1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 { 147 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 148 .sym_num = SYM_NUM, 149 .ocon_num = OCON_NUM, 150 }, 151 { 152 .version = POLICYDB_VERSION_XPERMS_IOCTL, 153 .sym_num = SYM_NUM, 154 .ocon_num = OCON_NUM, 155 }, 156 }; 157 158 static struct policydb_compat_info *policydb_lookup_compat(int version) 159 { 160 int i; 161 struct policydb_compat_info *info = NULL; 162 163 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 164 if (policydb_compat[i].version == version) { 165 info = &policydb_compat[i]; 166 break; 167 } 168 } 169 return info; 170 } 171 172 /* 173 * Initialize the role table. 174 */ 175 static int roles_init(struct policydb *p) 176 { 177 char *key = NULL; 178 int rc; 179 struct role_datum *role; 180 181 rc = -ENOMEM; 182 role = kzalloc(sizeof(*role), GFP_KERNEL); 183 if (!role) 184 goto out; 185 186 rc = -EINVAL; 187 role->value = ++p->p_roles.nprim; 188 if (role->value != OBJECT_R_VAL) 189 goto out; 190 191 rc = -ENOMEM; 192 key = kstrdup(OBJECT_R, GFP_KERNEL); 193 if (!key) 194 goto out; 195 196 rc = hashtab_insert(p->p_roles.table, key, role); 197 if (rc) 198 goto out; 199 200 return 0; 201 out: 202 kfree(key); 203 kfree(role); 204 return rc; 205 } 206 207 static u32 filenametr_hash(struct hashtab *h, const void *k) 208 { 209 const struct filename_trans *ft = k; 210 unsigned long hash; 211 unsigned int byte_num; 212 unsigned char focus; 213 214 hash = ft->stype ^ ft->ttype ^ ft->tclass; 215 216 byte_num = 0; 217 while ((focus = ft->name[byte_num++])) 218 hash = partial_name_hash(focus, hash); 219 return hash & (h->size - 1); 220 } 221 222 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 223 { 224 const struct filename_trans *ft1 = k1; 225 const struct filename_trans *ft2 = k2; 226 int v; 227 228 v = ft1->stype - ft2->stype; 229 if (v) 230 return v; 231 232 v = ft1->ttype - ft2->ttype; 233 if (v) 234 return v; 235 236 v = ft1->tclass - ft2->tclass; 237 if (v) 238 return v; 239 240 return strcmp(ft1->name, ft2->name); 241 242 } 243 244 static u32 rangetr_hash(struct hashtab *h, const void *k) 245 { 246 const struct range_trans *key = k; 247 return (key->source_type + (key->target_type << 3) + 248 (key->target_class << 5)) & (h->size - 1); 249 } 250 251 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 252 { 253 const struct range_trans *key1 = k1, *key2 = k2; 254 int v; 255 256 v = key1->source_type - key2->source_type; 257 if (v) 258 return v; 259 260 v = key1->target_type - key2->target_type; 261 if (v) 262 return v; 263 264 v = key1->target_class - key2->target_class; 265 266 return v; 267 } 268 269 /* 270 * Initialize a policy database structure. 271 */ 272 static int policydb_init(struct policydb *p) 273 { 274 int i, rc; 275 276 memset(p, 0, sizeof(*p)); 277 278 for (i = 0; i < SYM_NUM; i++) { 279 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 280 if (rc) 281 goto out; 282 } 283 284 rc = avtab_init(&p->te_avtab); 285 if (rc) 286 goto out; 287 288 rc = roles_init(p); 289 if (rc) 290 goto out; 291 292 rc = cond_policydb_init(p); 293 if (rc) 294 goto out; 295 296 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 297 if (!p->filename_trans) { 298 rc = -ENOMEM; 299 goto out; 300 } 301 302 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 303 if (!p->range_tr) { 304 rc = -ENOMEM; 305 goto out; 306 } 307 308 ebitmap_init(&p->filename_trans_ttypes); 309 ebitmap_init(&p->policycaps); 310 ebitmap_init(&p->permissive_map); 311 312 return 0; 313 out: 314 hashtab_destroy(p->filename_trans); 315 hashtab_destroy(p->range_tr); 316 for (i = 0; i < SYM_NUM; i++) 317 hashtab_destroy(p->symtab[i].table); 318 return rc; 319 } 320 321 /* 322 * The following *_index functions are used to 323 * define the val_to_name and val_to_struct arrays 324 * in a policy database structure. The val_to_name 325 * arrays are used when converting security context 326 * structures into string representations. The 327 * val_to_struct arrays are used when the attributes 328 * of a class, role, or user are needed. 329 */ 330 331 static int common_index(void *key, void *datum, void *datap) 332 { 333 struct policydb *p; 334 struct common_datum *comdatum; 335 struct flex_array *fa; 336 337 comdatum = datum; 338 p = datap; 339 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 340 return -EINVAL; 341 342 fa = p->sym_val_to_name[SYM_COMMONS]; 343 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 344 GFP_KERNEL | __GFP_ZERO)) 345 BUG(); 346 return 0; 347 } 348 349 static int class_index(void *key, void *datum, void *datap) 350 { 351 struct policydb *p; 352 struct class_datum *cladatum; 353 struct flex_array *fa; 354 355 cladatum = datum; 356 p = datap; 357 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 358 return -EINVAL; 359 fa = p->sym_val_to_name[SYM_CLASSES]; 360 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 361 GFP_KERNEL | __GFP_ZERO)) 362 BUG(); 363 p->class_val_to_struct[cladatum->value - 1] = cladatum; 364 return 0; 365 } 366 367 static int role_index(void *key, void *datum, void *datap) 368 { 369 struct policydb *p; 370 struct role_datum *role; 371 struct flex_array *fa; 372 373 role = datum; 374 p = datap; 375 if (!role->value 376 || role->value > p->p_roles.nprim 377 || role->bounds > p->p_roles.nprim) 378 return -EINVAL; 379 380 fa = p->sym_val_to_name[SYM_ROLES]; 381 if (flex_array_put_ptr(fa, role->value - 1, key, 382 GFP_KERNEL | __GFP_ZERO)) 383 BUG(); 384 p->role_val_to_struct[role->value - 1] = role; 385 return 0; 386 } 387 388 static int type_index(void *key, void *datum, void *datap) 389 { 390 struct policydb *p; 391 struct type_datum *typdatum; 392 struct flex_array *fa; 393 394 typdatum = datum; 395 p = datap; 396 397 if (typdatum->primary) { 398 if (!typdatum->value 399 || typdatum->value > p->p_types.nprim 400 || typdatum->bounds > p->p_types.nprim) 401 return -EINVAL; 402 fa = p->sym_val_to_name[SYM_TYPES]; 403 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 404 GFP_KERNEL | __GFP_ZERO)) 405 BUG(); 406 407 fa = p->type_val_to_struct_array; 408 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 409 GFP_KERNEL | __GFP_ZERO)) 410 BUG(); 411 } 412 413 return 0; 414 } 415 416 static int user_index(void *key, void *datum, void *datap) 417 { 418 struct policydb *p; 419 struct user_datum *usrdatum; 420 struct flex_array *fa; 421 422 usrdatum = datum; 423 p = datap; 424 if (!usrdatum->value 425 || usrdatum->value > p->p_users.nprim 426 || usrdatum->bounds > p->p_users.nprim) 427 return -EINVAL; 428 429 fa = p->sym_val_to_name[SYM_USERS]; 430 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 431 GFP_KERNEL | __GFP_ZERO)) 432 BUG(); 433 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 434 return 0; 435 } 436 437 static int sens_index(void *key, void *datum, void *datap) 438 { 439 struct policydb *p; 440 struct level_datum *levdatum; 441 struct flex_array *fa; 442 443 levdatum = datum; 444 p = datap; 445 446 if (!levdatum->isalias) { 447 if (!levdatum->level->sens || 448 levdatum->level->sens > p->p_levels.nprim) 449 return -EINVAL; 450 fa = p->sym_val_to_name[SYM_LEVELS]; 451 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 452 GFP_KERNEL | __GFP_ZERO)) 453 BUG(); 454 } 455 456 return 0; 457 } 458 459 static int cat_index(void *key, void *datum, void *datap) 460 { 461 struct policydb *p; 462 struct cat_datum *catdatum; 463 struct flex_array *fa; 464 465 catdatum = datum; 466 p = datap; 467 468 if (!catdatum->isalias) { 469 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 470 return -EINVAL; 471 fa = p->sym_val_to_name[SYM_CATS]; 472 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 473 GFP_KERNEL | __GFP_ZERO)) 474 BUG(); 475 } 476 477 return 0; 478 } 479 480 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 481 { 482 common_index, 483 class_index, 484 role_index, 485 type_index, 486 user_index, 487 cond_index_bool, 488 sens_index, 489 cat_index, 490 }; 491 492 #ifdef DEBUG_HASHES 493 static void hash_eval(struct hashtab *h, const char *hash_name) 494 { 495 struct hashtab_info info; 496 497 hashtab_stat(h, &info); 498 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 499 "longest chain length %d\n", hash_name, h->nel, 500 info.slots_used, h->size, info.max_chain_len); 501 } 502 503 static void symtab_hash_eval(struct symtab *s) 504 { 505 int i; 506 507 for (i = 0; i < SYM_NUM; i++) 508 hash_eval(s[i].table, symtab_name[i]); 509 } 510 511 #else 512 static inline void hash_eval(struct hashtab *h, char *hash_name) 513 { 514 } 515 #endif 516 517 /* 518 * Define the other val_to_name and val_to_struct arrays 519 * in a policy database structure. 520 * 521 * Caller must clean up on failure. 522 */ 523 static int policydb_index(struct policydb *p) 524 { 525 int i, rc; 526 527 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 528 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 529 if (p->mls_enabled) 530 printk(", %d sens, %d cats", p->p_levels.nprim, 531 p->p_cats.nprim); 532 printk("\n"); 533 534 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 535 p->p_classes.nprim, p->te_avtab.nel); 536 537 #ifdef DEBUG_HASHES 538 avtab_hash_eval(&p->te_avtab, "rules"); 539 symtab_hash_eval(p->symtab); 540 #endif 541 542 rc = -ENOMEM; 543 p->class_val_to_struct = 544 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 545 GFP_KERNEL); 546 if (!p->class_val_to_struct) 547 goto out; 548 549 rc = -ENOMEM; 550 p->role_val_to_struct = 551 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 552 GFP_KERNEL); 553 if (!p->role_val_to_struct) 554 goto out; 555 556 rc = -ENOMEM; 557 p->user_val_to_struct = 558 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 559 GFP_KERNEL); 560 if (!p->user_val_to_struct) 561 goto out; 562 563 /* Yes, I want the sizeof the pointer, not the structure */ 564 rc = -ENOMEM; 565 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 566 p->p_types.nprim, 567 GFP_KERNEL | __GFP_ZERO); 568 if (!p->type_val_to_struct_array) 569 goto out; 570 571 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 572 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 573 if (rc) 574 goto out; 575 576 rc = cond_init_bool_indexes(p); 577 if (rc) 578 goto out; 579 580 for (i = 0; i < SYM_NUM; i++) { 581 rc = -ENOMEM; 582 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 583 p->symtab[i].nprim, 584 GFP_KERNEL | __GFP_ZERO); 585 if (!p->sym_val_to_name[i]) 586 goto out; 587 588 rc = flex_array_prealloc(p->sym_val_to_name[i], 589 0, p->symtab[i].nprim, 590 GFP_KERNEL | __GFP_ZERO); 591 if (rc) 592 goto out; 593 594 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 595 if (rc) 596 goto out; 597 } 598 rc = 0; 599 out: 600 return rc; 601 } 602 603 /* 604 * The following *_destroy functions are used to 605 * free any memory allocated for each kind of 606 * symbol data in the policy database. 607 */ 608 609 static int perm_destroy(void *key, void *datum, void *p) 610 { 611 kfree(key); 612 kfree(datum); 613 return 0; 614 } 615 616 static int common_destroy(void *key, void *datum, void *p) 617 { 618 struct common_datum *comdatum; 619 620 kfree(key); 621 if (datum) { 622 comdatum = datum; 623 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 624 hashtab_destroy(comdatum->permissions.table); 625 } 626 kfree(datum); 627 return 0; 628 } 629 630 static void constraint_expr_destroy(struct constraint_expr *expr) 631 { 632 if (expr) { 633 ebitmap_destroy(&expr->names); 634 if (expr->type_names) { 635 ebitmap_destroy(&expr->type_names->types); 636 ebitmap_destroy(&expr->type_names->negset); 637 kfree(expr->type_names); 638 } 639 kfree(expr); 640 } 641 } 642 643 static int cls_destroy(void *key, void *datum, void *p) 644 { 645 struct class_datum *cladatum; 646 struct constraint_node *constraint, *ctemp; 647 struct constraint_expr *e, *etmp; 648 649 kfree(key); 650 if (datum) { 651 cladatum = datum; 652 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 653 hashtab_destroy(cladatum->permissions.table); 654 constraint = cladatum->constraints; 655 while (constraint) { 656 e = constraint->expr; 657 while (e) { 658 etmp = e; 659 e = e->next; 660 constraint_expr_destroy(etmp); 661 } 662 ctemp = constraint; 663 constraint = constraint->next; 664 kfree(ctemp); 665 } 666 667 constraint = cladatum->validatetrans; 668 while (constraint) { 669 e = constraint->expr; 670 while (e) { 671 etmp = e; 672 e = e->next; 673 constraint_expr_destroy(etmp); 674 } 675 ctemp = constraint; 676 constraint = constraint->next; 677 kfree(ctemp); 678 } 679 kfree(cladatum->comkey); 680 } 681 kfree(datum); 682 return 0; 683 } 684 685 static int role_destroy(void *key, void *datum, void *p) 686 { 687 struct role_datum *role; 688 689 kfree(key); 690 if (datum) { 691 role = datum; 692 ebitmap_destroy(&role->dominates); 693 ebitmap_destroy(&role->types); 694 } 695 kfree(datum); 696 return 0; 697 } 698 699 static int type_destroy(void *key, void *datum, void *p) 700 { 701 kfree(key); 702 kfree(datum); 703 return 0; 704 } 705 706 static int user_destroy(void *key, void *datum, void *p) 707 { 708 struct user_datum *usrdatum; 709 710 kfree(key); 711 if (datum) { 712 usrdatum = datum; 713 ebitmap_destroy(&usrdatum->roles); 714 ebitmap_destroy(&usrdatum->range.level[0].cat); 715 ebitmap_destroy(&usrdatum->range.level[1].cat); 716 ebitmap_destroy(&usrdatum->dfltlevel.cat); 717 } 718 kfree(datum); 719 return 0; 720 } 721 722 static int sens_destroy(void *key, void *datum, void *p) 723 { 724 struct level_datum *levdatum; 725 726 kfree(key); 727 if (datum) { 728 levdatum = datum; 729 ebitmap_destroy(&levdatum->level->cat); 730 kfree(levdatum->level); 731 } 732 kfree(datum); 733 return 0; 734 } 735 736 static int cat_destroy(void *key, void *datum, void *p) 737 { 738 kfree(key); 739 kfree(datum); 740 return 0; 741 } 742 743 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 744 { 745 common_destroy, 746 cls_destroy, 747 role_destroy, 748 type_destroy, 749 user_destroy, 750 cond_destroy_bool, 751 sens_destroy, 752 cat_destroy, 753 }; 754 755 static int filenametr_destroy(void *key, void *datum, void *p) 756 { 757 struct filename_trans *ft = key; 758 kfree(ft->name); 759 kfree(key); 760 kfree(datum); 761 cond_resched(); 762 return 0; 763 } 764 765 static int range_tr_destroy(void *key, void *datum, void *p) 766 { 767 struct mls_range *rt = datum; 768 kfree(key); 769 ebitmap_destroy(&rt->level[0].cat); 770 ebitmap_destroy(&rt->level[1].cat); 771 kfree(datum); 772 cond_resched(); 773 return 0; 774 } 775 776 static void ocontext_destroy(struct ocontext *c, int i) 777 { 778 if (!c) 779 return; 780 781 context_destroy(&c->context[0]); 782 context_destroy(&c->context[1]); 783 if (i == OCON_ISID || i == OCON_FS || 784 i == OCON_NETIF || i == OCON_FSUSE) 785 kfree(c->u.name); 786 kfree(c); 787 } 788 789 /* 790 * Free any memory allocated by a policy database structure. 791 */ 792 void policydb_destroy(struct policydb *p) 793 { 794 struct ocontext *c, *ctmp; 795 struct genfs *g, *gtmp; 796 int i; 797 struct role_allow *ra, *lra = NULL; 798 struct role_trans *tr, *ltr = NULL; 799 800 for (i = 0; i < SYM_NUM; i++) { 801 cond_resched(); 802 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 803 hashtab_destroy(p->symtab[i].table); 804 } 805 806 for (i = 0; i < SYM_NUM; i++) { 807 if (p->sym_val_to_name[i]) 808 flex_array_free(p->sym_val_to_name[i]); 809 } 810 811 kfree(p->class_val_to_struct); 812 kfree(p->role_val_to_struct); 813 kfree(p->user_val_to_struct); 814 if (p->type_val_to_struct_array) 815 flex_array_free(p->type_val_to_struct_array); 816 817 avtab_destroy(&p->te_avtab); 818 819 for (i = 0; i < OCON_NUM; i++) { 820 cond_resched(); 821 c = p->ocontexts[i]; 822 while (c) { 823 ctmp = c; 824 c = c->next; 825 ocontext_destroy(ctmp, i); 826 } 827 p->ocontexts[i] = NULL; 828 } 829 830 g = p->genfs; 831 while (g) { 832 cond_resched(); 833 kfree(g->fstype); 834 c = g->head; 835 while (c) { 836 ctmp = c; 837 c = c->next; 838 ocontext_destroy(ctmp, OCON_FSUSE); 839 } 840 gtmp = g; 841 g = g->next; 842 kfree(gtmp); 843 } 844 p->genfs = NULL; 845 846 cond_policydb_destroy(p); 847 848 for (tr = p->role_tr; tr; tr = tr->next) { 849 cond_resched(); 850 kfree(ltr); 851 ltr = tr; 852 } 853 kfree(ltr); 854 855 for (ra = p->role_allow; ra; ra = ra->next) { 856 cond_resched(); 857 kfree(lra); 858 lra = ra; 859 } 860 kfree(lra); 861 862 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 863 hashtab_destroy(p->filename_trans); 864 865 hashtab_map(p->range_tr, range_tr_destroy, NULL); 866 hashtab_destroy(p->range_tr); 867 868 if (p->type_attr_map_array) { 869 for (i = 0; i < p->p_types.nprim; i++) { 870 struct ebitmap *e; 871 872 e = flex_array_get(p->type_attr_map_array, i); 873 if (!e) 874 continue; 875 ebitmap_destroy(e); 876 } 877 flex_array_free(p->type_attr_map_array); 878 } 879 880 ebitmap_destroy(&p->filename_trans_ttypes); 881 ebitmap_destroy(&p->policycaps); 882 ebitmap_destroy(&p->permissive_map); 883 884 return; 885 } 886 887 /* 888 * Load the initial SIDs specified in a policy database 889 * structure into a SID table. 890 */ 891 int policydb_load_isids(struct policydb *p, struct sidtab *s) 892 { 893 struct ocontext *head, *c; 894 int rc; 895 896 rc = sidtab_init(s); 897 if (rc) { 898 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 899 goto out; 900 } 901 902 head = p->ocontexts[OCON_ISID]; 903 for (c = head; c; c = c->next) { 904 rc = -EINVAL; 905 if (!c->context[0].user) { 906 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 907 c->u.name); 908 goto out; 909 } 910 911 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 912 if (rc) { 913 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 914 c->u.name); 915 goto out; 916 } 917 } 918 rc = 0; 919 out: 920 return rc; 921 } 922 923 int policydb_class_isvalid(struct policydb *p, unsigned int class) 924 { 925 if (!class || class > p->p_classes.nprim) 926 return 0; 927 return 1; 928 } 929 930 int policydb_role_isvalid(struct policydb *p, unsigned int role) 931 { 932 if (!role || role > p->p_roles.nprim) 933 return 0; 934 return 1; 935 } 936 937 int policydb_type_isvalid(struct policydb *p, unsigned int type) 938 { 939 if (!type || type > p->p_types.nprim) 940 return 0; 941 return 1; 942 } 943 944 /* 945 * Return 1 if the fields in the security context 946 * structure `c' are valid. Return 0 otherwise. 947 */ 948 int policydb_context_isvalid(struct policydb *p, struct context *c) 949 { 950 struct role_datum *role; 951 struct user_datum *usrdatum; 952 953 if (!c->role || c->role > p->p_roles.nprim) 954 return 0; 955 956 if (!c->user || c->user > p->p_users.nprim) 957 return 0; 958 959 if (!c->type || c->type > p->p_types.nprim) 960 return 0; 961 962 if (c->role != OBJECT_R_VAL) { 963 /* 964 * Role must be authorized for the type. 965 */ 966 role = p->role_val_to_struct[c->role - 1]; 967 if (!ebitmap_get_bit(&role->types, c->type - 1)) 968 /* role may not be associated with type */ 969 return 0; 970 971 /* 972 * User must be authorized for the role. 973 */ 974 usrdatum = p->user_val_to_struct[c->user - 1]; 975 if (!usrdatum) 976 return 0; 977 978 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 979 /* user may not be associated with role */ 980 return 0; 981 } 982 983 if (!mls_context_isvalid(p, c)) 984 return 0; 985 986 return 1; 987 } 988 989 /* 990 * Read a MLS range structure from a policydb binary 991 * representation file. 992 */ 993 static int mls_read_range_helper(struct mls_range *r, void *fp) 994 { 995 __le32 buf[2]; 996 u32 items; 997 int rc; 998 999 rc = next_entry(buf, fp, sizeof(u32)); 1000 if (rc) 1001 goto out; 1002 1003 rc = -EINVAL; 1004 items = le32_to_cpu(buf[0]); 1005 if (items > ARRAY_SIZE(buf)) { 1006 printk(KERN_ERR "SELinux: mls: range overflow\n"); 1007 goto out; 1008 } 1009 1010 rc = next_entry(buf, fp, sizeof(u32) * items); 1011 if (rc) { 1012 printk(KERN_ERR "SELinux: mls: truncated range\n"); 1013 goto out; 1014 } 1015 1016 r->level[0].sens = le32_to_cpu(buf[0]); 1017 if (items > 1) 1018 r->level[1].sens = le32_to_cpu(buf[1]); 1019 else 1020 r->level[1].sens = r->level[0].sens; 1021 1022 rc = ebitmap_read(&r->level[0].cat, fp); 1023 if (rc) { 1024 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1025 goto out; 1026 } 1027 if (items > 1) { 1028 rc = ebitmap_read(&r->level[1].cat, fp); 1029 if (rc) { 1030 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1031 goto bad_high; 1032 } 1033 } else { 1034 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1035 if (rc) { 1036 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1037 goto bad_high; 1038 } 1039 } 1040 1041 return 0; 1042 bad_high: 1043 ebitmap_destroy(&r->level[0].cat); 1044 out: 1045 return rc; 1046 } 1047 1048 /* 1049 * Read and validate a security context structure 1050 * from a policydb binary representation file. 1051 */ 1052 static int context_read_and_validate(struct context *c, 1053 struct policydb *p, 1054 void *fp) 1055 { 1056 __le32 buf[3]; 1057 int rc; 1058 1059 rc = next_entry(buf, fp, sizeof buf); 1060 if (rc) { 1061 printk(KERN_ERR "SELinux: context truncated\n"); 1062 goto out; 1063 } 1064 c->user = le32_to_cpu(buf[0]); 1065 c->role = le32_to_cpu(buf[1]); 1066 c->type = le32_to_cpu(buf[2]); 1067 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1068 rc = mls_read_range_helper(&c->range, fp); 1069 if (rc) { 1070 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1071 goto out; 1072 } 1073 } 1074 1075 rc = -EINVAL; 1076 if (!policydb_context_isvalid(p, c)) { 1077 printk(KERN_ERR "SELinux: invalid security context\n"); 1078 context_destroy(c); 1079 goto out; 1080 } 1081 rc = 0; 1082 out: 1083 return rc; 1084 } 1085 1086 /* 1087 * The following *_read functions are used to 1088 * read the symbol data from a policy database 1089 * binary representation file. 1090 */ 1091 1092 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1093 { 1094 int rc; 1095 char *str; 1096 1097 str = kmalloc(len + 1, flags); 1098 if (!str) 1099 return -ENOMEM; 1100 1101 /* it's expected the caller should free the str */ 1102 *strp = str; 1103 1104 rc = next_entry(str, fp, len); 1105 if (rc) 1106 return rc; 1107 1108 str[len] = '\0'; 1109 return 0; 1110 } 1111 1112 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1113 { 1114 char *key = NULL; 1115 struct perm_datum *perdatum; 1116 int rc; 1117 __le32 buf[2]; 1118 u32 len; 1119 1120 rc = -ENOMEM; 1121 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1122 if (!perdatum) 1123 goto bad; 1124 1125 rc = next_entry(buf, fp, sizeof buf); 1126 if (rc) 1127 goto bad; 1128 1129 len = le32_to_cpu(buf[0]); 1130 perdatum->value = le32_to_cpu(buf[1]); 1131 1132 rc = str_read(&key, GFP_KERNEL, fp, len); 1133 if (rc) 1134 goto bad; 1135 1136 rc = hashtab_insert(h, key, perdatum); 1137 if (rc) 1138 goto bad; 1139 1140 return 0; 1141 bad: 1142 perm_destroy(key, perdatum, NULL); 1143 return rc; 1144 } 1145 1146 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1147 { 1148 char *key = NULL; 1149 struct common_datum *comdatum; 1150 __le32 buf[4]; 1151 u32 len, nel; 1152 int i, rc; 1153 1154 rc = -ENOMEM; 1155 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1156 if (!comdatum) 1157 goto bad; 1158 1159 rc = next_entry(buf, fp, sizeof buf); 1160 if (rc) 1161 goto bad; 1162 1163 len = le32_to_cpu(buf[0]); 1164 comdatum->value = le32_to_cpu(buf[1]); 1165 1166 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1167 if (rc) 1168 goto bad; 1169 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1170 nel = le32_to_cpu(buf[3]); 1171 1172 rc = str_read(&key, GFP_KERNEL, fp, len); 1173 if (rc) 1174 goto bad; 1175 1176 for (i = 0; i < nel; i++) { 1177 rc = perm_read(p, comdatum->permissions.table, fp); 1178 if (rc) 1179 goto bad; 1180 } 1181 1182 rc = hashtab_insert(h, key, comdatum); 1183 if (rc) 1184 goto bad; 1185 return 0; 1186 bad: 1187 common_destroy(key, comdatum, NULL); 1188 return rc; 1189 } 1190 1191 static void type_set_init(struct type_set *t) 1192 { 1193 ebitmap_init(&t->types); 1194 ebitmap_init(&t->negset); 1195 } 1196 1197 static int type_set_read(struct type_set *t, void *fp) 1198 { 1199 __le32 buf[1]; 1200 int rc; 1201 1202 if (ebitmap_read(&t->types, fp)) 1203 return -EINVAL; 1204 if (ebitmap_read(&t->negset, fp)) 1205 return -EINVAL; 1206 1207 rc = next_entry(buf, fp, sizeof(u32)); 1208 if (rc < 0) 1209 return -EINVAL; 1210 t->flags = le32_to_cpu(buf[0]); 1211 1212 return 0; 1213 } 1214 1215 1216 static int read_cons_helper(struct policydb *p, 1217 struct constraint_node **nodep, 1218 int ncons, int allowxtarget, void *fp) 1219 { 1220 struct constraint_node *c, *lc; 1221 struct constraint_expr *e, *le; 1222 __le32 buf[3]; 1223 u32 nexpr; 1224 int rc, i, j, depth; 1225 1226 lc = NULL; 1227 for (i = 0; i < ncons; i++) { 1228 c = kzalloc(sizeof(*c), GFP_KERNEL); 1229 if (!c) 1230 return -ENOMEM; 1231 1232 if (lc) 1233 lc->next = c; 1234 else 1235 *nodep = c; 1236 1237 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1238 if (rc) 1239 return rc; 1240 c->permissions = le32_to_cpu(buf[0]); 1241 nexpr = le32_to_cpu(buf[1]); 1242 le = NULL; 1243 depth = -1; 1244 for (j = 0; j < nexpr; j++) { 1245 e = kzalloc(sizeof(*e), GFP_KERNEL); 1246 if (!e) 1247 return -ENOMEM; 1248 1249 if (le) 1250 le->next = e; 1251 else 1252 c->expr = e; 1253 1254 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1255 if (rc) 1256 return rc; 1257 e->expr_type = le32_to_cpu(buf[0]); 1258 e->attr = le32_to_cpu(buf[1]); 1259 e->op = le32_to_cpu(buf[2]); 1260 1261 switch (e->expr_type) { 1262 case CEXPR_NOT: 1263 if (depth < 0) 1264 return -EINVAL; 1265 break; 1266 case CEXPR_AND: 1267 case CEXPR_OR: 1268 if (depth < 1) 1269 return -EINVAL; 1270 depth--; 1271 break; 1272 case CEXPR_ATTR: 1273 if (depth == (CEXPR_MAXDEPTH - 1)) 1274 return -EINVAL; 1275 depth++; 1276 break; 1277 case CEXPR_NAMES: 1278 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1279 return -EINVAL; 1280 if (depth == (CEXPR_MAXDEPTH - 1)) 1281 return -EINVAL; 1282 depth++; 1283 rc = ebitmap_read(&e->names, fp); 1284 if (rc) 1285 return rc; 1286 if (p->policyvers >= 1287 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1288 e->type_names = kzalloc(sizeof 1289 (*e->type_names), 1290 GFP_KERNEL); 1291 if (!e->type_names) 1292 return -ENOMEM; 1293 type_set_init(e->type_names); 1294 rc = type_set_read(e->type_names, fp); 1295 if (rc) 1296 return rc; 1297 } 1298 break; 1299 default: 1300 return -EINVAL; 1301 } 1302 le = e; 1303 } 1304 if (depth != 0) 1305 return -EINVAL; 1306 lc = c; 1307 } 1308 1309 return 0; 1310 } 1311 1312 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1313 { 1314 char *key = NULL; 1315 struct class_datum *cladatum; 1316 __le32 buf[6]; 1317 u32 len, len2, ncons, nel; 1318 int i, rc; 1319 1320 rc = -ENOMEM; 1321 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1322 if (!cladatum) 1323 goto bad; 1324 1325 rc = next_entry(buf, fp, sizeof(u32)*6); 1326 if (rc) 1327 goto bad; 1328 1329 len = le32_to_cpu(buf[0]); 1330 len2 = le32_to_cpu(buf[1]); 1331 cladatum->value = le32_to_cpu(buf[2]); 1332 1333 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1334 if (rc) 1335 goto bad; 1336 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1337 nel = le32_to_cpu(buf[4]); 1338 1339 ncons = le32_to_cpu(buf[5]); 1340 1341 rc = str_read(&key, GFP_KERNEL, fp, len); 1342 if (rc) 1343 goto bad; 1344 1345 if (len2) { 1346 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1347 if (rc) 1348 goto bad; 1349 1350 rc = -EINVAL; 1351 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1352 if (!cladatum->comdatum) { 1353 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1354 goto bad; 1355 } 1356 } 1357 for (i = 0; i < nel; i++) { 1358 rc = perm_read(p, cladatum->permissions.table, fp); 1359 if (rc) 1360 goto bad; 1361 } 1362 1363 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1364 if (rc) 1365 goto bad; 1366 1367 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1368 /* grab the validatetrans rules */ 1369 rc = next_entry(buf, fp, sizeof(u32)); 1370 if (rc) 1371 goto bad; 1372 ncons = le32_to_cpu(buf[0]); 1373 rc = read_cons_helper(p, &cladatum->validatetrans, 1374 ncons, 1, fp); 1375 if (rc) 1376 goto bad; 1377 } 1378 1379 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1380 rc = next_entry(buf, fp, sizeof(u32) * 3); 1381 if (rc) 1382 goto bad; 1383 1384 cladatum->default_user = le32_to_cpu(buf[0]); 1385 cladatum->default_role = le32_to_cpu(buf[1]); 1386 cladatum->default_range = le32_to_cpu(buf[2]); 1387 } 1388 1389 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1390 rc = next_entry(buf, fp, sizeof(u32) * 1); 1391 if (rc) 1392 goto bad; 1393 cladatum->default_type = le32_to_cpu(buf[0]); 1394 } 1395 1396 rc = hashtab_insert(h, key, cladatum); 1397 if (rc) 1398 goto bad; 1399 1400 return 0; 1401 bad: 1402 cls_destroy(key, cladatum, NULL); 1403 return rc; 1404 } 1405 1406 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1407 { 1408 char *key = NULL; 1409 struct role_datum *role; 1410 int rc, to_read = 2; 1411 __le32 buf[3]; 1412 u32 len; 1413 1414 rc = -ENOMEM; 1415 role = kzalloc(sizeof(*role), GFP_KERNEL); 1416 if (!role) 1417 goto bad; 1418 1419 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1420 to_read = 3; 1421 1422 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1423 if (rc) 1424 goto bad; 1425 1426 len = le32_to_cpu(buf[0]); 1427 role->value = le32_to_cpu(buf[1]); 1428 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1429 role->bounds = le32_to_cpu(buf[2]); 1430 1431 rc = str_read(&key, GFP_KERNEL, fp, len); 1432 if (rc) 1433 goto bad; 1434 1435 rc = ebitmap_read(&role->dominates, fp); 1436 if (rc) 1437 goto bad; 1438 1439 rc = ebitmap_read(&role->types, fp); 1440 if (rc) 1441 goto bad; 1442 1443 if (strcmp(key, OBJECT_R) == 0) { 1444 rc = -EINVAL; 1445 if (role->value != OBJECT_R_VAL) { 1446 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1447 OBJECT_R, role->value); 1448 goto bad; 1449 } 1450 rc = 0; 1451 goto bad; 1452 } 1453 1454 rc = hashtab_insert(h, key, role); 1455 if (rc) 1456 goto bad; 1457 return 0; 1458 bad: 1459 role_destroy(key, role, NULL); 1460 return rc; 1461 } 1462 1463 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1464 { 1465 char *key = NULL; 1466 struct type_datum *typdatum; 1467 int rc, to_read = 3; 1468 __le32 buf[4]; 1469 u32 len; 1470 1471 rc = -ENOMEM; 1472 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1473 if (!typdatum) 1474 goto bad; 1475 1476 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1477 to_read = 4; 1478 1479 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1480 if (rc) 1481 goto bad; 1482 1483 len = le32_to_cpu(buf[0]); 1484 typdatum->value = le32_to_cpu(buf[1]); 1485 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1486 u32 prop = le32_to_cpu(buf[2]); 1487 1488 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1489 typdatum->primary = 1; 1490 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1491 typdatum->attribute = 1; 1492 1493 typdatum->bounds = le32_to_cpu(buf[3]); 1494 } else { 1495 typdatum->primary = le32_to_cpu(buf[2]); 1496 } 1497 1498 rc = str_read(&key, GFP_KERNEL, fp, len); 1499 if (rc) 1500 goto bad; 1501 1502 rc = hashtab_insert(h, key, typdatum); 1503 if (rc) 1504 goto bad; 1505 return 0; 1506 bad: 1507 type_destroy(key, typdatum, NULL); 1508 return rc; 1509 } 1510 1511 1512 /* 1513 * Read a MLS level structure from a policydb binary 1514 * representation file. 1515 */ 1516 static int mls_read_level(struct mls_level *lp, void *fp) 1517 { 1518 __le32 buf[1]; 1519 int rc; 1520 1521 memset(lp, 0, sizeof(*lp)); 1522 1523 rc = next_entry(buf, fp, sizeof buf); 1524 if (rc) { 1525 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1526 return rc; 1527 } 1528 lp->sens = le32_to_cpu(buf[0]); 1529 1530 rc = ebitmap_read(&lp->cat, fp); 1531 if (rc) { 1532 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1533 return rc; 1534 } 1535 return 0; 1536 } 1537 1538 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1539 { 1540 char *key = NULL; 1541 struct user_datum *usrdatum; 1542 int rc, to_read = 2; 1543 __le32 buf[3]; 1544 u32 len; 1545 1546 rc = -ENOMEM; 1547 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1548 if (!usrdatum) 1549 goto bad; 1550 1551 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1552 to_read = 3; 1553 1554 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1555 if (rc) 1556 goto bad; 1557 1558 len = le32_to_cpu(buf[0]); 1559 usrdatum->value = le32_to_cpu(buf[1]); 1560 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1561 usrdatum->bounds = le32_to_cpu(buf[2]); 1562 1563 rc = str_read(&key, GFP_KERNEL, fp, len); 1564 if (rc) 1565 goto bad; 1566 1567 rc = ebitmap_read(&usrdatum->roles, fp); 1568 if (rc) 1569 goto bad; 1570 1571 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1572 rc = mls_read_range_helper(&usrdatum->range, fp); 1573 if (rc) 1574 goto bad; 1575 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1576 if (rc) 1577 goto bad; 1578 } 1579 1580 rc = hashtab_insert(h, key, usrdatum); 1581 if (rc) 1582 goto bad; 1583 return 0; 1584 bad: 1585 user_destroy(key, usrdatum, NULL); 1586 return rc; 1587 } 1588 1589 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1590 { 1591 char *key = NULL; 1592 struct level_datum *levdatum; 1593 int rc; 1594 __le32 buf[2]; 1595 u32 len; 1596 1597 rc = -ENOMEM; 1598 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1599 if (!levdatum) 1600 goto bad; 1601 1602 rc = next_entry(buf, fp, sizeof buf); 1603 if (rc) 1604 goto bad; 1605 1606 len = le32_to_cpu(buf[0]); 1607 levdatum->isalias = le32_to_cpu(buf[1]); 1608 1609 rc = str_read(&key, GFP_ATOMIC, fp, len); 1610 if (rc) 1611 goto bad; 1612 1613 rc = -ENOMEM; 1614 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1615 if (!levdatum->level) 1616 goto bad; 1617 1618 rc = mls_read_level(levdatum->level, fp); 1619 if (rc) 1620 goto bad; 1621 1622 rc = hashtab_insert(h, key, levdatum); 1623 if (rc) 1624 goto bad; 1625 return 0; 1626 bad: 1627 sens_destroy(key, levdatum, NULL); 1628 return rc; 1629 } 1630 1631 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1632 { 1633 char *key = NULL; 1634 struct cat_datum *catdatum; 1635 int rc; 1636 __le32 buf[3]; 1637 u32 len; 1638 1639 rc = -ENOMEM; 1640 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1641 if (!catdatum) 1642 goto bad; 1643 1644 rc = next_entry(buf, fp, sizeof buf); 1645 if (rc) 1646 goto bad; 1647 1648 len = le32_to_cpu(buf[0]); 1649 catdatum->value = le32_to_cpu(buf[1]); 1650 catdatum->isalias = le32_to_cpu(buf[2]); 1651 1652 rc = str_read(&key, GFP_ATOMIC, fp, len); 1653 if (rc) 1654 goto bad; 1655 1656 rc = hashtab_insert(h, key, catdatum); 1657 if (rc) 1658 goto bad; 1659 return 0; 1660 bad: 1661 cat_destroy(key, catdatum, NULL); 1662 return rc; 1663 } 1664 1665 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1666 { 1667 common_read, 1668 class_read, 1669 role_read, 1670 type_read, 1671 user_read, 1672 cond_read_bool, 1673 sens_read, 1674 cat_read, 1675 }; 1676 1677 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1678 { 1679 struct user_datum *upper, *user; 1680 struct policydb *p = datap; 1681 int depth = 0; 1682 1683 upper = user = datum; 1684 while (upper->bounds) { 1685 struct ebitmap_node *node; 1686 unsigned long bit; 1687 1688 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1689 printk(KERN_ERR "SELinux: user %s: " 1690 "too deep or looped boundary", 1691 (char *) key); 1692 return -EINVAL; 1693 } 1694 1695 upper = p->user_val_to_struct[upper->bounds - 1]; 1696 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1697 if (ebitmap_get_bit(&upper->roles, bit)) 1698 continue; 1699 1700 printk(KERN_ERR 1701 "SELinux: boundary violated policy: " 1702 "user=%s role=%s bounds=%s\n", 1703 sym_name(p, SYM_USERS, user->value - 1), 1704 sym_name(p, SYM_ROLES, bit), 1705 sym_name(p, SYM_USERS, upper->value - 1)); 1706 1707 return -EINVAL; 1708 } 1709 } 1710 1711 return 0; 1712 } 1713 1714 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1715 { 1716 struct role_datum *upper, *role; 1717 struct policydb *p = datap; 1718 int depth = 0; 1719 1720 upper = role = datum; 1721 while (upper->bounds) { 1722 struct ebitmap_node *node; 1723 unsigned long bit; 1724 1725 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1726 printk(KERN_ERR "SELinux: role %s: " 1727 "too deep or looped bounds\n", 1728 (char *) key); 1729 return -EINVAL; 1730 } 1731 1732 upper = p->role_val_to_struct[upper->bounds - 1]; 1733 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1734 if (ebitmap_get_bit(&upper->types, bit)) 1735 continue; 1736 1737 printk(KERN_ERR 1738 "SELinux: boundary violated policy: " 1739 "role=%s type=%s bounds=%s\n", 1740 sym_name(p, SYM_ROLES, role->value - 1), 1741 sym_name(p, SYM_TYPES, bit), 1742 sym_name(p, SYM_ROLES, upper->value - 1)); 1743 1744 return -EINVAL; 1745 } 1746 } 1747 1748 return 0; 1749 } 1750 1751 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1752 { 1753 struct type_datum *upper; 1754 struct policydb *p = datap; 1755 int depth = 0; 1756 1757 upper = datum; 1758 while (upper->bounds) { 1759 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1760 printk(KERN_ERR "SELinux: type %s: " 1761 "too deep or looped boundary\n", 1762 (char *) key); 1763 return -EINVAL; 1764 } 1765 1766 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1767 upper->bounds - 1); 1768 BUG_ON(!upper); 1769 1770 if (upper->attribute) { 1771 printk(KERN_ERR "SELinux: type %s: " 1772 "bounded by attribute %s", 1773 (char *) key, 1774 sym_name(p, SYM_TYPES, upper->value - 1)); 1775 return -EINVAL; 1776 } 1777 } 1778 1779 return 0; 1780 } 1781 1782 static int policydb_bounds_sanity_check(struct policydb *p) 1783 { 1784 int rc; 1785 1786 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1787 return 0; 1788 1789 rc = hashtab_map(p->p_users.table, 1790 user_bounds_sanity_check, p); 1791 if (rc) 1792 return rc; 1793 1794 rc = hashtab_map(p->p_roles.table, 1795 role_bounds_sanity_check, p); 1796 if (rc) 1797 return rc; 1798 1799 rc = hashtab_map(p->p_types.table, 1800 type_bounds_sanity_check, p); 1801 if (rc) 1802 return rc; 1803 1804 return 0; 1805 } 1806 1807 u16 string_to_security_class(struct policydb *p, const char *name) 1808 { 1809 struct class_datum *cladatum; 1810 1811 cladatum = hashtab_search(p->p_classes.table, name); 1812 if (!cladatum) 1813 return 0; 1814 1815 return cladatum->value; 1816 } 1817 1818 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1819 { 1820 struct class_datum *cladatum; 1821 struct perm_datum *perdatum = NULL; 1822 struct common_datum *comdatum; 1823 1824 if (!tclass || tclass > p->p_classes.nprim) 1825 return 0; 1826 1827 cladatum = p->class_val_to_struct[tclass-1]; 1828 comdatum = cladatum->comdatum; 1829 if (comdatum) 1830 perdatum = hashtab_search(comdatum->permissions.table, 1831 name); 1832 if (!perdatum) 1833 perdatum = hashtab_search(cladatum->permissions.table, 1834 name); 1835 if (!perdatum) 1836 return 0; 1837 1838 return 1U << (perdatum->value-1); 1839 } 1840 1841 static int range_read(struct policydb *p, void *fp) 1842 { 1843 struct range_trans *rt = NULL; 1844 struct mls_range *r = NULL; 1845 int i, rc; 1846 __le32 buf[2]; 1847 u32 nel; 1848 1849 if (p->policyvers < POLICYDB_VERSION_MLS) 1850 return 0; 1851 1852 rc = next_entry(buf, fp, sizeof(u32)); 1853 if (rc) 1854 goto out; 1855 1856 nel = le32_to_cpu(buf[0]); 1857 for (i = 0; i < nel; i++) { 1858 rc = -ENOMEM; 1859 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1860 if (!rt) 1861 goto out; 1862 1863 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1864 if (rc) 1865 goto out; 1866 1867 rt->source_type = le32_to_cpu(buf[0]); 1868 rt->target_type = le32_to_cpu(buf[1]); 1869 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1870 rc = next_entry(buf, fp, sizeof(u32)); 1871 if (rc) 1872 goto out; 1873 rt->target_class = le32_to_cpu(buf[0]); 1874 } else 1875 rt->target_class = p->process_class; 1876 1877 rc = -EINVAL; 1878 if (!policydb_type_isvalid(p, rt->source_type) || 1879 !policydb_type_isvalid(p, rt->target_type) || 1880 !policydb_class_isvalid(p, rt->target_class)) 1881 goto out; 1882 1883 rc = -ENOMEM; 1884 r = kzalloc(sizeof(*r), GFP_KERNEL); 1885 if (!r) 1886 goto out; 1887 1888 rc = mls_read_range_helper(r, fp); 1889 if (rc) 1890 goto out; 1891 1892 rc = -EINVAL; 1893 if (!mls_range_isvalid(p, r)) { 1894 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1895 goto out; 1896 } 1897 1898 rc = hashtab_insert(p->range_tr, rt, r); 1899 if (rc) 1900 goto out; 1901 1902 rt = NULL; 1903 r = NULL; 1904 } 1905 hash_eval(p->range_tr, "rangetr"); 1906 rc = 0; 1907 out: 1908 kfree(rt); 1909 kfree(r); 1910 return rc; 1911 } 1912 1913 static int filename_trans_read(struct policydb *p, void *fp) 1914 { 1915 struct filename_trans *ft; 1916 struct filename_trans_datum *otype; 1917 char *name; 1918 u32 nel, len; 1919 __le32 buf[4]; 1920 int rc, i; 1921 1922 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1923 return 0; 1924 1925 rc = next_entry(buf, fp, sizeof(u32)); 1926 if (rc) 1927 return rc; 1928 nel = le32_to_cpu(buf[0]); 1929 1930 for (i = 0; i < nel; i++) { 1931 ft = NULL; 1932 otype = NULL; 1933 name = NULL; 1934 1935 rc = -ENOMEM; 1936 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1937 if (!ft) 1938 goto out; 1939 1940 rc = -ENOMEM; 1941 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1942 if (!otype) 1943 goto out; 1944 1945 /* length of the path component string */ 1946 rc = next_entry(buf, fp, sizeof(u32)); 1947 if (rc) 1948 goto out; 1949 len = le32_to_cpu(buf[0]); 1950 1951 /* path component string */ 1952 rc = str_read(&name, GFP_KERNEL, fp, len); 1953 if (rc) 1954 goto out; 1955 1956 ft->name = name; 1957 1958 rc = next_entry(buf, fp, sizeof(u32) * 4); 1959 if (rc) 1960 goto out; 1961 1962 ft->stype = le32_to_cpu(buf[0]); 1963 ft->ttype = le32_to_cpu(buf[1]); 1964 ft->tclass = le32_to_cpu(buf[2]); 1965 1966 otype->otype = le32_to_cpu(buf[3]); 1967 1968 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1969 if (rc) 1970 goto out; 1971 1972 rc = hashtab_insert(p->filename_trans, ft, otype); 1973 if (rc) { 1974 /* 1975 * Do not return -EEXIST to the caller, or the system 1976 * will not boot. 1977 */ 1978 if (rc != -EEXIST) 1979 goto out; 1980 /* But free memory to avoid memory leak. */ 1981 kfree(ft); 1982 kfree(name); 1983 kfree(otype); 1984 } 1985 } 1986 hash_eval(p->filename_trans, "filenametr"); 1987 return 0; 1988 out: 1989 kfree(ft); 1990 kfree(name); 1991 kfree(otype); 1992 1993 return rc; 1994 } 1995 1996 static int genfs_read(struct policydb *p, void *fp) 1997 { 1998 int i, j, rc; 1999 u32 nel, nel2, len, len2; 2000 __le32 buf[1]; 2001 struct ocontext *l, *c; 2002 struct ocontext *newc = NULL; 2003 struct genfs *genfs_p, *genfs; 2004 struct genfs *newgenfs = NULL; 2005 2006 rc = next_entry(buf, fp, sizeof(u32)); 2007 if (rc) 2008 goto out; 2009 nel = le32_to_cpu(buf[0]); 2010 2011 for (i = 0; i < nel; i++) { 2012 rc = next_entry(buf, fp, sizeof(u32)); 2013 if (rc) 2014 goto out; 2015 len = le32_to_cpu(buf[0]); 2016 2017 rc = -ENOMEM; 2018 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2019 if (!newgenfs) 2020 goto out; 2021 2022 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2023 if (rc) 2024 goto out; 2025 2026 for (genfs_p = NULL, genfs = p->genfs; genfs; 2027 genfs_p = genfs, genfs = genfs->next) { 2028 rc = -EINVAL; 2029 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2030 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 2031 newgenfs->fstype); 2032 goto out; 2033 } 2034 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2035 break; 2036 } 2037 newgenfs->next = genfs; 2038 if (genfs_p) 2039 genfs_p->next = newgenfs; 2040 else 2041 p->genfs = newgenfs; 2042 genfs = newgenfs; 2043 newgenfs = NULL; 2044 2045 rc = next_entry(buf, fp, sizeof(u32)); 2046 if (rc) 2047 goto out; 2048 2049 nel2 = le32_to_cpu(buf[0]); 2050 for (j = 0; j < nel2; j++) { 2051 rc = next_entry(buf, fp, sizeof(u32)); 2052 if (rc) 2053 goto out; 2054 len = le32_to_cpu(buf[0]); 2055 2056 rc = -ENOMEM; 2057 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2058 if (!newc) 2059 goto out; 2060 2061 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2062 if (rc) 2063 goto out; 2064 2065 rc = next_entry(buf, fp, sizeof(u32)); 2066 if (rc) 2067 goto out; 2068 2069 newc->v.sclass = le32_to_cpu(buf[0]); 2070 rc = context_read_and_validate(&newc->context[0], p, fp); 2071 if (rc) 2072 goto out; 2073 2074 for (l = NULL, c = genfs->head; c; 2075 l = c, c = c->next) { 2076 rc = -EINVAL; 2077 if (!strcmp(newc->u.name, c->u.name) && 2078 (!c->v.sclass || !newc->v.sclass || 2079 newc->v.sclass == c->v.sclass)) { 2080 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2081 genfs->fstype, c->u.name); 2082 goto out; 2083 } 2084 len = strlen(newc->u.name); 2085 len2 = strlen(c->u.name); 2086 if (len > len2) 2087 break; 2088 } 2089 2090 newc->next = c; 2091 if (l) 2092 l->next = newc; 2093 else 2094 genfs->head = newc; 2095 newc = NULL; 2096 } 2097 } 2098 rc = 0; 2099 out: 2100 if (newgenfs) 2101 kfree(newgenfs->fstype); 2102 kfree(newgenfs); 2103 ocontext_destroy(newc, OCON_FSUSE); 2104 2105 return rc; 2106 } 2107 2108 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2109 void *fp) 2110 { 2111 int i, j, rc; 2112 u32 nel, len; 2113 __le32 buf[3]; 2114 struct ocontext *l, *c; 2115 u32 nodebuf[8]; 2116 2117 for (i = 0; i < info->ocon_num; i++) { 2118 rc = next_entry(buf, fp, sizeof(u32)); 2119 if (rc) 2120 goto out; 2121 nel = le32_to_cpu(buf[0]); 2122 2123 l = NULL; 2124 for (j = 0; j < nel; j++) { 2125 rc = -ENOMEM; 2126 c = kzalloc(sizeof(*c), GFP_KERNEL); 2127 if (!c) 2128 goto out; 2129 if (l) 2130 l->next = c; 2131 else 2132 p->ocontexts[i] = c; 2133 l = c; 2134 2135 switch (i) { 2136 case OCON_ISID: 2137 rc = next_entry(buf, fp, sizeof(u32)); 2138 if (rc) 2139 goto out; 2140 2141 c->sid[0] = le32_to_cpu(buf[0]); 2142 rc = context_read_and_validate(&c->context[0], p, fp); 2143 if (rc) 2144 goto out; 2145 break; 2146 case OCON_FS: 2147 case OCON_NETIF: 2148 rc = next_entry(buf, fp, sizeof(u32)); 2149 if (rc) 2150 goto out; 2151 len = le32_to_cpu(buf[0]); 2152 2153 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2154 if (rc) 2155 goto out; 2156 2157 rc = context_read_and_validate(&c->context[0], p, fp); 2158 if (rc) 2159 goto out; 2160 rc = context_read_and_validate(&c->context[1], p, fp); 2161 if (rc) 2162 goto out; 2163 break; 2164 case OCON_PORT: 2165 rc = next_entry(buf, fp, sizeof(u32)*3); 2166 if (rc) 2167 goto out; 2168 c->u.port.protocol = le32_to_cpu(buf[0]); 2169 c->u.port.low_port = le32_to_cpu(buf[1]); 2170 c->u.port.high_port = le32_to_cpu(buf[2]); 2171 rc = context_read_and_validate(&c->context[0], p, fp); 2172 if (rc) 2173 goto out; 2174 break; 2175 case OCON_NODE: 2176 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2177 if (rc) 2178 goto out; 2179 c->u.node.addr = nodebuf[0]; /* network order */ 2180 c->u.node.mask = nodebuf[1]; /* network order */ 2181 rc = context_read_and_validate(&c->context[0], p, fp); 2182 if (rc) 2183 goto out; 2184 break; 2185 case OCON_FSUSE: 2186 rc = next_entry(buf, fp, sizeof(u32)*2); 2187 if (rc) 2188 goto out; 2189 2190 rc = -EINVAL; 2191 c->v.behavior = le32_to_cpu(buf[0]); 2192 /* Determined at runtime, not in policy DB. */ 2193 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2194 goto out; 2195 if (c->v.behavior > SECURITY_FS_USE_MAX) 2196 goto out; 2197 2198 len = le32_to_cpu(buf[1]); 2199 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2200 if (rc) 2201 goto out; 2202 2203 rc = context_read_and_validate(&c->context[0], p, fp); 2204 if (rc) 2205 goto out; 2206 break; 2207 case OCON_NODE6: { 2208 int k; 2209 2210 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2211 if (rc) 2212 goto out; 2213 for (k = 0; k < 4; k++) 2214 c->u.node6.addr[k] = nodebuf[k]; 2215 for (k = 0; k < 4; k++) 2216 c->u.node6.mask[k] = nodebuf[k+4]; 2217 rc = context_read_and_validate(&c->context[0], p, fp); 2218 if (rc) 2219 goto out; 2220 break; 2221 } 2222 } 2223 } 2224 } 2225 rc = 0; 2226 out: 2227 return rc; 2228 } 2229 2230 /* 2231 * Read the configuration data from a policy database binary 2232 * representation file into a policy database structure. 2233 */ 2234 int policydb_read(struct policydb *p, void *fp) 2235 { 2236 struct role_allow *ra, *lra; 2237 struct role_trans *tr, *ltr; 2238 int i, j, rc; 2239 __le32 buf[4]; 2240 u32 len, nprim, nel; 2241 2242 char *policydb_str; 2243 struct policydb_compat_info *info; 2244 2245 rc = policydb_init(p); 2246 if (rc) 2247 return rc; 2248 2249 /* Read the magic number and string length. */ 2250 rc = next_entry(buf, fp, sizeof(u32) * 2); 2251 if (rc) 2252 goto bad; 2253 2254 rc = -EINVAL; 2255 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2256 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2257 "not match expected magic number 0x%x\n", 2258 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2259 goto bad; 2260 } 2261 2262 rc = -EINVAL; 2263 len = le32_to_cpu(buf[1]); 2264 if (len != strlen(POLICYDB_STRING)) { 2265 printk(KERN_ERR "SELinux: policydb string length %d does not " 2266 "match expected length %Zu\n", 2267 len, strlen(POLICYDB_STRING)); 2268 goto bad; 2269 } 2270 2271 rc = -ENOMEM; 2272 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2273 if (!policydb_str) { 2274 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2275 "string of length %d\n", len); 2276 goto bad; 2277 } 2278 2279 rc = next_entry(policydb_str, fp, len); 2280 if (rc) { 2281 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2282 kfree(policydb_str); 2283 goto bad; 2284 } 2285 2286 rc = -EINVAL; 2287 policydb_str[len] = '\0'; 2288 if (strcmp(policydb_str, POLICYDB_STRING)) { 2289 printk(KERN_ERR "SELinux: policydb string %s does not match " 2290 "my string %s\n", policydb_str, POLICYDB_STRING); 2291 kfree(policydb_str); 2292 goto bad; 2293 } 2294 /* Done with policydb_str. */ 2295 kfree(policydb_str); 2296 policydb_str = NULL; 2297 2298 /* Read the version and table sizes. */ 2299 rc = next_entry(buf, fp, sizeof(u32)*4); 2300 if (rc) 2301 goto bad; 2302 2303 rc = -EINVAL; 2304 p->policyvers = le32_to_cpu(buf[0]); 2305 if (p->policyvers < POLICYDB_VERSION_MIN || 2306 p->policyvers > POLICYDB_VERSION_MAX) { 2307 printk(KERN_ERR "SELinux: policydb version %d does not match " 2308 "my version range %d-%d\n", 2309 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2310 goto bad; 2311 } 2312 2313 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2314 p->mls_enabled = 1; 2315 2316 rc = -EINVAL; 2317 if (p->policyvers < POLICYDB_VERSION_MLS) { 2318 printk(KERN_ERR "SELinux: security policydb version %d " 2319 "(MLS) not backwards compatible\n", 2320 p->policyvers); 2321 goto bad; 2322 } 2323 } 2324 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2325 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2326 2327 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2328 rc = ebitmap_read(&p->policycaps, fp); 2329 if (rc) 2330 goto bad; 2331 } 2332 2333 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2334 rc = ebitmap_read(&p->permissive_map, fp); 2335 if (rc) 2336 goto bad; 2337 } 2338 2339 rc = -EINVAL; 2340 info = policydb_lookup_compat(p->policyvers); 2341 if (!info) { 2342 printk(KERN_ERR "SELinux: unable to find policy compat info " 2343 "for version %d\n", p->policyvers); 2344 goto bad; 2345 } 2346 2347 rc = -EINVAL; 2348 if (le32_to_cpu(buf[2]) != info->sym_num || 2349 le32_to_cpu(buf[3]) != info->ocon_num) { 2350 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2351 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2352 le32_to_cpu(buf[3]), 2353 info->sym_num, info->ocon_num); 2354 goto bad; 2355 } 2356 2357 for (i = 0; i < info->sym_num; i++) { 2358 rc = next_entry(buf, fp, sizeof(u32)*2); 2359 if (rc) 2360 goto bad; 2361 nprim = le32_to_cpu(buf[0]); 2362 nel = le32_to_cpu(buf[1]); 2363 for (j = 0; j < nel; j++) { 2364 rc = read_f[i](p, p->symtab[i].table, fp); 2365 if (rc) 2366 goto bad; 2367 } 2368 2369 p->symtab[i].nprim = nprim; 2370 } 2371 2372 rc = -EINVAL; 2373 p->process_class = string_to_security_class(p, "process"); 2374 if (!p->process_class) 2375 goto bad; 2376 2377 rc = avtab_read(&p->te_avtab, fp, p); 2378 if (rc) 2379 goto bad; 2380 2381 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2382 rc = cond_read_list(p, fp); 2383 if (rc) 2384 goto bad; 2385 } 2386 2387 rc = next_entry(buf, fp, sizeof(u32)); 2388 if (rc) 2389 goto bad; 2390 nel = le32_to_cpu(buf[0]); 2391 ltr = NULL; 2392 for (i = 0; i < nel; i++) { 2393 rc = -ENOMEM; 2394 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2395 if (!tr) 2396 goto bad; 2397 if (ltr) 2398 ltr->next = tr; 2399 else 2400 p->role_tr = tr; 2401 rc = next_entry(buf, fp, sizeof(u32)*3); 2402 if (rc) 2403 goto bad; 2404 2405 rc = -EINVAL; 2406 tr->role = le32_to_cpu(buf[0]); 2407 tr->type = le32_to_cpu(buf[1]); 2408 tr->new_role = le32_to_cpu(buf[2]); 2409 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2410 rc = next_entry(buf, fp, sizeof(u32)); 2411 if (rc) 2412 goto bad; 2413 tr->tclass = le32_to_cpu(buf[0]); 2414 } else 2415 tr->tclass = p->process_class; 2416 2417 if (!policydb_role_isvalid(p, tr->role) || 2418 !policydb_type_isvalid(p, tr->type) || 2419 !policydb_class_isvalid(p, tr->tclass) || 2420 !policydb_role_isvalid(p, tr->new_role)) 2421 goto bad; 2422 ltr = tr; 2423 } 2424 2425 rc = next_entry(buf, fp, sizeof(u32)); 2426 if (rc) 2427 goto bad; 2428 nel = le32_to_cpu(buf[0]); 2429 lra = NULL; 2430 for (i = 0; i < nel; i++) { 2431 rc = -ENOMEM; 2432 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2433 if (!ra) 2434 goto bad; 2435 if (lra) 2436 lra->next = ra; 2437 else 2438 p->role_allow = ra; 2439 rc = next_entry(buf, fp, sizeof(u32)*2); 2440 if (rc) 2441 goto bad; 2442 2443 rc = -EINVAL; 2444 ra->role = le32_to_cpu(buf[0]); 2445 ra->new_role = le32_to_cpu(buf[1]); 2446 if (!policydb_role_isvalid(p, ra->role) || 2447 !policydb_role_isvalid(p, ra->new_role)) 2448 goto bad; 2449 lra = ra; 2450 } 2451 2452 rc = filename_trans_read(p, fp); 2453 if (rc) 2454 goto bad; 2455 2456 rc = policydb_index(p); 2457 if (rc) 2458 goto bad; 2459 2460 rc = -EINVAL; 2461 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2462 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2463 if (!p->process_trans_perms) 2464 goto bad; 2465 2466 rc = ocontext_read(p, info, fp); 2467 if (rc) 2468 goto bad; 2469 2470 rc = genfs_read(p, fp); 2471 if (rc) 2472 goto bad; 2473 2474 rc = range_read(p, fp); 2475 if (rc) 2476 goto bad; 2477 2478 rc = -ENOMEM; 2479 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2480 p->p_types.nprim, 2481 GFP_KERNEL | __GFP_ZERO); 2482 if (!p->type_attr_map_array) 2483 goto bad; 2484 2485 /* preallocate so we don't have to worry about the put ever failing */ 2486 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2487 GFP_KERNEL | __GFP_ZERO); 2488 if (rc) 2489 goto bad; 2490 2491 for (i = 0; i < p->p_types.nprim; i++) { 2492 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2493 2494 BUG_ON(!e); 2495 ebitmap_init(e); 2496 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2497 rc = ebitmap_read(e, fp); 2498 if (rc) 2499 goto bad; 2500 } 2501 /* add the type itself as the degenerate case */ 2502 rc = ebitmap_set_bit(e, i, 1); 2503 if (rc) 2504 goto bad; 2505 } 2506 2507 rc = policydb_bounds_sanity_check(p); 2508 if (rc) 2509 goto bad; 2510 2511 rc = 0; 2512 out: 2513 return rc; 2514 bad: 2515 policydb_destroy(p); 2516 goto out; 2517 } 2518 2519 /* 2520 * Write a MLS level structure to a policydb binary 2521 * representation file. 2522 */ 2523 static int mls_write_level(struct mls_level *l, void *fp) 2524 { 2525 __le32 buf[1]; 2526 int rc; 2527 2528 buf[0] = cpu_to_le32(l->sens); 2529 rc = put_entry(buf, sizeof(u32), 1, fp); 2530 if (rc) 2531 return rc; 2532 2533 rc = ebitmap_write(&l->cat, fp); 2534 if (rc) 2535 return rc; 2536 2537 return 0; 2538 } 2539 2540 /* 2541 * Write a MLS range structure to a policydb binary 2542 * representation file. 2543 */ 2544 static int mls_write_range_helper(struct mls_range *r, void *fp) 2545 { 2546 __le32 buf[3]; 2547 size_t items; 2548 int rc, eq; 2549 2550 eq = mls_level_eq(&r->level[1], &r->level[0]); 2551 2552 if (eq) 2553 items = 2; 2554 else 2555 items = 3; 2556 buf[0] = cpu_to_le32(items-1); 2557 buf[1] = cpu_to_le32(r->level[0].sens); 2558 if (!eq) 2559 buf[2] = cpu_to_le32(r->level[1].sens); 2560 2561 BUG_ON(items > ARRAY_SIZE(buf)); 2562 2563 rc = put_entry(buf, sizeof(u32), items, fp); 2564 if (rc) 2565 return rc; 2566 2567 rc = ebitmap_write(&r->level[0].cat, fp); 2568 if (rc) 2569 return rc; 2570 if (!eq) { 2571 rc = ebitmap_write(&r->level[1].cat, fp); 2572 if (rc) 2573 return rc; 2574 } 2575 2576 return 0; 2577 } 2578 2579 static int sens_write(void *vkey, void *datum, void *ptr) 2580 { 2581 char *key = vkey; 2582 struct level_datum *levdatum = datum; 2583 struct policy_data *pd = ptr; 2584 void *fp = pd->fp; 2585 __le32 buf[2]; 2586 size_t len; 2587 int rc; 2588 2589 len = strlen(key); 2590 buf[0] = cpu_to_le32(len); 2591 buf[1] = cpu_to_le32(levdatum->isalias); 2592 rc = put_entry(buf, sizeof(u32), 2, fp); 2593 if (rc) 2594 return rc; 2595 2596 rc = put_entry(key, 1, len, fp); 2597 if (rc) 2598 return rc; 2599 2600 rc = mls_write_level(levdatum->level, fp); 2601 if (rc) 2602 return rc; 2603 2604 return 0; 2605 } 2606 2607 static int cat_write(void *vkey, void *datum, void *ptr) 2608 { 2609 char *key = vkey; 2610 struct cat_datum *catdatum = datum; 2611 struct policy_data *pd = ptr; 2612 void *fp = pd->fp; 2613 __le32 buf[3]; 2614 size_t len; 2615 int rc; 2616 2617 len = strlen(key); 2618 buf[0] = cpu_to_le32(len); 2619 buf[1] = cpu_to_le32(catdatum->value); 2620 buf[2] = cpu_to_le32(catdatum->isalias); 2621 rc = put_entry(buf, sizeof(u32), 3, fp); 2622 if (rc) 2623 return rc; 2624 2625 rc = put_entry(key, 1, len, fp); 2626 if (rc) 2627 return rc; 2628 2629 return 0; 2630 } 2631 2632 static int role_trans_write(struct policydb *p, void *fp) 2633 { 2634 struct role_trans *r = p->role_tr; 2635 struct role_trans *tr; 2636 u32 buf[3]; 2637 size_t nel; 2638 int rc; 2639 2640 nel = 0; 2641 for (tr = r; tr; tr = tr->next) 2642 nel++; 2643 buf[0] = cpu_to_le32(nel); 2644 rc = put_entry(buf, sizeof(u32), 1, fp); 2645 if (rc) 2646 return rc; 2647 for (tr = r; tr; tr = tr->next) { 2648 buf[0] = cpu_to_le32(tr->role); 2649 buf[1] = cpu_to_le32(tr->type); 2650 buf[2] = cpu_to_le32(tr->new_role); 2651 rc = put_entry(buf, sizeof(u32), 3, fp); 2652 if (rc) 2653 return rc; 2654 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2655 buf[0] = cpu_to_le32(tr->tclass); 2656 rc = put_entry(buf, sizeof(u32), 1, fp); 2657 if (rc) 2658 return rc; 2659 } 2660 } 2661 2662 return 0; 2663 } 2664 2665 static int role_allow_write(struct role_allow *r, void *fp) 2666 { 2667 struct role_allow *ra; 2668 u32 buf[2]; 2669 size_t nel; 2670 int rc; 2671 2672 nel = 0; 2673 for (ra = r; ra; ra = ra->next) 2674 nel++; 2675 buf[0] = cpu_to_le32(nel); 2676 rc = put_entry(buf, sizeof(u32), 1, fp); 2677 if (rc) 2678 return rc; 2679 for (ra = r; ra; ra = ra->next) { 2680 buf[0] = cpu_to_le32(ra->role); 2681 buf[1] = cpu_to_le32(ra->new_role); 2682 rc = put_entry(buf, sizeof(u32), 2, fp); 2683 if (rc) 2684 return rc; 2685 } 2686 return 0; 2687 } 2688 2689 /* 2690 * Write a security context structure 2691 * to a policydb binary representation file. 2692 */ 2693 static int context_write(struct policydb *p, struct context *c, 2694 void *fp) 2695 { 2696 int rc; 2697 __le32 buf[3]; 2698 2699 buf[0] = cpu_to_le32(c->user); 2700 buf[1] = cpu_to_le32(c->role); 2701 buf[2] = cpu_to_le32(c->type); 2702 2703 rc = put_entry(buf, sizeof(u32), 3, fp); 2704 if (rc) 2705 return rc; 2706 2707 rc = mls_write_range_helper(&c->range, fp); 2708 if (rc) 2709 return rc; 2710 2711 return 0; 2712 } 2713 2714 /* 2715 * The following *_write functions are used to 2716 * write the symbol data to a policy database 2717 * binary representation file. 2718 */ 2719 2720 static int perm_write(void *vkey, void *datum, void *fp) 2721 { 2722 char *key = vkey; 2723 struct perm_datum *perdatum = datum; 2724 __le32 buf[2]; 2725 size_t len; 2726 int rc; 2727 2728 len = strlen(key); 2729 buf[0] = cpu_to_le32(len); 2730 buf[1] = cpu_to_le32(perdatum->value); 2731 rc = put_entry(buf, sizeof(u32), 2, fp); 2732 if (rc) 2733 return rc; 2734 2735 rc = put_entry(key, 1, len, fp); 2736 if (rc) 2737 return rc; 2738 2739 return 0; 2740 } 2741 2742 static int common_write(void *vkey, void *datum, void *ptr) 2743 { 2744 char *key = vkey; 2745 struct common_datum *comdatum = datum; 2746 struct policy_data *pd = ptr; 2747 void *fp = pd->fp; 2748 __le32 buf[4]; 2749 size_t len; 2750 int rc; 2751 2752 len = strlen(key); 2753 buf[0] = cpu_to_le32(len); 2754 buf[1] = cpu_to_le32(comdatum->value); 2755 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2756 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2757 rc = put_entry(buf, sizeof(u32), 4, fp); 2758 if (rc) 2759 return rc; 2760 2761 rc = put_entry(key, 1, len, fp); 2762 if (rc) 2763 return rc; 2764 2765 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2766 if (rc) 2767 return rc; 2768 2769 return 0; 2770 } 2771 2772 static int type_set_write(struct type_set *t, void *fp) 2773 { 2774 int rc; 2775 __le32 buf[1]; 2776 2777 if (ebitmap_write(&t->types, fp)) 2778 return -EINVAL; 2779 if (ebitmap_write(&t->negset, fp)) 2780 return -EINVAL; 2781 2782 buf[0] = cpu_to_le32(t->flags); 2783 rc = put_entry(buf, sizeof(u32), 1, fp); 2784 if (rc) 2785 return -EINVAL; 2786 2787 return 0; 2788 } 2789 2790 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2791 void *fp) 2792 { 2793 struct constraint_node *c; 2794 struct constraint_expr *e; 2795 __le32 buf[3]; 2796 u32 nel; 2797 int rc; 2798 2799 for (c = node; c; c = c->next) { 2800 nel = 0; 2801 for (e = c->expr; e; e = e->next) 2802 nel++; 2803 buf[0] = cpu_to_le32(c->permissions); 2804 buf[1] = cpu_to_le32(nel); 2805 rc = put_entry(buf, sizeof(u32), 2, fp); 2806 if (rc) 2807 return rc; 2808 for (e = c->expr; e; e = e->next) { 2809 buf[0] = cpu_to_le32(e->expr_type); 2810 buf[1] = cpu_to_le32(e->attr); 2811 buf[2] = cpu_to_le32(e->op); 2812 rc = put_entry(buf, sizeof(u32), 3, fp); 2813 if (rc) 2814 return rc; 2815 2816 switch (e->expr_type) { 2817 case CEXPR_NAMES: 2818 rc = ebitmap_write(&e->names, fp); 2819 if (rc) 2820 return rc; 2821 if (p->policyvers >= 2822 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2823 rc = type_set_write(e->type_names, fp); 2824 if (rc) 2825 return rc; 2826 } 2827 break; 2828 default: 2829 break; 2830 } 2831 } 2832 } 2833 2834 return 0; 2835 } 2836 2837 static int class_write(void *vkey, void *datum, void *ptr) 2838 { 2839 char *key = vkey; 2840 struct class_datum *cladatum = datum; 2841 struct policy_data *pd = ptr; 2842 void *fp = pd->fp; 2843 struct policydb *p = pd->p; 2844 struct constraint_node *c; 2845 __le32 buf[6]; 2846 u32 ncons; 2847 size_t len, len2; 2848 int rc; 2849 2850 len = strlen(key); 2851 if (cladatum->comkey) 2852 len2 = strlen(cladatum->comkey); 2853 else 2854 len2 = 0; 2855 2856 ncons = 0; 2857 for (c = cladatum->constraints; c; c = c->next) 2858 ncons++; 2859 2860 buf[0] = cpu_to_le32(len); 2861 buf[1] = cpu_to_le32(len2); 2862 buf[2] = cpu_to_le32(cladatum->value); 2863 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2864 if (cladatum->permissions.table) 2865 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2866 else 2867 buf[4] = 0; 2868 buf[5] = cpu_to_le32(ncons); 2869 rc = put_entry(buf, sizeof(u32), 6, fp); 2870 if (rc) 2871 return rc; 2872 2873 rc = put_entry(key, 1, len, fp); 2874 if (rc) 2875 return rc; 2876 2877 if (cladatum->comkey) { 2878 rc = put_entry(cladatum->comkey, 1, len2, fp); 2879 if (rc) 2880 return rc; 2881 } 2882 2883 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2884 if (rc) 2885 return rc; 2886 2887 rc = write_cons_helper(p, cladatum->constraints, fp); 2888 if (rc) 2889 return rc; 2890 2891 /* write out the validatetrans rule */ 2892 ncons = 0; 2893 for (c = cladatum->validatetrans; c; c = c->next) 2894 ncons++; 2895 2896 buf[0] = cpu_to_le32(ncons); 2897 rc = put_entry(buf, sizeof(u32), 1, fp); 2898 if (rc) 2899 return rc; 2900 2901 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2902 if (rc) 2903 return rc; 2904 2905 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2906 buf[0] = cpu_to_le32(cladatum->default_user); 2907 buf[1] = cpu_to_le32(cladatum->default_role); 2908 buf[2] = cpu_to_le32(cladatum->default_range); 2909 2910 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2911 if (rc) 2912 return rc; 2913 } 2914 2915 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2916 buf[0] = cpu_to_le32(cladatum->default_type); 2917 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2918 if (rc) 2919 return rc; 2920 } 2921 2922 return 0; 2923 } 2924 2925 static int role_write(void *vkey, void *datum, void *ptr) 2926 { 2927 char *key = vkey; 2928 struct role_datum *role = datum; 2929 struct policy_data *pd = ptr; 2930 void *fp = pd->fp; 2931 struct policydb *p = pd->p; 2932 __le32 buf[3]; 2933 size_t items, len; 2934 int rc; 2935 2936 len = strlen(key); 2937 items = 0; 2938 buf[items++] = cpu_to_le32(len); 2939 buf[items++] = cpu_to_le32(role->value); 2940 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2941 buf[items++] = cpu_to_le32(role->bounds); 2942 2943 BUG_ON(items > ARRAY_SIZE(buf)); 2944 2945 rc = put_entry(buf, sizeof(u32), items, fp); 2946 if (rc) 2947 return rc; 2948 2949 rc = put_entry(key, 1, len, fp); 2950 if (rc) 2951 return rc; 2952 2953 rc = ebitmap_write(&role->dominates, fp); 2954 if (rc) 2955 return rc; 2956 2957 rc = ebitmap_write(&role->types, fp); 2958 if (rc) 2959 return rc; 2960 2961 return 0; 2962 } 2963 2964 static int type_write(void *vkey, void *datum, void *ptr) 2965 { 2966 char *key = vkey; 2967 struct type_datum *typdatum = datum; 2968 struct policy_data *pd = ptr; 2969 struct policydb *p = pd->p; 2970 void *fp = pd->fp; 2971 __le32 buf[4]; 2972 int rc; 2973 size_t items, len; 2974 2975 len = strlen(key); 2976 items = 0; 2977 buf[items++] = cpu_to_le32(len); 2978 buf[items++] = cpu_to_le32(typdatum->value); 2979 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2980 u32 properties = 0; 2981 2982 if (typdatum->primary) 2983 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2984 2985 if (typdatum->attribute) 2986 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2987 2988 buf[items++] = cpu_to_le32(properties); 2989 buf[items++] = cpu_to_le32(typdatum->bounds); 2990 } else { 2991 buf[items++] = cpu_to_le32(typdatum->primary); 2992 } 2993 BUG_ON(items > ARRAY_SIZE(buf)); 2994 rc = put_entry(buf, sizeof(u32), items, fp); 2995 if (rc) 2996 return rc; 2997 2998 rc = put_entry(key, 1, len, fp); 2999 if (rc) 3000 return rc; 3001 3002 return 0; 3003 } 3004 3005 static int user_write(void *vkey, void *datum, void *ptr) 3006 { 3007 char *key = vkey; 3008 struct user_datum *usrdatum = datum; 3009 struct policy_data *pd = ptr; 3010 struct policydb *p = pd->p; 3011 void *fp = pd->fp; 3012 __le32 buf[3]; 3013 size_t items, len; 3014 int rc; 3015 3016 len = strlen(key); 3017 items = 0; 3018 buf[items++] = cpu_to_le32(len); 3019 buf[items++] = cpu_to_le32(usrdatum->value); 3020 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3021 buf[items++] = cpu_to_le32(usrdatum->bounds); 3022 BUG_ON(items > ARRAY_SIZE(buf)); 3023 rc = put_entry(buf, sizeof(u32), items, fp); 3024 if (rc) 3025 return rc; 3026 3027 rc = put_entry(key, 1, len, fp); 3028 if (rc) 3029 return rc; 3030 3031 rc = ebitmap_write(&usrdatum->roles, fp); 3032 if (rc) 3033 return rc; 3034 3035 rc = mls_write_range_helper(&usrdatum->range, fp); 3036 if (rc) 3037 return rc; 3038 3039 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3040 if (rc) 3041 return rc; 3042 3043 return 0; 3044 } 3045 3046 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3047 void *datap) = 3048 { 3049 common_write, 3050 class_write, 3051 role_write, 3052 type_write, 3053 user_write, 3054 cond_write_bool, 3055 sens_write, 3056 cat_write, 3057 }; 3058 3059 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3060 void *fp) 3061 { 3062 unsigned int i, j, rc; 3063 size_t nel, len; 3064 __le32 buf[3]; 3065 u32 nodebuf[8]; 3066 struct ocontext *c; 3067 for (i = 0; i < info->ocon_num; i++) { 3068 nel = 0; 3069 for (c = p->ocontexts[i]; c; c = c->next) 3070 nel++; 3071 buf[0] = cpu_to_le32(nel); 3072 rc = put_entry(buf, sizeof(u32), 1, fp); 3073 if (rc) 3074 return rc; 3075 for (c = p->ocontexts[i]; c; c = c->next) { 3076 switch (i) { 3077 case OCON_ISID: 3078 buf[0] = cpu_to_le32(c->sid[0]); 3079 rc = put_entry(buf, sizeof(u32), 1, fp); 3080 if (rc) 3081 return rc; 3082 rc = context_write(p, &c->context[0], fp); 3083 if (rc) 3084 return rc; 3085 break; 3086 case OCON_FS: 3087 case OCON_NETIF: 3088 len = strlen(c->u.name); 3089 buf[0] = cpu_to_le32(len); 3090 rc = put_entry(buf, sizeof(u32), 1, fp); 3091 if (rc) 3092 return rc; 3093 rc = put_entry(c->u.name, 1, len, fp); 3094 if (rc) 3095 return rc; 3096 rc = context_write(p, &c->context[0], fp); 3097 if (rc) 3098 return rc; 3099 rc = context_write(p, &c->context[1], fp); 3100 if (rc) 3101 return rc; 3102 break; 3103 case OCON_PORT: 3104 buf[0] = cpu_to_le32(c->u.port.protocol); 3105 buf[1] = cpu_to_le32(c->u.port.low_port); 3106 buf[2] = cpu_to_le32(c->u.port.high_port); 3107 rc = put_entry(buf, sizeof(u32), 3, fp); 3108 if (rc) 3109 return rc; 3110 rc = context_write(p, &c->context[0], fp); 3111 if (rc) 3112 return rc; 3113 break; 3114 case OCON_NODE: 3115 nodebuf[0] = c->u.node.addr; /* network order */ 3116 nodebuf[1] = c->u.node.mask; /* network order */ 3117 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3118 if (rc) 3119 return rc; 3120 rc = context_write(p, &c->context[0], fp); 3121 if (rc) 3122 return rc; 3123 break; 3124 case OCON_FSUSE: 3125 buf[0] = cpu_to_le32(c->v.behavior); 3126 len = strlen(c->u.name); 3127 buf[1] = cpu_to_le32(len); 3128 rc = put_entry(buf, sizeof(u32), 2, fp); 3129 if (rc) 3130 return rc; 3131 rc = put_entry(c->u.name, 1, len, fp); 3132 if (rc) 3133 return rc; 3134 rc = context_write(p, &c->context[0], fp); 3135 if (rc) 3136 return rc; 3137 break; 3138 case OCON_NODE6: 3139 for (j = 0; j < 4; j++) 3140 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3141 for (j = 0; j < 4; j++) 3142 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3143 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3144 if (rc) 3145 return rc; 3146 rc = context_write(p, &c->context[0], fp); 3147 if (rc) 3148 return rc; 3149 break; 3150 } 3151 } 3152 } 3153 return 0; 3154 } 3155 3156 static int genfs_write(struct policydb *p, void *fp) 3157 { 3158 struct genfs *genfs; 3159 struct ocontext *c; 3160 size_t len; 3161 __le32 buf[1]; 3162 int rc; 3163 3164 len = 0; 3165 for (genfs = p->genfs; genfs; genfs = genfs->next) 3166 len++; 3167 buf[0] = cpu_to_le32(len); 3168 rc = put_entry(buf, sizeof(u32), 1, fp); 3169 if (rc) 3170 return rc; 3171 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3172 len = strlen(genfs->fstype); 3173 buf[0] = cpu_to_le32(len); 3174 rc = put_entry(buf, sizeof(u32), 1, fp); 3175 if (rc) 3176 return rc; 3177 rc = put_entry(genfs->fstype, 1, len, fp); 3178 if (rc) 3179 return rc; 3180 len = 0; 3181 for (c = genfs->head; c; c = c->next) 3182 len++; 3183 buf[0] = cpu_to_le32(len); 3184 rc = put_entry(buf, sizeof(u32), 1, fp); 3185 if (rc) 3186 return rc; 3187 for (c = genfs->head; c; c = c->next) { 3188 len = strlen(c->u.name); 3189 buf[0] = cpu_to_le32(len); 3190 rc = put_entry(buf, sizeof(u32), 1, fp); 3191 if (rc) 3192 return rc; 3193 rc = put_entry(c->u.name, 1, len, fp); 3194 if (rc) 3195 return rc; 3196 buf[0] = cpu_to_le32(c->v.sclass); 3197 rc = put_entry(buf, sizeof(u32), 1, fp); 3198 if (rc) 3199 return rc; 3200 rc = context_write(p, &c->context[0], fp); 3201 if (rc) 3202 return rc; 3203 } 3204 } 3205 return 0; 3206 } 3207 3208 static int hashtab_cnt(void *key, void *data, void *ptr) 3209 { 3210 int *cnt = ptr; 3211 *cnt = *cnt + 1; 3212 3213 return 0; 3214 } 3215 3216 static int range_write_helper(void *key, void *data, void *ptr) 3217 { 3218 __le32 buf[2]; 3219 struct range_trans *rt = key; 3220 struct mls_range *r = data; 3221 struct policy_data *pd = ptr; 3222 void *fp = pd->fp; 3223 struct policydb *p = pd->p; 3224 int rc; 3225 3226 buf[0] = cpu_to_le32(rt->source_type); 3227 buf[1] = cpu_to_le32(rt->target_type); 3228 rc = put_entry(buf, sizeof(u32), 2, fp); 3229 if (rc) 3230 return rc; 3231 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3232 buf[0] = cpu_to_le32(rt->target_class); 3233 rc = put_entry(buf, sizeof(u32), 1, fp); 3234 if (rc) 3235 return rc; 3236 } 3237 rc = mls_write_range_helper(r, fp); 3238 if (rc) 3239 return rc; 3240 3241 return 0; 3242 } 3243 3244 static int range_write(struct policydb *p, void *fp) 3245 { 3246 __le32 buf[1]; 3247 int rc, nel; 3248 struct policy_data pd; 3249 3250 pd.p = p; 3251 pd.fp = fp; 3252 3253 /* count the number of entries in the hashtab */ 3254 nel = 0; 3255 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3256 if (rc) 3257 return rc; 3258 3259 buf[0] = cpu_to_le32(nel); 3260 rc = put_entry(buf, sizeof(u32), 1, fp); 3261 if (rc) 3262 return rc; 3263 3264 /* actually write all of the entries */ 3265 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3266 if (rc) 3267 return rc; 3268 3269 return 0; 3270 } 3271 3272 static int filename_write_helper(void *key, void *data, void *ptr) 3273 { 3274 __le32 buf[4]; 3275 struct filename_trans *ft = key; 3276 struct filename_trans_datum *otype = data; 3277 void *fp = ptr; 3278 int rc; 3279 u32 len; 3280 3281 len = strlen(ft->name); 3282 buf[0] = cpu_to_le32(len); 3283 rc = put_entry(buf, sizeof(u32), 1, fp); 3284 if (rc) 3285 return rc; 3286 3287 rc = put_entry(ft->name, sizeof(char), len, fp); 3288 if (rc) 3289 return rc; 3290 3291 buf[0] = cpu_to_le32(ft->stype); 3292 buf[1] = cpu_to_le32(ft->ttype); 3293 buf[2] = cpu_to_le32(ft->tclass); 3294 buf[3] = cpu_to_le32(otype->otype); 3295 3296 rc = put_entry(buf, sizeof(u32), 4, fp); 3297 if (rc) 3298 return rc; 3299 3300 return 0; 3301 } 3302 3303 static int filename_trans_write(struct policydb *p, void *fp) 3304 { 3305 u32 nel; 3306 __le32 buf[1]; 3307 int rc; 3308 3309 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3310 return 0; 3311 3312 nel = 0; 3313 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3314 if (rc) 3315 return rc; 3316 3317 buf[0] = cpu_to_le32(nel); 3318 rc = put_entry(buf, sizeof(u32), 1, fp); 3319 if (rc) 3320 return rc; 3321 3322 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3323 if (rc) 3324 return rc; 3325 3326 return 0; 3327 } 3328 3329 /* 3330 * Write the configuration data in a policy database 3331 * structure to a policy database binary representation 3332 * file. 3333 */ 3334 int policydb_write(struct policydb *p, void *fp) 3335 { 3336 unsigned int i, num_syms; 3337 int rc; 3338 __le32 buf[4]; 3339 u32 config; 3340 size_t len; 3341 struct policydb_compat_info *info; 3342 3343 /* 3344 * refuse to write policy older than compressed avtab 3345 * to simplify the writer. There are other tests dropped 3346 * since we assume this throughout the writer code. Be 3347 * careful if you ever try to remove this restriction 3348 */ 3349 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3350 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3351 " Because it is less than version %d\n", p->policyvers, 3352 POLICYDB_VERSION_AVTAB); 3353 return -EINVAL; 3354 } 3355 3356 config = 0; 3357 if (p->mls_enabled) 3358 config |= POLICYDB_CONFIG_MLS; 3359 3360 if (p->reject_unknown) 3361 config |= REJECT_UNKNOWN; 3362 if (p->allow_unknown) 3363 config |= ALLOW_UNKNOWN; 3364 3365 /* Write the magic number and string identifiers. */ 3366 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3367 len = strlen(POLICYDB_STRING); 3368 buf[1] = cpu_to_le32(len); 3369 rc = put_entry(buf, sizeof(u32), 2, fp); 3370 if (rc) 3371 return rc; 3372 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3373 if (rc) 3374 return rc; 3375 3376 /* Write the version, config, and table sizes. */ 3377 info = policydb_lookup_compat(p->policyvers); 3378 if (!info) { 3379 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3380 "version %d", p->policyvers); 3381 return -EINVAL; 3382 } 3383 3384 buf[0] = cpu_to_le32(p->policyvers); 3385 buf[1] = cpu_to_le32(config); 3386 buf[2] = cpu_to_le32(info->sym_num); 3387 buf[3] = cpu_to_le32(info->ocon_num); 3388 3389 rc = put_entry(buf, sizeof(u32), 4, fp); 3390 if (rc) 3391 return rc; 3392 3393 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3394 rc = ebitmap_write(&p->policycaps, fp); 3395 if (rc) 3396 return rc; 3397 } 3398 3399 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3400 rc = ebitmap_write(&p->permissive_map, fp); 3401 if (rc) 3402 return rc; 3403 } 3404 3405 num_syms = info->sym_num; 3406 for (i = 0; i < num_syms; i++) { 3407 struct policy_data pd; 3408 3409 pd.fp = fp; 3410 pd.p = p; 3411 3412 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3413 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3414 3415 rc = put_entry(buf, sizeof(u32), 2, fp); 3416 if (rc) 3417 return rc; 3418 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3419 if (rc) 3420 return rc; 3421 } 3422 3423 rc = avtab_write(p, &p->te_avtab, fp); 3424 if (rc) 3425 return rc; 3426 3427 rc = cond_write_list(p, p->cond_list, fp); 3428 if (rc) 3429 return rc; 3430 3431 rc = role_trans_write(p, fp); 3432 if (rc) 3433 return rc; 3434 3435 rc = role_allow_write(p->role_allow, fp); 3436 if (rc) 3437 return rc; 3438 3439 rc = filename_trans_write(p, fp); 3440 if (rc) 3441 return rc; 3442 3443 rc = ocontext_write(p, info, fp); 3444 if (rc) 3445 return rc; 3446 3447 rc = genfs_write(p, fp); 3448 if (rc) 3449 return rc; 3450 3451 rc = range_write(p, fp); 3452 if (rc) 3453 return rc; 3454 3455 for (i = 0; i < p->p_types.nprim; i++) { 3456 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3457 3458 BUG_ON(!e); 3459 rc = ebitmap_write(e, fp); 3460 if (rc) 3461 return rc; 3462 } 3463 3464 return 0; 3465 } 3466