1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 { 147 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 148 .sym_num = SYM_NUM, 149 .ocon_num = OCON_NUM, 150 }, 151 }; 152 153 static struct policydb_compat_info *policydb_lookup_compat(int version) 154 { 155 int i; 156 struct policydb_compat_info *info = NULL; 157 158 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 159 if (policydb_compat[i].version == version) { 160 info = &policydb_compat[i]; 161 break; 162 } 163 } 164 return info; 165 } 166 167 /* 168 * Initialize the role table. 169 */ 170 static int roles_init(struct policydb *p) 171 { 172 char *key = NULL; 173 int rc; 174 struct role_datum *role; 175 176 rc = -ENOMEM; 177 role = kzalloc(sizeof(*role), GFP_KERNEL); 178 if (!role) 179 goto out; 180 181 rc = -EINVAL; 182 role->value = ++p->p_roles.nprim; 183 if (role->value != OBJECT_R_VAL) 184 goto out; 185 186 rc = -ENOMEM; 187 key = kstrdup(OBJECT_R, GFP_KERNEL); 188 if (!key) 189 goto out; 190 191 rc = hashtab_insert(p->p_roles.table, key, role); 192 if (rc) 193 goto out; 194 195 return 0; 196 out: 197 kfree(key); 198 kfree(role); 199 return rc; 200 } 201 202 static u32 filenametr_hash(struct hashtab *h, const void *k) 203 { 204 const struct filename_trans *ft = k; 205 unsigned long hash; 206 unsigned int byte_num; 207 unsigned char focus; 208 209 hash = ft->stype ^ ft->ttype ^ ft->tclass; 210 211 byte_num = 0; 212 while ((focus = ft->name[byte_num++])) 213 hash = partial_name_hash(focus, hash); 214 return hash & (h->size - 1); 215 } 216 217 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 218 { 219 const struct filename_trans *ft1 = k1; 220 const struct filename_trans *ft2 = k2; 221 int v; 222 223 v = ft1->stype - ft2->stype; 224 if (v) 225 return v; 226 227 v = ft1->ttype - ft2->ttype; 228 if (v) 229 return v; 230 231 v = ft1->tclass - ft2->tclass; 232 if (v) 233 return v; 234 235 return strcmp(ft1->name, ft2->name); 236 237 } 238 239 static u32 rangetr_hash(struct hashtab *h, const void *k) 240 { 241 const struct range_trans *key = k; 242 return (key->source_type + (key->target_type << 3) + 243 (key->target_class << 5)) & (h->size - 1); 244 } 245 246 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 247 { 248 const struct range_trans *key1 = k1, *key2 = k2; 249 int v; 250 251 v = key1->source_type - key2->source_type; 252 if (v) 253 return v; 254 255 v = key1->target_type - key2->target_type; 256 if (v) 257 return v; 258 259 v = key1->target_class - key2->target_class; 260 261 return v; 262 } 263 264 /* 265 * Initialize a policy database structure. 266 */ 267 static int policydb_init(struct policydb *p) 268 { 269 int i, rc; 270 271 memset(p, 0, sizeof(*p)); 272 273 for (i = 0; i < SYM_NUM; i++) { 274 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 275 if (rc) 276 goto out; 277 } 278 279 rc = avtab_init(&p->te_avtab); 280 if (rc) 281 goto out; 282 283 rc = roles_init(p); 284 if (rc) 285 goto out; 286 287 rc = cond_policydb_init(p); 288 if (rc) 289 goto out; 290 291 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 292 if (!p->filename_trans) 293 goto out; 294 295 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 296 if (!p->range_tr) 297 goto out; 298 299 ebitmap_init(&p->filename_trans_ttypes); 300 ebitmap_init(&p->policycaps); 301 ebitmap_init(&p->permissive_map); 302 303 return 0; 304 out: 305 hashtab_destroy(p->filename_trans); 306 hashtab_destroy(p->range_tr); 307 for (i = 0; i < SYM_NUM; i++) 308 hashtab_destroy(p->symtab[i].table); 309 return rc; 310 } 311 312 /* 313 * The following *_index functions are used to 314 * define the val_to_name and val_to_struct arrays 315 * in a policy database structure. The val_to_name 316 * arrays are used when converting security context 317 * structures into string representations. The 318 * val_to_struct arrays are used when the attributes 319 * of a class, role, or user are needed. 320 */ 321 322 static int common_index(void *key, void *datum, void *datap) 323 { 324 struct policydb *p; 325 struct common_datum *comdatum; 326 struct flex_array *fa; 327 328 comdatum = datum; 329 p = datap; 330 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 331 return -EINVAL; 332 333 fa = p->sym_val_to_name[SYM_COMMONS]; 334 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 335 GFP_KERNEL | __GFP_ZERO)) 336 BUG(); 337 return 0; 338 } 339 340 static int class_index(void *key, void *datum, void *datap) 341 { 342 struct policydb *p; 343 struct class_datum *cladatum; 344 struct flex_array *fa; 345 346 cladatum = datum; 347 p = datap; 348 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 349 return -EINVAL; 350 fa = p->sym_val_to_name[SYM_CLASSES]; 351 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 352 GFP_KERNEL | __GFP_ZERO)) 353 BUG(); 354 p->class_val_to_struct[cladatum->value - 1] = cladatum; 355 return 0; 356 } 357 358 static int role_index(void *key, void *datum, void *datap) 359 { 360 struct policydb *p; 361 struct role_datum *role; 362 struct flex_array *fa; 363 364 role = datum; 365 p = datap; 366 if (!role->value 367 || role->value > p->p_roles.nprim 368 || role->bounds > p->p_roles.nprim) 369 return -EINVAL; 370 371 fa = p->sym_val_to_name[SYM_ROLES]; 372 if (flex_array_put_ptr(fa, role->value - 1, key, 373 GFP_KERNEL | __GFP_ZERO)) 374 BUG(); 375 p->role_val_to_struct[role->value - 1] = role; 376 return 0; 377 } 378 379 static int type_index(void *key, void *datum, void *datap) 380 { 381 struct policydb *p; 382 struct type_datum *typdatum; 383 struct flex_array *fa; 384 385 typdatum = datum; 386 p = datap; 387 388 if (typdatum->primary) { 389 if (!typdatum->value 390 || typdatum->value > p->p_types.nprim 391 || typdatum->bounds > p->p_types.nprim) 392 return -EINVAL; 393 fa = p->sym_val_to_name[SYM_TYPES]; 394 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 395 GFP_KERNEL | __GFP_ZERO)) 396 BUG(); 397 398 fa = p->type_val_to_struct_array; 399 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 400 GFP_KERNEL | __GFP_ZERO)) 401 BUG(); 402 } 403 404 return 0; 405 } 406 407 static int user_index(void *key, void *datum, void *datap) 408 { 409 struct policydb *p; 410 struct user_datum *usrdatum; 411 struct flex_array *fa; 412 413 usrdatum = datum; 414 p = datap; 415 if (!usrdatum->value 416 || usrdatum->value > p->p_users.nprim 417 || usrdatum->bounds > p->p_users.nprim) 418 return -EINVAL; 419 420 fa = p->sym_val_to_name[SYM_USERS]; 421 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 422 GFP_KERNEL | __GFP_ZERO)) 423 BUG(); 424 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 425 return 0; 426 } 427 428 static int sens_index(void *key, void *datum, void *datap) 429 { 430 struct policydb *p; 431 struct level_datum *levdatum; 432 struct flex_array *fa; 433 434 levdatum = datum; 435 p = datap; 436 437 if (!levdatum->isalias) { 438 if (!levdatum->level->sens || 439 levdatum->level->sens > p->p_levels.nprim) 440 return -EINVAL; 441 fa = p->sym_val_to_name[SYM_LEVELS]; 442 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 443 GFP_KERNEL | __GFP_ZERO)) 444 BUG(); 445 } 446 447 return 0; 448 } 449 450 static int cat_index(void *key, void *datum, void *datap) 451 { 452 struct policydb *p; 453 struct cat_datum *catdatum; 454 struct flex_array *fa; 455 456 catdatum = datum; 457 p = datap; 458 459 if (!catdatum->isalias) { 460 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 461 return -EINVAL; 462 fa = p->sym_val_to_name[SYM_CATS]; 463 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 464 GFP_KERNEL | __GFP_ZERO)) 465 BUG(); 466 } 467 468 return 0; 469 } 470 471 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 472 { 473 common_index, 474 class_index, 475 role_index, 476 type_index, 477 user_index, 478 cond_index_bool, 479 sens_index, 480 cat_index, 481 }; 482 483 #ifdef DEBUG_HASHES 484 static void hash_eval(struct hashtab *h, const char *hash_name) 485 { 486 struct hashtab_info info; 487 488 hashtab_stat(h, &info); 489 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 490 "longest chain length %d\n", hash_name, h->nel, 491 info.slots_used, h->size, info.max_chain_len); 492 } 493 494 static void symtab_hash_eval(struct symtab *s) 495 { 496 int i; 497 498 for (i = 0; i < SYM_NUM; i++) 499 hash_eval(s[i].table, symtab_name[i]); 500 } 501 502 #else 503 static inline void hash_eval(struct hashtab *h, char *hash_name) 504 { 505 } 506 #endif 507 508 /* 509 * Define the other val_to_name and val_to_struct arrays 510 * in a policy database structure. 511 * 512 * Caller must clean up on failure. 513 */ 514 static int policydb_index(struct policydb *p) 515 { 516 int i, rc; 517 518 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 519 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 520 if (p->mls_enabled) 521 printk(", %d sens, %d cats", p->p_levels.nprim, 522 p->p_cats.nprim); 523 printk("\n"); 524 525 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 526 p->p_classes.nprim, p->te_avtab.nel); 527 528 #ifdef DEBUG_HASHES 529 avtab_hash_eval(&p->te_avtab, "rules"); 530 symtab_hash_eval(p->symtab); 531 #endif 532 533 rc = -ENOMEM; 534 p->class_val_to_struct = 535 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 536 GFP_KERNEL); 537 if (!p->class_val_to_struct) 538 goto out; 539 540 rc = -ENOMEM; 541 p->role_val_to_struct = 542 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 543 GFP_KERNEL); 544 if (!p->role_val_to_struct) 545 goto out; 546 547 rc = -ENOMEM; 548 p->user_val_to_struct = 549 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 550 GFP_KERNEL); 551 if (!p->user_val_to_struct) 552 goto out; 553 554 /* Yes, I want the sizeof the pointer, not the structure */ 555 rc = -ENOMEM; 556 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 557 p->p_types.nprim, 558 GFP_KERNEL | __GFP_ZERO); 559 if (!p->type_val_to_struct_array) 560 goto out; 561 562 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 563 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 564 if (rc) 565 goto out; 566 567 rc = cond_init_bool_indexes(p); 568 if (rc) 569 goto out; 570 571 for (i = 0; i < SYM_NUM; i++) { 572 rc = -ENOMEM; 573 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 574 p->symtab[i].nprim, 575 GFP_KERNEL | __GFP_ZERO); 576 if (!p->sym_val_to_name[i]) 577 goto out; 578 579 rc = flex_array_prealloc(p->sym_val_to_name[i], 580 0, p->symtab[i].nprim, 581 GFP_KERNEL | __GFP_ZERO); 582 if (rc) 583 goto out; 584 585 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 586 if (rc) 587 goto out; 588 } 589 rc = 0; 590 out: 591 return rc; 592 } 593 594 /* 595 * The following *_destroy functions are used to 596 * free any memory allocated for each kind of 597 * symbol data in the policy database. 598 */ 599 600 static int perm_destroy(void *key, void *datum, void *p) 601 { 602 kfree(key); 603 kfree(datum); 604 return 0; 605 } 606 607 static int common_destroy(void *key, void *datum, void *p) 608 { 609 struct common_datum *comdatum; 610 611 kfree(key); 612 if (datum) { 613 comdatum = datum; 614 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 615 hashtab_destroy(comdatum->permissions.table); 616 } 617 kfree(datum); 618 return 0; 619 } 620 621 static void constraint_expr_destroy(struct constraint_expr *expr) 622 { 623 if (expr) { 624 ebitmap_destroy(&expr->names); 625 if (expr->type_names) { 626 ebitmap_destroy(&expr->type_names->types); 627 ebitmap_destroy(&expr->type_names->negset); 628 kfree(expr->type_names); 629 } 630 kfree(expr); 631 } 632 } 633 634 static int cls_destroy(void *key, void *datum, void *p) 635 { 636 struct class_datum *cladatum; 637 struct constraint_node *constraint, *ctemp; 638 struct constraint_expr *e, *etmp; 639 640 kfree(key); 641 if (datum) { 642 cladatum = datum; 643 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 644 hashtab_destroy(cladatum->permissions.table); 645 constraint = cladatum->constraints; 646 while (constraint) { 647 e = constraint->expr; 648 while (e) { 649 etmp = e; 650 e = e->next; 651 constraint_expr_destroy(etmp); 652 } 653 ctemp = constraint; 654 constraint = constraint->next; 655 kfree(ctemp); 656 } 657 658 constraint = cladatum->validatetrans; 659 while (constraint) { 660 e = constraint->expr; 661 while (e) { 662 etmp = e; 663 e = e->next; 664 constraint_expr_destroy(etmp); 665 } 666 ctemp = constraint; 667 constraint = constraint->next; 668 kfree(ctemp); 669 } 670 kfree(cladatum->comkey); 671 } 672 kfree(datum); 673 return 0; 674 } 675 676 static int role_destroy(void *key, void *datum, void *p) 677 { 678 struct role_datum *role; 679 680 kfree(key); 681 if (datum) { 682 role = datum; 683 ebitmap_destroy(&role->dominates); 684 ebitmap_destroy(&role->types); 685 } 686 kfree(datum); 687 return 0; 688 } 689 690 static int type_destroy(void *key, void *datum, void *p) 691 { 692 kfree(key); 693 kfree(datum); 694 return 0; 695 } 696 697 static int user_destroy(void *key, void *datum, void *p) 698 { 699 struct user_datum *usrdatum; 700 701 kfree(key); 702 if (datum) { 703 usrdatum = datum; 704 ebitmap_destroy(&usrdatum->roles); 705 ebitmap_destroy(&usrdatum->range.level[0].cat); 706 ebitmap_destroy(&usrdatum->range.level[1].cat); 707 ebitmap_destroy(&usrdatum->dfltlevel.cat); 708 } 709 kfree(datum); 710 return 0; 711 } 712 713 static int sens_destroy(void *key, void *datum, void *p) 714 { 715 struct level_datum *levdatum; 716 717 kfree(key); 718 if (datum) { 719 levdatum = datum; 720 ebitmap_destroy(&levdatum->level->cat); 721 kfree(levdatum->level); 722 } 723 kfree(datum); 724 return 0; 725 } 726 727 static int cat_destroy(void *key, void *datum, void *p) 728 { 729 kfree(key); 730 kfree(datum); 731 return 0; 732 } 733 734 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 735 { 736 common_destroy, 737 cls_destroy, 738 role_destroy, 739 type_destroy, 740 user_destroy, 741 cond_destroy_bool, 742 sens_destroy, 743 cat_destroy, 744 }; 745 746 static int filenametr_destroy(void *key, void *datum, void *p) 747 { 748 struct filename_trans *ft = key; 749 kfree(ft->name); 750 kfree(key); 751 kfree(datum); 752 cond_resched(); 753 return 0; 754 } 755 756 static int range_tr_destroy(void *key, void *datum, void *p) 757 { 758 struct mls_range *rt = datum; 759 kfree(key); 760 ebitmap_destroy(&rt->level[0].cat); 761 ebitmap_destroy(&rt->level[1].cat); 762 kfree(datum); 763 cond_resched(); 764 return 0; 765 } 766 767 static void ocontext_destroy(struct ocontext *c, int i) 768 { 769 if (!c) 770 return; 771 772 context_destroy(&c->context[0]); 773 context_destroy(&c->context[1]); 774 if (i == OCON_ISID || i == OCON_FS || 775 i == OCON_NETIF || i == OCON_FSUSE) 776 kfree(c->u.name); 777 kfree(c); 778 } 779 780 /* 781 * Free any memory allocated by a policy database structure. 782 */ 783 void policydb_destroy(struct policydb *p) 784 { 785 struct ocontext *c, *ctmp; 786 struct genfs *g, *gtmp; 787 int i; 788 struct role_allow *ra, *lra = NULL; 789 struct role_trans *tr, *ltr = NULL; 790 791 for (i = 0; i < SYM_NUM; i++) { 792 cond_resched(); 793 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 794 hashtab_destroy(p->symtab[i].table); 795 } 796 797 for (i = 0; i < SYM_NUM; i++) { 798 if (p->sym_val_to_name[i]) 799 flex_array_free(p->sym_val_to_name[i]); 800 } 801 802 kfree(p->class_val_to_struct); 803 kfree(p->role_val_to_struct); 804 kfree(p->user_val_to_struct); 805 if (p->type_val_to_struct_array) 806 flex_array_free(p->type_val_to_struct_array); 807 808 avtab_destroy(&p->te_avtab); 809 810 for (i = 0; i < OCON_NUM; i++) { 811 cond_resched(); 812 c = p->ocontexts[i]; 813 while (c) { 814 ctmp = c; 815 c = c->next; 816 ocontext_destroy(ctmp, i); 817 } 818 p->ocontexts[i] = NULL; 819 } 820 821 g = p->genfs; 822 while (g) { 823 cond_resched(); 824 kfree(g->fstype); 825 c = g->head; 826 while (c) { 827 ctmp = c; 828 c = c->next; 829 ocontext_destroy(ctmp, OCON_FSUSE); 830 } 831 gtmp = g; 832 g = g->next; 833 kfree(gtmp); 834 } 835 p->genfs = NULL; 836 837 cond_policydb_destroy(p); 838 839 for (tr = p->role_tr; tr; tr = tr->next) { 840 cond_resched(); 841 kfree(ltr); 842 ltr = tr; 843 } 844 kfree(ltr); 845 846 for (ra = p->role_allow; ra; ra = ra->next) { 847 cond_resched(); 848 kfree(lra); 849 lra = ra; 850 } 851 kfree(lra); 852 853 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 854 hashtab_destroy(p->filename_trans); 855 856 hashtab_map(p->range_tr, range_tr_destroy, NULL); 857 hashtab_destroy(p->range_tr); 858 859 if (p->type_attr_map_array) { 860 for (i = 0; i < p->p_types.nprim; i++) { 861 struct ebitmap *e; 862 863 e = flex_array_get(p->type_attr_map_array, i); 864 if (!e) 865 continue; 866 ebitmap_destroy(e); 867 } 868 flex_array_free(p->type_attr_map_array); 869 } 870 871 ebitmap_destroy(&p->filename_trans_ttypes); 872 ebitmap_destroy(&p->policycaps); 873 ebitmap_destroy(&p->permissive_map); 874 875 return; 876 } 877 878 /* 879 * Load the initial SIDs specified in a policy database 880 * structure into a SID table. 881 */ 882 int policydb_load_isids(struct policydb *p, struct sidtab *s) 883 { 884 struct ocontext *head, *c; 885 int rc; 886 887 rc = sidtab_init(s); 888 if (rc) { 889 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 890 goto out; 891 } 892 893 head = p->ocontexts[OCON_ISID]; 894 for (c = head; c; c = c->next) { 895 rc = -EINVAL; 896 if (!c->context[0].user) { 897 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 898 c->u.name); 899 goto out; 900 } 901 902 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 903 if (rc) { 904 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 905 c->u.name); 906 goto out; 907 } 908 } 909 rc = 0; 910 out: 911 return rc; 912 } 913 914 int policydb_class_isvalid(struct policydb *p, unsigned int class) 915 { 916 if (!class || class > p->p_classes.nprim) 917 return 0; 918 return 1; 919 } 920 921 int policydb_role_isvalid(struct policydb *p, unsigned int role) 922 { 923 if (!role || role > p->p_roles.nprim) 924 return 0; 925 return 1; 926 } 927 928 int policydb_type_isvalid(struct policydb *p, unsigned int type) 929 { 930 if (!type || type > p->p_types.nprim) 931 return 0; 932 return 1; 933 } 934 935 /* 936 * Return 1 if the fields in the security context 937 * structure `c' are valid. Return 0 otherwise. 938 */ 939 int policydb_context_isvalid(struct policydb *p, struct context *c) 940 { 941 struct role_datum *role; 942 struct user_datum *usrdatum; 943 944 if (!c->role || c->role > p->p_roles.nprim) 945 return 0; 946 947 if (!c->user || c->user > p->p_users.nprim) 948 return 0; 949 950 if (!c->type || c->type > p->p_types.nprim) 951 return 0; 952 953 if (c->role != OBJECT_R_VAL) { 954 /* 955 * Role must be authorized for the type. 956 */ 957 role = p->role_val_to_struct[c->role - 1]; 958 if (!ebitmap_get_bit(&role->types, c->type - 1)) 959 /* role may not be associated with type */ 960 return 0; 961 962 /* 963 * User must be authorized for the role. 964 */ 965 usrdatum = p->user_val_to_struct[c->user - 1]; 966 if (!usrdatum) 967 return 0; 968 969 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 970 /* user may not be associated with role */ 971 return 0; 972 } 973 974 if (!mls_context_isvalid(p, c)) 975 return 0; 976 977 return 1; 978 } 979 980 /* 981 * Read a MLS range structure from a policydb binary 982 * representation file. 983 */ 984 static int mls_read_range_helper(struct mls_range *r, void *fp) 985 { 986 __le32 buf[2]; 987 u32 items; 988 int rc; 989 990 rc = next_entry(buf, fp, sizeof(u32)); 991 if (rc) 992 goto out; 993 994 rc = -EINVAL; 995 items = le32_to_cpu(buf[0]); 996 if (items > ARRAY_SIZE(buf)) { 997 printk(KERN_ERR "SELinux: mls: range overflow\n"); 998 goto out; 999 } 1000 1001 rc = next_entry(buf, fp, sizeof(u32) * items); 1002 if (rc) { 1003 printk(KERN_ERR "SELinux: mls: truncated range\n"); 1004 goto out; 1005 } 1006 1007 r->level[0].sens = le32_to_cpu(buf[0]); 1008 if (items > 1) 1009 r->level[1].sens = le32_to_cpu(buf[1]); 1010 else 1011 r->level[1].sens = r->level[0].sens; 1012 1013 rc = ebitmap_read(&r->level[0].cat, fp); 1014 if (rc) { 1015 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1016 goto out; 1017 } 1018 if (items > 1) { 1019 rc = ebitmap_read(&r->level[1].cat, fp); 1020 if (rc) { 1021 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1022 goto bad_high; 1023 } 1024 } else { 1025 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1026 if (rc) { 1027 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1028 goto bad_high; 1029 } 1030 } 1031 1032 return 0; 1033 bad_high: 1034 ebitmap_destroy(&r->level[0].cat); 1035 out: 1036 return rc; 1037 } 1038 1039 /* 1040 * Read and validate a security context structure 1041 * from a policydb binary representation file. 1042 */ 1043 static int context_read_and_validate(struct context *c, 1044 struct policydb *p, 1045 void *fp) 1046 { 1047 __le32 buf[3]; 1048 int rc; 1049 1050 rc = next_entry(buf, fp, sizeof buf); 1051 if (rc) { 1052 printk(KERN_ERR "SELinux: context truncated\n"); 1053 goto out; 1054 } 1055 c->user = le32_to_cpu(buf[0]); 1056 c->role = le32_to_cpu(buf[1]); 1057 c->type = le32_to_cpu(buf[2]); 1058 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1059 rc = mls_read_range_helper(&c->range, fp); 1060 if (rc) { 1061 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1062 goto out; 1063 } 1064 } 1065 1066 rc = -EINVAL; 1067 if (!policydb_context_isvalid(p, c)) { 1068 printk(KERN_ERR "SELinux: invalid security context\n"); 1069 context_destroy(c); 1070 goto out; 1071 } 1072 rc = 0; 1073 out: 1074 return rc; 1075 } 1076 1077 /* 1078 * The following *_read functions are used to 1079 * read the symbol data from a policy database 1080 * binary representation file. 1081 */ 1082 1083 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1084 { 1085 char *key = NULL; 1086 struct perm_datum *perdatum; 1087 int rc; 1088 __le32 buf[2]; 1089 u32 len; 1090 1091 rc = -ENOMEM; 1092 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1093 if (!perdatum) 1094 goto bad; 1095 1096 rc = next_entry(buf, fp, sizeof buf); 1097 if (rc) 1098 goto bad; 1099 1100 len = le32_to_cpu(buf[0]); 1101 perdatum->value = le32_to_cpu(buf[1]); 1102 1103 rc = -ENOMEM; 1104 key = kmalloc(len + 1, GFP_KERNEL); 1105 if (!key) 1106 goto bad; 1107 1108 rc = next_entry(key, fp, len); 1109 if (rc) 1110 goto bad; 1111 key[len] = '\0'; 1112 1113 rc = hashtab_insert(h, key, perdatum); 1114 if (rc) 1115 goto bad; 1116 1117 return 0; 1118 bad: 1119 perm_destroy(key, perdatum, NULL); 1120 return rc; 1121 } 1122 1123 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1124 { 1125 char *key = NULL; 1126 struct common_datum *comdatum; 1127 __le32 buf[4]; 1128 u32 len, nel; 1129 int i, rc; 1130 1131 rc = -ENOMEM; 1132 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1133 if (!comdatum) 1134 goto bad; 1135 1136 rc = next_entry(buf, fp, sizeof buf); 1137 if (rc) 1138 goto bad; 1139 1140 len = le32_to_cpu(buf[0]); 1141 comdatum->value = le32_to_cpu(buf[1]); 1142 1143 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1144 if (rc) 1145 goto bad; 1146 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1147 nel = le32_to_cpu(buf[3]); 1148 1149 rc = -ENOMEM; 1150 key = kmalloc(len + 1, GFP_KERNEL); 1151 if (!key) 1152 goto bad; 1153 1154 rc = next_entry(key, fp, len); 1155 if (rc) 1156 goto bad; 1157 key[len] = '\0'; 1158 1159 for (i = 0; i < nel; i++) { 1160 rc = perm_read(p, comdatum->permissions.table, fp); 1161 if (rc) 1162 goto bad; 1163 } 1164 1165 rc = hashtab_insert(h, key, comdatum); 1166 if (rc) 1167 goto bad; 1168 return 0; 1169 bad: 1170 common_destroy(key, comdatum, NULL); 1171 return rc; 1172 } 1173 1174 static void type_set_init(struct type_set *t) 1175 { 1176 ebitmap_init(&t->types); 1177 ebitmap_init(&t->negset); 1178 } 1179 1180 static int type_set_read(struct type_set *t, void *fp) 1181 { 1182 __le32 buf[1]; 1183 int rc; 1184 1185 if (ebitmap_read(&t->types, fp)) 1186 return -EINVAL; 1187 if (ebitmap_read(&t->negset, fp)) 1188 return -EINVAL; 1189 1190 rc = next_entry(buf, fp, sizeof(u32)); 1191 if (rc < 0) 1192 return -EINVAL; 1193 t->flags = le32_to_cpu(buf[0]); 1194 1195 return 0; 1196 } 1197 1198 1199 static int read_cons_helper(struct policydb *p, 1200 struct constraint_node **nodep, 1201 int ncons, int allowxtarget, void *fp) 1202 { 1203 struct constraint_node *c, *lc; 1204 struct constraint_expr *e, *le; 1205 __le32 buf[3]; 1206 u32 nexpr; 1207 int rc, i, j, depth; 1208 1209 lc = NULL; 1210 for (i = 0; i < ncons; i++) { 1211 c = kzalloc(sizeof(*c), GFP_KERNEL); 1212 if (!c) 1213 return -ENOMEM; 1214 1215 if (lc) 1216 lc->next = c; 1217 else 1218 *nodep = c; 1219 1220 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1221 if (rc) 1222 return rc; 1223 c->permissions = le32_to_cpu(buf[0]); 1224 nexpr = le32_to_cpu(buf[1]); 1225 le = NULL; 1226 depth = -1; 1227 for (j = 0; j < nexpr; j++) { 1228 e = kzalloc(sizeof(*e), GFP_KERNEL); 1229 if (!e) 1230 return -ENOMEM; 1231 1232 if (le) 1233 le->next = e; 1234 else 1235 c->expr = e; 1236 1237 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1238 if (rc) 1239 return rc; 1240 e->expr_type = le32_to_cpu(buf[0]); 1241 e->attr = le32_to_cpu(buf[1]); 1242 e->op = le32_to_cpu(buf[2]); 1243 1244 switch (e->expr_type) { 1245 case CEXPR_NOT: 1246 if (depth < 0) 1247 return -EINVAL; 1248 break; 1249 case CEXPR_AND: 1250 case CEXPR_OR: 1251 if (depth < 1) 1252 return -EINVAL; 1253 depth--; 1254 break; 1255 case CEXPR_ATTR: 1256 if (depth == (CEXPR_MAXDEPTH - 1)) 1257 return -EINVAL; 1258 depth++; 1259 break; 1260 case CEXPR_NAMES: 1261 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1262 return -EINVAL; 1263 if (depth == (CEXPR_MAXDEPTH - 1)) 1264 return -EINVAL; 1265 depth++; 1266 rc = ebitmap_read(&e->names, fp); 1267 if (rc) 1268 return rc; 1269 if (p->policyvers >= 1270 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1271 e->type_names = kzalloc(sizeof 1272 (*e->type_names), 1273 GFP_KERNEL); 1274 if (!e->type_names) 1275 return -ENOMEM; 1276 type_set_init(e->type_names); 1277 rc = type_set_read(e->type_names, fp); 1278 if (rc) 1279 return rc; 1280 } 1281 break; 1282 default: 1283 return -EINVAL; 1284 } 1285 le = e; 1286 } 1287 if (depth != 0) 1288 return -EINVAL; 1289 lc = c; 1290 } 1291 1292 return 0; 1293 } 1294 1295 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1296 { 1297 char *key = NULL; 1298 struct class_datum *cladatum; 1299 __le32 buf[6]; 1300 u32 len, len2, ncons, nel; 1301 int i, rc; 1302 1303 rc = -ENOMEM; 1304 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1305 if (!cladatum) 1306 goto bad; 1307 1308 rc = next_entry(buf, fp, sizeof(u32)*6); 1309 if (rc) 1310 goto bad; 1311 1312 len = le32_to_cpu(buf[0]); 1313 len2 = le32_to_cpu(buf[1]); 1314 cladatum->value = le32_to_cpu(buf[2]); 1315 1316 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1317 if (rc) 1318 goto bad; 1319 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1320 nel = le32_to_cpu(buf[4]); 1321 1322 ncons = le32_to_cpu(buf[5]); 1323 1324 rc = -ENOMEM; 1325 key = kmalloc(len + 1, GFP_KERNEL); 1326 if (!key) 1327 goto bad; 1328 1329 rc = next_entry(key, fp, len); 1330 if (rc) 1331 goto bad; 1332 key[len] = '\0'; 1333 1334 if (len2) { 1335 rc = -ENOMEM; 1336 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1337 if (!cladatum->comkey) 1338 goto bad; 1339 rc = next_entry(cladatum->comkey, fp, len2); 1340 if (rc) 1341 goto bad; 1342 cladatum->comkey[len2] = '\0'; 1343 1344 rc = -EINVAL; 1345 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1346 if (!cladatum->comdatum) { 1347 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1348 goto bad; 1349 } 1350 } 1351 for (i = 0; i < nel; i++) { 1352 rc = perm_read(p, cladatum->permissions.table, fp); 1353 if (rc) 1354 goto bad; 1355 } 1356 1357 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1358 if (rc) 1359 goto bad; 1360 1361 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1362 /* grab the validatetrans rules */ 1363 rc = next_entry(buf, fp, sizeof(u32)); 1364 if (rc) 1365 goto bad; 1366 ncons = le32_to_cpu(buf[0]); 1367 rc = read_cons_helper(p, &cladatum->validatetrans, 1368 ncons, 1, fp); 1369 if (rc) 1370 goto bad; 1371 } 1372 1373 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1374 rc = next_entry(buf, fp, sizeof(u32) * 3); 1375 if (rc) 1376 goto bad; 1377 1378 cladatum->default_user = le32_to_cpu(buf[0]); 1379 cladatum->default_role = le32_to_cpu(buf[1]); 1380 cladatum->default_range = le32_to_cpu(buf[2]); 1381 } 1382 1383 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1384 rc = next_entry(buf, fp, sizeof(u32) * 1); 1385 if (rc) 1386 goto bad; 1387 cladatum->default_type = le32_to_cpu(buf[0]); 1388 } 1389 1390 rc = hashtab_insert(h, key, cladatum); 1391 if (rc) 1392 goto bad; 1393 1394 return 0; 1395 bad: 1396 cls_destroy(key, cladatum, NULL); 1397 return rc; 1398 } 1399 1400 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1401 { 1402 char *key = NULL; 1403 struct role_datum *role; 1404 int rc, to_read = 2; 1405 __le32 buf[3]; 1406 u32 len; 1407 1408 rc = -ENOMEM; 1409 role = kzalloc(sizeof(*role), GFP_KERNEL); 1410 if (!role) 1411 goto bad; 1412 1413 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1414 to_read = 3; 1415 1416 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1417 if (rc) 1418 goto bad; 1419 1420 len = le32_to_cpu(buf[0]); 1421 role->value = le32_to_cpu(buf[1]); 1422 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1423 role->bounds = le32_to_cpu(buf[2]); 1424 1425 rc = -ENOMEM; 1426 key = kmalloc(len + 1, GFP_KERNEL); 1427 if (!key) 1428 goto bad; 1429 1430 rc = next_entry(key, fp, len); 1431 if (rc) 1432 goto bad; 1433 key[len] = '\0'; 1434 1435 rc = ebitmap_read(&role->dominates, fp); 1436 if (rc) 1437 goto bad; 1438 1439 rc = ebitmap_read(&role->types, fp); 1440 if (rc) 1441 goto bad; 1442 1443 if (strcmp(key, OBJECT_R) == 0) { 1444 rc = -EINVAL; 1445 if (role->value != OBJECT_R_VAL) { 1446 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1447 OBJECT_R, role->value); 1448 goto bad; 1449 } 1450 rc = 0; 1451 goto bad; 1452 } 1453 1454 rc = hashtab_insert(h, key, role); 1455 if (rc) 1456 goto bad; 1457 return 0; 1458 bad: 1459 role_destroy(key, role, NULL); 1460 return rc; 1461 } 1462 1463 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1464 { 1465 char *key = NULL; 1466 struct type_datum *typdatum; 1467 int rc, to_read = 3; 1468 __le32 buf[4]; 1469 u32 len; 1470 1471 rc = -ENOMEM; 1472 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1473 if (!typdatum) 1474 goto bad; 1475 1476 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1477 to_read = 4; 1478 1479 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1480 if (rc) 1481 goto bad; 1482 1483 len = le32_to_cpu(buf[0]); 1484 typdatum->value = le32_to_cpu(buf[1]); 1485 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1486 u32 prop = le32_to_cpu(buf[2]); 1487 1488 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1489 typdatum->primary = 1; 1490 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1491 typdatum->attribute = 1; 1492 1493 typdatum->bounds = le32_to_cpu(buf[3]); 1494 } else { 1495 typdatum->primary = le32_to_cpu(buf[2]); 1496 } 1497 1498 rc = -ENOMEM; 1499 key = kmalloc(len + 1, GFP_KERNEL); 1500 if (!key) 1501 goto bad; 1502 rc = next_entry(key, fp, len); 1503 if (rc) 1504 goto bad; 1505 key[len] = '\0'; 1506 1507 rc = hashtab_insert(h, key, typdatum); 1508 if (rc) 1509 goto bad; 1510 return 0; 1511 bad: 1512 type_destroy(key, typdatum, NULL); 1513 return rc; 1514 } 1515 1516 1517 /* 1518 * Read a MLS level structure from a policydb binary 1519 * representation file. 1520 */ 1521 static int mls_read_level(struct mls_level *lp, void *fp) 1522 { 1523 __le32 buf[1]; 1524 int rc; 1525 1526 memset(lp, 0, sizeof(*lp)); 1527 1528 rc = next_entry(buf, fp, sizeof buf); 1529 if (rc) { 1530 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1531 return rc; 1532 } 1533 lp->sens = le32_to_cpu(buf[0]); 1534 1535 rc = ebitmap_read(&lp->cat, fp); 1536 if (rc) { 1537 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1538 return rc; 1539 } 1540 return 0; 1541 } 1542 1543 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1544 { 1545 char *key = NULL; 1546 struct user_datum *usrdatum; 1547 int rc, to_read = 2; 1548 __le32 buf[3]; 1549 u32 len; 1550 1551 rc = -ENOMEM; 1552 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1553 if (!usrdatum) 1554 goto bad; 1555 1556 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1557 to_read = 3; 1558 1559 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1560 if (rc) 1561 goto bad; 1562 1563 len = le32_to_cpu(buf[0]); 1564 usrdatum->value = le32_to_cpu(buf[1]); 1565 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1566 usrdatum->bounds = le32_to_cpu(buf[2]); 1567 1568 rc = -ENOMEM; 1569 key = kmalloc(len + 1, GFP_KERNEL); 1570 if (!key) 1571 goto bad; 1572 rc = next_entry(key, fp, len); 1573 if (rc) 1574 goto bad; 1575 key[len] = '\0'; 1576 1577 rc = ebitmap_read(&usrdatum->roles, fp); 1578 if (rc) 1579 goto bad; 1580 1581 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1582 rc = mls_read_range_helper(&usrdatum->range, fp); 1583 if (rc) 1584 goto bad; 1585 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1586 if (rc) 1587 goto bad; 1588 } 1589 1590 rc = hashtab_insert(h, key, usrdatum); 1591 if (rc) 1592 goto bad; 1593 return 0; 1594 bad: 1595 user_destroy(key, usrdatum, NULL); 1596 return rc; 1597 } 1598 1599 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1600 { 1601 char *key = NULL; 1602 struct level_datum *levdatum; 1603 int rc; 1604 __le32 buf[2]; 1605 u32 len; 1606 1607 rc = -ENOMEM; 1608 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1609 if (!levdatum) 1610 goto bad; 1611 1612 rc = next_entry(buf, fp, sizeof buf); 1613 if (rc) 1614 goto bad; 1615 1616 len = le32_to_cpu(buf[0]); 1617 levdatum->isalias = le32_to_cpu(buf[1]); 1618 1619 rc = -ENOMEM; 1620 key = kmalloc(len + 1, GFP_ATOMIC); 1621 if (!key) 1622 goto bad; 1623 rc = next_entry(key, fp, len); 1624 if (rc) 1625 goto bad; 1626 key[len] = '\0'; 1627 1628 rc = -ENOMEM; 1629 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1630 if (!levdatum->level) 1631 goto bad; 1632 1633 rc = mls_read_level(levdatum->level, fp); 1634 if (rc) 1635 goto bad; 1636 1637 rc = hashtab_insert(h, key, levdatum); 1638 if (rc) 1639 goto bad; 1640 return 0; 1641 bad: 1642 sens_destroy(key, levdatum, NULL); 1643 return rc; 1644 } 1645 1646 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1647 { 1648 char *key = NULL; 1649 struct cat_datum *catdatum; 1650 int rc; 1651 __le32 buf[3]; 1652 u32 len; 1653 1654 rc = -ENOMEM; 1655 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1656 if (!catdatum) 1657 goto bad; 1658 1659 rc = next_entry(buf, fp, sizeof buf); 1660 if (rc) 1661 goto bad; 1662 1663 len = le32_to_cpu(buf[0]); 1664 catdatum->value = le32_to_cpu(buf[1]); 1665 catdatum->isalias = le32_to_cpu(buf[2]); 1666 1667 rc = -ENOMEM; 1668 key = kmalloc(len + 1, GFP_ATOMIC); 1669 if (!key) 1670 goto bad; 1671 rc = next_entry(key, fp, len); 1672 if (rc) 1673 goto bad; 1674 key[len] = '\0'; 1675 1676 rc = hashtab_insert(h, key, catdatum); 1677 if (rc) 1678 goto bad; 1679 return 0; 1680 bad: 1681 cat_destroy(key, catdatum, NULL); 1682 return rc; 1683 } 1684 1685 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1686 { 1687 common_read, 1688 class_read, 1689 role_read, 1690 type_read, 1691 user_read, 1692 cond_read_bool, 1693 sens_read, 1694 cat_read, 1695 }; 1696 1697 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1698 { 1699 struct user_datum *upper, *user; 1700 struct policydb *p = datap; 1701 int depth = 0; 1702 1703 upper = user = datum; 1704 while (upper->bounds) { 1705 struct ebitmap_node *node; 1706 unsigned long bit; 1707 1708 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1709 printk(KERN_ERR "SELinux: user %s: " 1710 "too deep or looped boundary", 1711 (char *) key); 1712 return -EINVAL; 1713 } 1714 1715 upper = p->user_val_to_struct[upper->bounds - 1]; 1716 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1717 if (ebitmap_get_bit(&upper->roles, bit)) 1718 continue; 1719 1720 printk(KERN_ERR 1721 "SELinux: boundary violated policy: " 1722 "user=%s role=%s bounds=%s\n", 1723 sym_name(p, SYM_USERS, user->value - 1), 1724 sym_name(p, SYM_ROLES, bit), 1725 sym_name(p, SYM_USERS, upper->value - 1)); 1726 1727 return -EINVAL; 1728 } 1729 } 1730 1731 return 0; 1732 } 1733 1734 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1735 { 1736 struct role_datum *upper, *role; 1737 struct policydb *p = datap; 1738 int depth = 0; 1739 1740 upper = role = datum; 1741 while (upper->bounds) { 1742 struct ebitmap_node *node; 1743 unsigned long bit; 1744 1745 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1746 printk(KERN_ERR "SELinux: role %s: " 1747 "too deep or looped bounds\n", 1748 (char *) key); 1749 return -EINVAL; 1750 } 1751 1752 upper = p->role_val_to_struct[upper->bounds - 1]; 1753 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1754 if (ebitmap_get_bit(&upper->types, bit)) 1755 continue; 1756 1757 printk(KERN_ERR 1758 "SELinux: boundary violated policy: " 1759 "role=%s type=%s bounds=%s\n", 1760 sym_name(p, SYM_ROLES, role->value - 1), 1761 sym_name(p, SYM_TYPES, bit), 1762 sym_name(p, SYM_ROLES, upper->value - 1)); 1763 1764 return -EINVAL; 1765 } 1766 } 1767 1768 return 0; 1769 } 1770 1771 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1772 { 1773 struct type_datum *upper; 1774 struct policydb *p = datap; 1775 int depth = 0; 1776 1777 upper = datum; 1778 while (upper->bounds) { 1779 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1780 printk(KERN_ERR "SELinux: type %s: " 1781 "too deep or looped boundary\n", 1782 (char *) key); 1783 return -EINVAL; 1784 } 1785 1786 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1787 upper->bounds - 1); 1788 BUG_ON(!upper); 1789 1790 if (upper->attribute) { 1791 printk(KERN_ERR "SELinux: type %s: " 1792 "bounded by attribute %s", 1793 (char *) key, 1794 sym_name(p, SYM_TYPES, upper->value - 1)); 1795 return -EINVAL; 1796 } 1797 } 1798 1799 return 0; 1800 } 1801 1802 static int policydb_bounds_sanity_check(struct policydb *p) 1803 { 1804 int rc; 1805 1806 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1807 return 0; 1808 1809 rc = hashtab_map(p->p_users.table, 1810 user_bounds_sanity_check, p); 1811 if (rc) 1812 return rc; 1813 1814 rc = hashtab_map(p->p_roles.table, 1815 role_bounds_sanity_check, p); 1816 if (rc) 1817 return rc; 1818 1819 rc = hashtab_map(p->p_types.table, 1820 type_bounds_sanity_check, p); 1821 if (rc) 1822 return rc; 1823 1824 return 0; 1825 } 1826 1827 u16 string_to_security_class(struct policydb *p, const char *name) 1828 { 1829 struct class_datum *cladatum; 1830 1831 cladatum = hashtab_search(p->p_classes.table, name); 1832 if (!cladatum) 1833 return 0; 1834 1835 return cladatum->value; 1836 } 1837 1838 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1839 { 1840 struct class_datum *cladatum; 1841 struct perm_datum *perdatum = NULL; 1842 struct common_datum *comdatum; 1843 1844 if (!tclass || tclass > p->p_classes.nprim) 1845 return 0; 1846 1847 cladatum = p->class_val_to_struct[tclass-1]; 1848 comdatum = cladatum->comdatum; 1849 if (comdatum) 1850 perdatum = hashtab_search(comdatum->permissions.table, 1851 name); 1852 if (!perdatum) 1853 perdatum = hashtab_search(cladatum->permissions.table, 1854 name); 1855 if (!perdatum) 1856 return 0; 1857 1858 return 1U << (perdatum->value-1); 1859 } 1860 1861 static int range_read(struct policydb *p, void *fp) 1862 { 1863 struct range_trans *rt = NULL; 1864 struct mls_range *r = NULL; 1865 int i, rc; 1866 __le32 buf[2]; 1867 u32 nel; 1868 1869 if (p->policyvers < POLICYDB_VERSION_MLS) 1870 return 0; 1871 1872 rc = next_entry(buf, fp, sizeof(u32)); 1873 if (rc) 1874 goto out; 1875 1876 nel = le32_to_cpu(buf[0]); 1877 for (i = 0; i < nel; i++) { 1878 rc = -ENOMEM; 1879 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1880 if (!rt) 1881 goto out; 1882 1883 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1884 if (rc) 1885 goto out; 1886 1887 rt->source_type = le32_to_cpu(buf[0]); 1888 rt->target_type = le32_to_cpu(buf[1]); 1889 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1890 rc = next_entry(buf, fp, sizeof(u32)); 1891 if (rc) 1892 goto out; 1893 rt->target_class = le32_to_cpu(buf[0]); 1894 } else 1895 rt->target_class = p->process_class; 1896 1897 rc = -EINVAL; 1898 if (!policydb_type_isvalid(p, rt->source_type) || 1899 !policydb_type_isvalid(p, rt->target_type) || 1900 !policydb_class_isvalid(p, rt->target_class)) 1901 goto out; 1902 1903 rc = -ENOMEM; 1904 r = kzalloc(sizeof(*r), GFP_KERNEL); 1905 if (!r) 1906 goto out; 1907 1908 rc = mls_read_range_helper(r, fp); 1909 if (rc) 1910 goto out; 1911 1912 rc = -EINVAL; 1913 if (!mls_range_isvalid(p, r)) { 1914 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1915 goto out; 1916 } 1917 1918 rc = hashtab_insert(p->range_tr, rt, r); 1919 if (rc) 1920 goto out; 1921 1922 rt = NULL; 1923 r = NULL; 1924 } 1925 hash_eval(p->range_tr, "rangetr"); 1926 rc = 0; 1927 out: 1928 kfree(rt); 1929 kfree(r); 1930 return rc; 1931 } 1932 1933 static int filename_trans_read(struct policydb *p, void *fp) 1934 { 1935 struct filename_trans *ft; 1936 struct filename_trans_datum *otype; 1937 char *name; 1938 u32 nel, len; 1939 __le32 buf[4]; 1940 int rc, i; 1941 1942 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1943 return 0; 1944 1945 rc = next_entry(buf, fp, sizeof(u32)); 1946 if (rc) 1947 return rc; 1948 nel = le32_to_cpu(buf[0]); 1949 1950 for (i = 0; i < nel; i++) { 1951 ft = NULL; 1952 otype = NULL; 1953 name = NULL; 1954 1955 rc = -ENOMEM; 1956 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1957 if (!ft) 1958 goto out; 1959 1960 rc = -ENOMEM; 1961 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1962 if (!otype) 1963 goto out; 1964 1965 /* length of the path component string */ 1966 rc = next_entry(buf, fp, sizeof(u32)); 1967 if (rc) 1968 goto out; 1969 len = le32_to_cpu(buf[0]); 1970 1971 rc = -ENOMEM; 1972 name = kmalloc(len + 1, GFP_KERNEL); 1973 if (!name) 1974 goto out; 1975 1976 ft->name = name; 1977 1978 /* path component string */ 1979 rc = next_entry(name, fp, len); 1980 if (rc) 1981 goto out; 1982 name[len] = 0; 1983 1984 rc = next_entry(buf, fp, sizeof(u32) * 4); 1985 if (rc) 1986 goto out; 1987 1988 ft->stype = le32_to_cpu(buf[0]); 1989 ft->ttype = le32_to_cpu(buf[1]); 1990 ft->tclass = le32_to_cpu(buf[2]); 1991 1992 otype->otype = le32_to_cpu(buf[3]); 1993 1994 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1995 if (rc) 1996 goto out; 1997 1998 rc = hashtab_insert(p->filename_trans, ft, otype); 1999 if (rc) { 2000 /* 2001 * Do not return -EEXIST to the caller, or the system 2002 * will not boot. 2003 */ 2004 if (rc != -EEXIST) 2005 goto out; 2006 /* But free memory to avoid memory leak. */ 2007 kfree(ft); 2008 kfree(name); 2009 kfree(otype); 2010 } 2011 } 2012 hash_eval(p->filename_trans, "filenametr"); 2013 return 0; 2014 out: 2015 kfree(ft); 2016 kfree(name); 2017 kfree(otype); 2018 2019 return rc; 2020 } 2021 2022 static int genfs_read(struct policydb *p, void *fp) 2023 { 2024 int i, j, rc; 2025 u32 nel, nel2, len, len2; 2026 __le32 buf[1]; 2027 struct ocontext *l, *c; 2028 struct ocontext *newc = NULL; 2029 struct genfs *genfs_p, *genfs; 2030 struct genfs *newgenfs = NULL; 2031 2032 rc = next_entry(buf, fp, sizeof(u32)); 2033 if (rc) 2034 goto out; 2035 nel = le32_to_cpu(buf[0]); 2036 2037 for (i = 0; i < nel; i++) { 2038 rc = next_entry(buf, fp, sizeof(u32)); 2039 if (rc) 2040 goto out; 2041 len = le32_to_cpu(buf[0]); 2042 2043 rc = -ENOMEM; 2044 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2045 if (!newgenfs) 2046 goto out; 2047 2048 rc = -ENOMEM; 2049 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 2050 if (!newgenfs->fstype) 2051 goto out; 2052 2053 rc = next_entry(newgenfs->fstype, fp, len); 2054 if (rc) 2055 goto out; 2056 2057 newgenfs->fstype[len] = 0; 2058 2059 for (genfs_p = NULL, genfs = p->genfs; genfs; 2060 genfs_p = genfs, genfs = genfs->next) { 2061 rc = -EINVAL; 2062 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2063 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 2064 newgenfs->fstype); 2065 goto out; 2066 } 2067 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2068 break; 2069 } 2070 newgenfs->next = genfs; 2071 if (genfs_p) 2072 genfs_p->next = newgenfs; 2073 else 2074 p->genfs = newgenfs; 2075 genfs = newgenfs; 2076 newgenfs = NULL; 2077 2078 rc = next_entry(buf, fp, sizeof(u32)); 2079 if (rc) 2080 goto out; 2081 2082 nel2 = le32_to_cpu(buf[0]); 2083 for (j = 0; j < nel2; j++) { 2084 rc = next_entry(buf, fp, sizeof(u32)); 2085 if (rc) 2086 goto out; 2087 len = le32_to_cpu(buf[0]); 2088 2089 rc = -ENOMEM; 2090 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2091 if (!newc) 2092 goto out; 2093 2094 rc = -ENOMEM; 2095 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 2096 if (!newc->u.name) 2097 goto out; 2098 2099 rc = next_entry(newc->u.name, fp, len); 2100 if (rc) 2101 goto out; 2102 newc->u.name[len] = 0; 2103 2104 rc = next_entry(buf, fp, sizeof(u32)); 2105 if (rc) 2106 goto out; 2107 2108 newc->v.sclass = le32_to_cpu(buf[0]); 2109 rc = context_read_and_validate(&newc->context[0], p, fp); 2110 if (rc) 2111 goto out; 2112 2113 for (l = NULL, c = genfs->head; c; 2114 l = c, c = c->next) { 2115 rc = -EINVAL; 2116 if (!strcmp(newc->u.name, c->u.name) && 2117 (!c->v.sclass || !newc->v.sclass || 2118 newc->v.sclass == c->v.sclass)) { 2119 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2120 genfs->fstype, c->u.name); 2121 goto out; 2122 } 2123 len = strlen(newc->u.name); 2124 len2 = strlen(c->u.name); 2125 if (len > len2) 2126 break; 2127 } 2128 2129 newc->next = c; 2130 if (l) 2131 l->next = newc; 2132 else 2133 genfs->head = newc; 2134 newc = NULL; 2135 } 2136 } 2137 rc = 0; 2138 out: 2139 if (newgenfs) 2140 kfree(newgenfs->fstype); 2141 kfree(newgenfs); 2142 ocontext_destroy(newc, OCON_FSUSE); 2143 2144 return rc; 2145 } 2146 2147 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2148 void *fp) 2149 { 2150 int i, j, rc; 2151 u32 nel, len; 2152 __le32 buf[3]; 2153 struct ocontext *l, *c; 2154 u32 nodebuf[8]; 2155 2156 for (i = 0; i < info->ocon_num; i++) { 2157 rc = next_entry(buf, fp, sizeof(u32)); 2158 if (rc) 2159 goto out; 2160 nel = le32_to_cpu(buf[0]); 2161 2162 l = NULL; 2163 for (j = 0; j < nel; j++) { 2164 rc = -ENOMEM; 2165 c = kzalloc(sizeof(*c), GFP_KERNEL); 2166 if (!c) 2167 goto out; 2168 if (l) 2169 l->next = c; 2170 else 2171 p->ocontexts[i] = c; 2172 l = c; 2173 2174 switch (i) { 2175 case OCON_ISID: 2176 rc = next_entry(buf, fp, sizeof(u32)); 2177 if (rc) 2178 goto out; 2179 2180 c->sid[0] = le32_to_cpu(buf[0]); 2181 rc = context_read_and_validate(&c->context[0], p, fp); 2182 if (rc) 2183 goto out; 2184 break; 2185 case OCON_FS: 2186 case OCON_NETIF: 2187 rc = next_entry(buf, fp, sizeof(u32)); 2188 if (rc) 2189 goto out; 2190 len = le32_to_cpu(buf[0]); 2191 2192 rc = -ENOMEM; 2193 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2194 if (!c->u.name) 2195 goto out; 2196 2197 rc = next_entry(c->u.name, fp, len); 2198 if (rc) 2199 goto out; 2200 2201 c->u.name[len] = 0; 2202 rc = context_read_and_validate(&c->context[0], p, fp); 2203 if (rc) 2204 goto out; 2205 rc = context_read_and_validate(&c->context[1], p, fp); 2206 if (rc) 2207 goto out; 2208 break; 2209 case OCON_PORT: 2210 rc = next_entry(buf, fp, sizeof(u32)*3); 2211 if (rc) 2212 goto out; 2213 c->u.port.protocol = le32_to_cpu(buf[0]); 2214 c->u.port.low_port = le32_to_cpu(buf[1]); 2215 c->u.port.high_port = le32_to_cpu(buf[2]); 2216 rc = context_read_and_validate(&c->context[0], p, fp); 2217 if (rc) 2218 goto out; 2219 break; 2220 case OCON_NODE: 2221 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2222 if (rc) 2223 goto out; 2224 c->u.node.addr = nodebuf[0]; /* network order */ 2225 c->u.node.mask = nodebuf[1]; /* network order */ 2226 rc = context_read_and_validate(&c->context[0], p, fp); 2227 if (rc) 2228 goto out; 2229 break; 2230 case OCON_FSUSE: 2231 rc = next_entry(buf, fp, sizeof(u32)*2); 2232 if (rc) 2233 goto out; 2234 2235 rc = -EINVAL; 2236 c->v.behavior = le32_to_cpu(buf[0]); 2237 /* Determined at runtime, not in policy DB. */ 2238 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2239 goto out; 2240 if (c->v.behavior > SECURITY_FS_USE_MAX) 2241 goto out; 2242 2243 rc = -ENOMEM; 2244 len = le32_to_cpu(buf[1]); 2245 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2246 if (!c->u.name) 2247 goto out; 2248 2249 rc = next_entry(c->u.name, fp, len); 2250 if (rc) 2251 goto out; 2252 c->u.name[len] = 0; 2253 rc = context_read_and_validate(&c->context[0], p, fp); 2254 if (rc) 2255 goto out; 2256 break; 2257 case OCON_NODE6: { 2258 int k; 2259 2260 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2261 if (rc) 2262 goto out; 2263 for (k = 0; k < 4; k++) 2264 c->u.node6.addr[k] = nodebuf[k]; 2265 for (k = 0; k < 4; k++) 2266 c->u.node6.mask[k] = nodebuf[k+4]; 2267 rc = context_read_and_validate(&c->context[0], p, fp); 2268 if (rc) 2269 goto out; 2270 break; 2271 } 2272 } 2273 } 2274 } 2275 rc = 0; 2276 out: 2277 return rc; 2278 } 2279 2280 /* 2281 * Read the configuration data from a policy database binary 2282 * representation file into a policy database structure. 2283 */ 2284 int policydb_read(struct policydb *p, void *fp) 2285 { 2286 struct role_allow *ra, *lra; 2287 struct role_trans *tr, *ltr; 2288 int i, j, rc; 2289 __le32 buf[4]; 2290 u32 len, nprim, nel; 2291 2292 char *policydb_str; 2293 struct policydb_compat_info *info; 2294 2295 rc = policydb_init(p); 2296 if (rc) 2297 return rc; 2298 2299 /* Read the magic number and string length. */ 2300 rc = next_entry(buf, fp, sizeof(u32) * 2); 2301 if (rc) 2302 goto bad; 2303 2304 rc = -EINVAL; 2305 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2306 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2307 "not match expected magic number 0x%x\n", 2308 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2309 goto bad; 2310 } 2311 2312 rc = -EINVAL; 2313 len = le32_to_cpu(buf[1]); 2314 if (len != strlen(POLICYDB_STRING)) { 2315 printk(KERN_ERR "SELinux: policydb string length %d does not " 2316 "match expected length %Zu\n", 2317 len, strlen(POLICYDB_STRING)); 2318 goto bad; 2319 } 2320 2321 rc = -ENOMEM; 2322 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2323 if (!policydb_str) { 2324 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2325 "string of length %d\n", len); 2326 goto bad; 2327 } 2328 2329 rc = next_entry(policydb_str, fp, len); 2330 if (rc) { 2331 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2332 kfree(policydb_str); 2333 goto bad; 2334 } 2335 2336 rc = -EINVAL; 2337 policydb_str[len] = '\0'; 2338 if (strcmp(policydb_str, POLICYDB_STRING)) { 2339 printk(KERN_ERR "SELinux: policydb string %s does not match " 2340 "my string %s\n", policydb_str, POLICYDB_STRING); 2341 kfree(policydb_str); 2342 goto bad; 2343 } 2344 /* Done with policydb_str. */ 2345 kfree(policydb_str); 2346 policydb_str = NULL; 2347 2348 /* Read the version and table sizes. */ 2349 rc = next_entry(buf, fp, sizeof(u32)*4); 2350 if (rc) 2351 goto bad; 2352 2353 rc = -EINVAL; 2354 p->policyvers = le32_to_cpu(buf[0]); 2355 if (p->policyvers < POLICYDB_VERSION_MIN || 2356 p->policyvers > POLICYDB_VERSION_MAX) { 2357 printk(KERN_ERR "SELinux: policydb version %d does not match " 2358 "my version range %d-%d\n", 2359 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2360 goto bad; 2361 } 2362 2363 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2364 p->mls_enabled = 1; 2365 2366 rc = -EINVAL; 2367 if (p->policyvers < POLICYDB_VERSION_MLS) { 2368 printk(KERN_ERR "SELinux: security policydb version %d " 2369 "(MLS) not backwards compatible\n", 2370 p->policyvers); 2371 goto bad; 2372 } 2373 } 2374 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2375 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2376 2377 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2378 rc = ebitmap_read(&p->policycaps, fp); 2379 if (rc) 2380 goto bad; 2381 } 2382 2383 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2384 rc = ebitmap_read(&p->permissive_map, fp); 2385 if (rc) 2386 goto bad; 2387 } 2388 2389 rc = -EINVAL; 2390 info = policydb_lookup_compat(p->policyvers); 2391 if (!info) { 2392 printk(KERN_ERR "SELinux: unable to find policy compat info " 2393 "for version %d\n", p->policyvers); 2394 goto bad; 2395 } 2396 2397 rc = -EINVAL; 2398 if (le32_to_cpu(buf[2]) != info->sym_num || 2399 le32_to_cpu(buf[3]) != info->ocon_num) { 2400 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2401 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2402 le32_to_cpu(buf[3]), 2403 info->sym_num, info->ocon_num); 2404 goto bad; 2405 } 2406 2407 for (i = 0; i < info->sym_num; i++) { 2408 rc = next_entry(buf, fp, sizeof(u32)*2); 2409 if (rc) 2410 goto bad; 2411 nprim = le32_to_cpu(buf[0]); 2412 nel = le32_to_cpu(buf[1]); 2413 for (j = 0; j < nel; j++) { 2414 rc = read_f[i](p, p->symtab[i].table, fp); 2415 if (rc) 2416 goto bad; 2417 } 2418 2419 p->symtab[i].nprim = nprim; 2420 } 2421 2422 rc = -EINVAL; 2423 p->process_class = string_to_security_class(p, "process"); 2424 if (!p->process_class) 2425 goto bad; 2426 2427 rc = avtab_read(&p->te_avtab, fp, p); 2428 if (rc) 2429 goto bad; 2430 2431 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2432 rc = cond_read_list(p, fp); 2433 if (rc) 2434 goto bad; 2435 } 2436 2437 rc = next_entry(buf, fp, sizeof(u32)); 2438 if (rc) 2439 goto bad; 2440 nel = le32_to_cpu(buf[0]); 2441 ltr = NULL; 2442 for (i = 0; i < nel; i++) { 2443 rc = -ENOMEM; 2444 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2445 if (!tr) 2446 goto bad; 2447 if (ltr) 2448 ltr->next = tr; 2449 else 2450 p->role_tr = tr; 2451 rc = next_entry(buf, fp, sizeof(u32)*3); 2452 if (rc) 2453 goto bad; 2454 2455 rc = -EINVAL; 2456 tr->role = le32_to_cpu(buf[0]); 2457 tr->type = le32_to_cpu(buf[1]); 2458 tr->new_role = le32_to_cpu(buf[2]); 2459 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2460 rc = next_entry(buf, fp, sizeof(u32)); 2461 if (rc) 2462 goto bad; 2463 tr->tclass = le32_to_cpu(buf[0]); 2464 } else 2465 tr->tclass = p->process_class; 2466 2467 if (!policydb_role_isvalid(p, tr->role) || 2468 !policydb_type_isvalid(p, tr->type) || 2469 !policydb_class_isvalid(p, tr->tclass) || 2470 !policydb_role_isvalid(p, tr->new_role)) 2471 goto bad; 2472 ltr = tr; 2473 } 2474 2475 rc = next_entry(buf, fp, sizeof(u32)); 2476 if (rc) 2477 goto bad; 2478 nel = le32_to_cpu(buf[0]); 2479 lra = NULL; 2480 for (i = 0; i < nel; i++) { 2481 rc = -ENOMEM; 2482 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2483 if (!ra) 2484 goto bad; 2485 if (lra) 2486 lra->next = ra; 2487 else 2488 p->role_allow = ra; 2489 rc = next_entry(buf, fp, sizeof(u32)*2); 2490 if (rc) 2491 goto bad; 2492 2493 rc = -EINVAL; 2494 ra->role = le32_to_cpu(buf[0]); 2495 ra->new_role = le32_to_cpu(buf[1]); 2496 if (!policydb_role_isvalid(p, ra->role) || 2497 !policydb_role_isvalid(p, ra->new_role)) 2498 goto bad; 2499 lra = ra; 2500 } 2501 2502 rc = filename_trans_read(p, fp); 2503 if (rc) 2504 goto bad; 2505 2506 rc = policydb_index(p); 2507 if (rc) 2508 goto bad; 2509 2510 rc = -EINVAL; 2511 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2512 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2513 if (!p->process_trans_perms) 2514 goto bad; 2515 2516 rc = ocontext_read(p, info, fp); 2517 if (rc) 2518 goto bad; 2519 2520 rc = genfs_read(p, fp); 2521 if (rc) 2522 goto bad; 2523 2524 rc = range_read(p, fp); 2525 if (rc) 2526 goto bad; 2527 2528 rc = -ENOMEM; 2529 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2530 p->p_types.nprim, 2531 GFP_KERNEL | __GFP_ZERO); 2532 if (!p->type_attr_map_array) 2533 goto bad; 2534 2535 /* preallocate so we don't have to worry about the put ever failing */ 2536 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2537 GFP_KERNEL | __GFP_ZERO); 2538 if (rc) 2539 goto bad; 2540 2541 for (i = 0; i < p->p_types.nprim; i++) { 2542 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2543 2544 BUG_ON(!e); 2545 ebitmap_init(e); 2546 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2547 rc = ebitmap_read(e, fp); 2548 if (rc) 2549 goto bad; 2550 } 2551 /* add the type itself as the degenerate case */ 2552 rc = ebitmap_set_bit(e, i, 1); 2553 if (rc) 2554 goto bad; 2555 } 2556 2557 rc = policydb_bounds_sanity_check(p); 2558 if (rc) 2559 goto bad; 2560 2561 rc = 0; 2562 out: 2563 return rc; 2564 bad: 2565 policydb_destroy(p); 2566 goto out; 2567 } 2568 2569 /* 2570 * Write a MLS level structure to a policydb binary 2571 * representation file. 2572 */ 2573 static int mls_write_level(struct mls_level *l, void *fp) 2574 { 2575 __le32 buf[1]; 2576 int rc; 2577 2578 buf[0] = cpu_to_le32(l->sens); 2579 rc = put_entry(buf, sizeof(u32), 1, fp); 2580 if (rc) 2581 return rc; 2582 2583 rc = ebitmap_write(&l->cat, fp); 2584 if (rc) 2585 return rc; 2586 2587 return 0; 2588 } 2589 2590 /* 2591 * Write a MLS range structure to a policydb binary 2592 * representation file. 2593 */ 2594 static int mls_write_range_helper(struct mls_range *r, void *fp) 2595 { 2596 __le32 buf[3]; 2597 size_t items; 2598 int rc, eq; 2599 2600 eq = mls_level_eq(&r->level[1], &r->level[0]); 2601 2602 if (eq) 2603 items = 2; 2604 else 2605 items = 3; 2606 buf[0] = cpu_to_le32(items-1); 2607 buf[1] = cpu_to_le32(r->level[0].sens); 2608 if (!eq) 2609 buf[2] = cpu_to_le32(r->level[1].sens); 2610 2611 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2612 2613 rc = put_entry(buf, sizeof(u32), items, fp); 2614 if (rc) 2615 return rc; 2616 2617 rc = ebitmap_write(&r->level[0].cat, fp); 2618 if (rc) 2619 return rc; 2620 if (!eq) { 2621 rc = ebitmap_write(&r->level[1].cat, fp); 2622 if (rc) 2623 return rc; 2624 } 2625 2626 return 0; 2627 } 2628 2629 static int sens_write(void *vkey, void *datum, void *ptr) 2630 { 2631 char *key = vkey; 2632 struct level_datum *levdatum = datum; 2633 struct policy_data *pd = ptr; 2634 void *fp = pd->fp; 2635 __le32 buf[2]; 2636 size_t len; 2637 int rc; 2638 2639 len = strlen(key); 2640 buf[0] = cpu_to_le32(len); 2641 buf[1] = cpu_to_le32(levdatum->isalias); 2642 rc = put_entry(buf, sizeof(u32), 2, fp); 2643 if (rc) 2644 return rc; 2645 2646 rc = put_entry(key, 1, len, fp); 2647 if (rc) 2648 return rc; 2649 2650 rc = mls_write_level(levdatum->level, fp); 2651 if (rc) 2652 return rc; 2653 2654 return 0; 2655 } 2656 2657 static int cat_write(void *vkey, void *datum, void *ptr) 2658 { 2659 char *key = vkey; 2660 struct cat_datum *catdatum = datum; 2661 struct policy_data *pd = ptr; 2662 void *fp = pd->fp; 2663 __le32 buf[3]; 2664 size_t len; 2665 int rc; 2666 2667 len = strlen(key); 2668 buf[0] = cpu_to_le32(len); 2669 buf[1] = cpu_to_le32(catdatum->value); 2670 buf[2] = cpu_to_le32(catdatum->isalias); 2671 rc = put_entry(buf, sizeof(u32), 3, fp); 2672 if (rc) 2673 return rc; 2674 2675 rc = put_entry(key, 1, len, fp); 2676 if (rc) 2677 return rc; 2678 2679 return 0; 2680 } 2681 2682 static int role_trans_write(struct policydb *p, void *fp) 2683 { 2684 struct role_trans *r = p->role_tr; 2685 struct role_trans *tr; 2686 u32 buf[3]; 2687 size_t nel; 2688 int rc; 2689 2690 nel = 0; 2691 for (tr = r; tr; tr = tr->next) 2692 nel++; 2693 buf[0] = cpu_to_le32(nel); 2694 rc = put_entry(buf, sizeof(u32), 1, fp); 2695 if (rc) 2696 return rc; 2697 for (tr = r; tr; tr = tr->next) { 2698 buf[0] = cpu_to_le32(tr->role); 2699 buf[1] = cpu_to_le32(tr->type); 2700 buf[2] = cpu_to_le32(tr->new_role); 2701 rc = put_entry(buf, sizeof(u32), 3, fp); 2702 if (rc) 2703 return rc; 2704 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2705 buf[0] = cpu_to_le32(tr->tclass); 2706 rc = put_entry(buf, sizeof(u32), 1, fp); 2707 if (rc) 2708 return rc; 2709 } 2710 } 2711 2712 return 0; 2713 } 2714 2715 static int role_allow_write(struct role_allow *r, void *fp) 2716 { 2717 struct role_allow *ra; 2718 u32 buf[2]; 2719 size_t nel; 2720 int rc; 2721 2722 nel = 0; 2723 for (ra = r; ra; ra = ra->next) 2724 nel++; 2725 buf[0] = cpu_to_le32(nel); 2726 rc = put_entry(buf, sizeof(u32), 1, fp); 2727 if (rc) 2728 return rc; 2729 for (ra = r; ra; ra = ra->next) { 2730 buf[0] = cpu_to_le32(ra->role); 2731 buf[1] = cpu_to_le32(ra->new_role); 2732 rc = put_entry(buf, sizeof(u32), 2, fp); 2733 if (rc) 2734 return rc; 2735 } 2736 return 0; 2737 } 2738 2739 /* 2740 * Write a security context structure 2741 * to a policydb binary representation file. 2742 */ 2743 static int context_write(struct policydb *p, struct context *c, 2744 void *fp) 2745 { 2746 int rc; 2747 __le32 buf[3]; 2748 2749 buf[0] = cpu_to_le32(c->user); 2750 buf[1] = cpu_to_le32(c->role); 2751 buf[2] = cpu_to_le32(c->type); 2752 2753 rc = put_entry(buf, sizeof(u32), 3, fp); 2754 if (rc) 2755 return rc; 2756 2757 rc = mls_write_range_helper(&c->range, fp); 2758 if (rc) 2759 return rc; 2760 2761 return 0; 2762 } 2763 2764 /* 2765 * The following *_write functions are used to 2766 * write the symbol data to a policy database 2767 * binary representation file. 2768 */ 2769 2770 static int perm_write(void *vkey, void *datum, void *fp) 2771 { 2772 char *key = vkey; 2773 struct perm_datum *perdatum = datum; 2774 __le32 buf[2]; 2775 size_t len; 2776 int rc; 2777 2778 len = strlen(key); 2779 buf[0] = cpu_to_le32(len); 2780 buf[1] = cpu_to_le32(perdatum->value); 2781 rc = put_entry(buf, sizeof(u32), 2, fp); 2782 if (rc) 2783 return rc; 2784 2785 rc = put_entry(key, 1, len, fp); 2786 if (rc) 2787 return rc; 2788 2789 return 0; 2790 } 2791 2792 static int common_write(void *vkey, void *datum, void *ptr) 2793 { 2794 char *key = vkey; 2795 struct common_datum *comdatum = datum; 2796 struct policy_data *pd = ptr; 2797 void *fp = pd->fp; 2798 __le32 buf[4]; 2799 size_t len; 2800 int rc; 2801 2802 len = strlen(key); 2803 buf[0] = cpu_to_le32(len); 2804 buf[1] = cpu_to_le32(comdatum->value); 2805 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2806 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2807 rc = put_entry(buf, sizeof(u32), 4, fp); 2808 if (rc) 2809 return rc; 2810 2811 rc = put_entry(key, 1, len, fp); 2812 if (rc) 2813 return rc; 2814 2815 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2816 if (rc) 2817 return rc; 2818 2819 return 0; 2820 } 2821 2822 static int type_set_write(struct type_set *t, void *fp) 2823 { 2824 int rc; 2825 __le32 buf[1]; 2826 2827 if (ebitmap_write(&t->types, fp)) 2828 return -EINVAL; 2829 if (ebitmap_write(&t->negset, fp)) 2830 return -EINVAL; 2831 2832 buf[0] = cpu_to_le32(t->flags); 2833 rc = put_entry(buf, sizeof(u32), 1, fp); 2834 if (rc) 2835 return -EINVAL; 2836 2837 return 0; 2838 } 2839 2840 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2841 void *fp) 2842 { 2843 struct constraint_node *c; 2844 struct constraint_expr *e; 2845 __le32 buf[3]; 2846 u32 nel; 2847 int rc; 2848 2849 for (c = node; c; c = c->next) { 2850 nel = 0; 2851 for (e = c->expr; e; e = e->next) 2852 nel++; 2853 buf[0] = cpu_to_le32(c->permissions); 2854 buf[1] = cpu_to_le32(nel); 2855 rc = put_entry(buf, sizeof(u32), 2, fp); 2856 if (rc) 2857 return rc; 2858 for (e = c->expr; e; e = e->next) { 2859 buf[0] = cpu_to_le32(e->expr_type); 2860 buf[1] = cpu_to_le32(e->attr); 2861 buf[2] = cpu_to_le32(e->op); 2862 rc = put_entry(buf, sizeof(u32), 3, fp); 2863 if (rc) 2864 return rc; 2865 2866 switch (e->expr_type) { 2867 case CEXPR_NAMES: 2868 rc = ebitmap_write(&e->names, fp); 2869 if (rc) 2870 return rc; 2871 if (p->policyvers >= 2872 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2873 rc = type_set_write(e->type_names, fp); 2874 if (rc) 2875 return rc; 2876 } 2877 break; 2878 default: 2879 break; 2880 } 2881 } 2882 } 2883 2884 return 0; 2885 } 2886 2887 static int class_write(void *vkey, void *datum, void *ptr) 2888 { 2889 char *key = vkey; 2890 struct class_datum *cladatum = datum; 2891 struct policy_data *pd = ptr; 2892 void *fp = pd->fp; 2893 struct policydb *p = pd->p; 2894 struct constraint_node *c; 2895 __le32 buf[6]; 2896 u32 ncons; 2897 size_t len, len2; 2898 int rc; 2899 2900 len = strlen(key); 2901 if (cladatum->comkey) 2902 len2 = strlen(cladatum->comkey); 2903 else 2904 len2 = 0; 2905 2906 ncons = 0; 2907 for (c = cladatum->constraints; c; c = c->next) 2908 ncons++; 2909 2910 buf[0] = cpu_to_le32(len); 2911 buf[1] = cpu_to_le32(len2); 2912 buf[2] = cpu_to_le32(cladatum->value); 2913 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2914 if (cladatum->permissions.table) 2915 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2916 else 2917 buf[4] = 0; 2918 buf[5] = cpu_to_le32(ncons); 2919 rc = put_entry(buf, sizeof(u32), 6, fp); 2920 if (rc) 2921 return rc; 2922 2923 rc = put_entry(key, 1, len, fp); 2924 if (rc) 2925 return rc; 2926 2927 if (cladatum->comkey) { 2928 rc = put_entry(cladatum->comkey, 1, len2, fp); 2929 if (rc) 2930 return rc; 2931 } 2932 2933 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2934 if (rc) 2935 return rc; 2936 2937 rc = write_cons_helper(p, cladatum->constraints, fp); 2938 if (rc) 2939 return rc; 2940 2941 /* write out the validatetrans rule */ 2942 ncons = 0; 2943 for (c = cladatum->validatetrans; c; c = c->next) 2944 ncons++; 2945 2946 buf[0] = cpu_to_le32(ncons); 2947 rc = put_entry(buf, sizeof(u32), 1, fp); 2948 if (rc) 2949 return rc; 2950 2951 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2952 if (rc) 2953 return rc; 2954 2955 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2956 buf[0] = cpu_to_le32(cladatum->default_user); 2957 buf[1] = cpu_to_le32(cladatum->default_role); 2958 buf[2] = cpu_to_le32(cladatum->default_range); 2959 2960 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2961 if (rc) 2962 return rc; 2963 } 2964 2965 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2966 buf[0] = cpu_to_le32(cladatum->default_type); 2967 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2968 if (rc) 2969 return rc; 2970 } 2971 2972 return 0; 2973 } 2974 2975 static int role_write(void *vkey, void *datum, void *ptr) 2976 { 2977 char *key = vkey; 2978 struct role_datum *role = datum; 2979 struct policy_data *pd = ptr; 2980 void *fp = pd->fp; 2981 struct policydb *p = pd->p; 2982 __le32 buf[3]; 2983 size_t items, len; 2984 int rc; 2985 2986 len = strlen(key); 2987 items = 0; 2988 buf[items++] = cpu_to_le32(len); 2989 buf[items++] = cpu_to_le32(role->value); 2990 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2991 buf[items++] = cpu_to_le32(role->bounds); 2992 2993 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2994 2995 rc = put_entry(buf, sizeof(u32), items, fp); 2996 if (rc) 2997 return rc; 2998 2999 rc = put_entry(key, 1, len, fp); 3000 if (rc) 3001 return rc; 3002 3003 rc = ebitmap_write(&role->dominates, fp); 3004 if (rc) 3005 return rc; 3006 3007 rc = ebitmap_write(&role->types, fp); 3008 if (rc) 3009 return rc; 3010 3011 return 0; 3012 } 3013 3014 static int type_write(void *vkey, void *datum, void *ptr) 3015 { 3016 char *key = vkey; 3017 struct type_datum *typdatum = datum; 3018 struct policy_data *pd = ptr; 3019 struct policydb *p = pd->p; 3020 void *fp = pd->fp; 3021 __le32 buf[4]; 3022 int rc; 3023 size_t items, len; 3024 3025 len = strlen(key); 3026 items = 0; 3027 buf[items++] = cpu_to_le32(len); 3028 buf[items++] = cpu_to_le32(typdatum->value); 3029 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3030 u32 properties = 0; 3031 3032 if (typdatum->primary) 3033 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3034 3035 if (typdatum->attribute) 3036 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3037 3038 buf[items++] = cpu_to_le32(properties); 3039 buf[items++] = cpu_to_le32(typdatum->bounds); 3040 } else { 3041 buf[items++] = cpu_to_le32(typdatum->primary); 3042 } 3043 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 3044 rc = put_entry(buf, sizeof(u32), items, fp); 3045 if (rc) 3046 return rc; 3047 3048 rc = put_entry(key, 1, len, fp); 3049 if (rc) 3050 return rc; 3051 3052 return 0; 3053 } 3054 3055 static int user_write(void *vkey, void *datum, void *ptr) 3056 { 3057 char *key = vkey; 3058 struct user_datum *usrdatum = datum; 3059 struct policy_data *pd = ptr; 3060 struct policydb *p = pd->p; 3061 void *fp = pd->fp; 3062 __le32 buf[3]; 3063 size_t items, len; 3064 int rc; 3065 3066 len = strlen(key); 3067 items = 0; 3068 buf[items++] = cpu_to_le32(len); 3069 buf[items++] = cpu_to_le32(usrdatum->value); 3070 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3071 buf[items++] = cpu_to_le32(usrdatum->bounds); 3072 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 3073 rc = put_entry(buf, sizeof(u32), items, fp); 3074 if (rc) 3075 return rc; 3076 3077 rc = put_entry(key, 1, len, fp); 3078 if (rc) 3079 return rc; 3080 3081 rc = ebitmap_write(&usrdatum->roles, fp); 3082 if (rc) 3083 return rc; 3084 3085 rc = mls_write_range_helper(&usrdatum->range, fp); 3086 if (rc) 3087 return rc; 3088 3089 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3090 if (rc) 3091 return rc; 3092 3093 return 0; 3094 } 3095 3096 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3097 void *datap) = 3098 { 3099 common_write, 3100 class_write, 3101 role_write, 3102 type_write, 3103 user_write, 3104 cond_write_bool, 3105 sens_write, 3106 cat_write, 3107 }; 3108 3109 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3110 void *fp) 3111 { 3112 unsigned int i, j, rc; 3113 size_t nel, len; 3114 __le32 buf[3]; 3115 u32 nodebuf[8]; 3116 struct ocontext *c; 3117 for (i = 0; i < info->ocon_num; i++) { 3118 nel = 0; 3119 for (c = p->ocontexts[i]; c; c = c->next) 3120 nel++; 3121 buf[0] = cpu_to_le32(nel); 3122 rc = put_entry(buf, sizeof(u32), 1, fp); 3123 if (rc) 3124 return rc; 3125 for (c = p->ocontexts[i]; c; c = c->next) { 3126 switch (i) { 3127 case OCON_ISID: 3128 buf[0] = cpu_to_le32(c->sid[0]); 3129 rc = put_entry(buf, sizeof(u32), 1, fp); 3130 if (rc) 3131 return rc; 3132 rc = context_write(p, &c->context[0], fp); 3133 if (rc) 3134 return rc; 3135 break; 3136 case OCON_FS: 3137 case OCON_NETIF: 3138 len = strlen(c->u.name); 3139 buf[0] = cpu_to_le32(len); 3140 rc = put_entry(buf, sizeof(u32), 1, fp); 3141 if (rc) 3142 return rc; 3143 rc = put_entry(c->u.name, 1, len, fp); 3144 if (rc) 3145 return rc; 3146 rc = context_write(p, &c->context[0], fp); 3147 if (rc) 3148 return rc; 3149 rc = context_write(p, &c->context[1], fp); 3150 if (rc) 3151 return rc; 3152 break; 3153 case OCON_PORT: 3154 buf[0] = cpu_to_le32(c->u.port.protocol); 3155 buf[1] = cpu_to_le32(c->u.port.low_port); 3156 buf[2] = cpu_to_le32(c->u.port.high_port); 3157 rc = put_entry(buf, sizeof(u32), 3, fp); 3158 if (rc) 3159 return rc; 3160 rc = context_write(p, &c->context[0], fp); 3161 if (rc) 3162 return rc; 3163 break; 3164 case OCON_NODE: 3165 nodebuf[0] = c->u.node.addr; /* network order */ 3166 nodebuf[1] = c->u.node.mask; /* network order */ 3167 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3168 if (rc) 3169 return rc; 3170 rc = context_write(p, &c->context[0], fp); 3171 if (rc) 3172 return rc; 3173 break; 3174 case OCON_FSUSE: 3175 buf[0] = cpu_to_le32(c->v.behavior); 3176 len = strlen(c->u.name); 3177 buf[1] = cpu_to_le32(len); 3178 rc = put_entry(buf, sizeof(u32), 2, fp); 3179 if (rc) 3180 return rc; 3181 rc = put_entry(c->u.name, 1, len, fp); 3182 if (rc) 3183 return rc; 3184 rc = context_write(p, &c->context[0], fp); 3185 if (rc) 3186 return rc; 3187 break; 3188 case OCON_NODE6: 3189 for (j = 0; j < 4; j++) 3190 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3191 for (j = 0; j < 4; j++) 3192 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3193 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3194 if (rc) 3195 return rc; 3196 rc = context_write(p, &c->context[0], fp); 3197 if (rc) 3198 return rc; 3199 break; 3200 } 3201 } 3202 } 3203 return 0; 3204 } 3205 3206 static int genfs_write(struct policydb *p, void *fp) 3207 { 3208 struct genfs *genfs; 3209 struct ocontext *c; 3210 size_t len; 3211 __le32 buf[1]; 3212 int rc; 3213 3214 len = 0; 3215 for (genfs = p->genfs; genfs; genfs = genfs->next) 3216 len++; 3217 buf[0] = cpu_to_le32(len); 3218 rc = put_entry(buf, sizeof(u32), 1, fp); 3219 if (rc) 3220 return rc; 3221 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3222 len = strlen(genfs->fstype); 3223 buf[0] = cpu_to_le32(len); 3224 rc = put_entry(buf, sizeof(u32), 1, fp); 3225 if (rc) 3226 return rc; 3227 rc = put_entry(genfs->fstype, 1, len, fp); 3228 if (rc) 3229 return rc; 3230 len = 0; 3231 for (c = genfs->head; c; c = c->next) 3232 len++; 3233 buf[0] = cpu_to_le32(len); 3234 rc = put_entry(buf, sizeof(u32), 1, fp); 3235 if (rc) 3236 return rc; 3237 for (c = genfs->head; c; c = c->next) { 3238 len = strlen(c->u.name); 3239 buf[0] = cpu_to_le32(len); 3240 rc = put_entry(buf, sizeof(u32), 1, fp); 3241 if (rc) 3242 return rc; 3243 rc = put_entry(c->u.name, 1, len, fp); 3244 if (rc) 3245 return rc; 3246 buf[0] = cpu_to_le32(c->v.sclass); 3247 rc = put_entry(buf, sizeof(u32), 1, fp); 3248 if (rc) 3249 return rc; 3250 rc = context_write(p, &c->context[0], fp); 3251 if (rc) 3252 return rc; 3253 } 3254 } 3255 return 0; 3256 } 3257 3258 static int hashtab_cnt(void *key, void *data, void *ptr) 3259 { 3260 int *cnt = ptr; 3261 *cnt = *cnt + 1; 3262 3263 return 0; 3264 } 3265 3266 static int range_write_helper(void *key, void *data, void *ptr) 3267 { 3268 __le32 buf[2]; 3269 struct range_trans *rt = key; 3270 struct mls_range *r = data; 3271 struct policy_data *pd = ptr; 3272 void *fp = pd->fp; 3273 struct policydb *p = pd->p; 3274 int rc; 3275 3276 buf[0] = cpu_to_le32(rt->source_type); 3277 buf[1] = cpu_to_le32(rt->target_type); 3278 rc = put_entry(buf, sizeof(u32), 2, fp); 3279 if (rc) 3280 return rc; 3281 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3282 buf[0] = cpu_to_le32(rt->target_class); 3283 rc = put_entry(buf, sizeof(u32), 1, fp); 3284 if (rc) 3285 return rc; 3286 } 3287 rc = mls_write_range_helper(r, fp); 3288 if (rc) 3289 return rc; 3290 3291 return 0; 3292 } 3293 3294 static int range_write(struct policydb *p, void *fp) 3295 { 3296 __le32 buf[1]; 3297 int rc, nel; 3298 struct policy_data pd; 3299 3300 pd.p = p; 3301 pd.fp = fp; 3302 3303 /* count the number of entries in the hashtab */ 3304 nel = 0; 3305 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3306 if (rc) 3307 return rc; 3308 3309 buf[0] = cpu_to_le32(nel); 3310 rc = put_entry(buf, sizeof(u32), 1, fp); 3311 if (rc) 3312 return rc; 3313 3314 /* actually write all of the entries */ 3315 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3316 if (rc) 3317 return rc; 3318 3319 return 0; 3320 } 3321 3322 static int filename_write_helper(void *key, void *data, void *ptr) 3323 { 3324 __le32 buf[4]; 3325 struct filename_trans *ft = key; 3326 struct filename_trans_datum *otype = data; 3327 void *fp = ptr; 3328 int rc; 3329 u32 len; 3330 3331 len = strlen(ft->name); 3332 buf[0] = cpu_to_le32(len); 3333 rc = put_entry(buf, sizeof(u32), 1, fp); 3334 if (rc) 3335 return rc; 3336 3337 rc = put_entry(ft->name, sizeof(char), len, fp); 3338 if (rc) 3339 return rc; 3340 3341 buf[0] = cpu_to_le32(ft->stype); 3342 buf[1] = cpu_to_le32(ft->ttype); 3343 buf[2] = cpu_to_le32(ft->tclass); 3344 buf[3] = cpu_to_le32(otype->otype); 3345 3346 rc = put_entry(buf, sizeof(u32), 4, fp); 3347 if (rc) 3348 return rc; 3349 3350 return 0; 3351 } 3352 3353 static int filename_trans_write(struct policydb *p, void *fp) 3354 { 3355 u32 nel; 3356 __le32 buf[1]; 3357 int rc; 3358 3359 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3360 return 0; 3361 3362 nel = 0; 3363 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3364 if (rc) 3365 return rc; 3366 3367 buf[0] = cpu_to_le32(nel); 3368 rc = put_entry(buf, sizeof(u32), 1, fp); 3369 if (rc) 3370 return rc; 3371 3372 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3373 if (rc) 3374 return rc; 3375 3376 return 0; 3377 } 3378 3379 /* 3380 * Write the configuration data in a policy database 3381 * structure to a policy database binary representation 3382 * file. 3383 */ 3384 int policydb_write(struct policydb *p, void *fp) 3385 { 3386 unsigned int i, num_syms; 3387 int rc; 3388 __le32 buf[4]; 3389 u32 config; 3390 size_t len; 3391 struct policydb_compat_info *info; 3392 3393 /* 3394 * refuse to write policy older than compressed avtab 3395 * to simplify the writer. There are other tests dropped 3396 * since we assume this throughout the writer code. Be 3397 * careful if you ever try to remove this restriction 3398 */ 3399 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3400 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3401 " Because it is less than version %d\n", p->policyvers, 3402 POLICYDB_VERSION_AVTAB); 3403 return -EINVAL; 3404 } 3405 3406 config = 0; 3407 if (p->mls_enabled) 3408 config |= POLICYDB_CONFIG_MLS; 3409 3410 if (p->reject_unknown) 3411 config |= REJECT_UNKNOWN; 3412 if (p->allow_unknown) 3413 config |= ALLOW_UNKNOWN; 3414 3415 /* Write the magic number and string identifiers. */ 3416 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3417 len = strlen(POLICYDB_STRING); 3418 buf[1] = cpu_to_le32(len); 3419 rc = put_entry(buf, sizeof(u32), 2, fp); 3420 if (rc) 3421 return rc; 3422 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3423 if (rc) 3424 return rc; 3425 3426 /* Write the version, config, and table sizes. */ 3427 info = policydb_lookup_compat(p->policyvers); 3428 if (!info) { 3429 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3430 "version %d", p->policyvers); 3431 return -EINVAL; 3432 } 3433 3434 buf[0] = cpu_to_le32(p->policyvers); 3435 buf[1] = cpu_to_le32(config); 3436 buf[2] = cpu_to_le32(info->sym_num); 3437 buf[3] = cpu_to_le32(info->ocon_num); 3438 3439 rc = put_entry(buf, sizeof(u32), 4, fp); 3440 if (rc) 3441 return rc; 3442 3443 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3444 rc = ebitmap_write(&p->policycaps, fp); 3445 if (rc) 3446 return rc; 3447 } 3448 3449 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3450 rc = ebitmap_write(&p->permissive_map, fp); 3451 if (rc) 3452 return rc; 3453 } 3454 3455 num_syms = info->sym_num; 3456 for (i = 0; i < num_syms; i++) { 3457 struct policy_data pd; 3458 3459 pd.fp = fp; 3460 pd.p = p; 3461 3462 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3463 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3464 3465 rc = put_entry(buf, sizeof(u32), 2, fp); 3466 if (rc) 3467 return rc; 3468 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3469 if (rc) 3470 return rc; 3471 } 3472 3473 rc = avtab_write(p, &p->te_avtab, fp); 3474 if (rc) 3475 return rc; 3476 3477 rc = cond_write_list(p, p->cond_list, fp); 3478 if (rc) 3479 return rc; 3480 3481 rc = role_trans_write(p, fp); 3482 if (rc) 3483 return rc; 3484 3485 rc = role_allow_write(p->role_allow, fp); 3486 if (rc) 3487 return rc; 3488 3489 rc = filename_trans_write(p, fp); 3490 if (rc) 3491 return rc; 3492 3493 rc = ocontext_write(p, info, fp); 3494 if (rc) 3495 return rc; 3496 3497 rc = genfs_write(p, fp); 3498 if (rc) 3499 return rc; 3500 3501 rc = range_write(p, fp); 3502 if (rc) 3503 return rc; 3504 3505 for (i = 0; i < p->p_types.nprim; i++) { 3506 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3507 3508 BUG_ON(!e); 3509 rc = ebitmap_write(e, fp); 3510 if (rc) 3511 return rc; 3512 } 3513 3514 return 0; 3515 } 3516