1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 }; 147 148 static struct policydb_compat_info *policydb_lookup_compat(int version) 149 { 150 int i; 151 struct policydb_compat_info *info = NULL; 152 153 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 154 if (policydb_compat[i].version == version) { 155 info = &policydb_compat[i]; 156 break; 157 } 158 } 159 return info; 160 } 161 162 /* 163 * Initialize the role table. 164 */ 165 static int roles_init(struct policydb *p) 166 { 167 char *key = NULL; 168 int rc; 169 struct role_datum *role; 170 171 rc = -ENOMEM; 172 role = kzalloc(sizeof(*role), GFP_KERNEL); 173 if (!role) 174 goto out; 175 176 rc = -EINVAL; 177 role->value = ++p->p_roles.nprim; 178 if (role->value != OBJECT_R_VAL) 179 goto out; 180 181 rc = -ENOMEM; 182 key = kstrdup(OBJECT_R, GFP_KERNEL); 183 if (!key) 184 goto out; 185 186 rc = hashtab_insert(p->p_roles.table, key, role); 187 if (rc) 188 goto out; 189 190 return 0; 191 out: 192 kfree(key); 193 kfree(role); 194 return rc; 195 } 196 197 static u32 filenametr_hash(struct hashtab *h, const void *k) 198 { 199 const struct filename_trans *ft = k; 200 unsigned long hash; 201 unsigned int byte_num; 202 unsigned char focus; 203 204 hash = ft->stype ^ ft->ttype ^ ft->tclass; 205 206 byte_num = 0; 207 while ((focus = ft->name[byte_num++])) 208 hash = partial_name_hash(focus, hash); 209 return hash & (h->size - 1); 210 } 211 212 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 213 { 214 const struct filename_trans *ft1 = k1; 215 const struct filename_trans *ft2 = k2; 216 int v; 217 218 v = ft1->stype - ft2->stype; 219 if (v) 220 return v; 221 222 v = ft1->ttype - ft2->ttype; 223 if (v) 224 return v; 225 226 v = ft1->tclass - ft2->tclass; 227 if (v) 228 return v; 229 230 return strcmp(ft1->name, ft2->name); 231 232 } 233 234 static u32 rangetr_hash(struct hashtab *h, const void *k) 235 { 236 const struct range_trans *key = k; 237 return (key->source_type + (key->target_type << 3) + 238 (key->target_class << 5)) & (h->size - 1); 239 } 240 241 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 242 { 243 const struct range_trans *key1 = k1, *key2 = k2; 244 int v; 245 246 v = key1->source_type - key2->source_type; 247 if (v) 248 return v; 249 250 v = key1->target_type - key2->target_type; 251 if (v) 252 return v; 253 254 v = key1->target_class - key2->target_class; 255 256 return v; 257 } 258 259 /* 260 * Initialize a policy database structure. 261 */ 262 static int policydb_init(struct policydb *p) 263 { 264 int i, rc; 265 266 memset(p, 0, sizeof(*p)); 267 268 for (i = 0; i < SYM_NUM; i++) { 269 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 270 if (rc) 271 goto out; 272 } 273 274 rc = avtab_init(&p->te_avtab); 275 if (rc) 276 goto out; 277 278 rc = roles_init(p); 279 if (rc) 280 goto out; 281 282 rc = cond_policydb_init(p); 283 if (rc) 284 goto out; 285 286 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 287 if (!p->filename_trans) 288 goto out; 289 290 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 291 if (!p->range_tr) 292 goto out; 293 294 ebitmap_init(&p->filename_trans_ttypes); 295 ebitmap_init(&p->policycaps); 296 ebitmap_init(&p->permissive_map); 297 298 return 0; 299 out: 300 hashtab_destroy(p->filename_trans); 301 hashtab_destroy(p->range_tr); 302 for (i = 0; i < SYM_NUM; i++) 303 hashtab_destroy(p->symtab[i].table); 304 return rc; 305 } 306 307 /* 308 * The following *_index functions are used to 309 * define the val_to_name and val_to_struct arrays 310 * in a policy database structure. The val_to_name 311 * arrays are used when converting security context 312 * structures into string representations. The 313 * val_to_struct arrays are used when the attributes 314 * of a class, role, or user are needed. 315 */ 316 317 static int common_index(void *key, void *datum, void *datap) 318 { 319 struct policydb *p; 320 struct common_datum *comdatum; 321 struct flex_array *fa; 322 323 comdatum = datum; 324 p = datap; 325 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 326 return -EINVAL; 327 328 fa = p->sym_val_to_name[SYM_COMMONS]; 329 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 330 GFP_KERNEL | __GFP_ZERO)) 331 BUG(); 332 return 0; 333 } 334 335 static int class_index(void *key, void *datum, void *datap) 336 { 337 struct policydb *p; 338 struct class_datum *cladatum; 339 struct flex_array *fa; 340 341 cladatum = datum; 342 p = datap; 343 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 344 return -EINVAL; 345 fa = p->sym_val_to_name[SYM_CLASSES]; 346 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 347 GFP_KERNEL | __GFP_ZERO)) 348 BUG(); 349 p->class_val_to_struct[cladatum->value - 1] = cladatum; 350 return 0; 351 } 352 353 static int role_index(void *key, void *datum, void *datap) 354 { 355 struct policydb *p; 356 struct role_datum *role; 357 struct flex_array *fa; 358 359 role = datum; 360 p = datap; 361 if (!role->value 362 || role->value > p->p_roles.nprim 363 || role->bounds > p->p_roles.nprim) 364 return -EINVAL; 365 366 fa = p->sym_val_to_name[SYM_ROLES]; 367 if (flex_array_put_ptr(fa, role->value - 1, key, 368 GFP_KERNEL | __GFP_ZERO)) 369 BUG(); 370 p->role_val_to_struct[role->value - 1] = role; 371 return 0; 372 } 373 374 static int type_index(void *key, void *datum, void *datap) 375 { 376 struct policydb *p; 377 struct type_datum *typdatum; 378 struct flex_array *fa; 379 380 typdatum = datum; 381 p = datap; 382 383 if (typdatum->primary) { 384 if (!typdatum->value 385 || typdatum->value > p->p_types.nprim 386 || typdatum->bounds > p->p_types.nprim) 387 return -EINVAL; 388 fa = p->sym_val_to_name[SYM_TYPES]; 389 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 390 GFP_KERNEL | __GFP_ZERO)) 391 BUG(); 392 393 fa = p->type_val_to_struct_array; 394 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 395 GFP_KERNEL | __GFP_ZERO)) 396 BUG(); 397 } 398 399 return 0; 400 } 401 402 static int user_index(void *key, void *datum, void *datap) 403 { 404 struct policydb *p; 405 struct user_datum *usrdatum; 406 struct flex_array *fa; 407 408 usrdatum = datum; 409 p = datap; 410 if (!usrdatum->value 411 || usrdatum->value > p->p_users.nprim 412 || usrdatum->bounds > p->p_users.nprim) 413 return -EINVAL; 414 415 fa = p->sym_val_to_name[SYM_USERS]; 416 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 417 GFP_KERNEL | __GFP_ZERO)) 418 BUG(); 419 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 420 return 0; 421 } 422 423 static int sens_index(void *key, void *datum, void *datap) 424 { 425 struct policydb *p; 426 struct level_datum *levdatum; 427 struct flex_array *fa; 428 429 levdatum = datum; 430 p = datap; 431 432 if (!levdatum->isalias) { 433 if (!levdatum->level->sens || 434 levdatum->level->sens > p->p_levels.nprim) 435 return -EINVAL; 436 fa = p->sym_val_to_name[SYM_LEVELS]; 437 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 438 GFP_KERNEL | __GFP_ZERO)) 439 BUG(); 440 } 441 442 return 0; 443 } 444 445 static int cat_index(void *key, void *datum, void *datap) 446 { 447 struct policydb *p; 448 struct cat_datum *catdatum; 449 struct flex_array *fa; 450 451 catdatum = datum; 452 p = datap; 453 454 if (!catdatum->isalias) { 455 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 456 return -EINVAL; 457 fa = p->sym_val_to_name[SYM_CATS]; 458 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 459 GFP_KERNEL | __GFP_ZERO)) 460 BUG(); 461 } 462 463 return 0; 464 } 465 466 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 467 { 468 common_index, 469 class_index, 470 role_index, 471 type_index, 472 user_index, 473 cond_index_bool, 474 sens_index, 475 cat_index, 476 }; 477 478 #ifdef DEBUG_HASHES 479 static void hash_eval(struct hashtab *h, const char *hash_name) 480 { 481 struct hashtab_info info; 482 483 hashtab_stat(h, &info); 484 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 485 "longest chain length %d\n", hash_name, h->nel, 486 info.slots_used, h->size, info.max_chain_len); 487 } 488 489 static void symtab_hash_eval(struct symtab *s) 490 { 491 int i; 492 493 for (i = 0; i < SYM_NUM; i++) 494 hash_eval(s[i].table, symtab_name[i]); 495 } 496 497 #else 498 static inline void hash_eval(struct hashtab *h, char *hash_name) 499 { 500 } 501 #endif 502 503 /* 504 * Define the other val_to_name and val_to_struct arrays 505 * in a policy database structure. 506 * 507 * Caller must clean up on failure. 508 */ 509 static int policydb_index(struct policydb *p) 510 { 511 int i, rc; 512 513 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 514 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 515 if (p->mls_enabled) 516 printk(", %d sens, %d cats", p->p_levels.nprim, 517 p->p_cats.nprim); 518 printk("\n"); 519 520 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 521 p->p_classes.nprim, p->te_avtab.nel); 522 523 #ifdef DEBUG_HASHES 524 avtab_hash_eval(&p->te_avtab, "rules"); 525 symtab_hash_eval(p->symtab); 526 #endif 527 528 rc = -ENOMEM; 529 p->class_val_to_struct = 530 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 531 GFP_KERNEL); 532 if (!p->class_val_to_struct) 533 goto out; 534 535 rc = -ENOMEM; 536 p->role_val_to_struct = 537 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 538 GFP_KERNEL); 539 if (!p->role_val_to_struct) 540 goto out; 541 542 rc = -ENOMEM; 543 p->user_val_to_struct = 544 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 545 GFP_KERNEL); 546 if (!p->user_val_to_struct) 547 goto out; 548 549 /* Yes, I want the sizeof the pointer, not the structure */ 550 rc = -ENOMEM; 551 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 552 p->p_types.nprim, 553 GFP_KERNEL | __GFP_ZERO); 554 if (!p->type_val_to_struct_array) 555 goto out; 556 557 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 558 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 559 if (rc) 560 goto out; 561 562 rc = cond_init_bool_indexes(p); 563 if (rc) 564 goto out; 565 566 for (i = 0; i < SYM_NUM; i++) { 567 rc = -ENOMEM; 568 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 569 p->symtab[i].nprim, 570 GFP_KERNEL | __GFP_ZERO); 571 if (!p->sym_val_to_name[i]) 572 goto out; 573 574 rc = flex_array_prealloc(p->sym_val_to_name[i], 575 0, p->symtab[i].nprim, 576 GFP_KERNEL | __GFP_ZERO); 577 if (rc) 578 goto out; 579 580 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 581 if (rc) 582 goto out; 583 } 584 rc = 0; 585 out: 586 return rc; 587 } 588 589 /* 590 * The following *_destroy functions are used to 591 * free any memory allocated for each kind of 592 * symbol data in the policy database. 593 */ 594 595 static int perm_destroy(void *key, void *datum, void *p) 596 { 597 kfree(key); 598 kfree(datum); 599 return 0; 600 } 601 602 static int common_destroy(void *key, void *datum, void *p) 603 { 604 struct common_datum *comdatum; 605 606 kfree(key); 607 if (datum) { 608 comdatum = datum; 609 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 610 hashtab_destroy(comdatum->permissions.table); 611 } 612 kfree(datum); 613 return 0; 614 } 615 616 static int cls_destroy(void *key, void *datum, void *p) 617 { 618 struct class_datum *cladatum; 619 struct constraint_node *constraint, *ctemp; 620 struct constraint_expr *e, *etmp; 621 622 kfree(key); 623 if (datum) { 624 cladatum = datum; 625 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 626 hashtab_destroy(cladatum->permissions.table); 627 constraint = cladatum->constraints; 628 while (constraint) { 629 e = constraint->expr; 630 while (e) { 631 ebitmap_destroy(&e->names); 632 etmp = e; 633 e = e->next; 634 kfree(etmp); 635 } 636 ctemp = constraint; 637 constraint = constraint->next; 638 kfree(ctemp); 639 } 640 641 constraint = cladatum->validatetrans; 642 while (constraint) { 643 e = constraint->expr; 644 while (e) { 645 ebitmap_destroy(&e->names); 646 etmp = e; 647 e = e->next; 648 kfree(etmp); 649 } 650 ctemp = constraint; 651 constraint = constraint->next; 652 kfree(ctemp); 653 } 654 655 kfree(cladatum->comkey); 656 } 657 kfree(datum); 658 return 0; 659 } 660 661 static int role_destroy(void *key, void *datum, void *p) 662 { 663 struct role_datum *role; 664 665 kfree(key); 666 if (datum) { 667 role = datum; 668 ebitmap_destroy(&role->dominates); 669 ebitmap_destroy(&role->types); 670 } 671 kfree(datum); 672 return 0; 673 } 674 675 static int type_destroy(void *key, void *datum, void *p) 676 { 677 kfree(key); 678 kfree(datum); 679 return 0; 680 } 681 682 static int user_destroy(void *key, void *datum, void *p) 683 { 684 struct user_datum *usrdatum; 685 686 kfree(key); 687 if (datum) { 688 usrdatum = datum; 689 ebitmap_destroy(&usrdatum->roles); 690 ebitmap_destroy(&usrdatum->range.level[0].cat); 691 ebitmap_destroy(&usrdatum->range.level[1].cat); 692 ebitmap_destroy(&usrdatum->dfltlevel.cat); 693 } 694 kfree(datum); 695 return 0; 696 } 697 698 static int sens_destroy(void *key, void *datum, void *p) 699 { 700 struct level_datum *levdatum; 701 702 kfree(key); 703 if (datum) { 704 levdatum = datum; 705 ebitmap_destroy(&levdatum->level->cat); 706 kfree(levdatum->level); 707 } 708 kfree(datum); 709 return 0; 710 } 711 712 static int cat_destroy(void *key, void *datum, void *p) 713 { 714 kfree(key); 715 kfree(datum); 716 return 0; 717 } 718 719 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 720 { 721 common_destroy, 722 cls_destroy, 723 role_destroy, 724 type_destroy, 725 user_destroy, 726 cond_destroy_bool, 727 sens_destroy, 728 cat_destroy, 729 }; 730 731 static int filenametr_destroy(void *key, void *datum, void *p) 732 { 733 struct filename_trans *ft = key; 734 kfree(ft->name); 735 kfree(key); 736 kfree(datum); 737 cond_resched(); 738 return 0; 739 } 740 741 static int range_tr_destroy(void *key, void *datum, void *p) 742 { 743 struct mls_range *rt = datum; 744 kfree(key); 745 ebitmap_destroy(&rt->level[0].cat); 746 ebitmap_destroy(&rt->level[1].cat); 747 kfree(datum); 748 cond_resched(); 749 return 0; 750 } 751 752 static void ocontext_destroy(struct ocontext *c, int i) 753 { 754 if (!c) 755 return; 756 757 context_destroy(&c->context[0]); 758 context_destroy(&c->context[1]); 759 if (i == OCON_ISID || i == OCON_FS || 760 i == OCON_NETIF || i == OCON_FSUSE) 761 kfree(c->u.name); 762 kfree(c); 763 } 764 765 /* 766 * Free any memory allocated by a policy database structure. 767 */ 768 void policydb_destroy(struct policydb *p) 769 { 770 struct ocontext *c, *ctmp; 771 struct genfs *g, *gtmp; 772 int i; 773 struct role_allow *ra, *lra = NULL; 774 struct role_trans *tr, *ltr = NULL; 775 776 for (i = 0; i < SYM_NUM; i++) { 777 cond_resched(); 778 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 779 hashtab_destroy(p->symtab[i].table); 780 } 781 782 for (i = 0; i < SYM_NUM; i++) { 783 if (p->sym_val_to_name[i]) 784 flex_array_free(p->sym_val_to_name[i]); 785 } 786 787 kfree(p->class_val_to_struct); 788 kfree(p->role_val_to_struct); 789 kfree(p->user_val_to_struct); 790 if (p->type_val_to_struct_array) 791 flex_array_free(p->type_val_to_struct_array); 792 793 avtab_destroy(&p->te_avtab); 794 795 for (i = 0; i < OCON_NUM; i++) { 796 cond_resched(); 797 c = p->ocontexts[i]; 798 while (c) { 799 ctmp = c; 800 c = c->next; 801 ocontext_destroy(ctmp, i); 802 } 803 p->ocontexts[i] = NULL; 804 } 805 806 g = p->genfs; 807 while (g) { 808 cond_resched(); 809 kfree(g->fstype); 810 c = g->head; 811 while (c) { 812 ctmp = c; 813 c = c->next; 814 ocontext_destroy(ctmp, OCON_FSUSE); 815 } 816 gtmp = g; 817 g = g->next; 818 kfree(gtmp); 819 } 820 p->genfs = NULL; 821 822 cond_policydb_destroy(p); 823 824 for (tr = p->role_tr; tr; tr = tr->next) { 825 cond_resched(); 826 kfree(ltr); 827 ltr = tr; 828 } 829 kfree(ltr); 830 831 for (ra = p->role_allow; ra; ra = ra->next) { 832 cond_resched(); 833 kfree(lra); 834 lra = ra; 835 } 836 kfree(lra); 837 838 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 839 hashtab_destroy(p->filename_trans); 840 841 hashtab_map(p->range_tr, range_tr_destroy, NULL); 842 hashtab_destroy(p->range_tr); 843 844 if (p->type_attr_map_array) { 845 for (i = 0; i < p->p_types.nprim; i++) { 846 struct ebitmap *e; 847 848 e = flex_array_get(p->type_attr_map_array, i); 849 if (!e) 850 continue; 851 ebitmap_destroy(e); 852 } 853 flex_array_free(p->type_attr_map_array); 854 } 855 856 ebitmap_destroy(&p->filename_trans_ttypes); 857 ebitmap_destroy(&p->policycaps); 858 ebitmap_destroy(&p->permissive_map); 859 860 return; 861 } 862 863 /* 864 * Load the initial SIDs specified in a policy database 865 * structure into a SID table. 866 */ 867 int policydb_load_isids(struct policydb *p, struct sidtab *s) 868 { 869 struct ocontext *head, *c; 870 int rc; 871 872 rc = sidtab_init(s); 873 if (rc) { 874 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 875 goto out; 876 } 877 878 head = p->ocontexts[OCON_ISID]; 879 for (c = head; c; c = c->next) { 880 rc = -EINVAL; 881 if (!c->context[0].user) { 882 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 883 c->u.name); 884 goto out; 885 } 886 887 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 888 if (rc) { 889 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 890 c->u.name); 891 goto out; 892 } 893 } 894 rc = 0; 895 out: 896 return rc; 897 } 898 899 int policydb_class_isvalid(struct policydb *p, unsigned int class) 900 { 901 if (!class || class > p->p_classes.nprim) 902 return 0; 903 return 1; 904 } 905 906 int policydb_role_isvalid(struct policydb *p, unsigned int role) 907 { 908 if (!role || role > p->p_roles.nprim) 909 return 0; 910 return 1; 911 } 912 913 int policydb_type_isvalid(struct policydb *p, unsigned int type) 914 { 915 if (!type || type > p->p_types.nprim) 916 return 0; 917 return 1; 918 } 919 920 /* 921 * Return 1 if the fields in the security context 922 * structure `c' are valid. Return 0 otherwise. 923 */ 924 int policydb_context_isvalid(struct policydb *p, struct context *c) 925 { 926 struct role_datum *role; 927 struct user_datum *usrdatum; 928 929 if (!c->role || c->role > p->p_roles.nprim) 930 return 0; 931 932 if (!c->user || c->user > p->p_users.nprim) 933 return 0; 934 935 if (!c->type || c->type > p->p_types.nprim) 936 return 0; 937 938 if (c->role != OBJECT_R_VAL) { 939 /* 940 * Role must be authorized for the type. 941 */ 942 role = p->role_val_to_struct[c->role - 1]; 943 if (!ebitmap_get_bit(&role->types, c->type - 1)) 944 /* role may not be associated with type */ 945 return 0; 946 947 /* 948 * User must be authorized for the role. 949 */ 950 usrdatum = p->user_val_to_struct[c->user - 1]; 951 if (!usrdatum) 952 return 0; 953 954 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 955 /* user may not be associated with role */ 956 return 0; 957 } 958 959 if (!mls_context_isvalid(p, c)) 960 return 0; 961 962 return 1; 963 } 964 965 /* 966 * Read a MLS range structure from a policydb binary 967 * representation file. 968 */ 969 static int mls_read_range_helper(struct mls_range *r, void *fp) 970 { 971 __le32 buf[2]; 972 u32 items; 973 int rc; 974 975 rc = next_entry(buf, fp, sizeof(u32)); 976 if (rc) 977 goto out; 978 979 rc = -EINVAL; 980 items = le32_to_cpu(buf[0]); 981 if (items > ARRAY_SIZE(buf)) { 982 printk(KERN_ERR "SELinux: mls: range overflow\n"); 983 goto out; 984 } 985 986 rc = next_entry(buf, fp, sizeof(u32) * items); 987 if (rc) { 988 printk(KERN_ERR "SELinux: mls: truncated range\n"); 989 goto out; 990 } 991 992 r->level[0].sens = le32_to_cpu(buf[0]); 993 if (items > 1) 994 r->level[1].sens = le32_to_cpu(buf[1]); 995 else 996 r->level[1].sens = r->level[0].sens; 997 998 rc = ebitmap_read(&r->level[0].cat, fp); 999 if (rc) { 1000 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1001 goto out; 1002 } 1003 if (items > 1) { 1004 rc = ebitmap_read(&r->level[1].cat, fp); 1005 if (rc) { 1006 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1007 goto bad_high; 1008 } 1009 } else { 1010 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1011 if (rc) { 1012 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1013 goto bad_high; 1014 } 1015 } 1016 1017 return 0; 1018 bad_high: 1019 ebitmap_destroy(&r->level[0].cat); 1020 out: 1021 return rc; 1022 } 1023 1024 /* 1025 * Read and validate a security context structure 1026 * from a policydb binary representation file. 1027 */ 1028 static int context_read_and_validate(struct context *c, 1029 struct policydb *p, 1030 void *fp) 1031 { 1032 __le32 buf[3]; 1033 int rc; 1034 1035 rc = next_entry(buf, fp, sizeof buf); 1036 if (rc) { 1037 printk(KERN_ERR "SELinux: context truncated\n"); 1038 goto out; 1039 } 1040 c->user = le32_to_cpu(buf[0]); 1041 c->role = le32_to_cpu(buf[1]); 1042 c->type = le32_to_cpu(buf[2]); 1043 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1044 rc = mls_read_range_helper(&c->range, fp); 1045 if (rc) { 1046 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1047 goto out; 1048 } 1049 } 1050 1051 rc = -EINVAL; 1052 if (!policydb_context_isvalid(p, c)) { 1053 printk(KERN_ERR "SELinux: invalid security context\n"); 1054 context_destroy(c); 1055 goto out; 1056 } 1057 rc = 0; 1058 out: 1059 return rc; 1060 } 1061 1062 /* 1063 * The following *_read functions are used to 1064 * read the symbol data from a policy database 1065 * binary representation file. 1066 */ 1067 1068 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1069 { 1070 char *key = NULL; 1071 struct perm_datum *perdatum; 1072 int rc; 1073 __le32 buf[2]; 1074 u32 len; 1075 1076 rc = -ENOMEM; 1077 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1078 if (!perdatum) 1079 goto bad; 1080 1081 rc = next_entry(buf, fp, sizeof buf); 1082 if (rc) 1083 goto bad; 1084 1085 len = le32_to_cpu(buf[0]); 1086 perdatum->value = le32_to_cpu(buf[1]); 1087 1088 rc = -ENOMEM; 1089 key = kmalloc(len + 1, GFP_KERNEL); 1090 if (!key) 1091 goto bad; 1092 1093 rc = next_entry(key, fp, len); 1094 if (rc) 1095 goto bad; 1096 key[len] = '\0'; 1097 1098 rc = hashtab_insert(h, key, perdatum); 1099 if (rc) 1100 goto bad; 1101 1102 return 0; 1103 bad: 1104 perm_destroy(key, perdatum, NULL); 1105 return rc; 1106 } 1107 1108 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1109 { 1110 char *key = NULL; 1111 struct common_datum *comdatum; 1112 __le32 buf[4]; 1113 u32 len, nel; 1114 int i, rc; 1115 1116 rc = -ENOMEM; 1117 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1118 if (!comdatum) 1119 goto bad; 1120 1121 rc = next_entry(buf, fp, sizeof buf); 1122 if (rc) 1123 goto bad; 1124 1125 len = le32_to_cpu(buf[0]); 1126 comdatum->value = le32_to_cpu(buf[1]); 1127 1128 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1129 if (rc) 1130 goto bad; 1131 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1132 nel = le32_to_cpu(buf[3]); 1133 1134 rc = -ENOMEM; 1135 key = kmalloc(len + 1, GFP_KERNEL); 1136 if (!key) 1137 goto bad; 1138 1139 rc = next_entry(key, fp, len); 1140 if (rc) 1141 goto bad; 1142 key[len] = '\0'; 1143 1144 for (i = 0; i < nel; i++) { 1145 rc = perm_read(p, comdatum->permissions.table, fp); 1146 if (rc) 1147 goto bad; 1148 } 1149 1150 rc = hashtab_insert(h, key, comdatum); 1151 if (rc) 1152 goto bad; 1153 return 0; 1154 bad: 1155 common_destroy(key, comdatum, NULL); 1156 return rc; 1157 } 1158 1159 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1160 int allowxtarget, void *fp) 1161 { 1162 struct constraint_node *c, *lc; 1163 struct constraint_expr *e, *le; 1164 __le32 buf[3]; 1165 u32 nexpr; 1166 int rc, i, j, depth; 1167 1168 lc = NULL; 1169 for (i = 0; i < ncons; i++) { 1170 c = kzalloc(sizeof(*c), GFP_KERNEL); 1171 if (!c) 1172 return -ENOMEM; 1173 1174 if (lc) 1175 lc->next = c; 1176 else 1177 *nodep = c; 1178 1179 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1180 if (rc) 1181 return rc; 1182 c->permissions = le32_to_cpu(buf[0]); 1183 nexpr = le32_to_cpu(buf[1]); 1184 le = NULL; 1185 depth = -1; 1186 for (j = 0; j < nexpr; j++) { 1187 e = kzalloc(sizeof(*e), GFP_KERNEL); 1188 if (!e) 1189 return -ENOMEM; 1190 1191 if (le) 1192 le->next = e; 1193 else 1194 c->expr = e; 1195 1196 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1197 if (rc) 1198 return rc; 1199 e->expr_type = le32_to_cpu(buf[0]); 1200 e->attr = le32_to_cpu(buf[1]); 1201 e->op = le32_to_cpu(buf[2]); 1202 1203 switch (e->expr_type) { 1204 case CEXPR_NOT: 1205 if (depth < 0) 1206 return -EINVAL; 1207 break; 1208 case CEXPR_AND: 1209 case CEXPR_OR: 1210 if (depth < 1) 1211 return -EINVAL; 1212 depth--; 1213 break; 1214 case CEXPR_ATTR: 1215 if (depth == (CEXPR_MAXDEPTH - 1)) 1216 return -EINVAL; 1217 depth++; 1218 break; 1219 case CEXPR_NAMES: 1220 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1221 return -EINVAL; 1222 if (depth == (CEXPR_MAXDEPTH - 1)) 1223 return -EINVAL; 1224 depth++; 1225 rc = ebitmap_read(&e->names, fp); 1226 if (rc) 1227 return rc; 1228 break; 1229 default: 1230 return -EINVAL; 1231 } 1232 le = e; 1233 } 1234 if (depth != 0) 1235 return -EINVAL; 1236 lc = c; 1237 } 1238 1239 return 0; 1240 } 1241 1242 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1243 { 1244 char *key = NULL; 1245 struct class_datum *cladatum; 1246 __le32 buf[6]; 1247 u32 len, len2, ncons, nel; 1248 int i, rc; 1249 1250 rc = -ENOMEM; 1251 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1252 if (!cladatum) 1253 goto bad; 1254 1255 rc = next_entry(buf, fp, sizeof(u32)*6); 1256 if (rc) 1257 goto bad; 1258 1259 len = le32_to_cpu(buf[0]); 1260 len2 = le32_to_cpu(buf[1]); 1261 cladatum->value = le32_to_cpu(buf[2]); 1262 1263 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1264 if (rc) 1265 goto bad; 1266 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1267 nel = le32_to_cpu(buf[4]); 1268 1269 ncons = le32_to_cpu(buf[5]); 1270 1271 rc = -ENOMEM; 1272 key = kmalloc(len + 1, GFP_KERNEL); 1273 if (!key) 1274 goto bad; 1275 1276 rc = next_entry(key, fp, len); 1277 if (rc) 1278 goto bad; 1279 key[len] = '\0'; 1280 1281 if (len2) { 1282 rc = -ENOMEM; 1283 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1284 if (!cladatum->comkey) 1285 goto bad; 1286 rc = next_entry(cladatum->comkey, fp, len2); 1287 if (rc) 1288 goto bad; 1289 cladatum->comkey[len2] = '\0'; 1290 1291 rc = -EINVAL; 1292 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1293 if (!cladatum->comdatum) { 1294 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1295 goto bad; 1296 } 1297 } 1298 for (i = 0; i < nel; i++) { 1299 rc = perm_read(p, cladatum->permissions.table, fp); 1300 if (rc) 1301 goto bad; 1302 } 1303 1304 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1305 if (rc) 1306 goto bad; 1307 1308 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1309 /* grab the validatetrans rules */ 1310 rc = next_entry(buf, fp, sizeof(u32)); 1311 if (rc) 1312 goto bad; 1313 ncons = le32_to_cpu(buf[0]); 1314 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1315 if (rc) 1316 goto bad; 1317 } 1318 1319 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1320 rc = next_entry(buf, fp, sizeof(u32) * 3); 1321 if (rc) 1322 goto bad; 1323 1324 cladatum->default_user = le32_to_cpu(buf[0]); 1325 cladatum->default_role = le32_to_cpu(buf[1]); 1326 cladatum->default_range = le32_to_cpu(buf[2]); 1327 } 1328 1329 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1330 rc = next_entry(buf, fp, sizeof(u32) * 1); 1331 if (rc) 1332 goto bad; 1333 cladatum->default_type = le32_to_cpu(buf[0]); 1334 } 1335 1336 rc = hashtab_insert(h, key, cladatum); 1337 if (rc) 1338 goto bad; 1339 1340 return 0; 1341 bad: 1342 cls_destroy(key, cladatum, NULL); 1343 return rc; 1344 } 1345 1346 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1347 { 1348 char *key = NULL; 1349 struct role_datum *role; 1350 int rc, to_read = 2; 1351 __le32 buf[3]; 1352 u32 len; 1353 1354 rc = -ENOMEM; 1355 role = kzalloc(sizeof(*role), GFP_KERNEL); 1356 if (!role) 1357 goto bad; 1358 1359 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1360 to_read = 3; 1361 1362 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1363 if (rc) 1364 goto bad; 1365 1366 len = le32_to_cpu(buf[0]); 1367 role->value = le32_to_cpu(buf[1]); 1368 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1369 role->bounds = le32_to_cpu(buf[2]); 1370 1371 rc = -ENOMEM; 1372 key = kmalloc(len + 1, GFP_KERNEL); 1373 if (!key) 1374 goto bad; 1375 1376 rc = next_entry(key, fp, len); 1377 if (rc) 1378 goto bad; 1379 key[len] = '\0'; 1380 1381 rc = ebitmap_read(&role->dominates, fp); 1382 if (rc) 1383 goto bad; 1384 1385 rc = ebitmap_read(&role->types, fp); 1386 if (rc) 1387 goto bad; 1388 1389 if (strcmp(key, OBJECT_R) == 0) { 1390 rc = -EINVAL; 1391 if (role->value != OBJECT_R_VAL) { 1392 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1393 OBJECT_R, role->value); 1394 goto bad; 1395 } 1396 rc = 0; 1397 goto bad; 1398 } 1399 1400 rc = hashtab_insert(h, key, role); 1401 if (rc) 1402 goto bad; 1403 return 0; 1404 bad: 1405 role_destroy(key, role, NULL); 1406 return rc; 1407 } 1408 1409 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1410 { 1411 char *key = NULL; 1412 struct type_datum *typdatum; 1413 int rc, to_read = 3; 1414 __le32 buf[4]; 1415 u32 len; 1416 1417 rc = -ENOMEM; 1418 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1419 if (!typdatum) 1420 goto bad; 1421 1422 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1423 to_read = 4; 1424 1425 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1426 if (rc) 1427 goto bad; 1428 1429 len = le32_to_cpu(buf[0]); 1430 typdatum->value = le32_to_cpu(buf[1]); 1431 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1432 u32 prop = le32_to_cpu(buf[2]); 1433 1434 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1435 typdatum->primary = 1; 1436 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1437 typdatum->attribute = 1; 1438 1439 typdatum->bounds = le32_to_cpu(buf[3]); 1440 } else { 1441 typdatum->primary = le32_to_cpu(buf[2]); 1442 } 1443 1444 rc = -ENOMEM; 1445 key = kmalloc(len + 1, GFP_KERNEL); 1446 if (!key) 1447 goto bad; 1448 rc = next_entry(key, fp, len); 1449 if (rc) 1450 goto bad; 1451 key[len] = '\0'; 1452 1453 rc = hashtab_insert(h, key, typdatum); 1454 if (rc) 1455 goto bad; 1456 return 0; 1457 bad: 1458 type_destroy(key, typdatum, NULL); 1459 return rc; 1460 } 1461 1462 1463 /* 1464 * Read a MLS level structure from a policydb binary 1465 * representation file. 1466 */ 1467 static int mls_read_level(struct mls_level *lp, void *fp) 1468 { 1469 __le32 buf[1]; 1470 int rc; 1471 1472 memset(lp, 0, sizeof(*lp)); 1473 1474 rc = next_entry(buf, fp, sizeof buf); 1475 if (rc) { 1476 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1477 return rc; 1478 } 1479 lp->sens = le32_to_cpu(buf[0]); 1480 1481 rc = ebitmap_read(&lp->cat, fp); 1482 if (rc) { 1483 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1484 return rc; 1485 } 1486 return 0; 1487 } 1488 1489 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1490 { 1491 char *key = NULL; 1492 struct user_datum *usrdatum; 1493 int rc, to_read = 2; 1494 __le32 buf[3]; 1495 u32 len; 1496 1497 rc = -ENOMEM; 1498 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1499 if (!usrdatum) 1500 goto bad; 1501 1502 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1503 to_read = 3; 1504 1505 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1506 if (rc) 1507 goto bad; 1508 1509 len = le32_to_cpu(buf[0]); 1510 usrdatum->value = le32_to_cpu(buf[1]); 1511 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1512 usrdatum->bounds = le32_to_cpu(buf[2]); 1513 1514 rc = -ENOMEM; 1515 key = kmalloc(len + 1, GFP_KERNEL); 1516 if (!key) 1517 goto bad; 1518 rc = next_entry(key, fp, len); 1519 if (rc) 1520 goto bad; 1521 key[len] = '\0'; 1522 1523 rc = ebitmap_read(&usrdatum->roles, fp); 1524 if (rc) 1525 goto bad; 1526 1527 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1528 rc = mls_read_range_helper(&usrdatum->range, fp); 1529 if (rc) 1530 goto bad; 1531 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1532 if (rc) 1533 goto bad; 1534 } 1535 1536 rc = hashtab_insert(h, key, usrdatum); 1537 if (rc) 1538 goto bad; 1539 return 0; 1540 bad: 1541 user_destroy(key, usrdatum, NULL); 1542 return rc; 1543 } 1544 1545 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1546 { 1547 char *key = NULL; 1548 struct level_datum *levdatum; 1549 int rc; 1550 __le32 buf[2]; 1551 u32 len; 1552 1553 rc = -ENOMEM; 1554 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1555 if (!levdatum) 1556 goto bad; 1557 1558 rc = next_entry(buf, fp, sizeof buf); 1559 if (rc) 1560 goto bad; 1561 1562 len = le32_to_cpu(buf[0]); 1563 levdatum->isalias = le32_to_cpu(buf[1]); 1564 1565 rc = -ENOMEM; 1566 key = kmalloc(len + 1, GFP_ATOMIC); 1567 if (!key) 1568 goto bad; 1569 rc = next_entry(key, fp, len); 1570 if (rc) 1571 goto bad; 1572 key[len] = '\0'; 1573 1574 rc = -ENOMEM; 1575 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1576 if (!levdatum->level) 1577 goto bad; 1578 1579 rc = mls_read_level(levdatum->level, fp); 1580 if (rc) 1581 goto bad; 1582 1583 rc = hashtab_insert(h, key, levdatum); 1584 if (rc) 1585 goto bad; 1586 return 0; 1587 bad: 1588 sens_destroy(key, levdatum, NULL); 1589 return rc; 1590 } 1591 1592 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1593 { 1594 char *key = NULL; 1595 struct cat_datum *catdatum; 1596 int rc; 1597 __le32 buf[3]; 1598 u32 len; 1599 1600 rc = -ENOMEM; 1601 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1602 if (!catdatum) 1603 goto bad; 1604 1605 rc = next_entry(buf, fp, sizeof buf); 1606 if (rc) 1607 goto bad; 1608 1609 len = le32_to_cpu(buf[0]); 1610 catdatum->value = le32_to_cpu(buf[1]); 1611 catdatum->isalias = le32_to_cpu(buf[2]); 1612 1613 rc = -ENOMEM; 1614 key = kmalloc(len + 1, GFP_ATOMIC); 1615 if (!key) 1616 goto bad; 1617 rc = next_entry(key, fp, len); 1618 if (rc) 1619 goto bad; 1620 key[len] = '\0'; 1621 1622 rc = hashtab_insert(h, key, catdatum); 1623 if (rc) 1624 goto bad; 1625 return 0; 1626 bad: 1627 cat_destroy(key, catdatum, NULL); 1628 return rc; 1629 } 1630 1631 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1632 { 1633 common_read, 1634 class_read, 1635 role_read, 1636 type_read, 1637 user_read, 1638 cond_read_bool, 1639 sens_read, 1640 cat_read, 1641 }; 1642 1643 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1644 { 1645 struct user_datum *upper, *user; 1646 struct policydb *p = datap; 1647 int depth = 0; 1648 1649 upper = user = datum; 1650 while (upper->bounds) { 1651 struct ebitmap_node *node; 1652 unsigned long bit; 1653 1654 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1655 printk(KERN_ERR "SELinux: user %s: " 1656 "too deep or looped boundary", 1657 (char *) key); 1658 return -EINVAL; 1659 } 1660 1661 upper = p->user_val_to_struct[upper->bounds - 1]; 1662 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1663 if (ebitmap_get_bit(&upper->roles, bit)) 1664 continue; 1665 1666 printk(KERN_ERR 1667 "SELinux: boundary violated policy: " 1668 "user=%s role=%s bounds=%s\n", 1669 sym_name(p, SYM_USERS, user->value - 1), 1670 sym_name(p, SYM_ROLES, bit), 1671 sym_name(p, SYM_USERS, upper->value - 1)); 1672 1673 return -EINVAL; 1674 } 1675 } 1676 1677 return 0; 1678 } 1679 1680 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1681 { 1682 struct role_datum *upper, *role; 1683 struct policydb *p = datap; 1684 int depth = 0; 1685 1686 upper = role = datum; 1687 while (upper->bounds) { 1688 struct ebitmap_node *node; 1689 unsigned long bit; 1690 1691 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1692 printk(KERN_ERR "SELinux: role %s: " 1693 "too deep or looped bounds\n", 1694 (char *) key); 1695 return -EINVAL; 1696 } 1697 1698 upper = p->role_val_to_struct[upper->bounds - 1]; 1699 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1700 if (ebitmap_get_bit(&upper->types, bit)) 1701 continue; 1702 1703 printk(KERN_ERR 1704 "SELinux: boundary violated policy: " 1705 "role=%s type=%s bounds=%s\n", 1706 sym_name(p, SYM_ROLES, role->value - 1), 1707 sym_name(p, SYM_TYPES, bit), 1708 sym_name(p, SYM_ROLES, upper->value - 1)); 1709 1710 return -EINVAL; 1711 } 1712 } 1713 1714 return 0; 1715 } 1716 1717 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1718 { 1719 struct type_datum *upper; 1720 struct policydb *p = datap; 1721 int depth = 0; 1722 1723 upper = datum; 1724 while (upper->bounds) { 1725 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1726 printk(KERN_ERR "SELinux: type %s: " 1727 "too deep or looped boundary\n", 1728 (char *) key); 1729 return -EINVAL; 1730 } 1731 1732 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1733 upper->bounds - 1); 1734 BUG_ON(!upper); 1735 1736 if (upper->attribute) { 1737 printk(KERN_ERR "SELinux: type %s: " 1738 "bounded by attribute %s", 1739 (char *) key, 1740 sym_name(p, SYM_TYPES, upper->value - 1)); 1741 return -EINVAL; 1742 } 1743 } 1744 1745 return 0; 1746 } 1747 1748 static int policydb_bounds_sanity_check(struct policydb *p) 1749 { 1750 int rc; 1751 1752 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1753 return 0; 1754 1755 rc = hashtab_map(p->p_users.table, 1756 user_bounds_sanity_check, p); 1757 if (rc) 1758 return rc; 1759 1760 rc = hashtab_map(p->p_roles.table, 1761 role_bounds_sanity_check, p); 1762 if (rc) 1763 return rc; 1764 1765 rc = hashtab_map(p->p_types.table, 1766 type_bounds_sanity_check, p); 1767 if (rc) 1768 return rc; 1769 1770 return 0; 1771 } 1772 1773 u16 string_to_security_class(struct policydb *p, const char *name) 1774 { 1775 struct class_datum *cladatum; 1776 1777 cladatum = hashtab_search(p->p_classes.table, name); 1778 if (!cladatum) 1779 return 0; 1780 1781 return cladatum->value; 1782 } 1783 1784 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1785 { 1786 struct class_datum *cladatum; 1787 struct perm_datum *perdatum = NULL; 1788 struct common_datum *comdatum; 1789 1790 if (!tclass || tclass > p->p_classes.nprim) 1791 return 0; 1792 1793 cladatum = p->class_val_to_struct[tclass-1]; 1794 comdatum = cladatum->comdatum; 1795 if (comdatum) 1796 perdatum = hashtab_search(comdatum->permissions.table, 1797 name); 1798 if (!perdatum) 1799 perdatum = hashtab_search(cladatum->permissions.table, 1800 name); 1801 if (!perdatum) 1802 return 0; 1803 1804 return 1U << (perdatum->value-1); 1805 } 1806 1807 static int range_read(struct policydb *p, void *fp) 1808 { 1809 struct range_trans *rt = NULL; 1810 struct mls_range *r = NULL; 1811 int i, rc; 1812 __le32 buf[2]; 1813 u32 nel; 1814 1815 if (p->policyvers < POLICYDB_VERSION_MLS) 1816 return 0; 1817 1818 rc = next_entry(buf, fp, sizeof(u32)); 1819 if (rc) 1820 goto out; 1821 1822 nel = le32_to_cpu(buf[0]); 1823 for (i = 0; i < nel; i++) { 1824 rc = -ENOMEM; 1825 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1826 if (!rt) 1827 goto out; 1828 1829 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1830 if (rc) 1831 goto out; 1832 1833 rt->source_type = le32_to_cpu(buf[0]); 1834 rt->target_type = le32_to_cpu(buf[1]); 1835 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1836 rc = next_entry(buf, fp, sizeof(u32)); 1837 if (rc) 1838 goto out; 1839 rt->target_class = le32_to_cpu(buf[0]); 1840 } else 1841 rt->target_class = p->process_class; 1842 1843 rc = -EINVAL; 1844 if (!policydb_type_isvalid(p, rt->source_type) || 1845 !policydb_type_isvalid(p, rt->target_type) || 1846 !policydb_class_isvalid(p, rt->target_class)) 1847 goto out; 1848 1849 rc = -ENOMEM; 1850 r = kzalloc(sizeof(*r), GFP_KERNEL); 1851 if (!r) 1852 goto out; 1853 1854 rc = mls_read_range_helper(r, fp); 1855 if (rc) 1856 goto out; 1857 1858 rc = -EINVAL; 1859 if (!mls_range_isvalid(p, r)) { 1860 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1861 goto out; 1862 } 1863 1864 rc = hashtab_insert(p->range_tr, rt, r); 1865 if (rc) 1866 goto out; 1867 1868 rt = NULL; 1869 r = NULL; 1870 } 1871 hash_eval(p->range_tr, "rangetr"); 1872 rc = 0; 1873 out: 1874 kfree(rt); 1875 kfree(r); 1876 return rc; 1877 } 1878 1879 static int filename_trans_read(struct policydb *p, void *fp) 1880 { 1881 struct filename_trans *ft; 1882 struct filename_trans_datum *otype; 1883 char *name; 1884 u32 nel, len; 1885 __le32 buf[4]; 1886 int rc, i; 1887 1888 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1889 return 0; 1890 1891 rc = next_entry(buf, fp, sizeof(u32)); 1892 if (rc) 1893 return rc; 1894 nel = le32_to_cpu(buf[0]); 1895 1896 for (i = 0; i < nel; i++) { 1897 ft = NULL; 1898 otype = NULL; 1899 name = NULL; 1900 1901 rc = -ENOMEM; 1902 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1903 if (!ft) 1904 goto out; 1905 1906 rc = -ENOMEM; 1907 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1908 if (!otype) 1909 goto out; 1910 1911 /* length of the path component string */ 1912 rc = next_entry(buf, fp, sizeof(u32)); 1913 if (rc) 1914 goto out; 1915 len = le32_to_cpu(buf[0]); 1916 1917 rc = -ENOMEM; 1918 name = kmalloc(len + 1, GFP_KERNEL); 1919 if (!name) 1920 goto out; 1921 1922 ft->name = name; 1923 1924 /* path component string */ 1925 rc = next_entry(name, fp, len); 1926 if (rc) 1927 goto out; 1928 name[len] = 0; 1929 1930 rc = next_entry(buf, fp, sizeof(u32) * 4); 1931 if (rc) 1932 goto out; 1933 1934 ft->stype = le32_to_cpu(buf[0]); 1935 ft->ttype = le32_to_cpu(buf[1]); 1936 ft->tclass = le32_to_cpu(buf[2]); 1937 1938 otype->otype = le32_to_cpu(buf[3]); 1939 1940 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1941 if (rc) 1942 goto out; 1943 1944 hashtab_insert(p->filename_trans, ft, otype); 1945 } 1946 hash_eval(p->filename_trans, "filenametr"); 1947 return 0; 1948 out: 1949 kfree(ft); 1950 kfree(name); 1951 kfree(otype); 1952 1953 return rc; 1954 } 1955 1956 static int genfs_read(struct policydb *p, void *fp) 1957 { 1958 int i, j, rc; 1959 u32 nel, nel2, len, len2; 1960 __le32 buf[1]; 1961 struct ocontext *l, *c; 1962 struct ocontext *newc = NULL; 1963 struct genfs *genfs_p, *genfs; 1964 struct genfs *newgenfs = NULL; 1965 1966 rc = next_entry(buf, fp, sizeof(u32)); 1967 if (rc) 1968 goto out; 1969 nel = le32_to_cpu(buf[0]); 1970 1971 for (i = 0; i < nel; i++) { 1972 rc = next_entry(buf, fp, sizeof(u32)); 1973 if (rc) 1974 goto out; 1975 len = le32_to_cpu(buf[0]); 1976 1977 rc = -ENOMEM; 1978 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1979 if (!newgenfs) 1980 goto out; 1981 1982 rc = -ENOMEM; 1983 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1984 if (!newgenfs->fstype) 1985 goto out; 1986 1987 rc = next_entry(newgenfs->fstype, fp, len); 1988 if (rc) 1989 goto out; 1990 1991 newgenfs->fstype[len] = 0; 1992 1993 for (genfs_p = NULL, genfs = p->genfs; genfs; 1994 genfs_p = genfs, genfs = genfs->next) { 1995 rc = -EINVAL; 1996 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1997 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 1998 newgenfs->fstype); 1999 goto out; 2000 } 2001 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2002 break; 2003 } 2004 newgenfs->next = genfs; 2005 if (genfs_p) 2006 genfs_p->next = newgenfs; 2007 else 2008 p->genfs = newgenfs; 2009 genfs = newgenfs; 2010 newgenfs = NULL; 2011 2012 rc = next_entry(buf, fp, sizeof(u32)); 2013 if (rc) 2014 goto out; 2015 2016 nel2 = le32_to_cpu(buf[0]); 2017 for (j = 0; j < nel2; j++) { 2018 rc = next_entry(buf, fp, sizeof(u32)); 2019 if (rc) 2020 goto out; 2021 len = le32_to_cpu(buf[0]); 2022 2023 rc = -ENOMEM; 2024 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2025 if (!newc) 2026 goto out; 2027 2028 rc = -ENOMEM; 2029 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 2030 if (!newc->u.name) 2031 goto out; 2032 2033 rc = next_entry(newc->u.name, fp, len); 2034 if (rc) 2035 goto out; 2036 newc->u.name[len] = 0; 2037 2038 rc = next_entry(buf, fp, sizeof(u32)); 2039 if (rc) 2040 goto out; 2041 2042 newc->v.sclass = le32_to_cpu(buf[0]); 2043 rc = context_read_and_validate(&newc->context[0], p, fp); 2044 if (rc) 2045 goto out; 2046 2047 for (l = NULL, c = genfs->head; c; 2048 l = c, c = c->next) { 2049 rc = -EINVAL; 2050 if (!strcmp(newc->u.name, c->u.name) && 2051 (!c->v.sclass || !newc->v.sclass || 2052 newc->v.sclass == c->v.sclass)) { 2053 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2054 genfs->fstype, c->u.name); 2055 goto out; 2056 } 2057 len = strlen(newc->u.name); 2058 len2 = strlen(c->u.name); 2059 if (len > len2) 2060 break; 2061 } 2062 2063 newc->next = c; 2064 if (l) 2065 l->next = newc; 2066 else 2067 genfs->head = newc; 2068 newc = NULL; 2069 } 2070 } 2071 rc = 0; 2072 out: 2073 if (newgenfs) 2074 kfree(newgenfs->fstype); 2075 kfree(newgenfs); 2076 ocontext_destroy(newc, OCON_FSUSE); 2077 2078 return rc; 2079 } 2080 2081 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2082 void *fp) 2083 { 2084 int i, j, rc; 2085 u32 nel, len; 2086 __le32 buf[3]; 2087 struct ocontext *l, *c; 2088 u32 nodebuf[8]; 2089 2090 for (i = 0; i < info->ocon_num; i++) { 2091 rc = next_entry(buf, fp, sizeof(u32)); 2092 if (rc) 2093 goto out; 2094 nel = le32_to_cpu(buf[0]); 2095 2096 l = NULL; 2097 for (j = 0; j < nel; j++) { 2098 rc = -ENOMEM; 2099 c = kzalloc(sizeof(*c), GFP_KERNEL); 2100 if (!c) 2101 goto out; 2102 if (l) 2103 l->next = c; 2104 else 2105 p->ocontexts[i] = c; 2106 l = c; 2107 2108 switch (i) { 2109 case OCON_ISID: 2110 rc = next_entry(buf, fp, sizeof(u32)); 2111 if (rc) 2112 goto out; 2113 2114 c->sid[0] = le32_to_cpu(buf[0]); 2115 rc = context_read_and_validate(&c->context[0], p, fp); 2116 if (rc) 2117 goto out; 2118 break; 2119 case OCON_FS: 2120 case OCON_NETIF: 2121 rc = next_entry(buf, fp, sizeof(u32)); 2122 if (rc) 2123 goto out; 2124 len = le32_to_cpu(buf[0]); 2125 2126 rc = -ENOMEM; 2127 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2128 if (!c->u.name) 2129 goto out; 2130 2131 rc = next_entry(c->u.name, fp, len); 2132 if (rc) 2133 goto out; 2134 2135 c->u.name[len] = 0; 2136 rc = context_read_and_validate(&c->context[0], p, fp); 2137 if (rc) 2138 goto out; 2139 rc = context_read_and_validate(&c->context[1], p, fp); 2140 if (rc) 2141 goto out; 2142 break; 2143 case OCON_PORT: 2144 rc = next_entry(buf, fp, sizeof(u32)*3); 2145 if (rc) 2146 goto out; 2147 c->u.port.protocol = le32_to_cpu(buf[0]); 2148 c->u.port.low_port = le32_to_cpu(buf[1]); 2149 c->u.port.high_port = le32_to_cpu(buf[2]); 2150 rc = context_read_and_validate(&c->context[0], p, fp); 2151 if (rc) 2152 goto out; 2153 break; 2154 case OCON_NODE: 2155 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2156 if (rc) 2157 goto out; 2158 c->u.node.addr = nodebuf[0]; /* network order */ 2159 c->u.node.mask = nodebuf[1]; /* network order */ 2160 rc = context_read_and_validate(&c->context[0], p, fp); 2161 if (rc) 2162 goto out; 2163 break; 2164 case OCON_FSUSE: 2165 rc = next_entry(buf, fp, sizeof(u32)*2); 2166 if (rc) 2167 goto out; 2168 2169 rc = -EINVAL; 2170 c->v.behavior = le32_to_cpu(buf[0]); 2171 /* Determined at runtime, not in policy DB. */ 2172 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2173 goto out; 2174 if (c->v.behavior > SECURITY_FS_USE_MAX) 2175 goto out; 2176 2177 rc = -ENOMEM; 2178 len = le32_to_cpu(buf[1]); 2179 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2180 if (!c->u.name) 2181 goto out; 2182 2183 rc = next_entry(c->u.name, fp, len); 2184 if (rc) 2185 goto out; 2186 c->u.name[len] = 0; 2187 rc = context_read_and_validate(&c->context[0], p, fp); 2188 if (rc) 2189 goto out; 2190 break; 2191 case OCON_NODE6: { 2192 int k; 2193 2194 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2195 if (rc) 2196 goto out; 2197 for (k = 0; k < 4; k++) 2198 c->u.node6.addr[k] = nodebuf[k]; 2199 for (k = 0; k < 4; k++) 2200 c->u.node6.mask[k] = nodebuf[k+4]; 2201 rc = context_read_and_validate(&c->context[0], p, fp); 2202 if (rc) 2203 goto out; 2204 break; 2205 } 2206 } 2207 } 2208 } 2209 rc = 0; 2210 out: 2211 return rc; 2212 } 2213 2214 /* 2215 * Read the configuration data from a policy database binary 2216 * representation file into a policy database structure. 2217 */ 2218 int policydb_read(struct policydb *p, void *fp) 2219 { 2220 struct role_allow *ra, *lra; 2221 struct role_trans *tr, *ltr; 2222 int i, j, rc; 2223 __le32 buf[4]; 2224 u32 len, nprim, nel; 2225 2226 char *policydb_str; 2227 struct policydb_compat_info *info; 2228 2229 rc = policydb_init(p); 2230 if (rc) 2231 return rc; 2232 2233 /* Read the magic number and string length. */ 2234 rc = next_entry(buf, fp, sizeof(u32) * 2); 2235 if (rc) 2236 goto bad; 2237 2238 rc = -EINVAL; 2239 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2240 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2241 "not match expected magic number 0x%x\n", 2242 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2243 goto bad; 2244 } 2245 2246 rc = -EINVAL; 2247 len = le32_to_cpu(buf[1]); 2248 if (len != strlen(POLICYDB_STRING)) { 2249 printk(KERN_ERR "SELinux: policydb string length %d does not " 2250 "match expected length %Zu\n", 2251 len, strlen(POLICYDB_STRING)); 2252 goto bad; 2253 } 2254 2255 rc = -ENOMEM; 2256 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2257 if (!policydb_str) { 2258 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2259 "string of length %d\n", len); 2260 goto bad; 2261 } 2262 2263 rc = next_entry(policydb_str, fp, len); 2264 if (rc) { 2265 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2266 kfree(policydb_str); 2267 goto bad; 2268 } 2269 2270 rc = -EINVAL; 2271 policydb_str[len] = '\0'; 2272 if (strcmp(policydb_str, POLICYDB_STRING)) { 2273 printk(KERN_ERR "SELinux: policydb string %s does not match " 2274 "my string %s\n", policydb_str, POLICYDB_STRING); 2275 kfree(policydb_str); 2276 goto bad; 2277 } 2278 /* Done with policydb_str. */ 2279 kfree(policydb_str); 2280 policydb_str = NULL; 2281 2282 /* Read the version and table sizes. */ 2283 rc = next_entry(buf, fp, sizeof(u32)*4); 2284 if (rc) 2285 goto bad; 2286 2287 rc = -EINVAL; 2288 p->policyvers = le32_to_cpu(buf[0]); 2289 if (p->policyvers < POLICYDB_VERSION_MIN || 2290 p->policyvers > POLICYDB_VERSION_MAX) { 2291 printk(KERN_ERR "SELinux: policydb version %d does not match " 2292 "my version range %d-%d\n", 2293 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2294 goto bad; 2295 } 2296 2297 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2298 p->mls_enabled = 1; 2299 2300 rc = -EINVAL; 2301 if (p->policyvers < POLICYDB_VERSION_MLS) { 2302 printk(KERN_ERR "SELinux: security policydb version %d " 2303 "(MLS) not backwards compatible\n", 2304 p->policyvers); 2305 goto bad; 2306 } 2307 } 2308 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2309 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2310 2311 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2312 rc = ebitmap_read(&p->policycaps, fp); 2313 if (rc) 2314 goto bad; 2315 } 2316 2317 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2318 rc = ebitmap_read(&p->permissive_map, fp); 2319 if (rc) 2320 goto bad; 2321 } 2322 2323 rc = -EINVAL; 2324 info = policydb_lookup_compat(p->policyvers); 2325 if (!info) { 2326 printk(KERN_ERR "SELinux: unable to find policy compat info " 2327 "for version %d\n", p->policyvers); 2328 goto bad; 2329 } 2330 2331 rc = -EINVAL; 2332 if (le32_to_cpu(buf[2]) != info->sym_num || 2333 le32_to_cpu(buf[3]) != info->ocon_num) { 2334 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2335 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2336 le32_to_cpu(buf[3]), 2337 info->sym_num, info->ocon_num); 2338 goto bad; 2339 } 2340 2341 for (i = 0; i < info->sym_num; i++) { 2342 rc = next_entry(buf, fp, sizeof(u32)*2); 2343 if (rc) 2344 goto bad; 2345 nprim = le32_to_cpu(buf[0]); 2346 nel = le32_to_cpu(buf[1]); 2347 for (j = 0; j < nel; j++) { 2348 rc = read_f[i](p, p->symtab[i].table, fp); 2349 if (rc) 2350 goto bad; 2351 } 2352 2353 p->symtab[i].nprim = nprim; 2354 } 2355 2356 rc = -EINVAL; 2357 p->process_class = string_to_security_class(p, "process"); 2358 if (!p->process_class) 2359 goto bad; 2360 2361 rc = avtab_read(&p->te_avtab, fp, p); 2362 if (rc) 2363 goto bad; 2364 2365 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2366 rc = cond_read_list(p, fp); 2367 if (rc) 2368 goto bad; 2369 } 2370 2371 rc = next_entry(buf, fp, sizeof(u32)); 2372 if (rc) 2373 goto bad; 2374 nel = le32_to_cpu(buf[0]); 2375 ltr = NULL; 2376 for (i = 0; i < nel; i++) { 2377 rc = -ENOMEM; 2378 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2379 if (!tr) 2380 goto bad; 2381 if (ltr) 2382 ltr->next = tr; 2383 else 2384 p->role_tr = tr; 2385 rc = next_entry(buf, fp, sizeof(u32)*3); 2386 if (rc) 2387 goto bad; 2388 2389 rc = -EINVAL; 2390 tr->role = le32_to_cpu(buf[0]); 2391 tr->type = le32_to_cpu(buf[1]); 2392 tr->new_role = le32_to_cpu(buf[2]); 2393 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2394 rc = next_entry(buf, fp, sizeof(u32)); 2395 if (rc) 2396 goto bad; 2397 tr->tclass = le32_to_cpu(buf[0]); 2398 } else 2399 tr->tclass = p->process_class; 2400 2401 if (!policydb_role_isvalid(p, tr->role) || 2402 !policydb_type_isvalid(p, tr->type) || 2403 !policydb_class_isvalid(p, tr->tclass) || 2404 !policydb_role_isvalid(p, tr->new_role)) 2405 goto bad; 2406 ltr = tr; 2407 } 2408 2409 rc = next_entry(buf, fp, sizeof(u32)); 2410 if (rc) 2411 goto bad; 2412 nel = le32_to_cpu(buf[0]); 2413 lra = NULL; 2414 for (i = 0; i < nel; i++) { 2415 rc = -ENOMEM; 2416 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2417 if (!ra) 2418 goto bad; 2419 if (lra) 2420 lra->next = ra; 2421 else 2422 p->role_allow = ra; 2423 rc = next_entry(buf, fp, sizeof(u32)*2); 2424 if (rc) 2425 goto bad; 2426 2427 rc = -EINVAL; 2428 ra->role = le32_to_cpu(buf[0]); 2429 ra->new_role = le32_to_cpu(buf[1]); 2430 if (!policydb_role_isvalid(p, ra->role) || 2431 !policydb_role_isvalid(p, ra->new_role)) 2432 goto bad; 2433 lra = ra; 2434 } 2435 2436 rc = filename_trans_read(p, fp); 2437 if (rc) 2438 goto bad; 2439 2440 rc = policydb_index(p); 2441 if (rc) 2442 goto bad; 2443 2444 rc = -EINVAL; 2445 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2446 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2447 if (!p->process_trans_perms) 2448 goto bad; 2449 2450 rc = ocontext_read(p, info, fp); 2451 if (rc) 2452 goto bad; 2453 2454 rc = genfs_read(p, fp); 2455 if (rc) 2456 goto bad; 2457 2458 rc = range_read(p, fp); 2459 if (rc) 2460 goto bad; 2461 2462 rc = -ENOMEM; 2463 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2464 p->p_types.nprim, 2465 GFP_KERNEL | __GFP_ZERO); 2466 if (!p->type_attr_map_array) 2467 goto bad; 2468 2469 /* preallocate so we don't have to worry about the put ever failing */ 2470 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2471 GFP_KERNEL | __GFP_ZERO); 2472 if (rc) 2473 goto bad; 2474 2475 for (i = 0; i < p->p_types.nprim; i++) { 2476 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2477 2478 BUG_ON(!e); 2479 ebitmap_init(e); 2480 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2481 rc = ebitmap_read(e, fp); 2482 if (rc) 2483 goto bad; 2484 } 2485 /* add the type itself as the degenerate case */ 2486 rc = ebitmap_set_bit(e, i, 1); 2487 if (rc) 2488 goto bad; 2489 } 2490 2491 rc = policydb_bounds_sanity_check(p); 2492 if (rc) 2493 goto bad; 2494 2495 rc = 0; 2496 out: 2497 return rc; 2498 bad: 2499 policydb_destroy(p); 2500 goto out; 2501 } 2502 2503 /* 2504 * Write a MLS level structure to a policydb binary 2505 * representation file. 2506 */ 2507 static int mls_write_level(struct mls_level *l, void *fp) 2508 { 2509 __le32 buf[1]; 2510 int rc; 2511 2512 buf[0] = cpu_to_le32(l->sens); 2513 rc = put_entry(buf, sizeof(u32), 1, fp); 2514 if (rc) 2515 return rc; 2516 2517 rc = ebitmap_write(&l->cat, fp); 2518 if (rc) 2519 return rc; 2520 2521 return 0; 2522 } 2523 2524 /* 2525 * Write a MLS range structure to a policydb binary 2526 * representation file. 2527 */ 2528 static int mls_write_range_helper(struct mls_range *r, void *fp) 2529 { 2530 __le32 buf[3]; 2531 size_t items; 2532 int rc, eq; 2533 2534 eq = mls_level_eq(&r->level[1], &r->level[0]); 2535 2536 if (eq) 2537 items = 2; 2538 else 2539 items = 3; 2540 buf[0] = cpu_to_le32(items-1); 2541 buf[1] = cpu_to_le32(r->level[0].sens); 2542 if (!eq) 2543 buf[2] = cpu_to_le32(r->level[1].sens); 2544 2545 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2546 2547 rc = put_entry(buf, sizeof(u32), items, fp); 2548 if (rc) 2549 return rc; 2550 2551 rc = ebitmap_write(&r->level[0].cat, fp); 2552 if (rc) 2553 return rc; 2554 if (!eq) { 2555 rc = ebitmap_write(&r->level[1].cat, fp); 2556 if (rc) 2557 return rc; 2558 } 2559 2560 return 0; 2561 } 2562 2563 static int sens_write(void *vkey, void *datum, void *ptr) 2564 { 2565 char *key = vkey; 2566 struct level_datum *levdatum = datum; 2567 struct policy_data *pd = ptr; 2568 void *fp = pd->fp; 2569 __le32 buf[2]; 2570 size_t len; 2571 int rc; 2572 2573 len = strlen(key); 2574 buf[0] = cpu_to_le32(len); 2575 buf[1] = cpu_to_le32(levdatum->isalias); 2576 rc = put_entry(buf, sizeof(u32), 2, fp); 2577 if (rc) 2578 return rc; 2579 2580 rc = put_entry(key, 1, len, fp); 2581 if (rc) 2582 return rc; 2583 2584 rc = mls_write_level(levdatum->level, fp); 2585 if (rc) 2586 return rc; 2587 2588 return 0; 2589 } 2590 2591 static int cat_write(void *vkey, void *datum, void *ptr) 2592 { 2593 char *key = vkey; 2594 struct cat_datum *catdatum = datum; 2595 struct policy_data *pd = ptr; 2596 void *fp = pd->fp; 2597 __le32 buf[3]; 2598 size_t len; 2599 int rc; 2600 2601 len = strlen(key); 2602 buf[0] = cpu_to_le32(len); 2603 buf[1] = cpu_to_le32(catdatum->value); 2604 buf[2] = cpu_to_le32(catdatum->isalias); 2605 rc = put_entry(buf, sizeof(u32), 3, fp); 2606 if (rc) 2607 return rc; 2608 2609 rc = put_entry(key, 1, len, fp); 2610 if (rc) 2611 return rc; 2612 2613 return 0; 2614 } 2615 2616 static int role_trans_write(struct policydb *p, void *fp) 2617 { 2618 struct role_trans *r = p->role_tr; 2619 struct role_trans *tr; 2620 u32 buf[3]; 2621 size_t nel; 2622 int rc; 2623 2624 nel = 0; 2625 for (tr = r; tr; tr = tr->next) 2626 nel++; 2627 buf[0] = cpu_to_le32(nel); 2628 rc = put_entry(buf, sizeof(u32), 1, fp); 2629 if (rc) 2630 return rc; 2631 for (tr = r; tr; tr = tr->next) { 2632 buf[0] = cpu_to_le32(tr->role); 2633 buf[1] = cpu_to_le32(tr->type); 2634 buf[2] = cpu_to_le32(tr->new_role); 2635 rc = put_entry(buf, sizeof(u32), 3, fp); 2636 if (rc) 2637 return rc; 2638 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2639 buf[0] = cpu_to_le32(tr->tclass); 2640 rc = put_entry(buf, sizeof(u32), 1, fp); 2641 if (rc) 2642 return rc; 2643 } 2644 } 2645 2646 return 0; 2647 } 2648 2649 static int role_allow_write(struct role_allow *r, void *fp) 2650 { 2651 struct role_allow *ra; 2652 u32 buf[2]; 2653 size_t nel; 2654 int rc; 2655 2656 nel = 0; 2657 for (ra = r; ra; ra = ra->next) 2658 nel++; 2659 buf[0] = cpu_to_le32(nel); 2660 rc = put_entry(buf, sizeof(u32), 1, fp); 2661 if (rc) 2662 return rc; 2663 for (ra = r; ra; ra = ra->next) { 2664 buf[0] = cpu_to_le32(ra->role); 2665 buf[1] = cpu_to_le32(ra->new_role); 2666 rc = put_entry(buf, sizeof(u32), 2, fp); 2667 if (rc) 2668 return rc; 2669 } 2670 return 0; 2671 } 2672 2673 /* 2674 * Write a security context structure 2675 * to a policydb binary representation file. 2676 */ 2677 static int context_write(struct policydb *p, struct context *c, 2678 void *fp) 2679 { 2680 int rc; 2681 __le32 buf[3]; 2682 2683 buf[0] = cpu_to_le32(c->user); 2684 buf[1] = cpu_to_le32(c->role); 2685 buf[2] = cpu_to_le32(c->type); 2686 2687 rc = put_entry(buf, sizeof(u32), 3, fp); 2688 if (rc) 2689 return rc; 2690 2691 rc = mls_write_range_helper(&c->range, fp); 2692 if (rc) 2693 return rc; 2694 2695 return 0; 2696 } 2697 2698 /* 2699 * The following *_write functions are used to 2700 * write the symbol data to a policy database 2701 * binary representation file. 2702 */ 2703 2704 static int perm_write(void *vkey, void *datum, void *fp) 2705 { 2706 char *key = vkey; 2707 struct perm_datum *perdatum = datum; 2708 __le32 buf[2]; 2709 size_t len; 2710 int rc; 2711 2712 len = strlen(key); 2713 buf[0] = cpu_to_le32(len); 2714 buf[1] = cpu_to_le32(perdatum->value); 2715 rc = put_entry(buf, sizeof(u32), 2, fp); 2716 if (rc) 2717 return rc; 2718 2719 rc = put_entry(key, 1, len, fp); 2720 if (rc) 2721 return rc; 2722 2723 return 0; 2724 } 2725 2726 static int common_write(void *vkey, void *datum, void *ptr) 2727 { 2728 char *key = vkey; 2729 struct common_datum *comdatum = datum; 2730 struct policy_data *pd = ptr; 2731 void *fp = pd->fp; 2732 __le32 buf[4]; 2733 size_t len; 2734 int rc; 2735 2736 len = strlen(key); 2737 buf[0] = cpu_to_le32(len); 2738 buf[1] = cpu_to_le32(comdatum->value); 2739 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2740 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2741 rc = put_entry(buf, sizeof(u32), 4, fp); 2742 if (rc) 2743 return rc; 2744 2745 rc = put_entry(key, 1, len, fp); 2746 if (rc) 2747 return rc; 2748 2749 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2750 if (rc) 2751 return rc; 2752 2753 return 0; 2754 } 2755 2756 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2757 void *fp) 2758 { 2759 struct constraint_node *c; 2760 struct constraint_expr *e; 2761 __le32 buf[3]; 2762 u32 nel; 2763 int rc; 2764 2765 for (c = node; c; c = c->next) { 2766 nel = 0; 2767 for (e = c->expr; e; e = e->next) 2768 nel++; 2769 buf[0] = cpu_to_le32(c->permissions); 2770 buf[1] = cpu_to_le32(nel); 2771 rc = put_entry(buf, sizeof(u32), 2, fp); 2772 if (rc) 2773 return rc; 2774 for (e = c->expr; e; e = e->next) { 2775 buf[0] = cpu_to_le32(e->expr_type); 2776 buf[1] = cpu_to_le32(e->attr); 2777 buf[2] = cpu_to_le32(e->op); 2778 rc = put_entry(buf, sizeof(u32), 3, fp); 2779 if (rc) 2780 return rc; 2781 2782 switch (e->expr_type) { 2783 case CEXPR_NAMES: 2784 rc = ebitmap_write(&e->names, fp); 2785 if (rc) 2786 return rc; 2787 break; 2788 default: 2789 break; 2790 } 2791 } 2792 } 2793 2794 return 0; 2795 } 2796 2797 static int class_write(void *vkey, void *datum, void *ptr) 2798 { 2799 char *key = vkey; 2800 struct class_datum *cladatum = datum; 2801 struct policy_data *pd = ptr; 2802 void *fp = pd->fp; 2803 struct policydb *p = pd->p; 2804 struct constraint_node *c; 2805 __le32 buf[6]; 2806 u32 ncons; 2807 size_t len, len2; 2808 int rc; 2809 2810 len = strlen(key); 2811 if (cladatum->comkey) 2812 len2 = strlen(cladatum->comkey); 2813 else 2814 len2 = 0; 2815 2816 ncons = 0; 2817 for (c = cladatum->constraints; c; c = c->next) 2818 ncons++; 2819 2820 buf[0] = cpu_to_le32(len); 2821 buf[1] = cpu_to_le32(len2); 2822 buf[2] = cpu_to_le32(cladatum->value); 2823 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2824 if (cladatum->permissions.table) 2825 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2826 else 2827 buf[4] = 0; 2828 buf[5] = cpu_to_le32(ncons); 2829 rc = put_entry(buf, sizeof(u32), 6, fp); 2830 if (rc) 2831 return rc; 2832 2833 rc = put_entry(key, 1, len, fp); 2834 if (rc) 2835 return rc; 2836 2837 if (cladatum->comkey) { 2838 rc = put_entry(cladatum->comkey, 1, len2, fp); 2839 if (rc) 2840 return rc; 2841 } 2842 2843 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2844 if (rc) 2845 return rc; 2846 2847 rc = write_cons_helper(p, cladatum->constraints, fp); 2848 if (rc) 2849 return rc; 2850 2851 /* write out the validatetrans rule */ 2852 ncons = 0; 2853 for (c = cladatum->validatetrans; c; c = c->next) 2854 ncons++; 2855 2856 buf[0] = cpu_to_le32(ncons); 2857 rc = put_entry(buf, sizeof(u32), 1, fp); 2858 if (rc) 2859 return rc; 2860 2861 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2862 if (rc) 2863 return rc; 2864 2865 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2866 buf[0] = cpu_to_le32(cladatum->default_user); 2867 buf[1] = cpu_to_le32(cladatum->default_role); 2868 buf[2] = cpu_to_le32(cladatum->default_range); 2869 2870 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2871 if (rc) 2872 return rc; 2873 } 2874 2875 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2876 buf[0] = cpu_to_le32(cladatum->default_type); 2877 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2878 if (rc) 2879 return rc; 2880 } 2881 2882 return 0; 2883 } 2884 2885 static int role_write(void *vkey, void *datum, void *ptr) 2886 { 2887 char *key = vkey; 2888 struct role_datum *role = datum; 2889 struct policy_data *pd = ptr; 2890 void *fp = pd->fp; 2891 struct policydb *p = pd->p; 2892 __le32 buf[3]; 2893 size_t items, len; 2894 int rc; 2895 2896 len = strlen(key); 2897 items = 0; 2898 buf[items++] = cpu_to_le32(len); 2899 buf[items++] = cpu_to_le32(role->value); 2900 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2901 buf[items++] = cpu_to_le32(role->bounds); 2902 2903 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2904 2905 rc = put_entry(buf, sizeof(u32), items, fp); 2906 if (rc) 2907 return rc; 2908 2909 rc = put_entry(key, 1, len, fp); 2910 if (rc) 2911 return rc; 2912 2913 rc = ebitmap_write(&role->dominates, fp); 2914 if (rc) 2915 return rc; 2916 2917 rc = ebitmap_write(&role->types, fp); 2918 if (rc) 2919 return rc; 2920 2921 return 0; 2922 } 2923 2924 static int type_write(void *vkey, void *datum, void *ptr) 2925 { 2926 char *key = vkey; 2927 struct type_datum *typdatum = datum; 2928 struct policy_data *pd = ptr; 2929 struct policydb *p = pd->p; 2930 void *fp = pd->fp; 2931 __le32 buf[4]; 2932 int rc; 2933 size_t items, len; 2934 2935 len = strlen(key); 2936 items = 0; 2937 buf[items++] = cpu_to_le32(len); 2938 buf[items++] = cpu_to_le32(typdatum->value); 2939 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2940 u32 properties = 0; 2941 2942 if (typdatum->primary) 2943 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2944 2945 if (typdatum->attribute) 2946 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2947 2948 buf[items++] = cpu_to_le32(properties); 2949 buf[items++] = cpu_to_le32(typdatum->bounds); 2950 } else { 2951 buf[items++] = cpu_to_le32(typdatum->primary); 2952 } 2953 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2954 rc = put_entry(buf, sizeof(u32), items, fp); 2955 if (rc) 2956 return rc; 2957 2958 rc = put_entry(key, 1, len, fp); 2959 if (rc) 2960 return rc; 2961 2962 return 0; 2963 } 2964 2965 static int user_write(void *vkey, void *datum, void *ptr) 2966 { 2967 char *key = vkey; 2968 struct user_datum *usrdatum = datum; 2969 struct policy_data *pd = ptr; 2970 struct policydb *p = pd->p; 2971 void *fp = pd->fp; 2972 __le32 buf[3]; 2973 size_t items, len; 2974 int rc; 2975 2976 len = strlen(key); 2977 items = 0; 2978 buf[items++] = cpu_to_le32(len); 2979 buf[items++] = cpu_to_le32(usrdatum->value); 2980 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2981 buf[items++] = cpu_to_le32(usrdatum->bounds); 2982 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2983 rc = put_entry(buf, sizeof(u32), items, fp); 2984 if (rc) 2985 return rc; 2986 2987 rc = put_entry(key, 1, len, fp); 2988 if (rc) 2989 return rc; 2990 2991 rc = ebitmap_write(&usrdatum->roles, fp); 2992 if (rc) 2993 return rc; 2994 2995 rc = mls_write_range_helper(&usrdatum->range, fp); 2996 if (rc) 2997 return rc; 2998 2999 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3000 if (rc) 3001 return rc; 3002 3003 return 0; 3004 } 3005 3006 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3007 void *datap) = 3008 { 3009 common_write, 3010 class_write, 3011 role_write, 3012 type_write, 3013 user_write, 3014 cond_write_bool, 3015 sens_write, 3016 cat_write, 3017 }; 3018 3019 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3020 void *fp) 3021 { 3022 unsigned int i, j, rc; 3023 size_t nel, len; 3024 __le32 buf[3]; 3025 u32 nodebuf[8]; 3026 struct ocontext *c; 3027 for (i = 0; i < info->ocon_num; i++) { 3028 nel = 0; 3029 for (c = p->ocontexts[i]; c; c = c->next) 3030 nel++; 3031 buf[0] = cpu_to_le32(nel); 3032 rc = put_entry(buf, sizeof(u32), 1, fp); 3033 if (rc) 3034 return rc; 3035 for (c = p->ocontexts[i]; c; c = c->next) { 3036 switch (i) { 3037 case OCON_ISID: 3038 buf[0] = cpu_to_le32(c->sid[0]); 3039 rc = put_entry(buf, sizeof(u32), 1, fp); 3040 if (rc) 3041 return rc; 3042 rc = context_write(p, &c->context[0], fp); 3043 if (rc) 3044 return rc; 3045 break; 3046 case OCON_FS: 3047 case OCON_NETIF: 3048 len = strlen(c->u.name); 3049 buf[0] = cpu_to_le32(len); 3050 rc = put_entry(buf, sizeof(u32), 1, fp); 3051 if (rc) 3052 return rc; 3053 rc = put_entry(c->u.name, 1, len, fp); 3054 if (rc) 3055 return rc; 3056 rc = context_write(p, &c->context[0], fp); 3057 if (rc) 3058 return rc; 3059 rc = context_write(p, &c->context[1], fp); 3060 if (rc) 3061 return rc; 3062 break; 3063 case OCON_PORT: 3064 buf[0] = cpu_to_le32(c->u.port.protocol); 3065 buf[1] = cpu_to_le32(c->u.port.low_port); 3066 buf[2] = cpu_to_le32(c->u.port.high_port); 3067 rc = put_entry(buf, sizeof(u32), 3, fp); 3068 if (rc) 3069 return rc; 3070 rc = context_write(p, &c->context[0], fp); 3071 if (rc) 3072 return rc; 3073 break; 3074 case OCON_NODE: 3075 nodebuf[0] = c->u.node.addr; /* network order */ 3076 nodebuf[1] = c->u.node.mask; /* network order */ 3077 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3078 if (rc) 3079 return rc; 3080 rc = context_write(p, &c->context[0], fp); 3081 if (rc) 3082 return rc; 3083 break; 3084 case OCON_FSUSE: 3085 buf[0] = cpu_to_le32(c->v.behavior); 3086 len = strlen(c->u.name); 3087 buf[1] = cpu_to_le32(len); 3088 rc = put_entry(buf, sizeof(u32), 2, fp); 3089 if (rc) 3090 return rc; 3091 rc = put_entry(c->u.name, 1, len, fp); 3092 if (rc) 3093 return rc; 3094 rc = context_write(p, &c->context[0], fp); 3095 if (rc) 3096 return rc; 3097 break; 3098 case OCON_NODE6: 3099 for (j = 0; j < 4; j++) 3100 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3101 for (j = 0; j < 4; j++) 3102 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3103 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3104 if (rc) 3105 return rc; 3106 rc = context_write(p, &c->context[0], fp); 3107 if (rc) 3108 return rc; 3109 break; 3110 } 3111 } 3112 } 3113 return 0; 3114 } 3115 3116 static int genfs_write(struct policydb *p, void *fp) 3117 { 3118 struct genfs *genfs; 3119 struct ocontext *c; 3120 size_t len; 3121 __le32 buf[1]; 3122 int rc; 3123 3124 len = 0; 3125 for (genfs = p->genfs; genfs; genfs = genfs->next) 3126 len++; 3127 buf[0] = cpu_to_le32(len); 3128 rc = put_entry(buf, sizeof(u32), 1, fp); 3129 if (rc) 3130 return rc; 3131 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3132 len = strlen(genfs->fstype); 3133 buf[0] = cpu_to_le32(len); 3134 rc = put_entry(buf, sizeof(u32), 1, fp); 3135 if (rc) 3136 return rc; 3137 rc = put_entry(genfs->fstype, 1, len, fp); 3138 if (rc) 3139 return rc; 3140 len = 0; 3141 for (c = genfs->head; c; c = c->next) 3142 len++; 3143 buf[0] = cpu_to_le32(len); 3144 rc = put_entry(buf, sizeof(u32), 1, fp); 3145 if (rc) 3146 return rc; 3147 for (c = genfs->head; c; c = c->next) { 3148 len = strlen(c->u.name); 3149 buf[0] = cpu_to_le32(len); 3150 rc = put_entry(buf, sizeof(u32), 1, fp); 3151 if (rc) 3152 return rc; 3153 rc = put_entry(c->u.name, 1, len, fp); 3154 if (rc) 3155 return rc; 3156 buf[0] = cpu_to_le32(c->v.sclass); 3157 rc = put_entry(buf, sizeof(u32), 1, fp); 3158 if (rc) 3159 return rc; 3160 rc = context_write(p, &c->context[0], fp); 3161 if (rc) 3162 return rc; 3163 } 3164 } 3165 return 0; 3166 } 3167 3168 static int hashtab_cnt(void *key, void *data, void *ptr) 3169 { 3170 int *cnt = ptr; 3171 *cnt = *cnt + 1; 3172 3173 return 0; 3174 } 3175 3176 static int range_write_helper(void *key, void *data, void *ptr) 3177 { 3178 __le32 buf[2]; 3179 struct range_trans *rt = key; 3180 struct mls_range *r = data; 3181 struct policy_data *pd = ptr; 3182 void *fp = pd->fp; 3183 struct policydb *p = pd->p; 3184 int rc; 3185 3186 buf[0] = cpu_to_le32(rt->source_type); 3187 buf[1] = cpu_to_le32(rt->target_type); 3188 rc = put_entry(buf, sizeof(u32), 2, fp); 3189 if (rc) 3190 return rc; 3191 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3192 buf[0] = cpu_to_le32(rt->target_class); 3193 rc = put_entry(buf, sizeof(u32), 1, fp); 3194 if (rc) 3195 return rc; 3196 } 3197 rc = mls_write_range_helper(r, fp); 3198 if (rc) 3199 return rc; 3200 3201 return 0; 3202 } 3203 3204 static int range_write(struct policydb *p, void *fp) 3205 { 3206 __le32 buf[1]; 3207 int rc, nel; 3208 struct policy_data pd; 3209 3210 pd.p = p; 3211 pd.fp = fp; 3212 3213 /* count the number of entries in the hashtab */ 3214 nel = 0; 3215 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3216 if (rc) 3217 return rc; 3218 3219 buf[0] = cpu_to_le32(nel); 3220 rc = put_entry(buf, sizeof(u32), 1, fp); 3221 if (rc) 3222 return rc; 3223 3224 /* actually write all of the entries */ 3225 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3226 if (rc) 3227 return rc; 3228 3229 return 0; 3230 } 3231 3232 static int filename_write_helper(void *key, void *data, void *ptr) 3233 { 3234 __le32 buf[4]; 3235 struct filename_trans *ft = key; 3236 struct filename_trans_datum *otype = data; 3237 void *fp = ptr; 3238 int rc; 3239 u32 len; 3240 3241 len = strlen(ft->name); 3242 buf[0] = cpu_to_le32(len); 3243 rc = put_entry(buf, sizeof(u32), 1, fp); 3244 if (rc) 3245 return rc; 3246 3247 rc = put_entry(ft->name, sizeof(char), len, fp); 3248 if (rc) 3249 return rc; 3250 3251 buf[0] = ft->stype; 3252 buf[1] = ft->ttype; 3253 buf[2] = ft->tclass; 3254 buf[3] = otype->otype; 3255 3256 rc = put_entry(buf, sizeof(u32), 4, fp); 3257 if (rc) 3258 return rc; 3259 3260 return 0; 3261 } 3262 3263 static int filename_trans_write(struct policydb *p, void *fp) 3264 { 3265 u32 nel; 3266 __le32 buf[1]; 3267 int rc; 3268 3269 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3270 return 0; 3271 3272 nel = 0; 3273 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3274 if (rc) 3275 return rc; 3276 3277 buf[0] = cpu_to_le32(nel); 3278 rc = put_entry(buf, sizeof(u32), 1, fp); 3279 if (rc) 3280 return rc; 3281 3282 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3283 if (rc) 3284 return rc; 3285 3286 return 0; 3287 } 3288 3289 /* 3290 * Write the configuration data in a policy database 3291 * structure to a policy database binary representation 3292 * file. 3293 */ 3294 int policydb_write(struct policydb *p, void *fp) 3295 { 3296 unsigned int i, num_syms; 3297 int rc; 3298 __le32 buf[4]; 3299 u32 config; 3300 size_t len; 3301 struct policydb_compat_info *info; 3302 3303 /* 3304 * refuse to write policy older than compressed avtab 3305 * to simplify the writer. There are other tests dropped 3306 * since we assume this throughout the writer code. Be 3307 * careful if you ever try to remove this restriction 3308 */ 3309 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3310 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3311 " Because it is less than version %d\n", p->policyvers, 3312 POLICYDB_VERSION_AVTAB); 3313 return -EINVAL; 3314 } 3315 3316 config = 0; 3317 if (p->mls_enabled) 3318 config |= POLICYDB_CONFIG_MLS; 3319 3320 if (p->reject_unknown) 3321 config |= REJECT_UNKNOWN; 3322 if (p->allow_unknown) 3323 config |= ALLOW_UNKNOWN; 3324 3325 /* Write the magic number and string identifiers. */ 3326 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3327 len = strlen(POLICYDB_STRING); 3328 buf[1] = cpu_to_le32(len); 3329 rc = put_entry(buf, sizeof(u32), 2, fp); 3330 if (rc) 3331 return rc; 3332 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3333 if (rc) 3334 return rc; 3335 3336 /* Write the version, config, and table sizes. */ 3337 info = policydb_lookup_compat(p->policyvers); 3338 if (!info) { 3339 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3340 "version %d", p->policyvers); 3341 return -EINVAL; 3342 } 3343 3344 buf[0] = cpu_to_le32(p->policyvers); 3345 buf[1] = cpu_to_le32(config); 3346 buf[2] = cpu_to_le32(info->sym_num); 3347 buf[3] = cpu_to_le32(info->ocon_num); 3348 3349 rc = put_entry(buf, sizeof(u32), 4, fp); 3350 if (rc) 3351 return rc; 3352 3353 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3354 rc = ebitmap_write(&p->policycaps, fp); 3355 if (rc) 3356 return rc; 3357 } 3358 3359 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3360 rc = ebitmap_write(&p->permissive_map, fp); 3361 if (rc) 3362 return rc; 3363 } 3364 3365 num_syms = info->sym_num; 3366 for (i = 0; i < num_syms; i++) { 3367 struct policy_data pd; 3368 3369 pd.fp = fp; 3370 pd.p = p; 3371 3372 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3373 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3374 3375 rc = put_entry(buf, sizeof(u32), 2, fp); 3376 if (rc) 3377 return rc; 3378 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3379 if (rc) 3380 return rc; 3381 } 3382 3383 rc = avtab_write(p, &p->te_avtab, fp); 3384 if (rc) 3385 return rc; 3386 3387 rc = cond_write_list(p, p->cond_list, fp); 3388 if (rc) 3389 return rc; 3390 3391 rc = role_trans_write(p, fp); 3392 if (rc) 3393 return rc; 3394 3395 rc = role_allow_write(p->role_allow, fp); 3396 if (rc) 3397 return rc; 3398 3399 rc = filename_trans_write(p, fp); 3400 if (rc) 3401 return rc; 3402 3403 rc = ocontext_write(p, info, fp); 3404 if (rc) 3405 return rc; 3406 3407 rc = genfs_write(p, fp); 3408 if (rc) 3409 return rc; 3410 3411 rc = range_write(p, fp); 3412 if (rc) 3413 return rc; 3414 3415 for (i = 0; i < p->p_types.nprim; i++) { 3416 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3417 3418 BUG_ON(!e); 3419 rc = ebitmap_write(e, fp); 3420 if (rc) 3421 return rc; 3422 } 3423 3424 return 0; 3425 } 3426