1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul.moore@hp.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 39 #define _DEBUG_HASHES 40 41 #ifdef DEBUG_HASHES 42 static char *symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 #endif 53 54 int selinux_mls_enabled = 0; 55 56 static unsigned int symtab_sizes[SYM_NUM] = { 57 2, 58 32, 59 16, 60 512, 61 128, 62 16, 63 16, 64 16, 65 }; 66 67 struct policydb_compat_info { 68 int version; 69 int sym_num; 70 int ocon_num; 71 }; 72 73 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 74 static struct policydb_compat_info policydb_compat[] = { 75 { 76 .version = POLICYDB_VERSION_BASE, 77 .sym_num = SYM_NUM - 3, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_BOOL, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM - 1, 84 }, 85 { 86 .version = POLICYDB_VERSION_IPV6, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_NLCLASS, 92 .sym_num = SYM_NUM - 2, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_MLS, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_AVTAB, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 { 106 .version = POLICYDB_VERSION_RANGETRANS, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NUM, 109 }, 110 { 111 .version = POLICYDB_VERSION_POLCAP, 112 .sym_num = SYM_NUM, 113 .ocon_num = OCON_NUM, 114 }, 115 { 116 .version = POLICYDB_VERSION_PERMISSIVE, 117 .sym_num = SYM_NUM, 118 .ocon_num = OCON_NUM, 119 } 120 }; 121 122 static struct policydb_compat_info *policydb_lookup_compat(int version) 123 { 124 int i; 125 struct policydb_compat_info *info = NULL; 126 127 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 128 if (policydb_compat[i].version == version) { 129 info = &policydb_compat[i]; 130 break; 131 } 132 } 133 return info; 134 } 135 136 /* 137 * Initialize the role table. 138 */ 139 static int roles_init(struct policydb *p) 140 { 141 char *key = NULL; 142 int rc; 143 struct role_datum *role; 144 145 role = kzalloc(sizeof(*role), GFP_KERNEL); 146 if (!role) { 147 rc = -ENOMEM; 148 goto out; 149 } 150 role->value = ++p->p_roles.nprim; 151 if (role->value != OBJECT_R_VAL) { 152 rc = -EINVAL; 153 goto out_free_role; 154 } 155 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); 156 if (!key) { 157 rc = -ENOMEM; 158 goto out_free_role; 159 } 160 strcpy(key, OBJECT_R); 161 rc = hashtab_insert(p->p_roles.table, key, role); 162 if (rc) 163 goto out_free_key; 164 out: 165 return rc; 166 167 out_free_key: 168 kfree(key); 169 out_free_role: 170 kfree(role); 171 goto out; 172 } 173 174 /* 175 * Initialize a policy database structure. 176 */ 177 static int policydb_init(struct policydb *p) 178 { 179 int i, rc; 180 181 memset(p, 0, sizeof(*p)); 182 183 for (i = 0; i < SYM_NUM; i++) { 184 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 185 if (rc) 186 goto out_free_symtab; 187 } 188 189 rc = avtab_init(&p->te_avtab); 190 if (rc) 191 goto out_free_symtab; 192 193 rc = roles_init(p); 194 if (rc) 195 goto out_free_symtab; 196 197 rc = cond_policydb_init(p); 198 if (rc) 199 goto out_free_symtab; 200 201 ebitmap_init(&p->policycaps); 202 ebitmap_init(&p->permissive_map); 203 204 out: 205 return rc; 206 207 out_free_symtab: 208 for (i = 0; i < SYM_NUM; i++) 209 hashtab_destroy(p->symtab[i].table); 210 goto out; 211 } 212 213 /* 214 * The following *_index functions are used to 215 * define the val_to_name and val_to_struct arrays 216 * in a policy database structure. The val_to_name 217 * arrays are used when converting security context 218 * structures into string representations. The 219 * val_to_struct arrays are used when the attributes 220 * of a class, role, or user are needed. 221 */ 222 223 static int common_index(void *key, void *datum, void *datap) 224 { 225 struct policydb *p; 226 struct common_datum *comdatum; 227 228 comdatum = datum; 229 p = datap; 230 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 231 return -EINVAL; 232 p->p_common_val_to_name[comdatum->value - 1] = key; 233 return 0; 234 } 235 236 static int class_index(void *key, void *datum, void *datap) 237 { 238 struct policydb *p; 239 struct class_datum *cladatum; 240 241 cladatum = datum; 242 p = datap; 243 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 244 return -EINVAL; 245 p->p_class_val_to_name[cladatum->value - 1] = key; 246 p->class_val_to_struct[cladatum->value - 1] = cladatum; 247 return 0; 248 } 249 250 static int role_index(void *key, void *datum, void *datap) 251 { 252 struct policydb *p; 253 struct role_datum *role; 254 255 role = datum; 256 p = datap; 257 if (!role->value || role->value > p->p_roles.nprim) 258 return -EINVAL; 259 p->p_role_val_to_name[role->value - 1] = key; 260 p->role_val_to_struct[role->value - 1] = role; 261 return 0; 262 } 263 264 static int type_index(void *key, void *datum, void *datap) 265 { 266 struct policydb *p; 267 struct type_datum *typdatum; 268 269 typdatum = datum; 270 p = datap; 271 272 if (typdatum->primary) { 273 if (!typdatum->value || typdatum->value > p->p_types.nprim) 274 return -EINVAL; 275 p->p_type_val_to_name[typdatum->value - 1] = key; 276 } 277 278 return 0; 279 } 280 281 static int user_index(void *key, void *datum, void *datap) 282 { 283 struct policydb *p; 284 struct user_datum *usrdatum; 285 286 usrdatum = datum; 287 p = datap; 288 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 289 return -EINVAL; 290 p->p_user_val_to_name[usrdatum->value - 1] = key; 291 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 292 return 0; 293 } 294 295 static int sens_index(void *key, void *datum, void *datap) 296 { 297 struct policydb *p; 298 struct level_datum *levdatum; 299 300 levdatum = datum; 301 p = datap; 302 303 if (!levdatum->isalias) { 304 if (!levdatum->level->sens || 305 levdatum->level->sens > p->p_levels.nprim) 306 return -EINVAL; 307 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 308 } 309 310 return 0; 311 } 312 313 static int cat_index(void *key, void *datum, void *datap) 314 { 315 struct policydb *p; 316 struct cat_datum *catdatum; 317 318 catdatum = datum; 319 p = datap; 320 321 if (!catdatum->isalias) { 322 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 323 return -EINVAL; 324 p->p_cat_val_to_name[catdatum->value - 1] = key; 325 } 326 327 return 0; 328 } 329 330 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 331 { 332 common_index, 333 class_index, 334 role_index, 335 type_index, 336 user_index, 337 cond_index_bool, 338 sens_index, 339 cat_index, 340 }; 341 342 /* 343 * Define the common val_to_name array and the class 344 * val_to_name and val_to_struct arrays in a policy 345 * database structure. 346 * 347 * Caller must clean up upon failure. 348 */ 349 static int policydb_index_classes(struct policydb *p) 350 { 351 int rc; 352 353 p->p_common_val_to_name = 354 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 355 if (!p->p_common_val_to_name) { 356 rc = -ENOMEM; 357 goto out; 358 } 359 360 rc = hashtab_map(p->p_commons.table, common_index, p); 361 if (rc) 362 goto out; 363 364 p->class_val_to_struct = 365 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 366 if (!p->class_val_to_struct) { 367 rc = -ENOMEM; 368 goto out; 369 } 370 371 p->p_class_val_to_name = 372 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 373 if (!p->p_class_val_to_name) { 374 rc = -ENOMEM; 375 goto out; 376 } 377 378 rc = hashtab_map(p->p_classes.table, class_index, p); 379 out: 380 return rc; 381 } 382 383 #ifdef DEBUG_HASHES 384 static void symtab_hash_eval(struct symtab *s) 385 { 386 int i; 387 388 for (i = 0; i < SYM_NUM; i++) { 389 struct hashtab *h = s[i].table; 390 struct hashtab_info info; 391 392 hashtab_stat(h, &info); 393 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " 394 "longest chain length %d\n", symtab_name[i], h->nel, 395 info.slots_used, h->size, info.max_chain_len); 396 } 397 } 398 #endif 399 400 /* 401 * Define the other val_to_name and val_to_struct arrays 402 * in a policy database structure. 403 * 404 * Caller must clean up on failure. 405 */ 406 static int policydb_index_others(struct policydb *p) 407 { 408 int i, rc = 0; 409 410 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 411 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 412 if (selinux_mls_enabled) 413 printk(", %d sens, %d cats", p->p_levels.nprim, 414 p->p_cats.nprim); 415 printk("\n"); 416 417 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 418 p->p_classes.nprim, p->te_avtab.nel); 419 420 #ifdef DEBUG_HASHES 421 avtab_hash_eval(&p->te_avtab, "rules"); 422 symtab_hash_eval(p->symtab); 423 #endif 424 425 p->role_val_to_struct = 426 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 427 GFP_KERNEL); 428 if (!p->role_val_to_struct) { 429 rc = -ENOMEM; 430 goto out; 431 } 432 433 p->user_val_to_struct = 434 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 435 GFP_KERNEL); 436 if (!p->user_val_to_struct) { 437 rc = -ENOMEM; 438 goto out; 439 } 440 441 if (cond_init_bool_indexes(p)) { 442 rc = -ENOMEM; 443 goto out; 444 } 445 446 for (i = SYM_ROLES; i < SYM_NUM; i++) { 447 p->sym_val_to_name[i] = 448 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 449 if (!p->sym_val_to_name[i]) { 450 rc = -ENOMEM; 451 goto out; 452 } 453 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 454 if (rc) 455 goto out; 456 } 457 458 out: 459 return rc; 460 } 461 462 /* 463 * The following *_destroy functions are used to 464 * free any memory allocated for each kind of 465 * symbol data in the policy database. 466 */ 467 468 static int perm_destroy(void *key, void *datum, void *p) 469 { 470 kfree(key); 471 kfree(datum); 472 return 0; 473 } 474 475 static int common_destroy(void *key, void *datum, void *p) 476 { 477 struct common_datum *comdatum; 478 479 kfree(key); 480 comdatum = datum; 481 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 482 hashtab_destroy(comdatum->permissions.table); 483 kfree(datum); 484 return 0; 485 } 486 487 static int cls_destroy(void *key, void *datum, void *p) 488 { 489 struct class_datum *cladatum; 490 struct constraint_node *constraint, *ctemp; 491 struct constraint_expr *e, *etmp; 492 493 kfree(key); 494 cladatum = datum; 495 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 496 hashtab_destroy(cladatum->permissions.table); 497 constraint = cladatum->constraints; 498 while (constraint) { 499 e = constraint->expr; 500 while (e) { 501 ebitmap_destroy(&e->names); 502 etmp = e; 503 e = e->next; 504 kfree(etmp); 505 } 506 ctemp = constraint; 507 constraint = constraint->next; 508 kfree(ctemp); 509 } 510 511 constraint = cladatum->validatetrans; 512 while (constraint) { 513 e = constraint->expr; 514 while (e) { 515 ebitmap_destroy(&e->names); 516 etmp = e; 517 e = e->next; 518 kfree(etmp); 519 } 520 ctemp = constraint; 521 constraint = constraint->next; 522 kfree(ctemp); 523 } 524 525 kfree(cladatum->comkey); 526 kfree(datum); 527 return 0; 528 } 529 530 static int role_destroy(void *key, void *datum, void *p) 531 { 532 struct role_datum *role; 533 534 kfree(key); 535 role = datum; 536 ebitmap_destroy(&role->dominates); 537 ebitmap_destroy(&role->types); 538 kfree(datum); 539 return 0; 540 } 541 542 static int type_destroy(void *key, void *datum, void *p) 543 { 544 kfree(key); 545 kfree(datum); 546 return 0; 547 } 548 549 static int user_destroy(void *key, void *datum, void *p) 550 { 551 struct user_datum *usrdatum; 552 553 kfree(key); 554 usrdatum = datum; 555 ebitmap_destroy(&usrdatum->roles); 556 ebitmap_destroy(&usrdatum->range.level[0].cat); 557 ebitmap_destroy(&usrdatum->range.level[1].cat); 558 ebitmap_destroy(&usrdatum->dfltlevel.cat); 559 kfree(datum); 560 return 0; 561 } 562 563 static int sens_destroy(void *key, void *datum, void *p) 564 { 565 struct level_datum *levdatum; 566 567 kfree(key); 568 levdatum = datum; 569 ebitmap_destroy(&levdatum->level->cat); 570 kfree(levdatum->level); 571 kfree(datum); 572 return 0; 573 } 574 575 static int cat_destroy(void *key, void *datum, void *p) 576 { 577 kfree(key); 578 kfree(datum); 579 return 0; 580 } 581 582 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 583 { 584 common_destroy, 585 cls_destroy, 586 role_destroy, 587 type_destroy, 588 user_destroy, 589 cond_destroy_bool, 590 sens_destroy, 591 cat_destroy, 592 }; 593 594 static void ocontext_destroy(struct ocontext *c, int i) 595 { 596 context_destroy(&c->context[0]); 597 context_destroy(&c->context[1]); 598 if (i == OCON_ISID || i == OCON_FS || 599 i == OCON_NETIF || i == OCON_FSUSE) 600 kfree(c->u.name); 601 kfree(c); 602 } 603 604 /* 605 * Free any memory allocated by a policy database structure. 606 */ 607 void policydb_destroy(struct policydb *p) 608 { 609 struct ocontext *c, *ctmp; 610 struct genfs *g, *gtmp; 611 int i; 612 struct role_allow *ra, *lra = NULL; 613 struct role_trans *tr, *ltr = NULL; 614 struct range_trans *rt, *lrt = NULL; 615 616 for (i = 0; i < SYM_NUM; i++) { 617 cond_resched(); 618 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 619 hashtab_destroy(p->symtab[i].table); 620 } 621 622 for (i = 0; i < SYM_NUM; i++) 623 kfree(p->sym_val_to_name[i]); 624 625 kfree(p->class_val_to_struct); 626 kfree(p->role_val_to_struct); 627 kfree(p->user_val_to_struct); 628 629 avtab_destroy(&p->te_avtab); 630 631 for (i = 0; i < OCON_NUM; i++) { 632 cond_resched(); 633 c = p->ocontexts[i]; 634 while (c) { 635 ctmp = c; 636 c = c->next; 637 ocontext_destroy(ctmp,i); 638 } 639 p->ocontexts[i] = NULL; 640 } 641 642 g = p->genfs; 643 while (g) { 644 cond_resched(); 645 kfree(g->fstype); 646 c = g->head; 647 while (c) { 648 ctmp = c; 649 c = c->next; 650 ocontext_destroy(ctmp,OCON_FSUSE); 651 } 652 gtmp = g; 653 g = g->next; 654 kfree(gtmp); 655 } 656 p->genfs = NULL; 657 658 cond_policydb_destroy(p); 659 660 for (tr = p->role_tr; tr; tr = tr->next) { 661 cond_resched(); 662 kfree(ltr); 663 ltr = tr; 664 } 665 kfree(ltr); 666 667 for (ra = p->role_allow; ra; ra = ra -> next) { 668 cond_resched(); 669 kfree(lra); 670 lra = ra; 671 } 672 kfree(lra); 673 674 for (rt = p->range_tr; rt; rt = rt -> next) { 675 cond_resched(); 676 if (lrt) { 677 ebitmap_destroy(&lrt->target_range.level[0].cat); 678 ebitmap_destroy(&lrt->target_range.level[1].cat); 679 kfree(lrt); 680 } 681 lrt = rt; 682 } 683 if (lrt) { 684 ebitmap_destroy(&lrt->target_range.level[0].cat); 685 ebitmap_destroy(&lrt->target_range.level[1].cat); 686 kfree(lrt); 687 } 688 689 if (p->type_attr_map) { 690 for (i = 0; i < p->p_types.nprim; i++) 691 ebitmap_destroy(&p->type_attr_map[i]); 692 } 693 kfree(p->type_attr_map); 694 kfree(p->undefined_perms); 695 ebitmap_destroy(&p->policycaps); 696 ebitmap_destroy(&p->permissive_map); 697 698 return; 699 } 700 701 /* 702 * Load the initial SIDs specified in a policy database 703 * structure into a SID table. 704 */ 705 int policydb_load_isids(struct policydb *p, struct sidtab *s) 706 { 707 struct ocontext *head, *c; 708 int rc; 709 710 rc = sidtab_init(s); 711 if (rc) { 712 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 713 goto out; 714 } 715 716 head = p->ocontexts[OCON_ISID]; 717 for (c = head; c; c = c->next) { 718 if (!c->context[0].user) { 719 printk(KERN_ERR "SELinux: SID %s was never " 720 "defined.\n", c->u.name); 721 rc = -EINVAL; 722 goto out; 723 } 724 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 725 printk(KERN_ERR "SELinux: unable to load initial " 726 "SID %s.\n", c->u.name); 727 rc = -EINVAL; 728 goto out; 729 } 730 } 731 out: 732 return rc; 733 } 734 735 int policydb_class_isvalid(struct policydb *p, unsigned int class) 736 { 737 if (!class || class > p->p_classes.nprim) 738 return 0; 739 return 1; 740 } 741 742 int policydb_role_isvalid(struct policydb *p, unsigned int role) 743 { 744 if (!role || role > p->p_roles.nprim) 745 return 0; 746 return 1; 747 } 748 749 int policydb_type_isvalid(struct policydb *p, unsigned int type) 750 { 751 if (!type || type > p->p_types.nprim) 752 return 0; 753 return 1; 754 } 755 756 /* 757 * Return 1 if the fields in the security context 758 * structure `c' are valid. Return 0 otherwise. 759 */ 760 int policydb_context_isvalid(struct policydb *p, struct context *c) 761 { 762 struct role_datum *role; 763 struct user_datum *usrdatum; 764 765 if (!c->role || c->role > p->p_roles.nprim) 766 return 0; 767 768 if (!c->user || c->user > p->p_users.nprim) 769 return 0; 770 771 if (!c->type || c->type > p->p_types.nprim) 772 return 0; 773 774 if (c->role != OBJECT_R_VAL) { 775 /* 776 * Role must be authorized for the type. 777 */ 778 role = p->role_val_to_struct[c->role - 1]; 779 if (!ebitmap_get_bit(&role->types, 780 c->type - 1)) 781 /* role may not be associated with type */ 782 return 0; 783 784 /* 785 * User must be authorized for the role. 786 */ 787 usrdatum = p->user_val_to_struct[c->user - 1]; 788 if (!usrdatum) 789 return 0; 790 791 if (!ebitmap_get_bit(&usrdatum->roles, 792 c->role - 1)) 793 /* user may not be associated with role */ 794 return 0; 795 } 796 797 if (!mls_context_isvalid(p, c)) 798 return 0; 799 800 return 1; 801 } 802 803 /* 804 * Read a MLS range structure from a policydb binary 805 * representation file. 806 */ 807 static int mls_read_range_helper(struct mls_range *r, void *fp) 808 { 809 __le32 buf[2]; 810 u32 items; 811 int rc; 812 813 rc = next_entry(buf, fp, sizeof(u32)); 814 if (rc < 0) 815 goto out; 816 817 items = le32_to_cpu(buf[0]); 818 if (items > ARRAY_SIZE(buf)) { 819 printk(KERN_ERR "SELinux: mls: range overflow\n"); 820 rc = -EINVAL; 821 goto out; 822 } 823 rc = next_entry(buf, fp, sizeof(u32) * items); 824 if (rc < 0) { 825 printk(KERN_ERR "SELinux: mls: truncated range\n"); 826 goto out; 827 } 828 r->level[0].sens = le32_to_cpu(buf[0]); 829 if (items > 1) 830 r->level[1].sens = le32_to_cpu(buf[1]); 831 else 832 r->level[1].sens = r->level[0].sens; 833 834 rc = ebitmap_read(&r->level[0].cat, fp); 835 if (rc) { 836 printk(KERN_ERR "SELinux: mls: error reading low " 837 "categories\n"); 838 goto out; 839 } 840 if (items > 1) { 841 rc = ebitmap_read(&r->level[1].cat, fp); 842 if (rc) { 843 printk(KERN_ERR "SELinux: mls: error reading high " 844 "categories\n"); 845 goto bad_high; 846 } 847 } else { 848 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 849 if (rc) { 850 printk(KERN_ERR "SELinux: mls: out of memory\n"); 851 goto bad_high; 852 } 853 } 854 855 rc = 0; 856 out: 857 return rc; 858 bad_high: 859 ebitmap_destroy(&r->level[0].cat); 860 goto out; 861 } 862 863 /* 864 * Read and validate a security context structure 865 * from a policydb binary representation file. 866 */ 867 static int context_read_and_validate(struct context *c, 868 struct policydb *p, 869 void *fp) 870 { 871 __le32 buf[3]; 872 int rc; 873 874 rc = next_entry(buf, fp, sizeof buf); 875 if (rc < 0) { 876 printk(KERN_ERR "SELinux: context truncated\n"); 877 goto out; 878 } 879 c->user = le32_to_cpu(buf[0]); 880 c->role = le32_to_cpu(buf[1]); 881 c->type = le32_to_cpu(buf[2]); 882 if (p->policyvers >= POLICYDB_VERSION_MLS) { 883 if (mls_read_range_helper(&c->range, fp)) { 884 printk(KERN_ERR "SELinux: error reading MLS range of " 885 "context\n"); 886 rc = -EINVAL; 887 goto out; 888 } 889 } 890 891 if (!policydb_context_isvalid(p, c)) { 892 printk(KERN_ERR "SELinux: invalid security context\n"); 893 context_destroy(c); 894 rc = -EINVAL; 895 } 896 out: 897 return rc; 898 } 899 900 /* 901 * The following *_read functions are used to 902 * read the symbol data from a policy database 903 * binary representation file. 904 */ 905 906 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 907 { 908 char *key = NULL; 909 struct perm_datum *perdatum; 910 int rc; 911 __le32 buf[2]; 912 u32 len; 913 914 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 915 if (!perdatum) { 916 rc = -ENOMEM; 917 goto out; 918 } 919 920 rc = next_entry(buf, fp, sizeof buf); 921 if (rc < 0) 922 goto bad; 923 924 len = le32_to_cpu(buf[0]); 925 perdatum->value = le32_to_cpu(buf[1]); 926 927 key = kmalloc(len + 1,GFP_KERNEL); 928 if (!key) { 929 rc = -ENOMEM; 930 goto bad; 931 } 932 rc = next_entry(key, fp, len); 933 if (rc < 0) 934 goto bad; 935 key[len] = 0; 936 937 rc = hashtab_insert(h, key, perdatum); 938 if (rc) 939 goto bad; 940 out: 941 return rc; 942 bad: 943 perm_destroy(key, perdatum, NULL); 944 goto out; 945 } 946 947 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 948 { 949 char *key = NULL; 950 struct common_datum *comdatum; 951 __le32 buf[4]; 952 u32 len, nel; 953 int i, rc; 954 955 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 956 if (!comdatum) { 957 rc = -ENOMEM; 958 goto out; 959 } 960 961 rc = next_entry(buf, fp, sizeof buf); 962 if (rc < 0) 963 goto bad; 964 965 len = le32_to_cpu(buf[0]); 966 comdatum->value = le32_to_cpu(buf[1]); 967 968 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 969 if (rc) 970 goto bad; 971 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 972 nel = le32_to_cpu(buf[3]); 973 974 key = kmalloc(len + 1,GFP_KERNEL); 975 if (!key) { 976 rc = -ENOMEM; 977 goto bad; 978 } 979 rc = next_entry(key, fp, len); 980 if (rc < 0) 981 goto bad; 982 key[len] = 0; 983 984 for (i = 0; i < nel; i++) { 985 rc = perm_read(p, comdatum->permissions.table, fp); 986 if (rc) 987 goto bad; 988 } 989 990 rc = hashtab_insert(h, key, comdatum); 991 if (rc) 992 goto bad; 993 out: 994 return rc; 995 bad: 996 common_destroy(key, comdatum, NULL); 997 goto out; 998 } 999 1000 static int read_cons_helper(struct constraint_node **nodep, int ncons, 1001 int allowxtarget, void *fp) 1002 { 1003 struct constraint_node *c, *lc; 1004 struct constraint_expr *e, *le; 1005 __le32 buf[3]; 1006 u32 nexpr; 1007 int rc, i, j, depth; 1008 1009 lc = NULL; 1010 for (i = 0; i < ncons; i++) { 1011 c = kzalloc(sizeof(*c), GFP_KERNEL); 1012 if (!c) 1013 return -ENOMEM; 1014 1015 if (lc) { 1016 lc->next = c; 1017 } else { 1018 *nodep = c; 1019 } 1020 1021 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1022 if (rc < 0) 1023 return rc; 1024 c->permissions = le32_to_cpu(buf[0]); 1025 nexpr = le32_to_cpu(buf[1]); 1026 le = NULL; 1027 depth = -1; 1028 for (j = 0; j < nexpr; j++) { 1029 e = kzalloc(sizeof(*e), GFP_KERNEL); 1030 if (!e) 1031 return -ENOMEM; 1032 1033 if (le) { 1034 le->next = e; 1035 } else { 1036 c->expr = e; 1037 } 1038 1039 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1040 if (rc < 0) 1041 return rc; 1042 e->expr_type = le32_to_cpu(buf[0]); 1043 e->attr = le32_to_cpu(buf[1]); 1044 e->op = le32_to_cpu(buf[2]); 1045 1046 switch (e->expr_type) { 1047 case CEXPR_NOT: 1048 if (depth < 0) 1049 return -EINVAL; 1050 break; 1051 case CEXPR_AND: 1052 case CEXPR_OR: 1053 if (depth < 1) 1054 return -EINVAL; 1055 depth--; 1056 break; 1057 case CEXPR_ATTR: 1058 if (depth == (CEXPR_MAXDEPTH - 1)) 1059 return -EINVAL; 1060 depth++; 1061 break; 1062 case CEXPR_NAMES: 1063 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1064 return -EINVAL; 1065 if (depth == (CEXPR_MAXDEPTH - 1)) 1066 return -EINVAL; 1067 depth++; 1068 if (ebitmap_read(&e->names, fp)) 1069 return -EINVAL; 1070 break; 1071 default: 1072 return -EINVAL; 1073 } 1074 le = e; 1075 } 1076 if (depth != 0) 1077 return -EINVAL; 1078 lc = c; 1079 } 1080 1081 return 0; 1082 } 1083 1084 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1085 { 1086 char *key = NULL; 1087 struct class_datum *cladatum; 1088 __le32 buf[6]; 1089 u32 len, len2, ncons, nel; 1090 int i, rc; 1091 1092 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1093 if (!cladatum) { 1094 rc = -ENOMEM; 1095 goto out; 1096 } 1097 1098 rc = next_entry(buf, fp, sizeof(u32)*6); 1099 if (rc < 0) 1100 goto bad; 1101 1102 len = le32_to_cpu(buf[0]); 1103 len2 = le32_to_cpu(buf[1]); 1104 cladatum->value = le32_to_cpu(buf[2]); 1105 1106 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1107 if (rc) 1108 goto bad; 1109 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1110 nel = le32_to_cpu(buf[4]); 1111 1112 ncons = le32_to_cpu(buf[5]); 1113 1114 key = kmalloc(len + 1,GFP_KERNEL); 1115 if (!key) { 1116 rc = -ENOMEM; 1117 goto bad; 1118 } 1119 rc = next_entry(key, fp, len); 1120 if (rc < 0) 1121 goto bad; 1122 key[len] = 0; 1123 1124 if (len2) { 1125 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); 1126 if (!cladatum->comkey) { 1127 rc = -ENOMEM; 1128 goto bad; 1129 } 1130 rc = next_entry(cladatum->comkey, fp, len2); 1131 if (rc < 0) 1132 goto bad; 1133 cladatum->comkey[len2] = 0; 1134 1135 cladatum->comdatum = hashtab_search(p->p_commons.table, 1136 cladatum->comkey); 1137 if (!cladatum->comdatum) { 1138 printk(KERN_ERR "SELinux: unknown common %s\n", 1139 cladatum->comkey); 1140 rc = -EINVAL; 1141 goto bad; 1142 } 1143 } 1144 for (i = 0; i < nel; i++) { 1145 rc = perm_read(p, cladatum->permissions.table, fp); 1146 if (rc) 1147 goto bad; 1148 } 1149 1150 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1151 if (rc) 1152 goto bad; 1153 1154 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1155 /* grab the validatetrans rules */ 1156 rc = next_entry(buf, fp, sizeof(u32)); 1157 if (rc < 0) 1158 goto bad; 1159 ncons = le32_to_cpu(buf[0]); 1160 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1161 if (rc) 1162 goto bad; 1163 } 1164 1165 rc = hashtab_insert(h, key, cladatum); 1166 if (rc) 1167 goto bad; 1168 1169 rc = 0; 1170 out: 1171 return rc; 1172 bad: 1173 cls_destroy(key, cladatum, NULL); 1174 goto out; 1175 } 1176 1177 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1178 { 1179 char *key = NULL; 1180 struct role_datum *role; 1181 int rc; 1182 __le32 buf[2]; 1183 u32 len; 1184 1185 role = kzalloc(sizeof(*role), GFP_KERNEL); 1186 if (!role) { 1187 rc = -ENOMEM; 1188 goto out; 1189 } 1190 1191 rc = next_entry(buf, fp, sizeof buf); 1192 if (rc < 0) 1193 goto bad; 1194 1195 len = le32_to_cpu(buf[0]); 1196 role->value = le32_to_cpu(buf[1]); 1197 1198 key = kmalloc(len + 1,GFP_KERNEL); 1199 if (!key) { 1200 rc = -ENOMEM; 1201 goto bad; 1202 } 1203 rc = next_entry(key, fp, len); 1204 if (rc < 0) 1205 goto bad; 1206 key[len] = 0; 1207 1208 rc = ebitmap_read(&role->dominates, fp); 1209 if (rc) 1210 goto bad; 1211 1212 rc = ebitmap_read(&role->types, fp); 1213 if (rc) 1214 goto bad; 1215 1216 if (strcmp(key, OBJECT_R) == 0) { 1217 if (role->value != OBJECT_R_VAL) { 1218 printk(KERN_ERR "Role %s has wrong value %d\n", 1219 OBJECT_R, role->value); 1220 rc = -EINVAL; 1221 goto bad; 1222 } 1223 rc = 0; 1224 goto bad; 1225 } 1226 1227 rc = hashtab_insert(h, key, role); 1228 if (rc) 1229 goto bad; 1230 out: 1231 return rc; 1232 bad: 1233 role_destroy(key, role, NULL); 1234 goto out; 1235 } 1236 1237 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1238 { 1239 char *key = NULL; 1240 struct type_datum *typdatum; 1241 int rc; 1242 __le32 buf[3]; 1243 u32 len; 1244 1245 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); 1246 if (!typdatum) { 1247 rc = -ENOMEM; 1248 return rc; 1249 } 1250 1251 rc = next_entry(buf, fp, sizeof buf); 1252 if (rc < 0) 1253 goto bad; 1254 1255 len = le32_to_cpu(buf[0]); 1256 typdatum->value = le32_to_cpu(buf[1]); 1257 typdatum->primary = le32_to_cpu(buf[2]); 1258 1259 key = kmalloc(len + 1,GFP_KERNEL); 1260 if (!key) { 1261 rc = -ENOMEM; 1262 goto bad; 1263 } 1264 rc = next_entry(key, fp, len); 1265 if (rc < 0) 1266 goto bad; 1267 key[len] = 0; 1268 1269 rc = hashtab_insert(h, key, typdatum); 1270 if (rc) 1271 goto bad; 1272 out: 1273 return rc; 1274 bad: 1275 type_destroy(key, typdatum, NULL); 1276 goto out; 1277 } 1278 1279 1280 /* 1281 * Read a MLS level structure from a policydb binary 1282 * representation file. 1283 */ 1284 static int mls_read_level(struct mls_level *lp, void *fp) 1285 { 1286 __le32 buf[1]; 1287 int rc; 1288 1289 memset(lp, 0, sizeof(*lp)); 1290 1291 rc = next_entry(buf, fp, sizeof buf); 1292 if (rc < 0) { 1293 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1294 goto bad; 1295 } 1296 lp->sens = le32_to_cpu(buf[0]); 1297 1298 if (ebitmap_read(&lp->cat, fp)) { 1299 printk(KERN_ERR "SELinux: mls: error reading level " 1300 "categories\n"); 1301 goto bad; 1302 } 1303 1304 return 0; 1305 1306 bad: 1307 return -EINVAL; 1308 } 1309 1310 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1311 { 1312 char *key = NULL; 1313 struct user_datum *usrdatum; 1314 int rc; 1315 __le32 buf[2]; 1316 u32 len; 1317 1318 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1319 if (!usrdatum) { 1320 rc = -ENOMEM; 1321 goto out; 1322 } 1323 1324 rc = next_entry(buf, fp, sizeof buf); 1325 if (rc < 0) 1326 goto bad; 1327 1328 len = le32_to_cpu(buf[0]); 1329 usrdatum->value = le32_to_cpu(buf[1]); 1330 1331 key = kmalloc(len + 1,GFP_KERNEL); 1332 if (!key) { 1333 rc = -ENOMEM; 1334 goto bad; 1335 } 1336 rc = next_entry(key, fp, len); 1337 if (rc < 0) 1338 goto bad; 1339 key[len] = 0; 1340 1341 rc = ebitmap_read(&usrdatum->roles, fp); 1342 if (rc) 1343 goto bad; 1344 1345 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1346 rc = mls_read_range_helper(&usrdatum->range, fp); 1347 if (rc) 1348 goto bad; 1349 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1350 if (rc) 1351 goto bad; 1352 } 1353 1354 rc = hashtab_insert(h, key, usrdatum); 1355 if (rc) 1356 goto bad; 1357 out: 1358 return rc; 1359 bad: 1360 user_destroy(key, usrdatum, NULL); 1361 goto out; 1362 } 1363 1364 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1365 { 1366 char *key = NULL; 1367 struct level_datum *levdatum; 1368 int rc; 1369 __le32 buf[2]; 1370 u32 len; 1371 1372 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1373 if (!levdatum) { 1374 rc = -ENOMEM; 1375 goto out; 1376 } 1377 1378 rc = next_entry(buf, fp, sizeof buf); 1379 if (rc < 0) 1380 goto bad; 1381 1382 len = le32_to_cpu(buf[0]); 1383 levdatum->isalias = le32_to_cpu(buf[1]); 1384 1385 key = kmalloc(len + 1,GFP_ATOMIC); 1386 if (!key) { 1387 rc = -ENOMEM; 1388 goto bad; 1389 } 1390 rc = next_entry(key, fp, len); 1391 if (rc < 0) 1392 goto bad; 1393 key[len] = 0; 1394 1395 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1396 if (!levdatum->level) { 1397 rc = -ENOMEM; 1398 goto bad; 1399 } 1400 if (mls_read_level(levdatum->level, fp)) { 1401 rc = -EINVAL; 1402 goto bad; 1403 } 1404 1405 rc = hashtab_insert(h, key, levdatum); 1406 if (rc) 1407 goto bad; 1408 out: 1409 return rc; 1410 bad: 1411 sens_destroy(key, levdatum, NULL); 1412 goto out; 1413 } 1414 1415 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1416 { 1417 char *key = NULL; 1418 struct cat_datum *catdatum; 1419 int rc; 1420 __le32 buf[3]; 1421 u32 len; 1422 1423 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1424 if (!catdatum) { 1425 rc = -ENOMEM; 1426 goto out; 1427 } 1428 1429 rc = next_entry(buf, fp, sizeof buf); 1430 if (rc < 0) 1431 goto bad; 1432 1433 len = le32_to_cpu(buf[0]); 1434 catdatum->value = le32_to_cpu(buf[1]); 1435 catdatum->isalias = le32_to_cpu(buf[2]); 1436 1437 key = kmalloc(len + 1,GFP_ATOMIC); 1438 if (!key) { 1439 rc = -ENOMEM; 1440 goto bad; 1441 } 1442 rc = next_entry(key, fp, len); 1443 if (rc < 0) 1444 goto bad; 1445 key[len] = 0; 1446 1447 rc = hashtab_insert(h, key, catdatum); 1448 if (rc) 1449 goto bad; 1450 out: 1451 return rc; 1452 1453 bad: 1454 cat_destroy(key, catdatum, NULL); 1455 goto out; 1456 } 1457 1458 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1459 { 1460 common_read, 1461 class_read, 1462 role_read, 1463 type_read, 1464 user_read, 1465 cond_read_bool, 1466 sens_read, 1467 cat_read, 1468 }; 1469 1470 extern int ss_initialized; 1471 1472 /* 1473 * Read the configuration data from a policy database binary 1474 * representation file into a policy database structure. 1475 */ 1476 int policydb_read(struct policydb *p, void *fp) 1477 { 1478 struct role_allow *ra, *lra; 1479 struct role_trans *tr, *ltr; 1480 struct ocontext *l, *c, *newc; 1481 struct genfs *genfs_p, *genfs, *newgenfs; 1482 int i, j, rc; 1483 __le32 buf[8]; 1484 u32 len, len2, config, nprim, nel, nel2; 1485 char *policydb_str; 1486 struct policydb_compat_info *info; 1487 struct range_trans *rt, *lrt; 1488 1489 config = 0; 1490 1491 rc = policydb_init(p); 1492 if (rc) 1493 goto out; 1494 1495 /* Read the magic number and string length. */ 1496 rc = next_entry(buf, fp, sizeof(u32)* 2); 1497 if (rc < 0) 1498 goto bad; 1499 1500 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1501 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 1502 "not match expected magic number 0x%x\n", 1503 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1504 goto bad; 1505 } 1506 1507 len = le32_to_cpu(buf[1]); 1508 if (len != strlen(POLICYDB_STRING)) { 1509 printk(KERN_ERR "SELinux: policydb string length %d does not " 1510 "match expected length %Zu\n", 1511 len, strlen(POLICYDB_STRING)); 1512 goto bad; 1513 } 1514 policydb_str = kmalloc(len + 1,GFP_KERNEL); 1515 if (!policydb_str) { 1516 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 1517 "string of length %d\n", len); 1518 rc = -ENOMEM; 1519 goto bad; 1520 } 1521 rc = next_entry(policydb_str, fp, len); 1522 if (rc < 0) { 1523 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 1524 kfree(policydb_str); 1525 goto bad; 1526 } 1527 policydb_str[len] = 0; 1528 if (strcmp(policydb_str, POLICYDB_STRING)) { 1529 printk(KERN_ERR "SELinux: policydb string %s does not match " 1530 "my string %s\n", policydb_str, POLICYDB_STRING); 1531 kfree(policydb_str); 1532 goto bad; 1533 } 1534 /* Done with policydb_str. */ 1535 kfree(policydb_str); 1536 policydb_str = NULL; 1537 1538 /* Read the version, config, and table sizes. */ 1539 rc = next_entry(buf, fp, sizeof(u32)*4); 1540 if (rc < 0) 1541 goto bad; 1542 1543 p->policyvers = le32_to_cpu(buf[0]); 1544 if (p->policyvers < POLICYDB_VERSION_MIN || 1545 p->policyvers > POLICYDB_VERSION_MAX) { 1546 printk(KERN_ERR "SELinux: policydb version %d does not match " 1547 "my version range %d-%d\n", 1548 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1549 goto bad; 1550 } 1551 1552 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1553 if (ss_initialized && !selinux_mls_enabled) { 1554 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1555 "policies\n"); 1556 goto bad; 1557 } 1558 selinux_mls_enabled = 1; 1559 config |= POLICYDB_CONFIG_MLS; 1560 1561 if (p->policyvers < POLICYDB_VERSION_MLS) { 1562 printk(KERN_ERR "security policydb version %d (MLS) " 1563 "not backwards compatible\n", p->policyvers); 1564 goto bad; 1565 } 1566 } else { 1567 if (ss_initialized && selinux_mls_enabled) { 1568 printk(KERN_ERR "Cannot switch between MLS and non-MLS " 1569 "policies\n"); 1570 goto bad; 1571 } 1572 } 1573 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1574 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1575 1576 if (p->policyvers >= POLICYDB_VERSION_POLCAP && 1577 ebitmap_read(&p->policycaps, fp) != 0) 1578 goto bad; 1579 1580 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 1581 ebitmap_read(&p->permissive_map, fp) != 0) 1582 goto bad; 1583 1584 info = policydb_lookup_compat(p->policyvers); 1585 if (!info) { 1586 printk(KERN_ERR "SELinux: unable to find policy compat info " 1587 "for version %d\n", p->policyvers); 1588 goto bad; 1589 } 1590 1591 if (le32_to_cpu(buf[2]) != info->sym_num || 1592 le32_to_cpu(buf[3]) != info->ocon_num) { 1593 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 1594 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1595 le32_to_cpu(buf[3]), 1596 info->sym_num, info->ocon_num); 1597 goto bad; 1598 } 1599 1600 for (i = 0; i < info->sym_num; i++) { 1601 rc = next_entry(buf, fp, sizeof(u32)*2); 1602 if (rc < 0) 1603 goto bad; 1604 nprim = le32_to_cpu(buf[0]); 1605 nel = le32_to_cpu(buf[1]); 1606 for (j = 0; j < nel; j++) { 1607 rc = read_f[i](p, p->symtab[i].table, fp); 1608 if (rc) 1609 goto bad; 1610 } 1611 1612 p->symtab[i].nprim = nprim; 1613 } 1614 1615 rc = avtab_read(&p->te_avtab, fp, p); 1616 if (rc) 1617 goto bad; 1618 1619 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1620 rc = cond_read_list(p, fp); 1621 if (rc) 1622 goto bad; 1623 } 1624 1625 rc = next_entry(buf, fp, sizeof(u32)); 1626 if (rc < 0) 1627 goto bad; 1628 nel = le32_to_cpu(buf[0]); 1629 ltr = NULL; 1630 for (i = 0; i < nel; i++) { 1631 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1632 if (!tr) { 1633 rc = -ENOMEM; 1634 goto bad; 1635 } 1636 if (ltr) { 1637 ltr->next = tr; 1638 } else { 1639 p->role_tr = tr; 1640 } 1641 rc = next_entry(buf, fp, sizeof(u32)*3); 1642 if (rc < 0) 1643 goto bad; 1644 tr->role = le32_to_cpu(buf[0]); 1645 tr->type = le32_to_cpu(buf[1]); 1646 tr->new_role = le32_to_cpu(buf[2]); 1647 if (!policydb_role_isvalid(p, tr->role) || 1648 !policydb_type_isvalid(p, tr->type) || 1649 !policydb_role_isvalid(p, tr->new_role)) { 1650 rc = -EINVAL; 1651 goto bad; 1652 } 1653 ltr = tr; 1654 } 1655 1656 rc = next_entry(buf, fp, sizeof(u32)); 1657 if (rc < 0) 1658 goto bad; 1659 nel = le32_to_cpu(buf[0]); 1660 lra = NULL; 1661 for (i = 0; i < nel; i++) { 1662 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1663 if (!ra) { 1664 rc = -ENOMEM; 1665 goto bad; 1666 } 1667 if (lra) { 1668 lra->next = ra; 1669 } else { 1670 p->role_allow = ra; 1671 } 1672 rc = next_entry(buf, fp, sizeof(u32)*2); 1673 if (rc < 0) 1674 goto bad; 1675 ra->role = le32_to_cpu(buf[0]); 1676 ra->new_role = le32_to_cpu(buf[1]); 1677 if (!policydb_role_isvalid(p, ra->role) || 1678 !policydb_role_isvalid(p, ra->new_role)) { 1679 rc = -EINVAL; 1680 goto bad; 1681 } 1682 lra = ra; 1683 } 1684 1685 rc = policydb_index_classes(p); 1686 if (rc) 1687 goto bad; 1688 1689 rc = policydb_index_others(p); 1690 if (rc) 1691 goto bad; 1692 1693 for (i = 0; i < info->ocon_num; i++) { 1694 rc = next_entry(buf, fp, sizeof(u32)); 1695 if (rc < 0) 1696 goto bad; 1697 nel = le32_to_cpu(buf[0]); 1698 l = NULL; 1699 for (j = 0; j < nel; j++) { 1700 c = kzalloc(sizeof(*c), GFP_KERNEL); 1701 if (!c) { 1702 rc = -ENOMEM; 1703 goto bad; 1704 } 1705 if (l) { 1706 l->next = c; 1707 } else { 1708 p->ocontexts[i] = c; 1709 } 1710 l = c; 1711 rc = -EINVAL; 1712 switch (i) { 1713 case OCON_ISID: 1714 rc = next_entry(buf, fp, sizeof(u32)); 1715 if (rc < 0) 1716 goto bad; 1717 c->sid[0] = le32_to_cpu(buf[0]); 1718 rc = context_read_and_validate(&c->context[0], p, fp); 1719 if (rc) 1720 goto bad; 1721 break; 1722 case OCON_FS: 1723 case OCON_NETIF: 1724 rc = next_entry(buf, fp, sizeof(u32)); 1725 if (rc < 0) 1726 goto bad; 1727 len = le32_to_cpu(buf[0]); 1728 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1729 if (!c->u.name) { 1730 rc = -ENOMEM; 1731 goto bad; 1732 } 1733 rc = next_entry(c->u.name, fp, len); 1734 if (rc < 0) 1735 goto bad; 1736 c->u.name[len] = 0; 1737 rc = context_read_and_validate(&c->context[0], p, fp); 1738 if (rc) 1739 goto bad; 1740 rc = context_read_and_validate(&c->context[1], p, fp); 1741 if (rc) 1742 goto bad; 1743 break; 1744 case OCON_PORT: 1745 rc = next_entry(buf, fp, sizeof(u32)*3); 1746 if (rc < 0) 1747 goto bad; 1748 c->u.port.protocol = le32_to_cpu(buf[0]); 1749 c->u.port.low_port = le32_to_cpu(buf[1]); 1750 c->u.port.high_port = le32_to_cpu(buf[2]); 1751 rc = context_read_and_validate(&c->context[0], p, fp); 1752 if (rc) 1753 goto bad; 1754 break; 1755 case OCON_NODE: 1756 rc = next_entry(buf, fp, sizeof(u32)* 2); 1757 if (rc < 0) 1758 goto bad; 1759 c->u.node.addr = le32_to_cpu(buf[0]); 1760 c->u.node.mask = le32_to_cpu(buf[1]); 1761 rc = context_read_and_validate(&c->context[0], p, fp); 1762 if (rc) 1763 goto bad; 1764 break; 1765 case OCON_FSUSE: 1766 rc = next_entry(buf, fp, sizeof(u32)*2); 1767 if (rc < 0) 1768 goto bad; 1769 c->v.behavior = le32_to_cpu(buf[0]); 1770 if (c->v.behavior > SECURITY_FS_USE_NONE) 1771 goto bad; 1772 len = le32_to_cpu(buf[1]); 1773 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1774 if (!c->u.name) { 1775 rc = -ENOMEM; 1776 goto bad; 1777 } 1778 rc = next_entry(c->u.name, fp, len); 1779 if (rc < 0) 1780 goto bad; 1781 c->u.name[len] = 0; 1782 rc = context_read_and_validate(&c->context[0], p, fp); 1783 if (rc) 1784 goto bad; 1785 break; 1786 case OCON_NODE6: { 1787 int k; 1788 1789 rc = next_entry(buf, fp, sizeof(u32) * 8); 1790 if (rc < 0) 1791 goto bad; 1792 for (k = 0; k < 4; k++) 1793 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1794 for (k = 0; k < 4; k++) 1795 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1796 if (context_read_and_validate(&c->context[0], p, fp)) 1797 goto bad; 1798 break; 1799 } 1800 } 1801 } 1802 } 1803 1804 rc = next_entry(buf, fp, sizeof(u32)); 1805 if (rc < 0) 1806 goto bad; 1807 nel = le32_to_cpu(buf[0]); 1808 genfs_p = NULL; 1809 rc = -EINVAL; 1810 for (i = 0; i < nel; i++) { 1811 rc = next_entry(buf, fp, sizeof(u32)); 1812 if (rc < 0) 1813 goto bad; 1814 len = le32_to_cpu(buf[0]); 1815 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1816 if (!newgenfs) { 1817 rc = -ENOMEM; 1818 goto bad; 1819 } 1820 1821 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1822 if (!newgenfs->fstype) { 1823 rc = -ENOMEM; 1824 kfree(newgenfs); 1825 goto bad; 1826 } 1827 rc = next_entry(newgenfs->fstype, fp, len); 1828 if (rc < 0) { 1829 kfree(newgenfs->fstype); 1830 kfree(newgenfs); 1831 goto bad; 1832 } 1833 newgenfs->fstype[len] = 0; 1834 for (genfs_p = NULL, genfs = p->genfs; genfs; 1835 genfs_p = genfs, genfs = genfs->next) { 1836 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1837 printk(KERN_ERR "SELinux: dup genfs " 1838 "fstype %s\n", newgenfs->fstype); 1839 kfree(newgenfs->fstype); 1840 kfree(newgenfs); 1841 goto bad; 1842 } 1843 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1844 break; 1845 } 1846 newgenfs->next = genfs; 1847 if (genfs_p) 1848 genfs_p->next = newgenfs; 1849 else 1850 p->genfs = newgenfs; 1851 rc = next_entry(buf, fp, sizeof(u32)); 1852 if (rc < 0) 1853 goto bad; 1854 nel2 = le32_to_cpu(buf[0]); 1855 for (j = 0; j < nel2; j++) { 1856 rc = next_entry(buf, fp, sizeof(u32)); 1857 if (rc < 0) 1858 goto bad; 1859 len = le32_to_cpu(buf[0]); 1860 1861 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1862 if (!newc) { 1863 rc = -ENOMEM; 1864 goto bad; 1865 } 1866 1867 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1868 if (!newc->u.name) { 1869 rc = -ENOMEM; 1870 goto bad_newc; 1871 } 1872 rc = next_entry(newc->u.name, fp, len); 1873 if (rc < 0) 1874 goto bad_newc; 1875 newc->u.name[len] = 0; 1876 rc = next_entry(buf, fp, sizeof(u32)); 1877 if (rc < 0) 1878 goto bad_newc; 1879 newc->v.sclass = le32_to_cpu(buf[0]); 1880 if (context_read_and_validate(&newc->context[0], p, fp)) 1881 goto bad_newc; 1882 for (l = NULL, c = newgenfs->head; c; 1883 l = c, c = c->next) { 1884 if (!strcmp(newc->u.name, c->u.name) && 1885 (!c->v.sclass || !newc->v.sclass || 1886 newc->v.sclass == c->v.sclass)) { 1887 printk(KERN_ERR "SELinux: dup genfs " 1888 "entry (%s,%s)\n", 1889 newgenfs->fstype, c->u.name); 1890 goto bad_newc; 1891 } 1892 len = strlen(newc->u.name); 1893 len2 = strlen(c->u.name); 1894 if (len > len2) 1895 break; 1896 } 1897 1898 newc->next = c; 1899 if (l) 1900 l->next = newc; 1901 else 1902 newgenfs->head = newc; 1903 } 1904 } 1905 1906 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1907 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1908 rc = next_entry(buf, fp, sizeof(u32)); 1909 if (rc < 0) 1910 goto bad; 1911 nel = le32_to_cpu(buf[0]); 1912 lrt = NULL; 1913 for (i = 0; i < nel; i++) { 1914 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1915 if (!rt) { 1916 rc = -ENOMEM; 1917 goto bad; 1918 } 1919 if (lrt) 1920 lrt->next = rt; 1921 else 1922 p->range_tr = rt; 1923 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1924 if (rc < 0) 1925 goto bad; 1926 rt->source_type = le32_to_cpu(buf[0]); 1927 rt->target_type = le32_to_cpu(buf[1]); 1928 if (new_rangetr) { 1929 rc = next_entry(buf, fp, sizeof(u32)); 1930 if (rc < 0) 1931 goto bad; 1932 rt->target_class = le32_to_cpu(buf[0]); 1933 } else 1934 rt->target_class = SECCLASS_PROCESS; 1935 if (!policydb_type_isvalid(p, rt->source_type) || 1936 !policydb_type_isvalid(p, rt->target_type) || 1937 !policydb_class_isvalid(p, rt->target_class)) { 1938 rc = -EINVAL; 1939 goto bad; 1940 } 1941 rc = mls_read_range_helper(&rt->target_range, fp); 1942 if (rc) 1943 goto bad; 1944 if (!mls_range_isvalid(p, &rt->target_range)) { 1945 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1946 goto bad; 1947 } 1948 lrt = rt; 1949 } 1950 } 1951 1952 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1953 if (!p->type_attr_map) 1954 goto bad; 1955 1956 for (i = 0; i < p->p_types.nprim; i++) { 1957 ebitmap_init(&p->type_attr_map[i]); 1958 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1959 if (ebitmap_read(&p->type_attr_map[i], fp)) 1960 goto bad; 1961 } 1962 /* add the type itself as the degenerate case */ 1963 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1964 goto bad; 1965 } 1966 1967 rc = 0; 1968 out: 1969 return rc; 1970 bad_newc: 1971 ocontext_destroy(newc,OCON_FSUSE); 1972 bad: 1973 if (!rc) 1974 rc = -EINVAL; 1975 policydb_destroy(p); 1976 goto out; 1977 } 1978