, NULL); 1589 return rc; 1590 } 1591 1592 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1593 { 1594 char *key = NULL; 1595 struct cat_datum *catdatum; 1596 int rc; 1597 __le32 buf[3]; 1598 u32 len; 1599 1600 rc = -ENOMEM; 1601 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1602 if (!catdatum) 1603 goto bad; 1604 1605 rc = next_entry(buf, fp, sizeof buf); 1606 if (rc) 1607 goto bad; 1608 1609 len = le32_to_cpu(buf[0]); 1610 catdatum->value = le32_to_cpu(buf[1]); 1611 catdatum->isalias = le32_to_cpu(buf[2]); 1612 1613 rc = -ENOMEM; 1614 key = kmalloc(len + 1, GFP_ATOMIC); 1615 if (!key) 1616 goto bad; 1617 rc = next_entry(key, fp, len); 1618 if (rc) 1619 goto bad; 1620 key[len] = '\0'; 1621 1622 rc = hashtab_insert(h, key, catdatum); 1623 if (rc) 1624 goto bad; 1625 return 0; 1626 bad: 1627 cat_destroy(key, catdatum, NULL); 1628 return rc; 1629 } 1630 1631 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1632 { 1633 common_read, 1634 class_read, 1635 role_read, 1636 type_read, 1637 user_read, 1638 cond_read_bool, 1639 sens_read, 1640 cat_read, 1641 }; 1642 1643 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1644 { 1645 struct user_datum *upper, *user; 1646 struct policydb *p = datap; 1647 int depth = 0; 1648 1649 upper = user = datum; 1650 while (upper->bounds) { 1651 struct ebitmap_node *node; 1652 unsigned long bit; 1653 1654 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1655 printk(KERN_ERR "SELinux: user %s: " 1656 "too deep or looped boundary", 1657 (char *) key); 1658 return -EINVAL; 1659 } 1660 1661 upper = p->user_val_to_struct[upper->bounds - 1]; 1662 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1663 if (ebitmap_get_bit(&upper->roles, bit)) 1664 continue; 1665 1666 printk(KERN_ERR 1667 "SELinux: boundary violated policy: " 1668 "user=%s role=%s bounds=%s\n", 1669 sym_name(p, SYM_USERS, user->value - 1), 1670 sym_name(p, SYM_ROLES, bit), 1671 sym_name(p, SYM_USERS, upper->value - 1)); 1672 1673 return -EINVAL; 1674 } 1675 } 1676 1677 return 0; 1678 } 1679 1680 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1681 { 1682 struct role_datum *upper, *role; 1683 struct policydb *p = datap; 1684 int depth = 0; 1685 1686 upper = role = datum; 1687 while (upper->bounds) { 1688 struct ebitmap_node *node; 1689 unsigned long bit; 1690 1691 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1692 printk(KERN_ERR "SELinux: role %s: " 1693 "too deep or looped bounds\n", 1694 (char *) key); 1695 return -EINVAL; 1696 } 1697 1698 upper = p->role_val_to_struct[upper->bounds - 1]; 1699 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1700 if (ebitmap_get_bit(&upper->types, bit)) 1701 continue; 1702 1703 printk(KERN_ERR 1704 "SELinux: boundary violated policy: " 1705 "role=%s type=%s bounds=%s\n", 1706 sym_name(p, SYM_ROLES, role->value - 1), 1707 sym_name(p, SYM_TYPES, bit), 1708 sym_name(p, SYM_ROLES, upper->value - 1)); 1709 1710 return -EINVAL; 1711 } 1712 } 1713 1714 return 0; 1715 } 1716 1717 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1718 { 1719 struct type_datum *upper; 1720 struct policydb *p = datap; 1721 int depth = 0; 1722 1723 upper = datum; 1724 while (upper->bounds) { 1725 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1726 printk(KERN_ERR "SELinux: type %s: " 1727 "too deep or looped boundary\n", 1728 (char *) key); 1729 return -EINVAL; 1730 } 1731 1732 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1733 upper->bounds - 1); 1734 BUG_ON(!upper); 1735 1736 if (upper->attribute) { 1737 printk(KERN_ERR "SELinux: type %s: " 1738 "bounded by attribute %s", 1739 (char *) key, 1740 sym_name(p, SYM_TYPES, upper->value - 1)); 1741 return -EINVAL; 1742 } 1743 } 1744 1745 return 0; 1746 } 1747 1748 static int policydb_bounds_sanity_check(struct policydb *p) 1749 { 1750 int rc; 1751 1752 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1753 return 0; 1754 1755 rc = hashtab_map(p->p_users.table, 1756 user_bounds_sanity_check, p); 1757 if (rc) 1758 return rc; 1759 1760 rc = hashtab_map(p->p_roles.table, 1761 role_bounds_sanity_check, p); 1762 if (rc) 1763 return rc; 1764 1765 rc = hashtab_map(p->p_types.table, 1766 type_bounds_sanity_check, p); 1767 if (rc) 1768 return rc; 1769 1770 return 0; 1771 } 1772 1773 u16 string_to_security_class(struct policydb *p, const char *name) 1774 { 1775 struct class_datum *cladatum; 1776 1777 cladatum = hashtab_search(p->p_classes.table, name); 1778 if (!cladatum) 1779 return 0; 1780 1781 return cladatum->value; 1782 } 1783 1784 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1785 { 1786 struct class_datum *cladatum; 1787 struct perm_datum *perdatum = NULL; 1788 struct common_datum *comdatum; 1789 1790 if (!tclass || tclass > p->p_classes.nprim) 1791 return 0; 1792 1793 cladatum = p->class_val_to_struct[tclass-1]; 1794 comdatum = cladatum->comdatum; 1795 if (comdatum) 1796 perdatum = hashtab_search(comdatum->permissions.table, 1797 name); 1798 if (!perdatum) 1799 perdatum = hashtab_search(cladatum->permissions.table, 1800 name); 1801 if (!perdatum) 1802 return 0; 1803 1804 return 1U << (perdatum->value-1); 1805 } 1806 1807 static int range_read(struct policydb *p, void *fp) 1808 { 1809 struct range_trans *rt = NULL; 1810 struct mls_range *r = NULL; 1811 int i, rc; 1812 __le32 buf[2]; 1813 u32 nel; 1814 1815 if (p->policyvers < POLICYDB_VERSION_MLS) 1816 return 0; 1817 1818 rc = next_entry(buf, fp, sizeof(u32)); 1819 if (rc) 1820 goto out; 1821 1822 nel = le32_to_cpu(buf[0]); 1823 for (i = 0; i < nel; i++) { 1824 rc = -ENOMEM; 1825 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1826 if (!rt) 1827 goto out; 1828 1829 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1830 if (rc) 1831 goto out; 1832 1833 rt->source_type = le32_to_cpu(buf[0]); 1834 rt->target_type = le32_to_cpu(buf[1]); 1835 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1836 rc = next_entry(buf, fp, sizeof(u32)); 1837 if (rc) 1838 goto out; 1839 rt->target_class = le32_to_cpu(buf[0]); 1840 } else 1841 rt->target_class = p->process_class; 1842 1843 rc = -EINVAL; 1844 if (!policydb_type_isvalid(p, rt->source_type) || 1845 !policydb_type_isvalid(p, rt->target_type) || 1846 !policydb_class_isvalid(p, rt->target_class)) 1847 goto out; 1848 1849 rc = -ENOMEM; 1850 r = kzalloc(sizeof(*r), GFP_KERNEL); 1851 if (!r) 1852 goto out; 1853 1854 rc = mls_read_range_helper(r, fp); 1855 if (rc) 1856 goto out; 1857 1858 rc = -EINVAL; 1859 if (!mls_range_isvalid(p, r)) { 1860 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1861 goto out; 1862 } 1863 1864 rc = hashtab_insert(p->range_tr, rt, r); 1865 if (rc) 1866 goto out; 1867 1868 rt = NULL; 1869 r = NULL; 1870 } 1871 hash_eval(p->range_tr, "rangetr"); 1872 rc = 0; 1873 out: 1874 kfree(rt); 1875 kfree(r); 1876 return rc; 1877 } 1878 1879 static int filename_trans_read(struct policydb *p, void *fp) 1880 { 1881 struct filename_trans *ft; 1882 struct filename_trans_datum *otype; 1883 char *name; 1884 u32 nel, len; 1885 __le32 buf[4]; 1886 int rc, i; 1887 1888 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1889 return 0; 1890 1891 rc = next_entry(buf, fp, sizeof(u32)); 1892 if (rc) 1893 return rc; 1894 nel = le32_to_cpu(buf[0]); 1895 1896 for (i = 0; i < nel; i++) { 1897 ft = NULL; 1898 otype = NULL; 1899 name = NULL; 1900 1901 rc = -ENOMEM; 1902 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1903 if (!ft) 1904 goto out; 1905 1906 rc = -ENOMEM; 1907 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1908 if (!otype) 1909 goto out; 1910 1911 /* length of the path component string */ 1912 rc = next_entry(buf, fp, sizeof(u32)); 1913 if (rc) 1914 goto out; 1915 len = le32_to_cpu(buf[0]); 1916 1917 rc = -ENOMEM; 1918 name = kmalloc(len + 1, GFP_KERNEL); 1919 if (!name) 1920 goto out; 1921 1922 ft->name = name; 1923 1924 /* path component string */ 1925 rc = next_entry(name, fp, len); 1926 if (rc) 1927 goto out; 1928 name[len] = 0; 1929 1930 rc = next_entry(buf, fp, sizeof(u32) * 4); 1931 if (rc) 1932 goto out; 1933 1934 ft->stype = le32_to_cpu(buf[0]); 1935 ft->ttype = le32_to_cpu(buf[1]); 1936 ft->tclass = le32_to_cpu(buf[2]); 1937 1938 otype->otype = le32_to_cpu(buf[3]); 1939 1940 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1941 if (rc) 1942 goto out; 1943 1944 hashtab_insert(p->filename_trans, ft, otype); 1945 } 1946 hash_eval(p->filename_trans, "filenametr"); 1947 return 0; 1948 out: 1949 kfree(ft); 1950 kfree(name); 1951 kfree(otype); 1952 1953 return rc; 1954 } 1955 1956 static int genfs_read(struct policydb *p, void *fp) 1957 { 1958 int i, j, rc; 1959 u32 nel, nel2, len, len2; 1960 __le32 buf[1]; 1961 struct ocontext *l, *c; 1962 struct ocontext *newc = NULL; 1963 struct genfs *genfs_p, *genfs; 1964 struct genfs *newgenfs = NULL; 1965 1966 rc = next_entry(buf, fp, sizeof(u32)); 1967 if (rc) 1968 goto out; 1969 nel = le32_to_cpu(buf[0]); 1970 1971 for (i = 0; i < nel; i++) { 1972 rc = next_entry(buf, fp, sizeof(u32)); 1973 if (rc) 1974 goto out; 1975 len = le32_to_cpu(buf[0]); 1976 1977 rc = -ENOMEM; 1978 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1979 if (!newgenfs) 1980 goto out; 1981 1982 rc = -ENOMEM; 1983 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1984 if (!newgenfs->fstype) 1985 goto out; 1986 1987 rc = next_entry(newgenfs->fstype, fp, len); 1988 if (rc) 1989 goto out; 1990 1991 newgenfs->fstype[len] = 0; 1992 1993 for (genfs_p = NULL, genfs = p->genfs; genfs; 1994 genfs_p = genfs, genfs = genfs->next) { 1995 rc = -EINVAL; 1996 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1997 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 1998 newgenfs->fstype); 1999 goto out; 2000 } 2001 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2002 break; 2003 } 2004 newgenfs->next = genfs; 2005 if (genfs_p) 2006 genfs_p->next = newgenfs; 2007 else 2008 p->genfs = newgenfs; 2009 genfs = newgenfs; 2010 newgenfs = NULL; 2011 2012 rc = next_entry(buf, fp, sizeof(u32)); 2013 if (rc) 2014 goto out; 2015 2016 nel2 = le32_to_cpu(buf[0]); 2017 for (j = 0; j < nel2; j++) { 2018 rc = next_entry(buf, fp, sizeof(u32)); 2019 if (rc) 2020 goto out; 2021 len = le32_to_cpu(buf[0]); 2022 2023 rc = -ENOMEM; 2024 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2025 if (!newc) 2026 goto out; 2027 2028 rc = -ENOMEM; 2029 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 2030 if (!newc->u.name) 2031 goto out; 2032 2033 rc = next_entry(newc->u.name, fp, len); 2034 if (rc) 2035 goto out; 2036 newc->u.name[len] = 0; 2037 2038 rc = next_entry(buf, fp, sizeof(u32)); 2039 if (rc) 2040 goto out; 2041 2042 newc->v.sclass = le32_to_cpu(buf[0]); 2043 rc = context_read_and_validate(&newc->context[0], p, fp); 2044 if (rc) 2045 goto out; 2046 2047 for (l = NULL, c = genfs->head; c; 2048 l = c, c = c->next) { 2049 rc = -EINVAL; 2050 if (!strcmp(newc->u.name, c->u.name) && 2051 (!c->v.sclass || !newc->v.sclass || 2052 newc->v.sclass == c->v.sclass)) { 2053 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2054 genfs->fstype, c->u.name); 2055 goto out; 2056 } 2057 len = strlen(newc->u.name); 2058 len2 = strlen(c->u.name); 2059 if (len > len2) 2060 break; 2061 } 2062 2063 newc->next = c; 2064 if (l) 2065 l->next = newc; 2066 else 2067 genfs->head = newc; 2068 newc = NULL; 2069 } 2070 } 2071 rc = 0; 2072 out: 2073 if (newgenfs) 2074 kfree(newgenfs->fstype); 2075 kfree(newgenfs); 2076 ocontext_destroy(newc, OCON_FSUSE); 2077 2078 return rc; 2079 } 2080 2081 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2082 void *fp) 2083 { 2084 int i, j, rc; 2085 u32 nel, len; 2086 __le32 buf[3]; 2087 struct ocontext *l, *c; 2088 u32 nodebuf[8]; 2089 2090 for (i = 0; i < info->ocon_num; i++) { 2091 rc = next_entry(buf, fp, sizeof(u32)); 2092 if (rc) 2093 goto out; 2094 nel = le32_to_cpu(buf[0]); 2095 2096 l = NULL; 2097 for (j = 0; j < nel; j++) { 2098 rc = -ENOMEM; 2099 c = kzalloc(sizeof(*c), GFP_KERNEL); 2100 if (!c) 2101 goto out; 2102 if (l) 2103 l->next = c; 2104 else 2105 p->ocontexts[i] = c; 2106 l = c; 2107 2108 switch (i) { 2109 case OCON_ISID: 2110 rc = next_entry(buf, fp, sizeof(u32)); 2111 if (rc) 2112 goto out; 2113 2114 c->sid[0] = le32_to_cpu(buf[0]); 2115 rc = context_read_and_validate(&c->context[0], p, fp); 2116 if (rc) 2117 goto out; 2118 break; 2119 case OCON_FS: 2120 case OCON_NETIF: 2121 rc = next_entry(buf, fp, sizeof(u32)); 2122 if (rc) 2123 goto out; 2124 len = le32_to_cpu(buf[0]); 2125 2126 rc = -ENOMEM; 2127 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2128 if (!c->u.name) 2129 goto out; 2130 2131 rc = next_entry(c->u.name, fp, len); 2132 if (rc) 2133 goto out; 2134 2135 c->u.name[len] = 0; 2136 rc = context_read_and_validate(&c->context[0], p, fp); 2137 if (rc) 2138 goto out; 2139 rc = context_read_and_validate(&c->context[1], p, fp); 2140 if (rc) 2141 goto out; 2142 break; 2143 case OCON_PORT: 2144 rc = next_entry(buf, fp, sizeof(u32)*3); 2145 if (rc) 2146 goto out; 2147 c->u.port.protocol = le32_to_cpu(buf[0]); 2148 c->u.port.low_port = le32_to_cpu(buf[1]); 2149 c->u.port.high_port = le32_to_cpu(buf[2]); 2150 rc = context_read_and_validate(&c->context[0], p, fp); 2151 if (rc) 2152 goto out; 2153 break; 2154 case OCON_NODE: 2155 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2156 if (rc) 2157 goto out; 2158 c->u.node.addr = nodebuf[0]; /* network order */ 2159 c->u.node.mask = nodebuf[1]; /* network order */ 2160 rc = context_read_and_validate(&c->context[0], p, fp); 2161 if (rc) 2162 goto out; 2163 break; 2164 case OCON_FSUSE: 2165 rc = next_entry(buf, fp, sizeof(u32)*2); 2166 if (rc) 2167 goto out; 2168 2169 rc = -EINVAL; 2170 c->v.behavior = le32_to_cpu(buf[0]); 2171 if (c->v.behavior > SECURITY_FS_USE_NONE) 2172 goto out; 2173 2174 rc = -ENOMEM; 2175 len = le32_to_cpu(buf[1]); 2176 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2177 if (!c->u.name) 2178 goto out; 2179 2180 rc = next_entry(c->u.name, fp, len); 2181 if (rc) 2182 goto out; 2183 c->u.name[len] = 0; 2184 rc = context_read_and_validate(&c->context[0], p, fp); 2185 if (rc) 2186 goto out; 2187 break; 2188 case OCON_NODE6: { 2189 int k; 2190 2191 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2192 if (rc) 2193 goto out; 2194 for (k = 0; k < 4; k++) 2195 c->u.node6.addr[k] = nodebuf[k]; 2196 for (k = 0; k < 4; k++) 2197 c->u.node6.mask[k] = nodebuf[k+4]; 2198 rc = context_read_and_validate(&c->context[0], p, fp); 2199 if (rc) 2200 goto out; 2201 break; 2202 } 2203 } 2204 } 2205 } 2206 rc = 0; 2207 out: 2208 return rc; 2209 } 2210 2211 /* 2212 * Read the configuration data from a policy database binary 2213 * representation file into a policy database structure. 2214 */ 2215 int policydb_read(struct policydb *p, void *fp) 2216 { 2217 struct role_allow *ra, *lra; 2218 struct role_trans *tr, *ltr; 2219 int i, j, rc; 2220 __le32 buf[4]; 2221 u32 len, nprim, nel; 2222 2223 char *policydb_str; 2224 struct policydb_compat_info *info; 2225 2226 rc = policydb_init(p); 2227 if (rc) 2228 return rc; 2229 2230 /* Read the magic number and string length. */ 2231 rc = next_entry(buf, fp, sizeof(u32) * 2); 2232 if (rc) 2233 goto bad; 2234 2235 rc = -EINVAL; 2236 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2237 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2238 "not match expected magic number 0x%x\n", 2239 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2240 goto bad; 2241 } 2242 2243 rc = -EINVAL; 2244 len = le32_to_cpu(buf[1]); 2245 if (len != strlen(POLICYDB_STRING)) { 2246 printk(KERN_ERR "SELinux: policydb string length %d does not " 2247 "match expected length %Zu\n", 2248 len, strlen(POLICYDB_STRING)); 2249 goto bad; 2250 } 2251 2252 rc = -ENOMEM; 2253 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2254 if (!policydb_str) { 2255 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2256 "string of length %d\n", len); 2257 goto bad; 2258 } 2259 2260 rc = next_entry(policydb_str, fp, len); 2261 if (rc) { 2262 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2263 kfree(policydb_str); 2264 goto bad; 2265 } 2266 2267 rc = -EINVAL; 2268 policydb_str[len] = '\0'; 2269 if (strcmp(policydb_str, POLICYDB_STRING)) { 2270 printk(KERN_ERR "SELinux: policydb string %s does not match " 2271 "my string %s\n", policydb_str, POLICYDB_STRING); 2272 kfree(policydb_str); 2273 goto bad; 2274 } 2275 /* Done with policydb_str. */ 2276 kfree(policydb_str); 2277 policydb_str = NULL; 2278 2279 /* Read the version and table sizes. */ 2280 rc = next_entry(buf, fp, sizeof(u32)*4); 2281 if (rc) 2282 goto bad; 2283 2284 rc = -EINVAL; 2285 p->policyvers = le32_to_cpu(buf[0]); 2286 if (p->policyvers < POLICYDB_VERSION_MIN || 2287 p->policyvers > POLICYDB_VERSION_MAX) { 2288 printk(KERN_ERR "SELinux: policydb version %d does not match " 2289 "my version range %d-%d\n", 2290 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2291 goto bad; 2292 } 2293 2294 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2295 p->mls_enabled = 1; 2296 2297 rc = -EINVAL; 2298 if (p->policyvers < POLICYDB_VERSION_MLS) { 2299 printk(KERN_ERR "SELinux: security policydb version %d " 2300 "(MLS) not backwards compatible\n", 2301 p->policyvers); 2302 goto bad; 2303 } 2304 } 2305 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2306 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2307 2308 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2309 rc = ebitmap_read(&p->policycaps, fp); 2310 if (rc) 2311 goto bad; 2312 } 2313 2314 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2315 rc = ebitmap_read(&p->permissive_map, fp); 2316 if (rc) 2317 goto bad; 2318 } 2319 2320 rc = -EINVAL; 2321 info = policydb_lookup_compat(p->policyvers); 2322 if (!info) { 2323 printk(KERN_ERR "SELinux: unable to find policy compat info " 2324 "for version %d\n", p->policyvers); 2325 goto bad; 2326 } 2327 2328 rc = -EINVAL; 2329 if (le32_to_cpu(buf[2]) != info->sym_num || 2330 le32_to_cpu(buf[3]) != info->ocon_num) { 2331 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2332 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2333 le32_to_cpu(buf[3]), 2334 info->sym_num, info->ocon_num); 2335 goto bad; 2336 } 2337 2338 for (i = 0; i < info->sym_num; i++) { 2339 rc = next_entry(buf, fp, sizeof(u32)*2); 2340 if (rc) 2341 goto bad; 2342 nprim = le32_to_cpu(buf[0]); 2343 nel = le32_to_cpu(buf[1]); 2344 for (j = 0; j < nel; j++) { 2345 rc = read_f[i](p, p->symtab[i].table, fp); 2346 if (rc) 2347 goto bad; 2348 } 2349 2350 p->symtab[i].nprim = nprim; 2351 } 2352 2353 rc = -EINVAL; 2354 p->process_class = string_to_security_class(p, "process"); 2355 if (!p->process_class) 2356 goto bad; 2357 2358 rc = avtab_read(&p->te_avtab, fp, p); 2359 if (rc) 2360 goto bad; 2361 2362 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2363 rc = cond_read_list(p, fp); 2364 if (rc) 2365 goto bad; 2366 } 2367 2368 rc = next_entry(buf, fp, sizeof(u32)); 2369 if (rc) 2370 goto bad; 2371 nel = le32_to_cpu(buf[0]); 2372 ltr = NULL; 2373 for (i = 0; i < nel; i++) { 2374 rc = -ENOMEM; 2375 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2376 if (!tr) 2377 goto bad; 2378 if (ltr) 2379 ltr->next = tr; 2380 else 2381 p->role_tr = tr; 2382 rc = next_entry(buf, fp, sizeof(u32)*3); 2383 if (rc) 2384 goto bad; 2385 2386 rc = -EINVAL; 2387 tr->role = le32_to_cpu(buf[0]); 2388 tr->type = le32_to_cpu(buf[1]); 2389 tr->new_role = le32_to_cpu(buf[2]); 2390 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2391 rc = next_entry(buf, fp, sizeof(u32)); 2392 if (rc) 2393 goto bad; 2394 tr->tclass = le32_to_cpu(buf[0]); 2395 } else 2396 tr->tclass = p->process_class; 2397 2398 if (!policydb_role_isvalid(p, tr->role) || 2399 !policydb_type_isvalid(p, tr->type) || 2400 !policydb_class_isvalid(p, tr->tclass) || 2401 !policydb_role_isvalid(p, tr->new_role)) 2402 goto bad; 2403 ltr = tr; 2404 } 2405 2406 rc = next_entry(buf, fp, sizeof(u32)); 2407 if (rc) 2408 goto bad; 2409 nel = le32_to_cpu(buf[0]); 2410 lra = NULL; 2411 for (i = 0; i < nel; i++) { 2412 rc = -ENOMEM; 2413 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2414 if (!ra) 2415 goto bad; 2416 if (lra) 2417 lra->next = ra; 2418 else 2419 p->role_allow = ra; 2420 rc = next_entry(buf, fp, sizeof(u32)*2); 2421 if (rc) 2422 goto bad; 2423 2424 rc = -EINVAL; 2425 ra->role = le32_to_cpu(buf[0]); 2426 ra->new_role = le32_to_cpu(buf[1]); 2427 if (!policydb_role_isvalid(p, ra->role) || 2428 !policydb_role_isvalid(p, ra->new_role)) 2429 goto bad; 2430 lra = ra; 2431 } 2432 2433 rc = filename_trans_read(p, fp); 2434 if (rc) 2435 goto bad; 2436 2437 rc = policydb_index(p); 2438 if (rc) 2439 goto bad; 2440 2441 rc = -EINVAL; 2442 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2443 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2444 if (!p->process_trans_perms) 2445 goto bad; 2446 2447 rc = ocontext_read(p, info, fp); 2448 if (rc) 2449 goto bad; 2450 2451 rc = genfs_read(p, fp); 2452 if (rc) 2453 goto bad; 2454 2455 rc = range_read(p, fp); 2456 if (rc) 2457 goto bad; 2458 2459 rc = -ENOMEM; 2460 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2461 p->p_types.nprim, 2462 GFP_KERNEL | __GFP_ZERO); 2463 if (!p->type_attr_map_array) 2464 goto bad; 2465 2466 /* preallocate so we don't have to worry about the put ever failing */ 2467 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2468 GFP_KERNEL | __GFP_ZERO); 2469 if (rc) 2470 goto bad; 2471 2472 for (i = 0; i < p->p_types.nprim; i++) { 2473 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2474 2475 BUG_ON(!e); 2476 ebitmap_init(e); 2477 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2478 rc = ebitmap_read(e, fp); 2479 if (rc) 2480 goto bad; 2481 } 2482 /* add the type itself as the degenerate case */ 2483 rc = ebitmap_set_bit(e, i, 1); 2484 if (rc) 2485 goto bad; 2486 } 2487 2488 rc = policydb_bounds_sanity_check(p); 2489 if (rc) 2490 goto bad; 2491 2492 rc = 0; 2493 out: 2494 return rc; 2495 bad: 2496 policydb_destroy(p); 2497 goto out; 2498 } 2499 2500 /* 2501 * Write a MLS level structure to a policydb binary 2502 * representation file. 2503 */ 2504 static int mls_write_level(struct mls_level *l, void *fp) 2505 { 2506 __le32 buf[1]; 2507 int rc; 2508 2509 buf[0] = cpu_to_le32(l->sens); 2510 rc = put_entry(buf, sizeof(u32), 1, fp); 2511 if (rc) 2512 return rc; 2513 2514 rc = ebitmap_write(&l->cat, fp); 2515 if (rc) 2516 return rc; 2517 2518 return 0; 2519 } 2520 2521 /* 2522 * Write a MLS range structure to a policydb binary 2523 * representation file. 2524 */ 2525 static int mls_write_range_helper(struct mls_range *r, void *fp) 2526 { 2527 __le32 buf[3]; 2528 size_t items; 2529 int rc, eq; 2530 2531 eq = mls_level_eq(&r->level[1], &r->level[0]); 2532 2533 if (eq) 2534 items = 2; 2535 else 2536 items = 3; 2537 buf[0] = cpu_to_le32(items-1); 2538 buf[1] = cpu_to_le32(r->level[0].sens); 2539 if (!eq) 2540 buf[2] = cpu_to_le32(r->level[1].sens); 2541 2542 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2543 2544 rc = put_entry(buf, sizeof(u32), items, fp); 2545 if (rc) 2546 return rc; 2547 2548 rc = ebitmap_write(&r->level[0].cat, fp); 2549 if (rc) 2550 return rc; 2551 if (!eq) { 2552 rc = ebitmap_write(&r->level[1].cat, fp); 2553 if (rc) 2554 return rc; 2555 } 2556 2557 return 0; 2558 } 2559 2560 static int sens_write(void *vkey, void *datum, void *ptr) 2561 { 2562 char *key = vkey; 2563 struct level_datum *levdatum = datum; 2564 struct policy_data *pd = ptr; 2565 void *fp = pd->fp; 2566 __le32 buf[2]; 2567 size_t len; 2568 int rc; 2569 2570 len = strlen(key); 2571 buf[0] = cpu_to_le32(len); 2572 buf[1] = cpu_to_le32(levdatum->isalias); 2573 rc = put_entry(buf, sizeof(u32), 2, fp); 2574 if (rc) 2575 return rc; 2576 2577 rc = put_entry(key, 1, len, fp); 2578 if (rc) 2579 return rc; 2580 2581 rc = mls_write_level(levdatum->level, fp); 2582 if (rc) 2583 return rc; 2584 2585 return 0; 2586 } 2587 2588 static int cat_write(void *vkey, void *datum, void *ptr) 2589 { 2590 char *key = vkey; 2591 struct cat_datum *catdatum = datum; 2592 struct policy_data *pd = ptr; 2593 void *fp = pd->fp; 2594 __le32 buf[3]; 2595 size_t len; 2596 int rc; 2597 2598 len = strlen(key); 2599 buf[0] = cpu_to_le32(len); 2600 buf[1] = cpu_to_le32(catdatum->value); 2601 buf[2] = cpu_to_le32(catdatum->isalias); 2602 rc = put_entry(buf, sizeof(u32), 3, fp); 2603 if (rc) 2604 return rc; 2605 2606 rc = put_entry(key, 1, len, fp); 2607 if (rc) 2608 return rc; 2609 2610 return 0; 2611 } 2612 2613 static int role_trans_write(struct policydb *p, void *fp) 2614 { 2615 struct role_trans *r = p->role_tr; 2616 struct role_trans *tr; 2617 u32 buf[3]; 2618 size_t nel; 2619 int rc; 2620 2621 nel = 0; 2622 for (tr = r; tr; tr = tr->next) 2623 nel++; 2624 buf[0] = cpu_to_le32(nel); 2625 rc = put_entry(buf, sizeof(u32), 1, fp); 2626 if (rc) 2627 return rc; 2628 for (tr = r; tr; tr = tr->next) { 2629 buf[0] = cpu_to_le32(tr->role); 2630 buf[1] = cpu_to_le32(tr->type); 2631 buf[2] = cpu_to_le32(tr->new_role); 2632 rc = put_entry(buf, sizeof(u32), 3, fp); 2633 if (rc) 2634 return rc; 2635 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2636 buf[0] = cpu_to_le32(tr->tclass); 2637 rc = put_entry(buf, sizeof(u32), 1, fp); 2638 if (rc) 2639 return rc; 2640 } 2641 } 2642 2643 return 0; 2644 } 2645 2646 static int role_allow_write(struct role_allow *r, void *fp) 2647 { 2648 struct role_allow *ra; 2649 u32 buf[2]; 2650 size_t nel; 2651 int rc; 2652 2653 nel = 0; 2654 for (ra = r; ra; ra = ra->next) 2655 nel++; 2656 buf[0] = cpu_to_le32(nel); 2657 rc = put_entry(buf, sizeof(u32), 1, fp); 2658 if (rc) 2659 return rc; 2660 for (ra = r; ra; ra = ra->next) { 2661 buf[0] = cpu_to_le32(ra->role); 2662 buf[1] = cpu_to_le32(ra->new_role); 2663 rc = put_entry(buf, sizeof(u32), 2, fp); 2664 if (rc) 2665 return rc; 2666 } 2667 return 0; 2668 } 2669 2670 /* 2671 * Write a security context structure 2672 * to a policydb binary representation file. 2673 */ 2674 static int context_write(struct policydb *p, struct context *c, 2675 void *fp) 2676 { 2677 int rc; 2678 __le32 buf[3]; 2679 2680 buf[0] = cpu_to_le32(c->user); 2681 buf[1] = cpu_to_le32(c->role); 2682 buf[2] = cpu_to_le32(c->type); 2683 2684 rc = put_entry(buf, sizeof(u32), 3, fp); 2685 if (rc) 2686 return rc; 2687 2688 rc = mls_write_range_helper(&c->range, fp); 2689 if (rc) 2690 return rc; 2691 2692 return 0; 2693 } 2694 2695 /* 2696 * The following *_write functions are used to 2697 * write the symbol data to a policy database 2698 * binary representation file. 2699 */ 2700 2701 static int perm_write(void *vkey, void *datum, void *fp) 2702 { 2703 char *key = vkey; 2704 struct perm_datum *perdatum = datum; 2705 __le32 buf[2]; 2706 size_t len; 2707 int rc; 2708 2709 len = strlen(key); 2710 buf[0] = cpu_to_le32(len); 2711 buf[1] = cpu_to_le32(perdatum->value); 2712 rc = put_entry(buf, sizeof(u32), 2, fp); 2713 if (rc) 2714 return rc; 2715 2716 rc = put_entry(key, 1, len, fp); 2717 if (rc) 2718 return rc; 2719 2720 return 0; 2721 } 2722 2723 static int common_write(void *vkey, void *datum, void *ptr) 2724 { 2725 char *key = vkey; 2726 struct common_datum *comdatum = datum; 2727 struct policy_data *pd = ptr; 2728 void *fp = pd->fp; 2729 __le32 buf[4]; 2730 size_t len; 2731 int rc; 2732 2733 len = strlen(key); 2734 buf[0] = cpu_to_le32(len); 2735 buf[1] = cpu_to_le32(comdatum->value); 2736 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2737 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2738 rc = put_entry(buf, sizeof(u32), 4, fp); 2739 if (rc) 2740 return rc; 2741 2742 rc = put_entry(key, 1, len, fp); 2743 if (rc) 2744 return rc; 2745 2746 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2747 if (rc) 2748 return rc; 2749 2750 return 0; 2751 } 2752 2753 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2754 void *fp) 2755 { 2756 struct constraint_node *c; 2757 struct constraint_expr *e; 2758 __le32 buf[3]; 2759 u32 nel; 2760 int rc; 2761 2762 for (c = node; c; c = c->next) { 2763 nel = 0; 2764 for (e = c->expr; e; e = e->next) 2765 nel++; 2766 buf[0] = cpu_to_le32(c->permissions); 2767 buf[1] = cpu_to_le32(nel); 2768 rc = put_entry(buf, sizeof(u32), 2, fp); 2769 if (rc) 2770 return rc; 2771 for (e = c->expr; e; e = e->next) { 2772 buf[0] = cpu_to_le32(e->expr_type); 2773 buf[1] = cpu_to_le32(e->attr); 2774 buf[2] = cpu_to_le32(e->op); 2775 rc = put_entry(buf, sizeof(u32), 3, fp); 2776 if (rc) 2777 return rc; 2778 2779 switch (e->expr_type) { 2780 case CEXPR_NAMES: 2781 rc = ebitmap_write(&e->names, fp); 2782 if (rc) 2783 return rc; 2784 break; 2785 default: 2786 break; 2787 } 2788 } 2789 } 2790 2791 return 0; 2792 } 2793 2794 static int class_write(void *vkey, void *datum, void *ptr) 2795 { 2796 char *key = vkey; 2797 struct class_datum *cladatum = datum; 2798 struct policy_data *pd = ptr; 2799 void *fp = pd->fp; 2800 struct policydb *p = pd->p; 2801 struct constraint_node *c; 2802 __le32 buf[6]; 2803 u32 ncons; 2804 size_t len, len2; 2805 int rc; 2806 2807 len = strlen(key); 2808 if (cladatum->comkey) 2809 len2 = strlen(cladatum->comkey); 2810 else 2811 len2 = 0; 2812 2813 ncons = 0; 2814 for (c = cladatum->constraints; c; c = c->next) 2815 ncons++; 2816 2817 buf[0] = cpu_to_le32(len); 2818 buf[1] = cpu_to_le32(len2); 2819 buf[2] = cpu_to_le32(cladatum->value); 2820 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2821 if (cladatum->permissions.table) 2822 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2823 else 2824 buf[4] = 0; 2825 buf[5] = cpu_to_le32(ncons); 2826 rc = put_entry(buf, sizeof(u32), 6, fp); 2827 if (rc) 2828 return rc; 2829 2830 rc = put_entry(key, 1, len, fp); 2831 if (rc) 2832 return rc; 2833 2834 if (cladatum->comkey) { 2835 rc = put_entry(cladatum->comkey, 1, len2, fp); 2836 if (rc) 2837 return rc; 2838 } 2839 2840 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2841 if (rc) 2842 return rc; 2843 2844 rc = write_cons_helper(p, cladatum->constraints, fp); 2845 if (rc) 2846 return rc; 2847 2848 /* write out the validatetrans rule */ 2849 ncons = 0; 2850 for (c = cladatum->validatetrans; c; c = c->next) 2851 ncons++; 2852 2853 buf[0] = cpu_to_le32(ncons); 2854 rc = put_entry(buf, sizeof(u32), 1, fp); 2855 if (rc) 2856 return rc; 2857 2858 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2859 if (rc) 2860 return rc; 2861 2862 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2863 buf[0] = cpu_to_le32(cladatum->default_user); 2864 buf[1] = cpu_to_le32(cladatum->default_role); 2865 buf[2] = cpu_to_le32(cladatum->default_range); 2866 2867 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2868 if (rc) 2869 return rc; 2870 } 2871 2872 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2873 buf[0] = cpu_to_le32(cladatum->default_type); 2874 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2875 if (rc) 2876 return rc; 2877 } 2878 2879 return 0; 2880 } 2881 2882 static int role_write(void *vkey, void *datum, void *ptr) 2883 { 2884 char *key = vkey; 2885 struct role_datum *role = datum; 2886 struct policy_data *pd = ptr; 2887 void *fp = pd->fp; 2888 struct policydb *p = pd->p; 2889 __le32 buf[3]; 2890 size_t items, len; 2891 int rc; 2892 2893 len = strlen(key); 2894 items = 0; 2895 buf[items++] = cpu_to_le32(len); 2896 buf[items++] = cpu_to_le32(role->value); 2897 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2898 buf[items++] = cpu_to_le32(role->bounds); 2899 2900 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2901 2902 rc = put_entry(buf, sizeof(u32), items, fp); 2903 if (rc) 2904 return rc; 2905 2906 rc = put_entry(key, 1, len, fp); 2907 if (rc) 2908 return rc; 2909 2910 rc = ebitmap_write(&role->dominates, fp); 2911 if (rc) 2912 return rc; 2913 2914 rc = ebitmap_write(&role->types, fp); 2915 if (rc) 2916 return rc; 2917 2918 return 0; 2919 } 2920 2921 static int type_write(void *vkey, void *datum, void *ptr) 2922 { 2923 char *key = vkey; 2924 struct type_datum *typdatum = datum; 2925 struct policy_data *pd = ptr; 2926 struct policydb *p = pd->p; 2927 void *fp = pd->fp; 2928 __le32 buf[4]; 2929 int rc; 2930 size_t items, len; 2931 2932 len = strlen(key); 2933 items = 0; 2934 buf[items++] = cpu_to_le32(len); 2935 buf[items++] = cpu_to_le32(typdatum->value); 2936 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2937 u32 properties = 0; 2938 2939 if (typdatum->primary) 2940 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2941 2942 if (typdatum->attribute) 2943 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2944 2945 buf[items++] = cpu_to_le32(properties); 2946 buf[items++] = cpu_to_le32(typdatum->bounds); 2947 } else { 2948 buf[items++] = cpu_to_le32(typdatum->primary); 2949 } 2950 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2951 rc = put_entry(buf, sizeof(u32), items, fp); 2952 if (rc) 2953 return rc; 2954 2955 rc = put_entry(key, 1, len, fp); 2956 if (rc) 2957 return rc; 2958 2959 return 0; 2960 } 2961 2962 static int user_write(void *vkey, void *datum, void *ptr) 2963 { 2964 char *key = vkey; 2965 struct user_datum *usrdatum = datum; 2966 struct policy_data *pd = ptr; 2967 struct policydb *p = pd->p; 2968 void *fp = pd->fp; 2969 __le32 buf[3]; 2970 size_t items, len; 2971 int rc; 2972 2973 len = strlen(key); 2974 items = 0; 2975 buf[items++] = cpu_to_le32(len); 2976 buf[items++] = cpu_to_le32(usrdatum->value); 2977 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2978 buf[items++] = cpu_to_le32(usrdatum->bounds); 2979 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2980 rc = put_entry(buf, sizeof(u32), items, fp); 2981 if (rc) 2982 return rc; 2983 2984 rc = put_entry(key, 1, len, fp); 2985 if (rc) 2986 return rc; 2987 2988 rc = ebitmap_write(&usrdatum->roles, fp); 2989 if (rc) 2990 return rc; 2991 2992 rc = mls_write_range_helper(&usrdatum->range, fp); 2993 if (rc) 2994 return rc; 2995 2996 rc = mls_write_level(&usrdatum->dfltlevel, fp); 2997 if (rc) 2998 return rc; 2999 3000 return 0; 3001 } 3002 3003 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3004 void *datap) = 3005 { 3006 common_write, 3007 class_write, 3008 role_write, 3009 type_write, 3010 user_write, 3011 cond_write_bool, 3012 sens_write, 3013 cat_write, 3014 }; 3015 3016 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3017 void *fp) 3018 { 3019 unsigned int i, j, rc; 3020 size_t nel, len; 3021 __le32 buf[3]; 3022 u32 nodebuf[8]; 3023 struct ocontext *c; 3024 for (i = 0; i < info->ocon_num; i++) { 3025 nel = 0; 3026 for (c = p->ocontexts[i]; c; c = c->next) 3027 nel++; 3028 buf[0] = cpu_to_le32(nel); 3029 rc = put_entry(buf, sizeof(u32), 1, fp); 3030 if (rc) 3031 return rc; 3032 for (c = p->ocontexts[i]; c; c = c->next) { 3033 switch (i) { 3034 case OCON_ISID: 3035 buf[0] = cpu_to_le32(c->sid[0]); 3036 rc = put_entry(buf, sizeof(u32), 1, fp); 3037 if (rc) 3038 return rc; 3039 rc = context_write(p, &c->context[0], fp); 3040 if (rc) 3041 return rc; 3042 break; 3043 case OCON_FS: 3044 case OCON_NETIF: 3045 len = strlen(c->u.name); 3046 buf[0] = cpu_to_le32(len); 3047 rc = put_entry(buf, sizeof(u32), 1, fp); 3048 if (rc) 3049 return rc; 3050 rc = put_entry(c->u.name, 1, len, fp); 3051 if (rc) 3052 return rc; 3053 rc = context_write(p, &c->context[0], fp); 3054 if (rc) 3055 return rc; 3056 rc = context_write(p, &c->context[1], fp); 3057 if (rc) 3058 return rc; 3059 break; 3060 case OCON_PORT: 3061 buf[0] = cpu_to_le32(c->u.port.protocol); 3062 buf[1] = cpu_to_le32(c->u.port.low_port); 3063 buf[2] = cpu_to_le32(c->u.port.high_port); 3064 rc = put_entry(buf, sizeof(u32), 3, fp); 3065 if (rc) 3066 return rc; 3067 rc = context_write(p, &c->context[0], fp); 3068 if (rc) 3069 return rc; 3070 break; 3071 case OCON_NODE: 3072 nodebuf[0] = c->u.node.addr; /* network order */ 3073 nodebuf[1] = c->u.node.mask; /* network order */ 3074 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3075 if (rc) 3076 return rc; 3077 rc = context_write(p, &c->context[0], fp); 3078 if (rc) 3079 return rc; 3080 break; 3081 case OCON_FSUSE: 3082 buf[0] = cpu_to_le32(c->v.behavior); 3083 len = strlen(c->u.name); 3084 buf[1] = cpu_to_le32(len); 3085 rc = put_entry(buf, sizeof(u32), 2, fp); 3086 if (rc) 3087 return rc; 3088 rc = put_entry(c->u.name, 1, len, fp); 3089 if (rc) 3090 return rc; 3091 rc = context_write(p, &c->context[0], fp); 3092 if (rc) 3093 return rc; 3094 break; 3095 case OCON_NODE6: 3096 for (j = 0; j < 4; j++) 3097 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3098 for (j = 0; j < 4; j++) 3099 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3100 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3101 if (rc) 3102 return rc; 3103 rc = context_write(p, &c->context[0], fp); 3104 if (rc) 3105 return rc; 3106 break; 3107 } 3108 } 3109 } 3110 return 0; 3111 } 3112 3113 static int genfs_write(struct policydb *p, void *fp) 3114 { 3115 struct genfs *genfs; 3116 struct ocontext *c; 3117 size_t len; 3118 __le32 buf[1]; 3119 int rc; 3120 3121 len = 0; 3122 for (genfs = p->genfs; genfs; genfs = genfs->next) 3123 len++; 3124 buf[0] = cpu_to_le32(len); 3125 rc = put_entry(buf, sizeof(u32), 1, fp); 3126 if (rc) 3127 return rc; 3128 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3129 len = strlen(genfs->fstype); 3130 buf[0] = cpu_to_le32(len); 3131 rc = put_entry(buf, sizeof(u32), 1, fp); 3132 if (rc) 3133 return rc; 3134 rc = put_entry(genfs->fstype, 1, len, fp); 3135 if (rc) 3136 return rc; 3137 len = 0; 3138 for (c = genfs->head; c; c = c->next) 3139 len++; 3140 buf[0] = cpu_to_le32(len); 3141 rc = put_entry(buf, sizeof(u32), 1, fp); 3142 if (rc) 3143 return rc; 3144 for (c = genfs->head; c; c = c->next) { 3145 len = strlen(c->u.name); 3146 buf[0] = cpu_to_le32(len); 3147 rc = put_entry(buf, sizeof(u32), 1, fp); 3148 if (rc) 3149 return rc; 3150 rc = put_entry(c->u.name, 1, len, fp); 3151 if (rc) 3152 return rc; 3153 buf[0] = cpu_to_le32(c->v.sclass); 3154 rc = put_entry(buf, sizeof(u32), 1, fp); 3155 if (rc) 3156 return rc; 3157 rc = context_write(p, &c->context[0], fp); 3158 if (rc) 3159 return rc; 3160 } 3161 } 3162 return 0; 3163 } 3164 3165 static int hashtab_cnt(void *key, void *data, void *ptr) 3166 { 3167 int *cnt = ptr; 3168 *cnt = *cnt + 1; 3169 3170 return 0; 3171 } 3172 3173 static int range_write_helper(void *key, void *data, void *ptr) 3174 { 3175 __le32 buf[2]; 3176 struct range_trans *rt = key; 3177 struct mls_range *r = data; 3178 struct policy_data *pd = ptr; 3179 void *fp = pd->fp; 3180 struct policydb *p = pd->p; 3181 int rc; 3182 3183 buf[0] = cpu_to_le32(rt->source_type); 3184 buf[1] = cpu_to_le32(rt->target_type); 3185 rc = put_entry(buf, sizeof(u32), 2, fp); 3186 if (rc) 3187 return rc; 3188 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3189 buf[0] = cpu_to_le32(rt->target_class); 3190 rc = put_entry(buf, sizeof(u32), 1, fp); 3191 if (rc) 3192 return rc; 3193 } 3194 rc = mls_write_range_helper(r, fp); 3195 if (rc) 3196 return rc; 3197 3198 return 0; 3199 } 3200 3201 static int range_write(struct policydb *p, void *fp) 3202 { 3203 size_t nel; 3204 __le32 buf[1]; 3205 int rc; 3206 struct policy_data pd; 3207 3208 pd.p = p; 3209 pd.fp = fp; 3210 3211 /* count the number of entries in the hashtab */ 3212 nel = 0; 3213 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3214 if (rc) 3215 return rc; 3216 3217 buf[0] = cpu_to_le32(nel); 3218 rc = put_entry(buf, sizeof(u32), 1, fp); 3219 if (rc) 3220 return rc; 3221 3222 /* actually write all of the entries */ 3223 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3224 if (rc) 3225 return rc; 3226 3227 return 0; 3228 } 3229 3230 static int filename_write_helper(void *key, void *data, void *ptr) 3231 { 3232 __le32 buf[4]; 3233 struct filename_trans *ft = key; 3234 struct filename_trans_datum *otype = data; 3235 void *fp = ptr; 3236 int rc; 3237 u32 len; 3238 3239 len = strlen(ft->name); 3240 buf[0] = cpu_to_le32(len); 3241 rc = put_entry(buf, sizeof(u32), 1, fp); 3242 if (rc) 3243 return rc; 3244 3245 rc = put_entry(ft->name, sizeof(char), len, fp); 3246 if (rc) 3247 return rc; 3248 3249 buf[0] = ft->stype; 3250 buf[1] = ft->ttype; 3251 buf[2] = ft->tclass; 3252 buf[3] = otype->otype; 3253 3254 rc = put_entry(buf, sizeof(u32), 4, fp); 3255 if (rc) 3256 return rc; 3257 3258 return 0; 3259 } 3260 3261 static int filename_trans_write(struct policydb *p, void *fp) 3262 { 3263 u32 nel; 3264 __le32 buf[1]; 3265 int rc; 3266 3267 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3268 return 0; 3269 3270 nel = 0; 3271 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3272 if (rc) 3273 return rc; 3274 3275 buf[0] = cpu_to_le32(nel); 3276 rc = put_entry(buf, sizeof(u32), 1, fp); 3277 if (rc) 3278 return rc; 3279 3280 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3281 if (rc) 3282 return rc; 3283 3284 return 0; 3285 } 3286 3287 /* 3288 * Write the configuration data in a policy database 3289 * structure to a policy database binary representation 3290 * file. 3291 */ 3292 int policydb_write(struct policydb *p, void *fp) 3293 { 3294 unsigned int i, num_syms; 3295 int rc; 3296 __le32 buf[4]; 3297 u32 config; 3298 size_t len; 3299 struct policydb_compat_info *info; 3300 3301 /* 3302 * refuse to write policy older than compressed avtab 3303 * to simplify the writer. There are other tests dropped 3304 * since we assume this throughout the writer code. Be 3305 * careful if you ever try to remove this restriction 3306 */ 3307 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3308 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3309 " Because it is less than version %d\n", p->policyvers, 3310 POLICYDB_VERSION_AVTAB); 3311 return -EINVAL; 3312 } 3313 3314 config = 0; 3315 if (p->mls_enabled) 3316 config |= POLICYDB_CONFIG_MLS; 3317 3318 if (p->reject_unknown) 3319 config |= REJECT_UNKNOWN; 3320 if (p->allow_unknown) 3321 config |= ALLOW_UNKNOWN; 3322 3323 /* Write the magic number and string identifiers. */ 3324 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3325 len = strlen(POLICYDB_STRING); 3326 buf[1] = cpu_to_le32(len); 3327 rc = put_entry(buf, sizeof(u32), 2, fp); 3328 if (rc) 3329 return rc; 3330 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3331 if (rc) 3332 return rc; 3333 3334 /* Write the version, config, and table sizes. */ 3335 info = policydb_lookup_compat(p->policyvers); 3336 if (!info) { 3337 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3338 "version %d", p->policyvers); 3339 return -EINVAL; 3340 } 3341 3342 buf[0] = cpu_to_le32(p->policyvers); 3343 buf[1] = cpu_to_le32(config); 3344 buf[2] = cpu_to_le32(info->sym_num); 3345 buf[3] = cpu_to_le32(info->ocon_num); 3346 3347 rc = put_entry(buf, sizeof(u32), 4, fp); 3348 if (rc) 3349 return rc; 3350 3351 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3352 rc = ebitmap_write(&p->policycaps, fp); 3353 if (rc) 3354 return rc; 3355 } 3356 3357 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3358 rc = ebitmap_write(&p->permissive_map, fp); 3359 if (rc) 3360 return rc; 3361 } 3362 3363 num_syms = info->sym_num; 3364 for (i = 0; i < num_syms; i++) { 3365 struct policy_data pd; 3366 3367 pd.fp = fp; 3368 pd.p = p; 3369 3370 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3371 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3372 3373 rc = put_entry(buf, sizeof(u32), 2, fp); 3374 if (rc) 3375 return rc; 3376 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3377 if (rc) 3378 return rc; 3379 } 3380 3381 rc = avtab_write(p, &p->te_avtab, fp); 3382 if (rc) 3383 return rc; 3384 3385 rc = cond_write_list(p, p->cond_list, fp); 3386 if (rc) 3387 return rc; 3388 3389 rc = role_trans_write(p, fp); 3390 if (rc) 3391 return rc; 3392 3393 rc = role_allow_write(p->role_allow, fp); 3394 if (rc) 3395 return rc; 3396 3397 rc = filename_trans_write(p, fp); 3398 if (rc) 3399 return rc; 3400 3401 rc = ocontext_write(p, info, fp); 3402 if (rc) 3403 return rc; 3404 3405 rc = genfs_write(p, fp); 3406 if (rc) 3407 return rc; 3408 3409 rc = range_write(p, fp); 3410 if (rc) 3411 return rc; 3412 3413 for (i = 0; i < p->p_types.nprim; i++) { 3414 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3415 3416 BUG_ON(!e); 3417 rc = ebitmap_write(e, fp); 3418 if (rc) 3419 return rc; 3420 } 3421 3422 return 0; 3423 } 3424