1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 }; 137 138 static struct policydb_compat_info *policydb_lookup_compat(int version) 139 { 140 int i; 141 struct policydb_compat_info *info = NULL; 142 143 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 144 if (policydb_compat[i].version == version) { 145 info = &policydb_compat[i]; 146 break; 147 } 148 } 149 return info; 150 } 151 152 /* 153 * Initialize the role table. 154 */ 155 static int roles_init(struct policydb *p) 156 { 157 char *key = NULL; 158 int rc; 159 struct role_datum *role; 160 161 rc = -ENOMEM; 162 role = kzalloc(sizeof(*role), GFP_KERNEL); 163 if (!role) 164 goto out; 165 166 rc = -EINVAL; 167 role->value = ++p->p_roles.nprim; 168 if (role->value != OBJECT_R_VAL) 169 goto out; 170 171 rc = -ENOMEM; 172 key = kstrdup(OBJECT_R, GFP_KERNEL); 173 if (!key) 174 goto out; 175 176 rc = hashtab_insert(p->p_roles.table, key, role); 177 if (rc) 178 goto out; 179 180 return 0; 181 out: 182 kfree(key); 183 kfree(role); 184 return rc; 185 } 186 187 static u32 filenametr_hash(struct hashtab *h, const void *k) 188 { 189 const struct filename_trans *ft = k; 190 unsigned long hash; 191 unsigned int byte_num; 192 unsigned char focus; 193 194 hash = ft->stype ^ ft->ttype ^ ft->tclass; 195 196 byte_num = 0; 197 while ((focus = ft->name[byte_num++])) 198 hash = partial_name_hash(focus, hash); 199 return hash & (h->size - 1); 200 } 201 202 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 203 { 204 const struct filename_trans *ft1 = k1; 205 const struct filename_trans *ft2 = k2; 206 int v; 207 208 v = ft1->stype - ft2->stype; 209 if (v) 210 return v; 211 212 v = ft1->ttype - ft2->ttype; 213 if (v) 214 return v; 215 216 v = ft1->tclass - ft2->tclass; 217 if (v) 218 return v; 219 220 return strcmp(ft1->name, ft2->name); 221 222 } 223 224 static u32 rangetr_hash(struct hashtab *h, const void *k) 225 { 226 const struct range_trans *key = k; 227 return (key->source_type + (key->target_type << 3) + 228 (key->target_class << 5)) & (h->size - 1); 229 } 230 231 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 232 { 233 const struct range_trans *key1 = k1, *key2 = k2; 234 int v; 235 236 v = key1->source_type - key2->source_type; 237 if (v) 238 return v; 239 240 v = key1->target_type - key2->target_type; 241 if (v) 242 return v; 243 244 v = key1->target_class - key2->target_class; 245 246 return v; 247 } 248 249 /* 250 * Initialize a policy database structure. 251 */ 252 static int policydb_init(struct policydb *p) 253 { 254 int i, rc; 255 256 memset(p, 0, sizeof(*p)); 257 258 for (i = 0; i < SYM_NUM; i++) { 259 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 260 if (rc) 261 goto out; 262 } 263 264 rc = avtab_init(&p->te_avtab); 265 if (rc) 266 goto out; 267 268 rc = roles_init(p); 269 if (rc) 270 goto out; 271 272 rc = cond_policydb_init(p); 273 if (rc) 274 goto out; 275 276 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 277 if (!p->filename_trans) 278 goto out; 279 280 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 281 if (!p->range_tr) 282 goto out; 283 284 ebitmap_init(&p->filename_trans_ttypes); 285 ebitmap_init(&p->policycaps); 286 ebitmap_init(&p->permissive_map); 287 288 return 0; 289 out: 290 hashtab_destroy(p->filename_trans); 291 hashtab_destroy(p->range_tr); 292 for (i = 0; i < SYM_NUM; i++) 293 hashtab_destroy(p->symtab[i].table); 294 return rc; 295 } 296 297 /* 298 * The following *_index functions are used to 299 * define the val_to_name and val_to_struct arrays 300 * in a policy database structure. The val_to_name 301 * arrays are used when converting security context 302 * structures into string representations. The 303 * val_to_struct arrays are used when the attributes 304 * of a class, role, or user are needed. 305 */ 306 307 static int common_index(void *key, void *datum, void *datap) 308 { 309 struct policydb *p; 310 struct common_datum *comdatum; 311 struct flex_array *fa; 312 313 comdatum = datum; 314 p = datap; 315 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 316 return -EINVAL; 317 318 fa = p->sym_val_to_name[SYM_COMMONS]; 319 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 320 GFP_KERNEL | __GFP_ZERO)) 321 BUG(); 322 return 0; 323 } 324 325 static int class_index(void *key, void *datum, void *datap) 326 { 327 struct policydb *p; 328 struct class_datum *cladatum; 329 struct flex_array *fa; 330 331 cladatum = datum; 332 p = datap; 333 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 334 return -EINVAL; 335 fa = p->sym_val_to_name[SYM_CLASSES]; 336 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 337 GFP_KERNEL | __GFP_ZERO)) 338 BUG(); 339 p->class_val_to_struct[cladatum->value - 1] = cladatum; 340 return 0; 341 } 342 343 static int role_index(void *key, void *datum, void *datap) 344 { 345 struct policydb *p; 346 struct role_datum *role; 347 struct flex_array *fa; 348 349 role = datum; 350 p = datap; 351 if (!role->value 352 || role->value > p->p_roles.nprim 353 || role->bounds > p->p_roles.nprim) 354 return -EINVAL; 355 356 fa = p->sym_val_to_name[SYM_ROLES]; 357 if (flex_array_put_ptr(fa, role->value - 1, key, 358 GFP_KERNEL | __GFP_ZERO)) 359 BUG(); 360 p->role_val_to_struct[role->value - 1] = role; 361 return 0; 362 } 363 364 static int type_index(void *key, void *datum, void *datap) 365 { 366 struct policydb *p; 367 struct type_datum *typdatum; 368 struct flex_array *fa; 369 370 typdatum = datum; 371 p = datap; 372 373 if (typdatum->primary) { 374 if (!typdatum->value 375 || typdatum->value > p->p_types.nprim 376 || typdatum->bounds > p->p_types.nprim) 377 return -EINVAL; 378 fa = p->sym_val_to_name[SYM_TYPES]; 379 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 380 GFP_KERNEL | __GFP_ZERO)) 381 BUG(); 382 383 fa = p->type_val_to_struct_array; 384 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 385 GFP_KERNEL | __GFP_ZERO)) 386 BUG(); 387 } 388 389 return 0; 390 } 391 392 static int user_index(void *key, void *datum, void *datap) 393 { 394 struct policydb *p; 395 struct user_datum *usrdatum; 396 struct flex_array *fa; 397 398 usrdatum = datum; 399 p = datap; 400 if (!usrdatum->value 401 || usrdatum->value > p->p_users.nprim 402 || usrdatum->bounds > p->p_users.nprim) 403 return -EINVAL; 404 405 fa = p->sym_val_to_name[SYM_USERS]; 406 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 407 GFP_KERNEL | __GFP_ZERO)) 408 BUG(); 409 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 410 return 0; 411 } 412 413 static int sens_index(void *key, void *datum, void *datap) 414 { 415 struct policydb *p; 416 struct level_datum *levdatum; 417 struct flex_array *fa; 418 419 levdatum = datum; 420 p = datap; 421 422 if (!levdatum->isalias) { 423 if (!levdatum->level->sens || 424 levdatum->level->sens > p->p_levels.nprim) 425 return -EINVAL; 426 fa = p->sym_val_to_name[SYM_LEVELS]; 427 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 428 GFP_KERNEL | __GFP_ZERO)) 429 BUG(); 430 } 431 432 return 0; 433 } 434 435 static int cat_index(void *key, void *datum, void *datap) 436 { 437 struct policydb *p; 438 struct cat_datum *catdatum; 439 struct flex_array *fa; 440 441 catdatum = datum; 442 p = datap; 443 444 if (!catdatum->isalias) { 445 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 446 return -EINVAL; 447 fa = p->sym_val_to_name[SYM_CATS]; 448 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 449 GFP_KERNEL | __GFP_ZERO)) 450 BUG(); 451 } 452 453 return 0; 454 } 455 456 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 457 { 458 common_index, 459 class_index, 460 role_index, 461 type_index, 462 user_index, 463 cond_index_bool, 464 sens_index, 465 cat_index, 466 }; 467 468 #ifdef DEBUG_HASHES 469 static void hash_eval(struct hashtab *h, const char *hash_name) 470 { 471 struct hashtab_info info; 472 473 hashtab_stat(h, &info); 474 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 475 "longest chain length %d\n", hash_name, h->nel, 476 info.slots_used, h->size, info.max_chain_len); 477 } 478 479 static void symtab_hash_eval(struct symtab *s) 480 { 481 int i; 482 483 for (i = 0; i < SYM_NUM; i++) 484 hash_eval(s[i].table, symtab_name[i]); 485 } 486 487 #else 488 static inline void hash_eval(struct hashtab *h, char *hash_name) 489 { 490 } 491 #endif 492 493 /* 494 * Define the other val_to_name and val_to_struct arrays 495 * in a policy database structure. 496 * 497 * Caller must clean up on failure. 498 */ 499 static int policydb_index(struct policydb *p) 500 { 501 int i, rc; 502 503 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 504 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 505 if (p->mls_enabled) 506 printk(", %d sens, %d cats", p->p_levels.nprim, 507 p->p_cats.nprim); 508 printk("\n"); 509 510 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 511 p->p_classes.nprim, p->te_avtab.nel); 512 513 #ifdef DEBUG_HASHES 514 avtab_hash_eval(&p->te_avtab, "rules"); 515 symtab_hash_eval(p->symtab); 516 #endif 517 518 rc = -ENOMEM; 519 p->class_val_to_struct = 520 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 521 GFP_KERNEL); 522 if (!p->class_val_to_struct) 523 goto out; 524 525 rc = -ENOMEM; 526 p->role_val_to_struct = 527 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 528 GFP_KERNEL); 529 if (!p->role_val_to_struct) 530 goto out; 531 532 rc = -ENOMEM; 533 p->user_val_to_struct = 534 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 535 GFP_KERNEL); 536 if (!p->user_val_to_struct) 537 goto out; 538 539 /* Yes, I want the sizeof the pointer, not the structure */ 540 rc = -ENOMEM; 541 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 542 p->p_types.nprim, 543 GFP_KERNEL | __GFP_ZERO); 544 if (!p->type_val_to_struct_array) 545 goto out; 546 547 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 548 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 549 if (rc) 550 goto out; 551 552 rc = cond_init_bool_indexes(p); 553 if (rc) 554 goto out; 555 556 for (i = 0; i < SYM_NUM; i++) { 557 rc = -ENOMEM; 558 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 559 p->symtab[i].nprim, 560 GFP_KERNEL | __GFP_ZERO); 561 if (!p->sym_val_to_name[i]) 562 goto out; 563 564 rc = flex_array_prealloc(p->sym_val_to_name[i], 565 0, p->symtab[i].nprim, 566 GFP_KERNEL | __GFP_ZERO); 567 if (rc) 568 goto out; 569 570 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 571 if (rc) 572 goto out; 573 } 574 rc = 0; 575 out: 576 return rc; 577 } 578 579 /* 580 * The following *_destroy functions are used to 581 * free any memory allocated for each kind of 582 * symbol data in the policy database. 583 */ 584 585 static int perm_destroy(void *key, void *datum, void *p) 586 { 587 kfree(key); 588 kfree(datum); 589 return 0; 590 } 591 592 static int common_destroy(void *key, void *datum, void *p) 593 { 594 struct common_datum *comdatum; 595 596 kfree(key); 597 if (datum) { 598 comdatum = datum; 599 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 600 hashtab_destroy(comdatum->permissions.table); 601 } 602 kfree(datum); 603 return 0; 604 } 605 606 static int cls_destroy(void *key, void *datum, void *p) 607 { 608 struct class_datum *cladatum; 609 struct constraint_node *constraint, *ctemp; 610 struct constraint_expr *e, *etmp; 611 612 kfree(key); 613 if (datum) { 614 cladatum = datum; 615 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 616 hashtab_destroy(cladatum->permissions.table); 617 constraint = cladatum->constraints; 618 while (constraint) { 619 e = constraint->expr; 620 while (e) { 621 ebitmap_destroy(&e->names); 622 etmp = e; 623 e = e->next; 624 kfree(etmp); 625 } 626 ctemp = constraint; 627 constraint = constraint->next; 628 kfree(ctemp); 629 } 630 631 constraint = cladatum->validatetrans; 632 while (constraint) { 633 e = constraint->expr; 634 while (e) { 635 ebitmap_destroy(&e->names); 636 etmp = e; 637 e = e->next; 638 kfree(etmp); 639 } 640 ctemp = constraint; 641 constraint = constraint->next; 642 kfree(ctemp); 643 } 644 645 kfree(cladatum->comkey); 646 } 647 kfree(datum); 648 return 0; 649 } 650 651 static int role_destroy(void *key, void *datum, void *p) 652 { 653 struct role_datum *role; 654 655 kfree(key); 656 if (datum) { 657 role = datum; 658 ebitmap_destroy(&role->dominates); 659 ebitmap_destroy(&role->types); 660 } 661 kfree(datum); 662 return 0; 663 } 664 665 static int type_destroy(void *key, void *datum, void *p) 666 { 667 kfree(key); 668 kfree(datum); 669 return 0; 670 } 671 672 static int user_destroy(void *key, void *datum, void *p) 673 { 674 struct user_datum *usrdatum; 675 676 kfree(key); 677 if (datum) { 678 usrdatum = datum; 679 ebitmap_destroy(&usrdatum->roles); 680 ebitmap_destroy(&usrdatum->range.level[0].cat); 681 ebitmap_destroy(&usrdatum->range.level[1].cat); 682 ebitmap_destroy(&usrdatum->dfltlevel.cat); 683 } 684 kfree(datum); 685 return 0; 686 } 687 688 static int sens_destroy(void *key, void *datum, void *p) 689 { 690 struct level_datum *levdatum; 691 692 kfree(key); 693 if (datum) { 694 levdatum = datum; 695 ebitmap_destroy(&levdatum->level->cat); 696 kfree(levdatum->level); 697 } 698 kfree(datum); 699 return 0; 700 } 701 702 static int cat_destroy(void *key, void *datum, void *p) 703 { 704 kfree(key); 705 kfree(datum); 706 return 0; 707 } 708 709 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 710 { 711 common_destroy, 712 cls_destroy, 713 role_destroy, 714 type_destroy, 715 user_destroy, 716 cond_destroy_bool, 717 sens_destroy, 718 cat_destroy, 719 }; 720 721 static int filenametr_destroy(void *key, void *datum, void *p) 722 { 723 struct filename_trans *ft = key; 724 kfree(ft->name); 725 kfree(key); 726 kfree(datum); 727 cond_resched(); 728 return 0; 729 } 730 731 static int range_tr_destroy(void *key, void *datum, void *p) 732 { 733 struct mls_range *rt = datum; 734 kfree(key); 735 ebitmap_destroy(&rt->level[0].cat); 736 ebitmap_destroy(&rt->level[1].cat); 737 kfree(datum); 738 cond_resched(); 739 return 0; 740 } 741 742 static void ocontext_destroy(struct ocontext *c, int i) 743 { 744 if (!c) 745 return; 746 747 context_destroy(&c->context[0]); 748 context_destroy(&c->context[1]); 749 if (i == OCON_ISID || i == OCON_FS || 750 i == OCON_NETIF || i == OCON_FSUSE) 751 kfree(c->u.name); 752 kfree(c); 753 } 754 755 /* 756 * Free any memory allocated by a policy database structure. 757 */ 758 void policydb_destroy(struct policydb *p) 759 { 760 struct ocontext *c, *ctmp; 761 struct genfs *g, *gtmp; 762 int i; 763 struct role_allow *ra, *lra = NULL; 764 struct role_trans *tr, *ltr = NULL; 765 766 for (i = 0; i < SYM_NUM; i++) { 767 cond_resched(); 768 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 769 hashtab_destroy(p->symtab[i].table); 770 } 771 772 for (i = 0; i < SYM_NUM; i++) { 773 if (p->sym_val_to_name[i]) 774 flex_array_free(p->sym_val_to_name[i]); 775 } 776 777 kfree(p->class_val_to_struct); 778 kfree(p->role_val_to_struct); 779 kfree(p->user_val_to_struct); 780 if (p->type_val_to_struct_array) 781 flex_array_free(p->type_val_to_struct_array); 782 783 avtab_destroy(&p->te_avtab); 784 785 for (i = 0; i < OCON_NUM; i++) { 786 cond_resched(); 787 c = p->ocontexts[i]; 788 while (c) { 789 ctmp = c; 790 c = c->next; 791 ocontext_destroy(ctmp, i); 792 } 793 p->ocontexts[i] = NULL; 794 } 795 796 g = p->genfs; 797 while (g) { 798 cond_resched(); 799 kfree(g->fstype); 800 c = g->head; 801 while (c) { 802 ctmp = c; 803 c = c->next; 804 ocontext_destroy(ctmp, OCON_FSUSE); 805 } 806 gtmp = g; 807 g = g->next; 808 kfree(gtmp); 809 } 810 p->genfs = NULL; 811 812 cond_policydb_destroy(p); 813 814 for (tr = p->role_tr; tr; tr = tr->next) { 815 cond_resched(); 816 kfree(ltr); 817 ltr = tr; 818 } 819 kfree(ltr); 820 821 for (ra = p->role_allow; ra; ra = ra->next) { 822 cond_resched(); 823 kfree(lra); 824 lra = ra; 825 } 826 kfree(lra); 827 828 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 829 hashtab_destroy(p->filename_trans); 830 831 hashtab_map(p->range_tr, range_tr_destroy, NULL); 832 hashtab_destroy(p->range_tr); 833 834 if (p->type_attr_map_array) { 835 for (i = 0; i < p->p_types.nprim; i++) { 836 struct ebitmap *e; 837 838 e = flex_array_get(p->type_attr_map_array, i); 839 if (!e) 840 continue; 841 ebitmap_destroy(e); 842 } 843 flex_array_free(p->type_attr_map_array); 844 } 845 846 ebitmap_destroy(&p->filename_trans_ttypes); 847 ebitmap_destroy(&p->policycaps); 848 ebitmap_destroy(&p->permissive_map); 849 850 return; 851 } 852 853 /* 854 * Load the initial SIDs specified in a policy database 855 * structure into a SID table. 856 */ 857 int policydb_load_isids(struct policydb *p, struct sidtab *s) 858 { 859 struct ocontext *head, *c; 860 int rc; 861 862 rc = sidtab_init(s); 863 if (rc) { 864 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 865 goto out; 866 } 867 868 head = p->ocontexts[OCON_ISID]; 869 for (c = head; c; c = c->next) { 870 rc = -EINVAL; 871 if (!c->context[0].user) { 872 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 873 c->u.name); 874 goto out; 875 } 876 877 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 878 if (rc) { 879 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 880 c->u.name); 881 goto out; 882 } 883 } 884 rc = 0; 885 out: 886 return rc; 887 } 888 889 int policydb_class_isvalid(struct policydb *p, unsigned int class) 890 { 891 if (!class || class > p->p_classes.nprim) 892 return 0; 893 return 1; 894 } 895 896 int policydb_role_isvalid(struct policydb *p, unsigned int role) 897 { 898 if (!role || role > p->p_roles.nprim) 899 return 0; 900 return 1; 901 } 902 903 int policydb_type_isvalid(struct policydb *p, unsigned int type) 904 { 905 if (!type || type > p->p_types.nprim) 906 return 0; 907 return 1; 908 } 909 910 /* 911 * Return 1 if the fields in the security context 912 * structure `c' are valid. Return 0 otherwise. 913 */ 914 int policydb_context_isvalid(struct policydb *p, struct context *c) 915 { 916 struct role_datum *role; 917 struct user_datum *usrdatum; 918 919 if (!c->role || c->role > p->p_roles.nprim) 920 return 0; 921 922 if (!c->user || c->user > p->p_users.nprim) 923 return 0; 924 925 if (!c->type || c->type > p->p_types.nprim) 926 return 0; 927 928 if (c->role != OBJECT_R_VAL) { 929 /* 930 * Role must be authorized for the type. 931 */ 932 role = p->role_val_to_struct[c->role - 1]; 933 if (!ebitmap_get_bit(&role->types, c->type - 1)) 934 /* role may not be associated with type */ 935 return 0; 936 937 /* 938 * User must be authorized for the role. 939 */ 940 usrdatum = p->user_val_to_struct[c->user - 1]; 941 if (!usrdatum) 942 return 0; 943 944 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 945 /* user may not be associated with role */ 946 return 0; 947 } 948 949 if (!mls_context_isvalid(p, c)) 950 return 0; 951 952 return 1; 953 } 954 955 /* 956 * Read a MLS range structure from a policydb binary 957 * representation file. 958 */ 959 static int mls_read_range_helper(struct mls_range *r, void *fp) 960 { 961 __le32 buf[2]; 962 u32 items; 963 int rc; 964 965 rc = next_entry(buf, fp, sizeof(u32)); 966 if (rc) 967 goto out; 968 969 rc = -EINVAL; 970 items = le32_to_cpu(buf[0]); 971 if (items > ARRAY_SIZE(buf)) { 972 printk(KERN_ERR "SELinux: mls: range overflow\n"); 973 goto out; 974 } 975 976 rc = next_entry(buf, fp, sizeof(u32) * items); 977 if (rc) { 978 printk(KERN_ERR "SELinux: mls: truncated range\n"); 979 goto out; 980 } 981 982 r->level[0].sens = le32_to_cpu(buf[0]); 983 if (items > 1) 984 r->level[1].sens = le32_to_cpu(buf[1]); 985 else 986 r->level[1].sens = r->level[0].sens; 987 988 rc = ebitmap_read(&r->level[0].cat, fp); 989 if (rc) { 990 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 991 goto out; 992 } 993 if (items > 1) { 994 rc = ebitmap_read(&r->level[1].cat, fp); 995 if (rc) { 996 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 997 goto bad_high; 998 } 999 } else { 1000 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1001 if (rc) { 1002 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1003 goto bad_high; 1004 } 1005 } 1006 1007 return 0; 1008 bad_high: 1009 ebitmap_destroy(&r->level[0].cat); 1010 out: 1011 return rc; 1012 } 1013 1014 /* 1015 * Read and validate a security context structure 1016 * from a policydb binary representation file. 1017 */ 1018 static int context_read_and_validate(struct context *c, 1019 struct policydb *p, 1020 void *fp) 1021 { 1022 __le32 buf[3]; 1023 int rc; 1024 1025 rc = next_entry(buf, fp, sizeof buf); 1026 if (rc) { 1027 printk(KERN_ERR "SELinux: context truncated\n"); 1028 goto out; 1029 } 1030 c->user = le32_to_cpu(buf[0]); 1031 c->role = le32_to_cpu(buf[1]); 1032 c->type = le32_to_cpu(buf[2]); 1033 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1034 rc = mls_read_range_helper(&c->range, fp); 1035 if (rc) { 1036 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1037 goto out; 1038 } 1039 } 1040 1041 rc = -EINVAL; 1042 if (!policydb_context_isvalid(p, c)) { 1043 printk(KERN_ERR "SELinux: invalid security context\n"); 1044 context_destroy(c); 1045 goto out; 1046 } 1047 rc = 0; 1048 out: 1049 return rc; 1050 } 1051 1052 /* 1053 * The following *_read functions are used to 1054 * read the symbol data from a policy database 1055 * binary representation file. 1056 */ 1057 1058 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1059 { 1060 char *key = NULL; 1061 struct perm_datum *perdatum; 1062 int rc; 1063 __le32 buf[2]; 1064 u32 len; 1065 1066 rc = -ENOMEM; 1067 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1068 if (!perdatum) 1069 goto bad; 1070 1071 rc = next_entry(buf, fp, sizeof buf); 1072 if (rc) 1073 goto bad; 1074 1075 len = le32_to_cpu(buf[0]); 1076 perdatum->value = le32_to_cpu(buf[1]); 1077 1078 rc = -ENOMEM; 1079 key = kmalloc(len + 1, GFP_KERNEL); 1080 if (!key) 1081 goto bad; 1082 1083 rc = next_entry(key, fp, len); 1084 if (rc) 1085 goto bad; 1086 key[len] = '\0'; 1087 1088 rc = hashtab_insert(h, key, perdatum); 1089 if (rc) 1090 goto bad; 1091 1092 return 0; 1093 bad: 1094 perm_destroy(key, perdatum, NULL); 1095 return rc; 1096 } 1097 1098 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1099 { 1100 char *key = NULL; 1101 struct common_datum *comdatum; 1102 __le32 buf[4]; 1103 u32 len, nel; 1104 int i, rc; 1105 1106 rc = -ENOMEM; 1107 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1108 if (!comdatum) 1109 goto bad; 1110 1111 rc = next_entry(buf, fp, sizeof buf); 1112 if (rc) 1113 goto bad; 1114 1115 len = le32_to_cpu(buf[0]); 1116 comdatum->value = le32_to_cpu(buf[1]); 1117 1118 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1119 if (rc) 1120 goto bad; 1121 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1122 nel = le32_to_cpu(buf[3]); 1123 1124 rc = -ENOMEM; 1125 key = kmalloc(len + 1, GFP_KERNEL); 1126 if (!key) 1127 goto bad; 1128 1129 rc = next_entry(key, fp, len); 1130 if (rc) 1131 goto bad; 1132 key[len] = '\0'; 1133 1134 for (i = 0; i < nel; i++) { 1135 rc = perm_read(p, comdatum->permissions.table, fp); 1136 if (rc) 1137 goto bad; 1138 } 1139 1140 rc = hashtab_insert(h, key, comdatum); 1141 if (rc) 1142 goto bad; 1143 return 0; 1144 bad: 1145 common_destroy(key, comdatum, NULL); 1146 return rc; 1147 } 1148 1149 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1150 int allowxtarget, void *fp) 1151 { 1152 struct constraint_node *c, *lc; 1153 struct constraint_expr *e, *le; 1154 __le32 buf[3]; 1155 u32 nexpr; 1156 int rc, i, j, depth; 1157 1158 lc = NULL; 1159 for (i = 0; i < ncons; i++) { 1160 c = kzalloc(sizeof(*c), GFP_KERNEL); 1161 if (!c) 1162 return -ENOMEM; 1163 1164 if (lc) 1165 lc->next = c; 1166 else 1167 *nodep = c; 1168 1169 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1170 if (rc) 1171 return rc; 1172 c->permissions = le32_to_cpu(buf[0]); 1173 nexpr = le32_to_cpu(buf[1]); 1174 le = NULL; 1175 depth = -1; 1176 for (j = 0; j < nexpr; j++) { 1177 e = kzalloc(sizeof(*e), GFP_KERNEL); 1178 if (!e) 1179 return -ENOMEM; 1180 1181 if (le) 1182 le->next = e; 1183 else 1184 c->expr = e; 1185 1186 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1187 if (rc) 1188 return rc; 1189 e->expr_type = le32_to_cpu(buf[0]); 1190 e->attr = le32_to_cpu(buf[1]); 1191 e->op = le32_to_cpu(buf[2]); 1192 1193 switch (e->expr_type) { 1194 case CEXPR_NOT: 1195 if (depth < 0) 1196 return -EINVAL; 1197 break; 1198 case CEXPR_AND: 1199 case CEXPR_OR: 1200 if (depth < 1) 1201 return -EINVAL; 1202 depth--; 1203 break; 1204 case CEXPR_ATTR: 1205 if (depth == (CEXPR_MAXDEPTH - 1)) 1206 return -EINVAL; 1207 depth++; 1208 break; 1209 case CEXPR_NAMES: 1210 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1211 return -EINVAL; 1212 if (depth == (CEXPR_MAXDEPTH - 1)) 1213 return -EINVAL; 1214 depth++; 1215 rc = ebitmap_read(&e->names, fp); 1216 if (rc) 1217 return rc; 1218 break; 1219 default: 1220 return -EINVAL; 1221 } 1222 le = e; 1223 } 1224 if (depth != 0) 1225 return -EINVAL; 1226 lc = c; 1227 } 1228 1229 return 0; 1230 } 1231 1232 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1233 { 1234 char *key = NULL; 1235 struct class_datum *cladatum; 1236 __le32 buf[6]; 1237 u32 len, len2, ncons, nel; 1238 int i, rc; 1239 1240 rc = -ENOMEM; 1241 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1242 if (!cladatum) 1243 goto bad; 1244 1245 rc = next_entry(buf, fp, sizeof(u32)*6); 1246 if (rc) 1247 goto bad; 1248 1249 len = le32_to_cpu(buf[0]); 1250 len2 = le32_to_cpu(buf[1]); 1251 cladatum->value = le32_to_cpu(buf[2]); 1252 1253 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1254 if (rc) 1255 goto bad; 1256 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1257 nel = le32_to_cpu(buf[4]); 1258 1259 ncons = le32_to_cpu(buf[5]); 1260 1261 rc = -ENOMEM; 1262 key = kmalloc(len + 1, GFP_KERNEL); 1263 if (!key) 1264 goto bad; 1265 1266 rc = next_entry(key, fp, len); 1267 if (rc) 1268 goto bad; 1269 key[len] = '\0'; 1270 1271 if (len2) { 1272 rc = -ENOMEM; 1273 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); 1274 if (!cladatum->comkey) 1275 goto bad; 1276 rc = next_entry(cladatum->comkey, fp, len2); 1277 if (rc) 1278 goto bad; 1279 cladatum->comkey[len2] = '\0'; 1280 1281 rc = -EINVAL; 1282 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1283 if (!cladatum->comdatum) { 1284 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1285 goto bad; 1286 } 1287 } 1288 for (i = 0; i < nel; i++) { 1289 rc = perm_read(p, cladatum->permissions.table, fp); 1290 if (rc) 1291 goto bad; 1292 } 1293 1294 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1295 if (rc) 1296 goto bad; 1297 1298 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1299 /* grab the validatetrans rules */ 1300 rc = next_entry(buf, fp, sizeof(u32)); 1301 if (rc) 1302 goto bad; 1303 ncons = le32_to_cpu(buf[0]); 1304 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1305 if (rc) 1306 goto bad; 1307 } 1308 1309 rc = hashtab_insert(h, key, cladatum); 1310 if (rc) 1311 goto bad; 1312 1313 return 0; 1314 bad: 1315 cls_destroy(key, cladatum, NULL); 1316 return rc; 1317 } 1318 1319 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1320 { 1321 char *key = NULL; 1322 struct role_datum *role; 1323 int rc, to_read = 2; 1324 __le32 buf[3]; 1325 u32 len; 1326 1327 rc = -ENOMEM; 1328 role = kzalloc(sizeof(*role), GFP_KERNEL); 1329 if (!role) 1330 goto bad; 1331 1332 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1333 to_read = 3; 1334 1335 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1336 if (rc) 1337 goto bad; 1338 1339 len = le32_to_cpu(buf[0]); 1340 role->value = le32_to_cpu(buf[1]); 1341 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1342 role->bounds = le32_to_cpu(buf[2]); 1343 1344 rc = -ENOMEM; 1345 key = kmalloc(len + 1, GFP_KERNEL); 1346 if (!key) 1347 goto bad; 1348 1349 rc = next_entry(key, fp, len); 1350 if (rc) 1351 goto bad; 1352 key[len] = '\0'; 1353 1354 rc = ebitmap_read(&role->dominates, fp); 1355 if (rc) 1356 goto bad; 1357 1358 rc = ebitmap_read(&role->types, fp); 1359 if (rc) 1360 goto bad; 1361 1362 if (strcmp(key, OBJECT_R) == 0) { 1363 rc = -EINVAL; 1364 if (role->value != OBJECT_R_VAL) { 1365 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1366 OBJECT_R, role->value); 1367 goto bad; 1368 } 1369 rc = 0; 1370 goto bad; 1371 } 1372 1373 rc = hashtab_insert(h, key, role); 1374 if (rc) 1375 goto bad; 1376 return 0; 1377 bad: 1378 role_destroy(key, role, NULL); 1379 return rc; 1380 } 1381 1382 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1383 { 1384 char *key = NULL; 1385 struct type_datum *typdatum; 1386 int rc, to_read = 3; 1387 __le32 buf[4]; 1388 u32 len; 1389 1390 rc = -ENOMEM; 1391 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1392 if (!typdatum) 1393 goto bad; 1394 1395 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1396 to_read = 4; 1397 1398 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1399 if (rc) 1400 goto bad; 1401 1402 len = le32_to_cpu(buf[0]); 1403 typdatum->value = le32_to_cpu(buf[1]); 1404 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1405 u32 prop = le32_to_cpu(buf[2]); 1406 1407 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1408 typdatum->primary = 1; 1409 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1410 typdatum->attribute = 1; 1411 1412 typdatum->bounds = le32_to_cpu(buf[3]); 1413 } else { 1414 typdatum->primary = le32_to_cpu(buf[2]); 1415 } 1416 1417 rc = -ENOMEM; 1418 key = kmalloc(len + 1, GFP_KERNEL); 1419 if (!key) 1420 goto bad; 1421 rc = next_entry(key, fp, len); 1422 if (rc) 1423 goto bad; 1424 key[len] = '\0'; 1425 1426 rc = hashtab_insert(h, key, typdatum); 1427 if (rc) 1428 goto bad; 1429 return 0; 1430 bad: 1431 type_destroy(key, typdatum, NULL); 1432 return rc; 1433 } 1434 1435 1436 /* 1437 * Read a MLS level structure from a policydb binary 1438 * representation file. 1439 */ 1440 static int mls_read_level(struct mls_level *lp, void *fp) 1441 { 1442 __le32 buf[1]; 1443 int rc; 1444 1445 memset(lp, 0, sizeof(*lp)); 1446 1447 rc = next_entry(buf, fp, sizeof buf); 1448 if (rc) { 1449 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1450 return rc; 1451 } 1452 lp->sens = le32_to_cpu(buf[0]); 1453 1454 rc = ebitmap_read(&lp->cat, fp); 1455 if (rc) { 1456 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1457 return rc; 1458 } 1459 return 0; 1460 } 1461 1462 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1463 { 1464 char *key = NULL; 1465 struct user_datum *usrdatum; 1466 int rc, to_read = 2; 1467 __le32 buf[3]; 1468 u32 len; 1469 1470 rc = -ENOMEM; 1471 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1472 if (!usrdatum) 1473 goto bad; 1474 1475 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1476 to_read = 3; 1477 1478 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1479 if (rc) 1480 goto bad; 1481 1482 len = le32_to_cpu(buf[0]); 1483 usrdatum->value = le32_to_cpu(buf[1]); 1484 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1485 usrdatum->bounds = le32_to_cpu(buf[2]); 1486 1487 rc = -ENOMEM; 1488 key = kmalloc(len + 1, GFP_KERNEL); 1489 if (!key) 1490 goto bad; 1491 rc = next_entry(key, fp, len); 1492 if (rc) 1493 goto bad; 1494 key[len] = '\0'; 1495 1496 rc = ebitmap_read(&usrdatum->roles, fp); 1497 if (rc) 1498 goto bad; 1499 1500 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1501 rc = mls_read_range_helper(&usrdatum->range, fp); 1502 if (rc) 1503 goto bad; 1504 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1505 if (rc) 1506 goto bad; 1507 } 1508 1509 rc = hashtab_insert(h, key, usrdatum); 1510 if (rc) 1511 goto bad; 1512 return 0; 1513 bad: 1514 user_destroy(key, usrdatum, NULL); 1515 return rc; 1516 } 1517 1518 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1519 { 1520 char *key = NULL; 1521 struct level_datum *levdatum; 1522 int rc; 1523 __le32 buf[2]; 1524 u32 len; 1525 1526 rc = -ENOMEM; 1527 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1528 if (!levdatum) 1529 goto bad; 1530 1531 rc = next_entry(buf, fp, sizeof buf); 1532 if (rc) 1533 goto bad; 1534 1535 len = le32_to_cpu(buf[0]); 1536 levdatum->isalias = le32_to_cpu(buf[1]); 1537 1538 rc = -ENOMEM; 1539 key = kmalloc(len + 1, GFP_ATOMIC); 1540 if (!key) 1541 goto bad; 1542 rc = next_entry(key, fp, len); 1543 if (rc) 1544 goto bad; 1545 key[len] = '\0'; 1546 1547 rc = -ENOMEM; 1548 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1549 if (!levdatum->level) 1550 goto bad; 1551 1552 rc = mls_read_level(levdatum->level, fp); 1553 if (rc) 1554 goto bad; 1555 1556 rc = hashtab_insert(h, key, levdatum); 1557 if (rc) 1558 goto bad; 1559 return 0; 1560 bad: 1561 sens_destroy(key, levdatum, NULL); 1562 return rc; 1563 } 1564 1565 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1566 { 1567 char *key = NULL; 1568 struct cat_datum *catdatum; 1569 int rc; 1570 __le32 buf[3]; 1571 u32 len; 1572 1573 rc = -ENOMEM; 1574 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1575 if (!catdatum) 1576 goto bad; 1577 1578 rc = next_entry(buf, fp, sizeof buf); 1579 if (rc) 1580 goto bad; 1581 1582 len = le32_to_cpu(buf[0]); 1583 catdatum->value = le32_to_cpu(buf[1]); 1584 catdatum->isalias = le32_to_cpu(buf[2]); 1585 1586 rc = -ENOMEM; 1587 key = kmalloc(len + 1, GFP_ATOMIC); 1588 if (!key) 1589 goto bad; 1590 rc = next_entry(key, fp, len); 1591 if (rc) 1592 goto bad; 1593 key[len] = '\0'; 1594 1595 rc = hashtab_insert(h, key, catdatum); 1596 if (rc) 1597 goto bad; 1598 return 0; 1599 bad: 1600 cat_destroy(key, catdatum, NULL); 1601 return rc; 1602 } 1603 1604 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1605 { 1606 common_read, 1607 class_read, 1608 role_read, 1609 type_read, 1610 user_read, 1611 cond_read_bool, 1612 sens_read, 1613 cat_read, 1614 }; 1615 1616 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1617 { 1618 struct user_datum *upper, *user; 1619 struct policydb *p = datap; 1620 int depth = 0; 1621 1622 upper = user = datum; 1623 while (upper->bounds) { 1624 struct ebitmap_node *node; 1625 unsigned long bit; 1626 1627 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1628 printk(KERN_ERR "SELinux: user %s: " 1629 "too deep or looped boundary", 1630 (char *) key); 1631 return -EINVAL; 1632 } 1633 1634 upper = p->user_val_to_struct[upper->bounds - 1]; 1635 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1636 if (ebitmap_get_bit(&upper->roles, bit)) 1637 continue; 1638 1639 printk(KERN_ERR 1640 "SELinux: boundary violated policy: " 1641 "user=%s role=%s bounds=%s\n", 1642 sym_name(p, SYM_USERS, user->value - 1), 1643 sym_name(p, SYM_ROLES, bit), 1644 sym_name(p, SYM_USERS, upper->value - 1)); 1645 1646 return -EINVAL; 1647 } 1648 } 1649 1650 return 0; 1651 } 1652 1653 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1654 { 1655 struct role_datum *upper, *role; 1656 struct policydb *p = datap; 1657 int depth = 0; 1658 1659 upper = role = datum; 1660 while (upper->bounds) { 1661 struct ebitmap_node *node; 1662 unsigned long bit; 1663 1664 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1665 printk(KERN_ERR "SELinux: role %s: " 1666 "too deep or looped bounds\n", 1667 (char *) key); 1668 return -EINVAL; 1669 } 1670 1671 upper = p->role_val_to_struct[upper->bounds - 1]; 1672 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1673 if (ebitmap_get_bit(&upper->types, bit)) 1674 continue; 1675 1676 printk(KERN_ERR 1677 "SELinux: boundary violated policy: " 1678 "role=%s type=%s bounds=%s\n", 1679 sym_name(p, SYM_ROLES, role->value - 1), 1680 sym_name(p, SYM_TYPES, bit), 1681 sym_name(p, SYM_ROLES, upper->value - 1)); 1682 1683 return -EINVAL; 1684 } 1685 } 1686 1687 return 0; 1688 } 1689 1690 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1691 { 1692 struct type_datum *upper; 1693 struct policydb *p = datap; 1694 int depth = 0; 1695 1696 upper = datum; 1697 while (upper->bounds) { 1698 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1699 printk(KERN_ERR "SELinux: type %s: " 1700 "too deep or looped boundary\n", 1701 (char *) key); 1702 return -EINVAL; 1703 } 1704 1705 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1706 upper->bounds - 1); 1707 BUG_ON(!upper); 1708 1709 if (upper->attribute) { 1710 printk(KERN_ERR "SELinux: type %s: " 1711 "bounded by attribute %s", 1712 (char *) key, 1713 sym_name(p, SYM_TYPES, upper->value - 1)); 1714 return -EINVAL; 1715 } 1716 } 1717 1718 return 0; 1719 } 1720 1721 static int policydb_bounds_sanity_check(struct policydb *p) 1722 { 1723 int rc; 1724 1725 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1726 return 0; 1727 1728 rc = hashtab_map(p->p_users.table, 1729 user_bounds_sanity_check, p); 1730 if (rc) 1731 return rc; 1732 1733 rc = hashtab_map(p->p_roles.table, 1734 role_bounds_sanity_check, p); 1735 if (rc) 1736 return rc; 1737 1738 rc = hashtab_map(p->p_types.table, 1739 type_bounds_sanity_check, p); 1740 if (rc) 1741 return rc; 1742 1743 return 0; 1744 } 1745 1746 u16 string_to_security_class(struct policydb *p, const char *name) 1747 { 1748 struct class_datum *cladatum; 1749 1750 cladatum = hashtab_search(p->p_classes.table, name); 1751 if (!cladatum) 1752 return 0; 1753 1754 return cladatum->value; 1755 } 1756 1757 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1758 { 1759 struct class_datum *cladatum; 1760 struct perm_datum *perdatum = NULL; 1761 struct common_datum *comdatum; 1762 1763 if (!tclass || tclass > p->p_classes.nprim) 1764 return 0; 1765 1766 cladatum = p->class_val_to_struct[tclass-1]; 1767 comdatum = cladatum->comdatum; 1768 if (comdatum) 1769 perdatum = hashtab_search(comdatum->permissions.table, 1770 name); 1771 if (!perdatum) 1772 perdatum = hashtab_search(cladatum->permissions.table, 1773 name); 1774 if (!perdatum) 1775 return 0; 1776 1777 return 1U << (perdatum->value-1); 1778 } 1779 1780 static int range_read(struct policydb *p, void *fp) 1781 { 1782 struct range_trans *rt = NULL; 1783 struct mls_range *r = NULL; 1784 int i, rc; 1785 __le32 buf[2]; 1786 u32 nel; 1787 1788 if (p->policyvers < POLICYDB_VERSION_MLS) 1789 return 0; 1790 1791 rc = next_entry(buf, fp, sizeof(u32)); 1792 if (rc) 1793 goto out; 1794 1795 nel = le32_to_cpu(buf[0]); 1796 for (i = 0; i < nel; i++) { 1797 rc = -ENOMEM; 1798 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1799 if (!rt) 1800 goto out; 1801 1802 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1803 if (rc) 1804 goto out; 1805 1806 rt->source_type = le32_to_cpu(buf[0]); 1807 rt->target_type = le32_to_cpu(buf[1]); 1808 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1809 rc = next_entry(buf, fp, sizeof(u32)); 1810 if (rc) 1811 goto out; 1812 rt->target_class = le32_to_cpu(buf[0]); 1813 } else 1814 rt->target_class = p->process_class; 1815 1816 rc = -EINVAL; 1817 if (!policydb_type_isvalid(p, rt->source_type) || 1818 !policydb_type_isvalid(p, rt->target_type) || 1819 !policydb_class_isvalid(p, rt->target_class)) 1820 goto out; 1821 1822 rc = -ENOMEM; 1823 r = kzalloc(sizeof(*r), GFP_KERNEL); 1824 if (!r) 1825 goto out; 1826 1827 rc = mls_read_range_helper(r, fp); 1828 if (rc) 1829 goto out; 1830 1831 rc = -EINVAL; 1832 if (!mls_range_isvalid(p, r)) { 1833 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1834 goto out; 1835 } 1836 1837 rc = hashtab_insert(p->range_tr, rt, r); 1838 if (rc) 1839 goto out; 1840 1841 rt = NULL; 1842 r = NULL; 1843 } 1844 hash_eval(p->range_tr, "rangetr"); 1845 rc = 0; 1846 out: 1847 kfree(rt); 1848 kfree(r); 1849 return rc; 1850 } 1851 1852 static int filename_trans_read(struct policydb *p, void *fp) 1853 { 1854 struct filename_trans *ft; 1855 struct filename_trans_datum *otype; 1856 char *name; 1857 u32 nel, len; 1858 __le32 buf[4]; 1859 int rc, i; 1860 1861 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1862 return 0; 1863 1864 rc = next_entry(buf, fp, sizeof(u32)); 1865 if (rc) 1866 return rc; 1867 nel = le32_to_cpu(buf[0]); 1868 1869 for (i = 0; i < nel; i++) { 1870 ft = NULL; 1871 otype = NULL; 1872 name = NULL; 1873 1874 rc = -ENOMEM; 1875 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1876 if (!ft) 1877 goto out; 1878 1879 rc = -ENOMEM; 1880 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1881 if (!otype) 1882 goto out; 1883 1884 /* length of the path component string */ 1885 rc = next_entry(buf, fp, sizeof(u32)); 1886 if (rc) 1887 goto out; 1888 len = le32_to_cpu(buf[0]); 1889 1890 rc = -ENOMEM; 1891 name = kmalloc(len + 1, GFP_KERNEL); 1892 if (!name) 1893 goto out; 1894 1895 ft->name = name; 1896 1897 /* path component string */ 1898 rc = next_entry(name, fp, len); 1899 if (rc) 1900 goto out; 1901 name[len] = 0; 1902 1903 rc = next_entry(buf, fp, sizeof(u32) * 4); 1904 if (rc) 1905 goto out; 1906 1907 ft->stype = le32_to_cpu(buf[0]); 1908 ft->ttype = le32_to_cpu(buf[1]); 1909 ft->tclass = le32_to_cpu(buf[2]); 1910 1911 otype->otype = le32_to_cpu(buf[3]); 1912 1913 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1914 if (rc) 1915 goto out; 1916 1917 hashtab_insert(p->filename_trans, ft, otype); 1918 } 1919 hash_eval(p->filename_trans, "filenametr"); 1920 return 0; 1921 out: 1922 kfree(ft); 1923 kfree(name); 1924 kfree(otype); 1925 1926 return rc; 1927 } 1928 1929 static int genfs_read(struct policydb *p, void *fp) 1930 { 1931 int i, j, rc; 1932 u32 nel, nel2, len, len2; 1933 __le32 buf[1]; 1934 struct ocontext *l, *c; 1935 struct ocontext *newc = NULL; 1936 struct genfs *genfs_p, *genfs; 1937 struct genfs *newgenfs = NULL; 1938 1939 rc = next_entry(buf, fp, sizeof(u32)); 1940 if (rc) 1941 goto out; 1942 nel = le32_to_cpu(buf[0]); 1943 1944 for (i = 0; i < nel; i++) { 1945 rc = next_entry(buf, fp, sizeof(u32)); 1946 if (rc) 1947 goto out; 1948 len = le32_to_cpu(buf[0]); 1949 1950 rc = -ENOMEM; 1951 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1952 if (!newgenfs) 1953 goto out; 1954 1955 rc = -ENOMEM; 1956 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); 1957 if (!newgenfs->fstype) 1958 goto out; 1959 1960 rc = next_entry(newgenfs->fstype, fp, len); 1961 if (rc) 1962 goto out; 1963 1964 newgenfs->fstype[len] = 0; 1965 1966 for (genfs_p = NULL, genfs = p->genfs; genfs; 1967 genfs_p = genfs, genfs = genfs->next) { 1968 rc = -EINVAL; 1969 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1970 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 1971 newgenfs->fstype); 1972 goto out; 1973 } 1974 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1975 break; 1976 } 1977 newgenfs->next = genfs; 1978 if (genfs_p) 1979 genfs_p->next = newgenfs; 1980 else 1981 p->genfs = newgenfs; 1982 genfs = newgenfs; 1983 newgenfs = NULL; 1984 1985 rc = next_entry(buf, fp, sizeof(u32)); 1986 if (rc) 1987 goto out; 1988 1989 nel2 = le32_to_cpu(buf[0]); 1990 for (j = 0; j < nel2; j++) { 1991 rc = next_entry(buf, fp, sizeof(u32)); 1992 if (rc) 1993 goto out; 1994 len = le32_to_cpu(buf[0]); 1995 1996 rc = -ENOMEM; 1997 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1998 if (!newc) 1999 goto out; 2000 2001 rc = -ENOMEM; 2002 newc->u.name = kmalloc(len + 1, GFP_KERNEL); 2003 if (!newc->u.name) 2004 goto out; 2005 2006 rc = next_entry(newc->u.name, fp, len); 2007 if (rc) 2008 goto out; 2009 newc->u.name[len] = 0; 2010 2011 rc = next_entry(buf, fp, sizeof(u32)); 2012 if (rc) 2013 goto out; 2014 2015 newc->v.sclass = le32_to_cpu(buf[0]); 2016 rc = context_read_and_validate(&newc->context[0], p, fp); 2017 if (rc) 2018 goto out; 2019 2020 for (l = NULL, c = genfs->head; c; 2021 l = c, c = c->next) { 2022 rc = -EINVAL; 2023 if (!strcmp(newc->u.name, c->u.name) && 2024 (!c->v.sclass || !newc->v.sclass || 2025 newc->v.sclass == c->v.sclass)) { 2026 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2027 genfs->fstype, c->u.name); 2028 goto out; 2029 } 2030 len = strlen(newc->u.name); 2031 len2 = strlen(c->u.name); 2032 if (len > len2) 2033 break; 2034 } 2035 2036 newc->next = c; 2037 if (l) 2038 l->next = newc; 2039 else 2040 genfs->head = newc; 2041 newc = NULL; 2042 } 2043 } 2044 rc = 0; 2045 out: 2046 if (newgenfs) 2047 kfree(newgenfs->fstype); 2048 kfree(newgenfs); 2049 ocontext_destroy(newc, OCON_FSUSE); 2050 2051 return rc; 2052 } 2053 2054 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2055 void *fp) 2056 { 2057 int i, j, rc; 2058 u32 nel, len; 2059 __le32 buf[3]; 2060 struct ocontext *l, *c; 2061 u32 nodebuf[8]; 2062 2063 for (i = 0; i < info->ocon_num; i++) { 2064 rc = next_entry(buf, fp, sizeof(u32)); 2065 if (rc) 2066 goto out; 2067 nel = le32_to_cpu(buf[0]); 2068 2069 l = NULL; 2070 for (j = 0; j < nel; j++) { 2071 rc = -ENOMEM; 2072 c = kzalloc(sizeof(*c), GFP_KERNEL); 2073 if (!c) 2074 goto out; 2075 if (l) 2076 l->next = c; 2077 else 2078 p->ocontexts[i] = c; 2079 l = c; 2080 2081 switch (i) { 2082 case OCON_ISID: 2083 rc = next_entry(buf, fp, sizeof(u32)); 2084 if (rc) 2085 goto out; 2086 2087 c->sid[0] = le32_to_cpu(buf[0]); 2088 rc = context_read_and_validate(&c->context[0], p, fp); 2089 if (rc) 2090 goto out; 2091 break; 2092 case OCON_FS: 2093 case OCON_NETIF: 2094 rc = next_entry(buf, fp, sizeof(u32)); 2095 if (rc) 2096 goto out; 2097 len = le32_to_cpu(buf[0]); 2098 2099 rc = -ENOMEM; 2100 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2101 if (!c->u.name) 2102 goto out; 2103 2104 rc = next_entry(c->u.name, fp, len); 2105 if (rc) 2106 goto out; 2107 2108 c->u.name[len] = 0; 2109 rc = context_read_and_validate(&c->context[0], p, fp); 2110 if (rc) 2111 goto out; 2112 rc = context_read_and_validate(&c->context[1], p, fp); 2113 if (rc) 2114 goto out; 2115 break; 2116 case OCON_PORT: 2117 rc = next_entry(buf, fp, sizeof(u32)*3); 2118 if (rc) 2119 goto out; 2120 c->u.port.protocol = le32_to_cpu(buf[0]); 2121 c->u.port.low_port = le32_to_cpu(buf[1]); 2122 c->u.port.high_port = le32_to_cpu(buf[2]); 2123 rc = context_read_and_validate(&c->context[0], p, fp); 2124 if (rc) 2125 goto out; 2126 break; 2127 case OCON_NODE: 2128 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2129 if (rc) 2130 goto out; 2131 c->u.node.addr = nodebuf[0]; /* network order */ 2132 c->u.node.mask = nodebuf[1]; /* network order */ 2133 rc = context_read_and_validate(&c->context[0], p, fp); 2134 if (rc) 2135 goto out; 2136 break; 2137 case OCON_FSUSE: 2138 rc = next_entry(buf, fp, sizeof(u32)*2); 2139 if (rc) 2140 goto out; 2141 2142 rc = -EINVAL; 2143 c->v.behavior = le32_to_cpu(buf[0]); 2144 if (c->v.behavior > SECURITY_FS_USE_NONE) 2145 goto out; 2146 2147 rc = -ENOMEM; 2148 len = le32_to_cpu(buf[1]); 2149 c->u.name = kmalloc(len + 1, GFP_KERNEL); 2150 if (!c->u.name) 2151 goto out; 2152 2153 rc = next_entry(c->u.name, fp, len); 2154 if (rc) 2155 goto out; 2156 c->u.name[len] = 0; 2157 rc = context_read_and_validate(&c->context[0], p, fp); 2158 if (rc) 2159 goto out; 2160 break; 2161 case OCON_NODE6: { 2162 int k; 2163 2164 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2165 if (rc) 2166 goto out; 2167 for (k = 0; k < 4; k++) 2168 c->u.node6.addr[k] = nodebuf[k]; 2169 for (k = 0; k < 4; k++) 2170 c->u.node6.mask[k] = nodebuf[k+4]; 2171 rc = context_read_and_validate(&c->context[0], p, fp); 2172 if (rc) 2173 goto out; 2174 break; 2175 } 2176 } 2177 } 2178 } 2179 rc = 0; 2180 out: 2181 return rc; 2182 } 2183 2184 /* 2185 * Read the configuration data from a policy database binary 2186 * representation file into a policy database structure. 2187 */ 2188 int policydb_read(struct policydb *p, void *fp) 2189 { 2190 struct role_allow *ra, *lra; 2191 struct role_trans *tr, *ltr; 2192 int i, j, rc; 2193 __le32 buf[4]; 2194 u32 len, nprim, nel; 2195 2196 char *policydb_str; 2197 struct policydb_compat_info *info; 2198 2199 rc = policydb_init(p); 2200 if (rc) 2201 return rc; 2202 2203 /* Read the magic number and string length. */ 2204 rc = next_entry(buf, fp, sizeof(u32) * 2); 2205 if (rc) 2206 goto bad; 2207 2208 rc = -EINVAL; 2209 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2210 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2211 "not match expected magic number 0x%x\n", 2212 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2213 goto bad; 2214 } 2215 2216 rc = -EINVAL; 2217 len = le32_to_cpu(buf[1]); 2218 if (len != strlen(POLICYDB_STRING)) { 2219 printk(KERN_ERR "SELinux: policydb string length %d does not " 2220 "match expected length %Zu\n", 2221 len, strlen(POLICYDB_STRING)); 2222 goto bad; 2223 } 2224 2225 rc = -ENOMEM; 2226 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2227 if (!policydb_str) { 2228 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2229 "string of length %d\n", len); 2230 goto bad; 2231 } 2232 2233 rc = next_entry(policydb_str, fp, len); 2234 if (rc) { 2235 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2236 kfree(policydb_str); 2237 goto bad; 2238 } 2239 2240 rc = -EINVAL; 2241 policydb_str[len] = '\0'; 2242 if (strcmp(policydb_str, POLICYDB_STRING)) { 2243 printk(KERN_ERR "SELinux: policydb string %s does not match " 2244 "my string %s\n", policydb_str, POLICYDB_STRING); 2245 kfree(policydb_str); 2246 goto bad; 2247 } 2248 /* Done with policydb_str. */ 2249 kfree(policydb_str); 2250 policydb_str = NULL; 2251 2252 /* Read the version and table sizes. */ 2253 rc = next_entry(buf, fp, sizeof(u32)*4); 2254 if (rc) 2255 goto bad; 2256 2257 rc = -EINVAL; 2258 p->policyvers = le32_to_cpu(buf[0]); 2259 if (p->policyvers < POLICYDB_VERSION_MIN || 2260 p->policyvers > POLICYDB_VERSION_MAX) { 2261 printk(KERN_ERR "SELinux: policydb version %d does not match " 2262 "my version range %d-%d\n", 2263 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2264 goto bad; 2265 } 2266 2267 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2268 p->mls_enabled = 1; 2269 2270 rc = -EINVAL; 2271 if (p->policyvers < POLICYDB_VERSION_MLS) { 2272 printk(KERN_ERR "SELinux: security policydb version %d " 2273 "(MLS) not backwards compatible\n", 2274 p->policyvers); 2275 goto bad; 2276 } 2277 } 2278 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2279 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2280 2281 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2282 rc = ebitmap_read(&p->policycaps, fp); 2283 if (rc) 2284 goto bad; 2285 } 2286 2287 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2288 rc = ebitmap_read(&p->permissive_map, fp); 2289 if (rc) 2290 goto bad; 2291 } 2292 2293 rc = -EINVAL; 2294 info = policydb_lookup_compat(p->policyvers); 2295 if (!info) { 2296 printk(KERN_ERR "SELinux: unable to find policy compat info " 2297 "for version %d\n", p->policyvers); 2298 goto bad; 2299 } 2300 2301 rc = -EINVAL; 2302 if (le32_to_cpu(buf[2]) != info->sym_num || 2303 le32_to_cpu(buf[3]) != info->ocon_num) { 2304 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2305 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2306 le32_to_cpu(buf[3]), 2307 info->sym_num, info->ocon_num); 2308 goto bad; 2309 } 2310 2311 for (i = 0; i < info->sym_num; i++) { 2312 rc = next_entry(buf, fp, sizeof(u32)*2); 2313 if (rc) 2314 goto bad; 2315 nprim = le32_to_cpu(buf[0]); 2316 nel = le32_to_cpu(buf[1]); 2317 for (j = 0; j < nel; j++) { 2318 rc = read_f[i](p, p->symtab[i].table, fp); 2319 if (rc) 2320 goto bad; 2321 } 2322 2323 p->symtab[i].nprim = nprim; 2324 } 2325 2326 rc = -EINVAL; 2327 p->process_class = string_to_security_class(p, "process"); 2328 if (!p->process_class) 2329 goto bad; 2330 2331 rc = avtab_read(&p->te_avtab, fp, p); 2332 if (rc) 2333 goto bad; 2334 2335 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2336 rc = cond_read_list(p, fp); 2337 if (rc) 2338 goto bad; 2339 } 2340 2341 rc = next_entry(buf, fp, sizeof(u32)); 2342 if (rc) 2343 goto bad; 2344 nel = le32_to_cpu(buf[0]); 2345 ltr = NULL; 2346 for (i = 0; i < nel; i++) { 2347 rc = -ENOMEM; 2348 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2349 if (!tr) 2350 goto bad; 2351 if (ltr) 2352 ltr->next = tr; 2353 else 2354 p->role_tr = tr; 2355 rc = next_entry(buf, fp, sizeof(u32)*3); 2356 if (rc) 2357 goto bad; 2358 2359 rc = -EINVAL; 2360 tr->role = le32_to_cpu(buf[0]); 2361 tr->type = le32_to_cpu(buf[1]); 2362 tr->new_role = le32_to_cpu(buf[2]); 2363 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2364 rc = next_entry(buf, fp, sizeof(u32)); 2365 if (rc) 2366 goto bad; 2367 tr->tclass = le32_to_cpu(buf[0]); 2368 } else 2369 tr->tclass = p->process_class; 2370 2371 if (!policydb_role_isvalid(p, tr->role) || 2372 !policydb_type_isvalid(p, tr->type) || 2373 !policydb_class_isvalid(p, tr->tclass) || 2374 !policydb_role_isvalid(p, tr->new_role)) 2375 goto bad; 2376 ltr = tr; 2377 } 2378 2379 rc = next_entry(buf, fp, sizeof(u32)); 2380 if (rc) 2381 goto bad; 2382 nel = le32_to_cpu(buf[0]); 2383 lra = NULL; 2384 for (i = 0; i < nel; i++) { 2385 rc = -ENOMEM; 2386 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2387 if (!ra) 2388 goto bad; 2389 if (lra) 2390 lra->next = ra; 2391 else 2392 p->role_allow = ra; 2393 rc = next_entry(buf, fp, sizeof(u32)*2); 2394 if (rc) 2395 goto bad; 2396 2397 rc = -EINVAL; 2398 ra->role = le32_to_cpu(buf[0]); 2399 ra->new_role = le32_to_cpu(buf[1]); 2400 if (!policydb_role_isvalid(p, ra->role) || 2401 !policydb_role_isvalid(p, ra->new_role)) 2402 goto bad; 2403 lra = ra; 2404 } 2405 2406 rc = filename_trans_read(p, fp); 2407 if (rc) 2408 goto bad; 2409 2410 rc = policydb_index(p); 2411 if (rc) 2412 goto bad; 2413 2414 rc = -EINVAL; 2415 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2416 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2417 if (!p->process_trans_perms) 2418 goto bad; 2419 2420 rc = ocontext_read(p, info, fp); 2421 if (rc) 2422 goto bad; 2423 2424 rc = genfs_read(p, fp); 2425 if (rc) 2426 goto bad; 2427 2428 rc = range_read(p, fp); 2429 if (rc) 2430 goto bad; 2431 2432 rc = -ENOMEM; 2433 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2434 p->p_types.nprim, 2435 GFP_KERNEL | __GFP_ZERO); 2436 if (!p->type_attr_map_array) 2437 goto bad; 2438 2439 /* preallocate so we don't have to worry about the put ever failing */ 2440 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2441 GFP_KERNEL | __GFP_ZERO); 2442 if (rc) 2443 goto bad; 2444 2445 for (i = 0; i < p->p_types.nprim; i++) { 2446 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2447 2448 BUG_ON(!e); 2449 ebitmap_init(e); 2450 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2451 rc = ebitmap_read(e, fp); 2452 if (rc) 2453 goto bad; 2454 } 2455 /* add the type itself as the degenerate case */ 2456 rc = ebitmap_set_bit(e, i, 1); 2457 if (rc) 2458 goto bad; 2459 } 2460 2461 rc = policydb_bounds_sanity_check(p); 2462 if (rc) 2463 goto bad; 2464 2465 rc = 0; 2466 out: 2467 return rc; 2468 bad: 2469 policydb_destroy(p); 2470 goto out; 2471 } 2472 2473 /* 2474 * Write a MLS level structure to a policydb binary 2475 * representation file. 2476 */ 2477 static int mls_write_level(struct mls_level *l, void *fp) 2478 { 2479 __le32 buf[1]; 2480 int rc; 2481 2482 buf[0] = cpu_to_le32(l->sens); 2483 rc = put_entry(buf, sizeof(u32), 1, fp); 2484 if (rc) 2485 return rc; 2486 2487 rc = ebitmap_write(&l->cat, fp); 2488 if (rc) 2489 return rc; 2490 2491 return 0; 2492 } 2493 2494 /* 2495 * Write a MLS range structure to a policydb binary 2496 * representation file. 2497 */ 2498 static int mls_write_range_helper(struct mls_range *r, void *fp) 2499 { 2500 __le32 buf[3]; 2501 size_t items; 2502 int rc, eq; 2503 2504 eq = mls_level_eq(&r->level[1], &r->level[0]); 2505 2506 if (eq) 2507 items = 2; 2508 else 2509 items = 3; 2510 buf[0] = cpu_to_le32(items-1); 2511 buf[1] = cpu_to_le32(r->level[0].sens); 2512 if (!eq) 2513 buf[2] = cpu_to_le32(r->level[1].sens); 2514 2515 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2516 2517 rc = put_entry(buf, sizeof(u32), items, fp); 2518 if (rc) 2519 return rc; 2520 2521 rc = ebitmap_write(&r->level[0].cat, fp); 2522 if (rc) 2523 return rc; 2524 if (!eq) { 2525 rc = ebitmap_write(&r->level[1].cat, fp); 2526 if (rc) 2527 return rc; 2528 } 2529 2530 return 0; 2531 } 2532 2533 static int sens_write(void *vkey, void *datum, void *ptr) 2534 { 2535 char *key = vkey; 2536 struct level_datum *levdatum = datum; 2537 struct policy_data *pd = ptr; 2538 void *fp = pd->fp; 2539 __le32 buf[2]; 2540 size_t len; 2541 int rc; 2542 2543 len = strlen(key); 2544 buf[0] = cpu_to_le32(len); 2545 buf[1] = cpu_to_le32(levdatum->isalias); 2546 rc = put_entry(buf, sizeof(u32), 2, fp); 2547 if (rc) 2548 return rc; 2549 2550 rc = put_entry(key, 1, len, fp); 2551 if (rc) 2552 return rc; 2553 2554 rc = mls_write_level(levdatum->level, fp); 2555 if (rc) 2556 return rc; 2557 2558 return 0; 2559 } 2560 2561 static int cat_write(void *vkey, void *datum, void *ptr) 2562 { 2563 char *key = vkey; 2564 struct cat_datum *catdatum = datum; 2565 struct policy_data *pd = ptr; 2566 void *fp = pd->fp; 2567 __le32 buf[3]; 2568 size_t len; 2569 int rc; 2570 2571 len = strlen(key); 2572 buf[0] = cpu_to_le32(len); 2573 buf[1] = cpu_to_le32(catdatum->value); 2574 buf[2] = cpu_to_le32(catdatum->isalias); 2575 rc = put_entry(buf, sizeof(u32), 3, fp); 2576 if (rc) 2577 return rc; 2578 2579 rc = put_entry(key, 1, len, fp); 2580 if (rc) 2581 return rc; 2582 2583 return 0; 2584 } 2585 2586 static int role_trans_write(struct policydb *p, void *fp) 2587 { 2588 struct role_trans *r = p->role_tr; 2589 struct role_trans *tr; 2590 u32 buf[3]; 2591 size_t nel; 2592 int rc; 2593 2594 nel = 0; 2595 for (tr = r; tr; tr = tr->next) 2596 nel++; 2597 buf[0] = cpu_to_le32(nel); 2598 rc = put_entry(buf, sizeof(u32), 1, fp); 2599 if (rc) 2600 return rc; 2601 for (tr = r; tr; tr = tr->next) { 2602 buf[0] = cpu_to_le32(tr->role); 2603 buf[1] = cpu_to_le32(tr->type); 2604 buf[2] = cpu_to_le32(tr->new_role); 2605 rc = put_entry(buf, sizeof(u32), 3, fp); 2606 if (rc) 2607 return rc; 2608 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2609 buf[0] = cpu_to_le32(tr->tclass); 2610 rc = put_entry(buf, sizeof(u32), 1, fp); 2611 if (rc) 2612 return rc; 2613 } 2614 } 2615 2616 return 0; 2617 } 2618 2619 static int role_allow_write(struct role_allow *r, void *fp) 2620 { 2621 struct role_allow *ra; 2622 u32 buf[2]; 2623 size_t nel; 2624 int rc; 2625 2626 nel = 0; 2627 for (ra = r; ra; ra = ra->next) 2628 nel++; 2629 buf[0] = cpu_to_le32(nel); 2630 rc = put_entry(buf, sizeof(u32), 1, fp); 2631 if (rc) 2632 return rc; 2633 for (ra = r; ra; ra = ra->next) { 2634 buf[0] = cpu_to_le32(ra->role); 2635 buf[1] = cpu_to_le32(ra->new_role); 2636 rc = put_entry(buf, sizeof(u32), 2, fp); 2637 if (rc) 2638 return rc; 2639 } 2640 return 0; 2641 } 2642 2643 /* 2644 * Write a security context structure 2645 * to a policydb binary representation file. 2646 */ 2647 static int context_write(struct policydb *p, struct context *c, 2648 void *fp) 2649 { 2650 int rc; 2651 __le32 buf[3]; 2652 2653 buf[0] = cpu_to_le32(c->user); 2654 buf[1] = cpu_to_le32(c->role); 2655 buf[2] = cpu_to_le32(c->type); 2656 2657 rc = put_entry(buf, sizeof(u32), 3, fp); 2658 if (rc) 2659 return rc; 2660 2661 rc = mls_write_range_helper(&c->range, fp); 2662 if (rc) 2663 return rc; 2664 2665 return 0; 2666 } 2667 2668 /* 2669 * The following *_write functions are used to 2670 * write the symbol data to a policy database 2671 * binary representation file. 2672 */ 2673 2674 static int perm_write(void *vkey, void *datum, void *fp) 2675 { 2676 char *key = vkey; 2677 struct perm_datum *perdatum = datum; 2678 __le32 buf[2]; 2679 size_t len; 2680 int rc; 2681 2682 len = strlen(key); 2683 buf[0] = cpu_to_le32(len); 2684 buf[1] = cpu_to_le32(perdatum->value); 2685 rc = put_entry(buf, sizeof(u32), 2, fp); 2686 if (rc) 2687 return rc; 2688 2689 rc = put_entry(key, 1, len, fp); 2690 if (rc) 2691 return rc; 2692 2693 return 0; 2694 } 2695 2696 static int common_write(void *vkey, void *datum, void *ptr) 2697 { 2698 char *key = vkey; 2699 struct common_datum *comdatum = datum; 2700 struct policy_data *pd = ptr; 2701 void *fp = pd->fp; 2702 __le32 buf[4]; 2703 size_t len; 2704 int rc; 2705 2706 len = strlen(key); 2707 buf[0] = cpu_to_le32(len); 2708 buf[1] = cpu_to_le32(comdatum->value); 2709 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2710 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2711 rc = put_entry(buf, sizeof(u32), 4, fp); 2712 if (rc) 2713 return rc; 2714 2715 rc = put_entry(key, 1, len, fp); 2716 if (rc) 2717 return rc; 2718 2719 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2720 if (rc) 2721 return rc; 2722 2723 return 0; 2724 } 2725 2726 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2727 void *fp) 2728 { 2729 struct constraint_node *c; 2730 struct constraint_expr *e; 2731 __le32 buf[3]; 2732 u32 nel; 2733 int rc; 2734 2735 for (c = node; c; c = c->next) { 2736 nel = 0; 2737 for (e = c->expr; e; e = e->next) 2738 nel++; 2739 buf[0] = cpu_to_le32(c->permissions); 2740 buf[1] = cpu_to_le32(nel); 2741 rc = put_entry(buf, sizeof(u32), 2, fp); 2742 if (rc) 2743 return rc; 2744 for (e = c->expr; e; e = e->next) { 2745 buf[0] = cpu_to_le32(e->expr_type); 2746 buf[1] = cpu_to_le32(e->attr); 2747 buf[2] = cpu_to_le32(e->op); 2748 rc = put_entry(buf, sizeof(u32), 3, fp); 2749 if (rc) 2750 return rc; 2751 2752 switch (e->expr_type) { 2753 case CEXPR_NAMES: 2754 rc = ebitmap_write(&e->names, fp); 2755 if (rc) 2756 return rc; 2757 break; 2758 default: 2759 break; 2760 } 2761 } 2762 } 2763 2764 return 0; 2765 } 2766 2767 static int class_write(void *vkey, void *datum, void *ptr) 2768 { 2769 char *key = vkey; 2770 struct class_datum *cladatum = datum; 2771 struct policy_data *pd = ptr; 2772 void *fp = pd->fp; 2773 struct policydb *p = pd->p; 2774 struct constraint_node *c; 2775 __le32 buf[6]; 2776 u32 ncons; 2777 size_t len, len2; 2778 int rc; 2779 2780 len = strlen(key); 2781 if (cladatum->comkey) 2782 len2 = strlen(cladatum->comkey); 2783 else 2784 len2 = 0; 2785 2786 ncons = 0; 2787 for (c = cladatum->constraints; c; c = c->next) 2788 ncons++; 2789 2790 buf[0] = cpu_to_le32(len); 2791 buf[1] = cpu_to_le32(len2); 2792 buf[2] = cpu_to_le32(cladatum->value); 2793 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2794 if (cladatum->permissions.table) 2795 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2796 else 2797 buf[4] = 0; 2798 buf[5] = cpu_to_le32(ncons); 2799 rc = put_entry(buf, sizeof(u32), 6, fp); 2800 if (rc) 2801 return rc; 2802 2803 rc = put_entry(key, 1, len, fp); 2804 if (rc) 2805 return rc; 2806 2807 if (cladatum->comkey) { 2808 rc = put_entry(cladatum->comkey, 1, len2, fp); 2809 if (rc) 2810 return rc; 2811 } 2812 2813 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2814 if (rc) 2815 return rc; 2816 2817 rc = write_cons_helper(p, cladatum->constraints, fp); 2818 if (rc) 2819 return rc; 2820 2821 /* write out the validatetrans rule */ 2822 ncons = 0; 2823 for (c = cladatum->validatetrans; c; c = c->next) 2824 ncons++; 2825 2826 buf[0] = cpu_to_le32(ncons); 2827 rc = put_entry(buf, sizeof(u32), 1, fp); 2828 if (rc) 2829 return rc; 2830 2831 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2832 if (rc) 2833 return rc; 2834 2835 return 0; 2836 } 2837 2838 static int role_write(void *vkey, void *datum, void *ptr) 2839 { 2840 char *key = vkey; 2841 struct role_datum *role = datum; 2842 struct policy_data *pd = ptr; 2843 void *fp = pd->fp; 2844 struct policydb *p = pd->p; 2845 __le32 buf[3]; 2846 size_t items, len; 2847 int rc; 2848 2849 len = strlen(key); 2850 items = 0; 2851 buf[items++] = cpu_to_le32(len); 2852 buf[items++] = cpu_to_le32(role->value); 2853 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2854 buf[items++] = cpu_to_le32(role->bounds); 2855 2856 BUG_ON(items > (sizeof(buf)/sizeof(buf[0]))); 2857 2858 rc = put_entry(buf, sizeof(u32), items, fp); 2859 if (rc) 2860 return rc; 2861 2862 rc = put_entry(key, 1, len, fp); 2863 if (rc) 2864 return rc; 2865 2866 rc = ebitmap_write(&role->dominates, fp); 2867 if (rc) 2868 return rc; 2869 2870 rc = ebitmap_write(&role->types, fp); 2871 if (rc) 2872 return rc; 2873 2874 return 0; 2875 } 2876 2877 static int type_write(void *vkey, void *datum, void *ptr) 2878 { 2879 char *key = vkey; 2880 struct type_datum *typdatum = datum; 2881 struct policy_data *pd = ptr; 2882 struct policydb *p = pd->p; 2883 void *fp = pd->fp; 2884 __le32 buf[4]; 2885 int rc; 2886 size_t items, len; 2887 2888 len = strlen(key); 2889 items = 0; 2890 buf[items++] = cpu_to_le32(len); 2891 buf[items++] = cpu_to_le32(typdatum->value); 2892 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2893 u32 properties = 0; 2894 2895 if (typdatum->primary) 2896 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2897 2898 if (typdatum->attribute) 2899 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2900 2901 buf[items++] = cpu_to_le32(properties); 2902 buf[items++] = cpu_to_le32(typdatum->bounds); 2903 } else { 2904 buf[items++] = cpu_to_le32(typdatum->primary); 2905 } 2906 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2907 rc = put_entry(buf, sizeof(u32), items, fp); 2908 if (rc) 2909 return rc; 2910 2911 rc = put_entry(key, 1, len, fp); 2912 if (rc) 2913 return rc; 2914 2915 return 0; 2916 } 2917 2918 static int user_write(void *vkey, void *datum, void *ptr) 2919 { 2920 char *key = vkey; 2921 struct user_datum *usrdatum = datum; 2922 struct policy_data *pd = ptr; 2923 struct policydb *p = pd->p; 2924 void *fp = pd->fp; 2925 __le32 buf[3]; 2926 size_t items, len; 2927 int rc; 2928 2929 len = strlen(key); 2930 items = 0; 2931 buf[items++] = cpu_to_le32(len); 2932 buf[items++] = cpu_to_le32(usrdatum->value); 2933 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2934 buf[items++] = cpu_to_le32(usrdatum->bounds); 2935 BUG_ON(items > (sizeof(buf) / sizeof(buf[0]))); 2936 rc = put_entry(buf, sizeof(u32), items, fp); 2937 if (rc) 2938 return rc; 2939 2940 rc = put_entry(key, 1, len, fp); 2941 if (rc) 2942 return rc; 2943 2944 rc = ebitmap_write(&usrdatum->roles, fp); 2945 if (rc) 2946 return rc; 2947 2948 rc = mls_write_range_helper(&usrdatum->range, fp); 2949 if (rc) 2950 return rc; 2951 2952 rc = mls_write_level(&usrdatum->dfltlevel, fp); 2953 if (rc) 2954 return rc; 2955 2956 return 0; 2957 } 2958 2959 static int (*write_f[SYM_NUM]) (void *key, void *datum, 2960 void *datap) = 2961 { 2962 common_write, 2963 class_write, 2964 role_write, 2965 type_write, 2966 user_write, 2967 cond_write_bool, 2968 sens_write, 2969 cat_write, 2970 }; 2971 2972 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 2973 void *fp) 2974 { 2975 unsigned int i, j, rc; 2976 size_t nel, len; 2977 __le32 buf[3]; 2978 u32 nodebuf[8]; 2979 struct ocontext *c; 2980 for (i = 0; i < info->ocon_num; i++) { 2981 nel = 0; 2982 for (c = p->ocontexts[i]; c; c = c->next) 2983 nel++; 2984 buf[0] = cpu_to_le32(nel); 2985 rc = put_entry(buf, sizeof(u32), 1, fp); 2986 if (rc) 2987 return rc; 2988 for (c = p->ocontexts[i]; c; c = c->next) { 2989 switch (i) { 2990 case OCON_ISID: 2991 buf[0] = cpu_to_le32(c->sid[0]); 2992 rc = put_entry(buf, sizeof(u32), 1, fp); 2993 if (rc) 2994 return rc; 2995 rc = context_write(p, &c->context[0], fp); 2996 if (rc) 2997 return rc; 2998 break; 2999 case OCON_FS: 3000 case OCON_NETIF: 3001 len = strlen(c->u.name); 3002 buf[0] = cpu_to_le32(len); 3003 rc = put_entry(buf, sizeof(u32), 1, fp); 3004 if (rc) 3005 return rc; 3006 rc = put_entry(c->u.name, 1, len, fp); 3007 if (rc) 3008 return rc; 3009 rc = context_write(p, &c->context[0], fp); 3010 if (rc) 3011 return rc; 3012 rc = context_write(p, &c->context[1], fp); 3013 if (rc) 3014 return rc; 3015 break; 3016 case OCON_PORT: 3017 buf[0] = cpu_to_le32(c->u.port.protocol); 3018 buf[1] = cpu_to_le32(c->u.port.low_port); 3019 buf[2] = cpu_to_le32(c->u.port.high_port); 3020 rc = put_entry(buf, sizeof(u32), 3, fp); 3021 if (rc) 3022 return rc; 3023 rc = context_write(p, &c->context[0], fp); 3024 if (rc) 3025 return rc; 3026 break; 3027 case OCON_NODE: 3028 nodebuf[0] = c->u.node.addr; /* network order */ 3029 nodebuf[1] = c->u.node.mask; /* network order */ 3030 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3031 if (rc) 3032 return rc; 3033 rc = context_write(p, &c->context[0], fp); 3034 if (rc) 3035 return rc; 3036 break; 3037 case OCON_FSUSE: 3038 buf[0] = cpu_to_le32(c->v.behavior); 3039 len = strlen(c->u.name); 3040 buf[1] = cpu_to_le32(len); 3041 rc = put_entry(buf, sizeof(u32), 2, fp); 3042 if (rc) 3043 return rc; 3044 rc = put_entry(c->u.name, 1, len, fp); 3045 if (rc) 3046 return rc; 3047 rc = context_write(p, &c->context[0], fp); 3048 if (rc) 3049 return rc; 3050 break; 3051 case OCON_NODE6: 3052 for (j = 0; j < 4; j++) 3053 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3054 for (j = 0; j < 4; j++) 3055 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3056 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3057 if (rc) 3058 return rc; 3059 rc = context_write(p, &c->context[0], fp); 3060 if (rc) 3061 return rc; 3062 break; 3063 } 3064 } 3065 } 3066 return 0; 3067 } 3068 3069 static int genfs_write(struct policydb *p, void *fp) 3070 { 3071 struct genfs *genfs; 3072 struct ocontext *c; 3073 size_t len; 3074 __le32 buf[1]; 3075 int rc; 3076 3077 len = 0; 3078 for (genfs = p->genfs; genfs; genfs = genfs->next) 3079 len++; 3080 buf[0] = cpu_to_le32(len); 3081 rc = put_entry(buf, sizeof(u32), 1, fp); 3082 if (rc) 3083 return rc; 3084 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3085 len = strlen(genfs->fstype); 3086 buf[0] = cpu_to_le32(len); 3087 rc = put_entry(buf, sizeof(u32), 1, fp); 3088 if (rc) 3089 return rc; 3090 rc = put_entry(genfs->fstype, 1, len, fp); 3091 if (rc) 3092 return rc; 3093 len = 0; 3094 for (c = genfs->head; c; c = c->next) 3095 len++; 3096 buf[0] = cpu_to_le32(len); 3097 rc = put_entry(buf, sizeof(u32), 1, fp); 3098 if (rc) 3099 return rc; 3100 for (c = genfs->head; c; c = c->next) { 3101 len = strlen(c->u.name); 3102 buf[0] = cpu_to_le32(len); 3103 rc = put_entry(buf, sizeof(u32), 1, fp); 3104 if (rc) 3105 return rc; 3106 rc = put_entry(c->u.name, 1, len, fp); 3107 if (rc) 3108 return rc; 3109 buf[0] = cpu_to_le32(c->v.sclass); 3110 rc = put_entry(buf, sizeof(u32), 1, fp); 3111 if (rc) 3112 return rc; 3113 rc = context_write(p, &c->context[0], fp); 3114 if (rc) 3115 return rc; 3116 } 3117 } 3118 return 0; 3119 } 3120 3121 static int hashtab_cnt(void *key, void *data, void *ptr) 3122 { 3123 int *cnt = ptr; 3124 *cnt = *cnt + 1; 3125 3126 return 0; 3127 } 3128 3129 static int range_write_helper(void *key, void *data, void *ptr) 3130 { 3131 __le32 buf[2]; 3132 struct range_trans *rt = key; 3133 struct mls_range *r = data; 3134 struct policy_data *pd = ptr; 3135 void *fp = pd->fp; 3136 struct policydb *p = pd->p; 3137 int rc; 3138 3139 buf[0] = cpu_to_le32(rt->source_type); 3140 buf[1] = cpu_to_le32(rt->target_type); 3141 rc = put_entry(buf, sizeof(u32), 2, fp); 3142 if (rc) 3143 return rc; 3144 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3145 buf[0] = cpu_to_le32(rt->target_class); 3146 rc = put_entry(buf, sizeof(u32), 1, fp); 3147 if (rc) 3148 return rc; 3149 } 3150 rc = mls_write_range_helper(r, fp); 3151 if (rc) 3152 return rc; 3153 3154 return 0; 3155 } 3156 3157 static int range_write(struct policydb *p, void *fp) 3158 { 3159 size_t nel; 3160 __le32 buf[1]; 3161 int rc; 3162 struct policy_data pd; 3163 3164 pd.p = p; 3165 pd.fp = fp; 3166 3167 /* count the number of entries in the hashtab */ 3168 nel = 0; 3169 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3170 if (rc) 3171 return rc; 3172 3173 buf[0] = cpu_to_le32(nel); 3174 rc = put_entry(buf, sizeof(u32), 1, fp); 3175 if (rc) 3176 return rc; 3177 3178 /* actually write all of the entries */ 3179 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3180 if (rc) 3181 return rc; 3182 3183 return 0; 3184 } 3185 3186 static int filename_write_helper(void *key, void *data, void *ptr) 3187 { 3188 __le32 buf[4]; 3189 struct filename_trans *ft = key; 3190 struct filename_trans_datum *otype = data; 3191 void *fp = ptr; 3192 int rc; 3193 u32 len; 3194 3195 len = strlen(ft->name); 3196 buf[0] = cpu_to_le32(len); 3197 rc = put_entry(buf, sizeof(u32), 1, fp); 3198 if (rc) 3199 return rc; 3200 3201 rc = put_entry(ft->name, sizeof(char), len, fp); 3202 if (rc) 3203 return rc; 3204 3205 buf[0] = ft->stype; 3206 buf[1] = ft->ttype; 3207 buf[2] = ft->tclass; 3208 buf[3] = otype->otype; 3209 3210 rc = put_entry(buf, sizeof(u32), 4, fp); 3211 if (rc) 3212 return rc; 3213 3214 return 0; 3215 } 3216 3217 static int filename_trans_write(struct policydb *p, void *fp) 3218 { 3219 u32 nel; 3220 __le32 buf[1]; 3221 int rc; 3222 3223 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3224 return 0; 3225 3226 nel = 0; 3227 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3228 if (rc) 3229 return rc; 3230 3231 buf[0] = cpu_to_le32(nel); 3232 rc = put_entry(buf, sizeof(u32), 1, fp); 3233 if (rc) 3234 return rc; 3235 3236 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3237 if (rc) 3238 return rc; 3239 3240 return 0; 3241 } 3242 3243 /* 3244 * Write the configuration data in a policy database 3245 * structure to a policy database binary representation 3246 * file. 3247 */ 3248 int policydb_write(struct policydb *p, void *fp) 3249 { 3250 unsigned int i, num_syms; 3251 int rc; 3252 __le32 buf[4]; 3253 u32 config; 3254 size_t len; 3255 struct policydb_compat_info *info; 3256 3257 /* 3258 * refuse to write policy older than compressed avtab 3259 * to simplify the writer. There are other tests dropped 3260 * since we assume this throughout the writer code. Be 3261 * careful if you ever try to remove this restriction 3262 */ 3263 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3264 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3265 " Because it is less than version %d\n", p->policyvers, 3266 POLICYDB_VERSION_AVTAB); 3267 return -EINVAL; 3268 } 3269 3270 config = 0; 3271 if (p->mls_enabled) 3272 config |= POLICYDB_CONFIG_MLS; 3273 3274 if (p->reject_unknown) 3275 config |= REJECT_UNKNOWN; 3276 if (p->allow_unknown) 3277 config |= ALLOW_UNKNOWN; 3278 3279 /* Write the magic number and string identifiers. */ 3280 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3281 len = strlen(POLICYDB_STRING); 3282 buf[1] = cpu_to_le32(len); 3283 rc = put_entry(buf, sizeof(u32), 2, fp); 3284 if (rc) 3285 return rc; 3286 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3287 if (rc) 3288 return rc; 3289 3290 /* Write the version, config, and table sizes. */ 3291 info = policydb_lookup_compat(p->policyvers); 3292 if (!info) { 3293 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3294 "version %d", p->policyvers); 3295 return -EINVAL; 3296 } 3297 3298 buf[0] = cpu_to_le32(p->policyvers); 3299 buf[1] = cpu_to_le32(config); 3300 buf[2] = cpu_to_le32(info->sym_num); 3301 buf[3] = cpu_to_le32(info->ocon_num); 3302 3303 rc = put_entry(buf, sizeof(u32), 4, fp); 3304 if (rc) 3305 return rc; 3306 3307 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3308 rc = ebitmap_write(&p->policycaps, fp); 3309 if (rc) 3310 return rc; 3311 } 3312 3313 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3314 rc = ebitmap_write(&p->permissive_map, fp); 3315 if (rc) 3316 return rc; 3317 } 3318 3319 num_syms = info->sym_num; 3320 for (i = 0; i < num_syms; i++) { 3321 struct policy_data pd; 3322 3323 pd.fp = fp; 3324 pd.p = p; 3325 3326 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3327 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3328 3329 rc = put_entry(buf, sizeof(u32), 2, fp); 3330 if (rc) 3331 return rc; 3332 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3333 if (rc) 3334 return rc; 3335 } 3336 3337 rc = avtab_write(p, &p->te_avtab, fp); 3338 if (rc) 3339 return rc; 3340 3341 rc = cond_write_list(p, p->cond_list, fp); 3342 if (rc) 3343 return rc; 3344 3345 rc = role_trans_write(p, fp); 3346 if (rc) 3347 return rc; 3348 3349 rc = role_allow_write(p->role_allow, fp); 3350 if (rc) 3351 return rc; 3352 3353 rc = filename_trans_write(p, fp); 3354 if (rc) 3355 return rc; 3356 3357 rc = ocontext_write(p, info, fp); 3358 if (rc) 3359 return rc; 3360 3361 rc = genfs_write(p, fp); 3362 if (rc) 3363 return rc; 3364 3365 rc = range_write(p, fp); 3366 if (rc) 3367 return rc; 3368 3369 for (i = 0; i < p->p_types.nprim; i++) { 3370 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3371 3372 BUG_ON(!e); 3373 rc = ebitmap_write(e, fp); 3374 if (rc) 3375 return rc; 3376 } 3377 3378 return 0; 3379 } 3380