1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * A policy database (policydb) specifies the 4 * configuration data for the security policy. 5 * 6 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 7 */ 8 9 /* 10 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 11 * Support for enhanced MLS infrastructure. 12 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 13 * 14 * Updated: Frank Mayer <mayerf@tresys.com> and 15 * Karl MacMillan <kmacmillan@tresys.com> 16 * Added conditional policy language extensions 17 * Copyright (C) 2003-2004 Tresys Technology, LLC 18 */ 19 20 #ifndef _SS_POLICYDB_H_ 21 #define _SS_POLICYDB_H_ 22 23 #include "symtab.h" 24 #include "avtab.h" 25 #include "sidtab.h" 26 #include "ebitmap.h" 27 #include "mls_types.h" 28 #include "context.h" 29 #include "constraint.h" 30 31 /* 32 * A datum type is defined for each kind of symbol 33 * in the configuration data: individual permissions, 34 * common prefixes for access vectors, classes, 35 * users, roles, types, sensitivities, categories, etc. 36 */ 37 38 /* Permission attributes */ 39 struct perm_datum { 40 u32 value; /* permission bit + 1 */ 41 }; 42 43 /* Attributes of a common prefix for access vectors */ 44 struct common_datum { 45 u32 value; /* internal common value */ 46 struct symtab permissions; /* common permissions */ 47 }; 48 49 /* Class attributes */ 50 struct class_datum { 51 u16 value; /* class value */ 52 char *comkey; /* common name */ 53 struct common_datum *comdatum; /* common datum */ 54 struct symtab permissions; /* class-specific permission symbol table */ 55 struct constraint_node *constraints; /* constraints on class perms */ 56 struct constraint_node *validatetrans; /* special transition rules */ 57 /* Options how a new object user, role, and type should be decided */ 58 #define DEFAULT_SOURCE 1 59 #define DEFAULT_TARGET 2 60 char default_user; 61 char default_role; 62 char default_type; 63 /* Options how a new object range should be decided */ 64 #define DEFAULT_SOURCE_LOW 1 65 #define DEFAULT_SOURCE_HIGH 2 66 #define DEFAULT_SOURCE_LOW_HIGH 3 67 #define DEFAULT_TARGET_LOW 4 68 #define DEFAULT_TARGET_HIGH 5 69 #define DEFAULT_TARGET_LOW_HIGH 6 70 #define DEFAULT_GLBLUB 7 71 char default_range; 72 }; 73 74 /* Role attributes */ 75 struct role_datum { 76 u32 value; /* internal role value */ 77 u32 bounds; /* boundary of role, 0 for none */ 78 struct ebitmap dominates; /* set of roles dominated by this role */ 79 struct ebitmap types; /* set of authorized types for role */ 80 }; 81 82 struct role_trans_key { 83 u32 role; /* current role */ 84 u32 type; /* program executable type, or new object type */ 85 u16 tclass; /* process class, or new object class */ 86 }; 87 88 struct role_trans_datum { 89 u32 new_role; /* new role */ 90 }; 91 92 struct filename_trans_key { 93 u32 ttype; /* parent dir context */ 94 u16 tclass; /* class of new object */ 95 const char *name; /* last path component */ 96 }; 97 98 struct filename_trans_datum { 99 struct ebitmap stypes; /* bitmap of source types for this otype */ 100 u32 otype; /* resulting type of new object */ 101 struct filename_trans_datum *next; /* record for next otype*/ 102 }; 103 104 struct role_allow { 105 u32 role; /* current role */ 106 u32 new_role; /* new role */ 107 struct role_allow *next; 108 }; 109 110 /* Type attributes */ 111 struct type_datum { 112 u32 value; /* internal type value */ 113 u32 bounds; /* boundary of type, 0 for none */ 114 /* internally unused, only forwarded via policydb_write() */ 115 unsigned char primary; /* primary name? */ 116 unsigned char attribute; /* attribute ?*/ 117 }; 118 119 /* User attributes */ 120 struct user_datum { 121 u32 value; /* internal user value */ 122 u32 bounds; /* bounds of user, 0 for none */ 123 struct ebitmap roles; /* set of authorized roles for user */ 124 struct mls_range range; /* MLS range (min - max) for user */ 125 struct mls_level dfltlevel; /* default login MLS level for user */ 126 }; 127 128 /* Sensitivity attributes */ 129 struct level_datum { 130 struct mls_level level; /* sensitivity and associated categories */ 131 unsigned char isalias; /* is this sensitivity an alias for another? */ 132 }; 133 134 /* Category attributes */ 135 struct cat_datum { 136 u32 value; /* internal category bit + 1 */ 137 unsigned char isalias; /* is this category an alias for another? */ 138 }; 139 140 struct range_trans { 141 u32 source_type; 142 u32 target_type; 143 u16 target_class; 144 }; 145 146 /* Boolean data type */ 147 struct cond_bool_datum { 148 u32 value; /* internal type value */ 149 int state; 150 }; 151 152 struct cond_node; 153 154 /* 155 * type set preserves data needed to determine constraint info from 156 * policy source. This is not used by the kernel policy but allows 157 * utilities such as audit2allow to determine constraint denials. 158 */ 159 struct type_set { 160 struct ebitmap types; 161 struct ebitmap negset; 162 u32 flags; 163 }; 164 165 /* 166 * The configuration data includes security contexts for 167 * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 168 * network interfaces, and nodes. This structure stores the 169 * relevant data for one such entry. Entries of the same kind 170 * (e.g. all initial SIDs) are linked together into a list. 171 */ 172 struct ocontext { 173 union { 174 char *name; /* name of initial SID, fs, netif, fstype, path */ 175 struct { 176 u8 protocol; 177 u16 low_port; 178 u16 high_port; 179 } port; /* TCP or UDP port information */ 180 struct { 181 u32 addr; 182 u32 mask; 183 } node; /* node information */ 184 struct { 185 u32 addr[4]; 186 u32 mask[4]; 187 } node6; /* IPv6 node information */ 188 struct { 189 u64 subnet_prefix; 190 u16 low_pkey; 191 u16 high_pkey; 192 } ibpkey; 193 struct { 194 char *dev_name; 195 u8 port; 196 } ibendport; 197 } u; 198 union { 199 u16 sclass; /* security class for genfs (can be 0 for wildcard) */ 200 u32 behavior; /* labeling behavior for fs_use */ 201 } v; 202 struct context context[2]; /* security context(s) */ 203 u32 sid[2]; /* SID(s) */ 204 struct ocontext *next; 205 }; 206 207 struct genfs { 208 char *fstype; 209 struct ocontext *head; 210 struct genfs *next; 211 }; 212 213 /* symbol table array indices */ 214 #define SYM_COMMONS 0 215 #define SYM_CLASSES 1 216 #define SYM_ROLES 2 217 #define SYM_TYPES 3 218 #define SYM_USERS 4 219 #define SYM_BOOLS 5 220 #define SYM_LEVELS 6 221 #define SYM_CATS 7 222 #define SYM_NUM 8 223 224 /* object context array indices */ 225 #define OCON_ISID 0 /* initial SIDs */ 226 #define OCON_FS 1 /* unlabeled file systems (deprecated) */ 227 #define OCON_PORT 2 /* TCP and UDP port numbers */ 228 #define OCON_NETIF 3 /* network interfaces */ 229 #define OCON_NODE 4 /* nodes */ 230 #define OCON_FSUSE 5 /* fs_use */ 231 #define OCON_NODE6 6 /* IPv6 nodes */ 232 #define OCON_IBPKEY 7 /* Infiniband PKeys */ 233 #define OCON_IBENDPORT 8 /* Infiniband end ports */ 234 #define OCON_NUM 9 235 236 /* The policy database */ 237 struct policydb { 238 int mls_enabled; 239 240 /* symbol tables */ 241 struct symtab symtab[SYM_NUM]; 242 #define p_commons symtab[SYM_COMMONS] 243 #define p_classes symtab[SYM_CLASSES] 244 #define p_roles symtab[SYM_ROLES] 245 #define p_types symtab[SYM_TYPES] 246 #define p_users symtab[SYM_USERS] 247 #define p_bools symtab[SYM_BOOLS] 248 #define p_levels symtab[SYM_LEVELS] 249 #define p_cats symtab[SYM_CATS] 250 251 /* symbol names indexed by (value - 1) */ 252 char **sym_val_to_name[SYM_NUM]; 253 254 /* class, role, and user attributes indexed by (value - 1) */ 255 struct class_datum **class_val_to_struct; 256 struct role_datum **role_val_to_struct; 257 struct user_datum **user_val_to_struct; 258 struct type_datum **type_val_to_struct; 259 260 /* type enforcement access vectors and transitions */ 261 struct avtab te_avtab; 262 263 /* role transitions */ 264 struct hashtab role_tr; 265 266 /* file transitions with the last path component */ 267 /* quickly exclude lookups when parent ttype has no rules */ 268 struct ebitmap filename_trans_ttypes; 269 /* actual set of filename_trans rules */ 270 struct hashtab filename_trans; 271 /* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */ 272 u32 compat_filename_trans_count; 273 274 /* bools indexed by (value - 1) */ 275 struct cond_bool_datum **bool_val_to_struct; 276 /* type enforcement conditional access vectors and transitions */ 277 struct avtab te_cond_avtab; 278 /* array indexing te_cond_avtab by conditional */ 279 struct cond_node *cond_list; 280 u32 cond_list_len; 281 282 /* role allows */ 283 struct role_allow *role_allow; 284 285 /* security contexts of initial SIDs, unlabeled file systems, 286 TCP or UDP port numbers, network interfaces and nodes */ 287 struct ocontext *ocontexts[OCON_NUM]; 288 289 /* security contexts for files in filesystems that cannot support 290 a persistent label mapping or use another 291 fixed labeling behavior. */ 292 struct genfs *genfs; 293 294 /* range transitions table (range_trans_key -> mls_range) */ 295 struct hashtab range_tr; 296 297 /* type -> attribute reverse mapping */ 298 struct ebitmap *type_attr_map_array; 299 300 struct ebitmap policycaps; 301 302 struct ebitmap permissive_map; 303 304 struct ebitmap neveraudit_map; 305 306 /* length of this policy when it was loaded */ 307 size_t len; 308 309 unsigned int policyvers; 310 311 unsigned int reject_unknown : 1; 312 unsigned int allow_unknown : 1; 313 314 u16 process_class; 315 u32 process_trans_perms; 316 } __randomize_layout; 317 318 struct policy_file { 319 char *data; 320 size_t len; 321 }; 322 323 extern void policydb_destroy(struct policydb *p); 324 extern int policydb_load_isids(struct policydb *p, struct sidtab *s); 325 extern bool policydb_context_isvalid(const struct policydb *p, 326 const struct context *c); 327 extern bool policydb_class_isvalid(const struct policydb *p, u16 class); 328 extern bool policydb_type_isvalid(const struct policydb *p, u32 type); 329 extern bool policydb_simpletype_isvalid(const struct policydb *p, u32 type); 330 extern bool policydb_role_isvalid(const struct policydb *p, u32 role); 331 extern bool policydb_user_isvalid(const struct policydb *p, u32 user); 332 extern int policydb_read(struct policydb *p, struct policy_file *fp); 333 extern int policydb_write(struct policydb *p, struct policy_file *fp); 334 335 extern struct filename_trans_datum * 336 policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key); 337 338 extern struct mls_range *policydb_rangetr_search(struct policydb *p, 339 struct range_trans *key); 340 341 extern struct role_trans_datum * 342 policydb_roletr_search(struct policydb *p, struct role_trans_key *key); 343 344 #define POLICYDB_CONFIG_MLS 1 345 346 /* the config flags related to unknown classes/perms are bits 2 and 3 */ 347 #define REJECT_UNKNOWN 0x00000002 348 #define ALLOW_UNKNOWN 0x00000004 349 350 #define OBJECT_R "object_r" 351 #define OBJECT_R_VAL 1 352 353 #define POLICYDB_MAGIC SELINUX_MAGIC 354 #define POLICYDB_STRING "SE Linux" 355 356 struct policy_data { 357 struct policydb *p; 358 struct policy_file *fp; 359 }; 360 361 static inline int size_check(size_t bytes, size_t num, 362 const struct policy_file *fp) 363 { 364 size_t len; 365 366 if (unlikely(check_mul_overflow(bytes, num, &len))) 367 return -EINVAL; 368 369 if (unlikely(len > fp->len)) 370 return -EINVAL; 371 372 return 0; 373 } 374 375 static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) 376 { 377 if (bytes > fp->len) 378 return -EINVAL; 379 380 memcpy(buf, fp->data, bytes); 381 fp->data += bytes; 382 fp->len -= bytes; 383 return 0; 384 } 385 386 static inline int put_entry(const void *buf, size_t bytes, size_t num, 387 struct policy_file *fp) 388 { 389 size_t len; 390 391 if (unlikely(check_mul_overflow(bytes, num, &len))) 392 return -EINVAL; 393 394 if (len > fp->len) 395 return -EINVAL; 396 memcpy(fp->data, buf, len); 397 fp->data += len; 398 fp->len -= len; 399 400 return 0; 401 } 402 403 static inline const char *sym_name(const struct policydb *p, unsigned int sym_num, 404 unsigned int element_nr) 405 { 406 return p->sym_val_to_name[sym_num][element_nr]; 407 } 408 409 static inline bool val_is_boolean(u32 value) 410 { 411 return value == 0 || value == 1; 412 } 413 414 extern int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len); 415 416 extern u16 string_to_security_class(struct policydb *p, const char *name); 417 extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); 418 419 #define pr_warn_once_policyload(policy, fmt, ...) \ 420 do { \ 421 static const void *prev_policy__; \ 422 if (prev_policy__ != policy) { \ 423 pr_warn(fmt, ##__VA_ARGS__); \ 424 prev_policy__ = policy; \ 425 } \ 426 } while (0) 427 428 #endif /* _SS_POLICYDB_H_ */ 429