xref: /openbmc/linux/security/selinux/ss/policydb.c (revision b52455a7)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Implementation of the policy database.
4  *
5  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
6  */
7 
8 /*
9  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10  *
11  *	Support for enhanced MLS infrastructure.
12  *
13  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14  *
15  *	Added conditional policy language extensions
16  *
17  * Updated: Hewlett-Packard <paul@paul-moore.com>
18  *
19  *      Added support for the policy capability bitmap
20  *
21  * Update: Mellanox Techonologies
22  *
23  *	Added Infiniband support
24  *
25  * Copyright (C) 2016 Mellanox Techonologies
26  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
29  */
30 
31 #include <linux/kernel.h>
32 #include <linux/sched.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
35 #include <linux/errno.h>
36 #include <linux/audit.h>
37 #include "security.h"
38 
39 #include "policydb.h"
40 #include "conditional.h"
41 #include "mls.h"
42 #include "services.h"
43 
44 #ifdef DEBUG_HASHES
45 static const char *symtab_name[SYM_NUM] = {
46 	"common prefixes",
47 	"classes",
48 	"roles",
49 	"types",
50 	"users",
51 	"bools",
52 	"levels",
53 	"categories",
54 };
55 #endif
56 
57 struct policydb_compat_info {
58 	int version;
59 	int sym_num;
60 	int ocon_num;
61 };
62 
63 /* These need to be updated if SYM_NUM or OCON_NUM changes */
64 static struct policydb_compat_info policydb_compat[] = {
65 	{
66 		.version	= POLICYDB_VERSION_BASE,
67 		.sym_num	= SYM_NUM - 3,
68 		.ocon_num	= OCON_NUM - 3,
69 	},
70 	{
71 		.version	= POLICYDB_VERSION_BOOL,
72 		.sym_num	= SYM_NUM - 2,
73 		.ocon_num	= OCON_NUM - 3,
74 	},
75 	{
76 		.version	= POLICYDB_VERSION_IPV6,
77 		.sym_num	= SYM_NUM - 2,
78 		.ocon_num	= OCON_NUM - 2,
79 	},
80 	{
81 		.version	= POLICYDB_VERSION_NLCLASS,
82 		.sym_num	= SYM_NUM - 2,
83 		.ocon_num	= OCON_NUM - 2,
84 	},
85 	{
86 		.version	= POLICYDB_VERSION_MLS,
87 		.sym_num	= SYM_NUM,
88 		.ocon_num	= OCON_NUM - 2,
89 	},
90 	{
91 		.version	= POLICYDB_VERSION_AVTAB,
92 		.sym_num	= SYM_NUM,
93 		.ocon_num	= OCON_NUM - 2,
94 	},
95 	{
96 		.version	= POLICYDB_VERSION_RANGETRANS,
97 		.sym_num	= SYM_NUM,
98 		.ocon_num	= OCON_NUM - 2,
99 	},
100 	{
101 		.version	= POLICYDB_VERSION_POLCAP,
102 		.sym_num	= SYM_NUM,
103 		.ocon_num	= OCON_NUM - 2,
104 	},
105 	{
106 		.version	= POLICYDB_VERSION_PERMISSIVE,
107 		.sym_num	= SYM_NUM,
108 		.ocon_num	= OCON_NUM - 2,
109 	},
110 	{
111 		.version	= POLICYDB_VERSION_BOUNDARY,
112 		.sym_num	= SYM_NUM,
113 		.ocon_num	= OCON_NUM - 2,
114 	},
115 	{
116 		.version	= POLICYDB_VERSION_FILENAME_TRANS,
117 		.sym_num	= SYM_NUM,
118 		.ocon_num	= OCON_NUM - 2,
119 	},
120 	{
121 		.version	= POLICYDB_VERSION_ROLETRANS,
122 		.sym_num	= SYM_NUM,
123 		.ocon_num	= OCON_NUM - 2,
124 	},
125 	{
126 		.version	= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
127 		.sym_num	= SYM_NUM,
128 		.ocon_num	= OCON_NUM - 2,
129 	},
130 	{
131 		.version	= POLICYDB_VERSION_DEFAULT_TYPE,
132 		.sym_num	= SYM_NUM,
133 		.ocon_num	= OCON_NUM - 2,
134 	},
135 	{
136 		.version	= POLICYDB_VERSION_CONSTRAINT_NAMES,
137 		.sym_num	= SYM_NUM,
138 		.ocon_num	= OCON_NUM - 2,
139 	},
140 	{
141 		.version	= POLICYDB_VERSION_XPERMS_IOCTL,
142 		.sym_num	= SYM_NUM,
143 		.ocon_num	= OCON_NUM - 2,
144 	},
145 	{
146 		.version	= POLICYDB_VERSION_INFINIBAND,
147 		.sym_num	= SYM_NUM,
148 		.ocon_num	= OCON_NUM,
149 	},
150 	{
151 		.version	= POLICYDB_VERSION_GLBLUB,
152 		.sym_num	= SYM_NUM,
153 		.ocon_num	= OCON_NUM,
154 	},
155 	{
156 		.version	= POLICYDB_VERSION_COMP_FTRANS,
157 		.sym_num	= SYM_NUM,
158 		.ocon_num	= OCON_NUM,
159 	},
160 };
161 
162 static struct policydb_compat_info *policydb_lookup_compat(int version)
163 {
164 	int i;
165 	struct policydb_compat_info *info = NULL;
166 
167 	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
168 		if (policydb_compat[i].version == version) {
169 			info = &policydb_compat[i];
170 			break;
171 		}
172 	}
173 	return info;
174 }
175 
176 /*
177  * The following *_destroy functions are used to
178  * free any memory allocated for each kind of
179  * symbol data in the policy database.
180  */
181 
182 static int perm_destroy(void *key, void *datum, void *p)
183 {
184 	kfree(key);
185 	kfree(datum);
186 	return 0;
187 }
188 
189 static int common_destroy(void *key, void *datum, void *p)
190 {
191 	struct common_datum *comdatum;
192 
193 	kfree(key);
194 	if (datum) {
195 		comdatum = datum;
196 		hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
197 		hashtab_destroy(&comdatum->permissions.table);
198 	}
199 	kfree(datum);
200 	return 0;
201 }
202 
203 static void constraint_expr_destroy(struct constraint_expr *expr)
204 {
205 	if (expr) {
206 		ebitmap_destroy(&expr->names);
207 		if (expr->type_names) {
208 			ebitmap_destroy(&expr->type_names->types);
209 			ebitmap_destroy(&expr->type_names->negset);
210 			kfree(expr->type_names);
211 		}
212 		kfree(expr);
213 	}
214 }
215 
216 static int cls_destroy(void *key, void *datum, void *p)
217 {
218 	struct class_datum *cladatum;
219 	struct constraint_node *constraint, *ctemp;
220 	struct constraint_expr *e, *etmp;
221 
222 	kfree(key);
223 	if (datum) {
224 		cladatum = datum;
225 		hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
226 		hashtab_destroy(&cladatum->permissions.table);
227 		constraint = cladatum->constraints;
228 		while (constraint) {
229 			e = constraint->expr;
230 			while (e) {
231 				etmp = e;
232 				e = e->next;
233 				constraint_expr_destroy(etmp);
234 			}
235 			ctemp = constraint;
236 			constraint = constraint->next;
237 			kfree(ctemp);
238 		}
239 
240 		constraint = cladatum->validatetrans;
241 		while (constraint) {
242 			e = constraint->expr;
243 			while (e) {
244 				etmp = e;
245 				e = e->next;
246 				constraint_expr_destroy(etmp);
247 			}
248 			ctemp = constraint;
249 			constraint = constraint->next;
250 			kfree(ctemp);
251 		}
252 		kfree(cladatum->comkey);
253 	}
254 	kfree(datum);
255 	return 0;
256 }
257 
258 static int role_destroy(void *key, void *datum, void *p)
259 {
260 	struct role_datum *role;
261 
262 	kfree(key);
263 	if (datum) {
264 		role = datum;
265 		ebitmap_destroy(&role->dominates);
266 		ebitmap_destroy(&role->types);
267 	}
268 	kfree(datum);
269 	return 0;
270 }
271 
272 static int type_destroy(void *key, void *datum, void *p)
273 {
274 	kfree(key);
275 	kfree(datum);
276 	return 0;
277 }
278 
279 static int user_destroy(void *key, void *datum, void *p)
280 {
281 	struct user_datum *usrdatum;
282 
283 	kfree(key);
284 	if (datum) {
285 		usrdatum = datum;
286 		ebitmap_destroy(&usrdatum->roles);
287 		ebitmap_destroy(&usrdatum->range.level[0].cat);
288 		ebitmap_destroy(&usrdatum->range.level[1].cat);
289 		ebitmap_destroy(&usrdatum->dfltlevel.cat);
290 	}
291 	kfree(datum);
292 	return 0;
293 }
294 
295 static int sens_destroy(void *key, void *datum, void *p)
296 {
297 	struct level_datum *levdatum;
298 
299 	kfree(key);
300 	if (datum) {
301 		levdatum = datum;
302 		if (levdatum->level)
303 			ebitmap_destroy(&levdatum->level->cat);
304 		kfree(levdatum->level);
305 	}
306 	kfree(datum);
307 	return 0;
308 }
309 
310 static int cat_destroy(void *key, void *datum, void *p)
311 {
312 	kfree(key);
313 	kfree(datum);
314 	return 0;
315 }
316 
317 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
318 {
319 	common_destroy,
320 	cls_destroy,
321 	role_destroy,
322 	type_destroy,
323 	user_destroy,
324 	cond_destroy_bool,
325 	sens_destroy,
326 	cat_destroy,
327 };
328 
329 static int filenametr_destroy(void *key, void *datum, void *p)
330 {
331 	struct filename_trans_key *ft = key;
332 	struct filename_trans_datum *next, *d = datum;
333 
334 	kfree(ft->name);
335 	kfree(key);
336 	do {
337 		ebitmap_destroy(&d->stypes);
338 		next = d->next;
339 		kfree(d);
340 		d = next;
341 	} while (unlikely(d));
342 	cond_resched();
343 	return 0;
344 }
345 
346 static int range_tr_destroy(void *key, void *datum, void *p)
347 {
348 	struct mls_range *rt = datum;
349 
350 	kfree(key);
351 	ebitmap_destroy(&rt->level[0].cat);
352 	ebitmap_destroy(&rt->level[1].cat);
353 	kfree(datum);
354 	cond_resched();
355 	return 0;
356 }
357 
358 static int role_tr_destroy(void *key, void *datum, void *p)
359 {
360 	kfree(key);
361 	kfree(datum);
362 	return 0;
363 }
364 
365 static void ocontext_destroy(struct ocontext *c, int i)
366 {
367 	if (!c)
368 		return;
369 
370 	context_destroy(&c->context[0]);
371 	context_destroy(&c->context[1]);
372 	if (i == OCON_ISID || i == OCON_FS ||
373 	    i == OCON_NETIF || i == OCON_FSUSE)
374 		kfree(c->u.name);
375 	kfree(c);
376 }
377 
378 /*
379  * Initialize the role table.
380  */
381 static int roles_init(struct policydb *p)
382 {
383 	char *key = NULL;
384 	int rc;
385 	struct role_datum *role;
386 
387 	role = kzalloc(sizeof(*role), GFP_KERNEL);
388 	if (!role)
389 		return -ENOMEM;
390 
391 	rc = -EINVAL;
392 	role->value = ++p->p_roles.nprim;
393 	if (role->value != OBJECT_R_VAL)
394 		goto out;
395 
396 	rc = -ENOMEM;
397 	key = kstrdup(OBJECT_R, GFP_KERNEL);
398 	if (!key)
399 		goto out;
400 
401 	rc = symtab_insert(&p->p_roles, key, role);
402 	if (rc)
403 		goto out;
404 
405 	return 0;
406 out:
407 	kfree(key);
408 	kfree(role);
409 	return rc;
410 }
411 
412 static u32 filenametr_hash(const void *k)
413 {
414 	const struct filename_trans_key *ft = k;
415 	unsigned long hash;
416 	unsigned int byte_num;
417 	unsigned char focus;
418 
419 	hash = ft->ttype ^ ft->tclass;
420 
421 	byte_num = 0;
422 	while ((focus = ft->name[byte_num++]))
423 		hash = partial_name_hash(focus, hash);
424 	return hash;
425 }
426 
427 static int filenametr_cmp(const void *k1, const void *k2)
428 {
429 	const struct filename_trans_key *ft1 = k1;
430 	const struct filename_trans_key *ft2 = k2;
431 	int v;
432 
433 	v = ft1->ttype - ft2->ttype;
434 	if (v)
435 		return v;
436 
437 	v = ft1->tclass - ft2->tclass;
438 	if (v)
439 		return v;
440 
441 	return strcmp(ft1->name, ft2->name);
442 
443 }
444 
445 static const struct hashtab_key_params filenametr_key_params = {
446 	.hash = filenametr_hash,
447 	.cmp = filenametr_cmp,
448 };
449 
450 struct filename_trans_datum *policydb_filenametr_search(
451 	struct policydb *p, struct filename_trans_key *key)
452 {
453 	return hashtab_search(&p->filename_trans, key, filenametr_key_params);
454 }
455 
456 static u32 rangetr_hash(const void *k)
457 {
458 	const struct range_trans *key = k;
459 
460 	return key->source_type + (key->target_type << 3) +
461 		(key->target_class << 5);
462 }
463 
464 static int rangetr_cmp(const void *k1, const void *k2)
465 {
466 	const struct range_trans *key1 = k1, *key2 = k2;
467 	int v;
468 
469 	v = key1->source_type - key2->source_type;
470 	if (v)
471 		return v;
472 
473 	v = key1->target_type - key2->target_type;
474 	if (v)
475 		return v;
476 
477 	v = key1->target_class - key2->target_class;
478 
479 	return v;
480 }
481 
482 static const struct hashtab_key_params rangetr_key_params = {
483 	.hash = rangetr_hash,
484 	.cmp = rangetr_cmp,
485 };
486 
487 struct mls_range *policydb_rangetr_search(struct policydb *p,
488 					  struct range_trans *key)
489 {
490 	return hashtab_search(&p->range_tr, key, rangetr_key_params);
491 }
492 
493 static u32 role_trans_hash(const void *k)
494 {
495 	const struct role_trans_key *key = k;
496 
497 	return key->role + (key->type << 3) + (key->tclass << 5);
498 }
499 
500 static int role_trans_cmp(const void *k1, const void *k2)
501 {
502 	const struct role_trans_key *key1 = k1, *key2 = k2;
503 	int v;
504 
505 	v = key1->role - key2->role;
506 	if (v)
507 		return v;
508 
509 	v = key1->type - key2->type;
510 	if (v)
511 		return v;
512 
513 	return key1->tclass - key2->tclass;
514 }
515 
516 static const struct hashtab_key_params roletr_key_params = {
517 	.hash = role_trans_hash,
518 	.cmp = role_trans_cmp,
519 };
520 
521 struct role_trans_datum *policydb_roletr_search(struct policydb *p,
522 						struct role_trans_key *key)
523 {
524 	return hashtab_search(&p->role_tr, key, roletr_key_params);
525 }
526 
527 /*
528  * Initialize a policy database structure.
529  */
530 static void policydb_init(struct policydb *p)
531 {
532 	memset(p, 0, sizeof(*p));
533 
534 	avtab_init(&p->te_avtab);
535 	cond_policydb_init(p);
536 
537 	ebitmap_init(&p->filename_trans_ttypes);
538 	ebitmap_init(&p->policycaps);
539 	ebitmap_init(&p->permissive_map);
540 }
541 
542 /*
543  * The following *_index functions are used to
544  * define the val_to_name and val_to_struct arrays
545  * in a policy database structure.  The val_to_name
546  * arrays are used when converting security context
547  * structures into string representations.  The
548  * val_to_struct arrays are used when the attributes
549  * of a class, role, or user are needed.
550  */
551 
552 static int common_index(void *key, void *datum, void *datap)
553 {
554 	struct policydb *p;
555 	struct common_datum *comdatum;
556 
557 	comdatum = datum;
558 	p = datap;
559 	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
560 		return -EINVAL;
561 
562 	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
563 
564 	return 0;
565 }
566 
567 static int class_index(void *key, void *datum, void *datap)
568 {
569 	struct policydb *p;
570 	struct class_datum *cladatum;
571 
572 	cladatum = datum;
573 	p = datap;
574 	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
575 		return -EINVAL;
576 
577 	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
578 	p->class_val_to_struct[cladatum->value - 1] = cladatum;
579 	return 0;
580 }
581 
582 static int role_index(void *key, void *datum, void *datap)
583 {
584 	struct policydb *p;
585 	struct role_datum *role;
586 
587 	role = datum;
588 	p = datap;
589 	if (!role->value
590 	    || role->value > p->p_roles.nprim
591 	    || role->bounds > p->p_roles.nprim)
592 		return -EINVAL;
593 
594 	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
595 	p->role_val_to_struct[role->value - 1] = role;
596 	return 0;
597 }
598 
599 static int type_index(void *key, void *datum, void *datap)
600 {
601 	struct policydb *p;
602 	struct type_datum *typdatum;
603 
604 	typdatum = datum;
605 	p = datap;
606 
607 	if (typdatum->primary) {
608 		if (!typdatum->value
609 		    || typdatum->value > p->p_types.nprim
610 		    || typdatum->bounds > p->p_types.nprim)
611 			return -EINVAL;
612 		p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
613 		p->type_val_to_struct[typdatum->value - 1] = typdatum;
614 	}
615 
616 	return 0;
617 }
618 
619 static int user_index(void *key, void *datum, void *datap)
620 {
621 	struct policydb *p;
622 	struct user_datum *usrdatum;
623 
624 	usrdatum = datum;
625 	p = datap;
626 	if (!usrdatum->value
627 	    || usrdatum->value > p->p_users.nprim
628 	    || usrdatum->bounds > p->p_users.nprim)
629 		return -EINVAL;
630 
631 	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
632 	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
633 	return 0;
634 }
635 
636 static int sens_index(void *key, void *datum, void *datap)
637 {
638 	struct policydb *p;
639 	struct level_datum *levdatum;
640 
641 	levdatum = datum;
642 	p = datap;
643 
644 	if (!levdatum->isalias) {
645 		if (!levdatum->level->sens ||
646 		    levdatum->level->sens > p->p_levels.nprim)
647 			return -EINVAL;
648 
649 		p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
650 	}
651 
652 	return 0;
653 }
654 
655 static int cat_index(void *key, void *datum, void *datap)
656 {
657 	struct policydb *p;
658 	struct cat_datum *catdatum;
659 
660 	catdatum = datum;
661 	p = datap;
662 
663 	if (!catdatum->isalias) {
664 		if (!catdatum->value || catdatum->value > p->p_cats.nprim)
665 			return -EINVAL;
666 
667 		p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
668 	}
669 
670 	return 0;
671 }
672 
673 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
674 {
675 	common_index,
676 	class_index,
677 	role_index,
678 	type_index,
679 	user_index,
680 	cond_index_bool,
681 	sens_index,
682 	cat_index,
683 };
684 
685 #ifdef DEBUG_HASHES
686 static void hash_eval(struct hashtab *h, const char *hash_name)
687 {
688 	struct hashtab_info info;
689 
690 	hashtab_stat(h, &info);
691 	pr_debug("SELinux: %s:  %d entries and %d/%d buckets used, longest chain length %d\n",
692 		 hash_name, h->nel, info.slots_used, h->size,
693 		 info.max_chain_len);
694 }
695 
696 static void symtab_hash_eval(struct symtab *s)
697 {
698 	int i;
699 
700 	for (i = 0; i < SYM_NUM; i++)
701 		hash_eval(&s[i].table, symtab_name[i]);
702 }
703 
704 #else
705 static inline void hash_eval(struct hashtab *h, const char *hash_name)
706 {
707 }
708 #endif
709 
710 /*
711  * Define the other val_to_name and val_to_struct arrays
712  * in a policy database structure.
713  *
714  * Caller must clean up on failure.
715  */
716 static int policydb_index(struct policydb *p)
717 {
718 	int i, rc;
719 
720 	if (p->mls_enabled)
721 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
722 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
723 			 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
724 	else
725 		pr_debug("SELinux:  %d users, %d roles, %d types, %d bools\n",
726 			 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
727 			 p->p_bools.nprim);
728 
729 	pr_debug("SELinux:  %d classes, %d rules\n",
730 		 p->p_classes.nprim, p->te_avtab.nel);
731 
732 #ifdef DEBUG_HASHES
733 	avtab_hash_eval(&p->te_avtab, "rules");
734 	symtab_hash_eval(p->symtab);
735 #endif
736 
737 	p->class_val_to_struct = kcalloc(p->p_classes.nprim,
738 					 sizeof(*p->class_val_to_struct),
739 					 GFP_KERNEL);
740 	if (!p->class_val_to_struct)
741 		return -ENOMEM;
742 
743 	p->role_val_to_struct = kcalloc(p->p_roles.nprim,
744 					sizeof(*p->role_val_to_struct),
745 					GFP_KERNEL);
746 	if (!p->role_val_to_struct)
747 		return -ENOMEM;
748 
749 	p->user_val_to_struct = kcalloc(p->p_users.nprim,
750 					sizeof(*p->user_val_to_struct),
751 					GFP_KERNEL);
752 	if (!p->user_val_to_struct)
753 		return -ENOMEM;
754 
755 	p->type_val_to_struct = kvcalloc(p->p_types.nprim,
756 					 sizeof(*p->type_val_to_struct),
757 					 GFP_KERNEL);
758 	if (!p->type_val_to_struct)
759 		return -ENOMEM;
760 
761 	rc = cond_init_bool_indexes(p);
762 	if (rc)
763 		goto out;
764 
765 	for (i = 0; i < SYM_NUM; i++) {
766 		p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
767 						 sizeof(char *),
768 						 GFP_KERNEL);
769 		if (!p->sym_val_to_name[i])
770 			return -ENOMEM;
771 
772 		rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
773 		if (rc)
774 			goto out;
775 	}
776 	rc = 0;
777 out:
778 	return rc;
779 }
780 
781 /*
782  * Free any memory allocated by a policy database structure.
783  */
784 void policydb_destroy(struct policydb *p)
785 {
786 	struct ocontext *c, *ctmp;
787 	struct genfs *g, *gtmp;
788 	int i;
789 	struct role_allow *ra, *lra = NULL;
790 
791 	for (i = 0; i < SYM_NUM; i++) {
792 		cond_resched();
793 		hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
794 		hashtab_destroy(&p->symtab[i].table);
795 	}
796 
797 	for (i = 0; i < SYM_NUM; i++)
798 		kvfree(p->sym_val_to_name[i]);
799 
800 	kfree(p->class_val_to_struct);
801 	kfree(p->role_val_to_struct);
802 	kfree(p->user_val_to_struct);
803 	kvfree(p->type_val_to_struct);
804 
805 	avtab_destroy(&p->te_avtab);
806 
807 	for (i = 0; i < OCON_NUM; i++) {
808 		cond_resched();
809 		c = p->ocontexts[i];
810 		while (c) {
811 			ctmp = c;
812 			c = c->next;
813 			ocontext_destroy(ctmp, i);
814 		}
815 		p->ocontexts[i] = NULL;
816 	}
817 
818 	g = p->genfs;
819 	while (g) {
820 		cond_resched();
821 		kfree(g->fstype);
822 		c = g->head;
823 		while (c) {
824 			ctmp = c;
825 			c = c->next;
826 			ocontext_destroy(ctmp, OCON_FSUSE);
827 		}
828 		gtmp = g;
829 		g = g->next;
830 		kfree(gtmp);
831 	}
832 	p->genfs = NULL;
833 
834 	cond_policydb_destroy(p);
835 
836 	hashtab_map(&p->role_tr, role_tr_destroy, NULL);
837 	hashtab_destroy(&p->role_tr);
838 
839 	for (ra = p->role_allow; ra; ra = ra->next) {
840 		cond_resched();
841 		kfree(lra);
842 		lra = ra;
843 	}
844 	kfree(lra);
845 
846 	hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
847 	hashtab_destroy(&p->filename_trans);
848 
849 	hashtab_map(&p->range_tr, range_tr_destroy, NULL);
850 	hashtab_destroy(&p->range_tr);
851 
852 	if (p->type_attr_map_array) {
853 		for (i = 0; i < p->p_types.nprim; i++)
854 			ebitmap_destroy(&p->type_attr_map_array[i]);
855 		kvfree(p->type_attr_map_array);
856 	}
857 
858 	ebitmap_destroy(&p->filename_trans_ttypes);
859 	ebitmap_destroy(&p->policycaps);
860 	ebitmap_destroy(&p->permissive_map);
861 }
862 
863 /*
864  * Load the initial SIDs specified in a policy database
865  * structure into a SID table.
866  */
867 int policydb_load_isids(struct policydb *p, struct sidtab *s)
868 {
869 	struct ocontext *head, *c;
870 	int rc;
871 
872 	rc = sidtab_init(s);
873 	if (rc) {
874 		pr_err("SELinux:  out of memory on SID table init\n");
875 		return rc;
876 	}
877 
878 	head = p->ocontexts[OCON_ISID];
879 	for (c = head; c; c = c->next) {
880 		u32 sid = c->sid[0];
881 		const char *name = security_get_initial_sid_context(sid);
882 
883 		if (sid == SECSID_NULL) {
884 			pr_err("SELinux:  SID 0 was assigned a context.\n");
885 			sidtab_destroy(s);
886 			return -EINVAL;
887 		}
888 
889 		/* Ignore initial SIDs unused by this kernel. */
890 		if (!name)
891 			continue;
892 
893 		rc = sidtab_set_initial(s, sid, &c->context[0]);
894 		if (rc) {
895 			pr_err("SELinux:  unable to load initial SID %s.\n",
896 			       name);
897 			sidtab_destroy(s);
898 			return rc;
899 		}
900 	}
901 	return 0;
902 }
903 
904 int policydb_class_isvalid(struct policydb *p, unsigned int class)
905 {
906 	if (!class || class > p->p_classes.nprim)
907 		return 0;
908 	return 1;
909 }
910 
911 int policydb_role_isvalid(struct policydb *p, unsigned int role)
912 {
913 	if (!role || role > p->p_roles.nprim)
914 		return 0;
915 	return 1;
916 }
917 
918 int policydb_type_isvalid(struct policydb *p, unsigned int type)
919 {
920 	if (!type || type > p->p_types.nprim)
921 		return 0;
922 	return 1;
923 }
924 
925 /*
926  * Return 1 if the fields in the security context
927  * structure `c' are valid.  Return 0 otherwise.
928  */
929 int policydb_context_isvalid(struct policydb *p, struct context *c)
930 {
931 	struct role_datum *role;
932 	struct user_datum *usrdatum;
933 
934 	if (!c->role || c->role > p->p_roles.nprim)
935 		return 0;
936 
937 	if (!c->user || c->user > p->p_users.nprim)
938 		return 0;
939 
940 	if (!c->type || c->type > p->p_types.nprim)
941 		return 0;
942 
943 	if (c->role != OBJECT_R_VAL) {
944 		/*
945 		 * Role must be authorized for the type.
946 		 */
947 		role = p->role_val_to_struct[c->role - 1];
948 		if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
949 			/* role may not be associated with type */
950 			return 0;
951 
952 		/*
953 		 * User must be authorized for the role.
954 		 */
955 		usrdatum = p->user_val_to_struct[c->user - 1];
956 		if (!usrdatum)
957 			return 0;
958 
959 		if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
960 			/* user may not be associated with role */
961 			return 0;
962 	}
963 
964 	if (!mls_context_isvalid(p, c))
965 		return 0;
966 
967 	return 1;
968 }
969 
970 /*
971  * Read a MLS range structure from a policydb binary
972  * representation file.
973  */
974 static int mls_read_range_helper(struct mls_range *r, void *fp)
975 {
976 	__le32 buf[2];
977 	u32 items;
978 	int rc;
979 
980 	rc = next_entry(buf, fp, sizeof(u32));
981 	if (rc)
982 		goto out;
983 
984 	rc = -EINVAL;
985 	items = le32_to_cpu(buf[0]);
986 	if (items > ARRAY_SIZE(buf)) {
987 		pr_err("SELinux: mls:  range overflow\n");
988 		goto out;
989 	}
990 
991 	rc = next_entry(buf, fp, sizeof(u32) * items);
992 	if (rc) {
993 		pr_err("SELinux: mls:  truncated range\n");
994 		goto out;
995 	}
996 
997 	r->level[0].sens = le32_to_cpu(buf[0]);
998 	if (items > 1)
999 		r->level[1].sens = le32_to_cpu(buf[1]);
1000 	else
1001 		r->level[1].sens = r->level[0].sens;
1002 
1003 	rc = ebitmap_read(&r->level[0].cat, fp);
1004 	if (rc) {
1005 		pr_err("SELinux: mls:  error reading low categories\n");
1006 		goto out;
1007 	}
1008 	if (items > 1) {
1009 		rc = ebitmap_read(&r->level[1].cat, fp);
1010 		if (rc) {
1011 			pr_err("SELinux: mls:  error reading high categories\n");
1012 			goto bad_high;
1013 		}
1014 	} else {
1015 		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1016 		if (rc) {
1017 			pr_err("SELinux: mls:  out of memory\n");
1018 			goto bad_high;
1019 		}
1020 	}
1021 
1022 	return 0;
1023 bad_high:
1024 	ebitmap_destroy(&r->level[0].cat);
1025 out:
1026 	return rc;
1027 }
1028 
1029 /*
1030  * Read and validate a security context structure
1031  * from a policydb binary representation file.
1032  */
1033 static int context_read_and_validate(struct context *c,
1034 				     struct policydb *p,
1035 				     void *fp)
1036 {
1037 	__le32 buf[3];
1038 	int rc;
1039 
1040 	rc = next_entry(buf, fp, sizeof buf);
1041 	if (rc) {
1042 		pr_err("SELinux: context truncated\n");
1043 		goto out;
1044 	}
1045 	c->user = le32_to_cpu(buf[0]);
1046 	c->role = le32_to_cpu(buf[1]);
1047 	c->type = le32_to_cpu(buf[2]);
1048 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1049 		rc = mls_read_range_helper(&c->range, fp);
1050 		if (rc) {
1051 			pr_err("SELinux: error reading MLS range of context\n");
1052 			goto out;
1053 		}
1054 	}
1055 
1056 	rc = -EINVAL;
1057 	if (!policydb_context_isvalid(p, c)) {
1058 		pr_err("SELinux:  invalid security context\n");
1059 		context_destroy(c);
1060 		goto out;
1061 	}
1062 	rc = 0;
1063 out:
1064 	return rc;
1065 }
1066 
1067 /*
1068  * The following *_read functions are used to
1069  * read the symbol data from a policy database
1070  * binary representation file.
1071  */
1072 
1073 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1074 {
1075 	int rc;
1076 	char *str;
1077 
1078 	if ((len == 0) || (len == (u32)-1))
1079 		return -EINVAL;
1080 
1081 	str = kmalloc(len + 1, flags | __GFP_NOWARN);
1082 	if (!str)
1083 		return -ENOMEM;
1084 
1085 	rc = next_entry(str, fp, len);
1086 	if (rc) {
1087 		kfree(str);
1088 		return rc;
1089 	}
1090 
1091 	str[len] = '\0';
1092 	*strp = str;
1093 	return 0;
1094 }
1095 
1096 static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1097 {
1098 	char *key = NULL;
1099 	struct perm_datum *perdatum;
1100 	int rc;
1101 	__le32 buf[2];
1102 	u32 len;
1103 
1104 	perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1105 	if (!perdatum)
1106 		return -ENOMEM;
1107 
1108 	rc = next_entry(buf, fp, sizeof buf);
1109 	if (rc)
1110 		goto bad;
1111 
1112 	len = le32_to_cpu(buf[0]);
1113 	perdatum->value = le32_to_cpu(buf[1]);
1114 
1115 	rc = str_read(&key, GFP_KERNEL, fp, len);
1116 	if (rc)
1117 		goto bad;
1118 
1119 	rc = symtab_insert(s, key, perdatum);
1120 	if (rc)
1121 		goto bad;
1122 
1123 	return 0;
1124 bad:
1125 	perm_destroy(key, perdatum, NULL);
1126 	return rc;
1127 }
1128 
1129 static int common_read(struct policydb *p, struct symtab *s, void *fp)
1130 {
1131 	char *key = NULL;
1132 	struct common_datum *comdatum;
1133 	__le32 buf[4];
1134 	u32 len, nel;
1135 	int i, rc;
1136 
1137 	comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1138 	if (!comdatum)
1139 		return -ENOMEM;
1140 
1141 	rc = next_entry(buf, fp, sizeof buf);
1142 	if (rc)
1143 		goto bad;
1144 
1145 	len = le32_to_cpu(buf[0]);
1146 	comdatum->value = le32_to_cpu(buf[1]);
1147 	nel = le32_to_cpu(buf[3]);
1148 
1149 	rc = symtab_init(&comdatum->permissions, nel);
1150 	if (rc)
1151 		goto bad;
1152 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1153 
1154 	rc = str_read(&key, GFP_KERNEL, fp, len);
1155 	if (rc)
1156 		goto bad;
1157 
1158 	for (i = 0; i < nel; i++) {
1159 		rc = perm_read(p, &comdatum->permissions, fp);
1160 		if (rc)
1161 			goto bad;
1162 	}
1163 
1164 	rc = symtab_insert(s, key, comdatum);
1165 	if (rc)
1166 		goto bad;
1167 	return 0;
1168 bad:
1169 	common_destroy(key, comdatum, NULL);
1170 	return rc;
1171 }
1172 
1173 static void type_set_init(struct type_set *t)
1174 {
1175 	ebitmap_init(&t->types);
1176 	ebitmap_init(&t->negset);
1177 }
1178 
1179 static int type_set_read(struct type_set *t, void *fp)
1180 {
1181 	__le32 buf[1];
1182 	int rc;
1183 
1184 	if (ebitmap_read(&t->types, fp))
1185 		return -EINVAL;
1186 	if (ebitmap_read(&t->negset, fp))
1187 		return -EINVAL;
1188 
1189 	rc = next_entry(buf, fp, sizeof(u32));
1190 	if (rc < 0)
1191 		return -EINVAL;
1192 	t->flags = le32_to_cpu(buf[0]);
1193 
1194 	return 0;
1195 }
1196 
1197 
1198 static int read_cons_helper(struct policydb *p,
1199 				struct constraint_node **nodep,
1200 				int ncons, int allowxtarget, void *fp)
1201 {
1202 	struct constraint_node *c, *lc;
1203 	struct constraint_expr *e, *le;
1204 	__le32 buf[3];
1205 	u32 nexpr;
1206 	int rc, i, j, depth;
1207 
1208 	lc = NULL;
1209 	for (i = 0; i < ncons; i++) {
1210 		c = kzalloc(sizeof(*c), GFP_KERNEL);
1211 		if (!c)
1212 			return -ENOMEM;
1213 
1214 		if (lc)
1215 			lc->next = c;
1216 		else
1217 			*nodep = c;
1218 
1219 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1220 		if (rc)
1221 			return rc;
1222 		c->permissions = le32_to_cpu(buf[0]);
1223 		nexpr = le32_to_cpu(buf[1]);
1224 		le = NULL;
1225 		depth = -1;
1226 		for (j = 0; j < nexpr; j++) {
1227 			e = kzalloc(sizeof(*e), GFP_KERNEL);
1228 			if (!e)
1229 				return -ENOMEM;
1230 
1231 			if (le)
1232 				le->next = e;
1233 			else
1234 				c->expr = e;
1235 
1236 			rc = next_entry(buf, fp, (sizeof(u32) * 3));
1237 			if (rc)
1238 				return rc;
1239 			e->expr_type = le32_to_cpu(buf[0]);
1240 			e->attr = le32_to_cpu(buf[1]);
1241 			e->op = le32_to_cpu(buf[2]);
1242 
1243 			switch (e->expr_type) {
1244 			case CEXPR_NOT:
1245 				if (depth < 0)
1246 					return -EINVAL;
1247 				break;
1248 			case CEXPR_AND:
1249 			case CEXPR_OR:
1250 				if (depth < 1)
1251 					return -EINVAL;
1252 				depth--;
1253 				break;
1254 			case CEXPR_ATTR:
1255 				if (depth == (CEXPR_MAXDEPTH - 1))
1256 					return -EINVAL;
1257 				depth++;
1258 				break;
1259 			case CEXPR_NAMES:
1260 				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1261 					return -EINVAL;
1262 				if (depth == (CEXPR_MAXDEPTH - 1))
1263 					return -EINVAL;
1264 				depth++;
1265 				rc = ebitmap_read(&e->names, fp);
1266 				if (rc)
1267 					return rc;
1268 				if (p->policyvers >=
1269 				    POLICYDB_VERSION_CONSTRAINT_NAMES) {
1270 					e->type_names = kzalloc(sizeof
1271 						(*e->type_names), GFP_KERNEL);
1272 					if (!e->type_names)
1273 						return -ENOMEM;
1274 					type_set_init(e->type_names);
1275 					rc = type_set_read(e->type_names, fp);
1276 					if (rc)
1277 						return rc;
1278 				}
1279 				break;
1280 			default:
1281 				return -EINVAL;
1282 			}
1283 			le = e;
1284 		}
1285 		if (depth != 0)
1286 			return -EINVAL;
1287 		lc = c;
1288 	}
1289 
1290 	return 0;
1291 }
1292 
1293 static int class_read(struct policydb *p, struct symtab *s, void *fp)
1294 {
1295 	char *key = NULL;
1296 	struct class_datum *cladatum;
1297 	__le32 buf[6];
1298 	u32 len, len2, ncons, nel;
1299 	int i, rc;
1300 
1301 	cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1302 	if (!cladatum)
1303 		return -ENOMEM;
1304 
1305 	rc = next_entry(buf, fp, sizeof(u32)*6);
1306 	if (rc)
1307 		goto bad;
1308 
1309 	len = le32_to_cpu(buf[0]);
1310 	len2 = le32_to_cpu(buf[1]);
1311 	cladatum->value = le32_to_cpu(buf[2]);
1312 	nel = le32_to_cpu(buf[4]);
1313 
1314 	rc = symtab_init(&cladatum->permissions, nel);
1315 	if (rc)
1316 		goto bad;
1317 	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1318 
1319 	ncons = le32_to_cpu(buf[5]);
1320 
1321 	rc = str_read(&key, GFP_KERNEL, fp, len);
1322 	if (rc)
1323 		goto bad;
1324 
1325 	if (len2) {
1326 		rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1327 		if (rc)
1328 			goto bad;
1329 
1330 		rc = -EINVAL;
1331 		cladatum->comdatum = symtab_search(&p->p_commons,
1332 						   cladatum->comkey);
1333 		if (!cladatum->comdatum) {
1334 			pr_err("SELinux:  unknown common %s\n",
1335 			       cladatum->comkey);
1336 			goto bad;
1337 		}
1338 	}
1339 	for (i = 0; i < nel; i++) {
1340 		rc = perm_read(p, &cladatum->permissions, fp);
1341 		if (rc)
1342 			goto bad;
1343 	}
1344 
1345 	rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1346 	if (rc)
1347 		goto bad;
1348 
1349 	if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1350 		/* grab the validatetrans rules */
1351 		rc = next_entry(buf, fp, sizeof(u32));
1352 		if (rc)
1353 			goto bad;
1354 		ncons = le32_to_cpu(buf[0]);
1355 		rc = read_cons_helper(p, &cladatum->validatetrans,
1356 				ncons, 1, fp);
1357 		if (rc)
1358 			goto bad;
1359 	}
1360 
1361 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1362 		rc = next_entry(buf, fp, sizeof(u32) * 3);
1363 		if (rc)
1364 			goto bad;
1365 
1366 		cladatum->default_user = le32_to_cpu(buf[0]);
1367 		cladatum->default_role = le32_to_cpu(buf[1]);
1368 		cladatum->default_range = le32_to_cpu(buf[2]);
1369 	}
1370 
1371 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1372 		rc = next_entry(buf, fp, sizeof(u32) * 1);
1373 		if (rc)
1374 			goto bad;
1375 		cladatum->default_type = le32_to_cpu(buf[0]);
1376 	}
1377 
1378 	rc = symtab_insert(s, key, cladatum);
1379 	if (rc)
1380 		goto bad;
1381 
1382 	return 0;
1383 bad:
1384 	cls_destroy(key, cladatum, NULL);
1385 	return rc;
1386 }
1387 
1388 static int role_read(struct policydb *p, struct symtab *s, void *fp)
1389 {
1390 	char *key = NULL;
1391 	struct role_datum *role;
1392 	int rc, to_read = 2;
1393 	__le32 buf[3];
1394 	u32 len;
1395 
1396 	role = kzalloc(sizeof(*role), GFP_KERNEL);
1397 	if (!role)
1398 		return -ENOMEM;
1399 
1400 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1401 		to_read = 3;
1402 
1403 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1404 	if (rc)
1405 		goto bad;
1406 
1407 	len = le32_to_cpu(buf[0]);
1408 	role->value = le32_to_cpu(buf[1]);
1409 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1410 		role->bounds = le32_to_cpu(buf[2]);
1411 
1412 	rc = str_read(&key, GFP_KERNEL, fp, len);
1413 	if (rc)
1414 		goto bad;
1415 
1416 	rc = ebitmap_read(&role->dominates, fp);
1417 	if (rc)
1418 		goto bad;
1419 
1420 	rc = ebitmap_read(&role->types, fp);
1421 	if (rc)
1422 		goto bad;
1423 
1424 	if (strcmp(key, OBJECT_R) == 0) {
1425 		rc = -EINVAL;
1426 		if (role->value != OBJECT_R_VAL) {
1427 			pr_err("SELinux: Role %s has wrong value %d\n",
1428 			       OBJECT_R, role->value);
1429 			goto bad;
1430 		}
1431 		rc = 0;
1432 		goto bad;
1433 	}
1434 
1435 	rc = symtab_insert(s, key, role);
1436 	if (rc)
1437 		goto bad;
1438 	return 0;
1439 bad:
1440 	role_destroy(key, role, NULL);
1441 	return rc;
1442 }
1443 
1444 static int type_read(struct policydb *p, struct symtab *s, void *fp)
1445 {
1446 	char *key = NULL;
1447 	struct type_datum *typdatum;
1448 	int rc, to_read = 3;
1449 	__le32 buf[4];
1450 	u32 len;
1451 
1452 	typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1453 	if (!typdatum)
1454 		return -ENOMEM;
1455 
1456 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1457 		to_read = 4;
1458 
1459 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1460 	if (rc)
1461 		goto bad;
1462 
1463 	len = le32_to_cpu(buf[0]);
1464 	typdatum->value = le32_to_cpu(buf[1]);
1465 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1466 		u32 prop = le32_to_cpu(buf[2]);
1467 
1468 		if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1469 			typdatum->primary = 1;
1470 		if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1471 			typdatum->attribute = 1;
1472 
1473 		typdatum->bounds = le32_to_cpu(buf[3]);
1474 	} else {
1475 		typdatum->primary = le32_to_cpu(buf[2]);
1476 	}
1477 
1478 	rc = str_read(&key, GFP_KERNEL, fp, len);
1479 	if (rc)
1480 		goto bad;
1481 
1482 	rc = symtab_insert(s, key, typdatum);
1483 	if (rc)
1484 		goto bad;
1485 	return 0;
1486 bad:
1487 	type_destroy(key, typdatum, NULL);
1488 	return rc;
1489 }
1490 
1491 
1492 /*
1493  * Read a MLS level structure from a policydb binary
1494  * representation file.
1495  */
1496 static int mls_read_level(struct mls_level *lp, void *fp)
1497 {
1498 	__le32 buf[1];
1499 	int rc;
1500 
1501 	memset(lp, 0, sizeof(*lp));
1502 
1503 	rc = next_entry(buf, fp, sizeof buf);
1504 	if (rc) {
1505 		pr_err("SELinux: mls: truncated level\n");
1506 		return rc;
1507 	}
1508 	lp->sens = le32_to_cpu(buf[0]);
1509 
1510 	rc = ebitmap_read(&lp->cat, fp);
1511 	if (rc) {
1512 		pr_err("SELinux: mls:  error reading level categories\n");
1513 		return rc;
1514 	}
1515 	return 0;
1516 }
1517 
1518 static int user_read(struct policydb *p, struct symtab *s, void *fp)
1519 {
1520 	char *key = NULL;
1521 	struct user_datum *usrdatum;
1522 	int rc, to_read = 2;
1523 	__le32 buf[3];
1524 	u32 len;
1525 
1526 	usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1527 	if (!usrdatum)
1528 		return -ENOMEM;
1529 
1530 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1531 		to_read = 3;
1532 
1533 	rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1534 	if (rc)
1535 		goto bad;
1536 
1537 	len = le32_to_cpu(buf[0]);
1538 	usrdatum->value = le32_to_cpu(buf[1]);
1539 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1540 		usrdatum->bounds = le32_to_cpu(buf[2]);
1541 
1542 	rc = str_read(&key, GFP_KERNEL, fp, len);
1543 	if (rc)
1544 		goto bad;
1545 
1546 	rc = ebitmap_read(&usrdatum->roles, fp);
1547 	if (rc)
1548 		goto bad;
1549 
1550 	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1551 		rc = mls_read_range_helper(&usrdatum->range, fp);
1552 		if (rc)
1553 			goto bad;
1554 		rc = mls_read_level(&usrdatum->dfltlevel, fp);
1555 		if (rc)
1556 			goto bad;
1557 	}
1558 
1559 	rc = symtab_insert(s, key, usrdatum);
1560 	if (rc)
1561 		goto bad;
1562 	return 0;
1563 bad:
1564 	user_destroy(key, usrdatum, NULL);
1565 	return rc;
1566 }
1567 
1568 static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1569 {
1570 	char *key = NULL;
1571 	struct level_datum *levdatum;
1572 	int rc;
1573 	__le32 buf[2];
1574 	u32 len;
1575 
1576 	levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1577 	if (!levdatum)
1578 		return -ENOMEM;
1579 
1580 	rc = next_entry(buf, fp, sizeof buf);
1581 	if (rc)
1582 		goto bad;
1583 
1584 	len = le32_to_cpu(buf[0]);
1585 	levdatum->isalias = le32_to_cpu(buf[1]);
1586 
1587 	rc = str_read(&key, GFP_ATOMIC, fp, len);
1588 	if (rc)
1589 		goto bad;
1590 
1591 	rc = -ENOMEM;
1592 	levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
1593 	if (!levdatum->level)
1594 		goto bad;
1595 
1596 	rc = mls_read_level(levdatum->level, fp);
1597 	if (rc)
1598 		goto bad;
1599 
1600 	rc = symtab_insert(s, key, levdatum);
1601 	if (rc)
1602 		goto bad;
1603 	return 0;
1604 bad:
1605 	sens_destroy(key, levdatum, NULL);
1606 	return rc;
1607 }
1608 
1609 static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1610 {
1611 	char *key = NULL;
1612 	struct cat_datum *catdatum;
1613 	int rc;
1614 	__le32 buf[3];
1615 	u32 len;
1616 
1617 	catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1618 	if (!catdatum)
1619 		return -ENOMEM;
1620 
1621 	rc = next_entry(buf, fp, sizeof buf);
1622 	if (rc)
1623 		goto bad;
1624 
1625 	len = le32_to_cpu(buf[0]);
1626 	catdatum->value = le32_to_cpu(buf[1]);
1627 	catdatum->isalias = le32_to_cpu(buf[2]);
1628 
1629 	rc = str_read(&key, GFP_ATOMIC, fp, len);
1630 	if (rc)
1631 		goto bad;
1632 
1633 	rc = symtab_insert(s, key, catdatum);
1634 	if (rc)
1635 		goto bad;
1636 	return 0;
1637 bad:
1638 	cat_destroy(key, catdatum, NULL);
1639 	return rc;
1640 }
1641 
1642 static int (*read_f[SYM_NUM]) (struct policydb *p, struct symtab *s, void *fp) =
1643 {
1644 	common_read,
1645 	class_read,
1646 	role_read,
1647 	type_read,
1648 	user_read,
1649 	cond_read_bool,
1650 	sens_read,
1651 	cat_read,
1652 };
1653 
1654 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1655 {
1656 	struct user_datum *upper, *user;
1657 	struct policydb *p = datap;
1658 	int depth = 0;
1659 
1660 	upper = user = datum;
1661 	while (upper->bounds) {
1662 		struct ebitmap_node *node;
1663 		unsigned long bit;
1664 
1665 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1666 			pr_err("SELinux: user %s: "
1667 			       "too deep or looped boundary",
1668 			       (char *) key);
1669 			return -EINVAL;
1670 		}
1671 
1672 		upper = p->user_val_to_struct[upper->bounds - 1];
1673 		ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1674 			if (ebitmap_get_bit(&upper->roles, bit))
1675 				continue;
1676 
1677 			pr_err("SELinux: boundary violated policy: "
1678 			       "user=%s role=%s bounds=%s\n",
1679 			       sym_name(p, SYM_USERS, user->value - 1),
1680 			       sym_name(p, SYM_ROLES, bit),
1681 			       sym_name(p, SYM_USERS, upper->value - 1));
1682 
1683 			return -EINVAL;
1684 		}
1685 	}
1686 
1687 	return 0;
1688 }
1689 
1690 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1691 {
1692 	struct role_datum *upper, *role;
1693 	struct policydb *p = datap;
1694 	int depth = 0;
1695 
1696 	upper = role = datum;
1697 	while (upper->bounds) {
1698 		struct ebitmap_node *node;
1699 		unsigned long bit;
1700 
1701 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1702 			pr_err("SELinux: role %s: "
1703 			       "too deep or looped bounds\n",
1704 			       (char *) key);
1705 			return -EINVAL;
1706 		}
1707 
1708 		upper = p->role_val_to_struct[upper->bounds - 1];
1709 		ebitmap_for_each_positive_bit(&role->types, node, bit) {
1710 			if (ebitmap_get_bit(&upper->types, bit))
1711 				continue;
1712 
1713 			pr_err("SELinux: boundary violated policy: "
1714 			       "role=%s type=%s bounds=%s\n",
1715 			       sym_name(p, SYM_ROLES, role->value - 1),
1716 			       sym_name(p, SYM_TYPES, bit),
1717 			       sym_name(p, SYM_ROLES, upper->value - 1));
1718 
1719 			return -EINVAL;
1720 		}
1721 	}
1722 
1723 	return 0;
1724 }
1725 
1726 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1727 {
1728 	struct type_datum *upper;
1729 	struct policydb *p = datap;
1730 	int depth = 0;
1731 
1732 	upper = datum;
1733 	while (upper->bounds) {
1734 		if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1735 			pr_err("SELinux: type %s: "
1736 			       "too deep or looped boundary\n",
1737 			       (char *) key);
1738 			return -EINVAL;
1739 		}
1740 
1741 		upper = p->type_val_to_struct[upper->bounds - 1];
1742 		BUG_ON(!upper);
1743 
1744 		if (upper->attribute) {
1745 			pr_err("SELinux: type %s: "
1746 			       "bounded by attribute %s",
1747 			       (char *) key,
1748 			       sym_name(p, SYM_TYPES, upper->value - 1));
1749 			return -EINVAL;
1750 		}
1751 	}
1752 
1753 	return 0;
1754 }
1755 
1756 static int policydb_bounds_sanity_check(struct policydb *p)
1757 {
1758 	int rc;
1759 
1760 	if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1761 		return 0;
1762 
1763 	rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1764 	if (rc)
1765 		return rc;
1766 
1767 	rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1768 	if (rc)
1769 		return rc;
1770 
1771 	rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1772 	if (rc)
1773 		return rc;
1774 
1775 	return 0;
1776 }
1777 
1778 u16 string_to_security_class(struct policydb *p, const char *name)
1779 {
1780 	struct class_datum *cladatum;
1781 
1782 	cladatum = symtab_search(&p->p_classes, name);
1783 	if (!cladatum)
1784 		return 0;
1785 
1786 	return cladatum->value;
1787 }
1788 
1789 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1790 {
1791 	struct class_datum *cladatum;
1792 	struct perm_datum *perdatum = NULL;
1793 	struct common_datum *comdatum;
1794 
1795 	if (!tclass || tclass > p->p_classes.nprim)
1796 		return 0;
1797 
1798 	cladatum = p->class_val_to_struct[tclass-1];
1799 	comdatum = cladatum->comdatum;
1800 	if (comdatum)
1801 		perdatum = symtab_search(&comdatum->permissions, name);
1802 	if (!perdatum)
1803 		perdatum = symtab_search(&cladatum->permissions, name);
1804 	if (!perdatum)
1805 		return 0;
1806 
1807 	return 1U << (perdatum->value-1);
1808 }
1809 
1810 static int range_read(struct policydb *p, void *fp)
1811 {
1812 	struct range_trans *rt = NULL;
1813 	struct mls_range *r = NULL;
1814 	int i, rc;
1815 	__le32 buf[2];
1816 	u32 nel;
1817 
1818 	if (p->policyvers < POLICYDB_VERSION_MLS)
1819 		return 0;
1820 
1821 	rc = next_entry(buf, fp, sizeof(u32));
1822 	if (rc)
1823 		return rc;
1824 
1825 	nel = le32_to_cpu(buf[0]);
1826 
1827 	rc = hashtab_init(&p->range_tr, nel);
1828 	if (rc)
1829 		return rc;
1830 
1831 	for (i = 0; i < nel; i++) {
1832 		rc = -ENOMEM;
1833 		rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1834 		if (!rt)
1835 			goto out;
1836 
1837 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
1838 		if (rc)
1839 			goto out;
1840 
1841 		rt->source_type = le32_to_cpu(buf[0]);
1842 		rt->target_type = le32_to_cpu(buf[1]);
1843 		if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1844 			rc = next_entry(buf, fp, sizeof(u32));
1845 			if (rc)
1846 				goto out;
1847 			rt->target_class = le32_to_cpu(buf[0]);
1848 		} else
1849 			rt->target_class = p->process_class;
1850 
1851 		rc = -EINVAL;
1852 		if (!policydb_type_isvalid(p, rt->source_type) ||
1853 		    !policydb_type_isvalid(p, rt->target_type) ||
1854 		    !policydb_class_isvalid(p, rt->target_class))
1855 			goto out;
1856 
1857 		rc = -ENOMEM;
1858 		r = kzalloc(sizeof(*r), GFP_KERNEL);
1859 		if (!r)
1860 			goto out;
1861 
1862 		rc = mls_read_range_helper(r, fp);
1863 		if (rc)
1864 			goto out;
1865 
1866 		rc = -EINVAL;
1867 		if (!mls_range_isvalid(p, r)) {
1868 			pr_warn("SELinux:  rangetrans:  invalid range\n");
1869 			goto out;
1870 		}
1871 
1872 		rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params);
1873 		if (rc)
1874 			goto out;
1875 
1876 		rt = NULL;
1877 		r = NULL;
1878 	}
1879 	hash_eval(&p->range_tr, "rangetr");
1880 	rc = 0;
1881 out:
1882 	kfree(rt);
1883 	kfree(r);
1884 	return rc;
1885 }
1886 
1887 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1888 {
1889 	struct filename_trans_key key, *ft = NULL;
1890 	struct filename_trans_datum *last, *datum = NULL;
1891 	char *name = NULL;
1892 	u32 len, stype, otype;
1893 	__le32 buf[4];
1894 	int rc;
1895 
1896 	/* length of the path component string */
1897 	rc = next_entry(buf, fp, sizeof(u32));
1898 	if (rc)
1899 		return rc;
1900 	len = le32_to_cpu(buf[0]);
1901 
1902 	/* path component string */
1903 	rc = str_read(&name, GFP_KERNEL, fp, len);
1904 	if (rc)
1905 		return rc;
1906 
1907 	rc = next_entry(buf, fp, sizeof(u32) * 4);
1908 	if (rc)
1909 		goto out;
1910 
1911 	stype = le32_to_cpu(buf[0]);
1912 	key.ttype = le32_to_cpu(buf[1]);
1913 	key.tclass = le32_to_cpu(buf[2]);
1914 	key.name = name;
1915 
1916 	otype = le32_to_cpu(buf[3]);
1917 
1918 	last = NULL;
1919 	datum = policydb_filenametr_search(p, &key);
1920 	while (datum) {
1921 		if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1922 			/* conflicting/duplicate rules are ignored */
1923 			datum = NULL;
1924 			goto out;
1925 		}
1926 		if (likely(datum->otype == otype))
1927 			break;
1928 		last = datum;
1929 		datum = datum->next;
1930 	}
1931 	if (!datum) {
1932 		rc = -ENOMEM;
1933 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1934 		if (!datum)
1935 			goto out;
1936 
1937 		ebitmap_init(&datum->stypes);
1938 		datum->otype = otype;
1939 		datum->next = NULL;
1940 
1941 		if (unlikely(last)) {
1942 			last->next = datum;
1943 		} else {
1944 			rc = -ENOMEM;
1945 			ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1946 			if (!ft)
1947 				goto out;
1948 
1949 			rc = hashtab_insert(&p->filename_trans, ft, datum,
1950 					    filenametr_key_params);
1951 			if (rc)
1952 				goto out;
1953 			name = NULL;
1954 
1955 			rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1956 					     key.ttype, 1);
1957 			if (rc)
1958 				return rc;
1959 		}
1960 	}
1961 	kfree(name);
1962 	return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1963 
1964 out:
1965 	kfree(ft);
1966 	kfree(name);
1967 	kfree(datum);
1968 	return rc;
1969 }
1970 
1971 static int filename_trans_read_helper(struct policydb *p, void *fp)
1972 {
1973 	struct filename_trans_key *ft = NULL;
1974 	struct filename_trans_datum **dst, *datum, *first = NULL;
1975 	char *name = NULL;
1976 	u32 len, ttype, tclass, ndatum, i;
1977 	__le32 buf[3];
1978 	int rc;
1979 
1980 	/* length of the path component string */
1981 	rc = next_entry(buf, fp, sizeof(u32));
1982 	if (rc)
1983 		return rc;
1984 	len = le32_to_cpu(buf[0]);
1985 
1986 	/* path component string */
1987 	rc = str_read(&name, GFP_KERNEL, fp, len);
1988 	if (rc)
1989 		return rc;
1990 
1991 	rc = next_entry(buf, fp, sizeof(u32) * 3);
1992 	if (rc)
1993 		goto out;
1994 
1995 	ttype = le32_to_cpu(buf[0]);
1996 	tclass = le32_to_cpu(buf[1]);
1997 
1998 	ndatum = le32_to_cpu(buf[2]);
1999 	if (ndatum == 0) {
2000 		pr_err("SELinux:  Filename transition key with no datum\n");
2001 		rc = -ENOENT;
2002 		goto out;
2003 	}
2004 
2005 	dst = &first;
2006 	for (i = 0; i < ndatum; i++) {
2007 		rc = -ENOMEM;
2008 		datum = kmalloc(sizeof(*datum), GFP_KERNEL);
2009 		if (!datum)
2010 			goto out;
2011 
2012 		*dst = datum;
2013 
2014 		/* ebitmap_read() will at least init the bitmap */
2015 		rc = ebitmap_read(&datum->stypes, fp);
2016 		if (rc)
2017 			goto out;
2018 
2019 		rc = next_entry(buf, fp, sizeof(u32));
2020 		if (rc)
2021 			goto out;
2022 
2023 		datum->otype = le32_to_cpu(buf[0]);
2024 		datum->next = NULL;
2025 
2026 		dst = &datum->next;
2027 	}
2028 
2029 	rc = -ENOMEM;
2030 	ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2031 	if (!ft)
2032 		goto out;
2033 
2034 	ft->ttype = ttype;
2035 	ft->tclass = tclass;
2036 	ft->name = name;
2037 
2038 	rc = hashtab_insert(&p->filename_trans, ft, first,
2039 			    filenametr_key_params);
2040 	if (rc == -EEXIST)
2041 		pr_err("SELinux:  Duplicate filename transition key\n");
2042 	if (rc)
2043 		goto out;
2044 
2045 	return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2046 
2047 out:
2048 	kfree(ft);
2049 	kfree(name);
2050 	while (first) {
2051 		datum = first;
2052 		first = first->next;
2053 
2054 		ebitmap_destroy(&datum->stypes);
2055 		kfree(datum);
2056 	}
2057 	return rc;
2058 }
2059 
2060 static int filename_trans_read(struct policydb *p, void *fp)
2061 {
2062 	u32 nel;
2063 	__le32 buf[1];
2064 	int rc, i;
2065 
2066 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2067 		return 0;
2068 
2069 	rc = next_entry(buf, fp, sizeof(u32));
2070 	if (rc)
2071 		return rc;
2072 	nel = le32_to_cpu(buf[0]);
2073 
2074 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2075 		p->compat_filename_trans_count = nel;
2076 
2077 		rc = hashtab_init(&p->filename_trans, (1 << 11));
2078 		if (rc)
2079 			return rc;
2080 
2081 		for (i = 0; i < nel; i++) {
2082 			rc = filename_trans_read_helper_compat(p, fp);
2083 			if (rc)
2084 				return rc;
2085 		}
2086 	} else {
2087 		rc = hashtab_init(&p->filename_trans, nel);
2088 		if (rc)
2089 			return rc;
2090 
2091 		for (i = 0; i < nel; i++) {
2092 			rc = filename_trans_read_helper(p, fp);
2093 			if (rc)
2094 				return rc;
2095 		}
2096 	}
2097 	hash_eval(&p->filename_trans, "filenametr");
2098 	return 0;
2099 }
2100 
2101 static int genfs_read(struct policydb *p, void *fp)
2102 {
2103 	int i, j, rc;
2104 	u32 nel, nel2, len, len2;
2105 	__le32 buf[1];
2106 	struct ocontext *l, *c;
2107 	struct ocontext *newc = NULL;
2108 	struct genfs *genfs_p, *genfs;
2109 	struct genfs *newgenfs = NULL;
2110 
2111 	rc = next_entry(buf, fp, sizeof(u32));
2112 	if (rc)
2113 		return rc;
2114 	nel = le32_to_cpu(buf[0]);
2115 
2116 	for (i = 0; i < nel; i++) {
2117 		rc = next_entry(buf, fp, sizeof(u32));
2118 		if (rc)
2119 			goto out;
2120 		len = le32_to_cpu(buf[0]);
2121 
2122 		rc = -ENOMEM;
2123 		newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2124 		if (!newgenfs)
2125 			goto out;
2126 
2127 		rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2128 		if (rc)
2129 			goto out;
2130 
2131 		for (genfs_p = NULL, genfs = p->genfs; genfs;
2132 		     genfs_p = genfs, genfs = genfs->next) {
2133 			rc = -EINVAL;
2134 			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2135 				pr_err("SELinux:  dup genfs fstype %s\n",
2136 				       newgenfs->fstype);
2137 				goto out;
2138 			}
2139 			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2140 				break;
2141 		}
2142 		newgenfs->next = genfs;
2143 		if (genfs_p)
2144 			genfs_p->next = newgenfs;
2145 		else
2146 			p->genfs = newgenfs;
2147 		genfs = newgenfs;
2148 		newgenfs = NULL;
2149 
2150 		rc = next_entry(buf, fp, sizeof(u32));
2151 		if (rc)
2152 			goto out;
2153 
2154 		nel2 = le32_to_cpu(buf[0]);
2155 		for (j = 0; j < nel2; j++) {
2156 			rc = next_entry(buf, fp, sizeof(u32));
2157 			if (rc)
2158 				goto out;
2159 			len = le32_to_cpu(buf[0]);
2160 
2161 			rc = -ENOMEM;
2162 			newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2163 			if (!newc)
2164 				goto out;
2165 
2166 			rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2167 			if (rc)
2168 				goto out;
2169 
2170 			rc = next_entry(buf, fp, sizeof(u32));
2171 			if (rc)
2172 				goto out;
2173 
2174 			newc->v.sclass = le32_to_cpu(buf[0]);
2175 			rc = context_read_and_validate(&newc->context[0], p, fp);
2176 			if (rc)
2177 				goto out;
2178 
2179 			for (l = NULL, c = genfs->head; c;
2180 			     l = c, c = c->next) {
2181 				rc = -EINVAL;
2182 				if (!strcmp(newc->u.name, c->u.name) &&
2183 				    (!c->v.sclass || !newc->v.sclass ||
2184 				     newc->v.sclass == c->v.sclass)) {
2185 					pr_err("SELinux:  dup genfs entry (%s,%s)\n",
2186 					       genfs->fstype, c->u.name);
2187 					goto out;
2188 				}
2189 				len = strlen(newc->u.name);
2190 				len2 = strlen(c->u.name);
2191 				if (len > len2)
2192 					break;
2193 			}
2194 
2195 			newc->next = c;
2196 			if (l)
2197 				l->next = newc;
2198 			else
2199 				genfs->head = newc;
2200 			newc = NULL;
2201 		}
2202 	}
2203 	rc = 0;
2204 out:
2205 	if (newgenfs) {
2206 		kfree(newgenfs->fstype);
2207 		kfree(newgenfs);
2208 	}
2209 	ocontext_destroy(newc, OCON_FSUSE);
2210 
2211 	return rc;
2212 }
2213 
2214 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
2215 			 void *fp)
2216 {
2217 	int i, j, rc;
2218 	u32 nel, len;
2219 	__be64 prefixbuf[1];
2220 	__le32 buf[3];
2221 	struct ocontext *l, *c;
2222 	u32 nodebuf[8];
2223 
2224 	for (i = 0; i < info->ocon_num; i++) {
2225 		rc = next_entry(buf, fp, sizeof(u32));
2226 		if (rc)
2227 			goto out;
2228 		nel = le32_to_cpu(buf[0]);
2229 
2230 		l = NULL;
2231 		for (j = 0; j < nel; j++) {
2232 			rc = -ENOMEM;
2233 			c = kzalloc(sizeof(*c), GFP_KERNEL);
2234 			if (!c)
2235 				goto out;
2236 			if (l)
2237 				l->next = c;
2238 			else
2239 				p->ocontexts[i] = c;
2240 			l = c;
2241 
2242 			switch (i) {
2243 			case OCON_ISID:
2244 				rc = next_entry(buf, fp, sizeof(u32));
2245 				if (rc)
2246 					goto out;
2247 
2248 				c->sid[0] = le32_to_cpu(buf[0]);
2249 				rc = context_read_and_validate(&c->context[0], p, fp);
2250 				if (rc)
2251 					goto out;
2252 				break;
2253 			case OCON_FS:
2254 			case OCON_NETIF:
2255 				rc = next_entry(buf, fp, sizeof(u32));
2256 				if (rc)
2257 					goto out;
2258 				len = le32_to_cpu(buf[0]);
2259 
2260 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2261 				if (rc)
2262 					goto out;
2263 
2264 				rc = context_read_and_validate(&c->context[0], p, fp);
2265 				if (rc)
2266 					goto out;
2267 				rc = context_read_and_validate(&c->context[1], p, fp);
2268 				if (rc)
2269 					goto out;
2270 				break;
2271 			case OCON_PORT:
2272 				rc = next_entry(buf, fp, sizeof(u32)*3);
2273 				if (rc)
2274 					goto out;
2275 				c->u.port.protocol = le32_to_cpu(buf[0]);
2276 				c->u.port.low_port = le32_to_cpu(buf[1]);
2277 				c->u.port.high_port = le32_to_cpu(buf[2]);
2278 				rc = context_read_and_validate(&c->context[0], p, fp);
2279 				if (rc)
2280 					goto out;
2281 				break;
2282 			case OCON_NODE:
2283 				rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2284 				if (rc)
2285 					goto out;
2286 				c->u.node.addr = nodebuf[0]; /* network order */
2287 				c->u.node.mask = nodebuf[1]; /* network order */
2288 				rc = context_read_and_validate(&c->context[0], p, fp);
2289 				if (rc)
2290 					goto out;
2291 				break;
2292 			case OCON_FSUSE:
2293 				rc = next_entry(buf, fp, sizeof(u32)*2);
2294 				if (rc)
2295 					goto out;
2296 
2297 				rc = -EINVAL;
2298 				c->v.behavior = le32_to_cpu(buf[0]);
2299 				/* Determined at runtime, not in policy DB. */
2300 				if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2301 					goto out;
2302 				if (c->v.behavior > SECURITY_FS_USE_MAX)
2303 					goto out;
2304 
2305 				len = le32_to_cpu(buf[1]);
2306 				rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2307 				if (rc)
2308 					goto out;
2309 
2310 				rc = context_read_and_validate(&c->context[0], p, fp);
2311 				if (rc)
2312 					goto out;
2313 				break;
2314 			case OCON_NODE6: {
2315 				int k;
2316 
2317 				rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2318 				if (rc)
2319 					goto out;
2320 				for (k = 0; k < 4; k++)
2321 					c->u.node6.addr[k] = nodebuf[k];
2322 				for (k = 0; k < 4; k++)
2323 					c->u.node6.mask[k] = nodebuf[k+4];
2324 				rc = context_read_and_validate(&c->context[0], p, fp);
2325 				if (rc)
2326 					goto out;
2327 				break;
2328 			}
2329 			case OCON_IBPKEY: {
2330 				u32 pkey_lo, pkey_hi;
2331 
2332 				rc = next_entry(prefixbuf, fp, sizeof(u64));
2333 				if (rc)
2334 					goto out;
2335 
2336 				/* we need to have subnet_prefix in CPU order */
2337 				c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2338 
2339 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2340 				if (rc)
2341 					goto out;
2342 
2343 				pkey_lo = le32_to_cpu(buf[0]);
2344 				pkey_hi = le32_to_cpu(buf[1]);
2345 
2346 				if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2347 					rc = -EINVAL;
2348 					goto out;
2349 				}
2350 
2351 				c->u.ibpkey.low_pkey  = pkey_lo;
2352 				c->u.ibpkey.high_pkey = pkey_hi;
2353 
2354 				rc = context_read_and_validate(&c->context[0],
2355 							       p,
2356 							       fp);
2357 				if (rc)
2358 					goto out;
2359 				break;
2360 			}
2361 			case OCON_IBENDPORT: {
2362 				u32 port;
2363 
2364 				rc = next_entry(buf, fp, sizeof(u32) * 2);
2365 				if (rc)
2366 					goto out;
2367 				len = le32_to_cpu(buf[0]);
2368 
2369 				rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2370 				if (rc)
2371 					goto out;
2372 
2373 				port = le32_to_cpu(buf[1]);
2374 				if (port > U8_MAX || port == 0) {
2375 					rc = -EINVAL;
2376 					goto out;
2377 				}
2378 
2379 				c->u.ibendport.port = port;
2380 
2381 				rc = context_read_and_validate(&c->context[0],
2382 							       p,
2383 							       fp);
2384 				if (rc)
2385 					goto out;
2386 				break;
2387 			} /* end case */
2388 			} /* end switch */
2389 		}
2390 	}
2391 	rc = 0;
2392 out:
2393 	return rc;
2394 }
2395 
2396 /*
2397  * Read the configuration data from a policy database binary
2398  * representation file into a policy database structure.
2399  */
2400 int policydb_read(struct policydb *p, void *fp)
2401 {
2402 	struct role_allow *ra, *lra;
2403 	struct role_trans_key *rtk = NULL;
2404 	struct role_trans_datum *rtd = NULL;
2405 	int i, j, rc;
2406 	__le32 buf[4];
2407 	u32 len, nprim, nel, perm;
2408 
2409 	char *policydb_str;
2410 	struct policydb_compat_info *info;
2411 
2412 	policydb_init(p);
2413 
2414 	/* Read the magic number and string length. */
2415 	rc = next_entry(buf, fp, sizeof(u32) * 2);
2416 	if (rc)
2417 		goto bad;
2418 
2419 	rc = -EINVAL;
2420 	if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2421 		pr_err("SELinux:  policydb magic number 0x%x does "
2422 		       "not match expected magic number 0x%x\n",
2423 		       le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2424 		goto bad;
2425 	}
2426 
2427 	rc = -EINVAL;
2428 	len = le32_to_cpu(buf[1]);
2429 	if (len != strlen(POLICYDB_STRING)) {
2430 		pr_err("SELinux:  policydb string length %d does not "
2431 		       "match expected length %zu\n",
2432 		       len, strlen(POLICYDB_STRING));
2433 		goto bad;
2434 	}
2435 
2436 	rc = -ENOMEM;
2437 	policydb_str = kmalloc(len + 1, GFP_KERNEL);
2438 	if (!policydb_str) {
2439 		pr_err("SELinux:  unable to allocate memory for policydb "
2440 		       "string of length %d\n", len);
2441 		goto bad;
2442 	}
2443 
2444 	rc = next_entry(policydb_str, fp, len);
2445 	if (rc) {
2446 		pr_err("SELinux:  truncated policydb string identifier\n");
2447 		kfree(policydb_str);
2448 		goto bad;
2449 	}
2450 
2451 	rc = -EINVAL;
2452 	policydb_str[len] = '\0';
2453 	if (strcmp(policydb_str, POLICYDB_STRING)) {
2454 		pr_err("SELinux:  policydb string %s does not match "
2455 		       "my string %s\n", policydb_str, POLICYDB_STRING);
2456 		kfree(policydb_str);
2457 		goto bad;
2458 	}
2459 	/* Done with policydb_str. */
2460 	kfree(policydb_str);
2461 	policydb_str = NULL;
2462 
2463 	/* Read the version and table sizes. */
2464 	rc = next_entry(buf, fp, sizeof(u32)*4);
2465 	if (rc)
2466 		goto bad;
2467 
2468 	rc = -EINVAL;
2469 	p->policyvers = le32_to_cpu(buf[0]);
2470 	if (p->policyvers < POLICYDB_VERSION_MIN ||
2471 	    p->policyvers > POLICYDB_VERSION_MAX) {
2472 		pr_err("SELinux:  policydb version %d does not match "
2473 		       "my version range %d-%d\n",
2474 		       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2475 		goto bad;
2476 	}
2477 
2478 	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2479 		p->mls_enabled = 1;
2480 
2481 		rc = -EINVAL;
2482 		if (p->policyvers < POLICYDB_VERSION_MLS) {
2483 			pr_err("SELinux: security policydb version %d "
2484 				"(MLS) not backwards compatible\n",
2485 				p->policyvers);
2486 			goto bad;
2487 		}
2488 	}
2489 	p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2490 	p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2491 
2492 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2493 		rc = ebitmap_read(&p->policycaps, fp);
2494 		if (rc)
2495 			goto bad;
2496 	}
2497 
2498 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2499 		rc = ebitmap_read(&p->permissive_map, fp);
2500 		if (rc)
2501 			goto bad;
2502 	}
2503 
2504 	rc = -EINVAL;
2505 	info = policydb_lookup_compat(p->policyvers);
2506 	if (!info) {
2507 		pr_err("SELinux:  unable to find policy compat info "
2508 		       "for version %d\n", p->policyvers);
2509 		goto bad;
2510 	}
2511 
2512 	rc = -EINVAL;
2513 	if (le32_to_cpu(buf[2]) != info->sym_num ||
2514 		le32_to_cpu(buf[3]) != info->ocon_num) {
2515 		pr_err("SELinux:  policydb table sizes (%d,%d) do "
2516 		       "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2517 			le32_to_cpu(buf[3]),
2518 		       info->sym_num, info->ocon_num);
2519 		goto bad;
2520 	}
2521 
2522 	for (i = 0; i < info->sym_num; i++) {
2523 		rc = next_entry(buf, fp, sizeof(u32)*2);
2524 		if (rc)
2525 			goto bad;
2526 		nprim = le32_to_cpu(buf[0]);
2527 		nel = le32_to_cpu(buf[1]);
2528 
2529 		rc = symtab_init(&p->symtab[i], nel);
2530 		if (rc)
2531 			goto out;
2532 
2533 		if (i == SYM_ROLES) {
2534 			rc = roles_init(p);
2535 			if (rc)
2536 				goto out;
2537 		}
2538 
2539 		for (j = 0; j < nel; j++) {
2540 			rc = read_f[i](p, &p->symtab[i], fp);
2541 			if (rc)
2542 				goto bad;
2543 		}
2544 
2545 		p->symtab[i].nprim = nprim;
2546 	}
2547 
2548 	rc = -EINVAL;
2549 	p->process_class = string_to_security_class(p, "process");
2550 	if (!p->process_class) {
2551 		pr_err("SELinux: process class is required, not defined in policy\n");
2552 		goto bad;
2553 	}
2554 
2555 	rc = avtab_read(&p->te_avtab, fp, p);
2556 	if (rc)
2557 		goto bad;
2558 
2559 	if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2560 		rc = cond_read_list(p, fp);
2561 		if (rc)
2562 			goto bad;
2563 	}
2564 
2565 	rc = next_entry(buf, fp, sizeof(u32));
2566 	if (rc)
2567 		goto bad;
2568 	nel = le32_to_cpu(buf[0]);
2569 
2570 	rc = hashtab_init(&p->role_tr, nel);
2571 	if (rc)
2572 		goto bad;
2573 	for (i = 0; i < nel; i++) {
2574 		rc = -ENOMEM;
2575 		rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2576 		if (!rtk)
2577 			goto bad;
2578 
2579 		rc = -ENOMEM;
2580 		rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2581 		if (!rtd)
2582 			goto bad;
2583 
2584 		rc = next_entry(buf, fp, sizeof(u32)*3);
2585 		if (rc)
2586 			goto bad;
2587 
2588 		rtk->role = le32_to_cpu(buf[0]);
2589 		rtk->type = le32_to_cpu(buf[1]);
2590 		rtd->new_role = le32_to_cpu(buf[2]);
2591 		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2592 			rc = next_entry(buf, fp, sizeof(u32));
2593 			if (rc)
2594 				goto bad;
2595 			rtk->tclass = le32_to_cpu(buf[0]);
2596 		} else
2597 			rtk->tclass = p->process_class;
2598 
2599 		rc = -EINVAL;
2600 		if (!policydb_role_isvalid(p, rtk->role) ||
2601 		    !policydb_type_isvalid(p, rtk->type) ||
2602 		    !policydb_class_isvalid(p, rtk->tclass) ||
2603 		    !policydb_role_isvalid(p, rtd->new_role))
2604 			goto bad;
2605 
2606 		rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params);
2607 		if (rc)
2608 			goto bad;
2609 
2610 		rtk = NULL;
2611 		rtd = NULL;
2612 	}
2613 
2614 	rc = next_entry(buf, fp, sizeof(u32));
2615 	if (rc)
2616 		goto bad;
2617 	nel = le32_to_cpu(buf[0]);
2618 	lra = NULL;
2619 	for (i = 0; i < nel; i++) {
2620 		rc = -ENOMEM;
2621 		ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2622 		if (!ra)
2623 			goto bad;
2624 		if (lra)
2625 			lra->next = ra;
2626 		else
2627 			p->role_allow = ra;
2628 		rc = next_entry(buf, fp, sizeof(u32)*2);
2629 		if (rc)
2630 			goto bad;
2631 
2632 		rc = -EINVAL;
2633 		ra->role = le32_to_cpu(buf[0]);
2634 		ra->new_role = le32_to_cpu(buf[1]);
2635 		if (!policydb_role_isvalid(p, ra->role) ||
2636 		    !policydb_role_isvalid(p, ra->new_role))
2637 			goto bad;
2638 		lra = ra;
2639 	}
2640 
2641 	rc = filename_trans_read(p, fp);
2642 	if (rc)
2643 		goto bad;
2644 
2645 	rc = policydb_index(p);
2646 	if (rc)
2647 		goto bad;
2648 
2649 	rc = -EINVAL;
2650 	perm = string_to_av_perm(p, p->process_class, "transition");
2651 	if (!perm) {
2652 		pr_err("SELinux: process transition permission is required, not defined in policy\n");
2653 		goto bad;
2654 	}
2655 	p->process_trans_perms = perm;
2656 	perm = string_to_av_perm(p, p->process_class, "dyntransition");
2657 	if (!perm) {
2658 		pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2659 		goto bad;
2660 	}
2661 	p->process_trans_perms |= perm;
2662 
2663 	rc = ocontext_read(p, info, fp);
2664 	if (rc)
2665 		goto bad;
2666 
2667 	rc = genfs_read(p, fp);
2668 	if (rc)
2669 		goto bad;
2670 
2671 	rc = range_read(p, fp);
2672 	if (rc)
2673 		goto bad;
2674 
2675 	rc = -ENOMEM;
2676 	p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2677 					  sizeof(*p->type_attr_map_array),
2678 					  GFP_KERNEL);
2679 	if (!p->type_attr_map_array)
2680 		goto bad;
2681 
2682 	/* just in case ebitmap_init() becomes more than just a memset(0): */
2683 	for (i = 0; i < p->p_types.nprim; i++)
2684 		ebitmap_init(&p->type_attr_map_array[i]);
2685 
2686 	for (i = 0; i < p->p_types.nprim; i++) {
2687 		struct ebitmap *e = &p->type_attr_map_array[i];
2688 
2689 		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2690 			rc = ebitmap_read(e, fp);
2691 			if (rc)
2692 				goto bad;
2693 		}
2694 		/* add the type itself as the degenerate case */
2695 		rc = ebitmap_set_bit(e, i, 1);
2696 		if (rc)
2697 			goto bad;
2698 	}
2699 
2700 	rc = policydb_bounds_sanity_check(p);
2701 	if (rc)
2702 		goto bad;
2703 
2704 	rc = 0;
2705 out:
2706 	return rc;
2707 bad:
2708 	kfree(rtk);
2709 	kfree(rtd);
2710 	policydb_destroy(p);
2711 	goto out;
2712 }
2713 
2714 /*
2715  * Write a MLS level structure to a policydb binary
2716  * representation file.
2717  */
2718 static int mls_write_level(struct mls_level *l, void *fp)
2719 {
2720 	__le32 buf[1];
2721 	int rc;
2722 
2723 	buf[0] = cpu_to_le32(l->sens);
2724 	rc = put_entry(buf, sizeof(u32), 1, fp);
2725 	if (rc)
2726 		return rc;
2727 
2728 	rc = ebitmap_write(&l->cat, fp);
2729 	if (rc)
2730 		return rc;
2731 
2732 	return 0;
2733 }
2734 
2735 /*
2736  * Write a MLS range structure to a policydb binary
2737  * representation file.
2738  */
2739 static int mls_write_range_helper(struct mls_range *r, void *fp)
2740 {
2741 	__le32 buf[3];
2742 	size_t items;
2743 	int rc, eq;
2744 
2745 	eq = mls_level_eq(&r->level[1], &r->level[0]);
2746 
2747 	if (eq)
2748 		items = 2;
2749 	else
2750 		items = 3;
2751 	buf[0] = cpu_to_le32(items-1);
2752 	buf[1] = cpu_to_le32(r->level[0].sens);
2753 	if (!eq)
2754 		buf[2] = cpu_to_le32(r->level[1].sens);
2755 
2756 	BUG_ON(items > ARRAY_SIZE(buf));
2757 
2758 	rc = put_entry(buf, sizeof(u32), items, fp);
2759 	if (rc)
2760 		return rc;
2761 
2762 	rc = ebitmap_write(&r->level[0].cat, fp);
2763 	if (rc)
2764 		return rc;
2765 	if (!eq) {
2766 		rc = ebitmap_write(&r->level[1].cat, fp);
2767 		if (rc)
2768 			return rc;
2769 	}
2770 
2771 	return 0;
2772 }
2773 
2774 static int sens_write(void *vkey, void *datum, void *ptr)
2775 {
2776 	char *key = vkey;
2777 	struct level_datum *levdatum = datum;
2778 	struct policy_data *pd = ptr;
2779 	void *fp = pd->fp;
2780 	__le32 buf[2];
2781 	size_t len;
2782 	int rc;
2783 
2784 	len = strlen(key);
2785 	buf[0] = cpu_to_le32(len);
2786 	buf[1] = cpu_to_le32(levdatum->isalias);
2787 	rc = put_entry(buf, sizeof(u32), 2, fp);
2788 	if (rc)
2789 		return rc;
2790 
2791 	rc = put_entry(key, 1, len, fp);
2792 	if (rc)
2793 		return rc;
2794 
2795 	rc = mls_write_level(levdatum->level, fp);
2796 	if (rc)
2797 		return rc;
2798 
2799 	return 0;
2800 }
2801 
2802 static int cat_write(void *vkey, void *datum, void *ptr)
2803 {
2804 	char *key = vkey;
2805 	struct cat_datum *catdatum = datum;
2806 	struct policy_data *pd = ptr;
2807 	void *fp = pd->fp;
2808 	__le32 buf[3];
2809 	size_t len;
2810 	int rc;
2811 
2812 	len = strlen(key);
2813 	buf[0] = cpu_to_le32(len);
2814 	buf[1] = cpu_to_le32(catdatum->value);
2815 	buf[2] = cpu_to_le32(catdatum->isalias);
2816 	rc = put_entry(buf, sizeof(u32), 3, fp);
2817 	if (rc)
2818 		return rc;
2819 
2820 	rc = put_entry(key, 1, len, fp);
2821 	if (rc)
2822 		return rc;
2823 
2824 	return 0;
2825 }
2826 
2827 static int role_trans_write_one(void *key, void *datum, void *ptr)
2828 {
2829 	struct role_trans_key *rtk = key;
2830 	struct role_trans_datum *rtd = datum;
2831 	struct policy_data *pd = ptr;
2832 	void *fp = pd->fp;
2833 	struct policydb *p = pd->p;
2834 	__le32 buf[3];
2835 	int rc;
2836 
2837 	buf[0] = cpu_to_le32(rtk->role);
2838 	buf[1] = cpu_to_le32(rtk->type);
2839 	buf[2] = cpu_to_le32(rtd->new_role);
2840 	rc = put_entry(buf, sizeof(u32), 3, fp);
2841 	if (rc)
2842 		return rc;
2843 	if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2844 		buf[0] = cpu_to_le32(rtk->tclass);
2845 		rc = put_entry(buf, sizeof(u32), 1, fp);
2846 		if (rc)
2847 			return rc;
2848 	}
2849 	return 0;
2850 }
2851 
2852 static int role_trans_write(struct policydb *p, void *fp)
2853 {
2854 	struct policy_data pd = { .p = p, .fp = fp };
2855 	__le32 buf[1];
2856 	int rc;
2857 
2858 	buf[0] = cpu_to_le32(p->role_tr.nel);
2859 	rc = put_entry(buf, sizeof(u32), 1, fp);
2860 	if (rc)
2861 		return rc;
2862 
2863 	return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2864 }
2865 
2866 static int role_allow_write(struct role_allow *r, void *fp)
2867 {
2868 	struct role_allow *ra;
2869 	__le32 buf[2];
2870 	size_t nel;
2871 	int rc;
2872 
2873 	nel = 0;
2874 	for (ra = r; ra; ra = ra->next)
2875 		nel++;
2876 	buf[0] = cpu_to_le32(nel);
2877 	rc = put_entry(buf, sizeof(u32), 1, fp);
2878 	if (rc)
2879 		return rc;
2880 	for (ra = r; ra; ra = ra->next) {
2881 		buf[0] = cpu_to_le32(ra->role);
2882 		buf[1] = cpu_to_le32(ra->new_role);
2883 		rc = put_entry(buf, sizeof(u32), 2, fp);
2884 		if (rc)
2885 			return rc;
2886 	}
2887 	return 0;
2888 }
2889 
2890 /*
2891  * Write a security context structure
2892  * to a policydb binary representation file.
2893  */
2894 static int context_write(struct policydb *p, struct context *c,
2895 			 void *fp)
2896 {
2897 	int rc;
2898 	__le32 buf[3];
2899 
2900 	buf[0] = cpu_to_le32(c->user);
2901 	buf[1] = cpu_to_le32(c->role);
2902 	buf[2] = cpu_to_le32(c->type);
2903 
2904 	rc = put_entry(buf, sizeof(u32), 3, fp);
2905 	if (rc)
2906 		return rc;
2907 
2908 	rc = mls_write_range_helper(&c->range, fp);
2909 	if (rc)
2910 		return rc;
2911 
2912 	return 0;
2913 }
2914 
2915 /*
2916  * The following *_write functions are used to
2917  * write the symbol data to a policy database
2918  * binary representation file.
2919  */
2920 
2921 static int perm_write(void *vkey, void *datum, void *fp)
2922 {
2923 	char *key = vkey;
2924 	struct perm_datum *perdatum = datum;
2925 	__le32 buf[2];
2926 	size_t len;
2927 	int rc;
2928 
2929 	len = strlen(key);
2930 	buf[0] = cpu_to_le32(len);
2931 	buf[1] = cpu_to_le32(perdatum->value);
2932 	rc = put_entry(buf, sizeof(u32), 2, fp);
2933 	if (rc)
2934 		return rc;
2935 
2936 	rc = put_entry(key, 1, len, fp);
2937 	if (rc)
2938 		return rc;
2939 
2940 	return 0;
2941 }
2942 
2943 static int common_write(void *vkey, void *datum, void *ptr)
2944 {
2945 	char *key = vkey;
2946 	struct common_datum *comdatum = datum;
2947 	struct policy_data *pd = ptr;
2948 	void *fp = pd->fp;
2949 	__le32 buf[4];
2950 	size_t len;
2951 	int rc;
2952 
2953 	len = strlen(key);
2954 	buf[0] = cpu_to_le32(len);
2955 	buf[1] = cpu_to_le32(comdatum->value);
2956 	buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2957 	buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2958 	rc = put_entry(buf, sizeof(u32), 4, fp);
2959 	if (rc)
2960 		return rc;
2961 
2962 	rc = put_entry(key, 1, len, fp);
2963 	if (rc)
2964 		return rc;
2965 
2966 	rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2967 	if (rc)
2968 		return rc;
2969 
2970 	return 0;
2971 }
2972 
2973 static int type_set_write(struct type_set *t, void *fp)
2974 {
2975 	int rc;
2976 	__le32 buf[1];
2977 
2978 	if (ebitmap_write(&t->types, fp))
2979 		return -EINVAL;
2980 	if (ebitmap_write(&t->negset, fp))
2981 		return -EINVAL;
2982 
2983 	buf[0] = cpu_to_le32(t->flags);
2984 	rc = put_entry(buf, sizeof(u32), 1, fp);
2985 	if (rc)
2986 		return -EINVAL;
2987 
2988 	return 0;
2989 }
2990 
2991 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2992 			     void *fp)
2993 {
2994 	struct constraint_node *c;
2995 	struct constraint_expr *e;
2996 	__le32 buf[3];
2997 	u32 nel;
2998 	int rc;
2999 
3000 	for (c = node; c; c = c->next) {
3001 		nel = 0;
3002 		for (e = c->expr; e; e = e->next)
3003 			nel++;
3004 		buf[0] = cpu_to_le32(c->permissions);
3005 		buf[1] = cpu_to_le32(nel);
3006 		rc = put_entry(buf, sizeof(u32), 2, fp);
3007 		if (rc)
3008 			return rc;
3009 		for (e = c->expr; e; e = e->next) {
3010 			buf[0] = cpu_to_le32(e->expr_type);
3011 			buf[1] = cpu_to_le32(e->attr);
3012 			buf[2] = cpu_to_le32(e->op);
3013 			rc = put_entry(buf, sizeof(u32), 3, fp);
3014 			if (rc)
3015 				return rc;
3016 
3017 			switch (e->expr_type) {
3018 			case CEXPR_NAMES:
3019 				rc = ebitmap_write(&e->names, fp);
3020 				if (rc)
3021 					return rc;
3022 				if (p->policyvers >=
3023 					POLICYDB_VERSION_CONSTRAINT_NAMES) {
3024 					rc = type_set_write(e->type_names, fp);
3025 					if (rc)
3026 						return rc;
3027 				}
3028 				break;
3029 			default:
3030 				break;
3031 			}
3032 		}
3033 	}
3034 
3035 	return 0;
3036 }
3037 
3038 static int class_write(void *vkey, void *datum, void *ptr)
3039 {
3040 	char *key = vkey;
3041 	struct class_datum *cladatum = datum;
3042 	struct policy_data *pd = ptr;
3043 	void *fp = pd->fp;
3044 	struct policydb *p = pd->p;
3045 	struct constraint_node *c;
3046 	__le32 buf[6];
3047 	u32 ncons;
3048 	size_t len, len2;
3049 	int rc;
3050 
3051 	len = strlen(key);
3052 	if (cladatum->comkey)
3053 		len2 = strlen(cladatum->comkey);
3054 	else
3055 		len2 = 0;
3056 
3057 	ncons = 0;
3058 	for (c = cladatum->constraints; c; c = c->next)
3059 		ncons++;
3060 
3061 	buf[0] = cpu_to_le32(len);
3062 	buf[1] = cpu_to_le32(len2);
3063 	buf[2] = cpu_to_le32(cladatum->value);
3064 	buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3065 	buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3066 	buf[5] = cpu_to_le32(ncons);
3067 	rc = put_entry(buf, sizeof(u32), 6, fp);
3068 	if (rc)
3069 		return rc;
3070 
3071 	rc = put_entry(key, 1, len, fp);
3072 	if (rc)
3073 		return rc;
3074 
3075 	if (cladatum->comkey) {
3076 		rc = put_entry(cladatum->comkey, 1, len2, fp);
3077 		if (rc)
3078 			return rc;
3079 	}
3080 
3081 	rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3082 	if (rc)
3083 		return rc;
3084 
3085 	rc = write_cons_helper(p, cladatum->constraints, fp);
3086 	if (rc)
3087 		return rc;
3088 
3089 	/* write out the validatetrans rule */
3090 	ncons = 0;
3091 	for (c = cladatum->validatetrans; c; c = c->next)
3092 		ncons++;
3093 
3094 	buf[0] = cpu_to_le32(ncons);
3095 	rc = put_entry(buf, sizeof(u32), 1, fp);
3096 	if (rc)
3097 		return rc;
3098 
3099 	rc = write_cons_helper(p, cladatum->validatetrans, fp);
3100 	if (rc)
3101 		return rc;
3102 
3103 	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3104 		buf[0] = cpu_to_le32(cladatum->default_user);
3105 		buf[1] = cpu_to_le32(cladatum->default_role);
3106 		buf[2] = cpu_to_le32(cladatum->default_range);
3107 
3108 		rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3109 		if (rc)
3110 			return rc;
3111 	}
3112 
3113 	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3114 		buf[0] = cpu_to_le32(cladatum->default_type);
3115 		rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3116 		if (rc)
3117 			return rc;
3118 	}
3119 
3120 	return 0;
3121 }
3122 
3123 static int role_write(void *vkey, void *datum, void *ptr)
3124 {
3125 	char *key = vkey;
3126 	struct role_datum *role = datum;
3127 	struct policy_data *pd = ptr;
3128 	void *fp = pd->fp;
3129 	struct policydb *p = pd->p;
3130 	__le32 buf[3];
3131 	size_t items, len;
3132 	int rc;
3133 
3134 	len = strlen(key);
3135 	items = 0;
3136 	buf[items++] = cpu_to_le32(len);
3137 	buf[items++] = cpu_to_le32(role->value);
3138 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3139 		buf[items++] = cpu_to_le32(role->bounds);
3140 
3141 	BUG_ON(items > ARRAY_SIZE(buf));
3142 
3143 	rc = put_entry(buf, sizeof(u32), items, fp);
3144 	if (rc)
3145 		return rc;
3146 
3147 	rc = put_entry(key, 1, len, fp);
3148 	if (rc)
3149 		return rc;
3150 
3151 	rc = ebitmap_write(&role->dominates, fp);
3152 	if (rc)
3153 		return rc;
3154 
3155 	rc = ebitmap_write(&role->types, fp);
3156 	if (rc)
3157 		return rc;
3158 
3159 	return 0;
3160 }
3161 
3162 static int type_write(void *vkey, void *datum, void *ptr)
3163 {
3164 	char *key = vkey;
3165 	struct type_datum *typdatum = datum;
3166 	struct policy_data *pd = ptr;
3167 	struct policydb *p = pd->p;
3168 	void *fp = pd->fp;
3169 	__le32 buf[4];
3170 	int rc;
3171 	size_t items, len;
3172 
3173 	len = strlen(key);
3174 	items = 0;
3175 	buf[items++] = cpu_to_le32(len);
3176 	buf[items++] = cpu_to_le32(typdatum->value);
3177 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3178 		u32 properties = 0;
3179 
3180 		if (typdatum->primary)
3181 			properties |= TYPEDATUM_PROPERTY_PRIMARY;
3182 
3183 		if (typdatum->attribute)
3184 			properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3185 
3186 		buf[items++] = cpu_to_le32(properties);
3187 		buf[items++] = cpu_to_le32(typdatum->bounds);
3188 	} else {
3189 		buf[items++] = cpu_to_le32(typdatum->primary);
3190 	}
3191 	BUG_ON(items > ARRAY_SIZE(buf));
3192 	rc = put_entry(buf, sizeof(u32), items, fp);
3193 	if (rc)
3194 		return rc;
3195 
3196 	rc = put_entry(key, 1, len, fp);
3197 	if (rc)
3198 		return rc;
3199 
3200 	return 0;
3201 }
3202 
3203 static int user_write(void *vkey, void *datum, void *ptr)
3204 {
3205 	char *key = vkey;
3206 	struct user_datum *usrdatum = datum;
3207 	struct policy_data *pd = ptr;
3208 	struct policydb *p = pd->p;
3209 	void *fp = pd->fp;
3210 	__le32 buf[3];
3211 	size_t items, len;
3212 	int rc;
3213 
3214 	len = strlen(key);
3215 	items = 0;
3216 	buf[items++] = cpu_to_le32(len);
3217 	buf[items++] = cpu_to_le32(usrdatum->value);
3218 	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3219 		buf[items++] = cpu_to_le32(usrdatum->bounds);
3220 	BUG_ON(items > ARRAY_SIZE(buf));
3221 	rc = put_entry(buf, sizeof(u32), items, fp);
3222 	if (rc)
3223 		return rc;
3224 
3225 	rc = put_entry(key, 1, len, fp);
3226 	if (rc)
3227 		return rc;
3228 
3229 	rc = ebitmap_write(&usrdatum->roles, fp);
3230 	if (rc)
3231 		return rc;
3232 
3233 	rc = mls_write_range_helper(&usrdatum->range, fp);
3234 	if (rc)
3235 		return rc;
3236 
3237 	rc = mls_write_level(&usrdatum->dfltlevel, fp);
3238 	if (rc)
3239 		return rc;
3240 
3241 	return 0;
3242 }
3243 
3244 static int (*write_f[SYM_NUM]) (void *key, void *datum,
3245 				void *datap) =
3246 {
3247 	common_write,
3248 	class_write,
3249 	role_write,
3250 	type_write,
3251 	user_write,
3252 	cond_write_bool,
3253 	sens_write,
3254 	cat_write,
3255 };
3256 
3257 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
3258 			  void *fp)
3259 {
3260 	unsigned int i, j, rc;
3261 	size_t nel, len;
3262 	__be64 prefixbuf[1];
3263 	__le32 buf[3];
3264 	u32 nodebuf[8];
3265 	struct ocontext *c;
3266 	for (i = 0; i < info->ocon_num; i++) {
3267 		nel = 0;
3268 		for (c = p->ocontexts[i]; c; c = c->next)
3269 			nel++;
3270 		buf[0] = cpu_to_le32(nel);
3271 		rc = put_entry(buf, sizeof(u32), 1, fp);
3272 		if (rc)
3273 			return rc;
3274 		for (c = p->ocontexts[i]; c; c = c->next) {
3275 			switch (i) {
3276 			case OCON_ISID:
3277 				buf[0] = cpu_to_le32(c->sid[0]);
3278 				rc = put_entry(buf, sizeof(u32), 1, fp);
3279 				if (rc)
3280 					return rc;
3281 				rc = context_write(p, &c->context[0], fp);
3282 				if (rc)
3283 					return rc;
3284 				break;
3285 			case OCON_FS:
3286 			case OCON_NETIF:
3287 				len = strlen(c->u.name);
3288 				buf[0] = cpu_to_le32(len);
3289 				rc = put_entry(buf, sizeof(u32), 1, fp);
3290 				if (rc)
3291 					return rc;
3292 				rc = put_entry(c->u.name, 1, len, fp);
3293 				if (rc)
3294 					return rc;
3295 				rc = context_write(p, &c->context[0], fp);
3296 				if (rc)
3297 					return rc;
3298 				rc = context_write(p, &c->context[1], fp);
3299 				if (rc)
3300 					return rc;
3301 				break;
3302 			case OCON_PORT:
3303 				buf[0] = cpu_to_le32(c->u.port.protocol);
3304 				buf[1] = cpu_to_le32(c->u.port.low_port);
3305 				buf[2] = cpu_to_le32(c->u.port.high_port);
3306 				rc = put_entry(buf, sizeof(u32), 3, fp);
3307 				if (rc)
3308 					return rc;
3309 				rc = context_write(p, &c->context[0], fp);
3310 				if (rc)
3311 					return rc;
3312 				break;
3313 			case OCON_NODE:
3314 				nodebuf[0] = c->u.node.addr; /* network order */
3315 				nodebuf[1] = c->u.node.mask; /* network order */
3316 				rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3317 				if (rc)
3318 					return rc;
3319 				rc = context_write(p, &c->context[0], fp);
3320 				if (rc)
3321 					return rc;
3322 				break;
3323 			case OCON_FSUSE:
3324 				buf[0] = cpu_to_le32(c->v.behavior);
3325 				len = strlen(c->u.name);
3326 				buf[1] = cpu_to_le32(len);
3327 				rc = put_entry(buf, sizeof(u32), 2, fp);
3328 				if (rc)
3329 					return rc;
3330 				rc = put_entry(c->u.name, 1, len, fp);
3331 				if (rc)
3332 					return rc;
3333 				rc = context_write(p, &c->context[0], fp);
3334 				if (rc)
3335 					return rc;
3336 				break;
3337 			case OCON_NODE6:
3338 				for (j = 0; j < 4; j++)
3339 					nodebuf[j] = c->u.node6.addr[j]; /* network order */
3340 				for (j = 0; j < 4; j++)
3341 					nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3342 				rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3343 				if (rc)
3344 					return rc;
3345 				rc = context_write(p, &c->context[0], fp);
3346 				if (rc)
3347 					return rc;
3348 				break;
3349 			case OCON_IBPKEY:
3350 				/* subnet_prefix is in CPU order */
3351 				prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3352 
3353 				rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3354 				if (rc)
3355 					return rc;
3356 
3357 				buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3358 				buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3359 
3360 				rc = put_entry(buf, sizeof(u32), 2, fp);
3361 				if (rc)
3362 					return rc;
3363 				rc = context_write(p, &c->context[0], fp);
3364 				if (rc)
3365 					return rc;
3366 				break;
3367 			case OCON_IBENDPORT:
3368 				len = strlen(c->u.ibendport.dev_name);
3369 				buf[0] = cpu_to_le32(len);
3370 				buf[1] = cpu_to_le32(c->u.ibendport.port);
3371 				rc = put_entry(buf, sizeof(u32), 2, fp);
3372 				if (rc)
3373 					return rc;
3374 				rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3375 				if (rc)
3376 					return rc;
3377 				rc = context_write(p, &c->context[0], fp);
3378 				if (rc)
3379 					return rc;
3380 				break;
3381 			}
3382 		}
3383 	}
3384 	return 0;
3385 }
3386 
3387 static int genfs_write(struct policydb *p, void *fp)
3388 {
3389 	struct genfs *genfs;
3390 	struct ocontext *c;
3391 	size_t len;
3392 	__le32 buf[1];
3393 	int rc;
3394 
3395 	len = 0;
3396 	for (genfs = p->genfs; genfs; genfs = genfs->next)
3397 		len++;
3398 	buf[0] = cpu_to_le32(len);
3399 	rc = put_entry(buf, sizeof(u32), 1, fp);
3400 	if (rc)
3401 		return rc;
3402 	for (genfs = p->genfs; genfs; genfs = genfs->next) {
3403 		len = strlen(genfs->fstype);
3404 		buf[0] = cpu_to_le32(len);
3405 		rc = put_entry(buf, sizeof(u32), 1, fp);
3406 		if (rc)
3407 			return rc;
3408 		rc = put_entry(genfs->fstype, 1, len, fp);
3409 		if (rc)
3410 			return rc;
3411 		len = 0;
3412 		for (c = genfs->head; c; c = c->next)
3413 			len++;
3414 		buf[0] = cpu_to_le32(len);
3415 		rc = put_entry(buf, sizeof(u32), 1, fp);
3416 		if (rc)
3417 			return rc;
3418 		for (c = genfs->head; c; c = c->next) {
3419 			len = strlen(c->u.name);
3420 			buf[0] = cpu_to_le32(len);
3421 			rc = put_entry(buf, sizeof(u32), 1, fp);
3422 			if (rc)
3423 				return rc;
3424 			rc = put_entry(c->u.name, 1, len, fp);
3425 			if (rc)
3426 				return rc;
3427 			buf[0] = cpu_to_le32(c->v.sclass);
3428 			rc = put_entry(buf, sizeof(u32), 1, fp);
3429 			if (rc)
3430 				return rc;
3431 			rc = context_write(p, &c->context[0], fp);
3432 			if (rc)
3433 				return rc;
3434 		}
3435 	}
3436 	return 0;
3437 }
3438 
3439 static int range_write_helper(void *key, void *data, void *ptr)
3440 {
3441 	__le32 buf[2];
3442 	struct range_trans *rt = key;
3443 	struct mls_range *r = data;
3444 	struct policy_data *pd = ptr;
3445 	void *fp = pd->fp;
3446 	struct policydb *p = pd->p;
3447 	int rc;
3448 
3449 	buf[0] = cpu_to_le32(rt->source_type);
3450 	buf[1] = cpu_to_le32(rt->target_type);
3451 	rc = put_entry(buf, sizeof(u32), 2, fp);
3452 	if (rc)
3453 		return rc;
3454 	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3455 		buf[0] = cpu_to_le32(rt->target_class);
3456 		rc = put_entry(buf, sizeof(u32), 1, fp);
3457 		if (rc)
3458 			return rc;
3459 	}
3460 	rc = mls_write_range_helper(r, fp);
3461 	if (rc)
3462 		return rc;
3463 
3464 	return 0;
3465 }
3466 
3467 static int range_write(struct policydb *p, void *fp)
3468 {
3469 	__le32 buf[1];
3470 	int rc;
3471 	struct policy_data pd;
3472 
3473 	pd.p = p;
3474 	pd.fp = fp;
3475 
3476 	buf[0] = cpu_to_le32(p->range_tr.nel);
3477 	rc = put_entry(buf, sizeof(u32), 1, fp);
3478 	if (rc)
3479 		return rc;
3480 
3481 	/* actually write all of the entries */
3482 	rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3483 	if (rc)
3484 		return rc;
3485 
3486 	return 0;
3487 }
3488 
3489 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3490 {
3491 	struct filename_trans_key *ft = key;
3492 	struct filename_trans_datum *datum = data;
3493 	struct ebitmap_node *node;
3494 	void *fp = ptr;
3495 	__le32 buf[4];
3496 	int rc;
3497 	u32 bit, len = strlen(ft->name);
3498 
3499 	do {
3500 		ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3501 			buf[0] = cpu_to_le32(len);
3502 			rc = put_entry(buf, sizeof(u32), 1, fp);
3503 			if (rc)
3504 				return rc;
3505 
3506 			rc = put_entry(ft->name, sizeof(char), len, fp);
3507 			if (rc)
3508 				return rc;
3509 
3510 			buf[0] = cpu_to_le32(bit + 1);
3511 			buf[1] = cpu_to_le32(ft->ttype);
3512 			buf[2] = cpu_to_le32(ft->tclass);
3513 			buf[3] = cpu_to_le32(datum->otype);
3514 
3515 			rc = put_entry(buf, sizeof(u32), 4, fp);
3516 			if (rc)
3517 				return rc;
3518 		}
3519 
3520 		datum = datum->next;
3521 	} while (unlikely(datum));
3522 
3523 	return 0;
3524 }
3525 
3526 static int filename_write_helper(void *key, void *data, void *ptr)
3527 {
3528 	struct filename_trans_key *ft = key;
3529 	struct filename_trans_datum *datum;
3530 	void *fp = ptr;
3531 	__le32 buf[3];
3532 	int rc;
3533 	u32 ndatum, len = strlen(ft->name);
3534 
3535 	buf[0] = cpu_to_le32(len);
3536 	rc = put_entry(buf, sizeof(u32), 1, fp);
3537 	if (rc)
3538 		return rc;
3539 
3540 	rc = put_entry(ft->name, sizeof(char), len, fp);
3541 	if (rc)
3542 		return rc;
3543 
3544 	ndatum = 0;
3545 	datum = data;
3546 	do {
3547 		ndatum++;
3548 		datum = datum->next;
3549 	} while (unlikely(datum));
3550 
3551 	buf[0] = cpu_to_le32(ft->ttype);
3552 	buf[1] = cpu_to_le32(ft->tclass);
3553 	buf[2] = cpu_to_le32(ndatum);
3554 	rc = put_entry(buf, sizeof(u32), 3, fp);
3555 	if (rc)
3556 		return rc;
3557 
3558 	datum = data;
3559 	do {
3560 		rc = ebitmap_write(&datum->stypes, fp);
3561 		if (rc)
3562 			return rc;
3563 
3564 		buf[0] = cpu_to_le32(datum->otype);
3565 		rc = put_entry(buf, sizeof(u32), 1, fp);
3566 		if (rc)
3567 			return rc;
3568 
3569 		datum = datum->next;
3570 	} while (unlikely(datum));
3571 
3572 	return 0;
3573 }
3574 
3575 static int filename_trans_write(struct policydb *p, void *fp)
3576 {
3577 	__le32 buf[1];
3578 	int rc;
3579 
3580 	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3581 		return 0;
3582 
3583 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3584 		buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3585 		rc = put_entry(buf, sizeof(u32), 1, fp);
3586 		if (rc)
3587 			return rc;
3588 
3589 		rc = hashtab_map(&p->filename_trans,
3590 				 filename_write_helper_compat, fp);
3591 	} else {
3592 		buf[0] = cpu_to_le32(p->filename_trans.nel);
3593 		rc = put_entry(buf, sizeof(u32), 1, fp);
3594 		if (rc)
3595 			return rc;
3596 
3597 		rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3598 	}
3599 	return rc;
3600 }
3601 
3602 /*
3603  * Write the configuration data in a policy database
3604  * structure to a policy database binary representation
3605  * file.
3606  */
3607 int policydb_write(struct policydb *p, void *fp)
3608 {
3609 	unsigned int i, num_syms;
3610 	int rc;
3611 	__le32 buf[4];
3612 	u32 config;
3613 	size_t len;
3614 	struct policydb_compat_info *info;
3615 
3616 	/*
3617 	 * refuse to write policy older than compressed avtab
3618 	 * to simplify the writer.  There are other tests dropped
3619 	 * since we assume this throughout the writer code.  Be
3620 	 * careful if you ever try to remove this restriction
3621 	 */
3622 	if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3623 		pr_err("SELinux: refusing to write policy version %d."
3624 		       "  Because it is less than version %d\n", p->policyvers,
3625 		       POLICYDB_VERSION_AVTAB);
3626 		return -EINVAL;
3627 	}
3628 
3629 	config = 0;
3630 	if (p->mls_enabled)
3631 		config |= POLICYDB_CONFIG_MLS;
3632 
3633 	if (p->reject_unknown)
3634 		config |= REJECT_UNKNOWN;
3635 	if (p->allow_unknown)
3636 		config |= ALLOW_UNKNOWN;
3637 
3638 	/* Write the magic number and string identifiers. */
3639 	buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3640 	len = strlen(POLICYDB_STRING);
3641 	buf[1] = cpu_to_le32(len);
3642 	rc = put_entry(buf, sizeof(u32), 2, fp);
3643 	if (rc)
3644 		return rc;
3645 	rc = put_entry(POLICYDB_STRING, 1, len, fp);
3646 	if (rc)
3647 		return rc;
3648 
3649 	/* Write the version, config, and table sizes. */
3650 	info = policydb_lookup_compat(p->policyvers);
3651 	if (!info) {
3652 		pr_err("SELinux: compatibility lookup failed for policy "
3653 		    "version %d", p->policyvers);
3654 		return -EINVAL;
3655 	}
3656 
3657 	buf[0] = cpu_to_le32(p->policyvers);
3658 	buf[1] = cpu_to_le32(config);
3659 	buf[2] = cpu_to_le32(info->sym_num);
3660 	buf[3] = cpu_to_le32(info->ocon_num);
3661 
3662 	rc = put_entry(buf, sizeof(u32), 4, fp);
3663 	if (rc)
3664 		return rc;
3665 
3666 	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3667 		rc = ebitmap_write(&p->policycaps, fp);
3668 		if (rc)
3669 			return rc;
3670 	}
3671 
3672 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3673 		rc = ebitmap_write(&p->permissive_map, fp);
3674 		if (rc)
3675 			return rc;
3676 	}
3677 
3678 	num_syms = info->sym_num;
3679 	for (i = 0; i < num_syms; i++) {
3680 		struct policy_data pd;
3681 
3682 		pd.fp = fp;
3683 		pd.p = p;
3684 
3685 		buf[0] = cpu_to_le32(p->symtab[i].nprim);
3686 		buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3687 
3688 		rc = put_entry(buf, sizeof(u32), 2, fp);
3689 		if (rc)
3690 			return rc;
3691 		rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3692 		if (rc)
3693 			return rc;
3694 	}
3695 
3696 	rc = avtab_write(p, &p->te_avtab, fp);
3697 	if (rc)
3698 		return rc;
3699 
3700 	rc = cond_write_list(p, fp);
3701 	if (rc)
3702 		return rc;
3703 
3704 	rc = role_trans_write(p, fp);
3705 	if (rc)
3706 		return rc;
3707 
3708 	rc = role_allow_write(p->role_allow, fp);
3709 	if (rc)
3710 		return rc;
3711 
3712 	rc = filename_trans_write(p, fp);
3713 	if (rc)
3714 		return rc;
3715 
3716 	rc = ocontext_write(p, info, fp);
3717 	if (rc)
3718 		return rc;
3719 
3720 	rc = genfs_write(p, fp);
3721 	if (rc)
3722 		return rc;
3723 
3724 	rc = range_write(p, fp);
3725 	if (rc)
3726 		return rc;
3727 
3728 	for (i = 0; i < p->p_types.nprim; i++) {
3729 		struct ebitmap *e = &p->type_attr_map_array[i];
3730 
3731 		rc = ebitmap_write(e, fp);
3732 		if (rc)
3733 			return rc;
3734 	}
3735 
3736 	return 0;
3737 }
3738