1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * 11 * Support for enhanced MLS infrastructure. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 14 * 15 * Added conditional policy language extensions 16 * 17 * Updated: Hewlett-Packard <paul@paul-moore.com> 18 * 19 * Added support for the policy capability bitmap 20 * 21 * Update: Mellanox Techonologies 22 * 23 * Added Infiniband support 24 * 25 * Copyright (C) 2016 Mellanox Techonologies 26 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 27 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 28 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/sched.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <linux/errno.h> 36 #include <linux/audit.h> 37 #include "security.h" 38 39 #include "policydb.h" 40 #include "conditional.h" 41 #include "mls.h" 42 #include "services.h" 43 44 #define _DEBUG_HASHES 45 46 #ifdef DEBUG_HASHES 47 static const char *symtab_name[SYM_NUM] = { 48 "common prefixes", 49 "classes", 50 "roles", 51 "types", 52 "users", 53 "bools", 54 "levels", 55 "categories", 56 }; 57 #endif 58 59 struct policydb_compat_info { 60 int version; 61 int sym_num; 62 int ocon_num; 63 }; 64 65 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 66 static struct policydb_compat_info policydb_compat[] = { 67 { 68 .version = POLICYDB_VERSION_BASE, 69 .sym_num = SYM_NUM - 3, 70 .ocon_num = OCON_NUM - 3, 71 }, 72 { 73 .version = POLICYDB_VERSION_BOOL, 74 .sym_num = SYM_NUM - 2, 75 .ocon_num = OCON_NUM - 3, 76 }, 77 { 78 .version = POLICYDB_VERSION_IPV6, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_NUM - 2, 81 }, 82 { 83 .version = POLICYDB_VERSION_NLCLASS, 84 .sym_num = SYM_NUM - 2, 85 .ocon_num = OCON_NUM - 2, 86 }, 87 { 88 .version = POLICYDB_VERSION_MLS, 89 .sym_num = SYM_NUM, 90 .ocon_num = OCON_NUM - 2, 91 }, 92 { 93 .version = POLICYDB_VERSION_AVTAB, 94 .sym_num = SYM_NUM, 95 .ocon_num = OCON_NUM - 2, 96 }, 97 { 98 .version = POLICYDB_VERSION_RANGETRANS, 99 .sym_num = SYM_NUM, 100 .ocon_num = OCON_NUM - 2, 101 }, 102 { 103 .version = POLICYDB_VERSION_POLCAP, 104 .sym_num = SYM_NUM, 105 .ocon_num = OCON_NUM - 2, 106 }, 107 { 108 .version = POLICYDB_VERSION_PERMISSIVE, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NUM - 2, 111 }, 112 { 113 .version = POLICYDB_VERSION_BOUNDARY, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NUM - 2, 116 }, 117 { 118 .version = POLICYDB_VERSION_FILENAME_TRANS, 119 .sym_num = SYM_NUM, 120 .ocon_num = OCON_NUM - 2, 121 }, 122 { 123 .version = POLICYDB_VERSION_ROLETRANS, 124 .sym_num = SYM_NUM, 125 .ocon_num = OCON_NUM - 2, 126 }, 127 { 128 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 129 .sym_num = SYM_NUM, 130 .ocon_num = OCON_NUM - 2, 131 }, 132 { 133 .version = POLICYDB_VERSION_DEFAULT_TYPE, 134 .sym_num = SYM_NUM, 135 .ocon_num = OCON_NUM - 2, 136 }, 137 { 138 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 139 .sym_num = SYM_NUM, 140 .ocon_num = OCON_NUM - 2, 141 }, 142 { 143 .version = POLICYDB_VERSION_XPERMS_IOCTL, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NUM - 2, 146 }, 147 { 148 .version = POLICYDB_VERSION_INFINIBAND, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NUM, 151 }, 152 { 153 .version = POLICYDB_VERSION_GLBLUB, 154 .sym_num = SYM_NUM, 155 .ocon_num = OCON_NUM, 156 }, 157 { 158 .version = POLICYDB_VERSION_COMP_FTRANS, 159 .sym_num = SYM_NUM, 160 .ocon_num = OCON_NUM, 161 }, 162 }; 163 164 static struct policydb_compat_info *policydb_lookup_compat(int version) 165 { 166 int i; 167 struct policydb_compat_info *info = NULL; 168 169 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 170 if (policydb_compat[i].version == version) { 171 info = &policydb_compat[i]; 172 break; 173 } 174 } 175 return info; 176 } 177 178 /* 179 * The following *_destroy functions are used to 180 * free any memory allocated for each kind of 181 * symbol data in the policy database. 182 */ 183 184 static int perm_destroy(void *key, void *datum, void *p) 185 { 186 kfree(key); 187 kfree(datum); 188 return 0; 189 } 190 191 static int common_destroy(void *key, void *datum, void *p) 192 { 193 struct common_datum *comdatum; 194 195 kfree(key); 196 if (datum) { 197 comdatum = datum; 198 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 199 hashtab_destroy(&comdatum->permissions.table); 200 } 201 kfree(datum); 202 return 0; 203 } 204 205 static void constraint_expr_destroy(struct constraint_expr *expr) 206 { 207 if (expr) { 208 ebitmap_destroy(&expr->names); 209 if (expr->type_names) { 210 ebitmap_destroy(&expr->type_names->types); 211 ebitmap_destroy(&expr->type_names->negset); 212 kfree(expr->type_names); 213 } 214 kfree(expr); 215 } 216 } 217 218 static int cls_destroy(void *key, void *datum, void *p) 219 { 220 struct class_datum *cladatum; 221 struct constraint_node *constraint, *ctemp; 222 struct constraint_expr *e, *etmp; 223 224 kfree(key); 225 if (datum) { 226 cladatum = datum; 227 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 228 hashtab_destroy(&cladatum->permissions.table); 229 constraint = cladatum->constraints; 230 while (constraint) { 231 e = constraint->expr; 232 while (e) { 233 etmp = e; 234 e = e->next; 235 constraint_expr_destroy(etmp); 236 } 237 ctemp = constraint; 238 constraint = constraint->next; 239 kfree(ctemp); 240 } 241 242 constraint = cladatum->validatetrans; 243 while (constraint) { 244 e = constraint->expr; 245 while (e) { 246 etmp = e; 247 e = e->next; 248 constraint_expr_destroy(etmp); 249 } 250 ctemp = constraint; 251 constraint = constraint->next; 252 kfree(ctemp); 253 } 254 kfree(cladatum->comkey); 255 } 256 kfree(datum); 257 return 0; 258 } 259 260 static int role_destroy(void *key, void *datum, void *p) 261 { 262 struct role_datum *role; 263 264 kfree(key); 265 if (datum) { 266 role = datum; 267 ebitmap_destroy(&role->dominates); 268 ebitmap_destroy(&role->types); 269 } 270 kfree(datum); 271 return 0; 272 } 273 274 static int type_destroy(void *key, void *datum, void *p) 275 { 276 kfree(key); 277 kfree(datum); 278 return 0; 279 } 280 281 static int user_destroy(void *key, void *datum, void *p) 282 { 283 struct user_datum *usrdatum; 284 285 kfree(key); 286 if (datum) { 287 usrdatum = datum; 288 ebitmap_destroy(&usrdatum->roles); 289 ebitmap_destroy(&usrdatum->range.level[0].cat); 290 ebitmap_destroy(&usrdatum->range.level[1].cat); 291 ebitmap_destroy(&usrdatum->dfltlevel.cat); 292 } 293 kfree(datum); 294 return 0; 295 } 296 297 static int sens_destroy(void *key, void *datum, void *p) 298 { 299 struct level_datum *levdatum; 300 301 kfree(key); 302 if (datum) { 303 levdatum = datum; 304 if (levdatum->level) 305 ebitmap_destroy(&levdatum->level->cat); 306 kfree(levdatum->level); 307 } 308 kfree(datum); 309 return 0; 310 } 311 312 static int cat_destroy(void *key, void *datum, void *p) 313 { 314 kfree(key); 315 kfree(datum); 316 return 0; 317 } 318 319 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 320 { 321 common_destroy, 322 cls_destroy, 323 role_destroy, 324 type_destroy, 325 user_destroy, 326 cond_destroy_bool, 327 sens_destroy, 328 cat_destroy, 329 }; 330 331 static int filenametr_destroy(void *key, void *datum, void *p) 332 { 333 struct filename_trans_key *ft = key; 334 struct filename_trans_datum *next, *d = datum; 335 336 kfree(ft->name); 337 kfree(key); 338 do { 339 ebitmap_destroy(&d->stypes); 340 next = d->next; 341 kfree(d); 342 d = next; 343 } while (unlikely(d)); 344 cond_resched(); 345 return 0; 346 } 347 348 static int range_tr_destroy(void *key, void *datum, void *p) 349 { 350 struct mls_range *rt = datum; 351 352 kfree(key); 353 ebitmap_destroy(&rt->level[0].cat); 354 ebitmap_destroy(&rt->level[1].cat); 355 kfree(datum); 356 cond_resched(); 357 return 0; 358 } 359 360 static int role_tr_destroy(void *key, void *datum, void *p) 361 { 362 kfree(key); 363 kfree(datum); 364 return 0; 365 } 366 367 static void ocontext_destroy(struct ocontext *c, int i) 368 { 369 if (!c) 370 return; 371 372 context_destroy(&c->context[0]); 373 context_destroy(&c->context[1]); 374 if (i == OCON_ISID || i == OCON_FS || 375 i == OCON_NETIF || i == OCON_FSUSE) 376 kfree(c->u.name); 377 kfree(c); 378 } 379 380 /* 381 * Initialize the role table. 382 */ 383 static int roles_init(struct policydb *p) 384 { 385 char *key = NULL; 386 int rc; 387 struct role_datum *role; 388 389 role = kzalloc(sizeof(*role), GFP_KERNEL); 390 if (!role) 391 return -ENOMEM; 392 393 rc = -EINVAL; 394 role->value = ++p->p_roles.nprim; 395 if (role->value != OBJECT_R_VAL) 396 goto out; 397 398 rc = -ENOMEM; 399 key = kstrdup(OBJECT_R, GFP_KERNEL); 400 if (!key) 401 goto out; 402 403 rc = hashtab_insert(&p->p_roles.table, key, role); 404 if (rc) 405 goto out; 406 407 return 0; 408 out: 409 kfree(key); 410 kfree(role); 411 return rc; 412 } 413 414 static u32 filenametr_hash(struct hashtab *h, const void *k) 415 { 416 const struct filename_trans_key *ft = k; 417 unsigned long hash; 418 unsigned int byte_num; 419 unsigned char focus; 420 421 hash = ft->ttype ^ ft->tclass; 422 423 byte_num = 0; 424 while ((focus = ft->name[byte_num++])) 425 hash = partial_name_hash(focus, hash); 426 return hash & (h->size - 1); 427 } 428 429 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 430 { 431 const struct filename_trans_key *ft1 = k1; 432 const struct filename_trans_key *ft2 = k2; 433 int v; 434 435 v = ft1->ttype - ft2->ttype; 436 if (v) 437 return v; 438 439 v = ft1->tclass - ft2->tclass; 440 if (v) 441 return v; 442 443 return strcmp(ft1->name, ft2->name); 444 445 } 446 447 static u32 rangetr_hash(struct hashtab *h, const void *k) 448 { 449 const struct range_trans *key = k; 450 451 return (key->source_type + (key->target_type << 3) + 452 (key->target_class << 5)) & (h->size - 1); 453 } 454 455 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 456 { 457 const struct range_trans *key1 = k1, *key2 = k2; 458 int v; 459 460 v = key1->source_type - key2->source_type; 461 if (v) 462 return v; 463 464 v = key1->target_type - key2->target_type; 465 if (v) 466 return v; 467 468 v = key1->target_class - key2->target_class; 469 470 return v; 471 } 472 473 static u32 role_trans_hash(struct hashtab *h, const void *k) 474 { 475 const struct role_trans_key *key = k; 476 477 return (key->role + (key->type << 3) + (key->tclass << 5)) & 478 (h->size - 1); 479 } 480 481 static int role_trans_cmp(struct hashtab *h, const void *k1, const void *k2) 482 { 483 const struct role_trans_key *key1 = k1, *key2 = k2; 484 int v; 485 486 v = key1->role - key2->role; 487 if (v) 488 return v; 489 490 v = key1->type - key2->type; 491 if (v) 492 return v; 493 494 return key1->tclass - key2->tclass; 495 } 496 497 /* 498 * Initialize a policy database structure. 499 */ 500 static void policydb_init(struct policydb *p) 501 { 502 memset(p, 0, sizeof(*p)); 503 504 avtab_init(&p->te_avtab); 505 cond_policydb_init(p); 506 507 ebitmap_init(&p->filename_trans_ttypes); 508 ebitmap_init(&p->policycaps); 509 ebitmap_init(&p->permissive_map); 510 } 511 512 /* 513 * The following *_index functions are used to 514 * define the val_to_name and val_to_struct arrays 515 * in a policy database structure. The val_to_name 516 * arrays are used when converting security context 517 * structures into string representations. The 518 * val_to_struct arrays are used when the attributes 519 * of a class, role, or user are needed. 520 */ 521 522 static int common_index(void *key, void *datum, void *datap) 523 { 524 struct policydb *p; 525 struct common_datum *comdatum; 526 527 comdatum = datum; 528 p = datap; 529 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 530 return -EINVAL; 531 532 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 533 534 return 0; 535 } 536 537 static int class_index(void *key, void *datum, void *datap) 538 { 539 struct policydb *p; 540 struct class_datum *cladatum; 541 542 cladatum = datum; 543 p = datap; 544 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 545 return -EINVAL; 546 547 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 548 p->class_val_to_struct[cladatum->value - 1] = cladatum; 549 return 0; 550 } 551 552 static int role_index(void *key, void *datum, void *datap) 553 { 554 struct policydb *p; 555 struct role_datum *role; 556 557 role = datum; 558 p = datap; 559 if (!role->value 560 || role->value > p->p_roles.nprim 561 || role->bounds > p->p_roles.nprim) 562 return -EINVAL; 563 564 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 565 p->role_val_to_struct[role->value - 1] = role; 566 return 0; 567 } 568 569 static int type_index(void *key, void *datum, void *datap) 570 { 571 struct policydb *p; 572 struct type_datum *typdatum; 573 574 typdatum = datum; 575 p = datap; 576 577 if (typdatum->primary) { 578 if (!typdatum->value 579 || typdatum->value > p->p_types.nprim 580 || typdatum->bounds > p->p_types.nprim) 581 return -EINVAL; 582 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 583 p->type_val_to_struct[typdatum->value - 1] = typdatum; 584 } 585 586 return 0; 587 } 588 589 static int user_index(void *key, void *datum, void *datap) 590 { 591 struct policydb *p; 592 struct user_datum *usrdatum; 593 594 usrdatum = datum; 595 p = datap; 596 if (!usrdatum->value 597 || usrdatum->value > p->p_users.nprim 598 || usrdatum->bounds > p->p_users.nprim) 599 return -EINVAL; 600 601 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 602 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 603 return 0; 604 } 605 606 static int sens_index(void *key, void *datum, void *datap) 607 { 608 struct policydb *p; 609 struct level_datum *levdatum; 610 611 levdatum = datum; 612 p = datap; 613 614 if (!levdatum->isalias) { 615 if (!levdatum->level->sens || 616 levdatum->level->sens > p->p_levels.nprim) 617 return -EINVAL; 618 619 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 620 } 621 622 return 0; 623 } 624 625 static int cat_index(void *key, void *datum, void *datap) 626 { 627 struct policydb *p; 628 struct cat_datum *catdatum; 629 630 catdatum = datum; 631 p = datap; 632 633 if (!catdatum->isalias) { 634 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 635 return -EINVAL; 636 637 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 638 } 639 640 return 0; 641 } 642 643 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 644 { 645 common_index, 646 class_index, 647 role_index, 648 type_index, 649 user_index, 650 cond_index_bool, 651 sens_index, 652 cat_index, 653 }; 654 655 #ifdef DEBUG_HASHES 656 static void hash_eval(struct hashtab *h, const char *hash_name) 657 { 658 struct hashtab_info info; 659 660 hashtab_stat(h, &info); 661 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n", 662 hash_name, h->nel, info.slots_used, h->size, 663 info.max_chain_len); 664 } 665 666 static void symtab_hash_eval(struct symtab *s) 667 { 668 int i; 669 670 for (i = 0; i < SYM_NUM; i++) 671 hash_eval(&s[i].table, symtab_name[i]); 672 } 673 674 #else 675 static inline void hash_eval(struct hashtab *h, char *hash_name) 676 { 677 } 678 #endif 679 680 /* 681 * Define the other val_to_name and val_to_struct arrays 682 * in a policy database structure. 683 * 684 * Caller must clean up on failure. 685 */ 686 static int policydb_index(struct policydb *p) 687 { 688 int i, rc; 689 690 if (p->mls_enabled) 691 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 692 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 693 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 694 else 695 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 696 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 697 p->p_bools.nprim); 698 699 pr_debug("SELinux: %d classes, %d rules\n", 700 p->p_classes.nprim, p->te_avtab.nel); 701 702 #ifdef DEBUG_HASHES 703 avtab_hash_eval(&p->te_avtab, "rules"); 704 symtab_hash_eval(p->symtab); 705 #endif 706 707 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 708 sizeof(*p->class_val_to_struct), 709 GFP_KERNEL); 710 if (!p->class_val_to_struct) 711 return -ENOMEM; 712 713 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 714 sizeof(*p->role_val_to_struct), 715 GFP_KERNEL); 716 if (!p->role_val_to_struct) 717 return -ENOMEM; 718 719 p->user_val_to_struct = kcalloc(p->p_users.nprim, 720 sizeof(*p->user_val_to_struct), 721 GFP_KERNEL); 722 if (!p->user_val_to_struct) 723 return -ENOMEM; 724 725 p->type_val_to_struct = kvcalloc(p->p_types.nprim, 726 sizeof(*p->type_val_to_struct), 727 GFP_KERNEL); 728 if (!p->type_val_to_struct) 729 return -ENOMEM; 730 731 rc = cond_init_bool_indexes(p); 732 if (rc) 733 goto out; 734 735 for (i = 0; i < SYM_NUM; i++) { 736 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 737 sizeof(char *), 738 GFP_KERNEL); 739 if (!p->sym_val_to_name[i]) 740 return -ENOMEM; 741 742 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 743 if (rc) 744 goto out; 745 } 746 rc = 0; 747 out: 748 return rc; 749 } 750 751 /* 752 * Free any memory allocated by a policy database structure. 753 */ 754 void policydb_destroy(struct policydb *p) 755 { 756 struct ocontext *c, *ctmp; 757 struct genfs *g, *gtmp; 758 int i; 759 struct role_allow *ra, *lra = NULL; 760 761 for (i = 0; i < SYM_NUM; i++) { 762 cond_resched(); 763 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 764 hashtab_destroy(&p->symtab[i].table); 765 } 766 767 for (i = 0; i < SYM_NUM; i++) 768 kvfree(p->sym_val_to_name[i]); 769 770 kfree(p->class_val_to_struct); 771 kfree(p->role_val_to_struct); 772 kfree(p->user_val_to_struct); 773 kvfree(p->type_val_to_struct); 774 775 avtab_destroy(&p->te_avtab); 776 777 for (i = 0; i < OCON_NUM; i++) { 778 cond_resched(); 779 c = p->ocontexts[i]; 780 while (c) { 781 ctmp = c; 782 c = c->next; 783 ocontext_destroy(ctmp, i); 784 } 785 p->ocontexts[i] = NULL; 786 } 787 788 g = p->genfs; 789 while (g) { 790 cond_resched(); 791 kfree(g->fstype); 792 c = g->head; 793 while (c) { 794 ctmp = c; 795 c = c->next; 796 ocontext_destroy(ctmp, OCON_FSUSE); 797 } 798 gtmp = g; 799 g = g->next; 800 kfree(gtmp); 801 } 802 p->genfs = NULL; 803 804 cond_policydb_destroy(p); 805 806 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 807 hashtab_destroy(&p->role_tr); 808 809 for (ra = p->role_allow; ra; ra = ra->next) { 810 cond_resched(); 811 kfree(lra); 812 lra = ra; 813 } 814 kfree(lra); 815 816 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 817 hashtab_destroy(&p->filename_trans); 818 819 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 820 hashtab_destroy(&p->range_tr); 821 822 if (p->type_attr_map_array) { 823 for (i = 0; i < p->p_types.nprim; i++) 824 ebitmap_destroy(&p->type_attr_map_array[i]); 825 kvfree(p->type_attr_map_array); 826 } 827 828 ebitmap_destroy(&p->filename_trans_ttypes); 829 ebitmap_destroy(&p->policycaps); 830 ebitmap_destroy(&p->permissive_map); 831 } 832 833 /* 834 * Load the initial SIDs specified in a policy database 835 * structure into a SID table. 836 */ 837 int policydb_load_isids(struct policydb *p, struct sidtab *s) 838 { 839 struct ocontext *head, *c; 840 int rc; 841 842 rc = sidtab_init(s); 843 if (rc) { 844 pr_err("SELinux: out of memory on SID table init\n"); 845 goto out; 846 } 847 848 head = p->ocontexts[OCON_ISID]; 849 for (c = head; c; c = c->next) { 850 u32 sid = c->sid[0]; 851 const char *name = security_get_initial_sid_context(sid); 852 853 if (sid == SECSID_NULL) { 854 pr_err("SELinux: SID 0 was assigned a context.\n"); 855 sidtab_destroy(s); 856 goto out; 857 } 858 859 /* Ignore initial SIDs unused by this kernel. */ 860 if (!name) 861 continue; 862 863 rc = sidtab_set_initial(s, sid, &c->context[0]); 864 if (rc) { 865 pr_err("SELinux: unable to load initial SID %s.\n", 866 name); 867 sidtab_destroy(s); 868 goto out; 869 } 870 } 871 rc = 0; 872 out: 873 return rc; 874 } 875 876 int policydb_class_isvalid(struct policydb *p, unsigned int class) 877 { 878 if (!class || class > p->p_classes.nprim) 879 return 0; 880 return 1; 881 } 882 883 int policydb_role_isvalid(struct policydb *p, unsigned int role) 884 { 885 if (!role || role > p->p_roles.nprim) 886 return 0; 887 return 1; 888 } 889 890 int policydb_type_isvalid(struct policydb *p, unsigned int type) 891 { 892 if (!type || type > p->p_types.nprim) 893 return 0; 894 return 1; 895 } 896 897 /* 898 * Return 1 if the fields in the security context 899 * structure `c' are valid. Return 0 otherwise. 900 */ 901 int policydb_context_isvalid(struct policydb *p, struct context *c) 902 { 903 struct role_datum *role; 904 struct user_datum *usrdatum; 905 906 if (!c->role || c->role > p->p_roles.nprim) 907 return 0; 908 909 if (!c->user || c->user > p->p_users.nprim) 910 return 0; 911 912 if (!c->type || c->type > p->p_types.nprim) 913 return 0; 914 915 if (c->role != OBJECT_R_VAL) { 916 /* 917 * Role must be authorized for the type. 918 */ 919 role = p->role_val_to_struct[c->role - 1]; 920 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 921 /* role may not be associated with type */ 922 return 0; 923 924 /* 925 * User must be authorized for the role. 926 */ 927 usrdatum = p->user_val_to_struct[c->user - 1]; 928 if (!usrdatum) 929 return 0; 930 931 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 932 /* user may not be associated with role */ 933 return 0; 934 } 935 936 if (!mls_context_isvalid(p, c)) 937 return 0; 938 939 return 1; 940 } 941 942 /* 943 * Read a MLS range structure from a policydb binary 944 * representation file. 945 */ 946 static int mls_read_range_helper(struct mls_range *r, void *fp) 947 { 948 __le32 buf[2]; 949 u32 items; 950 int rc; 951 952 rc = next_entry(buf, fp, sizeof(u32)); 953 if (rc) 954 goto out; 955 956 rc = -EINVAL; 957 items = le32_to_cpu(buf[0]); 958 if (items > ARRAY_SIZE(buf)) { 959 pr_err("SELinux: mls: range overflow\n"); 960 goto out; 961 } 962 963 rc = next_entry(buf, fp, sizeof(u32) * items); 964 if (rc) { 965 pr_err("SELinux: mls: truncated range\n"); 966 goto out; 967 } 968 969 r->level[0].sens = le32_to_cpu(buf[0]); 970 if (items > 1) 971 r->level[1].sens = le32_to_cpu(buf[1]); 972 else 973 r->level[1].sens = r->level[0].sens; 974 975 rc = ebitmap_read(&r->level[0].cat, fp); 976 if (rc) { 977 pr_err("SELinux: mls: error reading low categories\n"); 978 goto out; 979 } 980 if (items > 1) { 981 rc = ebitmap_read(&r->level[1].cat, fp); 982 if (rc) { 983 pr_err("SELinux: mls: error reading high categories\n"); 984 goto bad_high; 985 } 986 } else { 987 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 988 if (rc) { 989 pr_err("SELinux: mls: out of memory\n"); 990 goto bad_high; 991 } 992 } 993 994 return 0; 995 bad_high: 996 ebitmap_destroy(&r->level[0].cat); 997 out: 998 return rc; 999 } 1000 1001 /* 1002 * Read and validate a security context structure 1003 * from a policydb binary representation file. 1004 */ 1005 static int context_read_and_validate(struct context *c, 1006 struct policydb *p, 1007 void *fp) 1008 { 1009 __le32 buf[3]; 1010 int rc; 1011 1012 rc = next_entry(buf, fp, sizeof buf); 1013 if (rc) { 1014 pr_err("SELinux: context truncated\n"); 1015 goto out; 1016 } 1017 c->user = le32_to_cpu(buf[0]); 1018 c->role = le32_to_cpu(buf[1]); 1019 c->type = le32_to_cpu(buf[2]); 1020 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1021 rc = mls_read_range_helper(&c->range, fp); 1022 if (rc) { 1023 pr_err("SELinux: error reading MLS range of context\n"); 1024 goto out; 1025 } 1026 } 1027 1028 rc = -EINVAL; 1029 if (!policydb_context_isvalid(p, c)) { 1030 pr_err("SELinux: invalid security context\n"); 1031 context_destroy(c); 1032 goto out; 1033 } 1034 rc = 0; 1035 out: 1036 return rc; 1037 } 1038 1039 /* 1040 * The following *_read functions are used to 1041 * read the symbol data from a policy database 1042 * binary representation file. 1043 */ 1044 1045 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1046 { 1047 int rc; 1048 char *str; 1049 1050 if ((len == 0) || (len == (u32)-1)) 1051 return -EINVAL; 1052 1053 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1054 if (!str) 1055 return -ENOMEM; 1056 1057 rc = next_entry(str, fp, len); 1058 if (rc) { 1059 kfree(str); 1060 return rc; 1061 } 1062 1063 str[len] = '\0'; 1064 *strp = str; 1065 return 0; 1066 } 1067 1068 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1069 { 1070 char *key = NULL; 1071 struct perm_datum *perdatum; 1072 int rc; 1073 __le32 buf[2]; 1074 u32 len; 1075 1076 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1077 if (!perdatum) 1078 return -ENOMEM; 1079 1080 rc = next_entry(buf, fp, sizeof buf); 1081 if (rc) 1082 goto bad; 1083 1084 len = le32_to_cpu(buf[0]); 1085 perdatum->value = le32_to_cpu(buf[1]); 1086 1087 rc = str_read(&key, GFP_KERNEL, fp, len); 1088 if (rc) 1089 goto bad; 1090 1091 rc = hashtab_insert(h, key, perdatum); 1092 if (rc) 1093 goto bad; 1094 1095 return 0; 1096 bad: 1097 perm_destroy(key, perdatum, NULL); 1098 return rc; 1099 } 1100 1101 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1102 { 1103 char *key = NULL; 1104 struct common_datum *comdatum; 1105 __le32 buf[4]; 1106 u32 len, nel; 1107 int i, rc; 1108 1109 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1110 if (!comdatum) 1111 return -ENOMEM; 1112 1113 rc = next_entry(buf, fp, sizeof buf); 1114 if (rc) 1115 goto bad; 1116 1117 len = le32_to_cpu(buf[0]); 1118 comdatum->value = le32_to_cpu(buf[1]); 1119 nel = le32_to_cpu(buf[3]); 1120 1121 rc = symtab_init(&comdatum->permissions, nel); 1122 if (rc) 1123 goto bad; 1124 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1125 1126 rc = str_read(&key, GFP_KERNEL, fp, len); 1127 if (rc) 1128 goto bad; 1129 1130 for (i = 0; i < nel; i++) { 1131 rc = perm_read(p, &comdatum->permissions.table, fp); 1132 if (rc) 1133 goto bad; 1134 } 1135 1136 rc = hashtab_insert(h, key, comdatum); 1137 if (rc) 1138 goto bad; 1139 return 0; 1140 bad: 1141 common_destroy(key, comdatum, NULL); 1142 return rc; 1143 } 1144 1145 static void type_set_init(struct type_set *t) 1146 { 1147 ebitmap_init(&t->types); 1148 ebitmap_init(&t->negset); 1149 } 1150 1151 static int type_set_read(struct type_set *t, void *fp) 1152 { 1153 __le32 buf[1]; 1154 int rc; 1155 1156 if (ebitmap_read(&t->types, fp)) 1157 return -EINVAL; 1158 if (ebitmap_read(&t->negset, fp)) 1159 return -EINVAL; 1160 1161 rc = next_entry(buf, fp, sizeof(u32)); 1162 if (rc < 0) 1163 return -EINVAL; 1164 t->flags = le32_to_cpu(buf[0]); 1165 1166 return 0; 1167 } 1168 1169 1170 static int read_cons_helper(struct policydb *p, 1171 struct constraint_node **nodep, 1172 int ncons, int allowxtarget, void *fp) 1173 { 1174 struct constraint_node *c, *lc; 1175 struct constraint_expr *e, *le; 1176 __le32 buf[3]; 1177 u32 nexpr; 1178 int rc, i, j, depth; 1179 1180 lc = NULL; 1181 for (i = 0; i < ncons; i++) { 1182 c = kzalloc(sizeof(*c), GFP_KERNEL); 1183 if (!c) 1184 return -ENOMEM; 1185 1186 if (lc) 1187 lc->next = c; 1188 else 1189 *nodep = c; 1190 1191 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1192 if (rc) 1193 return rc; 1194 c->permissions = le32_to_cpu(buf[0]); 1195 nexpr = le32_to_cpu(buf[1]); 1196 le = NULL; 1197 depth = -1; 1198 for (j = 0; j < nexpr; j++) { 1199 e = kzalloc(sizeof(*e), GFP_KERNEL); 1200 if (!e) 1201 return -ENOMEM; 1202 1203 if (le) 1204 le->next = e; 1205 else 1206 c->expr = e; 1207 1208 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1209 if (rc) 1210 return rc; 1211 e->expr_type = le32_to_cpu(buf[0]); 1212 e->attr = le32_to_cpu(buf[1]); 1213 e->op = le32_to_cpu(buf[2]); 1214 1215 switch (e->expr_type) { 1216 case CEXPR_NOT: 1217 if (depth < 0) 1218 return -EINVAL; 1219 break; 1220 case CEXPR_AND: 1221 case CEXPR_OR: 1222 if (depth < 1) 1223 return -EINVAL; 1224 depth--; 1225 break; 1226 case CEXPR_ATTR: 1227 if (depth == (CEXPR_MAXDEPTH - 1)) 1228 return -EINVAL; 1229 depth++; 1230 break; 1231 case CEXPR_NAMES: 1232 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1233 return -EINVAL; 1234 if (depth == (CEXPR_MAXDEPTH - 1)) 1235 return -EINVAL; 1236 depth++; 1237 rc = ebitmap_read(&e->names, fp); 1238 if (rc) 1239 return rc; 1240 if (p->policyvers >= 1241 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1242 e->type_names = kzalloc(sizeof 1243 (*e->type_names), GFP_KERNEL); 1244 if (!e->type_names) 1245 return -ENOMEM; 1246 type_set_init(e->type_names); 1247 rc = type_set_read(e->type_names, fp); 1248 if (rc) 1249 return rc; 1250 } 1251 break; 1252 default: 1253 return -EINVAL; 1254 } 1255 le = e; 1256 } 1257 if (depth != 0) 1258 return -EINVAL; 1259 lc = c; 1260 } 1261 1262 return 0; 1263 } 1264 1265 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1266 { 1267 char *key = NULL; 1268 struct class_datum *cladatum; 1269 __le32 buf[6]; 1270 u32 len, len2, ncons, nel; 1271 int i, rc; 1272 1273 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1274 if (!cladatum) 1275 return -ENOMEM; 1276 1277 rc = next_entry(buf, fp, sizeof(u32)*6); 1278 if (rc) 1279 goto bad; 1280 1281 len = le32_to_cpu(buf[0]); 1282 len2 = le32_to_cpu(buf[1]); 1283 cladatum->value = le32_to_cpu(buf[2]); 1284 nel = le32_to_cpu(buf[4]); 1285 1286 rc = symtab_init(&cladatum->permissions, nel); 1287 if (rc) 1288 goto bad; 1289 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1290 1291 ncons = le32_to_cpu(buf[5]); 1292 1293 rc = str_read(&key, GFP_KERNEL, fp, len); 1294 if (rc) 1295 goto bad; 1296 1297 if (len2) { 1298 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1299 if (rc) 1300 goto bad; 1301 1302 rc = -EINVAL; 1303 cladatum->comdatum = hashtab_search(&p->p_commons.table, 1304 cladatum->comkey); 1305 if (!cladatum->comdatum) { 1306 pr_err("SELinux: unknown common %s\n", 1307 cladatum->comkey); 1308 goto bad; 1309 } 1310 } 1311 for (i = 0; i < nel; i++) { 1312 rc = perm_read(p, &cladatum->permissions.table, fp); 1313 if (rc) 1314 goto bad; 1315 } 1316 1317 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1318 if (rc) 1319 goto bad; 1320 1321 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1322 /* grab the validatetrans rules */ 1323 rc = next_entry(buf, fp, sizeof(u32)); 1324 if (rc) 1325 goto bad; 1326 ncons = le32_to_cpu(buf[0]); 1327 rc = read_cons_helper(p, &cladatum->validatetrans, 1328 ncons, 1, fp); 1329 if (rc) 1330 goto bad; 1331 } 1332 1333 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1334 rc = next_entry(buf, fp, sizeof(u32) * 3); 1335 if (rc) 1336 goto bad; 1337 1338 cladatum->default_user = le32_to_cpu(buf[0]); 1339 cladatum->default_role = le32_to_cpu(buf[1]); 1340 cladatum->default_range = le32_to_cpu(buf[2]); 1341 } 1342 1343 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1344 rc = next_entry(buf, fp, sizeof(u32) * 1); 1345 if (rc) 1346 goto bad; 1347 cladatum->default_type = le32_to_cpu(buf[0]); 1348 } 1349 1350 rc = hashtab_insert(h, key, cladatum); 1351 if (rc) 1352 goto bad; 1353 1354 return 0; 1355 bad: 1356 cls_destroy(key, cladatum, NULL); 1357 return rc; 1358 } 1359 1360 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1361 { 1362 char *key = NULL; 1363 struct role_datum *role; 1364 int rc, to_read = 2; 1365 __le32 buf[3]; 1366 u32 len; 1367 1368 role = kzalloc(sizeof(*role), GFP_KERNEL); 1369 if (!role) 1370 return -ENOMEM; 1371 1372 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1373 to_read = 3; 1374 1375 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1376 if (rc) 1377 goto bad; 1378 1379 len = le32_to_cpu(buf[0]); 1380 role->value = le32_to_cpu(buf[1]); 1381 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1382 role->bounds = le32_to_cpu(buf[2]); 1383 1384 rc = str_read(&key, GFP_KERNEL, fp, len); 1385 if (rc) 1386 goto bad; 1387 1388 rc = ebitmap_read(&role->dominates, fp); 1389 if (rc) 1390 goto bad; 1391 1392 rc = ebitmap_read(&role->types, fp); 1393 if (rc) 1394 goto bad; 1395 1396 if (strcmp(key, OBJECT_R) == 0) { 1397 rc = -EINVAL; 1398 if (role->value != OBJECT_R_VAL) { 1399 pr_err("SELinux: Role %s has wrong value %d\n", 1400 OBJECT_R, role->value); 1401 goto bad; 1402 } 1403 rc = 0; 1404 goto bad; 1405 } 1406 1407 rc = hashtab_insert(h, key, role); 1408 if (rc) 1409 goto bad; 1410 return 0; 1411 bad: 1412 role_destroy(key, role, NULL); 1413 return rc; 1414 } 1415 1416 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1417 { 1418 char *key = NULL; 1419 struct type_datum *typdatum; 1420 int rc, to_read = 3; 1421 __le32 buf[4]; 1422 u32 len; 1423 1424 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1425 if (!typdatum) 1426 return -ENOMEM; 1427 1428 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1429 to_read = 4; 1430 1431 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1432 if (rc) 1433 goto bad; 1434 1435 len = le32_to_cpu(buf[0]); 1436 typdatum->value = le32_to_cpu(buf[1]); 1437 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1438 u32 prop = le32_to_cpu(buf[2]); 1439 1440 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1441 typdatum->primary = 1; 1442 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1443 typdatum->attribute = 1; 1444 1445 typdatum->bounds = le32_to_cpu(buf[3]); 1446 } else { 1447 typdatum->primary = le32_to_cpu(buf[2]); 1448 } 1449 1450 rc = str_read(&key, GFP_KERNEL, fp, len); 1451 if (rc) 1452 goto bad; 1453 1454 rc = hashtab_insert(h, key, typdatum); 1455 if (rc) 1456 goto bad; 1457 return 0; 1458 bad: 1459 type_destroy(key, typdatum, NULL); 1460 return rc; 1461 } 1462 1463 1464 /* 1465 * Read a MLS level structure from a policydb binary 1466 * representation file. 1467 */ 1468 static int mls_read_level(struct mls_level *lp, void *fp) 1469 { 1470 __le32 buf[1]; 1471 int rc; 1472 1473 memset(lp, 0, sizeof(*lp)); 1474 1475 rc = next_entry(buf, fp, sizeof buf); 1476 if (rc) { 1477 pr_err("SELinux: mls: truncated level\n"); 1478 return rc; 1479 } 1480 lp->sens = le32_to_cpu(buf[0]); 1481 1482 rc = ebitmap_read(&lp->cat, fp); 1483 if (rc) { 1484 pr_err("SELinux: mls: error reading level categories\n"); 1485 return rc; 1486 } 1487 return 0; 1488 } 1489 1490 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1491 { 1492 char *key = NULL; 1493 struct user_datum *usrdatum; 1494 int rc, to_read = 2; 1495 __le32 buf[3]; 1496 u32 len; 1497 1498 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1499 if (!usrdatum) 1500 return -ENOMEM; 1501 1502 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1503 to_read = 3; 1504 1505 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1506 if (rc) 1507 goto bad; 1508 1509 len = le32_to_cpu(buf[0]); 1510 usrdatum->value = le32_to_cpu(buf[1]); 1511 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1512 usrdatum->bounds = le32_to_cpu(buf[2]); 1513 1514 rc = str_read(&key, GFP_KERNEL, fp, len); 1515 if (rc) 1516 goto bad; 1517 1518 rc = ebitmap_read(&usrdatum->roles, fp); 1519 if (rc) 1520 goto bad; 1521 1522 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1523 rc = mls_read_range_helper(&usrdatum->range, fp); 1524 if (rc) 1525 goto bad; 1526 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1527 if (rc) 1528 goto bad; 1529 } 1530 1531 rc = hashtab_insert(h, key, usrdatum); 1532 if (rc) 1533 goto bad; 1534 return 0; 1535 bad: 1536 user_destroy(key, usrdatum, NULL); 1537 return rc; 1538 } 1539 1540 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1541 { 1542 char *key = NULL; 1543 struct level_datum *levdatum; 1544 int rc; 1545 __le32 buf[2]; 1546 u32 len; 1547 1548 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1549 if (!levdatum) 1550 return -ENOMEM; 1551 1552 rc = next_entry(buf, fp, sizeof buf); 1553 if (rc) 1554 goto bad; 1555 1556 len = le32_to_cpu(buf[0]); 1557 levdatum->isalias = le32_to_cpu(buf[1]); 1558 1559 rc = str_read(&key, GFP_ATOMIC, fp, len); 1560 if (rc) 1561 goto bad; 1562 1563 rc = -ENOMEM; 1564 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1565 if (!levdatum->level) 1566 goto bad; 1567 1568 rc = mls_read_level(levdatum->level, fp); 1569 if (rc) 1570 goto bad; 1571 1572 rc = hashtab_insert(h, key, levdatum); 1573 if (rc) 1574 goto bad; 1575 return 0; 1576 bad: 1577 sens_destroy(key, levdatum, NULL); 1578 return rc; 1579 } 1580 1581 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1582 { 1583 char *key = NULL; 1584 struct cat_datum *catdatum; 1585 int rc; 1586 __le32 buf[3]; 1587 u32 len; 1588 1589 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1590 if (!catdatum) 1591 return -ENOMEM; 1592 1593 rc = next_entry(buf, fp, sizeof buf); 1594 if (rc) 1595 goto bad; 1596 1597 len = le32_to_cpu(buf[0]); 1598 catdatum->value = le32_to_cpu(buf[1]); 1599 catdatum->isalias = le32_to_cpu(buf[2]); 1600 1601 rc = str_read(&key, GFP_ATOMIC, fp, len); 1602 if (rc) 1603 goto bad; 1604 1605 rc = hashtab_insert(h, key, catdatum); 1606 if (rc) 1607 goto bad; 1608 return 0; 1609 bad: 1610 cat_destroy(key, catdatum, NULL); 1611 return rc; 1612 } 1613 1614 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1615 { 1616 common_read, 1617 class_read, 1618 role_read, 1619 type_read, 1620 user_read, 1621 cond_read_bool, 1622 sens_read, 1623 cat_read, 1624 }; 1625 1626 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1627 { 1628 struct user_datum *upper, *user; 1629 struct policydb *p = datap; 1630 int depth = 0; 1631 1632 upper = user = datum; 1633 while (upper->bounds) { 1634 struct ebitmap_node *node; 1635 unsigned long bit; 1636 1637 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1638 pr_err("SELinux: user %s: " 1639 "too deep or looped boundary", 1640 (char *) key); 1641 return -EINVAL; 1642 } 1643 1644 upper = p->user_val_to_struct[upper->bounds - 1]; 1645 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1646 if (ebitmap_get_bit(&upper->roles, bit)) 1647 continue; 1648 1649 pr_err("SELinux: boundary violated policy: " 1650 "user=%s role=%s bounds=%s\n", 1651 sym_name(p, SYM_USERS, user->value - 1), 1652 sym_name(p, SYM_ROLES, bit), 1653 sym_name(p, SYM_USERS, upper->value - 1)); 1654 1655 return -EINVAL; 1656 } 1657 } 1658 1659 return 0; 1660 } 1661 1662 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1663 { 1664 struct role_datum *upper, *role; 1665 struct policydb *p = datap; 1666 int depth = 0; 1667 1668 upper = role = datum; 1669 while (upper->bounds) { 1670 struct ebitmap_node *node; 1671 unsigned long bit; 1672 1673 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1674 pr_err("SELinux: role %s: " 1675 "too deep or looped bounds\n", 1676 (char *) key); 1677 return -EINVAL; 1678 } 1679 1680 upper = p->role_val_to_struct[upper->bounds - 1]; 1681 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1682 if (ebitmap_get_bit(&upper->types, bit)) 1683 continue; 1684 1685 pr_err("SELinux: boundary violated policy: " 1686 "role=%s type=%s bounds=%s\n", 1687 sym_name(p, SYM_ROLES, role->value - 1), 1688 sym_name(p, SYM_TYPES, bit), 1689 sym_name(p, SYM_ROLES, upper->value - 1)); 1690 1691 return -EINVAL; 1692 } 1693 } 1694 1695 return 0; 1696 } 1697 1698 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1699 { 1700 struct type_datum *upper; 1701 struct policydb *p = datap; 1702 int depth = 0; 1703 1704 upper = datum; 1705 while (upper->bounds) { 1706 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1707 pr_err("SELinux: type %s: " 1708 "too deep or looped boundary\n", 1709 (char *) key); 1710 return -EINVAL; 1711 } 1712 1713 upper = p->type_val_to_struct[upper->bounds - 1]; 1714 BUG_ON(!upper); 1715 1716 if (upper->attribute) { 1717 pr_err("SELinux: type %s: " 1718 "bounded by attribute %s", 1719 (char *) key, 1720 sym_name(p, SYM_TYPES, upper->value - 1)); 1721 return -EINVAL; 1722 } 1723 } 1724 1725 return 0; 1726 } 1727 1728 static int policydb_bounds_sanity_check(struct policydb *p) 1729 { 1730 int rc; 1731 1732 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1733 return 0; 1734 1735 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1736 if (rc) 1737 return rc; 1738 1739 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1740 if (rc) 1741 return rc; 1742 1743 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1744 if (rc) 1745 return rc; 1746 1747 return 0; 1748 } 1749 1750 u16 string_to_security_class(struct policydb *p, const char *name) 1751 { 1752 struct class_datum *cladatum; 1753 1754 cladatum = hashtab_search(&p->p_classes.table, name); 1755 if (!cladatum) 1756 return 0; 1757 1758 return cladatum->value; 1759 } 1760 1761 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1762 { 1763 struct class_datum *cladatum; 1764 struct perm_datum *perdatum = NULL; 1765 struct common_datum *comdatum; 1766 1767 if (!tclass || tclass > p->p_classes.nprim) 1768 return 0; 1769 1770 cladatum = p->class_val_to_struct[tclass-1]; 1771 comdatum = cladatum->comdatum; 1772 if (comdatum) 1773 perdatum = hashtab_search(&comdatum->permissions.table, name); 1774 if (!perdatum) 1775 perdatum = hashtab_search(&cladatum->permissions.table, name); 1776 if (!perdatum) 1777 return 0; 1778 1779 return 1U << (perdatum->value-1); 1780 } 1781 1782 static int range_read(struct policydb *p, void *fp) 1783 { 1784 struct range_trans *rt = NULL; 1785 struct mls_range *r = NULL; 1786 int i, rc; 1787 __le32 buf[2]; 1788 u32 nel; 1789 1790 if (p->policyvers < POLICYDB_VERSION_MLS) 1791 return 0; 1792 1793 rc = next_entry(buf, fp, sizeof(u32)); 1794 if (rc) 1795 return rc; 1796 1797 nel = le32_to_cpu(buf[0]); 1798 1799 rc = hashtab_init(&p->range_tr, rangetr_hash, rangetr_cmp, nel); 1800 if (rc) 1801 return rc; 1802 1803 for (i = 0; i < nel; i++) { 1804 rc = -ENOMEM; 1805 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1806 if (!rt) 1807 goto out; 1808 1809 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1810 if (rc) 1811 goto out; 1812 1813 rt->source_type = le32_to_cpu(buf[0]); 1814 rt->target_type = le32_to_cpu(buf[1]); 1815 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1816 rc = next_entry(buf, fp, sizeof(u32)); 1817 if (rc) 1818 goto out; 1819 rt->target_class = le32_to_cpu(buf[0]); 1820 } else 1821 rt->target_class = p->process_class; 1822 1823 rc = -EINVAL; 1824 if (!policydb_type_isvalid(p, rt->source_type) || 1825 !policydb_type_isvalid(p, rt->target_type) || 1826 !policydb_class_isvalid(p, rt->target_class)) 1827 goto out; 1828 1829 rc = -ENOMEM; 1830 r = kzalloc(sizeof(*r), GFP_KERNEL); 1831 if (!r) 1832 goto out; 1833 1834 rc = mls_read_range_helper(r, fp); 1835 if (rc) 1836 goto out; 1837 1838 rc = -EINVAL; 1839 if (!mls_range_isvalid(p, r)) { 1840 pr_warn("SELinux: rangetrans: invalid range\n"); 1841 goto out; 1842 } 1843 1844 rc = hashtab_insert(&p->range_tr, rt, r); 1845 if (rc) 1846 goto out; 1847 1848 rt = NULL; 1849 r = NULL; 1850 } 1851 hash_eval(&p->range_tr, "rangetr"); 1852 rc = 0; 1853 out: 1854 kfree(rt); 1855 kfree(r); 1856 return rc; 1857 } 1858 1859 static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1860 { 1861 struct filename_trans_key key, *ft = NULL; 1862 struct filename_trans_datum *last, *datum = NULL; 1863 char *name = NULL; 1864 u32 len, stype, otype; 1865 __le32 buf[4]; 1866 int rc; 1867 1868 /* length of the path component string */ 1869 rc = next_entry(buf, fp, sizeof(u32)); 1870 if (rc) 1871 return rc; 1872 len = le32_to_cpu(buf[0]); 1873 1874 /* path component string */ 1875 rc = str_read(&name, GFP_KERNEL, fp, len); 1876 if (rc) 1877 return rc; 1878 1879 rc = next_entry(buf, fp, sizeof(u32) * 4); 1880 if (rc) 1881 goto out; 1882 1883 stype = le32_to_cpu(buf[0]); 1884 key.ttype = le32_to_cpu(buf[1]); 1885 key.tclass = le32_to_cpu(buf[2]); 1886 key.name = name; 1887 1888 otype = le32_to_cpu(buf[3]); 1889 1890 last = NULL; 1891 datum = hashtab_search(&p->filename_trans, &key); 1892 while (datum) { 1893 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1894 /* conflicting/duplicate rules are ignored */ 1895 datum = NULL; 1896 goto out; 1897 } 1898 if (likely(datum->otype == otype)) 1899 break; 1900 last = datum; 1901 datum = datum->next; 1902 } 1903 if (!datum) { 1904 rc = -ENOMEM; 1905 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1906 if (!datum) 1907 goto out; 1908 1909 ebitmap_init(&datum->stypes); 1910 datum->otype = otype; 1911 datum->next = NULL; 1912 1913 if (unlikely(last)) { 1914 last->next = datum; 1915 } else { 1916 rc = -ENOMEM; 1917 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1918 if (!ft) 1919 goto out; 1920 1921 rc = hashtab_insert(&p->filename_trans, ft, datum); 1922 if (rc) 1923 goto out; 1924 name = NULL; 1925 1926 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1927 key.ttype, 1); 1928 if (rc) 1929 return rc; 1930 } 1931 } 1932 kfree(name); 1933 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1934 1935 out: 1936 kfree(ft); 1937 kfree(name); 1938 kfree(datum); 1939 return rc; 1940 } 1941 1942 static int filename_trans_read_helper(struct policydb *p, void *fp) 1943 { 1944 struct filename_trans_key *ft = NULL; 1945 struct filename_trans_datum **dst, *datum, *first = NULL; 1946 char *name = NULL; 1947 u32 len, ttype, tclass, ndatum, i; 1948 __le32 buf[3]; 1949 int rc; 1950 1951 /* length of the path component string */ 1952 rc = next_entry(buf, fp, sizeof(u32)); 1953 if (rc) 1954 return rc; 1955 len = le32_to_cpu(buf[0]); 1956 1957 /* path component string */ 1958 rc = str_read(&name, GFP_KERNEL, fp, len); 1959 if (rc) 1960 return rc; 1961 1962 rc = next_entry(buf, fp, sizeof(u32) * 3); 1963 if (rc) 1964 goto out; 1965 1966 ttype = le32_to_cpu(buf[0]); 1967 tclass = le32_to_cpu(buf[1]); 1968 1969 ndatum = le32_to_cpu(buf[2]); 1970 if (ndatum == 0) { 1971 pr_err("SELinux: Filename transition key with no datum\n"); 1972 rc = -ENOENT; 1973 goto out; 1974 } 1975 1976 dst = &first; 1977 for (i = 0; i < ndatum; i++) { 1978 rc = -ENOMEM; 1979 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1980 if (!datum) 1981 goto out; 1982 1983 *dst = datum; 1984 1985 /* ebitmap_read() will at least init the bitmap */ 1986 rc = ebitmap_read(&datum->stypes, fp); 1987 if (rc) 1988 goto out; 1989 1990 rc = next_entry(buf, fp, sizeof(u32)); 1991 if (rc) 1992 goto out; 1993 1994 datum->otype = le32_to_cpu(buf[0]); 1995 datum->next = NULL; 1996 1997 dst = &datum->next; 1998 } 1999 2000 rc = -ENOMEM; 2001 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2002 if (!ft) 2003 goto out; 2004 2005 ft->ttype = ttype; 2006 ft->tclass = tclass; 2007 ft->name = name; 2008 2009 rc = hashtab_insert(&p->filename_trans, ft, first); 2010 if (rc == -EEXIST) 2011 pr_err("SELinux: Duplicate filename transition key\n"); 2012 if (rc) 2013 goto out; 2014 2015 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2016 2017 out: 2018 kfree(ft); 2019 kfree(name); 2020 while (first) { 2021 datum = first; 2022 first = first->next; 2023 2024 ebitmap_destroy(&datum->stypes); 2025 kfree(datum); 2026 } 2027 return rc; 2028 } 2029 2030 static int filename_trans_read(struct policydb *p, void *fp) 2031 { 2032 u32 nel; 2033 __le32 buf[1]; 2034 int rc, i; 2035 2036 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2037 return 0; 2038 2039 rc = next_entry(buf, fp, sizeof(u32)); 2040 if (rc) 2041 return rc; 2042 nel = le32_to_cpu(buf[0]); 2043 2044 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2045 p->compat_filename_trans_count = nel; 2046 2047 rc = hashtab_init(&p->filename_trans, filenametr_hash, 2048 filenametr_cmp, (1 << 11)); 2049 if (rc) 2050 return rc; 2051 2052 for (i = 0; i < nel; i++) { 2053 rc = filename_trans_read_helper_compat(p, fp); 2054 if (rc) 2055 return rc; 2056 } 2057 } else { 2058 rc = hashtab_init(&p->filename_trans, filenametr_hash, 2059 filenametr_cmp, nel); 2060 if (rc) 2061 return rc; 2062 2063 for (i = 0; i < nel; i++) { 2064 rc = filename_trans_read_helper(p, fp); 2065 if (rc) 2066 return rc; 2067 } 2068 } 2069 hash_eval(&p->filename_trans, "filenametr"); 2070 return 0; 2071 } 2072 2073 static int genfs_read(struct policydb *p, void *fp) 2074 { 2075 int i, j, rc; 2076 u32 nel, nel2, len, len2; 2077 __le32 buf[1]; 2078 struct ocontext *l, *c; 2079 struct ocontext *newc = NULL; 2080 struct genfs *genfs_p, *genfs; 2081 struct genfs *newgenfs = NULL; 2082 2083 rc = next_entry(buf, fp, sizeof(u32)); 2084 if (rc) 2085 return rc; 2086 nel = le32_to_cpu(buf[0]); 2087 2088 for (i = 0; i < nel; i++) { 2089 rc = next_entry(buf, fp, sizeof(u32)); 2090 if (rc) 2091 goto out; 2092 len = le32_to_cpu(buf[0]); 2093 2094 rc = -ENOMEM; 2095 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2096 if (!newgenfs) 2097 goto out; 2098 2099 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2100 if (rc) 2101 goto out; 2102 2103 for (genfs_p = NULL, genfs = p->genfs; genfs; 2104 genfs_p = genfs, genfs = genfs->next) { 2105 rc = -EINVAL; 2106 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2107 pr_err("SELinux: dup genfs fstype %s\n", 2108 newgenfs->fstype); 2109 goto out; 2110 } 2111 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2112 break; 2113 } 2114 newgenfs->next = genfs; 2115 if (genfs_p) 2116 genfs_p->next = newgenfs; 2117 else 2118 p->genfs = newgenfs; 2119 genfs = newgenfs; 2120 newgenfs = NULL; 2121 2122 rc = next_entry(buf, fp, sizeof(u32)); 2123 if (rc) 2124 goto out; 2125 2126 nel2 = le32_to_cpu(buf[0]); 2127 for (j = 0; j < nel2; j++) { 2128 rc = next_entry(buf, fp, sizeof(u32)); 2129 if (rc) 2130 goto out; 2131 len = le32_to_cpu(buf[0]); 2132 2133 rc = -ENOMEM; 2134 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2135 if (!newc) 2136 goto out; 2137 2138 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2139 if (rc) 2140 goto out; 2141 2142 rc = next_entry(buf, fp, sizeof(u32)); 2143 if (rc) 2144 goto out; 2145 2146 newc->v.sclass = le32_to_cpu(buf[0]); 2147 rc = context_read_and_validate(&newc->context[0], p, fp); 2148 if (rc) 2149 goto out; 2150 2151 for (l = NULL, c = genfs->head; c; 2152 l = c, c = c->next) { 2153 rc = -EINVAL; 2154 if (!strcmp(newc->u.name, c->u.name) && 2155 (!c->v.sclass || !newc->v.sclass || 2156 newc->v.sclass == c->v.sclass)) { 2157 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2158 genfs->fstype, c->u.name); 2159 goto out; 2160 } 2161 len = strlen(newc->u.name); 2162 len2 = strlen(c->u.name); 2163 if (len > len2) 2164 break; 2165 } 2166 2167 newc->next = c; 2168 if (l) 2169 l->next = newc; 2170 else 2171 genfs->head = newc; 2172 newc = NULL; 2173 } 2174 } 2175 rc = 0; 2176 out: 2177 if (newgenfs) { 2178 kfree(newgenfs->fstype); 2179 kfree(newgenfs); 2180 } 2181 ocontext_destroy(newc, OCON_FSUSE); 2182 2183 return rc; 2184 } 2185 2186 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2187 void *fp) 2188 { 2189 int i, j, rc; 2190 u32 nel, len; 2191 __be64 prefixbuf[1]; 2192 __le32 buf[3]; 2193 struct ocontext *l, *c; 2194 u32 nodebuf[8]; 2195 2196 for (i = 0; i < info->ocon_num; i++) { 2197 rc = next_entry(buf, fp, sizeof(u32)); 2198 if (rc) 2199 goto out; 2200 nel = le32_to_cpu(buf[0]); 2201 2202 l = NULL; 2203 for (j = 0; j < nel; j++) { 2204 rc = -ENOMEM; 2205 c = kzalloc(sizeof(*c), GFP_KERNEL); 2206 if (!c) 2207 goto out; 2208 if (l) 2209 l->next = c; 2210 else 2211 p->ocontexts[i] = c; 2212 l = c; 2213 2214 switch (i) { 2215 case OCON_ISID: 2216 rc = next_entry(buf, fp, sizeof(u32)); 2217 if (rc) 2218 goto out; 2219 2220 c->sid[0] = le32_to_cpu(buf[0]); 2221 rc = context_read_and_validate(&c->context[0], p, fp); 2222 if (rc) 2223 goto out; 2224 break; 2225 case OCON_FS: 2226 case OCON_NETIF: 2227 rc = next_entry(buf, fp, sizeof(u32)); 2228 if (rc) 2229 goto out; 2230 len = le32_to_cpu(buf[0]); 2231 2232 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2233 if (rc) 2234 goto out; 2235 2236 rc = context_read_and_validate(&c->context[0], p, fp); 2237 if (rc) 2238 goto out; 2239 rc = context_read_and_validate(&c->context[1], p, fp); 2240 if (rc) 2241 goto out; 2242 break; 2243 case OCON_PORT: 2244 rc = next_entry(buf, fp, sizeof(u32)*3); 2245 if (rc) 2246 goto out; 2247 c->u.port.protocol = le32_to_cpu(buf[0]); 2248 c->u.port.low_port = le32_to_cpu(buf[1]); 2249 c->u.port.high_port = le32_to_cpu(buf[2]); 2250 rc = context_read_and_validate(&c->context[0], p, fp); 2251 if (rc) 2252 goto out; 2253 break; 2254 case OCON_NODE: 2255 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2256 if (rc) 2257 goto out; 2258 c->u.node.addr = nodebuf[0]; /* network order */ 2259 c->u.node.mask = nodebuf[1]; /* network order */ 2260 rc = context_read_and_validate(&c->context[0], p, fp); 2261 if (rc) 2262 goto out; 2263 break; 2264 case OCON_FSUSE: 2265 rc = next_entry(buf, fp, sizeof(u32)*2); 2266 if (rc) 2267 goto out; 2268 2269 rc = -EINVAL; 2270 c->v.behavior = le32_to_cpu(buf[0]); 2271 /* Determined at runtime, not in policy DB. */ 2272 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2273 goto out; 2274 if (c->v.behavior > SECURITY_FS_USE_MAX) 2275 goto out; 2276 2277 len = le32_to_cpu(buf[1]); 2278 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2279 if (rc) 2280 goto out; 2281 2282 rc = context_read_and_validate(&c->context[0], p, fp); 2283 if (rc) 2284 goto out; 2285 break; 2286 case OCON_NODE6: { 2287 int k; 2288 2289 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2290 if (rc) 2291 goto out; 2292 for (k = 0; k < 4; k++) 2293 c->u.node6.addr[k] = nodebuf[k]; 2294 for (k = 0; k < 4; k++) 2295 c->u.node6.mask[k] = nodebuf[k+4]; 2296 rc = context_read_and_validate(&c->context[0], p, fp); 2297 if (rc) 2298 goto out; 2299 break; 2300 } 2301 case OCON_IBPKEY: { 2302 u32 pkey_lo, pkey_hi; 2303 2304 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2305 if (rc) 2306 goto out; 2307 2308 /* we need to have subnet_prefix in CPU order */ 2309 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2310 2311 rc = next_entry(buf, fp, sizeof(u32) * 2); 2312 if (rc) 2313 goto out; 2314 2315 pkey_lo = le32_to_cpu(buf[0]); 2316 pkey_hi = le32_to_cpu(buf[1]); 2317 2318 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2319 rc = -EINVAL; 2320 goto out; 2321 } 2322 2323 c->u.ibpkey.low_pkey = pkey_lo; 2324 c->u.ibpkey.high_pkey = pkey_hi; 2325 2326 rc = context_read_and_validate(&c->context[0], 2327 p, 2328 fp); 2329 if (rc) 2330 goto out; 2331 break; 2332 } 2333 case OCON_IBENDPORT: { 2334 u32 port; 2335 2336 rc = next_entry(buf, fp, sizeof(u32) * 2); 2337 if (rc) 2338 goto out; 2339 len = le32_to_cpu(buf[0]); 2340 2341 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2342 if (rc) 2343 goto out; 2344 2345 port = le32_to_cpu(buf[1]); 2346 if (port > U8_MAX || port == 0) { 2347 rc = -EINVAL; 2348 goto out; 2349 } 2350 2351 c->u.ibendport.port = port; 2352 2353 rc = context_read_and_validate(&c->context[0], 2354 p, 2355 fp); 2356 if (rc) 2357 goto out; 2358 break; 2359 } /* end case */ 2360 } /* end switch */ 2361 } 2362 } 2363 rc = 0; 2364 out: 2365 return rc; 2366 } 2367 2368 /* 2369 * Read the configuration data from a policy database binary 2370 * representation file into a policy database structure. 2371 */ 2372 int policydb_read(struct policydb *p, void *fp) 2373 { 2374 struct role_allow *ra, *lra; 2375 struct role_trans_key *rtk = NULL; 2376 struct role_trans_datum *rtd = NULL; 2377 int i, j, rc; 2378 __le32 buf[4]; 2379 u32 len, nprim, nel; 2380 2381 char *policydb_str; 2382 struct policydb_compat_info *info; 2383 2384 policydb_init(p); 2385 2386 /* Read the magic number and string length. */ 2387 rc = next_entry(buf, fp, sizeof(u32) * 2); 2388 if (rc) 2389 goto bad; 2390 2391 rc = -EINVAL; 2392 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2393 pr_err("SELinux: policydb magic number 0x%x does " 2394 "not match expected magic number 0x%x\n", 2395 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2396 goto bad; 2397 } 2398 2399 rc = -EINVAL; 2400 len = le32_to_cpu(buf[1]); 2401 if (len != strlen(POLICYDB_STRING)) { 2402 pr_err("SELinux: policydb string length %d does not " 2403 "match expected length %zu\n", 2404 len, strlen(POLICYDB_STRING)); 2405 goto bad; 2406 } 2407 2408 rc = -ENOMEM; 2409 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2410 if (!policydb_str) { 2411 pr_err("SELinux: unable to allocate memory for policydb " 2412 "string of length %d\n", len); 2413 goto bad; 2414 } 2415 2416 rc = next_entry(policydb_str, fp, len); 2417 if (rc) { 2418 pr_err("SELinux: truncated policydb string identifier\n"); 2419 kfree(policydb_str); 2420 goto bad; 2421 } 2422 2423 rc = -EINVAL; 2424 policydb_str[len] = '\0'; 2425 if (strcmp(policydb_str, POLICYDB_STRING)) { 2426 pr_err("SELinux: policydb string %s does not match " 2427 "my string %s\n", policydb_str, POLICYDB_STRING); 2428 kfree(policydb_str); 2429 goto bad; 2430 } 2431 /* Done with policydb_str. */ 2432 kfree(policydb_str); 2433 policydb_str = NULL; 2434 2435 /* Read the version and table sizes. */ 2436 rc = next_entry(buf, fp, sizeof(u32)*4); 2437 if (rc) 2438 goto bad; 2439 2440 rc = -EINVAL; 2441 p->policyvers = le32_to_cpu(buf[0]); 2442 if (p->policyvers < POLICYDB_VERSION_MIN || 2443 p->policyvers > POLICYDB_VERSION_MAX) { 2444 pr_err("SELinux: policydb version %d does not match " 2445 "my version range %d-%d\n", 2446 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2447 goto bad; 2448 } 2449 2450 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2451 p->mls_enabled = 1; 2452 2453 rc = -EINVAL; 2454 if (p->policyvers < POLICYDB_VERSION_MLS) { 2455 pr_err("SELinux: security policydb version %d " 2456 "(MLS) not backwards compatible\n", 2457 p->policyvers); 2458 goto bad; 2459 } 2460 } 2461 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2462 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2463 2464 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2465 rc = ebitmap_read(&p->policycaps, fp); 2466 if (rc) 2467 goto bad; 2468 } 2469 2470 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2471 rc = ebitmap_read(&p->permissive_map, fp); 2472 if (rc) 2473 goto bad; 2474 } 2475 2476 rc = -EINVAL; 2477 info = policydb_lookup_compat(p->policyvers); 2478 if (!info) { 2479 pr_err("SELinux: unable to find policy compat info " 2480 "for version %d\n", p->policyvers); 2481 goto bad; 2482 } 2483 2484 rc = -EINVAL; 2485 if (le32_to_cpu(buf[2]) != info->sym_num || 2486 le32_to_cpu(buf[3]) != info->ocon_num) { 2487 pr_err("SELinux: policydb table sizes (%d,%d) do " 2488 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2489 le32_to_cpu(buf[3]), 2490 info->sym_num, info->ocon_num); 2491 goto bad; 2492 } 2493 2494 for (i = 0; i < info->sym_num; i++) { 2495 rc = next_entry(buf, fp, sizeof(u32)*2); 2496 if (rc) 2497 goto bad; 2498 nprim = le32_to_cpu(buf[0]); 2499 nel = le32_to_cpu(buf[1]); 2500 2501 rc = symtab_init(&p->symtab[i], nel); 2502 if (rc) 2503 goto out; 2504 2505 if (i == SYM_ROLES) { 2506 rc = roles_init(p); 2507 if (rc) 2508 goto out; 2509 } 2510 2511 for (j = 0; j < nel; j++) { 2512 rc = read_f[i](p, &p->symtab[i].table, fp); 2513 if (rc) 2514 goto bad; 2515 } 2516 2517 p->symtab[i].nprim = nprim; 2518 } 2519 2520 rc = -EINVAL; 2521 p->process_class = string_to_security_class(p, "process"); 2522 if (!p->process_class) 2523 goto bad; 2524 2525 rc = avtab_read(&p->te_avtab, fp, p); 2526 if (rc) 2527 goto bad; 2528 2529 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2530 rc = cond_read_list(p, fp); 2531 if (rc) 2532 goto bad; 2533 } 2534 2535 rc = next_entry(buf, fp, sizeof(u32)); 2536 if (rc) 2537 goto bad; 2538 nel = le32_to_cpu(buf[0]); 2539 2540 rc = hashtab_init(&p->role_tr, role_trans_hash, role_trans_cmp, nel); 2541 if (rc) 2542 goto bad; 2543 for (i = 0; i < nel; i++) { 2544 rc = -ENOMEM; 2545 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2546 if (!rtk) 2547 goto bad; 2548 2549 rc = -ENOMEM; 2550 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2551 if (!rtd) 2552 goto bad; 2553 2554 rc = next_entry(buf, fp, sizeof(u32)*3); 2555 if (rc) 2556 goto bad; 2557 2558 rc = -EINVAL; 2559 rtk->role = le32_to_cpu(buf[0]); 2560 rtk->type = le32_to_cpu(buf[1]); 2561 rtd->new_role = le32_to_cpu(buf[2]); 2562 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2563 rc = next_entry(buf, fp, sizeof(u32)); 2564 if (rc) 2565 goto bad; 2566 rtk->tclass = le32_to_cpu(buf[0]); 2567 } else 2568 rtk->tclass = p->process_class; 2569 2570 rc = -EINVAL; 2571 if (!policydb_role_isvalid(p, rtk->role) || 2572 !policydb_type_isvalid(p, rtk->type) || 2573 !policydb_class_isvalid(p, rtk->tclass) || 2574 !policydb_role_isvalid(p, rtd->new_role)) 2575 goto bad; 2576 2577 rc = hashtab_insert(&p->role_tr, rtk, rtd); 2578 if (rc) 2579 goto bad; 2580 2581 rtk = NULL; 2582 rtd = NULL; 2583 } 2584 2585 rc = next_entry(buf, fp, sizeof(u32)); 2586 if (rc) 2587 goto bad; 2588 nel = le32_to_cpu(buf[0]); 2589 lra = NULL; 2590 for (i = 0; i < nel; i++) { 2591 rc = -ENOMEM; 2592 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2593 if (!ra) 2594 goto bad; 2595 if (lra) 2596 lra->next = ra; 2597 else 2598 p->role_allow = ra; 2599 rc = next_entry(buf, fp, sizeof(u32)*2); 2600 if (rc) 2601 goto bad; 2602 2603 rc = -EINVAL; 2604 ra->role = le32_to_cpu(buf[0]); 2605 ra->new_role = le32_to_cpu(buf[1]); 2606 if (!policydb_role_isvalid(p, ra->role) || 2607 !policydb_role_isvalid(p, ra->new_role)) 2608 goto bad; 2609 lra = ra; 2610 } 2611 2612 rc = filename_trans_read(p, fp); 2613 if (rc) 2614 goto bad; 2615 2616 rc = policydb_index(p); 2617 if (rc) 2618 goto bad; 2619 2620 rc = -EINVAL; 2621 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2622 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2623 if (!p->process_trans_perms) 2624 goto bad; 2625 2626 rc = ocontext_read(p, info, fp); 2627 if (rc) 2628 goto bad; 2629 2630 rc = genfs_read(p, fp); 2631 if (rc) 2632 goto bad; 2633 2634 rc = range_read(p, fp); 2635 if (rc) 2636 goto bad; 2637 2638 rc = -ENOMEM; 2639 p->type_attr_map_array = kvcalloc(p->p_types.nprim, 2640 sizeof(*p->type_attr_map_array), 2641 GFP_KERNEL); 2642 if (!p->type_attr_map_array) 2643 goto bad; 2644 2645 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2646 for (i = 0; i < p->p_types.nprim; i++) 2647 ebitmap_init(&p->type_attr_map_array[i]); 2648 2649 for (i = 0; i < p->p_types.nprim; i++) { 2650 struct ebitmap *e = &p->type_attr_map_array[i]; 2651 2652 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2653 rc = ebitmap_read(e, fp); 2654 if (rc) 2655 goto bad; 2656 } 2657 /* add the type itself as the degenerate case */ 2658 rc = ebitmap_set_bit(e, i, 1); 2659 if (rc) 2660 goto bad; 2661 } 2662 2663 rc = policydb_bounds_sanity_check(p); 2664 if (rc) 2665 goto bad; 2666 2667 rc = 0; 2668 out: 2669 return rc; 2670 bad: 2671 kfree(rtk); 2672 kfree(rtd); 2673 policydb_destroy(p); 2674 goto out; 2675 } 2676 2677 /* 2678 * Write a MLS level structure to a policydb binary 2679 * representation file. 2680 */ 2681 static int mls_write_level(struct mls_level *l, void *fp) 2682 { 2683 __le32 buf[1]; 2684 int rc; 2685 2686 buf[0] = cpu_to_le32(l->sens); 2687 rc = put_entry(buf, sizeof(u32), 1, fp); 2688 if (rc) 2689 return rc; 2690 2691 rc = ebitmap_write(&l->cat, fp); 2692 if (rc) 2693 return rc; 2694 2695 return 0; 2696 } 2697 2698 /* 2699 * Write a MLS range structure to a policydb binary 2700 * representation file. 2701 */ 2702 static int mls_write_range_helper(struct mls_range *r, void *fp) 2703 { 2704 __le32 buf[3]; 2705 size_t items; 2706 int rc, eq; 2707 2708 eq = mls_level_eq(&r->level[1], &r->level[0]); 2709 2710 if (eq) 2711 items = 2; 2712 else 2713 items = 3; 2714 buf[0] = cpu_to_le32(items-1); 2715 buf[1] = cpu_to_le32(r->level[0].sens); 2716 if (!eq) 2717 buf[2] = cpu_to_le32(r->level[1].sens); 2718 2719 BUG_ON(items > ARRAY_SIZE(buf)); 2720 2721 rc = put_entry(buf, sizeof(u32), items, fp); 2722 if (rc) 2723 return rc; 2724 2725 rc = ebitmap_write(&r->level[0].cat, fp); 2726 if (rc) 2727 return rc; 2728 if (!eq) { 2729 rc = ebitmap_write(&r->level[1].cat, fp); 2730 if (rc) 2731 return rc; 2732 } 2733 2734 return 0; 2735 } 2736 2737 static int sens_write(void *vkey, void *datum, void *ptr) 2738 { 2739 char *key = vkey; 2740 struct level_datum *levdatum = datum; 2741 struct policy_data *pd = ptr; 2742 void *fp = pd->fp; 2743 __le32 buf[2]; 2744 size_t len; 2745 int rc; 2746 2747 len = strlen(key); 2748 buf[0] = cpu_to_le32(len); 2749 buf[1] = cpu_to_le32(levdatum->isalias); 2750 rc = put_entry(buf, sizeof(u32), 2, fp); 2751 if (rc) 2752 return rc; 2753 2754 rc = put_entry(key, 1, len, fp); 2755 if (rc) 2756 return rc; 2757 2758 rc = mls_write_level(levdatum->level, fp); 2759 if (rc) 2760 return rc; 2761 2762 return 0; 2763 } 2764 2765 static int cat_write(void *vkey, void *datum, void *ptr) 2766 { 2767 char *key = vkey; 2768 struct cat_datum *catdatum = datum; 2769 struct policy_data *pd = ptr; 2770 void *fp = pd->fp; 2771 __le32 buf[3]; 2772 size_t len; 2773 int rc; 2774 2775 len = strlen(key); 2776 buf[0] = cpu_to_le32(len); 2777 buf[1] = cpu_to_le32(catdatum->value); 2778 buf[2] = cpu_to_le32(catdatum->isalias); 2779 rc = put_entry(buf, sizeof(u32), 3, fp); 2780 if (rc) 2781 return rc; 2782 2783 rc = put_entry(key, 1, len, fp); 2784 if (rc) 2785 return rc; 2786 2787 return 0; 2788 } 2789 2790 static int role_trans_write_one(void *key, void *datum, void *ptr) 2791 { 2792 struct role_trans_key *rtk = key; 2793 struct role_trans_datum *rtd = datum; 2794 struct policy_data *pd = ptr; 2795 void *fp = pd->fp; 2796 struct policydb *p = pd->p; 2797 __le32 buf[3]; 2798 int rc; 2799 2800 buf[0] = cpu_to_le32(rtk->role); 2801 buf[1] = cpu_to_le32(rtk->type); 2802 buf[2] = cpu_to_le32(rtd->new_role); 2803 rc = put_entry(buf, sizeof(u32), 3, fp); 2804 if (rc) 2805 return rc; 2806 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2807 buf[0] = cpu_to_le32(rtk->tclass); 2808 rc = put_entry(buf, sizeof(u32), 1, fp); 2809 if (rc) 2810 return rc; 2811 } 2812 return 0; 2813 } 2814 2815 static int role_trans_write(struct policydb *p, void *fp) 2816 { 2817 struct policy_data pd = { .p = p, .fp = fp }; 2818 __le32 buf[1]; 2819 int rc; 2820 2821 buf[0] = cpu_to_le32(p->role_tr.nel); 2822 rc = put_entry(buf, sizeof(u32), 1, fp); 2823 if (rc) 2824 return rc; 2825 2826 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2827 } 2828 2829 static int role_allow_write(struct role_allow *r, void *fp) 2830 { 2831 struct role_allow *ra; 2832 __le32 buf[2]; 2833 size_t nel; 2834 int rc; 2835 2836 nel = 0; 2837 for (ra = r; ra; ra = ra->next) 2838 nel++; 2839 buf[0] = cpu_to_le32(nel); 2840 rc = put_entry(buf, sizeof(u32), 1, fp); 2841 if (rc) 2842 return rc; 2843 for (ra = r; ra; ra = ra->next) { 2844 buf[0] = cpu_to_le32(ra->role); 2845 buf[1] = cpu_to_le32(ra->new_role); 2846 rc = put_entry(buf, sizeof(u32), 2, fp); 2847 if (rc) 2848 return rc; 2849 } 2850 return 0; 2851 } 2852 2853 /* 2854 * Write a security context structure 2855 * to a policydb binary representation file. 2856 */ 2857 static int context_write(struct policydb *p, struct context *c, 2858 void *fp) 2859 { 2860 int rc; 2861 __le32 buf[3]; 2862 2863 buf[0] = cpu_to_le32(c->user); 2864 buf[1] = cpu_to_le32(c->role); 2865 buf[2] = cpu_to_le32(c->type); 2866 2867 rc = put_entry(buf, sizeof(u32), 3, fp); 2868 if (rc) 2869 return rc; 2870 2871 rc = mls_write_range_helper(&c->range, fp); 2872 if (rc) 2873 return rc; 2874 2875 return 0; 2876 } 2877 2878 /* 2879 * The following *_write functions are used to 2880 * write the symbol data to a policy database 2881 * binary representation file. 2882 */ 2883 2884 static int perm_write(void *vkey, void *datum, void *fp) 2885 { 2886 char *key = vkey; 2887 struct perm_datum *perdatum = datum; 2888 __le32 buf[2]; 2889 size_t len; 2890 int rc; 2891 2892 len = strlen(key); 2893 buf[0] = cpu_to_le32(len); 2894 buf[1] = cpu_to_le32(perdatum->value); 2895 rc = put_entry(buf, sizeof(u32), 2, fp); 2896 if (rc) 2897 return rc; 2898 2899 rc = put_entry(key, 1, len, fp); 2900 if (rc) 2901 return rc; 2902 2903 return 0; 2904 } 2905 2906 static int common_write(void *vkey, void *datum, void *ptr) 2907 { 2908 char *key = vkey; 2909 struct common_datum *comdatum = datum; 2910 struct policy_data *pd = ptr; 2911 void *fp = pd->fp; 2912 __le32 buf[4]; 2913 size_t len; 2914 int rc; 2915 2916 len = strlen(key); 2917 buf[0] = cpu_to_le32(len); 2918 buf[1] = cpu_to_le32(comdatum->value); 2919 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2920 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2921 rc = put_entry(buf, sizeof(u32), 4, fp); 2922 if (rc) 2923 return rc; 2924 2925 rc = put_entry(key, 1, len, fp); 2926 if (rc) 2927 return rc; 2928 2929 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 2930 if (rc) 2931 return rc; 2932 2933 return 0; 2934 } 2935 2936 static int type_set_write(struct type_set *t, void *fp) 2937 { 2938 int rc; 2939 __le32 buf[1]; 2940 2941 if (ebitmap_write(&t->types, fp)) 2942 return -EINVAL; 2943 if (ebitmap_write(&t->negset, fp)) 2944 return -EINVAL; 2945 2946 buf[0] = cpu_to_le32(t->flags); 2947 rc = put_entry(buf, sizeof(u32), 1, fp); 2948 if (rc) 2949 return -EINVAL; 2950 2951 return 0; 2952 } 2953 2954 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2955 void *fp) 2956 { 2957 struct constraint_node *c; 2958 struct constraint_expr *e; 2959 __le32 buf[3]; 2960 u32 nel; 2961 int rc; 2962 2963 for (c = node; c; c = c->next) { 2964 nel = 0; 2965 for (e = c->expr; e; e = e->next) 2966 nel++; 2967 buf[0] = cpu_to_le32(c->permissions); 2968 buf[1] = cpu_to_le32(nel); 2969 rc = put_entry(buf, sizeof(u32), 2, fp); 2970 if (rc) 2971 return rc; 2972 for (e = c->expr; e; e = e->next) { 2973 buf[0] = cpu_to_le32(e->expr_type); 2974 buf[1] = cpu_to_le32(e->attr); 2975 buf[2] = cpu_to_le32(e->op); 2976 rc = put_entry(buf, sizeof(u32), 3, fp); 2977 if (rc) 2978 return rc; 2979 2980 switch (e->expr_type) { 2981 case CEXPR_NAMES: 2982 rc = ebitmap_write(&e->names, fp); 2983 if (rc) 2984 return rc; 2985 if (p->policyvers >= 2986 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2987 rc = type_set_write(e->type_names, fp); 2988 if (rc) 2989 return rc; 2990 } 2991 break; 2992 default: 2993 break; 2994 } 2995 } 2996 } 2997 2998 return 0; 2999 } 3000 3001 static int class_write(void *vkey, void *datum, void *ptr) 3002 { 3003 char *key = vkey; 3004 struct class_datum *cladatum = datum; 3005 struct policy_data *pd = ptr; 3006 void *fp = pd->fp; 3007 struct policydb *p = pd->p; 3008 struct constraint_node *c; 3009 __le32 buf[6]; 3010 u32 ncons; 3011 size_t len, len2; 3012 int rc; 3013 3014 len = strlen(key); 3015 if (cladatum->comkey) 3016 len2 = strlen(cladatum->comkey); 3017 else 3018 len2 = 0; 3019 3020 ncons = 0; 3021 for (c = cladatum->constraints; c; c = c->next) 3022 ncons++; 3023 3024 buf[0] = cpu_to_le32(len); 3025 buf[1] = cpu_to_le32(len2); 3026 buf[2] = cpu_to_le32(cladatum->value); 3027 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3028 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3029 buf[5] = cpu_to_le32(ncons); 3030 rc = put_entry(buf, sizeof(u32), 6, fp); 3031 if (rc) 3032 return rc; 3033 3034 rc = put_entry(key, 1, len, fp); 3035 if (rc) 3036 return rc; 3037 3038 if (cladatum->comkey) { 3039 rc = put_entry(cladatum->comkey, 1, len2, fp); 3040 if (rc) 3041 return rc; 3042 } 3043 3044 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3045 if (rc) 3046 return rc; 3047 3048 rc = write_cons_helper(p, cladatum->constraints, fp); 3049 if (rc) 3050 return rc; 3051 3052 /* write out the validatetrans rule */ 3053 ncons = 0; 3054 for (c = cladatum->validatetrans; c; c = c->next) 3055 ncons++; 3056 3057 buf[0] = cpu_to_le32(ncons); 3058 rc = put_entry(buf, sizeof(u32), 1, fp); 3059 if (rc) 3060 return rc; 3061 3062 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3063 if (rc) 3064 return rc; 3065 3066 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3067 buf[0] = cpu_to_le32(cladatum->default_user); 3068 buf[1] = cpu_to_le32(cladatum->default_role); 3069 buf[2] = cpu_to_le32(cladatum->default_range); 3070 3071 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3072 if (rc) 3073 return rc; 3074 } 3075 3076 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3077 buf[0] = cpu_to_le32(cladatum->default_type); 3078 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3079 if (rc) 3080 return rc; 3081 } 3082 3083 return 0; 3084 } 3085 3086 static int role_write(void *vkey, void *datum, void *ptr) 3087 { 3088 char *key = vkey; 3089 struct role_datum *role = datum; 3090 struct policy_data *pd = ptr; 3091 void *fp = pd->fp; 3092 struct policydb *p = pd->p; 3093 __le32 buf[3]; 3094 size_t items, len; 3095 int rc; 3096 3097 len = strlen(key); 3098 items = 0; 3099 buf[items++] = cpu_to_le32(len); 3100 buf[items++] = cpu_to_le32(role->value); 3101 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3102 buf[items++] = cpu_to_le32(role->bounds); 3103 3104 BUG_ON(items > ARRAY_SIZE(buf)); 3105 3106 rc = put_entry(buf, sizeof(u32), items, fp); 3107 if (rc) 3108 return rc; 3109 3110 rc = put_entry(key, 1, len, fp); 3111 if (rc) 3112 return rc; 3113 3114 rc = ebitmap_write(&role->dominates, fp); 3115 if (rc) 3116 return rc; 3117 3118 rc = ebitmap_write(&role->types, fp); 3119 if (rc) 3120 return rc; 3121 3122 return 0; 3123 } 3124 3125 static int type_write(void *vkey, void *datum, void *ptr) 3126 { 3127 char *key = vkey; 3128 struct type_datum *typdatum = datum; 3129 struct policy_data *pd = ptr; 3130 struct policydb *p = pd->p; 3131 void *fp = pd->fp; 3132 __le32 buf[4]; 3133 int rc; 3134 size_t items, len; 3135 3136 len = strlen(key); 3137 items = 0; 3138 buf[items++] = cpu_to_le32(len); 3139 buf[items++] = cpu_to_le32(typdatum->value); 3140 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3141 u32 properties = 0; 3142 3143 if (typdatum->primary) 3144 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3145 3146 if (typdatum->attribute) 3147 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3148 3149 buf[items++] = cpu_to_le32(properties); 3150 buf[items++] = cpu_to_le32(typdatum->bounds); 3151 } else { 3152 buf[items++] = cpu_to_le32(typdatum->primary); 3153 } 3154 BUG_ON(items > ARRAY_SIZE(buf)); 3155 rc = put_entry(buf, sizeof(u32), items, fp); 3156 if (rc) 3157 return rc; 3158 3159 rc = put_entry(key, 1, len, fp); 3160 if (rc) 3161 return rc; 3162 3163 return 0; 3164 } 3165 3166 static int user_write(void *vkey, void *datum, void *ptr) 3167 { 3168 char *key = vkey; 3169 struct user_datum *usrdatum = datum; 3170 struct policy_data *pd = ptr; 3171 struct policydb *p = pd->p; 3172 void *fp = pd->fp; 3173 __le32 buf[3]; 3174 size_t items, len; 3175 int rc; 3176 3177 len = strlen(key); 3178 items = 0; 3179 buf[items++] = cpu_to_le32(len); 3180 buf[items++] = cpu_to_le32(usrdatum->value); 3181 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3182 buf[items++] = cpu_to_le32(usrdatum->bounds); 3183 BUG_ON(items > ARRAY_SIZE(buf)); 3184 rc = put_entry(buf, sizeof(u32), items, fp); 3185 if (rc) 3186 return rc; 3187 3188 rc = put_entry(key, 1, len, fp); 3189 if (rc) 3190 return rc; 3191 3192 rc = ebitmap_write(&usrdatum->roles, fp); 3193 if (rc) 3194 return rc; 3195 3196 rc = mls_write_range_helper(&usrdatum->range, fp); 3197 if (rc) 3198 return rc; 3199 3200 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3201 if (rc) 3202 return rc; 3203 3204 return 0; 3205 } 3206 3207 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3208 void *datap) = 3209 { 3210 common_write, 3211 class_write, 3212 role_write, 3213 type_write, 3214 user_write, 3215 cond_write_bool, 3216 sens_write, 3217 cat_write, 3218 }; 3219 3220 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3221 void *fp) 3222 { 3223 unsigned int i, j, rc; 3224 size_t nel, len; 3225 __be64 prefixbuf[1]; 3226 __le32 buf[3]; 3227 u32 nodebuf[8]; 3228 struct ocontext *c; 3229 for (i = 0; i < info->ocon_num; i++) { 3230 nel = 0; 3231 for (c = p->ocontexts[i]; c; c = c->next) 3232 nel++; 3233 buf[0] = cpu_to_le32(nel); 3234 rc = put_entry(buf, sizeof(u32), 1, fp); 3235 if (rc) 3236 return rc; 3237 for (c = p->ocontexts[i]; c; c = c->next) { 3238 switch (i) { 3239 case OCON_ISID: 3240 buf[0] = cpu_to_le32(c->sid[0]); 3241 rc = put_entry(buf, sizeof(u32), 1, fp); 3242 if (rc) 3243 return rc; 3244 rc = context_write(p, &c->context[0], fp); 3245 if (rc) 3246 return rc; 3247 break; 3248 case OCON_FS: 3249 case OCON_NETIF: 3250 len = strlen(c->u.name); 3251 buf[0] = cpu_to_le32(len); 3252 rc = put_entry(buf, sizeof(u32), 1, fp); 3253 if (rc) 3254 return rc; 3255 rc = put_entry(c->u.name, 1, len, fp); 3256 if (rc) 3257 return rc; 3258 rc = context_write(p, &c->context[0], fp); 3259 if (rc) 3260 return rc; 3261 rc = context_write(p, &c->context[1], fp); 3262 if (rc) 3263 return rc; 3264 break; 3265 case OCON_PORT: 3266 buf[0] = cpu_to_le32(c->u.port.protocol); 3267 buf[1] = cpu_to_le32(c->u.port.low_port); 3268 buf[2] = cpu_to_le32(c->u.port.high_port); 3269 rc = put_entry(buf, sizeof(u32), 3, fp); 3270 if (rc) 3271 return rc; 3272 rc = context_write(p, &c->context[0], fp); 3273 if (rc) 3274 return rc; 3275 break; 3276 case OCON_NODE: 3277 nodebuf[0] = c->u.node.addr; /* network order */ 3278 nodebuf[1] = c->u.node.mask; /* network order */ 3279 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3280 if (rc) 3281 return rc; 3282 rc = context_write(p, &c->context[0], fp); 3283 if (rc) 3284 return rc; 3285 break; 3286 case OCON_FSUSE: 3287 buf[0] = cpu_to_le32(c->v.behavior); 3288 len = strlen(c->u.name); 3289 buf[1] = cpu_to_le32(len); 3290 rc = put_entry(buf, sizeof(u32), 2, fp); 3291 if (rc) 3292 return rc; 3293 rc = put_entry(c->u.name, 1, len, fp); 3294 if (rc) 3295 return rc; 3296 rc = context_write(p, &c->context[0], fp); 3297 if (rc) 3298 return rc; 3299 break; 3300 case OCON_NODE6: 3301 for (j = 0; j < 4; j++) 3302 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3303 for (j = 0; j < 4; j++) 3304 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3305 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3306 if (rc) 3307 return rc; 3308 rc = context_write(p, &c->context[0], fp); 3309 if (rc) 3310 return rc; 3311 break; 3312 case OCON_IBPKEY: 3313 /* subnet_prefix is in CPU order */ 3314 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3315 3316 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3317 if (rc) 3318 return rc; 3319 3320 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3321 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3322 3323 rc = put_entry(buf, sizeof(u32), 2, fp); 3324 if (rc) 3325 return rc; 3326 rc = context_write(p, &c->context[0], fp); 3327 if (rc) 3328 return rc; 3329 break; 3330 case OCON_IBENDPORT: 3331 len = strlen(c->u.ibendport.dev_name); 3332 buf[0] = cpu_to_le32(len); 3333 buf[1] = cpu_to_le32(c->u.ibendport.port); 3334 rc = put_entry(buf, sizeof(u32), 2, fp); 3335 if (rc) 3336 return rc; 3337 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3338 if (rc) 3339 return rc; 3340 rc = context_write(p, &c->context[0], fp); 3341 if (rc) 3342 return rc; 3343 break; 3344 } 3345 } 3346 } 3347 return 0; 3348 } 3349 3350 static int genfs_write(struct policydb *p, void *fp) 3351 { 3352 struct genfs *genfs; 3353 struct ocontext *c; 3354 size_t len; 3355 __le32 buf[1]; 3356 int rc; 3357 3358 len = 0; 3359 for (genfs = p->genfs; genfs; genfs = genfs->next) 3360 len++; 3361 buf[0] = cpu_to_le32(len); 3362 rc = put_entry(buf, sizeof(u32), 1, fp); 3363 if (rc) 3364 return rc; 3365 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3366 len = strlen(genfs->fstype); 3367 buf[0] = cpu_to_le32(len); 3368 rc = put_entry(buf, sizeof(u32), 1, fp); 3369 if (rc) 3370 return rc; 3371 rc = put_entry(genfs->fstype, 1, len, fp); 3372 if (rc) 3373 return rc; 3374 len = 0; 3375 for (c = genfs->head; c; c = c->next) 3376 len++; 3377 buf[0] = cpu_to_le32(len); 3378 rc = put_entry(buf, sizeof(u32), 1, fp); 3379 if (rc) 3380 return rc; 3381 for (c = genfs->head; c; c = c->next) { 3382 len = strlen(c->u.name); 3383 buf[0] = cpu_to_le32(len); 3384 rc = put_entry(buf, sizeof(u32), 1, fp); 3385 if (rc) 3386 return rc; 3387 rc = put_entry(c->u.name, 1, len, fp); 3388 if (rc) 3389 return rc; 3390 buf[0] = cpu_to_le32(c->v.sclass); 3391 rc = put_entry(buf, sizeof(u32), 1, fp); 3392 if (rc) 3393 return rc; 3394 rc = context_write(p, &c->context[0], fp); 3395 if (rc) 3396 return rc; 3397 } 3398 } 3399 return 0; 3400 } 3401 3402 static int range_write_helper(void *key, void *data, void *ptr) 3403 { 3404 __le32 buf[2]; 3405 struct range_trans *rt = key; 3406 struct mls_range *r = data; 3407 struct policy_data *pd = ptr; 3408 void *fp = pd->fp; 3409 struct policydb *p = pd->p; 3410 int rc; 3411 3412 buf[0] = cpu_to_le32(rt->source_type); 3413 buf[1] = cpu_to_le32(rt->target_type); 3414 rc = put_entry(buf, sizeof(u32), 2, fp); 3415 if (rc) 3416 return rc; 3417 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3418 buf[0] = cpu_to_le32(rt->target_class); 3419 rc = put_entry(buf, sizeof(u32), 1, fp); 3420 if (rc) 3421 return rc; 3422 } 3423 rc = mls_write_range_helper(r, fp); 3424 if (rc) 3425 return rc; 3426 3427 return 0; 3428 } 3429 3430 static int range_write(struct policydb *p, void *fp) 3431 { 3432 __le32 buf[1]; 3433 int rc; 3434 struct policy_data pd; 3435 3436 pd.p = p; 3437 pd.fp = fp; 3438 3439 buf[0] = cpu_to_le32(p->range_tr.nel); 3440 rc = put_entry(buf, sizeof(u32), 1, fp); 3441 if (rc) 3442 return rc; 3443 3444 /* actually write all of the entries */ 3445 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3446 if (rc) 3447 return rc; 3448 3449 return 0; 3450 } 3451 3452 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3453 { 3454 struct filename_trans_key *ft = key; 3455 struct filename_trans_datum *datum = data; 3456 struct ebitmap_node *node; 3457 void *fp = ptr; 3458 __le32 buf[4]; 3459 int rc; 3460 u32 bit, len = strlen(ft->name); 3461 3462 do { 3463 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { 3464 buf[0] = cpu_to_le32(len); 3465 rc = put_entry(buf, sizeof(u32), 1, fp); 3466 if (rc) 3467 return rc; 3468 3469 rc = put_entry(ft->name, sizeof(char), len, fp); 3470 if (rc) 3471 return rc; 3472 3473 buf[0] = cpu_to_le32(bit + 1); 3474 buf[1] = cpu_to_le32(ft->ttype); 3475 buf[2] = cpu_to_le32(ft->tclass); 3476 buf[3] = cpu_to_le32(datum->otype); 3477 3478 rc = put_entry(buf, sizeof(u32), 4, fp); 3479 if (rc) 3480 return rc; 3481 } 3482 3483 datum = datum->next; 3484 } while (unlikely(datum)); 3485 3486 return 0; 3487 } 3488 3489 static int filename_write_helper(void *key, void *data, void *ptr) 3490 { 3491 struct filename_trans_key *ft = key; 3492 struct filename_trans_datum *datum; 3493 void *fp = ptr; 3494 __le32 buf[3]; 3495 int rc; 3496 u32 ndatum, len = strlen(ft->name); 3497 3498 buf[0] = cpu_to_le32(len); 3499 rc = put_entry(buf, sizeof(u32), 1, fp); 3500 if (rc) 3501 return rc; 3502 3503 rc = put_entry(ft->name, sizeof(char), len, fp); 3504 if (rc) 3505 return rc; 3506 3507 ndatum = 0; 3508 datum = data; 3509 do { 3510 ndatum++; 3511 datum = datum->next; 3512 } while (unlikely(datum)); 3513 3514 buf[0] = cpu_to_le32(ft->ttype); 3515 buf[1] = cpu_to_le32(ft->tclass); 3516 buf[2] = cpu_to_le32(ndatum); 3517 rc = put_entry(buf, sizeof(u32), 3, fp); 3518 if (rc) 3519 return rc; 3520 3521 datum = data; 3522 do { 3523 rc = ebitmap_write(&datum->stypes, fp); 3524 if (rc) 3525 return rc; 3526 3527 buf[0] = cpu_to_le32(datum->otype); 3528 rc = put_entry(buf, sizeof(u32), 1, fp); 3529 if (rc) 3530 return rc; 3531 3532 datum = datum->next; 3533 } while (unlikely(datum)); 3534 3535 return 0; 3536 } 3537 3538 static int filename_trans_write(struct policydb *p, void *fp) 3539 { 3540 __le32 buf[1]; 3541 int rc; 3542 3543 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3544 return 0; 3545 3546 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3547 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3548 rc = put_entry(buf, sizeof(u32), 1, fp); 3549 if (rc) 3550 return rc; 3551 3552 rc = hashtab_map(&p->filename_trans, 3553 filename_write_helper_compat, fp); 3554 } else { 3555 buf[0] = cpu_to_le32(p->filename_trans.nel); 3556 rc = put_entry(buf, sizeof(u32), 1, fp); 3557 if (rc) 3558 return rc; 3559 3560 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3561 } 3562 return rc; 3563 } 3564 3565 /* 3566 * Write the configuration data in a policy database 3567 * structure to a policy database binary representation 3568 * file. 3569 */ 3570 int policydb_write(struct policydb *p, void *fp) 3571 { 3572 unsigned int i, num_syms; 3573 int rc; 3574 __le32 buf[4]; 3575 u32 config; 3576 size_t len; 3577 struct policydb_compat_info *info; 3578 3579 /* 3580 * refuse to write policy older than compressed avtab 3581 * to simplify the writer. There are other tests dropped 3582 * since we assume this throughout the writer code. Be 3583 * careful if you ever try to remove this restriction 3584 */ 3585 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3586 pr_err("SELinux: refusing to write policy version %d." 3587 " Because it is less than version %d\n", p->policyvers, 3588 POLICYDB_VERSION_AVTAB); 3589 return -EINVAL; 3590 } 3591 3592 config = 0; 3593 if (p->mls_enabled) 3594 config |= POLICYDB_CONFIG_MLS; 3595 3596 if (p->reject_unknown) 3597 config |= REJECT_UNKNOWN; 3598 if (p->allow_unknown) 3599 config |= ALLOW_UNKNOWN; 3600 3601 /* Write the magic number and string identifiers. */ 3602 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3603 len = strlen(POLICYDB_STRING); 3604 buf[1] = cpu_to_le32(len); 3605 rc = put_entry(buf, sizeof(u32), 2, fp); 3606 if (rc) 3607 return rc; 3608 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3609 if (rc) 3610 return rc; 3611 3612 /* Write the version, config, and table sizes. */ 3613 info = policydb_lookup_compat(p->policyvers); 3614 if (!info) { 3615 pr_err("SELinux: compatibility lookup failed for policy " 3616 "version %d", p->policyvers); 3617 return -EINVAL; 3618 } 3619 3620 buf[0] = cpu_to_le32(p->policyvers); 3621 buf[1] = cpu_to_le32(config); 3622 buf[2] = cpu_to_le32(info->sym_num); 3623 buf[3] = cpu_to_le32(info->ocon_num); 3624 3625 rc = put_entry(buf, sizeof(u32), 4, fp); 3626 if (rc) 3627 return rc; 3628 3629 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3630 rc = ebitmap_write(&p->policycaps, fp); 3631 if (rc) 3632 return rc; 3633 } 3634 3635 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3636 rc = ebitmap_write(&p->permissive_map, fp); 3637 if (rc) 3638 return rc; 3639 } 3640 3641 num_syms = info->sym_num; 3642 for (i = 0; i < num_syms; i++) { 3643 struct policy_data pd; 3644 3645 pd.fp = fp; 3646 pd.p = p; 3647 3648 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3649 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3650 3651 rc = put_entry(buf, sizeof(u32), 2, fp); 3652 if (rc) 3653 return rc; 3654 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3655 if (rc) 3656 return rc; 3657 } 3658 3659 rc = avtab_write(p, &p->te_avtab, fp); 3660 if (rc) 3661 return rc; 3662 3663 rc = cond_write_list(p, fp); 3664 if (rc) 3665 return rc; 3666 3667 rc = role_trans_write(p, fp); 3668 if (rc) 3669 return rc; 3670 3671 rc = role_allow_write(p->role_allow, fp); 3672 if (rc) 3673 return rc; 3674 3675 rc = filename_trans_write(p, fp); 3676 if (rc) 3677 return rc; 3678 3679 rc = ocontext_write(p, info, fp); 3680 if (rc) 3681 return rc; 3682 3683 rc = genfs_write(p, fp); 3684 if (rc) 3685 return rc; 3686 3687 rc = range_write(p, fp); 3688 if (rc) 3689 return rc; 3690 3691 for (i = 0; i < p->p_types.nprim; i++) { 3692 struct ebitmap *e = &p->type_attr_map_array[i]; 3693 3694 rc = ebitmap_write(e, fp); 3695 if (rc) 3696 return rc; 3697 } 3698 3699 return 0; 3700 } 3701