1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul.moore@hp.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 39 #define _DEBUG_HASHES 40 41 #ifdef DEBUG_HASHES 42 static char *symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 #endif 53 54 int selinux_mls_enabled = 0; 55 56 static unsigned int symtab_sizes[SYM_NUM] = { 57 2, 58 32, 59 16, 60 512, 61 128, 62 16, 63 16, 64 16, 65 }; 66 67 struct policydb_compat_info { 68 int version; 69 int sym_num; 70 int ocon_num; 71 }; 72 73 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 74 static struct policydb_compat_info policydb_compat[] = { 75 { 76 .version = POLICYDB_VERSION_BASE, 77 .sym_num = SYM_NUM - 3, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_BOOL, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 1, 84 }, 85 { 86 .version = POLICYDB_VERSION_IPV6, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_NLCLASS, 92 .sym_num = SYM_NUM - 2, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_MLS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_AVTAB, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 { 106 .version = POLICYDB_VERSION_RANGETRANS, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM, 109 }, 110 { 111 .version = POLICYDB_VERSION_POLCAP, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM, 114 } 115 }; 116 117 static struct policydb_compat_info *policydb_lookup_compat(int version) 118 { 119 int i; 120 struct policydb_compat_info *info = NULL; 121 122 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 123 if (policydb_compat[i].version == version) { 124 info = &policydb_compat[i]; 125 break; 126 } 127 } 128 return info; 129 } 130 131 /* 132 * Initialize the role table. 133 */ 134 static int roles_init(struct policydb *p) 135 { 136 char *key = NULL; 137 int rc; 138 struct role_datum *role; 139 140 role = kzalloc(sizeof(*role), GFP_KERNEL); 141 if (!role) { 142 rc = -ENOMEM; 143 goto out; 144 } 145 role->value = ++p->p_roles.nprim; 146 if (role->value != OBJECT_R_VAL) { 147 rc = -EINVAL; 148 goto out_free_role; 149 } 150 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); 151 if (!key) { 152 rc = -ENOMEM; 153 goto out_free_role; 154 } 155 strcpy(key, OBJECT_R); 156 rc = hashtab_insert(p->p_roles.table, key, role); 157 if (rc) 158 goto out_free_key; 159 out: 160 return rc; 161 162 out_free_key: 163 kfree(key); 164 out_free_role: 165 kfree(role); 166 goto out; 167 } 168 169 /* 170 * Initialize a policy database structure. 171 */ 172 static int policydb_init(struct policydb *p) 173 { 174 int i, rc; 175 176 memset(p, 0, sizeof(*p)); 177 178 for (i = 0; i < SYM_NUM; i++) { 179 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 180 if (rc) 181 goto out_free_symtab; 182 } 183 184 rc = avtab_init(&p->te_avtab); 185 if (rc) 186 goto out_free_symtab; 187 188 rc = roles_init(p); 189 if (rc) 190 goto out_free_symtab; 191 192 rc = cond_policydb_init(p); 193 if (rc) 194 goto out_free_symtab; 195 196 ebitmap_init(&p->policycaps); 197 198 out: 199 return rc; 200 201 out_free_symtab: 202 for (i = 0; i < SYM_NUM; i++) 203 hashtab_destroy(p->symtab[i].table); 204 goto out; 205 } 206 207 /* 208 * The following *_index functions are used to 209 * define the val_to_name and val_to_struct arrays 210 * in a policy database structure. The val_to_name 211 * arrays are used when converting security context 212 * structures into string representations. The 213 * val_to_struct arrays are used when the attributes 214 * of a class, role, or user are needed. 215 */ 216 217 static int common_index(void *key, void *datum, void *datap) 218 { 219 struct policydb *p; 220 struct common_datum *comdatum; 221 222 comdatum = datum; 223 p = datap; 224 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 225 return -EINVAL; 226 p->p_common_val_to_name[comdatum->value - 1] = key; 227 return 0; 228 } 229 230 static int class_index(void *key, void *datum, void *datap) 231 { 232 struct policydb *p; 233 struct class_datum *cladatum; 234 235 cladatum = datum; 236 p = datap; 237 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 238 return -EINVAL; 239 p->p_class_val_to_name[cladatum->value - 1] = key; 240 p->class_val_to_struct[cladatum->value - 1] = cladatum; 241 return 0; 242 } 243 244 static int role_index(void *key, void *datum, void *datap) 245 { 246 struct policydb *p; 247 struct role_datum *role; 248 249 role = datum; 250 p = datap; 251 if (!role->value || role->value > p->p_roles.nprim) 252 return -EINVAL; 253 p->p_role_val_to_name[role->value - 1] = key; 254 p->role_val_to_struct[role->value - 1] = role; 255 return 0; 256 } 257 258 static int type_index(void *key, void *datum, void *datap) 259 { 260 struct policydb *p; 261 struct type_datum *typdatum; 262 263 typdatum = datum; 264 p = datap; 265 266 if (typdatum->primary) { 267 if (!typdatum->value || typdatum->value > p->p_types.nprim) 268 return -EINVAL; 269 p->p_type_val_to_name[typdatum->value - 1] = key; 270 } 271 272 return 0; 273 } 274 275 static int user_index(void *key, void *datum, void *datap) 276 { 277 struct policydb *p; 278 struct user_datum *usrdatum; 279 280 usrdatum = datum; 281 p = datap; 282 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 283 return -EINVAL; 284 p->p_user_val_to_name[usrdatum->value - 1] = key; 285 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 286 return 0; 287 } 288 289 static int sens_index(void *key, void *datum, void *datap) 290 { 291 struct policydb *p; 292 struct level_datum *levdatum; 293 294 levdatum = datum; 295 p = datap; 296 297 if (!levdatum->isalias) { 298 if (!levdatum->level->sens || 299 levdatum->level->sens > p->p_levels.nprim) 300 return -EINVAL; 301 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 302 } 303 304 return 0; 305 } 306 307 static int cat_index(void *key, void *datum, void *datap) 308 { 309 struct policydb *p; 310 struct cat_datum *catdatum; 311 312 catdatum = datum; 313 p = datap; 314 315 if (!catdatum->isalias) { 316 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 317 return -EINVAL; 318 p->p_cat_val_to_name[catdatum->value - 1] = key; 319 } 320 321 return 0; 322 } 323 324 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 325 { 326 common_index, 327 class_index, 328 role_index, 329 type_index, 330 user_index, 331 cond_index_bool, 332 sens_index, 333 cat_index, 334 }; 335 336 /* 337 * Define the common val_to_name array and the class 338 * val_to_name and val_to_struct arrays in a policy 339 * database structure. 340 * 341 * Caller must clean up upon failure. 342 */ 343 static int policydb_index_classes(struct policydb *p) 344 { 345 int rc; 346 347 p->p_common_val_to_name = 348 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 349 if (!p->p_common_val_to_name) { 350 rc = -ENOMEM; 351 goto out; 352 } 353 354 rc = hashtab_map(p->p_commons.table, common_index, p); 355 if (rc) 356 goto out; 357 358 p->class_val_to_struct = 359 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 360 if (!p->class_val_to_struct) { 361 rc = -ENOMEM; 362 goto out; 363 } 364 365 p->p_class_val_to_name = 366 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 367 if (!p->p_class_val_to_name) { 368 rc = -ENOMEM; 369 goto out; 370 } 371 372 rc = hashtab_map(p->p_classes.table, class_index, p); 373 out: 374 return rc; 375 } 376 377 #ifdef DEBUG_HASHES 378 static void symtab_hash_eval(struct symtab *s) 379 { 380 int i; 381 382 for (i = 0; i < SYM_NUM; i++) { 383 struct hashtab *h = s[i].table; 384 struct hashtab_info info; 385 386 hashtab_stat(h, &info); 387 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " 388 "longest chain length %d\n", symtab_name[i], h->nel, 389 info.slots_used, h->size, info.max_chain_len); 390 } 391 } 392 #endif 393 394 /* 395 * Define the other val_to_name and val_to_struct arrays 396 * in a policy database structure. 397 * 398 * Caller must clean up on failure. 399 */ 400 static int policydb_index_others(struct policydb *p) 401 { 402 int i, rc = 0; 403 404 printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", 405 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 406 if (selinux_mls_enabled) 407 printk(", %d sens, %d cats", p->p_levels.nprim, 408 p->p_cats.nprim); 409 printk("\n"); 410 411 printk(KERN_DEBUG "security: %d classes, %d rules\n", 412 p->p_classes.nprim, p->te_avtab.nel); 413 414 #ifdef DEBUG_HASHES 415 avtab_hash_eval(&p->te_avtab, "rules"); 416 symtab_hash_eval(p->symtab); 417 #endif 418 419 p->role_val_to_struct = 420 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 421 GFP_KERNEL); 422 if (!p->role_val_to_struct) { 423 rc = -ENOMEM; 424 goto out; 425 } 426 427 p->user_val_to_struct = 428 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 429 GFP_KERNEL); 430 if (!p->user_val_to_struct) { 431 rc = -ENOMEM; 432 goto out; 433 } 434 435 if (cond_init_bool_indexes(p)) { 436 rc = -ENOMEM; 437 goto out; 438 } 439 440 for (i = SYM_ROLES; i < SYM_NUM; i++) { 441 p->sym_val_to_name[i] = 442 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 443 if (!p->sym_val_to_name[i]) { 444 rc = -ENOMEM; 445 goto out; 446 } 447 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 448 if (rc) 449 goto out; 450 } 451 452 out: 453 return rc; 454 } 455 456 /* 457 * The following *_destroy functions are used to 458 * free any memory allocated for each kind of 459 * symbol data in the policy database. 460 */ 461 462 static int perm_destroy(void *key, void *datum, void *p) 463 { 464 kfree(key); 465 kfree(datum); 466 return 0; 467 } 468 469 static int common_destroy(void *key, void *datum, void *p) 470 { 471 struct common_datum *comdatum; 472 473 kfree(key); 474 comdatum = datum; 475 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 476 hashtab_destroy(comdatum->permissions.table); 477 kfree(datum); 478 return 0; 479 } 480 481 static int cls_destroy(void *key, void *datum, void *p) 482 { 483 struct class_datum *cladatum; 484 struct constraint_node *constraint, *ctemp; 485 struct constraint_expr *e, *etmp; 486 487 kfree(key); 488 cladatum = datum; 489 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 490 hashtab_destroy(cladatum->permissions.table); 491 constraint = cladatum->constraints; 492 while (constraint) { 493 e = constraint->expr; 494 while (e) { 495 ebitmap_destroy(&e->names); 496 etmp = e; 497 e = e->next; 498 kfree(etmp); 499 } 500 ctemp = constraint; 501 constraint = constraint->next; 502 kfree(ctemp); 503 } 504 505 constraint = cladatum->validatetrans; 506 while (constraint) { 507 e = constraint->expr; 508 while (e) { 509 ebitmap_destroy(&e->names); 510 etmp = e; 511 e = e->next; 512 kfree(etmp); 513 } 514 ctemp = constraint; 515 constraint = constraint->next; 516 kfree(ctemp); 517 } 518 519 kfree(cladatum->comkey); 520 kfree(datum); 521 return 0; 522 } 523 524 static int role_destroy(void *key, void *datum, void *p) 525 { 526 struct role_datum *role; 527 528 kfree(key); 529 role = datum; 530 ebitmap_destroy(&role->dominates); 531 ebitmap_destroy(&role->types); 532 kfree(datum); 533 return 0; 534 } 535 536 static int type_destroy(void *key, void *datum, void *p) 537 { 538 kfree(key); 539 kfree(datum); 540 return 0; 541 } 542 543 static int user_destroy(void *key, void *datum, void *p) 544 { 545 struct user_datum *usrdatum; 546 547 kfree(key); 548 usrdatum = datum; 549 ebitmap_destroy(&usrdatum->roles); 550 ebitmap_destroy(&usrdatum->range.level[0].cat); 551 ebitmap_destroy(&usrdatum->range.level[1].cat); 552 ebitmap_destroy(&usrdatum->dfltlevel.cat); 553 kfree(datum); 554 return 0; 555 } 556 557 static int sens_destroy(void *key, void *datum, void *p) 558 { 559 struct level_datum *levdatum; 560 561 kfree(key); 562 levdatum = datum; 563 ebitmap_destroy(&levdatum->level->cat); 564 kfree(levdatum->level); 565 kfree(datum); 566 return 0; 567 } 568 569 static int cat_destroy(void *key, void *datum, void *p) 570 { 571 kfree(key); 572 kfree(datum); 573 return 0; 574 } 575 576 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 577 { 578 common_destroy, 579 cls_destroy, 580 role_destroy, 581 type_destroy, 582 user_destroy, 583 cond_destroy_bool, 584 sens_destroy, 585 cat_destroy, 586 }; 587 588 static void ocontext_destroy(struct ocontext *c, int i) 589 { 590 context_destroy(&c->context[0]); 591 context_destroy(&c->context[1]); 592 if (i == OCON_ISID || i == OCON_FS || 593 i == OCON_NETIF || i == OCON_FSUSE) 594 kfree(c->u.name); 595 kfree(c); 596 } 597 598 /* 599 * Free any memory allocated by a policy database structure. 600 */ 601 void policydb_destroy(struct policydb *p) 602 { 603 struct ocontext *c, *ctmp; 604 struct genfs *g, *gtmp; 605 int i; 606 struct role_allow *ra, *lra = NULL; 607 struct role_trans *tr, *ltr = NULL; 608 struct range_trans *rt, *lrt = NULL; 609 610 for (i = 0; i < SYM_NUM; i++) { 611 cond_resched(); 612 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 613 hashtab_destroy(p->symtab[i].table); 614 } 615 616 for (i = 0; i < SYM_NUM; i++) 617 kfree(p->sym_val_to_name[i]); 618 619 kfree(p->class_val_to_struct); 620 kfree(p->role_val_to_struct); 621 kfree(p->user_val_to_struct); 622 623 avtab_destroy(&p->te_avtab); 624 625 for (i = 0; i < OCON_NUM; i++) { 626 cond_resched(); 627 c = p->ocontexts[i]; 628 while (c) { 629 ctmp = c; 630 c = c->next; 631 ocontext_destroy(ctmp,i); 632 } 633 p->ocontexts[i] = NULL; 634 } 635 636 g = p->genfs; 637 while (g) { 638 cond_resched(); 639 kfree(g->fstype); 640 c = g->head; 641 while (c) { 642 ctmp = c; 643 c = c->next; 644 ocontext_destroy(ctmp,OCON_FSUSE); 645 } 646 gtmp = g; 647 g = g->next; 648 kfree(gtmp); 649 } 650 p->genfs = NULL; 651 652 cond_policydb_destroy(p); 653 654 for (tr = p->role_tr; tr; tr = tr->next) { 655 cond_resched(); 656 kfree(ltr); 657 ltr = tr; 658 } 659 kfree(ltr); 660 661 for (ra = p->role_allow; ra; ra = ra -> next) { 662 cond_resched(); 663 kfree(lra); 664 lra = ra; 665 } 666 kfree(lra); 667 668 for (rt = p->range_tr; rt; rt = rt -> next) { 669 cond_resched(); 670 if (lrt) { 671 ebitmap_destroy(&lrt->target_range.level[0].cat); 672 ebitmap_destroy(&lrt->target_range.level[1].cat); 673 kfree(lrt); 674 } 675 lrt = rt; 676 } 677 if (lrt) { 678 ebitmap_destroy(&lrt->target_range.level[0].cat); 679 ebitmap_destroy(&lrt->target_range.level[1].cat); 680 kfree(lrt); 681 } 682 683 if (p->type_attr_map) { 684 for (i = 0; i < p->p_types.nprim; i++) 685 ebitmap_destroy(&p->type_attr_map[i]); 686 } 687 kfree(p->type_attr_map); 688 kfree(p->undefined_perms); 689 ebitmap_destroy(&p->policycaps); 690 691 return; 692 } 693 694 /* 695 * Load the initial SIDs specified in a policy database 696 * structure into a SID table. 697 */ 698 int policydb_load_isids(struct policydb *p, struct sidtab *s) 699 { 700 struct ocontext *head, *c; 701 int rc; 702 703 rc = sidtab_init(s); 704 if (rc) { 705 printk(KERN_ERR "security: out of memory on SID table init\n"); 706 goto out; 707 } 708 709 head = p->ocontexts[OCON_ISID]; 710 for (c = head; c; c = c->next) { 711 if (!c->context[0].user) { 712 printk(KERN_ERR "security: SID %s was never " 713 "defined.\n", c->u.name); 714 rc = -EINVAL; 715 goto out; 716 } 717 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 718 printk(KERN_ERR "security: unable to load initial " 719 "SID %s.\n", c->u.name); 720 rc = -EINVAL; 721 goto out; 722 } 723 } 724 out: 725 return rc; 726 } 727 728 int policydb_class_isvalid(struct policydb *p, unsigned int class) 729 { 730 if (!class || class > p->p_classes.nprim) 731 return 0; 732 return 1; 733 } 734 735 int policydb_role_isvalid(struct policydb *p, unsigned int role) 736 { 737 if (!role || role > p->p_roles.nprim) 738 return 0; 739 return 1; 740 } 741 742 int policydb_type_isvalid(struct policydb *p, unsigned int type) 743 { 744 if (!type || type > p->p_types.nprim) 745 return 0; 746 return 1; 747 } 748 749 /* 750 * Return 1 if the fields in the security context 751 * structure `c' are valid. Return 0 otherwise. 752 */ 753 int policydb_context_isvalid(struct policydb *p, struct context *c) 754 { 755 struct role_datum *role; 756 struct user_datum *usrdatum; 757 758 if (!c->role || c->role > p->p_roles.nprim) 759 return 0; 760 761 if (!c->user || c->user > p->p_users.nprim) 762 return 0; 763 764 if (!c->type || c->type > p->p_types.nprim) 765 return 0; 766 767 if (c->role != OBJECT_R_VAL) { 768 /* 769 * Role must be authorized for the type. 770 */ 771 role = p->role_val_to_struct[c->role - 1]; 772 if (!ebitmap_get_bit(&role->types, 773 c->type - 1)) 774 /* role may not be associated with type */ 775 return 0; 776 777 /* 778 * User must be authorized for the role. 779 */ 780 usrdatum = p->user_val_to_struct[c->user - 1]; 781 if (!usrdatum) 782 return 0; 783 784 if (!ebitmap_get_bit(&usrdatum->roles, 785 c->role - 1)) 786 /* user may not be associated with role */ 787 return 0; 788 } 789 790 if (!mls_context_isvalid(p, c)) 791 return 0; 792 793 return 1; 794 } 795 796 /* 797 * Read a MLS range structure from a policydb binary 798 * representation file. 799 */ 800 static int mls_read_range_helper(struct mls_range *r, void *fp) 801 { 802 __le32 buf[2]; 803 u32 items; 804 int rc; 805 806 rc = next_entry(buf, fp, sizeof(u32)); 807 if (rc < 0) 808 goto out; 809 810 items = le32_to_cpu(buf[0]); 811 if (items > ARRAY_SIZE(buf)) { 812 printk(KERN_ERR "security: mls: range overflow\n"); 813 rc = -EINVAL; 814 goto out; 815 } 816 rc = next_entry(buf, fp, sizeof(u32) * items); 817 if (rc < 0) { 818 printk(KERN_ERR "security: mls: truncated range\n"); 819 goto out; 820 } 821 r->level[0].sens = le32_to_cpu(buf[0]); 822 if (items > 1) 823 r->level[1].sens = le32_to_cpu(buf[1]); 824 else 825 r->level[1].sens = r->level[0].sens; 826 827 rc = ebitmap_read(&r->level[0].cat, fp); 828 if (rc) { 829 printk(KERN_ERR "security: mls: error reading low " 830 "categories\n"); 831 goto out; 832 } 833 if (items > 1) { 834 rc = ebitmap_read(&r->level[1].cat, fp); 835 if (rc) { 836 printk(KERN_ERR "security: mls: error reading high " 837 "categories\n"); 838 goto bad_high; 839 } 840 } else { 841 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 842 if (rc) { 843 printk(KERN_ERR "security: mls: out of memory\n"); 844 goto bad_high; 845 } 846 } 847 848 rc = 0; 849 out: 850 return rc; 851 bad_high: 852 ebitmap_destroy(&r->level[0].cat); 853 goto out; 854 } 855 856 /* 857 * Read and validate a security context structure 858 * from a policydb binary representation file. 859 */ 860 static int context_read_and_validate(struct context *c, 861 struct policydb *p, 862 void *fp) 863 { 864 __le32 buf[3]; 865 int rc; 866 867 rc = next_entry(buf, fp, sizeof buf); 868 if (rc < 0) { 869 printk(KERN_ERR "security: context truncated\n"); 870 goto out; 871 } 872 c->user = le32_to_cpu(buf[0]); 873 c->role = le32_to_cpu(buf[1]); 874 c->type = le32_to_cpu(buf[2]); 875 if (p->policyvers >= POLICYDB_VERSION_MLS) { 876 if (mls_read_range_helper(&c->range, fp)) { 877 printk(KERN_ERR "security: error reading MLS range of " 878 "context\n"); 879 rc = -EINVAL; 880 goto out; 881 } 882 } 883 884 if (!policydb_context_isvalid(p, c)) { 885 printk(KERN_ERR "security: invalid security context\n"); 886 context_destroy(c); 887 rc = -EINVAL; 888 } 889 out: 890 return rc; 891 } 892 893 /* 894 * The following *_read functions are used to 895 * read the symbol data from a policy database 896 * binary representation file. 897 */ 898 899 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 900 { 901 char *key = NULL; 902 struct perm_datum *perdatum; 903 int rc; 904 __le32 buf[2]; 905 u32 len; 906 907 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 908 if (!perdatum) { 909 rc = -ENOMEM; 910 goto out; 911 } 912 913 rc = next_entry(buf, fp, sizeof buf); 914 if (rc < 0) 915 goto bad; 916 917 len = le32_to_cpu(buf[0]); 918 perdatum->value = le32_to_cpu(buf[1]); 919 920 key = kmalloc(len + 1,GFP_KERNEL); 921 if (!key) { 922 rc = -ENOMEM; 923 goto bad; 924 } 925 rc = next_entry(key, fp, len); 926 if (rc < 0) 927 goto bad; 928 key[len] = 0; 929 930 rc = hashtab_insert(h, key, perdatum); 931 if (rc) 932 goto bad; 933 out: 934 return rc; 935 bad: 936 perm_destroy(key, perdatum, NULL); 937 goto out; 938 } 939 940 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 941 { 942 char *key = NULL; 943 struct common_datum *comdatum; 944 __le32 buf[4]; 945 u32 len, nel; 946 int i, rc; 947 948 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 949 if (!comdatum) { 950 rc = -ENOMEM; 951 goto out; 952 } 953 954 rc = next_entry(buf, fp, sizeof buf); 955 if (rc < 0) 956 goto bad; 957 958 len = le32_to_cpu(buf[0]); 959 comdatum->value = le32_to_cpu(buf[1]); 960 961 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 962 if (rc) 963 goto bad; 964 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 965 nel = le32_to_cpu(buf[3]); 966 967 key = kmalloc(len + 1,GFP_KERNEL); 968 if (!key) { 969 rc = -ENOMEM; 970 goto bad; 971 } 972 rc = next_entry(key, fp, len); 973 if (rc < 0) 974 goto bad; 975 key[len] = 0; 976 977 for (i = 0; i < nel; i++) { 978 rc = perm_read(p, comdatum->permissions.table, fp); 979 if (rc) 980 goto bad; 981 } 982 983 rc = hashtab_insert(h, key, comdatum); 984 if (rc) 985 goto bad; 986 out: 987 return rc; 988 bad: 989 common_destroy(key, comdatum, NULL); 990 goto out; 991 } 992 993 static int read_cons_helper(struct constraint_node **nodep, int ncons, 994 int allowxtarget, void *fp) 995 { 996 struct constraint_node *c, *lc; 997 struct constraint_expr *e, *le; 998 __le32 buf[3]; 999 u32 nexpr; 1000 int rc, i, j, depth; 1001 1002 lc = NULL; 1003 for (i = 0; i < ncons; i++) { 1004 c = kzalloc(sizeof(*c), GFP_KERNEL); 1005 if (!c) 1006 return -ENOMEM; 1007 1008 if (lc) { 1009 lc->next = c; 1010 } else { 1011 *nodep = c; 1012 } 1013 1014 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1015 if (rc < 0) 1016 return rc; 1017 c->permissions = le32_to_cpu(buf[0]); 1018 nexpr = le32_to_cpu(buf[1]); 1019 le = NULL; 1020 depth = -1; 1021 for (j = 0; j < nexpr; j++) { 1022 e = kzalloc(sizeof(*e), GFP_KERNEL); 1023 if (!e) 1024 return -ENOMEM; 1025 1026 if (le) { 1027 le->next = e; 1028 } else { 1029 c->expr = e; 1030 } 1031 1032 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1033 if (rc < 0) 1034 return rc; 1035 e->expr_type = le32_to_cpu(buf[0]); 1036 e->attr = le32_to_cpu(buf[1]); 1037 e->op = le32_to_cpu(buf[2]); 1038 1039 switch (e->expr_type) { 1040 case CEXPR_NOT: 1041 if (depth < 0) 1042 return -EINVAL; 1043 break; 1044 case CEXPR_AND: 1045 case CEXPR_OR: 1046 if (depth < 1) 1047 return -EINVAL; 1048 depth--; 1049 break; 1050 case CEXPR_ATTR: 1051 if (depth == (CEXPR_MAXDEPTH - 1)) 1052 return -EINVAL; 1053 depth++; 1054 break; 1055 case CEXPR_NAMES: 1056 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1057 return -EINVAL; 1058 if (depth == (CEXPR_MAXDEPTH - 1)) 1059 return -EINVAL; 1060 depth++; 1061 if (ebitmap_read(&e->names, fp)) 1062 return -EINVAL; 1063 break; 1064 default: 1065 return -EINVAL; 1066 } 1067 le = e; 1068 } 1069 if (depth != 0) 1070 return -EINVAL; 1071 lc = c; 1072 } 1073 1074 return 0; 1075 } 1076 1077 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1078 { 1079 char *key = NULL; 1080 struct class_datum *cladatum; 1081 __le32 buf[6]; 1082 u32 len, len2, ncons, nel; 1083 int i, rc; 1084 1085 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1086 if (!cladatum) { 1087 rc = -ENOMEM; 1088 goto out; 1089 } 1090 1091 rc = next_entry(buf, fp, sizeof(u32)*6); 1092 if (rc < 0) 1093 goto bad; 1094 1095 len = le32_to_cpu(buf[0]); 1096 len2 = le32_to_cpu(buf[1]); 1097 cladatum->value = le32_to_cpu(buf[2]); 1098 1099 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1100 if (rc) 1101 goto bad; 1102 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1103 nel = le32_to_cpu(buf[4]); 1104 1105 ncons = le32_to_cpu(buf[5]); 1106 1107 key = kmalloc(len + 1,GFP_KERNEL); 1108 if (!key) { 1109 rc = -ENOMEM; 1110 goto bad; 1111 } 1112 rc = next_entry(key, fp, len); 1113 if (rc < 0) 1114 goto bad; 1115 key[len] = 0; 1116 1117 if (len2) { 1118 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); 1119 if (!cladatum->comkey) { 1120 rc = -ENOMEM; 1121 goto bad; 1122 } 1123 rc = next_entry(cladatum->comkey, fp, len2); 1124 if (rc < 0) 1125 goto bad; 1126 cladatum->comkey[len2] = 0; 1127 1128 cladatum->comdatum = hashtab_search(p->p_commons.table, 1129 cladatum->comkey); 1130 if (!cladatum->comdatum) { 1131 printk(KERN_ERR "security: unknown common %s\n", 1132 cladatum->comkey); 1133 rc = -EINVAL; 1134 goto bad; 1135 } 1136 } 1137 for (i = 0; i < nel; i++) { 1138 rc = perm_read(p, cladatum->permissions.table, fp); 1139 if (rc) 1140 goto bad; 1141 } 1142 1143 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1144 if (rc) 1145 goto bad; 1146 1147 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1148 /* grab the validatetrans rules */ 1149 rc = next_entry(buf, fp, sizeof(u32)); 1150 if (rc < 0) 1151 goto bad; 1152 ncons = le32_to_cpu(buf[0]); 1153 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1154 if (rc) 1155 goto bad; 1156 } 1157 1158 rc = hashtab_insert(h, key, cladatum); 1159 if (rc) 1160 goto bad; 1161 1162 rc = 0; 1163 out: 1164 return rc; 1165 bad: 1166 cls_destroy(key, cladatum, NULL); 1167 goto out; 1168 } 1169 1170 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1171 { 1172 char *key = NULL; 1173 struct role_datum *role; 1174 int rc; 1175 __le32 buf[2]; 1176 u32 len; 1177 1178 role = kzalloc(sizeof(*role), GFP_KERNEL); 1179 if (!role) { 1180 rc = -ENOMEM; 1181 goto out; 1182 } 1183 1184 rc = next_entry(buf, fp, sizeof buf); 1185 if (rc < 0) 1186 goto bad; 1187 1188 len = le32_to_cpu(buf[0]); 1189 role->value = le32_to_cpu(buf[1]); 1190 1191 key = kmalloc(len + 1,GFP_KERNEL); 1192 if (!key) { 1193 rc = -ENOMEM; 1194 goto bad; 1195 } 1196 rc = next_entry(key, fp, len); 1197 if (rc < 0) 1198 goto bad; 1199 key[len] = 0; 1200 1201 rc = ebitmap_read(&role->dominates, fp); 1202 if (rc) 1203 goto bad; 1204 1205 rc = ebitmap_read(&role->types, fp); 1206 if (rc) 1207 goto bad; 1208 1209 if (strcmp(key, OBJECT_R) == 0) { 1210 if (role->value != OBJECT_R_VAL) { 1211 printk(KERN_ERR "Role %s has wrong value %d\n", 1212 OBJECT_R, role->value); 1213 rc = -EINVAL; 1214 goto bad; 1215 } 1216 rc = 0; 1217 goto bad; 1218 } 1219 1220 rc = hashtab_insert(h, key, role); 1221 if (rc) 1222 goto bad; 1223 out: 1224 return rc; 1225 bad: 1226 role_destroy(key, role, NULL); 1227 goto out; 1228 } 1229 1230 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1231 { 1232 char *key = NULL; 1233 struct type_datum *typdatum; 1234 int rc; 1235 __le32 buf[3]; 1236 u32 len; 1237 1238 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); 1239 if (!typdatum) { 1240 rc = -ENOMEM; 1241 return rc; 1242 } 1243 1244 rc = next_entry(buf, fp, sizeof buf); 1245 if (rc < 0) 1246 goto bad; 1247 1248 len = le32_to_cpu(buf[0]); 1249 typdatum->value = le32_to_cpu(buf[1]); 1250 typdatum->primary = le32_to_cpu(buf[2]); 1251 1252 key = kmalloc(len + 1,GFP_KERNEL); 1253 if (!key) { 1254 rc = -ENOMEM; 1255 goto bad; 1256 } 1257 rc = next_entry(key, fp, len); 1258 if (rc < 0) 1259 goto bad; 1260 key[len] = 0; 1261 1262 rc = hashtab_insert(h, key, typdatum); 1263 if (rc) 1264 goto bad; 1265 out: 1266 return rc; 1267 bad: 1268 type_destroy(key, typdatum, NULL); 1269 goto out; 1270 } 1271 1272 1273 /* 1274 * Read a MLS level structure from a policydb binary 1275 * representation file. 1276 */ 1277 static int mls_read_level(struct mls_level *lp, void *fp) 1278 { 1279 __le32 buf[1]; 1280 int rc; 1281 1282 memset(lp, 0, sizeof(*lp)); 1283 1284 rc = next_entry(buf, fp, sizeof buf); 1285 if (rc < 0) { 1286 printk(KERN_ERR "security: mls: truncated level\n"); 1287 goto bad; 1288 } 1289 lp->sens = le32_to_cpu(buf[0]); 1290 1291 if (ebitmap_read(&lp->cat, fp)) { 1292 printk(KERN_ERR "security: mls: error reading level " 1293 "categories\n"); 1294 goto bad; 1295 } 1296 1297 return 0; 1298 1299 bad: 1300 return -EINVAL; 1301 } 1302 1303 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1304 { 1305 char *key = NULL; 1306 struct user_datum *usrdatum; 1307 int rc; 1308 __le32 buf[2]; 1309 u32 len; 1310 1311 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1312 if (!usrdatum) { 1313 rc = -ENOMEM; 1314 goto out; 1315 } 1316 1317 rc = next_entry(buf, fp, sizeof buf); 1318 if (rc < 0) 1319 goto bad; 1320 1321 len = le32_to_cpu(buf[0]); 1322 usrdatum->value = le32_to_cpu(buf[1]); 1323 1324 key = kmalloc(len + 1,GFP_KERNEL); 1325 if (!key) { 1326 rc = -ENOMEM; 1327 goto bad; 1328 } 1329 rc = next_entry(key, fp, len); 1330 if (rc < 0) 1331 goto bad; 1332 key[len] = 0; 1333 1334 rc = ebitmap_read(&usrdatum->roles, fp); 1335 if (rc) 1336 goto bad; 1337 1338 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1339 rc = mls_read_range_helper(&usrdatum->range, fp); 1340 if (rc) 1341 goto bad; 1342 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1343 if (rc) 1344 goto bad; 1345 } 1346 1347 rc = hashtab_insert(h, key, usrdatum); 1348 if (rc) 1349 goto bad; 1350 out: 1351 return rc; 1352 bad: 1353 user_destroy(key, usrdatum, NULL); 1354 goto out; 1355 } 1356 1357 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1358 { 1359 char *key = NULL; 1360 struct level_datum *levdatum; 1361 int rc; 1362 __le32 buf[2]; 1363 u32 len; 1364 1365 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1366 if (!levdatum) { 1367 rc = -ENOMEM; 1368 goto out; 1369 } 1370 1371 rc = next_entry(buf, fp, sizeof buf); 1372 if (rc < 0) 1373 goto bad; 1374 1375 len = le32_to_cpu(buf[0]); 1376 levdatum->isalias = le32_to_cpu(buf[1]); 1377 1378 key = kmalloc(len + 1,GFP_ATOMIC); 1379 if (!key) { 1380 rc = -ENOMEM; 1381 goto bad; 1382 } 1383 rc = next_entry(key, fp, len); 1384 if (rc < 0) 1385 goto bad; 1386 key[len] = 0; 1387 1388 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1389 if (!levdatum->level) { 1390 rc = -ENOMEM; 1391 goto bad; 1392 } 1393 if (mls_read_level(levdatum->level, fp)) { 1394 rc = -EINVAL; 1395 goto bad; 1396 } 1397 1398 rc = hashtab_insert(h, key, levdatum); 1399 if (rc) 1400 goto bad; 1401 out: 1402 return rc; 1403 bad: 1404 sens_destroy(key, levdatum, NULL); 1405 goto out; 1406 } 1407 1408 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1409 { 1410 char *key = NULL; 1411 struct cat_datum *catdatum; 1412 int rc; 1413 __le32 buf[3]; 1414 u32 len; 1415 1416 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1417 if (!catdatum) { 1418 rc = -ENOMEM; 1419 goto out; 1420 } 1421 1422 rc = next_entry(buf, fp, sizeof buf); 1423 if (rc < 0) 1424 goto bad; 1425 1426 len = le32_to_cpu(buf[0]); 1427 catdatum->value = le32_to_cpu(buf[1]); 1428 catdatum->isalias = le32_to_cpu(buf[2]); 1429 1430 key = kmalloc(len + 1,GFP_ATOMIC); 1431 if (!key) { 1432 rc = -ENOMEM; 1433 goto bad; 1434 } 1435 rc = next_entry(key, fp, len); 1436 if (rc < 0) 1437 goto bad; 1438 key[len] = 0; 1439 1440 rc = hashtab_insert(h, key, catdatum); 1441 if (rc) 1442 goto bad; 1443 out: 1444 return rc; 1445 1446 bad: 1447 cat_destroy(key, catdatum, NULL); 1448 goto out; 1449 } 1450 1451 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1452 { 1453 common_read, 1454 class_read, 1455 role_read, 1456 type_read, 1457 user_read, 1458 cond_read_bool, 1459 sens_read, 1460 cat_read, 1461 }; 1462 1463 extern int ss_initialized; 1464 1465 /* 1466 * Read the configuration data from a policy database binary 1467 * representation file into a policy database structure. 1468 */ 1469 int policydb_read(struct policydb *p, void *fp) 1470 { 1471 struct role_allow *ra, *lra; 1472 struct role_trans *tr, *ltr; 1473 struct ocontext *l, *c, *newc; 1474 struct genfs *genfs_p, *genfs, *newgenfs; 1475 int i, j, rc; 1476 __le32 buf[8]; 1477 u32 len, len2, config, nprim, nel, nel2; 1478 char *policydb_str; 1479 struct policydb_compat_info *info; 1480 struct range_trans *rt, *lrt; 1481 1482 config = 0; 1483 1484 rc = policydb_init(p); 1485 if (rc) 1486 goto out; 1487 1488 /* Read the magic number and string length. */ 1489 rc = next_entry(buf, fp, sizeof(u32)* 2); 1490 if (rc < 0) 1491 goto bad; 1492 1493 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1494 printk(KERN_ERR "security: policydb magic number 0x%x does " 1495 "not match expected magic number 0x%x\n", 1496 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1497 goto bad; 1498 } 1499 1500 len = le32_to_cpu(buf[1]); 1501 if (len != strlen(POLICYDB_STRING)) { 1502 printk(KERN_ERR "security: policydb string length %d does not " 1503 "match expected length %Zu\n", 1504 len, strlen(POLICYDB_STRING)); 1505 goto bad; 1506 } 1507 policydb_str = kmalloc(len + 1,GFP_KERNEL); 1508 if (!policydb_str) { 1509 printk(KERN_ERR "security: unable to allocate memory for policydb " 1510 "string of length %d\n", len); 1511 rc = -ENOMEM; 1512 goto bad; 1513 } 1514 rc = next_entry(policydb_str, fp, len); 1515 if (rc < 0) { 1516 printk(KERN_ERR "security: truncated policydb string identifier\n"); 1517 kfree(policydb_str); 1518 goto bad; 1519 } 1520 policydb_str[len] = 0; 1521 if (strcmp(policydb_str, POLICYDB_STRING)) { 1522 printk(KERN_ERR "security: policydb string %s does not match " 1523 "my string %s\n", policydb_str, POLICYDB_STRING); 1524 kfree(policydb_str); 1525 goto bad; 1526 } 1527 /* Done with policydb_str. */ 1528 kfree(policydb_str); 1529 policydb_str = NULL; 1530 1531 /* Read the version, config, and table sizes. */ 1532 rc = next_entry(buf, fp, sizeof(u32)*4); 1533 if (rc < 0) 1534 goto bad; 1535 1536 p->policyvers = le32_to_cpu(buf[0]); 1537 if (p->policyvers < POLICYDB_VERSION_MIN || 1538 p->policyvers > POLICYDB_VERSION_MAX) { 1539 printk(KERN_ERR "security: policydb version %d does not match " 1540 "my version range %d-%d\n", 1541 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1542 goto bad; 1543 } 1544 1545 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1546 if (ss_initialized && !selinux_mls_enabled) { 1547 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1548 "policies\n"); 1549 goto bad; 1550 } 1551 selinux_mls_enabled = 1; 1552 config |= POLICYDB_CONFIG_MLS; 1553 1554 if (p->policyvers < POLICYDB_VERSION_MLS) { 1555 printk(KERN_ERR "security policydb version %d (MLS) " 1556 "not backwards compatible\n", p->policyvers); 1557 goto bad; 1558 } 1559 } else { 1560 if (ss_initialized && selinux_mls_enabled) { 1561 printk(KERN_ERR "Cannot switch between MLS and non-MLS " 1562 "policies\n"); 1563 goto bad; 1564 } 1565 } 1566 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1567 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1568 1569 if (p->policyvers >= POLICYDB_VERSION_POLCAP && 1570 ebitmap_read(&p->policycaps, fp) != 0) 1571 goto bad; 1572 1573 info = policydb_lookup_compat(p->policyvers); 1574 if (!info) { 1575 printk(KERN_ERR "security: unable to find policy compat info " 1576 "for version %d\n", p->policyvers); 1577 goto bad; 1578 } 1579 1580 if (le32_to_cpu(buf[2]) != info->sym_num || 1581 le32_to_cpu(buf[3]) != info->ocon_num) { 1582 printk(KERN_ERR "security: policydb table sizes (%d,%d) do " 1583 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1584 le32_to_cpu(buf[3]), 1585 info->sym_num, info->ocon_num); 1586 goto bad; 1587 } 1588 1589 for (i = 0; i < info->sym_num; i++) { 1590 rc = next_entry(buf, fp, sizeof(u32)*2); 1591 if (rc < 0) 1592 goto bad; 1593 nprim = le32_to_cpu(buf[0]); 1594 nel = le32_to_cpu(buf[1]); 1595 for (j = 0; j < nel; j++) { 1596 rc = read_f[i](p, p->symtab[i].table, fp); 1597 if (rc) 1598 goto bad; 1599 } 1600 1601 p->symtab[i].nprim = nprim; 1602 } 1603 1604 rc = avtab_read(&p->te_avtab, fp, p); 1605 if (rc) 1606 goto bad; 1607 1608 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1609 rc = cond_read_list(p, fp); 1610 if (rc) 1611 goto bad; 1612 } 1613 1614 rc = next_entry(buf, fp, sizeof(u32)); 1615 if (rc < 0) 1616 goto bad; 1617 nel = le32_to_cpu(buf[0]); 1618 ltr = NULL; 1619 for (i = 0; i < nel; i++) { 1620 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1621 if (!tr) { 1622 rc = -ENOMEM; 1623 goto bad; 1624 } 1625 if (ltr) { 1626 ltr->next = tr; 1627 } else { 1628 p->role_tr = tr; 1629 } 1630 rc = next_entry(buf, fp, sizeof(u32)*3); 1631 if (rc < 0) 1632 goto bad; 1633 tr->role = le32_to_cpu(buf[0]); 1634 tr->type = le32_to_cpu(buf[1]); 1635 tr->new_role = le32_to_cpu(buf[2]); 1636 if (!policydb_role_isvalid(p, tr->role) || 1637 !policydb_type_isvalid(p, tr->type) || 1638 !policydb_role_isvalid(p, tr->new_role)) { 1639 rc = -EINVAL; 1640 goto bad; 1641 } 1642 ltr = tr; 1643 } 1644 1645 rc = next_entry(buf, fp, sizeof(u32)); 1646 if (rc < 0) 1647 goto bad; 1648 nel = le32_to_cpu(buf[0]); 1649 lra = NULL; 1650 for (i = 0; i < nel; i++) { 1651 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1652 if (!ra) { 1653 rc = -ENOMEM; 1654 goto bad; 1655 } 1656 if (lra) { 1657 lra->next = ra; 1658 } else { 1659 p->role_allow = ra; 1660 } 1661 rc = next_entry(buf, fp, sizeof(u32)*2); 1662 if (rc < 0) 1663 goto bad; 1664 ra->role = le32_to_cpu(buf[0]); 1665 ra->new_role = le32_to_cpu(buf[1]); 1666 if (!policydb_role_isvalid(p, ra->role) || 1667 !policydb_role_isvalid(p, ra->new_role)) { 1668 rc = -EINVAL; 1669 goto bad; 1670 } 1671 lra = ra; 1672 } 1673 1674 rc = policydb_index_classes(p); 1675 if (rc) 1676 goto bad; 1677 1678 rc = policydb_index_others(p); 1679 if (rc) 1680 goto bad; 1681 1682 for (i = 0; i < info->ocon_num; i++) { 1683 rc = next_entry(buf, fp, sizeof(u32)); 1684 if (rc < 0) 1685 goto bad; 1686 nel = le32_to_cpu(buf[0]); 1687 l = NULL; 1688 for (j = 0; j < nel; j++) { 1689 c = kzalloc(sizeof(*c), GFP_KERNEL); 1690 if (!c) { 1691 rc = -ENOMEM; 1692 goto bad; 1693 } 1694 if (l) { 1695 l->next = c; 1696 } else { 1697 p->ocontexts[i] = c; 1698 } 1699 l = c; 1700 rc = -EINVAL; 1701 switch (i) { 1702 case OCON_ISID: 1703 rc = next_entry(buf, fp, sizeof(u32)); 1704 if (rc < 0) 1705 goto bad; 1706 c->sid[0] = le32_to_cpu(buf[0]); 1707 rc = context_read_and_validate(&c->context[0], p, fp); 1708 if (rc) 1709 goto bad; 1710 break; 1711 case OCON_FS: 1712 case OCON_NETIF: 1713 rc = next_entry(buf, fp, sizeof(u32)); 1714 if (rc < 0) 1715 goto bad; 1716 len = le32_to_cpu(buf[0]); 1717 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1718 if (!c->u.name) { 1719 rc = -ENOMEM; 1720 goto bad; 1721 } 1722 rc = next_entry(c->u.name, fp, len); 1723 if (rc < 0) 1724 goto bad; 1725 c->u.name[len] = 0; 1726 rc = context_read_and_validate(&c->context[0], p, fp); 1727 if (rc) 1728 goto bad; 1729 rc = context_read_and_validate(&c->context[1], p, fp); 1730 if (rc) 1731 goto bad; 1732 break; 1733 case OCON_PORT: 1734 rc = next_entry(buf, fp, sizeof(u32)*3); 1735 if (rc < 0) 1736 goto bad; 1737 c->u.port.protocol = le32_to_cpu(buf[0]); 1738 c->u.port.low_port = le32_to_cpu(buf[1]); 1739 c->u.port.high_port = le32_to_cpu(buf[2]); 1740 rc = context_read_and_validate(&c->context[0], p, fp); 1741 if (rc) 1742 goto bad; 1743 break; 1744 case OCON_NODE: 1745 rc = next_entry(buf, fp, sizeof(u32)* 2); 1746 if (rc < 0) 1747 goto bad; 1748 c->u.node.addr = le32_to_cpu(buf[0]); 1749 c->u.node.mask = le32_to_cpu(buf[1]); 1750 rc = context_read_and_validate(&c->context[0], p, fp); 1751 if (rc) 1752 goto bad; 1753 break; 1754 case OCON_FSUSE: 1755 rc = next_entry(buf, fp, sizeof(u32)*2); 1756 if (rc < 0) 1757 goto bad; 1758 c->v.behavior = le32_to_cpu(buf[0]); 1759 if (c->v.behavior > SECURITY_FS_USE_NONE) 1760 goto bad; 1761 len = le32_to_cpu(buf[1]); 1762 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1763 if (!c->u.name) { 1764 rc = -ENOMEM; 1765 goto bad; 1766 } 1767 rc = next_entry(c->u.name, fp, len); 1768 if (rc < 0) 1769 goto bad; 1770 c->u.name[len] = 0; 1771 rc = context_read_and_validate(&c->context[0], p, fp); 1772 if (rc) 1773 goto bad; 1774 break; 1775 case OCON_NODE6: { 1776 int k; 1777 1778 rc = next_entry(buf, fp, sizeof(u32) * 8); 1779 if (rc < 0) 1780 goto bad; 1781 for (k = 0; k < 4; k++) 1782 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1783 for (k = 0; k < 4; k++) 1784 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1785 if (context_read_and_validate(&c->context[0], p, fp)) 1786 goto bad; 1787 break; 1788 } 1789 } 1790 } 1791 } 1792 1793 rc = next_entry(buf, fp, sizeof(u32)); 1794 if (rc < 0) 1795 goto bad; 1796 nel = le32_to_cpu(buf[0]); 1797 genfs_p = NULL; 1798 rc = -EINVAL; 1799 for (i = 0; i < nel; i++) { 1800 rc = next_entry(buf, fp, sizeof(u32)); 1801 if (rc < 0) 1802 goto bad; 1803 len = le32_to_cpu(buf[0]); 1804 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1805 if (!newgenfs) { 1806 rc = -ENOMEM; 1807 goto bad; 1808 } 1809 1810 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1811 if (!newgenfs->fstype) { 1812 rc = -ENOMEM; 1813 kfree(newgenfs); 1814 goto bad; 1815 } 1816 rc = next_entry(newgenfs->fstype, fp, len); 1817 if (rc < 0) { 1818 kfree(newgenfs->fstype); 1819 kfree(newgenfs); 1820 goto bad; 1821 } 1822 newgenfs->fstype[len] = 0; 1823 for (genfs_p = NULL, genfs = p->genfs; genfs; 1824 genfs_p = genfs, genfs = genfs->next) { 1825 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1826 printk(KERN_ERR "security: dup genfs " 1827 "fstype %s\n", newgenfs->fstype); 1828 kfree(newgenfs->fstype); 1829 kfree(newgenfs); 1830 goto bad; 1831 } 1832 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1833 break; 1834 } 1835 newgenfs->next = genfs; 1836 if (genfs_p) 1837 genfs_p->next = newgenfs; 1838 else 1839 p->genfs = newgenfs; 1840 rc = next_entry(buf, fp, sizeof(u32)); 1841 if (rc < 0) 1842 goto bad; 1843 nel2 = le32_to_cpu(buf[0]); 1844 for (j = 0; j < nel2; j++) { 1845 rc = next_entry(buf, fp, sizeof(u32)); 1846 if (rc < 0) 1847 goto bad; 1848 len = le32_to_cpu(buf[0]); 1849 1850 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1851 if (!newc) { 1852 rc = -ENOMEM; 1853 goto bad; 1854 } 1855 1856 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1857 if (!newc->u.name) { 1858 rc = -ENOMEM; 1859 goto bad_newc; 1860 } 1861 rc = next_entry(newc->u.name, fp, len); 1862 if (rc < 0) 1863 goto bad_newc; 1864 newc->u.name[len] = 0; 1865 rc = next_entry(buf, fp, sizeof(u32)); 1866 if (rc < 0) 1867 goto bad_newc; 1868 newc->v.sclass = le32_to_cpu(buf[0]); 1869 if (context_read_and_validate(&newc->context[0], p, fp)) 1870 goto bad_newc; 1871 for (l = NULL, c = newgenfs->head; c; 1872 l = c, c = c->next) { 1873 if (!strcmp(newc->u.name, c->u.name) && 1874 (!c->v.sclass || !newc->v.sclass || 1875 newc->v.sclass == c->v.sclass)) { 1876 printk(KERN_ERR "security: dup genfs " 1877 "entry (%s,%s)\n", 1878 newgenfs->fstype, c->u.name); 1879 goto bad_newc; 1880 } 1881 len = strlen(newc->u.name); 1882 len2 = strlen(c->u.name); 1883 if (len > len2) 1884 break; 1885 } 1886 1887 newc->next = c; 1888 if (l) 1889 l->next = newc; 1890 else 1891 newgenfs->head = newc; 1892 } 1893 } 1894 1895 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1896 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1897 rc = next_entry(buf, fp, sizeof(u32)); 1898 if (rc < 0) 1899 goto bad; 1900 nel = le32_to_cpu(buf[0]); 1901 lrt = NULL; 1902 for (i = 0; i < nel; i++) { 1903 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1904 if (!rt) { 1905 rc = -ENOMEM; 1906 goto bad; 1907 } 1908 if (lrt) 1909 lrt->next = rt; 1910 else 1911 p->range_tr = rt; 1912 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1913 if (rc < 0) 1914 goto bad; 1915 rt->source_type = le32_to_cpu(buf[0]); 1916 rt->target_type = le32_to_cpu(buf[1]); 1917 if (new_rangetr) { 1918 rc = next_entry(buf, fp, sizeof(u32)); 1919 if (rc < 0) 1920 goto bad; 1921 rt->target_class = le32_to_cpu(buf[0]); 1922 } else 1923 rt->target_class = SECCLASS_PROCESS; 1924 if (!policydb_type_isvalid(p, rt->source_type) || 1925 !policydb_type_isvalid(p, rt->target_type) || 1926 !policydb_class_isvalid(p, rt->target_class)) { 1927 rc = -EINVAL; 1928 goto bad; 1929 } 1930 rc = mls_read_range_helper(&rt->target_range, fp); 1931 if (rc) 1932 goto bad; 1933 if (!mls_range_isvalid(p, &rt->target_range)) { 1934 printk(KERN_WARNING "security: rangetrans: invalid range\n"); 1935 goto bad; 1936 } 1937 lrt = rt; 1938 } 1939 } 1940 1941 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1942 if (!p->type_attr_map) 1943 goto bad; 1944 1945 for (i = 0; i < p->p_types.nprim; i++) { 1946 ebitmap_init(&p->type_attr_map[i]); 1947 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1948 if (ebitmap_read(&p->type_attr_map[i], fp)) 1949 goto bad; 1950 } 1951 /* add the type itself as the degenerate case */ 1952 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1953 goto bad; 1954 } 1955 1956 rc = 0; 1957 out: 1958 return rc; 1959 bad_newc: 1960 ocontext_destroy(newc,OCON_FSUSE); 1961 bad: 1962 if (!rc) 1963 rc = -EINVAL; 1964 policydb_destroy(p); 1965 goto out; 1966 } 1967