1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul.moore@hp.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 }; 127 128 static struct policydb_compat_info *policydb_lookup_compat(int version) 129 { 130 int i; 131 struct policydb_compat_info *info = NULL; 132 133 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 134 if (policydb_compat[i].version == version) { 135 info = &policydb_compat[i]; 136 break; 137 } 138 } 139 return info; 140 } 141 142 /* 143 * Initialize the role table. 144 */ 145 static int roles_init(struct policydb *p) 146 { 147 char *key = NULL; 148 int rc; 149 struct role_datum *role; 150 151 role = kzalloc(sizeof(*role), GFP_KERNEL); 152 if (!role) { 153 rc = -ENOMEM; 154 goto out; 155 } 156 role->value = ++p->p_roles.nprim; 157 if (role->value != OBJECT_R_VAL) { 158 rc = -EINVAL; 159 goto out_free_role; 160 } 161 key = kstrdup(OBJECT_R, GFP_KERNEL); 162 if (!key) { 163 rc = -ENOMEM; 164 goto out_free_role; 165 } 166 rc = hashtab_insert(p->p_roles.table, key, role); 167 if (rc) 168 goto out_free_key; 169 out: 170 return rc; 171 172 out_free_key: 173 kfree(key); 174 out_free_role: 175 kfree(role); 176 goto out; 177 } 178 179 static u32 rangetr_hash(struct hashtab *h, const void *k) 180 { 181 const struct range_trans *key = k; 182 return (key->source_type + (key->target_type << 3) + 183 (key->target_class << 5)) & (h->size - 1); 184 } 185 186 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 187 { 188 const struct range_trans *key1 = k1, *key2 = k2; 189 int v; 190 191 v = key1->source_type - key2->source_type; 192 if (v) 193 return v; 194 195 v = key1->target_type - key2->target_type; 196 if (v) 197 return v; 198 199 v = key1->target_class - key2->target_class; 200 201 return v; 202 } 203 204 /* 205 * Initialize a policy database structure. 206 */ 207 static int policydb_init(struct policydb *p) 208 { 209 int i, rc; 210 211 memset(p, 0, sizeof(*p)); 212 213 for (i = 0; i < SYM_NUM; i++) { 214 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 215 if (rc) 216 goto out_free_symtab; 217 } 218 219 rc = avtab_init(&p->te_avtab); 220 if (rc) 221 goto out_free_symtab; 222 223 rc = roles_init(p); 224 if (rc) 225 goto out_free_symtab; 226 227 rc = cond_policydb_init(p); 228 if (rc) 229 goto out_free_symtab; 230 231 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 232 if (!p->range_tr) 233 goto out_free_symtab; 234 235 ebitmap_init(&p->policycaps); 236 ebitmap_init(&p->permissive_map); 237 238 out: 239 return rc; 240 241 out_free_symtab: 242 for (i = 0; i < SYM_NUM; i++) 243 hashtab_destroy(p->symtab[i].table); 244 goto out; 245 } 246 247 /* 248 * The following *_index functions are used to 249 * define the val_to_name and val_to_struct arrays 250 * in a policy database structure. The val_to_name 251 * arrays are used when converting security context 252 * structures into string representations. The 253 * val_to_struct arrays are used when the attributes 254 * of a class, role, or user are needed. 255 */ 256 257 static int common_index(void *key, void *datum, void *datap) 258 { 259 struct policydb *p; 260 struct common_datum *comdatum; 261 262 comdatum = datum; 263 p = datap; 264 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 265 return -EINVAL; 266 p->p_common_val_to_name[comdatum->value - 1] = key; 267 return 0; 268 } 269 270 static int class_index(void *key, void *datum, void *datap) 271 { 272 struct policydb *p; 273 struct class_datum *cladatum; 274 275 cladatum = datum; 276 p = datap; 277 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 278 return -EINVAL; 279 p->p_class_val_to_name[cladatum->value - 1] = key; 280 p->class_val_to_struct[cladatum->value - 1] = cladatum; 281 return 0; 282 } 283 284 static int role_index(void *key, void *datum, void *datap) 285 { 286 struct policydb *p; 287 struct role_datum *role; 288 289 role = datum; 290 p = datap; 291 if (!role->value 292 || role->value > p->p_roles.nprim 293 || role->bounds > p->p_roles.nprim) 294 return -EINVAL; 295 p->p_role_val_to_name[role->value - 1] = key; 296 p->role_val_to_struct[role->value - 1] = role; 297 return 0; 298 } 299 300 static int type_index(void *key, void *datum, void *datap) 301 { 302 struct policydb *p; 303 struct type_datum *typdatum; 304 305 typdatum = datum; 306 p = datap; 307 308 if (typdatum->primary) { 309 if (!typdatum->value 310 || typdatum->value > p->p_types.nprim 311 || typdatum->bounds > p->p_types.nprim) 312 return -EINVAL; 313 p->p_type_val_to_name[typdatum->value - 1] = key; 314 p->type_val_to_struct[typdatum->value - 1] = typdatum; 315 } 316 317 return 0; 318 } 319 320 static int user_index(void *key, void *datum, void *datap) 321 { 322 struct policydb *p; 323 struct user_datum *usrdatum; 324 325 usrdatum = datum; 326 p = datap; 327 if (!usrdatum->value 328 || usrdatum->value > p->p_users.nprim 329 || usrdatum->bounds > p->p_users.nprim) 330 return -EINVAL; 331 p->p_user_val_to_name[usrdatum->value - 1] = key; 332 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 333 return 0; 334 } 335 336 static int sens_index(void *key, void *datum, void *datap) 337 { 338 struct policydb *p; 339 struct level_datum *levdatum; 340 341 levdatum = datum; 342 p = datap; 343 344 if (!levdatum->isalias) { 345 if (!levdatum->level->sens || 346 levdatum->level->sens > p->p_levels.nprim) 347 return -EINVAL; 348 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 349 } 350 351 return 0; 352 } 353 354 static int cat_index(void *key, void *datum, void *datap) 355 { 356 struct policydb *p; 357 struct cat_datum *catdatum; 358 359 catdatum = datum; 360 p = datap; 361 362 if (!catdatum->isalias) { 363 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 364 return -EINVAL; 365 p->p_cat_val_to_name[catdatum->value - 1] = key; 366 } 367 368 return 0; 369 } 370 371 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 372 { 373 common_index, 374 class_index, 375 role_index, 376 type_index, 377 user_index, 378 cond_index_bool, 379 sens_index, 380 cat_index, 381 }; 382 383 /* 384 * Define the common val_to_name array and the class 385 * val_to_name and val_to_struct arrays in a policy 386 * database structure. 387 * 388 * Caller must clean up upon failure. 389 */ 390 static int policydb_index_classes(struct policydb *p) 391 { 392 int rc; 393 394 p->p_common_val_to_name = 395 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 396 if (!p->p_common_val_to_name) { 397 rc = -ENOMEM; 398 goto out; 399 } 400 401 rc = hashtab_map(p->p_commons.table, common_index, p); 402 if (rc) 403 goto out; 404 405 p->class_val_to_struct = 406 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 407 if (!p->class_val_to_struct) { 408 rc = -ENOMEM; 409 goto out; 410 } 411 412 p->p_class_val_to_name = 413 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 414 if (!p->p_class_val_to_name) { 415 rc = -ENOMEM; 416 goto out; 417 } 418 419 rc = hashtab_map(p->p_classes.table, class_index, p); 420 out: 421 return rc; 422 } 423 424 #ifdef DEBUG_HASHES 425 static void symtab_hash_eval(struct symtab *s) 426 { 427 int i; 428 429 for (i = 0; i < SYM_NUM; i++) { 430 struct hashtab *h = s[i].table; 431 struct hashtab_info info; 432 433 hashtab_stat(h, &info); 434 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 435 "longest chain length %d\n", symtab_name[i], h->nel, 436 info.slots_used, h->size, info.max_chain_len); 437 } 438 } 439 440 static void rangetr_hash_eval(struct hashtab *h) 441 { 442 struct hashtab_info info; 443 444 hashtab_stat(h, &info); 445 printk(KERN_DEBUG "SELinux: rangetr: %d entries and %d/%d buckets used, " 446 "longest chain length %d\n", h->nel, 447 info.slots_used, h->size, info.max_chain_len); 448 } 449 #else 450 static inline void rangetr_hash_eval(struct hashtab *h) 451 { 452 } 453 #endif 454 455 /* 456 * Define the other val_to_name and val_to_struct arrays 457 * in a policy database structure. 458 * 459 * Caller must clean up on failure. 460 */ 461 static int policydb_index_others(struct policydb *p) 462 { 463 int i, rc = 0; 464 465 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 466 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 467 if (p->mls_enabled) 468 printk(", %d sens, %d cats", p->p_levels.nprim, 469 p->p_cats.nprim); 470 printk("\n"); 471 472 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 473 p->p_classes.nprim, p->te_avtab.nel); 474 475 #ifdef DEBUG_HASHES 476 avtab_hash_eval(&p->te_avtab, "rules"); 477 symtab_hash_eval(p->symtab); 478 #endif 479 480 p->role_val_to_struct = 481 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 482 GFP_KERNEL); 483 if (!p->role_val_to_struct) { 484 rc = -ENOMEM; 485 goto out; 486 } 487 488 p->user_val_to_struct = 489 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 490 GFP_KERNEL); 491 if (!p->user_val_to_struct) { 492 rc = -ENOMEM; 493 goto out; 494 } 495 496 p->type_val_to_struct = 497 kmalloc(p->p_types.nprim * sizeof(*(p->type_val_to_struct)), 498 GFP_KERNEL); 499 if (!p->type_val_to_struct) { 500 rc = -ENOMEM; 501 goto out; 502 } 503 504 if (cond_init_bool_indexes(p)) { 505 rc = -ENOMEM; 506 goto out; 507 } 508 509 for (i = SYM_ROLES; i < SYM_NUM; i++) { 510 p->sym_val_to_name[i] = 511 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 512 if (!p->sym_val_to_name[i]) { 513 rc = -ENOMEM; 514 goto out; 515 } 516 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 517 if (rc) 518 goto out; 519 } 520 521 out: 522 return rc; 523 } 524 525 /* 526 * The following *_destroy functions are used to 527 * free any memory allocated for each kind of 528 * symbol data in the policy database. 529 */ 530 531 static int perm_destroy(void *key, void *datum, void *p) 532 { 533 kfree(key); 534 kfree(datum); 535 return 0; 536 } 537 538 static int common_destroy(void *key, void *datum, void *p) 539 { 540 struct common_datum *comdatum; 541 542 kfree(key); 543 comdatum = datum; 544 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 545 hashtab_destroy(comdatum->permissions.table); 546 kfree(datum); 547 return 0; 548 } 549 550 static int cls_destroy(void *key, void *datum, void *p) 551 { 552 struct class_datum *cladatum; 553 struct constraint_node *constraint, *ctemp; 554 struct constraint_expr *e, *etmp; 555 556 kfree(key); 557 cladatum = datum; 558 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 559 hashtab_destroy(cladatum->permissions.table); 560 constraint = cladatum->constraints; 561 while (constraint) { 562 e = constraint->expr; 563 while (e) { 564 ebitmap_destroy(&e->names); 565 etmp = e; 566 e = e->next; 567 kfree(etmp); 568 } 569 ctemp = constraint; 570 constraint = constraint->next; 571 kfree(ctemp); 572 } 573 574 constraint = cladatum->validatetrans; 575 while (constraint) { 576 e = constraint->expr; 577 while (e) { 578 ebitmap_destroy(&e->names); 579 etmp = e; 580 e = e->next; 581 kfree(etmp); 582 } 583 ctemp = constraint; 584 constraint = constraint->next; 585 kfree(ctemp); 586 } 587 588 kfree(cladatum->comkey); 589 kfree(datum); 590 return 0; 591 } 592 593 static int role_destroy(void *key, void *datum, void *p) 594 { 595 struct role_datum *role; 596 597 kfree(key); 598 role = datum; 599 ebitmap_destroy(&role->dominates); 600 ebitmap_destroy(&role->types); 601 kfree(datum); 602 return 0; 603 } 604 605 static int type_destroy(void *key, void *datum, void *p) 606 { 607 kfree(key); 608 kfree(datum); 609 return 0; 610 } 611 612 static int user_destroy(void *key, void *datum, void *p) 613 { 614 struct user_datum *usrdatum; 615 616 kfree(key); 617 usrdatum = datum; 618 ebitmap_destroy(&usrdatum->roles); 619 ebitmap_destroy(&usrdatum->range.level[0].cat); 620 ebitmap_destroy(&usrdatum->range.level[1].cat); 621 ebitmap_destroy(&usrdatum->dfltlevel.cat); 622 kfree(datum); 623 return 0; 624 } 625 626 static int sens_destroy(void *key, void *datum, void *p) 627 { 628 struct level_datum *levdatum; 629 630 kfree(key); 631 levdatum = datum; 632 ebitmap_destroy(&levdatum->level->cat); 633 kfree(levdatum->level); 634 kfree(datum); 635 return 0; 636 } 637 638 static int cat_destroy(void *key, void *datum, void *p) 639 { 640 kfree(key); 641 kfree(datum); 642 return 0; 643 } 644 645 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 646 { 647 common_destroy, 648 cls_destroy, 649 role_destroy, 650 type_destroy, 651 user_destroy, 652 cond_destroy_bool, 653 sens_destroy, 654 cat_destroy, 655 }; 656 657 static int range_tr_destroy(void *key, void *datum, void *p) 658 { 659 struct mls_range *rt = datum; 660 kfree(key); 661 ebitmap_destroy(&rt->level[0].cat); 662 ebitmap_destroy(&rt->level[1].cat); 663 kfree(datum); 664 cond_resched(); 665 return 0; 666 } 667 668 static void ocontext_destroy(struct ocontext *c, int i) 669 { 670 if (!c) 671 return; 672 673 context_destroy(&c->context[0]); 674 context_destroy(&c->context[1]); 675 if (i == OCON_ISID || i == OCON_FS || 676 i == OCON_NETIF || i == OCON_FSUSE) 677 kfree(c->u.name); 678 kfree(c); 679 } 680 681 /* 682 * Free any memory allocated by a policy database structure. 683 */ 684 void policydb_destroy(struct policydb *p) 685 { 686 struct ocontext *c, *ctmp; 687 struct genfs *g, *gtmp; 688 int i; 689 struct role_allow *ra, *lra = NULL; 690 struct role_trans *tr, *ltr = NULL; 691 692 for (i = 0; i < SYM_NUM; i++) { 693 cond_resched(); 694 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 695 hashtab_destroy(p->symtab[i].table); 696 } 697 698 for (i = 0; i < SYM_NUM; i++) 699 kfree(p->sym_val_to_name[i]); 700 701 kfree(p->class_val_to_struct); 702 kfree(p->role_val_to_struct); 703 kfree(p->user_val_to_struct); 704 kfree(p->type_val_to_struct); 705 706 avtab_destroy(&p->te_avtab); 707 708 for (i = 0; i < OCON_NUM; i++) { 709 cond_resched(); 710 c = p->ocontexts[i]; 711 while (c) { 712 ctmp = c; 713 c = c->next; 714 ocontext_destroy(ctmp, i); 715 } 716 p->ocontexts[i] = NULL; 717 } 718 719 g = p->genfs; 720 while (g) { 721 cond_resched(); 722 kfree(g->fstype); 723 c = g->head; 724 while (c) { 725 ctmp = c; 726 c = c->next; 727 ocontext_destroy(ctmp, OCON_FSUSE); 728 } 729 gtmp = g; 730 g = g->next; 731 kfree(gtmp); 732 } 733 p->genfs = NULL; 734 735 cond_policydb_destroy(p); 736 737 for (tr = p->role_tr; tr; tr = tr->next) { 738 cond_resched(); 739 kfree(ltr); 740 ltr = tr; 741 } 742 kfree(ltr); 743 744 for (ra = p->role_allow; ra; ra = ra->next) { 745 cond_resched(); 746 kfree(lra); 747 lra = ra; 748 } 749 kfree(lra); 750 751 hashtab_map(p->range_tr, range_tr_destroy, NULL); 752 hashtab_destroy(p->range_tr); 753 754 if (p->type_attr_map_array) { 755 for (i = 0; i < p->p_types.nprim; i++) { 756 struct ebitmap *e; 757 758 e = flex_array_get(p->type_attr_map_array, i); 759 if (!e) 760 continue; 761 ebitmap_destroy(e); 762 } 763 flex_array_free(p->type_attr_map_array); 764 } 765 ebitmap_destroy(&p->policycaps); 766 ebitmap_destroy(&p->permissive_map); 767 768 return; 769 } 770 771 /* 772 * Load the initial SIDs specified in a policy database 773 * structure into a SID table. 774 */ 775 int policydb_load_isids(struct policydb *p, struct sidtab *s) 776 { 777 struct ocontext *head, *c; 778 int rc; 779 780 rc = sidtab_init(s); 781 if (rc) { 782 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 783 goto out; 784 } 785 786 head = p->ocontexts[OCON_ISID]; 787 for (c = head; c; c = c->next) { 788 if (!c->context[0].user) { 789 printk(KERN_ERR "SELinux: SID %s was never " 790 "defined.\n", c->u.name); 791 rc = -EINVAL; 792 goto out; 793 } 794 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 795 printk(KERN_ERR "SELinux: unable to load initial " 796 "SID %s.\n", c->u.name); 797 rc = -EINVAL; 798 goto out; 799 } 800 } 801 out: 802 return rc; 803 } 804 805 int policydb_class_isvalid(struct policydb *p, unsigned int class) 806 { 807 if (!class || class > p->p_classes.nprim) 808 return 0; 809 return 1; 810 } 811 812 int policydb_role_isvalid(struct policydb *p, unsigned int role) 813 { 814 if (!role || role > p->p_roles.nprim) 815 return 0; 816 return 1; 817 } 818 819 int policydb_type_isvalid(struct policydb *p, unsigned int type) 820 { 821 if (!type || type > p->p_types.nprim) 822 return 0; 823 return 1; 824 } 825 826 /* 827 * Return 1 if the fields in the security context 828 * structure `c' are valid. Return 0 otherwise. 829 */ 830 int policydb_context_isvalid(struct policydb *p, struct context *c) 831 { 832 struct role_datum *role; 833 struct user_datum *usrdatum; 834 835 if (!c->role || c->role > p->p_roles.nprim) 836 return 0; 837 838 if (!c->user || c->user > p->p_users.nprim) 839 return 0; 840 841 if (!c->type || c->type > p->p_types.nprim) 842 return 0; 843 844 if (c->role != OBJECT_R_VAL) { 845 /* 846 * Role must be authorized for the type. 847 */ 848 role = p->role_val_to_struct[c->role - 1]; 849 if (!ebitmap_get_bit(&role->types, 850 c->type - 1)) 851 /* role may not be associated with type */ 852 return 0; 853 854 /* 855 * User must be authorized for the role. 856 */ 857 usrdatum = p->user_val_to_struct[c->user - 1]; 858 if (!usrdatum) 859 return 0; 860 861 if (!ebitmap_get_bit(&usrdatum->roles, 862 c->role - 1)) 863 /* user may not be associated with role */ 864 return 0; 865 } 866 867 if (!mls_context_isvalid(p, c)) 868 return 0; 869 870 return 1; 871 } 872 873 /* 874 * Read a MLS range structure from a policydb binary 875 * representation file. 876 */ 877 static int mls_read_range_helper(struct mls_range *r, void *fp) 878 { 879 __le32 buf[2]; 880 u32 items; 881 int rc; 882 883 rc = next_entry(buf, fp, sizeof(u32)); 884 if (rc < 0) 885 goto out; 886 887 items = le32_to_cpu(buf[0]); 888 if (items > ARRAY_SIZE(buf)) { 889 printk(KERN_ERR "SELinux: mls: range overflow\n"); 890 rc = -EINVAL; 891 goto out; 892 } 893 rc = next_entry(buf, fp, sizeof(u32) * items); 894 if (rc < 0) { 895 printk(KERN_ERR "SELinux: mls: truncated range\n"); 896 goto out; 897 } 898 r->level[0].sens = le32_to_cpu(buf[0]); 899 if (items > 1) 900 r->level[1].sens = le32_to_cpu(buf[1]); 901 else 902 r->level[1].sens = r->level[0].sens; 903 904 rc = ebitmap_read(&r->level[0].cat, fp); 905 if (rc) { 906 printk(KERN_ERR "SELinux: mls: error reading low " 907 "categories\n"); 908 goto out; 909 } 910 if (items > 1) { 911 rc = ebitmap_read(&r->level[1].cat, fp); 912 if (rc) { 913 printk(KERN_ERR "SELinux: mls: error reading high " 914 "categories\n"); 915 goto bad_high; 916 } 917 } else { 918 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 919 if (rc) { 920 printk(KERN_ERR "SELinux: mls: out of memory\n"); 921 goto bad_high; 922 } 923 } 924 925 rc = 0; 926 out: 927 return rc; 928 bad_high: 929 ebitmap_destroy(&r->level[0].cat); 930 goto out; 931 } 932 933 /* 934 * Read and validate a security context structure 935 * from a policydb binary representation file. 936 */ 937 static int context_read_and_validate(struct context *c, 938 struct policydb *p, 939 void *fp) 940 { 941 __le32 buf[3]; 942 int rc; 943 944 rc = next_entry(buf, fp, sizeof buf); 945 if (rc < 0) { 946 printk(KERN_ERR "SELinux: context truncated\n"); 947 goto out; 948 } 949 c->user = le32_to_cpu(buf[0]); 950 c->role = le32_to_cpu(buf[1]); 951 c->type = le32_to_cpu(buf[2]); 952 if (p->policyvers >= POLICYDB_VERSION_MLS) { 953 if (mls_read_range_helper(&c->range, fp)) { 954 printk(KERN_ERR "SELinux: error reading MLS range of " 955 "context\n"); 956 rc = -EINVAL; 957 goto out; 958 } 959 } 960 961 if (!policydb_context_isvalid(p, c)) { 962 printk(KERN_ERR "SELinux: invalid security context\n"); 963 context_destroy(c); 964 rc = -EINVAL; 965 } 966 out: 967 return rc; 968 } 969 970 /* 971 * The following *_read functions are used to 972 * read the symbol data from a policy database 973 * binary representation file. 974 */ 975 976 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 977 { 978 char *key = NULL; 979 struct perm_datum *perdatum; 980 int rc; 981 __le32 buf[2]; 982 u32 len; 983 984 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 985 if (!perdatum) { 986 rc = -ENOMEM; 987 goto out; 988 } 989 990 rc = next_entry(buf, fp, sizeof buf); 991 if (rc < 0) 992 goto bad; 993 994 len = le32_to_cpu(buf[0]); 995 perdatum->value = le32_to_cpu(buf[1]); 996 997 key = kmalloc(len + 1, GFP_KERNEL); 998 if (!key) { 999 rc = -ENOMEM; 1000 goto bad; 1001 } 1002 rc = next_entry(key, fp, len); 1003 if (rc < 0) 1004 goto bad; 1005 key[len] = '\0'; 1006 1007 rc = hashtab_insert(h, key, perdatum); 1008 if (rc) 1009 goto bad; 1010 out: 1011 return rc; 1012 bad: 1013 perm_destroy(key, perdatum, NULL); 1014 goto out; 1015 } 1016 1017 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1018 { 1019 char *key = NULL; 1020 struct common_datum *comdatum; 1021 __le32 buf[4]; 1022 u32 len, nel; 1023 int i, rc; 1024 1025 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1026 if (!comdatum) { 1027 rc = -ENOMEM; 1028 goto out; 1029 } 1030 1031 rc = next_entry(buf, fp, sizeof buf); 1032 if (rc < 0) 1033 goto bad; 1034 1035 len = le32_to_cpu(buf[0]); 1036 comdatum->value = le32_to_cpu(buf[1]); 1037 1038 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1039 if (rc) 1040 goto bad; 1041 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1042 nel = le32_to_cpu(buf[3]); 1043 1044 key = kmalloc(len + 1, GFP_KERNEL); 1045 if (!key) { 1046 rc = -ENOMEM; 1047 goto bad; 1048 } 1049 rc = next_entry(key, fp, len); 1050 if (rc < 0) 1051 goto bad; 1052 key[len] = '\0'; 1053 1054 for (i = 0; i < nel; i++) { 1055 rc = perm_read(p, comdatum->permissions.table, fp); 1056 if (rc) 1057 goto bad; 1058 } 1059 1060 rc = hashtab_insert(h, key, comdatum); 1061 if (rc) 1062 goto bad; 1063 out: 1064 return rc; 1065 bad: 1066 common_destroy(key, comdatum, NULL); 1067 goto out; 1068 } 1069 1070 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1071 int allowxtarget, void *fp) 1072 { 1073 struct constraint_node *c, *lc; 1074 struct constraint_expr *e, *le; 1075 __le32 buf[3]; 1076 u32 nexpr; 1077 int rc, i, j, depth; 1078 1079 lc = NULL; 1080 for (i = 0; i < ncons; i++) { 1081 c = kzalloc(sizeof(*c), GFP_KERNEL); 1082 if (!c) 1083 return -ENOMEM; 1084 1085 if (lc) 1086 lc->next = c; 1087 else 1088 *nodep = c; 1089 1090 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1091 if (rc < 0) 1092 return rc; 1093 c->permissions = le32_to_cpu(buf[0]); 1094 nexpr = le32_to_cpu(buf[1]); 1095 le = NULL; 1096 depth = -1; 1097 for (j = 0; j < nexpr; j++) { 1098 e = kzalloc(sizeof(*e), GFP_KERNEL); 1099 if (!e) 1100 return -ENOMEM; 1101 1102 if (le) 1103 le->next = e; 1104 else 1105 c->expr = e; 1106 1107 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1108 if (rc < 0) 1109 return rc; 1110 e->expr_type = le32_to_cpu(buf[0]); 1111 e->attr = le32_to_cpu(buf[1]); 1112 e->op = le32_to_cpu(buf[2]); 1113 1114 switch (e->expr_type) { 1115 case CEXPR_NOT: 1116 if (depth < 0) 1117 return -EINVAL; 1118 break; 1119 case CEXPR_AND: 1120 case CEXPR_OR: 1121 if (depth < 1) 1122 return -EINVAL; 1123 depth--; 1124 break; 1125 case CEXPR_ATTR: 1126 if (depth == (CEXPR_MAXDEPTH - 1)) 1127 return -EINVAL; 1128 depth++; 1129 break; 1130 case CEXPR_NAMES: 1131 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1132 return -EINVAL; 1133 if (depth == (CEXPR_MAXDEPTH - 1)) 1134 return -EINVAL; 1135 depth++; 1136 if (ebitmap_read(&e->names, fp)) 1137 return -EINVAL; 1138 break; 1139 default: 1140 return -EINVAL; 1141 } 1142 le = e; 1143 } 1144 if (depth != 0) 1145 return -EINVAL; 1146 lc = c; 1147 } 1148 1149 return 0; 1150 } 1151 1152 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1153 { 1154 char *key = NULL; 1155 struct class_datum *cladatum; 1156 __le32 buf[6]; 1157 u32 len, len2, ncons, nel; 1158 int i, rc; 1159 1160 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1161 if (!cladatum) { 1162 rc = -ENOMEM; 1163 goto out; 1164 } 1165 1166 rc = next_entry(buf, fp, sizeof(u32)*6); 1167 if (rc < 0) 1168 goto bad; 1169 1170 len = le32_to_cpu(buf[0]); 1171 len2 = le32_to_cpu(buf[1]); 1172 cladatum->value = le32_to_cpu(buf[2]); 1173 1174 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1175 if (rc) 1176 goto bad; 1177 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1178 nel = le32_to_cpu(buf[4]); 1179 1180 ncons = le32_to_cpu(buf[5]); 1181 1182 key = kmalloc(len + 1, GFP_KERNEL); 1183 if (!key) { 1184 rc = -ENOMEM; 1185 goto bad; 1186 } 1187 rc = next_entry(key, fp, len); 1188 if (rc < 0) 1189 goto bad; 1190 key[len] = '\0'; 1191 1192 if (len2) { 1193 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1194 if (!cladatum->comkey) { 1195 rc = -ENOMEM; 1196 goto bad; 1197 } 1198 rc = next_entry(cladatum->comkey, fp, len2); 1199 if (rc < 0) 1200 goto bad; 1201 cladatum->comkey[len2] = '\0'; 1202 1203 cladatum->comdatum = hashtab_search(p->p_commons.table, 1204 cladatum->comkey); 1205 if (!cladatum->comdatum) { 1206 printk(KERN_ERR "SELinux: unknown common %s\n", 1207 cladatum->comkey); 1208 rc = -EINVAL; 1209 goto bad; 1210 } 1211 } 1212 for (i = 0; i < nel; i++) { 1213 rc = perm_read(p, cladatum->permissions.table, fp); 1214 if (rc) 1215 goto bad; 1216 } 1217 1218 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1219 if (rc) 1220 goto bad; 1221 1222 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1223 /* grab the validatetrans rules */ 1224 rc = next_entry(buf, fp, sizeof(u32)); 1225 if (rc < 0) 1226 goto bad; 1227 ncons = le32_to_cpu(buf[0]); 1228 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1229 if (rc) 1230 goto bad; 1231 } 1232 1233 rc = hashtab_insert(h, key, cladatum); 1234 if (rc) 1235 goto bad; 1236 1237 rc = 0; 1238 out: 1239 return rc; 1240 bad: 1241 cls_destroy(key, cladatum, NULL); 1242 goto out; 1243 } 1244 1245 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1246 { 1247 char *key = NULL; 1248 struct role_datum *role; 1249 int rc, to_read = 2; 1250 __le32 buf[3]; 1251 u32 len; 1252 1253 role = kzalloc(sizeof(*role), GFP_KERNEL); 1254 if (!role) { 1255 rc = -ENOMEM; 1256 goto out; 1257 } 1258 1259 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1260 to_read = 3; 1261 1262 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1263 if (rc < 0) 1264 goto bad; 1265 1266 len = le32_to_cpu(buf[0]); 1267 role->value = le32_to_cpu(buf[1]); 1268 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1269 role->bounds = le32_to_cpu(buf[2]); 1270 1271 key = kmalloc(len + 1, GFP_KERNEL); 1272 if (!key) { 1273 rc = -ENOMEM; 1274 goto bad; 1275 } 1276 rc = next_entry(key, fp, len); 1277 if (rc < 0) 1278 goto bad; 1279 key[len] = '\0'; 1280 1281 rc = ebitmap_read(&role->dominates, fp); 1282 if (rc) 1283 goto bad; 1284 1285 rc = ebitmap_read(&role->types, fp); 1286 if (rc) 1287 goto bad; 1288 1289 if (strcmp(key, OBJECT_R) == 0) { 1290 if (role->value != OBJECT_R_VAL) { 1291 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1292 OBJECT_R, role->value); 1293 rc = -EINVAL; 1294 goto bad; 1295 } 1296 rc = 0; 1297 goto bad; 1298 } 1299 1300 rc = hashtab_insert(h, key, role); 1301 if (rc) 1302 goto bad; 1303 out: 1304 return rc; 1305 bad: 1306 role_destroy(key, role, NULL); 1307 goto out; 1308 } 1309 1310 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1311 { 1312 char *key = NULL; 1313 struct type_datum *typdatum; 1314 int rc, to_read = 3; 1315 __le32 buf[4]; 1316 u32 len; 1317 1318 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1319 if (!typdatum) { 1320 rc = -ENOMEM; 1321 return rc; 1322 } 1323 1324 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1325 to_read = 4; 1326 1327 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1328 if (rc < 0) 1329 goto bad; 1330 1331 len = le32_to_cpu(buf[0]); 1332 typdatum->value = le32_to_cpu(buf[1]); 1333 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1334 u32 prop = le32_to_cpu(buf[2]); 1335 1336 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1337 typdatum->primary = 1; 1338 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1339 typdatum->attribute = 1; 1340 1341 typdatum->bounds = le32_to_cpu(buf[3]); 1342 } else { 1343 typdatum->primary = le32_to_cpu(buf[2]); 1344 } 1345 1346 key = kmalloc(len + 1, GFP_KERNEL); 1347 if (!key) { 1348 rc = -ENOMEM; 1349 goto bad; 1350 } 1351 rc = next_entry(key, fp, len); 1352 if (rc < 0) 1353 goto bad; 1354 key[len] = '\0'; 1355 1356 rc = hashtab_insert(h, key, typdatum); 1357 if (rc) 1358 goto bad; 1359 out: 1360 return rc; 1361 bad: 1362 type_destroy(key, typdatum, NULL); 1363 goto out; 1364 } 1365 1366 1367 /* 1368 * Read a MLS level structure from a policydb binary 1369 * representation file. 1370 */ 1371 static int mls_read_level(struct mls_level *lp, void *fp) 1372 { 1373 __le32 buf[1]; 1374 int rc; 1375 1376 memset(lp, 0, sizeof(*lp)); 1377 1378 rc = next_entry(buf, fp, sizeof buf); 1379 if (rc < 0) { 1380 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1381 goto bad; 1382 } 1383 lp->sens = le32_to_cpu(buf[0]); 1384 1385 if (ebitmap_read(&lp->cat, fp)) { 1386 printk(KERN_ERR "SELinux: mls: error reading level " 1387 "categories\n"); 1388 goto bad; 1389 } 1390 1391 return 0; 1392 1393 bad: 1394 return -EINVAL; 1395 } 1396 1397 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1398 { 1399 char *key = NULL; 1400 struct user_datum *usrdatum; 1401 int rc, to_read = 2; 1402 __le32 buf[3]; 1403 u32 len; 1404 1405 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1406 if (!usrdatum) { 1407 rc = -ENOMEM; 1408 goto out; 1409 } 1410 1411 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1412 to_read = 3; 1413 1414 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1415 if (rc < 0) 1416 goto bad; 1417 1418 len = le32_to_cpu(buf[0]); 1419 usrdatum->value = le32_to_cpu(buf[1]); 1420 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1421 usrdatum->bounds = le32_to_cpu(buf[2]); 1422 1423 key = kmalloc(len + 1, GFP_KERNEL); 1424 if (!key) { 1425 rc = -ENOMEM; 1426 goto bad; 1427 } 1428 rc = next_entry(key, fp, len); 1429 if (rc < 0) 1430 goto bad; 1431 key[len] = '\0'; 1432 1433 rc = ebitmap_read(&usrdatum->roles, fp); 1434 if (rc) 1435 goto bad; 1436 1437 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1438 rc = mls_read_range_helper(&usrdatum->range, fp); 1439 if (rc) 1440 goto bad; 1441 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1442 if (rc) 1443 goto bad; 1444 } 1445 1446 rc = hashtab_insert(h, key, usrdatum); 1447 if (rc) 1448 goto bad; 1449 out: 1450 return rc; 1451 bad: 1452 user_destroy(key, usrdatum, NULL); 1453 goto out; 1454 } 1455 1456 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1457 { 1458 char *key = NULL; 1459 struct level_datum *levdatum; 1460 int rc; 1461 __le32 buf[2]; 1462 u32 len; 1463 1464 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1465 if (!levdatum) { 1466 rc = -ENOMEM; 1467 goto out; 1468 } 1469 1470 rc = next_entry(buf, fp, sizeof buf); 1471 if (rc < 0) 1472 goto bad; 1473 1474 len = le32_to_cpu(buf[0]); 1475 levdatum->isalias = le32_to_cpu(buf[1]); 1476 1477 key = kmalloc(len + 1, GFP_ATOMIC); 1478 if (!key) { 1479 rc = -ENOMEM; 1480 goto bad; 1481 } 1482 rc = next_entry(key, fp, len); 1483 if (rc < 0) 1484 goto bad; 1485 key[len] = '\0'; 1486 1487 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1488 if (!levdatum->level) { 1489 rc = -ENOMEM; 1490 goto bad; 1491 } 1492 if (mls_read_level(levdatum->level, fp)) { 1493 rc = -EINVAL; 1494 goto bad; 1495 } 1496 1497 rc = hashtab_insert(h, key, levdatum); 1498 if (rc) 1499 goto bad; 1500 out: 1501 return rc; 1502 bad: 1503 sens_destroy(key, levdatum, NULL); 1504 goto out; 1505 } 1506 1507 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1508 { 1509 char *key = NULL; 1510 struct cat_datum *catdatum; 1511 int rc; 1512 __le32 buf[3]; 1513 u32 len; 1514 1515 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1516 if (!catdatum) { 1517 rc = -ENOMEM; 1518 goto out; 1519 } 1520 1521 rc = next_entry(buf, fp, sizeof buf); 1522 if (rc < 0) 1523 goto bad; 1524 1525 len = le32_to_cpu(buf[0]); 1526 catdatum->value = le32_to_cpu(buf[1]); 1527 catdatum->isalias = le32_to_cpu(buf[2]); 1528 1529 key = kmalloc(len + 1, GFP_ATOMIC); 1530 if (!key) { 1531 rc = -ENOMEM; 1532 goto bad; 1533 } 1534 rc = next_entry(key, fp, len); 1535 if (rc < 0) 1536 goto bad; 1537 key[len] = '\0'; 1538 1539 rc = hashtab_insert(h, key, catdatum); 1540 if (rc) 1541 goto bad; 1542 out: 1543 return rc; 1544 1545 bad: 1546 cat_destroy(key, catdatum, NULL); 1547 goto out; 1548 } 1549 1550 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1551 { 1552 common_read, 1553 class_read, 1554 role_read, 1555 type_read, 1556 user_read, 1557 cond_read_bool, 1558 sens_read, 1559 cat_read, 1560 }; 1561 1562 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1563 { 1564 struct user_datum *upper, *user; 1565 struct policydb *p = datap; 1566 int depth = 0; 1567 1568 upper = user = datum; 1569 while (upper->bounds) { 1570 struct ebitmap_node *node; 1571 unsigned long bit; 1572 1573 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1574 printk(KERN_ERR "SELinux: user %s: " 1575 "too deep or looped boundary", 1576 (char *) key); 1577 return -EINVAL; 1578 } 1579 1580 upper = p->user_val_to_struct[upper->bounds - 1]; 1581 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1582 if (ebitmap_get_bit(&upper->roles, bit)) 1583 continue; 1584 1585 printk(KERN_ERR 1586 "SELinux: boundary violated policy: " 1587 "user=%s role=%s bounds=%s\n", 1588 p->p_user_val_to_name[user->value - 1], 1589 p->p_role_val_to_name[bit], 1590 p->p_user_val_to_name[upper->value - 1]); 1591 1592 return -EINVAL; 1593 } 1594 } 1595 1596 return 0; 1597 } 1598 1599 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1600 { 1601 struct role_datum *upper, *role; 1602 struct policydb *p = datap; 1603 int depth = 0; 1604 1605 upper = role = datum; 1606 while (upper->bounds) { 1607 struct ebitmap_node *node; 1608 unsigned long bit; 1609 1610 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1611 printk(KERN_ERR "SELinux: role %s: " 1612 "too deep or looped bounds\n", 1613 (char *) key); 1614 return -EINVAL; 1615 } 1616 1617 upper = p->role_val_to_struct[upper->bounds - 1]; 1618 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1619 if (ebitmap_get_bit(&upper->types, bit)) 1620 continue; 1621 1622 printk(KERN_ERR 1623 "SELinux: boundary violated policy: " 1624 "role=%s type=%s bounds=%s\n", 1625 p->p_role_val_to_name[role->value - 1], 1626 p->p_type_val_to_name[bit], 1627 p->p_role_val_to_name[upper->value - 1]); 1628 1629 return -EINVAL; 1630 } 1631 } 1632 1633 return 0; 1634 } 1635 1636 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1637 { 1638 struct type_datum *upper; 1639 struct policydb *p = datap; 1640 int depth = 0; 1641 1642 upper = datum; 1643 while (upper->bounds) { 1644 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1645 printk(KERN_ERR "SELinux: type %s: " 1646 "too deep or looped boundary\n", 1647 (char *) key); 1648 return -EINVAL; 1649 } 1650 1651 upper = p->type_val_to_struct[upper->bounds - 1]; 1652 if (upper->attribute) { 1653 printk(KERN_ERR "SELinux: type %s: " 1654 "bounded by attribute %s", 1655 (char *) key, 1656 p->p_type_val_to_name[upper->value - 1]); 1657 return -EINVAL; 1658 } 1659 } 1660 1661 return 0; 1662 } 1663 1664 static int policydb_bounds_sanity_check(struct policydb *p) 1665 { 1666 int rc; 1667 1668 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1669 return 0; 1670 1671 rc = hashtab_map(p->p_users.table, 1672 user_bounds_sanity_check, p); 1673 if (rc) 1674 return rc; 1675 1676 rc = hashtab_map(p->p_roles.table, 1677 role_bounds_sanity_check, p); 1678 if (rc) 1679 return rc; 1680 1681 rc = hashtab_map(p->p_types.table, 1682 type_bounds_sanity_check, p); 1683 if (rc) 1684 return rc; 1685 1686 return 0; 1687 } 1688 1689 extern int ss_initialized; 1690 1691 u16 string_to_security_class(struct policydb *p, const char *name) 1692 { 1693 struct class_datum *cladatum; 1694 1695 cladatum = hashtab_search(p->p_classes.table, name); 1696 if (!cladatum) 1697 return 0; 1698 1699 return cladatum->value; 1700 } 1701 1702 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1703 { 1704 struct class_datum *cladatum; 1705 struct perm_datum *perdatum = NULL; 1706 struct common_datum *comdatum; 1707 1708 if (!tclass || tclass > p->p_classes.nprim) 1709 return 0; 1710 1711 cladatum = p->class_val_to_struct[tclass-1]; 1712 comdatum = cladatum->comdatum; 1713 if (comdatum) 1714 perdatum = hashtab_search(comdatum->permissions.table, 1715 name); 1716 if (!perdatum) 1717 perdatum = hashtab_search(cladatum->permissions.table, 1718 name); 1719 if (!perdatum) 1720 return 0; 1721 1722 return 1U << (perdatum->value-1); 1723 } 1724 1725 static int range_read(struct policydb *p, void *fp) 1726 { 1727 struct range_trans *rt = NULL; 1728 struct mls_range *r = NULL; 1729 int i, rc; 1730 __le32 buf[2]; 1731 u32 nel; 1732 1733 if (p->policyvers < POLICYDB_VERSION_MLS) 1734 return 0; 1735 1736 rc = next_entry(buf, fp, sizeof(u32)); 1737 if (rc) 1738 goto out; 1739 1740 nel = le32_to_cpu(buf[0]); 1741 for (i = 0; i < nel; i++) { 1742 rc = -ENOMEM; 1743 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1744 if (!rt) 1745 goto out; 1746 1747 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1748 if (rc) 1749 goto out; 1750 1751 rt->source_type = le32_to_cpu(buf[0]); 1752 rt->target_type = le32_to_cpu(buf[1]); 1753 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1754 rc = next_entry(buf, fp, sizeof(u32)); 1755 if (rc) 1756 goto out; 1757 rt->target_class = le32_to_cpu(buf[0]); 1758 } else 1759 rt->target_class = p->process_class; 1760 1761 rc = -EINVAL; 1762 if (!policydb_type_isvalid(p, rt->source_type) || 1763 !policydb_type_isvalid(p, rt->target_type) || 1764 !policydb_class_isvalid(p, rt->target_class)) 1765 goto out; 1766 1767 rc = -ENOMEM; 1768 r = kzalloc(sizeof(*r), GFP_KERNEL); 1769 if (!r) 1770 goto out; 1771 1772 rc = mls_read_range_helper(r, fp); 1773 if (rc) 1774 goto out; 1775 1776 rc = -EINVAL; 1777 if (!mls_range_isvalid(p, r)) { 1778 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1779 goto out; 1780 } 1781 1782 rc = hashtab_insert(p->range_tr, rt, r); 1783 if (rc) 1784 goto out; 1785 1786 rt = NULL; 1787 r = NULL; 1788 } 1789 rangetr_hash_eval(p->range_tr); 1790 rc = 0; 1791 out: 1792 kfree(rt); 1793 kfree(r); 1794 return rc; 1795 } 1796 1797 static int genfs_read(struct policydb *p, void *fp) 1798 { 1799 int i, j, rc; 1800 u32 nel, nel2, len, len2; 1801 __le32 buf[1]; 1802 struct ocontext *l, *c; 1803 struct ocontext *newc = NULL; 1804 struct genfs *genfs_p, *genfs; 1805 struct genfs *newgenfs = NULL; 1806 1807 rc = next_entry(buf, fp, sizeof(u32)); 1808 if (rc) 1809 goto out; 1810 nel = le32_to_cpu(buf[0]); 1811 1812 for (i = 0; i < nel; i++) { 1813 rc = next_entry(buf, fp, sizeof(u32)); 1814 if (rc) 1815 goto out; 1816 len = le32_to_cpu(buf[0]); 1817 1818 rc = -ENOMEM; 1819 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1820 if (!newgenfs) 1821 goto out; 1822 1823 rc = -ENOMEM; 1824 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1825 if (!newgenfs->fstype) 1826 goto out; 1827 1828 rc = next_entry(newgenfs->fstype, fp, len); 1829 if (rc) 1830 goto out; 1831 1832 newgenfs->fstype[len] = 0; 1833 1834 for (genfs_p = NULL, genfs = p->genfs; genfs; 1835 genfs_p = genfs, genfs = genfs->next) { 1836 rc = -EINVAL; 1837 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1838 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 1839 newgenfs->fstype); 1840 goto out; 1841 } 1842 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1843 break; 1844 } 1845 newgenfs->next = genfs; 1846 if (genfs_p) 1847 genfs_p->next = newgenfs; 1848 else 1849 p->genfs = newgenfs; 1850 genfs = newgenfs; 1851 newgenfs = NULL; 1852 1853 rc = next_entry(buf, fp, sizeof(u32)); 1854 if (rc) 1855 goto out; 1856 1857 nel2 = le32_to_cpu(buf[0]); 1858 for (j = 0; j < nel2; j++) { 1859 rc = next_entry(buf, fp, sizeof(u32)); 1860 if (rc) 1861 goto out; 1862 len = le32_to_cpu(buf[0]); 1863 1864 rc = -ENOMEM; 1865 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1866 if (!newc) 1867 goto out; 1868 1869 rc = -ENOMEM; 1870 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 1871 if (!newc->u.name) 1872 goto out; 1873 1874 rc = next_entry(newc->u.name, fp, len); 1875 if (rc) 1876 goto out; 1877 newc->u.name[len] = 0; 1878 1879 rc = next_entry(buf, fp, sizeof(u32)); 1880 if (rc) 1881 goto out; 1882 1883 newc->v.sclass = le32_to_cpu(buf[0]); 1884 rc = context_read_and_validate(&newc->context[0], p, fp); 1885 if (rc) 1886 goto out; 1887 1888 for (l = NULL, c = genfs->head; c; 1889 l = c, c = c->next) { 1890 rc = -EINVAL; 1891 if (!strcmp(newc->u.name, c->u.name) && 1892 (!c->v.sclass || !newc->v.sclass || 1893 newc->v.sclass == c->v.sclass)) { 1894 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 1895 genfs->fstype, c->u.name); 1896 goto out; 1897 } 1898 len = strlen(newc->u.name); 1899 len2 = strlen(c->u.name); 1900 if (len > len2) 1901 break; 1902 } 1903 1904 newc->next = c; 1905 if (l) 1906 l->next = newc; 1907 else 1908 genfs->head = newc; 1909 newc = NULL; 1910 } 1911 } 1912 rc = 0; 1913 out: 1914 if (newgenfs) 1915 kfree(newgenfs->fstype); 1916 kfree(newgenfs); 1917 ocontext_destroy(newc, OCON_FSUSE); 1918 1919 return rc; 1920 } 1921 1922 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 1923 void *fp) 1924 { 1925 int i, j, rc; 1926 u32 nel, len; 1927 __le32 buf[3]; 1928 struct ocontext *l, *c; 1929 u32 nodebuf[8]; 1930 1931 for (i = 0; i < info->ocon_num; i++) { 1932 rc = next_entry(buf, fp, sizeof(u32)); 1933 if (rc) 1934 goto out; 1935 nel = le32_to_cpu(buf[0]); 1936 1937 l = NULL; 1938 for (j = 0; j < nel; j++) { 1939 rc = -ENOMEM; 1940 c = kzalloc(sizeof(*c), GFP_KERNEL); 1941 if (!c) 1942 goto out; 1943 if (l) 1944 l->next = c; 1945 else 1946 p->ocontexts[i] = c; 1947 l = c; 1948 1949 switch (i) { 1950 case OCON_ISID: 1951 rc = next_entry(buf, fp, sizeof(u32)); 1952 if (rc) 1953 goto out; 1954 1955 c->sid[0] = le32_to_cpu(buf[0]); 1956 rc = context_read_and_validate(&c->context[0], p, fp); 1957 if (rc) 1958 goto out; 1959 break; 1960 case OCON_FS: 1961 case OCON_NETIF: 1962 rc = next_entry(buf, fp, sizeof(u32)); 1963 if (rc) 1964 goto out; 1965 len = le32_to_cpu(buf[0]); 1966 1967 rc = -ENOMEM; 1968 c->u.name = kmalloc(len + 1, GFP_KERNEL); 1969 if (!c->u.name) 1970 goto out; 1971 1972 rc = next_entry(c->u.name, fp, len); 1973 if (rc) 1974 goto out; 1975 1976 c->u.name[len] = 0; 1977 rc = context_read_and_validate(&c->context[0], p, fp); 1978 if (rc) 1979 goto out; 1980 rc = context_read_and_validate(&c->context[1], p, fp); 1981 if (rc) 1982 goto out; 1983 break; 1984 case OCON_PORT: 1985 rc = next_entry(buf, fp, sizeof(u32)*3); 1986 if (rc) 1987 goto out; 1988 c->u.port.protocol = le32_to_cpu(buf[0]); 1989 c->u.port.low_port = le32_to_cpu(buf[1]); 1990 c->u.port.high_port = le32_to_cpu(buf[2]); 1991 rc = context_read_and_validate(&c->context[0], p, fp); 1992 if (rc) 1993 goto out; 1994 break; 1995 case OCON_NODE: 1996 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 1997 if (rc) 1998 goto out; 1999 c->u.node.addr = nodebuf[0]; /* network order */ 2000 c->u.node.mask = nodebuf[1]; /* network order */ 2001 rc = context_read_and_validate(&c->context[0], p, fp); 2002 if (rc) 2003 goto out; 2004 break; 2005 case OCON_FSUSE: 2006 rc = next_entry(buf, fp, sizeof(u32)*2); 2007 if (rc) 2008 goto out; 2009 2010 rc = -EINVAL; 2011 c->v.behavior = le32_to_cpu(buf[0]); 2012 if (c->v.behavior > SECURITY_FS_USE_NONE) 2013 goto out; 2014 2015 rc = -ENOMEM; 2016 len = le32_to_cpu(buf[1]); 2017 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2018 if (!c->u.name) 2019 goto out; 2020 2021 rc = next_entry(c->u.name, fp, len); 2022 if (rc) 2023 goto out; 2024 c->u.name[len] = 0; 2025 rc = context_read_and_validate(&c->context[0], p, fp); 2026 if (rc) 2027 goto out; 2028 break; 2029 case OCON_NODE6: { 2030 int k; 2031 2032 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2033 if (rc) 2034 goto out; 2035 for (k = 0; k < 4; k++) 2036 c->u.node6.addr[k] = nodebuf[k]; 2037 for (k = 0; k < 4; k++) 2038 c->u.node6.mask[k] = nodebuf[k+4]; 2039 rc = context_read_and_validate(&c->context[0], p, fp); 2040 if (rc) 2041 goto out; 2042 break; 2043 } 2044 } 2045 } 2046 } 2047 rc = 0; 2048 out: 2049 return rc; 2050 } 2051 2052 /* 2053 * Read the configuration data from a policy database binary 2054 * representation file into a policy database structure. 2055 */ 2056 int policydb_read(struct policydb *p, void *fp) 2057 { 2058 struct role_allow *ra, *lra; 2059 struct role_trans *tr, *ltr; 2060 int i, j, rc; 2061 __le32 buf[4]; 2062 u32 len, nprim, nel; 2063 2064 char *policydb_str; 2065 struct policydb_compat_info *info; 2066 2067 rc = policydb_init(p); 2068 if (rc) 2069 goto out; 2070 2071 /* Read the magic number and string length. */ 2072 rc = next_entry(buf, fp, sizeof(u32) * 2); 2073 if (rc < 0) 2074 goto bad; 2075 2076 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2077 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2078 "not match expected magic number 0x%x\n", 2079 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2080 goto bad; 2081 } 2082 2083 len = le32_to_cpu(buf[1]); 2084 if (len != strlen(POLICYDB_STRING)) { 2085 printk(KERN_ERR "SELinux: policydb string length %d does not " 2086 "match expected length %Zu\n", 2087 len, strlen(POLICYDB_STRING)); 2088 goto bad; 2089 } 2090 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2091 if (!policydb_str) { 2092 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2093 "string of length %d\n", len); 2094 rc = -ENOMEM; 2095 goto bad; 2096 } 2097 rc = next_entry(policydb_str, fp, len); 2098 if (rc < 0) { 2099 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2100 kfree(policydb_str); 2101 goto bad; 2102 } 2103 policydb_str[len] = '\0'; 2104 if (strcmp(policydb_str, POLICYDB_STRING)) { 2105 printk(KERN_ERR "SELinux: policydb string %s does not match " 2106 "my string %s\n", policydb_str, POLICYDB_STRING); 2107 kfree(policydb_str); 2108 goto bad; 2109 } 2110 /* Done with policydb_str. */ 2111 kfree(policydb_str); 2112 policydb_str = NULL; 2113 2114 /* Read the version and table sizes. */ 2115 rc = next_entry(buf, fp, sizeof(u32)*4); 2116 if (rc < 0) 2117 goto bad; 2118 2119 p->policyvers = le32_to_cpu(buf[0]); 2120 if (p->policyvers < POLICYDB_VERSION_MIN || 2121 p->policyvers > POLICYDB_VERSION_MAX) { 2122 printk(KERN_ERR "SELinux: policydb version %d does not match " 2123 "my version range %d-%d\n", 2124 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2125 goto bad; 2126 } 2127 2128 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2129 p->mls_enabled = 1; 2130 2131 if (p->policyvers < POLICYDB_VERSION_MLS) { 2132 printk(KERN_ERR "SELinux: security policydb version %d " 2133 "(MLS) not backwards compatible\n", 2134 p->policyvers); 2135 goto bad; 2136 } 2137 } 2138 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2139 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2140 2141 if (p->policyvers >= POLICYDB_VERSION_POLCAP && 2142 ebitmap_read(&p->policycaps, fp) != 0) 2143 goto bad; 2144 2145 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 2146 ebitmap_read(&p->permissive_map, fp) != 0) 2147 goto bad; 2148 2149 info = policydb_lookup_compat(p->policyvers); 2150 if (!info) { 2151 printk(KERN_ERR "SELinux: unable to find policy compat info " 2152 "for version %d\n", p->policyvers); 2153 goto bad; 2154 } 2155 2156 if (le32_to_cpu(buf[2]) != info->sym_num || 2157 le32_to_cpu(buf[3]) != info->ocon_num) { 2158 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2159 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2160 le32_to_cpu(buf[3]), 2161 info->sym_num, info->ocon_num); 2162 goto bad; 2163 } 2164 2165 for (i = 0; i < info->sym_num; i++) { 2166 rc = next_entry(buf, fp, sizeof(u32)*2); 2167 if (rc < 0) 2168 goto bad; 2169 nprim = le32_to_cpu(buf[0]); 2170 nel = le32_to_cpu(buf[1]); 2171 for (j = 0; j < nel; j++) { 2172 rc = read_f[i](p, p->symtab[i].table, fp); 2173 if (rc) 2174 goto bad; 2175 } 2176 2177 p->symtab[i].nprim = nprim; 2178 } 2179 2180 rc = avtab_read(&p->te_avtab, fp, p); 2181 if (rc) 2182 goto bad; 2183 2184 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2185 rc = cond_read_list(p, fp); 2186 if (rc) 2187 goto bad; 2188 } 2189 2190 rc = next_entry(buf, fp, sizeof(u32)); 2191 if (rc < 0) 2192 goto bad; 2193 nel = le32_to_cpu(buf[0]); 2194 ltr = NULL; 2195 for (i = 0; i < nel; i++) { 2196 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2197 if (!tr) { 2198 rc = -ENOMEM; 2199 goto bad; 2200 } 2201 if (ltr) 2202 ltr->next = tr; 2203 else 2204 p->role_tr = tr; 2205 rc = next_entry(buf, fp, sizeof(u32)*3); 2206 if (rc < 0) 2207 goto bad; 2208 tr->role = le32_to_cpu(buf[0]); 2209 tr->type = le32_to_cpu(buf[1]); 2210 tr->new_role = le32_to_cpu(buf[2]); 2211 if (!policydb_role_isvalid(p, tr->role) || 2212 !policydb_type_isvalid(p, tr->type) || 2213 !policydb_role_isvalid(p, tr->new_role)) { 2214 rc = -EINVAL; 2215 goto bad; 2216 } 2217 ltr = tr; 2218 } 2219 2220 rc = next_entry(buf, fp, sizeof(u32)); 2221 if (rc < 0) 2222 goto bad; 2223 nel = le32_to_cpu(buf[0]); 2224 lra = NULL; 2225 for (i = 0; i < nel; i++) { 2226 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2227 if (!ra) { 2228 rc = -ENOMEM; 2229 goto bad; 2230 } 2231 if (lra) 2232 lra->next = ra; 2233 else 2234 p->role_allow = ra; 2235 rc = next_entry(buf, fp, sizeof(u32)*2); 2236 if (rc < 0) 2237 goto bad; 2238 ra->role = le32_to_cpu(buf[0]); 2239 ra->new_role = le32_to_cpu(buf[1]); 2240 if (!policydb_role_isvalid(p, ra->role) || 2241 !policydb_role_isvalid(p, ra->new_role)) { 2242 rc = -EINVAL; 2243 goto bad; 2244 } 2245 lra = ra; 2246 } 2247 2248 rc = policydb_index_classes(p); 2249 if (rc) 2250 goto bad; 2251 2252 rc = policydb_index_others(p); 2253 if (rc) 2254 goto bad; 2255 2256 p->process_class = string_to_security_class(p, "process"); 2257 if (!p->process_class) 2258 goto bad; 2259 p->process_trans_perms = string_to_av_perm(p, p->process_class, 2260 "transition"); 2261 p->process_trans_perms |= string_to_av_perm(p, p->process_class, 2262 "dyntransition"); 2263 if (!p->process_trans_perms) 2264 goto bad; 2265 2266 rc = ocontext_read(p, info, fp); 2267 if (rc) 2268 goto bad; 2269 2270 rc = genfs_read(p, fp); 2271 if (rc) 2272 goto bad; 2273 2274 rc = range_read(p, fp); 2275 if (rc) 2276 goto bad; 2277 2278 rc = -ENOMEM; 2279 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2280 p->p_types.nprim, 2281 GFP_KERNEL | __GFP_ZERO); 2282 if (!p->type_attr_map_array) 2283 goto bad; 2284 2285 /* preallocate so we don't have to worry about the put ever failing */ 2286 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim - 1, 2287 GFP_KERNEL | __GFP_ZERO); 2288 if (rc) 2289 goto bad; 2290 2291 for (i = 0; i < p->p_types.nprim; i++) { 2292 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2293 2294 BUG_ON(!e); 2295 ebitmap_init(e); 2296 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2297 rc = ebitmap_read(e, fp); 2298 if (rc) 2299 goto bad; 2300 } 2301 /* add the type itself as the degenerate case */ 2302 rc = ebitmap_set_bit(e, i, 1); 2303 if (rc) 2304 goto bad; 2305 } 2306 2307 rc = policydb_bounds_sanity_check(p); 2308 if (rc) 2309 goto bad; 2310 2311 rc = 0; 2312 out: 2313 return rc; 2314 bad: 2315 if (!rc) 2316 rc = -EINVAL; 2317 policydb_destroy(p); 2318 goto out; 2319 } 2320 2321 /* 2322 * Write a MLS level structure to a policydb binary 2323 * representation file. 2324 */ 2325 static int mls_write_level(struct mls_level *l, void *fp) 2326 { 2327 __le32 buf[1]; 2328 int rc; 2329 2330 buf[0] = cpu_to_le32(l->sens); 2331 rc = put_entry(buf, sizeof(u32), 1, fp); 2332 if (rc) 2333 return rc; 2334 2335 rc = ebitmap_write(&l->cat, fp); 2336 if (rc) 2337 return rc; 2338 2339 return 0; 2340 } 2341 2342 /* 2343 * Write a MLS range structure to a policydb binary 2344 * representation file. 2345 */ 2346 static int mls_write_range_helper(struct mls_range *r, void *fp) 2347 { 2348 __le32 buf[3]; 2349 size_t items; 2350 int rc, eq; 2351 2352 eq = mls_level_eq(&r->level[1], &r->level[0]); 2353 2354 if (eq) 2355 items = 2; 2356 else 2357 items = 3; 2358 buf[0] = cpu_to_le32(items-1); 2359 buf[1] = cpu_to_le32(r->level[0].sens); 2360 if (!eq) 2361 buf[2] = cpu_to_le32(r->level[1].sens); 2362 2363 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2364 2365 rc = put_entry(buf, sizeof(u32), items, fp); 2366 if (rc) 2367 return rc; 2368 2369 rc = ebitmap_write(&r->level[0].cat, fp); 2370 if (rc) 2371 return rc; 2372 if (!eq) { 2373 rc = ebitmap_write(&r->level[1].cat, fp); 2374 if (rc) 2375 return rc; 2376 } 2377 2378 return 0; 2379 } 2380 2381 static int sens_write(void *vkey, void *datum, void *ptr) 2382 { 2383 char *key = vkey; 2384 struct level_datum *levdatum = datum; 2385 struct policy_data *pd = ptr; 2386 void *fp = pd->fp; 2387 __le32 buf[2]; 2388 size_t len; 2389 int rc; 2390 2391 len = strlen(key); 2392 buf[0] = cpu_to_le32(len); 2393 buf[1] = cpu_to_le32(levdatum->isalias); 2394 rc = put_entry(buf, sizeof(u32), 2, fp); 2395 if (rc) 2396 return rc; 2397 2398 rc = put_entry(key, 1, len, fp); 2399 if (rc) 2400 return rc; 2401 2402 rc = mls_write_level(levdatum->level, fp); 2403 if (rc) 2404 return rc; 2405 2406 return 0; 2407 } 2408 2409 static int cat_write(void *vkey, void *datum, void *ptr) 2410 { 2411 char *key = vkey; 2412 struct cat_datum *catdatum = datum; 2413 struct policy_data *pd = ptr; 2414 void *fp = pd->fp; 2415 __le32 buf[3]; 2416 size_t len; 2417 int rc; 2418 2419 len = strlen(key); 2420 buf[0] = cpu_to_le32(len); 2421 buf[1] = cpu_to_le32(catdatum->value); 2422 buf[2] = cpu_to_le32(catdatum->isalias); 2423 rc = put_entry(buf, sizeof(u32), 3, fp); 2424 if (rc) 2425 return rc; 2426 2427 rc = put_entry(key, 1, len, fp); 2428 if (rc) 2429 return rc; 2430 2431 return 0; 2432 } 2433 2434 static int role_trans_write(struct role_trans *r, void *fp) 2435 { 2436 struct role_trans *tr; 2437 u32 buf[3]; 2438 size_t nel; 2439 int rc; 2440 2441 nel = 0; 2442 for (tr = r; tr; tr = tr->next) 2443 nel++; 2444 buf[0] = cpu_to_le32(nel); 2445 rc = put_entry(buf, sizeof(u32), 1, fp); 2446 if (rc) 2447 return rc; 2448 for (tr = r; tr; tr = tr->next) { 2449 buf[0] = cpu_to_le32(tr->role); 2450 buf[1] = cpu_to_le32(tr->type); 2451 buf[2] = cpu_to_le32(tr->new_role); 2452 rc = put_entry(buf, sizeof(u32), 3, fp); 2453 if (rc) 2454 return rc; 2455 } 2456 2457 return 0; 2458 } 2459 2460 static int role_allow_write(struct role_allow *r, void *fp) 2461 { 2462 struct role_allow *ra; 2463 u32 buf[2]; 2464 size_t nel; 2465 int rc; 2466 2467 nel = 0; 2468 for (ra = r; ra; ra = ra->next) 2469 nel++; 2470 buf[0] = cpu_to_le32(nel); 2471 rc = put_entry(buf, sizeof(u32), 1, fp); 2472 if (rc) 2473 return rc; 2474 for (ra = r; ra; ra = ra->next) { 2475 buf[0] = cpu_to_le32(ra->role); 2476 buf[1] = cpu_to_le32(ra->new_role); 2477 rc = put_entry(buf, sizeof(u32), 2, fp); 2478 if (rc) 2479 return rc; 2480 } 2481 return 0; 2482 } 2483 2484 /* 2485 * Write a security context structure 2486 * to a policydb binary representation file. 2487 */ 2488 static int context_write(struct policydb *p, struct context *c, 2489 void *fp) 2490 { 2491 int rc; 2492 __le32 buf[3]; 2493 2494 buf[0] = cpu_to_le32(c->user); 2495 buf[1] = cpu_to_le32(c->role); 2496 buf[2] = cpu_to_le32(c->type); 2497 2498 rc = put_entry(buf, sizeof(u32), 3, fp); 2499 if (rc) 2500 return rc; 2501 2502 rc = mls_write_range_helper(&c->range, fp); 2503 if (rc) 2504 return rc; 2505 2506 return 0; 2507 } 2508 2509 /* 2510 * The following *_write functions are used to 2511 * write the symbol data to a policy database 2512 * binary representation file. 2513 */ 2514 2515 static int perm_write(void *vkey, void *datum, void *fp) 2516 { 2517 char *key = vkey; 2518 struct perm_datum *perdatum = datum; 2519 __le32 buf[2]; 2520 size_t len; 2521 int rc; 2522 2523 len = strlen(key); 2524 buf[0] = cpu_to_le32(len); 2525 buf[1] = cpu_to_le32(perdatum->value); 2526 rc = put_entry(buf, sizeof(u32), 2, fp); 2527 if (rc) 2528 return rc; 2529 2530 rc = put_entry(key, 1, len, fp); 2531 if (rc) 2532 return rc; 2533 2534 return 0; 2535 } 2536 2537 static int common_write(void *vkey, void *datum, void *ptr) 2538 { 2539 char *key = vkey; 2540 struct common_datum *comdatum = datum; 2541 struct policy_data *pd = ptr; 2542 void *fp = pd->fp; 2543 __le32 buf[4]; 2544 size_t len; 2545 int rc; 2546 2547 len = strlen(key); 2548 buf[0] = cpu_to_le32(len); 2549 buf[1] = cpu_to_le32(comdatum->value); 2550 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2551 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2552 rc = put_entry(buf, sizeof(u32), 4, fp); 2553 if (rc) 2554 return rc; 2555 2556 rc = put_entry(key, 1, len, fp); 2557 if (rc) 2558 return rc; 2559 2560 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2561 if (rc) 2562 return rc; 2563 2564 return 0; 2565 } 2566 2567 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2568 void *fp) 2569 { 2570 struct constraint_node *c; 2571 struct constraint_expr *e; 2572 __le32 buf[3]; 2573 u32 nel; 2574 int rc; 2575 2576 for (c = node; c; c = c->next) { 2577 nel = 0; 2578 for (e = c->expr; e; e = e->next) 2579 nel++; 2580 buf[0] = cpu_to_le32(c->permissions); 2581 buf[1] = cpu_to_le32(nel); 2582 rc = put_entry(buf, sizeof(u32), 2, fp); 2583 if (rc) 2584 return rc; 2585 for (e = c->expr; e; e = e->next) { 2586 buf[0] = cpu_to_le32(e->expr_type); 2587 buf[1] = cpu_to_le32(e->attr); 2588 buf[2] = cpu_to_le32(e->op); 2589 rc = put_entry(buf, sizeof(u32), 3, fp); 2590 if (rc) 2591 return rc; 2592 2593 switch (e->expr_type) { 2594 case CEXPR_NAMES: 2595 rc = ebitmap_write(&e->names, fp); 2596 if (rc) 2597 return rc; 2598 break; 2599 default: 2600 break; 2601 } 2602 } 2603 } 2604 2605 return 0; 2606 } 2607 2608 static int class_write(void *vkey, void *datum, void *ptr) 2609 { 2610 char *key = vkey; 2611 struct class_datum *cladatum = datum; 2612 struct policy_data *pd = ptr; 2613 void *fp = pd->fp; 2614 struct policydb *p = pd->p; 2615 struct constraint_node *c; 2616 __le32 buf[6]; 2617 u32 ncons; 2618 size_t len, len2; 2619 int rc; 2620 2621 len = strlen(key); 2622 if (cladatum->comkey) 2623 len2 = strlen(cladatum->comkey); 2624 else 2625 len2 = 0; 2626 2627 ncons = 0; 2628 for (c = cladatum->constraints; c; c = c->next) 2629 ncons++; 2630 2631 buf[0] = cpu_to_le32(len); 2632 buf[1] = cpu_to_le32(len2); 2633 buf[2] = cpu_to_le32(cladatum->value); 2634 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2635 if (cladatum->permissions.table) 2636 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2637 else 2638 buf[4] = 0; 2639 buf[5] = cpu_to_le32(ncons); 2640 rc = put_entry(buf, sizeof(u32), 6, fp); 2641 if (rc) 2642 return rc; 2643 2644 rc = put_entry(key, 1, len, fp); 2645 if (rc) 2646 return rc; 2647 2648 if (cladatum->comkey) { 2649 rc = put_entry(cladatum->comkey, 1, len2, fp); 2650 if (rc) 2651 return rc; 2652 } 2653 2654 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2655 if (rc) 2656 return rc; 2657 2658 rc = write_cons_helper(p, cladatum->constraints, fp); 2659 if (rc) 2660 return rc; 2661 2662 /* write out the validatetrans rule */ 2663 ncons = 0; 2664 for (c = cladatum->validatetrans; c; c = c->next) 2665 ncons++; 2666 2667 buf[0] = cpu_to_le32(ncons); 2668 rc = put_entry(buf, sizeof(u32), 1, fp); 2669 if (rc) 2670 return rc; 2671 2672 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2673 if (rc) 2674 return rc; 2675 2676 return 0; 2677 } 2678 2679 static int role_write(void *vkey, void *datum, void *ptr) 2680 { 2681 char *key = vkey; 2682 struct role_datum *role = datum; 2683 struct policy_data *pd = ptr; 2684 void *fp = pd->fp; 2685 struct policydb *p = pd->p; 2686 __le32 buf[3]; 2687 size_t items, len; 2688 int rc; 2689 2690 len = strlen(key); 2691 items = 0; 2692 buf[items++] = cpu_to_le32(len); 2693 buf[items++] = cpu_to_le32(role->value); 2694 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2695 buf[items++] = cpu_to_le32(role->bounds); 2696 2697 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2698 2699 rc = put_entry(buf, sizeof(u32), items, fp); 2700 if (rc) 2701 return rc; 2702 2703 rc = put_entry(key, 1, len, fp); 2704 if (rc) 2705 return rc; 2706 2707 rc = ebitmap_write(&role->dominates, fp); 2708 if (rc) 2709 return rc; 2710 2711 rc = ebitmap_write(&role->types, fp); 2712 if (rc) 2713 return rc; 2714 2715 return 0; 2716 } 2717 2718 static int type_write(void *vkey, void *datum, void *ptr) 2719 { 2720 char *key = vkey; 2721 struct type_datum *typdatum = datum; 2722 struct policy_data *pd = ptr; 2723 struct policydb *p = pd->p; 2724 void *fp = pd->fp; 2725 __le32 buf[4]; 2726 int rc; 2727 size_t items, len; 2728 2729 len = strlen(key); 2730 items = 0; 2731 buf[items++] = cpu_to_le32(len); 2732 buf[items++] = cpu_to_le32(typdatum->value); 2733 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2734 u32 properties = 0; 2735 2736 if (typdatum->primary) 2737 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2738 2739 if (typdatum->attribute) 2740 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2741 2742 buf[items++] = cpu_to_le32(properties); 2743 buf[items++] = cpu_to_le32(typdatum->bounds); 2744 } else { 2745 buf[items++] = cpu_to_le32(typdatum->primary); 2746 } 2747 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2748 rc = put_entry(buf, sizeof(u32), items, fp); 2749 if (rc) 2750 return rc; 2751 2752 rc = put_entry(key, 1, len, fp); 2753 if (rc) 2754 return rc; 2755 2756 return 0; 2757 } 2758 2759 static int user_write(void *vkey, void *datum, void *ptr) 2760 { 2761 char *key = vkey; 2762 struct user_datum *usrdatum = datum; 2763 struct policy_data *pd = ptr; 2764 struct policydb *p = pd->p; 2765 void *fp = pd->fp; 2766 __le32 buf[3]; 2767 size_t items, len; 2768 int rc; 2769 2770 len = strlen(key); 2771 items = 0; 2772 buf[items++] = cpu_to_le32(len); 2773 buf[items++] = cpu_to_le32(usrdatum->value); 2774 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2775 buf[items++] = cpu_to_le32(usrdatum->bounds); 2776 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2777 rc = put_entry(buf, sizeof(u32), items, fp); 2778 if (rc) 2779 return rc; 2780 2781 rc = put_entry(key, 1, len, fp); 2782 if (rc) 2783 return rc; 2784 2785 rc = ebitmap_write(&usrdatum->roles, fp); 2786 if (rc) 2787 return rc; 2788 2789 rc = mls_write_range_helper(&usrdatum->range, fp); 2790 if (rc) 2791 return rc; 2792 2793 rc = mls_write_level(&usrdatum->dfltlevel, fp); 2794 if (rc) 2795 return rc; 2796 2797 return 0; 2798 } 2799 2800 static int (*write_f[SYM_NUM]) (void *key, void *datum, 2801 void *datap) = 2802 { 2803 common_write, 2804 class_write, 2805 role_write, 2806 type_write, 2807 user_write, 2808 cond_write_bool, 2809 sens_write, 2810 cat_write, 2811 }; 2812 2813 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 2814 void *fp) 2815 { 2816 unsigned int i, j, rc; 2817 size_t nel, len; 2818 __le32 buf[3]; 2819 u32 nodebuf[8]; 2820 struct ocontext *c; 2821 for (i = 0; i < info->ocon_num; i++) { 2822 nel = 0; 2823 for (c = p->ocontexts[i]; c; c = c->next) 2824 nel++; 2825 buf[0] = cpu_to_le32(nel); 2826 rc = put_entry(buf, sizeof(u32), 1, fp); 2827 if (rc) 2828 return rc; 2829 for (c = p->ocontexts[i]; c; c = c->next) { 2830 switch (i) { 2831 case OCON_ISID: 2832 buf[0] = cpu_to_le32(c->sid[0]); 2833 rc = put_entry(buf, sizeof(u32), 1, fp); 2834 if (rc) 2835 return rc; 2836 rc = context_write(p, &c->context[0], fp); 2837 if (rc) 2838 return rc; 2839 break; 2840 case OCON_FS: 2841 case OCON_NETIF: 2842 len = strlen(c->u.name); 2843 buf[0] = cpu_to_le32(len); 2844 rc = put_entry(buf, sizeof(u32), 1, fp); 2845 if (rc) 2846 return rc; 2847 rc = put_entry(c->u.name, 1, len, fp); 2848 if (rc) 2849 return rc; 2850 rc = context_write(p, &c->context[0], fp); 2851 if (rc) 2852 return rc; 2853 rc = context_write(p, &c->context[1], fp); 2854 if (rc) 2855 return rc; 2856 break; 2857 case OCON_PORT: 2858 buf[0] = cpu_to_le32(c->u.port.protocol); 2859 buf[1] = cpu_to_le32(c->u.port.low_port); 2860 buf[2] = cpu_to_le32(c->u.port.high_port); 2861 rc = put_entry(buf, sizeof(u32), 3, fp); 2862 if (rc) 2863 return rc; 2864 rc = context_write(p, &c->context[0], fp); 2865 if (rc) 2866 return rc; 2867 break; 2868 case OCON_NODE: 2869 nodebuf[0] = c->u.node.addr; /* network order */ 2870 nodebuf[1] = c->u.node.mask; /* network order */ 2871 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 2872 if (rc) 2873 return rc; 2874 rc = context_write(p, &c->context[0], fp); 2875 if (rc) 2876 return rc; 2877 break; 2878 case OCON_FSUSE: 2879 buf[0] = cpu_to_le32(c->v.behavior); 2880 len = strlen(c->u.name); 2881 buf[1] = cpu_to_le32(len); 2882 rc = put_entry(buf, sizeof(u32), 2, fp); 2883 if (rc) 2884 return rc; 2885 rc = put_entry(c->u.name, 1, len, fp); 2886 if (rc) 2887 return rc; 2888 rc = context_write(p, &c->context[0], fp); 2889 if (rc) 2890 return rc; 2891 break; 2892 case OCON_NODE6: 2893 for (j = 0; j < 4; j++) 2894 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 2895 for (j = 0; j < 4; j++) 2896 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 2897 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 2898 if (rc) 2899 return rc; 2900 rc = context_write(p, &c->context[0], fp); 2901 if (rc) 2902 return rc; 2903 break; 2904 } 2905 } 2906 } 2907 return 0; 2908 } 2909 2910 static int genfs_write(struct policydb *p, void *fp) 2911 { 2912 struct genfs *genfs; 2913 struct ocontext *c; 2914 size_t len; 2915 __le32 buf[1]; 2916 int rc; 2917 2918 len = 0; 2919 for (genfs = p->genfs; genfs; genfs = genfs->next) 2920 len++; 2921 buf[0] = cpu_to_le32(len); 2922 rc = put_entry(buf, sizeof(u32), 1, fp); 2923 if (rc) 2924 return rc; 2925 for (genfs = p->genfs; genfs; genfs = genfs->next) { 2926 len = strlen(genfs->fstype); 2927 buf[0] = cpu_to_le32(len); 2928 rc = put_entry(buf, sizeof(u32), 1, fp); 2929 if (rc) 2930 return rc; 2931 rc = put_entry(genfs->fstype, 1, len, fp); 2932 if (rc) 2933 return rc; 2934 len = 0; 2935 for (c = genfs->head; c; c = c->next) 2936 len++; 2937 buf[0] = cpu_to_le32(len); 2938 rc = put_entry(buf, sizeof(u32), 1, fp); 2939 if (rc) 2940 return rc; 2941 for (c = genfs->head; c; c = c->next) { 2942 len = strlen(c->u.name); 2943 buf[0] = cpu_to_le32(len); 2944 rc = put_entry(buf, sizeof(u32), 1, fp); 2945 if (rc) 2946 return rc; 2947 rc = put_entry(c->u.name, 1, len, fp); 2948 if (rc) 2949 return rc; 2950 buf[0] = cpu_to_le32(c->v.sclass); 2951 rc = put_entry(buf, sizeof(u32), 1, fp); 2952 if (rc) 2953 return rc; 2954 rc = context_write(p, &c->context[0], fp); 2955 if (rc) 2956 return rc; 2957 } 2958 } 2959 return 0; 2960 } 2961 2962 static int range_count(void *key, void *data, void *ptr) 2963 { 2964 int *cnt = ptr; 2965 *cnt = *cnt + 1; 2966 2967 return 0; 2968 } 2969 2970 static int range_write_helper(void *key, void *data, void *ptr) 2971 { 2972 __le32 buf[2]; 2973 struct range_trans *rt = key; 2974 struct mls_range *r = data; 2975 struct policy_data *pd = ptr; 2976 void *fp = pd->fp; 2977 struct policydb *p = pd->p; 2978 int rc; 2979 2980 buf[0] = cpu_to_le32(rt->source_type); 2981 buf[1] = cpu_to_le32(rt->target_type); 2982 rc = put_entry(buf, sizeof(u32), 2, fp); 2983 if (rc) 2984 return rc; 2985 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 2986 buf[0] = cpu_to_le32(rt->target_class); 2987 rc = put_entry(buf, sizeof(u32), 1, fp); 2988 if (rc) 2989 return rc; 2990 } 2991 rc = mls_write_range_helper(r, fp); 2992 if (rc) 2993 return rc; 2994 2995 return 0; 2996 } 2997 2998 static int range_write(struct policydb *p, void *fp) 2999 { 3000 size_t nel; 3001 __le32 buf[1]; 3002 int rc; 3003 struct policy_data pd; 3004 3005 pd.p = p; 3006 pd.fp = fp; 3007 3008 /* count the number of entries in the hashtab */ 3009 nel = 0; 3010 rc = hashtab_map(p->range_tr, range_count, &nel); 3011 if (rc) 3012 return rc; 3013 3014 buf[0] = cpu_to_le32(nel); 3015 rc = put_entry(buf, sizeof(u32), 1, fp); 3016 if (rc) 3017 return rc; 3018 3019 /* actually write all of the entries */ 3020 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3021 if (rc) 3022 return rc; 3023 3024 return 0; 3025 } 3026 3027 /* 3028 * Write the configuration data in a policy database 3029 * structure to a policy database binary representation 3030 * file. 3031 */ 3032 int policydb_write(struct policydb *p, void *fp) 3033 { 3034 unsigned int i, num_syms; 3035 int rc; 3036 __le32 buf[4]; 3037 u32 config; 3038 size_t len; 3039 struct policydb_compat_info *info; 3040 3041 /* 3042 * refuse to write policy older than compressed avtab 3043 * to simplify the writer. There are other tests dropped 3044 * since we assume this throughout the writer code. Be 3045 * careful if you ever try to remove this restriction 3046 */ 3047 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3048 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3049 " Because it is less than version %d\n", p->policyvers, 3050 POLICYDB_VERSION_AVTAB); 3051 return -EINVAL; 3052 } 3053 3054 config = 0; 3055 if (p->mls_enabled) 3056 config |= POLICYDB_CONFIG_MLS; 3057 3058 if (p->reject_unknown) 3059 config |= REJECT_UNKNOWN; 3060 if (p->allow_unknown) 3061 config |= ALLOW_UNKNOWN; 3062 3063 /* Write the magic number and string identifiers. */ 3064 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3065 len = strlen(POLICYDB_STRING); 3066 buf[1] = cpu_to_le32(len); 3067 rc = put_entry(buf, sizeof(u32), 2, fp); 3068 if (rc) 3069 return rc; 3070 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3071 if (rc) 3072 return rc; 3073 3074 /* Write the version, config, and table sizes. */ 3075 info = policydb_lookup_compat(p->policyvers); 3076 if (!info) { 3077 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3078 "version %d", p->policyvers); 3079 return rc; 3080 } 3081 3082 buf[0] = cpu_to_le32(p->policyvers); 3083 buf[1] = cpu_to_le32(config); 3084 buf[2] = cpu_to_le32(info->sym_num); 3085 buf[3] = cpu_to_le32(info->ocon_num); 3086 3087 rc = put_entry(buf, sizeof(u32), 4, fp); 3088 if (rc) 3089 return rc; 3090 3091 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3092 rc = ebitmap_write(&p->policycaps, fp); 3093 if (rc) 3094 return rc; 3095 } 3096 3097 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3098 rc = ebitmap_write(&p->permissive_map, fp); 3099 if (rc) 3100 return rc; 3101 } 3102 3103 num_syms = info->sym_num; 3104 for (i = 0; i < num_syms; i++) { 3105 struct policy_data pd; 3106 3107 pd.fp = fp; 3108 pd.p = p; 3109 3110 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3111 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3112 3113 rc = put_entry(buf, sizeof(u32), 2, fp); 3114 if (rc) 3115 return rc; 3116 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3117 if (rc) 3118 return rc; 3119 } 3120 3121 rc = avtab_write(p, &p->te_avtab, fp); 3122 if (rc) 3123 return rc; 3124 3125 rc = cond_write_list(p, p->cond_list, fp); 3126 if (rc) 3127 return rc; 3128 3129 rc = role_trans_write(p->role_tr, fp); 3130 if (rc) 3131 return rc; 3132 3133 rc = role_allow_write(p->role_allow, fp); 3134 if (rc) 3135 return rc; 3136 3137 rc = ocontext_write(p, info, fp); 3138 if (rc) 3139 return rc; 3140 3141 rc = genfs_write(p, fp); 3142 if (rc) 3143 return rc; 3144 3145 rc = range_write(p, fp); 3146 if (rc) 3147 return rc; 3148 3149 for (i = 0; i < p->p_types.nprim; i++) { 3150 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3151 3152 BUG_ON(!e); 3153 rc = ebitmap_write(e, fp); 3154 if (rc) 3155 return rc; 3156 } 3157 3158 return 0; 3159 } 3160