1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * Support for enhanced MLS infrastructure. 11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * Added conditional policy language extensions 16 * Copyright (C) 2003-2004 Tresys Technology, LLC 17 * 18 * Updated: Hewlett-Packard <paul@paul-moore.com> 19 * Added support for the policy capability bitmap 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * 22 * Update: Mellanox Techonologies 23 * Added Infiniband support 24 * Copyright (C) 2016 Mellanox Techonologies 25 */ 26 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/string.h> 31 #include <linux/errno.h> 32 #include <linux/audit.h> 33 #include <linux/sort.h> 34 #include "security.h" 35 36 #include "policydb.h" 37 #include "conditional.h" 38 #include "mls.h" 39 #include "services.h" 40 41 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 42 /* clang-format off */ 43 static const char *const symtab_name[SYM_NUM] = { 44 "common prefixes", 45 "classes", 46 "roles", 47 "types", 48 "users", 49 "bools", 50 "levels", 51 "categories", 52 }; 53 /* clang-format off */ 54 #endif 55 56 struct policydb_compat_info { 57 unsigned int version; 58 unsigned int sym_num; 59 unsigned int ocon_num; 60 }; 61 62 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 63 static const struct policydb_compat_info policydb_compat[] = { 64 { 65 .version = POLICYDB_VERSION_BASE, 66 .sym_num = SYM_NUM - 3, 67 .ocon_num = OCON_NUM - 3, 68 }, 69 { 70 .version = POLICYDB_VERSION_BOOL, 71 .sym_num = SYM_NUM - 2, 72 .ocon_num = OCON_NUM - 3, 73 }, 74 { 75 .version = POLICYDB_VERSION_IPV6, 76 .sym_num = SYM_NUM - 2, 77 .ocon_num = OCON_NUM - 2, 78 }, 79 { 80 .version = POLICYDB_VERSION_NLCLASS, 81 .sym_num = SYM_NUM - 2, 82 .ocon_num = OCON_NUM - 2, 83 }, 84 { 85 .version = POLICYDB_VERSION_MLS, 86 .sym_num = SYM_NUM, 87 .ocon_num = OCON_NUM - 2, 88 }, 89 { 90 .version = POLICYDB_VERSION_AVTAB, 91 .sym_num = SYM_NUM, 92 .ocon_num = OCON_NUM - 2, 93 }, 94 { 95 .version = POLICYDB_VERSION_RANGETRANS, 96 .sym_num = SYM_NUM, 97 .ocon_num = OCON_NUM - 2, 98 }, 99 { 100 .version = POLICYDB_VERSION_POLCAP, 101 .sym_num = SYM_NUM, 102 .ocon_num = OCON_NUM - 2, 103 }, 104 { 105 .version = POLICYDB_VERSION_PERMISSIVE, 106 .sym_num = SYM_NUM, 107 .ocon_num = OCON_NUM - 2, 108 }, 109 { 110 .version = POLICYDB_VERSION_BOUNDARY, 111 .sym_num = SYM_NUM, 112 .ocon_num = OCON_NUM - 2, 113 }, 114 { 115 .version = POLICYDB_VERSION_FILENAME_TRANS, 116 .sym_num = SYM_NUM, 117 .ocon_num = OCON_NUM - 2, 118 }, 119 { 120 .version = POLICYDB_VERSION_ROLETRANS, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NUM - 2, 123 }, 124 { 125 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 126 .sym_num = SYM_NUM, 127 .ocon_num = OCON_NUM - 2, 128 }, 129 { 130 .version = POLICYDB_VERSION_DEFAULT_TYPE, 131 .sym_num = SYM_NUM, 132 .ocon_num = OCON_NUM - 2, 133 }, 134 { 135 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 136 .sym_num = SYM_NUM, 137 .ocon_num = OCON_NUM - 2, 138 }, 139 { 140 .version = POLICYDB_VERSION_XPERMS_IOCTL, 141 .sym_num = SYM_NUM, 142 .ocon_num = OCON_NUM - 2, 143 }, 144 { 145 .version = POLICYDB_VERSION_INFINIBAND, 146 .sym_num = SYM_NUM, 147 .ocon_num = OCON_NUM, 148 }, 149 { 150 .version = POLICYDB_VERSION_GLBLUB, 151 .sym_num = SYM_NUM, 152 .ocon_num = OCON_NUM, 153 }, 154 { 155 .version = POLICYDB_VERSION_COMP_FTRANS, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NUM, 158 }, 159 { 160 .version = POLICYDB_VERSION_COND_XPERMS, 161 .sym_num = SYM_NUM, 162 .ocon_num = OCON_NUM, 163 }, 164 { 165 .version = POLICYDB_VERSION_NEVERAUDIT, 166 .sym_num = SYM_NUM, 167 .ocon_num = OCON_NUM, 168 }, 169 }; 170 171 static const struct policydb_compat_info * 172 policydb_lookup_compat(unsigned int version) 173 { 174 unsigned int i; 175 176 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 177 if (policydb_compat[i].version == version) 178 return &policydb_compat[i]; 179 } 180 181 return NULL; 182 } 183 184 /* 185 * The following *_destroy functions are used to 186 * free any memory allocated for each kind of 187 * symbol data in the policy database. 188 */ 189 190 static int perm_destroy(void *key, void *datum, void *p) 191 { 192 kfree(key); 193 kfree(datum); 194 return 0; 195 } 196 197 static int common_destroy(void *key, void *datum, void *p) 198 { 199 struct common_datum *comdatum; 200 201 kfree(key); 202 if (datum) { 203 comdatum = datum; 204 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 205 hashtab_destroy(&comdatum->permissions.table); 206 } 207 kfree(datum); 208 return 0; 209 } 210 211 static void constraint_expr_destroy(struct constraint_expr *expr) 212 { 213 if (expr) { 214 ebitmap_destroy(&expr->names); 215 if (expr->type_names) { 216 ebitmap_destroy(&expr->type_names->types); 217 ebitmap_destroy(&expr->type_names->negset); 218 kfree(expr->type_names); 219 } 220 kfree(expr); 221 } 222 } 223 224 static int cls_destroy(void *key, void *datum, void *p) 225 { 226 struct class_datum *cladatum; 227 struct constraint_node *constraint, *ctemp; 228 struct constraint_expr *e, *etmp; 229 230 kfree(key); 231 if (datum) { 232 cladatum = datum; 233 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 234 hashtab_destroy(&cladatum->permissions.table); 235 constraint = cladatum->constraints; 236 while (constraint) { 237 e = constraint->expr; 238 while (e) { 239 etmp = e; 240 e = e->next; 241 constraint_expr_destroy(etmp); 242 } 243 ctemp = constraint; 244 constraint = constraint->next; 245 kfree(ctemp); 246 } 247 248 constraint = cladatum->validatetrans; 249 while (constraint) { 250 e = constraint->expr; 251 while (e) { 252 etmp = e; 253 e = e->next; 254 constraint_expr_destroy(etmp); 255 } 256 ctemp = constraint; 257 constraint = constraint->next; 258 kfree(ctemp); 259 } 260 kfree(cladatum->comkey); 261 } 262 kfree(datum); 263 return 0; 264 } 265 266 static int role_destroy(void *key, void *datum, void *p) 267 { 268 struct role_datum *role; 269 270 kfree(key); 271 if (datum) { 272 role = datum; 273 ebitmap_destroy(&role->dominates); 274 ebitmap_destroy(&role->types); 275 } 276 kfree(datum); 277 return 0; 278 } 279 280 static int type_destroy(void *key, void *datum, void *p) 281 { 282 kfree(key); 283 kfree(datum); 284 return 0; 285 } 286 287 static int user_destroy(void *key, void *datum, void *p) 288 { 289 struct user_datum *usrdatum; 290 291 kfree(key); 292 if (datum) { 293 usrdatum = datum; 294 ebitmap_destroy(&usrdatum->roles); 295 ebitmap_destroy(&usrdatum->range.level[0].cat); 296 ebitmap_destroy(&usrdatum->range.level[1].cat); 297 ebitmap_destroy(&usrdatum->dfltlevel.cat); 298 } 299 kfree(datum); 300 return 0; 301 } 302 303 static int sens_destroy(void *key, void *datum, void *p) 304 { 305 struct level_datum *levdatum; 306 307 kfree(key); 308 if (datum) { 309 levdatum = datum; 310 ebitmap_destroy(&levdatum->level.cat); 311 } 312 kfree(datum); 313 return 0; 314 } 315 316 static int cat_destroy(void *key, void *datum, void *p) 317 { 318 kfree(key); 319 kfree(datum); 320 return 0; 321 } 322 323 /* clang-format off */ 324 static int (*const destroy_f[SYM_NUM])(void *key, void *datum, void *datap) = { 325 common_destroy, 326 cls_destroy, 327 role_destroy, 328 type_destroy, 329 user_destroy, 330 cond_destroy_bool, 331 sens_destroy, 332 cat_destroy, 333 }; 334 /* clang-format on */ 335 336 static int filenametr_destroy(void *key, void *datum, void *p) 337 { 338 struct filename_trans_key *ft = key; 339 struct filename_trans_datum *next, *d = datum; 340 341 kfree(ft->name); 342 kfree(key); 343 do { 344 ebitmap_destroy(&d->stypes); 345 next = d->next; 346 kfree(d); 347 d = next; 348 } while (unlikely(d)); 349 cond_resched(); 350 return 0; 351 } 352 353 static int range_tr_destroy(void *key, void *datum, void *p) 354 { 355 struct mls_range *rt = datum; 356 357 kfree(key); 358 ebitmap_destroy(&rt->level[0].cat); 359 ebitmap_destroy(&rt->level[1].cat); 360 kfree(datum); 361 cond_resched(); 362 return 0; 363 } 364 365 static int role_tr_destroy(void *key, void *datum, void *p) 366 { 367 kfree(key); 368 kfree(datum); 369 return 0; 370 } 371 372 static void ocontext_destroy(struct ocontext *c, unsigned int i) 373 { 374 if (!c) 375 return; 376 377 context_destroy(&c->context[0]); 378 context_destroy(&c->context[1]); 379 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || 380 i == OCON_FSUSE) 381 kfree(c->u.name); 382 kfree(c); 383 } 384 385 /* 386 * Initialize the role table. 387 */ 388 static int roles_init(struct policydb *p) 389 { 390 char *key = NULL; 391 int rc; 392 struct role_datum *role; 393 394 role = kzalloc_obj(*role); 395 if (!role) 396 return -ENOMEM; 397 398 rc = -EINVAL; 399 role->value = ++p->p_roles.nprim; 400 if (role->value != OBJECT_R_VAL) 401 goto out; 402 403 rc = -ENOMEM; 404 key = kstrdup(OBJECT_R, GFP_KERNEL); 405 if (!key) 406 goto out; 407 408 rc = symtab_insert(&p->p_roles, key, role); 409 if (rc) 410 goto out; 411 412 return 0; 413 out: 414 kfree(key); 415 kfree(role); 416 return rc; 417 } 418 419 static u32 filenametr_hash(const void *k) 420 { 421 const struct filename_trans_key *ft = k; 422 unsigned long salt = ft->ttype ^ ft->tclass; 423 424 return full_name_hash((void *)salt, ft->name, strlen(ft->name)); 425 } 426 427 static int filenametr_cmp(const void *k1, const void *k2) 428 { 429 const struct filename_trans_key *ft1 = k1; 430 const struct filename_trans_key *ft2 = k2; 431 int v; 432 433 v = cmp_int(ft1->ttype, ft2->ttype); 434 if (v) 435 return v; 436 437 v = cmp_int(ft1->tclass, ft2->tclass); 438 if (v) 439 return v; 440 441 return strcmp(ft1->name, ft2->name); 442 } 443 444 static const struct hashtab_key_params filenametr_key_params = { 445 .hash = filenametr_hash, 446 .cmp = filenametr_cmp, 447 }; 448 449 struct filename_trans_datum * 450 policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key) 451 { 452 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 453 } 454 455 static u32 rangetr_hash(const void *k) 456 { 457 const struct range_trans *key = k; 458 459 return key->source_type + (key->target_type << 3) + 460 (key->target_class << 5); 461 } 462 463 static int rangetr_cmp(const void *k1, const void *k2) 464 { 465 const struct range_trans *key1 = k1, *key2 = k2; 466 int v; 467 468 v = cmp_int(key1->source_type, key2->source_type); 469 if (v) 470 return v; 471 472 v = cmp_int(key1->target_type, key2->target_type); 473 if (v) 474 return v; 475 476 v = cmp_int(key1->target_class, key2->target_class); 477 478 return v; 479 } 480 481 static const struct hashtab_key_params rangetr_key_params = { 482 .hash = rangetr_hash, 483 .cmp = rangetr_cmp, 484 }; 485 486 struct mls_range *policydb_rangetr_search(struct policydb *p, 487 struct range_trans *key) 488 { 489 return hashtab_search(&p->range_tr, key, rangetr_key_params); 490 } 491 492 static u32 role_trans_hash(const void *k) 493 { 494 const struct role_trans_key *key = k; 495 496 return jhash_3words(key->role, key->type, 497 (u32)key->tclass << 16 | key->tclass, 0); 498 } 499 500 static int role_trans_cmp(const void *k1, const void *k2) 501 { 502 const struct role_trans_key *key1 = k1, *key2 = k2; 503 int v; 504 505 v = cmp_int(key1->role, key2->role); 506 if (v) 507 return v; 508 509 v = cmp_int(key1->type, key2->type); 510 if (v) 511 return v; 512 513 return cmp_int(key1->tclass, key2->tclass); 514 } 515 516 static const struct hashtab_key_params roletr_key_params = { 517 .hash = role_trans_hash, 518 .cmp = role_trans_cmp, 519 }; 520 521 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 522 struct role_trans_key *key) 523 { 524 return hashtab_search(&p->role_tr, key, roletr_key_params); 525 } 526 527 /* 528 * Initialize a policy database structure. 529 */ 530 static void policydb_init(struct policydb *p) 531 { 532 memset(p, 0, sizeof(*p)); 533 534 avtab_init(&p->te_avtab); 535 cond_policydb_init(p); 536 537 ebitmap_init(&p->filename_trans_ttypes); 538 ebitmap_init(&p->policycaps); 539 ebitmap_init(&p->permissive_map); 540 ebitmap_init(&p->neveraudit_map); 541 } 542 543 /* 544 * The following *_index functions are used to 545 * define the val_to_name and val_to_struct arrays 546 * in a policy database structure. The val_to_name 547 * arrays are used when converting security context 548 * structures into string representations. The 549 * val_to_struct arrays are used when the attributes 550 * of a class, role, or user are needed. 551 */ 552 553 static int common_index(void *key, void *datum, void *datap) 554 { 555 struct policydb *p; 556 struct common_datum *comdatum; 557 558 comdatum = datum; 559 p = datap; 560 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 561 return -EINVAL; 562 563 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 564 565 return 0; 566 } 567 568 static int class_index(void *key, void *datum, void *datap) 569 { 570 struct policydb *p; 571 struct class_datum *cladatum; 572 573 cladatum = datum; 574 p = datap; 575 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 576 return -EINVAL; 577 578 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 579 p->class_val_to_struct[cladatum->value - 1] = cladatum; 580 return 0; 581 } 582 583 static int role_index(void *key, void *datum, void *datap) 584 { 585 struct policydb *p; 586 struct role_datum *role; 587 588 role = datum; 589 p = datap; 590 if (!role->value || role->value > p->p_roles.nprim || 591 role->bounds > p->p_roles.nprim) 592 return -EINVAL; 593 594 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 595 p->role_val_to_struct[role->value - 1] = role; 596 return 0; 597 } 598 599 static int type_index(void *key, void *datum, void *datap) 600 { 601 struct policydb *p; 602 struct type_datum *typdatum; 603 604 typdatum = datum; 605 p = datap; 606 607 if (typdatum->primary) { 608 if (!typdatum->value || typdatum->value > p->p_types.nprim || 609 typdatum->bounds > p->p_types.nprim) 610 return -EINVAL; 611 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 612 p->type_val_to_struct[typdatum->value - 1] = typdatum; 613 } 614 615 return 0; 616 } 617 618 static int user_index(void *key, void *datum, void *datap) 619 { 620 struct policydb *p; 621 struct user_datum *usrdatum; 622 623 usrdatum = datum; 624 p = datap; 625 if (!usrdatum->value || usrdatum->value > p->p_users.nprim || 626 usrdatum->bounds > p->p_users.nprim) 627 return -EINVAL; 628 629 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 630 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 631 return 0; 632 } 633 634 static int sens_index(void *key, void *datum, void *datap) 635 { 636 struct policydb *p; 637 struct level_datum *levdatum; 638 639 levdatum = datum; 640 p = datap; 641 642 if (!levdatum->level.sens || levdatum->level.sens > p->p_levels.nprim) 643 return -EINVAL; 644 645 if (!levdatum->isalias) 646 p->sym_val_to_name[SYM_LEVELS][levdatum->level.sens - 1] = key; 647 648 return 0; 649 } 650 651 static int cat_index(void *key, void *datum, void *datap) 652 { 653 struct policydb *p; 654 struct cat_datum *catdatum; 655 656 catdatum = datum; 657 p = datap; 658 659 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 660 return -EINVAL; 661 662 if (!catdatum->isalias) 663 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 664 665 return 0; 666 } 667 668 /* clang-format off */ 669 static int (*const index_f[SYM_NUM])(void *key, void *datum, void *datap) = { 670 common_index, 671 class_index, 672 role_index, 673 type_index, 674 user_index, 675 cond_index_bool, 676 sens_index, 677 cat_index, 678 }; 679 /* clang-format on */ 680 681 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 682 static void hash_eval(struct hashtab *h, const char *hash_name, 683 const char *hash_details) 684 { 685 struct hashtab_info info; 686 687 hashtab_stat(h, &info); 688 pr_debug( 689 "SELinux: %s%s%s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n", 690 hash_name, hash_details ? "@" : "", hash_details ?: "", h->nel, 691 info.slots_used, h->size, info.max_chain_len, 692 info.chain2_len_sum); 693 } 694 695 static void symtab_hash_eval(struct symtab *s) 696 { 697 int i; 698 699 for (i = 0; i < SYM_NUM; i++) 700 hash_eval(&s[i].table, symtab_name[i], NULL); 701 } 702 703 #else 704 static inline void hash_eval(struct hashtab *h, const char *hash_name, 705 const char *hash_details) 706 { 707 } 708 static inline void symtab_hash_eval(struct symtab *s) 709 { 710 } 711 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ 712 713 /* 714 * Define the other val_to_name and val_to_struct arrays 715 * in a policy database structure. 716 * 717 * Caller must clean up on failure. 718 */ 719 static int policydb_index(struct policydb *p) 720 { 721 int i, rc; 722 723 if (p->mls_enabled) 724 pr_debug( 725 "SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 726 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 727 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 728 else 729 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 730 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 731 p->p_bools.nprim); 732 733 pr_debug("SELinux: %d classes, %d rules\n", p->p_classes.nprim, 734 p->te_avtab.nel); 735 736 symtab_hash_eval(p->symtab); 737 738 p->class_val_to_struct = kzalloc_objs(*p->class_val_to_struct, 739 p->p_classes.nprim); 740 if (!p->class_val_to_struct) 741 return -ENOMEM; 742 743 p->role_val_to_struct = kzalloc_objs(*p->role_val_to_struct, 744 p->p_roles.nprim); 745 if (!p->role_val_to_struct) 746 return -ENOMEM; 747 748 p->user_val_to_struct = kzalloc_objs(*p->user_val_to_struct, 749 p->p_users.nprim); 750 if (!p->user_val_to_struct) 751 return -ENOMEM; 752 753 p->type_val_to_struct = kvzalloc_objs(*p->type_val_to_struct, 754 p->p_types.nprim); 755 if (!p->type_val_to_struct) 756 return -ENOMEM; 757 758 rc = cond_init_bool_indexes(p); 759 if (rc) 760 goto out; 761 762 for (i = 0; i < SYM_NUM; i++) { 763 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 764 sizeof(char *), GFP_KERNEL); 765 if (!p->sym_val_to_name[i]) 766 return -ENOMEM; 767 768 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 769 if (rc) 770 goto out; 771 } 772 rc = 0; 773 out: 774 return rc; 775 } 776 777 /* 778 * Free any memory allocated by a policy database structure. 779 */ 780 void policydb_destroy(struct policydb *p) 781 { 782 struct ocontext *c, *ctmp; 783 struct genfs *g, *gtmp; 784 u32 i; 785 struct role_allow *ra, *lra = NULL; 786 787 for (i = 0; i < SYM_NUM; i++) { 788 cond_resched(); 789 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 790 hashtab_destroy(&p->symtab[i].table); 791 } 792 793 for (i = 0; i < SYM_NUM; i++) 794 kvfree(p->sym_val_to_name[i]); 795 796 kfree(p->class_val_to_struct); 797 kfree(p->role_val_to_struct); 798 kfree(p->user_val_to_struct); 799 kvfree(p->type_val_to_struct); 800 801 avtab_destroy(&p->te_avtab); 802 803 for (i = 0; i < OCON_NUM; i++) { 804 cond_resched(); 805 c = p->ocontexts[i]; 806 while (c) { 807 ctmp = c; 808 c = c->next; 809 ocontext_destroy(ctmp, i); 810 } 811 p->ocontexts[i] = NULL; 812 } 813 814 g = p->genfs; 815 while (g) { 816 cond_resched(); 817 kfree(g->fstype); 818 c = g->head; 819 while (c) { 820 ctmp = c; 821 c = c->next; 822 ocontext_destroy(ctmp, OCON_FSUSE); 823 } 824 gtmp = g; 825 g = g->next; 826 kfree(gtmp); 827 } 828 p->genfs = NULL; 829 830 cond_policydb_destroy(p); 831 832 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 833 hashtab_destroy(&p->role_tr); 834 835 for (ra = p->role_allow; ra; ra = ra->next) { 836 cond_resched(); 837 kfree(lra); 838 lra = ra; 839 } 840 kfree(lra); 841 842 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 843 hashtab_destroy(&p->filename_trans); 844 845 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 846 hashtab_destroy(&p->range_tr); 847 848 if (p->type_attr_map_array) { 849 for (i = 0; i < p->p_types.nprim; i++) 850 ebitmap_destroy(&p->type_attr_map_array[i]); 851 kvfree(p->type_attr_map_array); 852 } 853 854 ebitmap_destroy(&p->filename_trans_ttypes); 855 ebitmap_destroy(&p->policycaps); 856 ebitmap_destroy(&p->permissive_map); 857 ebitmap_destroy(&p->neveraudit_map); 858 } 859 860 /* 861 * Load the initial SIDs specified in a policy database 862 * structure into a SID table. 863 */ 864 int policydb_load_isids(struct policydb *p, struct sidtab *s) 865 { 866 struct ocontext *head, *c; 867 bool isid_init; 868 int rc; 869 870 rc = sidtab_init(s); 871 if (rc) { 872 pr_err("SELinux: out of memory on SID table init\n"); 873 return rc; 874 } 875 876 isid_init = ebitmap_get_bit(&p->policycaps, 877 POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT); 878 879 head = p->ocontexts[OCON_ISID]; 880 for (c = head; c; c = c->next) { 881 u32 sid = c->sid[0]; 882 const char *name = security_get_initial_sid_context(sid); 883 884 if (sid == SECSID_NULL) { 885 pr_err("SELinux: SID 0 was assigned a context.\n"); 886 sidtab_destroy(s); 887 return -EINVAL; 888 } 889 890 /* Ignore initial SIDs unused by this kernel. */ 891 if (!name) 892 continue; 893 894 /* 895 * Also ignore SECINITSID_INIT if the policy doesn't declare 896 * support for it 897 */ 898 if (sid == SECINITSID_INIT && !isid_init) 899 continue; 900 901 rc = sidtab_set_initial(s, sid, &c->context[0]); 902 if (rc) { 903 pr_err("SELinux: unable to load initial SID %s.\n", 904 name); 905 sidtab_destroy(s); 906 return rc; 907 } 908 909 /* 910 * If the policy doesn't support the "userspace_initial_context" 911 * capability, set SECINITSID_INIT to the same context as 912 * SECINITSID_KERNEL. This ensures the same behavior as before 913 * the reintroduction of SECINITSID_INIT, where all tasks 914 * started before policy load would initially get the context 915 * corresponding to SECINITSID_KERNEL. 916 */ 917 if (sid == SECINITSID_KERNEL && !isid_init) { 918 rc = sidtab_set_initial(s, SECINITSID_INIT, 919 &c->context[0]); 920 if (rc) { 921 pr_err("SELinux: unable to load initial SID %s.\n", 922 name); 923 sidtab_destroy(s); 924 return rc; 925 } 926 } 927 } 928 return 0; 929 } 930 931 bool policydb_class_isvalid(const struct policydb *p, u16 class) 932 { 933 if (!class || class > p->p_classes.nprim) 934 return false; 935 if (!p->sym_val_to_name[SYM_CLASSES][class - 1]) 936 return false; 937 return true; 938 } 939 940 bool policydb_user_isvalid(const struct policydb *p, u32 user) 941 { 942 if (!user || user > p->p_users.nprim) 943 return false; 944 if (!p->sym_val_to_name[SYM_USERS][user - 1]) 945 return false; 946 return true; 947 } 948 949 bool policydb_role_isvalid(const struct policydb *p, u32 role) 950 { 951 if (!role || role > p->p_roles.nprim) 952 return false; 953 if (!p->sym_val_to_name[SYM_ROLES][role - 1]) 954 return false; 955 return true; 956 } 957 958 bool policydb_type_isvalid(const struct policydb *p, u32 type) 959 { 960 if (!type || type > p->p_types.nprim) 961 return false; 962 if (!p->sym_val_to_name[SYM_TYPES][type - 1]) 963 return false; 964 return true; 965 } 966 967 bool policydb_simpletype_isvalid(const struct policydb *p, u32 type) 968 { 969 const struct type_datum *datum; 970 971 if (!type || type > p->p_types.nprim) 972 return false; 973 974 datum = p->type_val_to_struct[type - 1]; 975 if (!datum) 976 return false; 977 978 if (datum->attribute) 979 return false; 980 981 return true; 982 } 983 984 /* 985 * Return true if the fields in the security context 986 * structure `c' are valid. Return 0 otherwise. 987 */ 988 bool policydb_context_isvalid(const struct policydb *p, const struct context *c) 989 { 990 const struct role_datum *role; 991 const struct user_datum *usrdatum; 992 993 if (!c->role || c->role > p->p_roles.nprim) 994 return false; 995 996 if (!c->user || c->user > p->p_users.nprim) 997 return false; 998 999 if (!c->type || c->type > p->p_types.nprim) 1000 return false; 1001 1002 if (c->role != OBJECT_R_VAL) { 1003 /* 1004 * Role must be authorized for the type. 1005 */ 1006 role = p->role_val_to_struct[c->role - 1]; 1007 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 1008 /* role may not be associated with type */ 1009 return false; 1010 1011 /* 1012 * User must be authorized for the role. 1013 */ 1014 usrdatum = p->user_val_to_struct[c->user - 1]; 1015 if (!usrdatum) 1016 return false; 1017 1018 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 1019 /* user may not be associated with role */ 1020 return false; 1021 } 1022 1023 if (!mls_context_isvalid(p, c)) 1024 return false; 1025 1026 return true; 1027 } 1028 1029 /* 1030 * Read a MLS range structure from a policydb binary 1031 * representation file. 1032 */ 1033 static int mls_read_range_helper(struct mls_range *r, struct policy_file *fp) 1034 { 1035 __le32 buf[2]; 1036 u32 items; 1037 int rc; 1038 1039 rc = next_entry(buf, fp, sizeof(u32)); 1040 if (rc) 1041 goto out; 1042 1043 rc = -EINVAL; 1044 items = le32_to_cpu(buf[0]); 1045 if (items > ARRAY_SIZE(buf)) { 1046 pr_err("SELinux: mls: range overflow\n"); 1047 goto out; 1048 } 1049 1050 rc = next_entry(buf, fp, sizeof(u32) * items); 1051 if (rc) { 1052 pr_err("SELinux: mls: truncated range\n"); 1053 goto out; 1054 } 1055 1056 r->level[0].sens = le32_to_cpu(buf[0]); 1057 if (items > 1) 1058 r->level[1].sens = le32_to_cpu(buf[1]); 1059 else 1060 r->level[1].sens = r->level[0].sens; 1061 1062 rc = ebitmap_read(&r->level[0].cat, fp); 1063 if (rc) { 1064 pr_err("SELinux: mls: error reading low categories\n"); 1065 goto out; 1066 } 1067 if (items > 1) { 1068 rc = ebitmap_read(&r->level[1].cat, fp); 1069 if (rc) { 1070 pr_err("SELinux: mls: error reading high categories\n"); 1071 goto bad_high; 1072 } 1073 } else { 1074 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1075 if (rc) { 1076 pr_err("SELinux: mls: out of memory\n"); 1077 goto bad_high; 1078 } 1079 } 1080 1081 return 0; 1082 bad_high: 1083 ebitmap_destroy(&r->level[0].cat); 1084 out: 1085 return rc; 1086 } 1087 1088 /* 1089 * Read and validate a security context structure 1090 * from a policydb binary representation file. 1091 */ 1092 static int context_read_and_validate(struct context *c, struct policydb *p, 1093 struct policy_file *fp) 1094 { 1095 __le32 buf[3]; 1096 int rc; 1097 1098 rc = next_entry(buf, fp, sizeof buf); 1099 if (rc) { 1100 pr_err("SELinux: context truncated\n"); 1101 goto out; 1102 } 1103 c->user = le32_to_cpu(buf[0]); 1104 c->role = le32_to_cpu(buf[1]); 1105 c->type = le32_to_cpu(buf[2]); 1106 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1107 rc = mls_read_range_helper(&c->range, fp); 1108 if (rc) { 1109 pr_err("SELinux: error reading MLS range of context\n"); 1110 goto out; 1111 } 1112 } 1113 1114 rc = -EINVAL; 1115 if (!policydb_context_isvalid(p, c)) { 1116 pr_err("SELinux: invalid security context\n"); 1117 context_destroy(c); 1118 goto out; 1119 } 1120 rc = 0; 1121 out: 1122 return rc; 1123 } 1124 1125 /* 1126 * The following *_read functions are used to 1127 * read the symbol data from a policy database 1128 * binary representation file. 1129 */ 1130 1131 int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len) 1132 { 1133 int rc; 1134 char *str; 1135 1136 if ((len == 0) || (len == (u32)-1)) 1137 return -EINVAL; 1138 1139 if (size_check(sizeof(char), len, fp)) 1140 return -EINVAL; 1141 1142 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1143 if (!str) 1144 return -ENOMEM; 1145 1146 rc = next_entry(str, fp, len); 1147 if (rc) { 1148 kfree(str); 1149 return rc; 1150 } 1151 1152 str[len] = '\0'; 1153 *strp = str; 1154 return 0; 1155 } 1156 1157 static int perm_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1158 { 1159 char *key = NULL; 1160 struct perm_datum *perdatum; 1161 int rc; 1162 __le32 buf[2]; 1163 u32 len; 1164 1165 perdatum = kzalloc_obj(*perdatum); 1166 if (!perdatum) 1167 return -ENOMEM; 1168 1169 rc = next_entry(buf, fp, sizeof buf); 1170 if (rc) 1171 goto bad; 1172 1173 len = le32_to_cpu(buf[0]); 1174 perdatum->value = le32_to_cpu(buf[1]); 1175 rc = -EINVAL; 1176 if (perdatum->value < 1 || perdatum->value > SEL_VEC_MAX) 1177 goto bad; 1178 1179 rc = str_read(&key, GFP_KERNEL, fp, len); 1180 if (rc) 1181 goto bad; 1182 1183 rc = symtab_insert(s, key, perdatum); 1184 if (rc) 1185 goto bad; 1186 1187 return 0; 1188 bad: 1189 perm_destroy(key, perdatum, NULL); 1190 return rc; 1191 } 1192 1193 static int common_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1194 { 1195 char *key = NULL; 1196 struct common_datum *comdatum; 1197 __le32 buf[4]; 1198 u32 i, len, nel; 1199 int rc; 1200 1201 comdatum = kzalloc_obj(*comdatum); 1202 if (!comdatum) 1203 return -ENOMEM; 1204 1205 rc = next_entry(buf, fp, sizeof buf); 1206 if (rc) 1207 goto bad; 1208 1209 len = le32_to_cpu(buf[0]); 1210 comdatum->value = le32_to_cpu(buf[1]); 1211 nel = le32_to_cpu(buf[3]); 1212 rc = -EINVAL; 1213 if (nel > SEL_VEC_MAX) 1214 goto bad; 1215 1216 /* perm_read() reads at least 64 bytes for any valid permission */ 1217 rc = size_check(2 * sizeof(u32), nel, fp); 1218 if (rc) 1219 goto bad; 1220 1221 rc = symtab_init(&comdatum->permissions, nel); 1222 if (rc) 1223 goto bad; 1224 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1225 1226 rc = str_read(&key, GFP_KERNEL, fp, len); 1227 if (rc) 1228 goto bad; 1229 1230 for (i = 0; i < nel; i++) { 1231 rc = perm_read(p, &comdatum->permissions, fp); 1232 if (rc) 1233 goto bad; 1234 } 1235 1236 hash_eval(&comdatum->permissions.table, "common_permissions", key); 1237 1238 rc = symtab_insert(s, key, comdatum); 1239 if (rc) 1240 goto bad; 1241 return 0; 1242 bad: 1243 common_destroy(key, comdatum, NULL); 1244 return rc; 1245 } 1246 1247 static void type_set_init(struct type_set *t) 1248 { 1249 ebitmap_init(&t->types); 1250 ebitmap_init(&t->negset); 1251 } 1252 1253 static int type_set_read(struct type_set *t, struct policy_file *fp) 1254 { 1255 __le32 buf[1]; 1256 int rc; 1257 1258 if (ebitmap_read(&t->types, fp)) 1259 return -EINVAL; 1260 if (ebitmap_read(&t->negset, fp)) 1261 return -EINVAL; 1262 1263 rc = next_entry(buf, fp, sizeof(u32)); 1264 if (rc < 0) 1265 return -EINVAL; 1266 t->flags = le32_to_cpu(buf[0]); 1267 1268 return 0; 1269 } 1270 1271 static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, 1272 u32 ncons, int allowxtarget, struct policy_file *fp) 1273 { 1274 struct constraint_node *c, *lc; 1275 struct constraint_expr *e, *le; 1276 __le32 buf[3]; 1277 u32 i, j, nexpr; 1278 int rc, depth; 1279 1280 lc = NULL; 1281 for (i = 0; i < ncons; i++) { 1282 c = kzalloc_obj(*c); 1283 if (!c) 1284 return -ENOMEM; 1285 1286 if (lc) 1287 lc->next = c; 1288 else 1289 *nodep = c; 1290 1291 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1292 if (rc) 1293 return rc; 1294 c->permissions = le32_to_cpu(buf[0]); 1295 nexpr = le32_to_cpu(buf[1]); 1296 le = NULL; 1297 depth = -1; 1298 for (j = 0; j < nexpr; j++) { 1299 e = kzalloc_obj(*e); 1300 if (!e) 1301 return -ENOMEM; 1302 1303 if (le) 1304 le->next = e; 1305 else 1306 c->expr = e; 1307 1308 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1309 if (rc) 1310 return rc; 1311 e->expr_type = le32_to_cpu(buf[0]); 1312 e->attr = le32_to_cpu(buf[1]); 1313 e->op = le32_to_cpu(buf[2]); 1314 1315 switch (e->expr_type) { 1316 case CEXPR_NOT: 1317 if (depth < 0) 1318 return -EINVAL; 1319 break; 1320 case CEXPR_AND: 1321 case CEXPR_OR: 1322 if (depth < 1) 1323 return -EINVAL; 1324 depth--; 1325 break; 1326 case CEXPR_ATTR: 1327 if (depth == (CEXPR_MAXDEPTH - 1)) 1328 return -EINVAL; 1329 depth++; 1330 break; 1331 case CEXPR_NAMES: 1332 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1333 return -EINVAL; 1334 if (depth == (CEXPR_MAXDEPTH - 1)) 1335 return -EINVAL; 1336 depth++; 1337 rc = ebitmap_read(&e->names, fp); 1338 if (rc) 1339 return rc; 1340 if (p->policyvers >= 1341 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1342 e->type_names = kzalloc_obj(*e->type_names); 1343 if (!e->type_names) 1344 return -ENOMEM; 1345 type_set_init(e->type_names); 1346 rc = type_set_read(e->type_names, fp); 1347 if (rc) 1348 return rc; 1349 } 1350 break; 1351 default: 1352 return -EINVAL; 1353 } 1354 le = e; 1355 } 1356 if (depth != 0) 1357 return -EINVAL; 1358 lc = c; 1359 } 1360 1361 return 0; 1362 } 1363 1364 static int class_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1365 { 1366 char *key = NULL; 1367 struct class_datum *cladatum; 1368 __le32 buf[6]; 1369 u32 i, len, len2, ncons, nel, val; 1370 int rc; 1371 1372 cladatum = kzalloc_obj(*cladatum); 1373 if (!cladatum) 1374 return -ENOMEM; 1375 1376 rc = next_entry(buf, fp, sizeof(u32) * 6); 1377 if (rc) 1378 goto bad; 1379 1380 len = le32_to_cpu(buf[0]); 1381 len2 = le32_to_cpu(buf[1]); 1382 nel = le32_to_cpu(buf[4]); 1383 rc = -EINVAL; 1384 if (nel > SEL_VEC_MAX) 1385 goto bad; 1386 1387 val = le32_to_cpu(buf[2]); 1388 rc = -EINVAL; 1389 if (val > U16_MAX) 1390 goto bad; 1391 cladatum->value = val; 1392 1393 /* perm_read() reads at least 64 bytes for any valid permission */ 1394 rc = size_check(2 * sizeof(u32), nel, fp); 1395 if (rc) 1396 goto bad; 1397 1398 rc = symtab_init(&cladatum->permissions, nel); 1399 if (rc) 1400 goto bad; 1401 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1402 1403 ncons = le32_to_cpu(buf[5]); 1404 1405 rc = str_read(&key, GFP_KERNEL, fp, len); 1406 if (rc) 1407 goto bad; 1408 1409 if (len2) { 1410 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1411 if (rc) 1412 goto bad; 1413 1414 rc = -EINVAL; 1415 cladatum->comdatum = 1416 symtab_search(&p->p_commons, cladatum->comkey); 1417 if (!cladatum->comdatum) { 1418 pr_err("SELinux: unknown common %s\n", 1419 cladatum->comkey); 1420 goto bad; 1421 } 1422 } 1423 for (i = 0; i < nel; i++) { 1424 rc = perm_read(p, &cladatum->permissions, fp); 1425 if (rc) 1426 goto bad; 1427 } 1428 1429 hash_eval(&cladatum->permissions.table, "class_permissions", key); 1430 1431 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1432 if (rc) 1433 goto bad; 1434 1435 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1436 /* grab the validatetrans rules */ 1437 rc = next_entry(buf, fp, sizeof(u32)); 1438 if (rc) 1439 goto bad; 1440 ncons = le32_to_cpu(buf[0]); 1441 rc = read_cons_helper(p, &cladatum->validatetrans, ncons, 1, 1442 fp); 1443 if (rc) 1444 goto bad; 1445 } 1446 1447 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1448 rc = next_entry(buf, fp, sizeof(u32) * 3); 1449 if (rc) 1450 goto bad; 1451 1452 rc = -EINVAL; 1453 val = le32_to_cpu(buf[0]); 1454 switch (val) { 1455 case 0: 1456 case DEFAULT_SOURCE: 1457 case DEFAULT_TARGET: 1458 cladatum->default_user = val; 1459 break; 1460 default: 1461 goto bad; 1462 } 1463 val = le32_to_cpu(buf[1]); 1464 switch (val) { 1465 case 0: 1466 case DEFAULT_SOURCE: 1467 case DEFAULT_TARGET: 1468 cladatum->default_role = val; 1469 break; 1470 default: 1471 goto bad; 1472 } 1473 val = le32_to_cpu(buf[2]); 1474 switch (val) { 1475 case 0: 1476 case DEFAULT_SOURCE_LOW: 1477 case DEFAULT_SOURCE_HIGH: 1478 case DEFAULT_SOURCE_LOW_HIGH: 1479 case DEFAULT_TARGET_LOW: 1480 case DEFAULT_TARGET_HIGH: 1481 case DEFAULT_TARGET_LOW_HIGH: 1482 case DEFAULT_GLBLUB: 1483 cladatum->default_range = val; 1484 break; 1485 default: 1486 goto bad; 1487 } 1488 } 1489 1490 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1491 rc = next_entry(buf, fp, sizeof(u32) * 1); 1492 if (rc) 1493 goto bad; 1494 rc = -EINVAL; 1495 val = le32_to_cpu(buf[0]); 1496 switch (val) { 1497 case 0: 1498 case DEFAULT_TARGET: 1499 case DEFAULT_SOURCE: 1500 cladatum->default_type = val; 1501 break; 1502 default: 1503 goto bad; 1504 } 1505 } 1506 1507 rc = symtab_insert(s, key, cladatum); 1508 if (rc) 1509 goto bad; 1510 1511 return 0; 1512 bad: 1513 cls_destroy(key, cladatum, NULL); 1514 if (rc) 1515 pr_err("SELinux: invalid class\n"); 1516 return rc; 1517 } 1518 1519 static int role_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1520 { 1521 char *key = NULL; 1522 struct role_datum *role; 1523 int rc; 1524 unsigned int to_read = 2; 1525 __le32 buf[3]; 1526 u32 len; 1527 1528 role = kzalloc_obj(*role); 1529 if (!role) 1530 return -ENOMEM; 1531 1532 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1533 to_read = 3; 1534 1535 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1536 if (rc) 1537 goto bad; 1538 1539 len = le32_to_cpu(buf[0]); 1540 role->value = le32_to_cpu(buf[1]); 1541 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1542 role->bounds = le32_to_cpu(buf[2]); 1543 1544 rc = str_read(&key, GFP_KERNEL, fp, len); 1545 if (rc) 1546 goto bad; 1547 1548 rc = ebitmap_read(&role->dominates, fp); 1549 if (rc) 1550 goto bad; 1551 1552 rc = ebitmap_read(&role->types, fp); 1553 if (rc) 1554 goto bad; 1555 1556 if (strcmp(key, OBJECT_R) == 0) { 1557 rc = -EINVAL; 1558 if (role->value != OBJECT_R_VAL) { 1559 pr_err("SELinux: Role %s has wrong value %d\n", 1560 OBJECT_R, role->value); 1561 goto bad; 1562 } 1563 rc = 0; 1564 goto bad; 1565 } 1566 1567 rc = symtab_insert(s, key, role); 1568 if (rc) 1569 goto bad; 1570 return 0; 1571 bad: 1572 role_destroy(key, role, NULL); 1573 return rc; 1574 } 1575 1576 static int type_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1577 { 1578 char *key = NULL; 1579 struct type_datum *typdatum; 1580 int rc; 1581 unsigned int to_read = 3; 1582 __le32 buf[4]; 1583 u32 len; 1584 1585 typdatum = kzalloc_obj(*typdatum); 1586 if (!typdatum) 1587 return -ENOMEM; 1588 1589 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1590 to_read = 4; 1591 1592 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1593 if (rc) 1594 goto bad; 1595 1596 len = le32_to_cpu(buf[0]); 1597 typdatum->value = le32_to_cpu(buf[1]); 1598 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1599 u32 prop = le32_to_cpu(buf[2]); 1600 1601 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1602 typdatum->primary = 1; 1603 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1604 typdatum->attribute = 1; 1605 1606 typdatum->bounds = le32_to_cpu(buf[3]); 1607 } else { 1608 typdatum->primary = le32_to_cpu(buf[2]); 1609 } 1610 1611 rc = str_read(&key, GFP_KERNEL, fp, len); 1612 if (rc) 1613 goto bad; 1614 1615 rc = symtab_insert(s, key, typdatum); 1616 if (rc) 1617 goto bad; 1618 return 0; 1619 bad: 1620 type_destroy(key, typdatum, NULL); 1621 return rc; 1622 } 1623 1624 /* 1625 * Read a MLS level structure from a policydb binary 1626 * representation file. 1627 */ 1628 static int mls_read_level(struct mls_level *lp, struct policy_file *fp) 1629 { 1630 __le32 buf[1]; 1631 int rc; 1632 1633 memset(lp, 0, sizeof(*lp)); 1634 1635 rc = next_entry(buf, fp, sizeof buf); 1636 if (rc) { 1637 pr_err("SELinux: mls: truncated level\n"); 1638 return rc; 1639 } 1640 lp->sens = le32_to_cpu(buf[0]); 1641 1642 rc = ebitmap_read(&lp->cat, fp); 1643 if (rc) { 1644 pr_err("SELinux: mls: error reading level categories\n"); 1645 return rc; 1646 } 1647 return 0; 1648 } 1649 1650 static int user_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1651 { 1652 char *key = NULL; 1653 struct user_datum *usrdatum; 1654 int rc; 1655 unsigned int to_read = 2; 1656 __le32 buf[3]; 1657 u32 len; 1658 1659 usrdatum = kzalloc_obj(*usrdatum); 1660 if (!usrdatum) 1661 return -ENOMEM; 1662 1663 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1664 to_read = 3; 1665 1666 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1667 if (rc) 1668 goto bad; 1669 1670 len = le32_to_cpu(buf[0]); 1671 usrdatum->value = le32_to_cpu(buf[1]); 1672 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1673 usrdatum->bounds = le32_to_cpu(buf[2]); 1674 1675 rc = str_read(&key, GFP_KERNEL, fp, len); 1676 if (rc) 1677 goto bad; 1678 1679 rc = ebitmap_read(&usrdatum->roles, fp); 1680 if (rc) 1681 goto bad; 1682 1683 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1684 rc = mls_read_range_helper(&usrdatum->range, fp); 1685 if (rc) 1686 goto bad; 1687 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1688 if (rc) 1689 goto bad; 1690 } 1691 1692 rc = symtab_insert(s, key, usrdatum); 1693 if (rc) 1694 goto bad; 1695 return 0; 1696 bad: 1697 user_destroy(key, usrdatum, NULL); 1698 return rc; 1699 } 1700 1701 static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1702 { 1703 char *key = NULL; 1704 struct level_datum *levdatum; 1705 int rc; 1706 __le32 buf[2]; 1707 u32 len, val; 1708 1709 levdatum = kzalloc_obj(*levdatum); 1710 if (!levdatum) 1711 return -ENOMEM; 1712 1713 rc = next_entry(buf, fp, sizeof buf); 1714 if (rc) 1715 goto bad; 1716 1717 len = le32_to_cpu(buf[0]); 1718 val = le32_to_cpu(buf[1]); 1719 rc = -EINVAL; 1720 if (!val_is_boolean(val)) 1721 goto bad; 1722 levdatum->isalias = val; 1723 1724 rc = str_read(&key, GFP_KERNEL, fp, len); 1725 if (rc) 1726 goto bad; 1727 1728 rc = mls_read_level(&levdatum->level, fp); 1729 if (rc) 1730 goto bad; 1731 1732 rc = symtab_insert(s, key, levdatum); 1733 if (rc) 1734 goto bad; 1735 return 0; 1736 bad: 1737 sens_destroy(key, levdatum, NULL); 1738 if (rc) 1739 pr_err("SELinux: invalid sensitivity\n"); 1740 return rc; 1741 } 1742 1743 static int cat_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1744 { 1745 char *key = NULL; 1746 struct cat_datum *catdatum; 1747 int rc; 1748 __le32 buf[3]; 1749 u32 len, val; 1750 1751 catdatum = kzalloc_obj(*catdatum); 1752 if (!catdatum) 1753 return -ENOMEM; 1754 1755 rc = next_entry(buf, fp, sizeof buf); 1756 if (rc) 1757 goto bad; 1758 1759 len = le32_to_cpu(buf[0]); 1760 catdatum->value = le32_to_cpu(buf[1]); 1761 val = le32_to_cpu(buf[2]); 1762 rc = -EINVAL; 1763 if (!val_is_boolean(val)) 1764 goto bad; 1765 catdatum->isalias = val; 1766 1767 rc = str_read(&key, GFP_KERNEL, fp, len); 1768 if (rc) 1769 goto bad; 1770 1771 rc = symtab_insert(s, key, catdatum); 1772 if (rc) 1773 goto bad; 1774 return 0; 1775 bad: 1776 cat_destroy(key, catdatum, NULL); 1777 if (rc) 1778 pr_err("SELinux: invalid category\n"); 1779 return rc; 1780 } 1781 1782 /* clang-format off */ 1783 static int (*const read_f[SYM_NUM])(struct policydb *p, struct symtab *s, 1784 struct policy_file *fp) = { 1785 common_read, 1786 class_read, 1787 role_read, 1788 type_read, 1789 user_read, 1790 cond_read_bool, 1791 sens_read, 1792 cat_read, 1793 }; 1794 /* clang-format on */ 1795 1796 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1797 { 1798 struct user_datum *upper, *user; 1799 struct policydb *p = datap; 1800 int depth = 0; 1801 1802 upper = user = datum; 1803 while (upper->bounds) { 1804 struct ebitmap_node *node; 1805 u32 bit; 1806 1807 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1808 pr_err("SELinux: user %s: " 1809 "too deep or looped boundary\n", 1810 (char *)key); 1811 return -EINVAL; 1812 } 1813 1814 if (!policydb_user_isvalid(p, upper->bounds)) { 1815 pr_err("SELinux: user %s: invalid boundary id %d\n", 1816 (char *) key, upper->bounds); 1817 return -EINVAL; 1818 } 1819 1820 upper = p->user_val_to_struct[upper->bounds - 1]; 1821 ebitmap_for_each_positive_bit(&user->roles, node, bit) 1822 { 1823 if (ebitmap_get_bit(&upper->roles, bit)) 1824 continue; 1825 1826 pr_err("SELinux: boundary violated policy: " 1827 "user=%s role=%s bounds=%s\n", 1828 sym_name(p, SYM_USERS, user->value - 1), 1829 sym_name(p, SYM_ROLES, bit), 1830 sym_name(p, SYM_USERS, upper->value - 1)); 1831 1832 return -EINVAL; 1833 } 1834 } 1835 1836 return 0; 1837 } 1838 1839 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1840 { 1841 struct role_datum *upper, *role; 1842 struct policydb *p = datap; 1843 int depth = 0; 1844 1845 upper = role = datum; 1846 while (upper->bounds) { 1847 struct ebitmap_node *node; 1848 u32 bit; 1849 1850 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1851 pr_err("SELinux: role %s: " 1852 "too deep or looped bounds\n", 1853 (char *)key); 1854 return -EINVAL; 1855 } 1856 1857 if (!policydb_role_isvalid(p, upper->bounds)) { 1858 pr_err("SELinux: role %s: invalid boundary id %d\n", 1859 (char *) key, upper->bounds); 1860 return -EINVAL; 1861 } 1862 1863 upper = p->role_val_to_struct[upper->bounds - 1]; 1864 ebitmap_for_each_positive_bit(&role->types, node, bit) 1865 { 1866 if (ebitmap_get_bit(&upper->types, bit)) 1867 continue; 1868 1869 pr_err("SELinux: boundary violated policy: " 1870 "role=%s type=%s bounds=%s\n", 1871 sym_name(p, SYM_ROLES, role->value - 1), 1872 sym_name(p, SYM_TYPES, bit), 1873 sym_name(p, SYM_ROLES, upper->value - 1)); 1874 1875 return -EINVAL; 1876 } 1877 } 1878 1879 return 0; 1880 } 1881 1882 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1883 { 1884 struct type_datum *upper; 1885 struct policydb *p = datap; 1886 int depth = 0; 1887 1888 upper = datum; 1889 while (upper->bounds) { 1890 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1891 pr_err("SELinux: type %s: " 1892 "too deep or looped boundary\n", 1893 (char *)key); 1894 return -EINVAL; 1895 } 1896 1897 if (!policydb_type_isvalid(p, upper->bounds)) { 1898 pr_err("SELinux: type %s: invalid boundary id %d\n", 1899 (char *) key, upper->bounds); 1900 return -EINVAL; 1901 } 1902 1903 upper = p->type_val_to_struct[upper->bounds - 1]; 1904 if (upper->attribute) { 1905 pr_err("SELinux: type %s: " 1906 "bounded by attribute %s\n", 1907 (char *)key, 1908 sym_name(p, SYM_TYPES, upper->value - 1)); 1909 return -EINVAL; 1910 } 1911 } 1912 1913 return 0; 1914 } 1915 1916 static int policydb_bounds_sanity_check(struct policydb *p) 1917 { 1918 int rc; 1919 1920 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1921 return 0; 1922 1923 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1924 if (rc) 1925 return rc; 1926 1927 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1928 if (rc) 1929 return rc; 1930 1931 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1932 if (rc) 1933 return rc; 1934 1935 return 0; 1936 } 1937 1938 u16 string_to_security_class(struct policydb *p, const char *name) 1939 { 1940 struct class_datum *cladatum; 1941 1942 cladatum = symtab_search(&p->p_classes, name); 1943 if (!cladatum) 1944 return 0; 1945 1946 return cladatum->value; 1947 } 1948 1949 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1950 { 1951 struct class_datum *cladatum; 1952 struct perm_datum *perdatum = NULL; 1953 struct common_datum *comdatum; 1954 1955 if (!tclass || tclass > p->p_classes.nprim) 1956 return 0; 1957 1958 cladatum = p->class_val_to_struct[tclass - 1]; 1959 comdatum = cladatum->comdatum; 1960 if (comdatum) 1961 perdatum = symtab_search(&comdatum->permissions, name); 1962 if (!perdatum) 1963 perdatum = symtab_search(&cladatum->permissions, name); 1964 if (!perdatum) 1965 return 0; 1966 1967 return 1U << (perdatum->value - 1); 1968 } 1969 1970 static int range_read(struct policydb *p, struct policy_file *fp) 1971 { 1972 struct range_trans *rt = NULL; 1973 struct mls_range *r = NULL; 1974 int rc; 1975 __le32 buf[2]; 1976 u32 i, nel, val; 1977 1978 if (p->policyvers < POLICYDB_VERSION_MLS) 1979 return 0; 1980 1981 rc = next_entry(buf, fp, sizeof(u32)); 1982 if (rc) 1983 return rc; 1984 1985 nel = le32_to_cpu(buf[0]); 1986 1987 /* we read at least 64 bytes and mls_read_range_helper() 32 bytes 1988 * for any valid range-transition 1989 */ 1990 rc = size_check(3 * sizeof(u32), nel, fp); 1991 if (rc) 1992 return rc; 1993 1994 rc = hashtab_init(&p->range_tr, nel); 1995 if (rc) 1996 return rc; 1997 1998 for (i = 0; i < nel; i++) { 1999 rc = -ENOMEM; 2000 rt = kzalloc_obj(*rt); 2001 if (!rt) 2002 goto out; 2003 2004 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 2005 if (rc) 2006 goto out; 2007 2008 rt->source_type = le32_to_cpu(buf[0]); 2009 rt->target_type = le32_to_cpu(buf[1]); 2010 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 2011 rc = next_entry(buf, fp, sizeof(u32)); 2012 if (rc) 2013 goto out; 2014 rc = -EINVAL; 2015 val = le32_to_cpu(buf[0]); 2016 if (val > U16_MAX) 2017 goto out; 2018 rt->target_class = val; 2019 } else 2020 rt->target_class = p->process_class; 2021 2022 rc = -EINVAL; 2023 if (!policydb_type_isvalid(p, rt->source_type) || 2024 !policydb_type_isvalid(p, rt->target_type) || 2025 !policydb_class_isvalid(p, rt->target_class)) 2026 goto out; 2027 2028 rc = -ENOMEM; 2029 r = kzalloc_obj(*r); 2030 if (!r) 2031 goto out; 2032 2033 rc = mls_read_range_helper(r, fp); 2034 if (rc) 2035 goto out; 2036 2037 rc = -EINVAL; 2038 if (!mls_range_isvalid(p, r)) { 2039 pr_warn("SELinux: rangetrans: invalid range\n"); 2040 goto out; 2041 } 2042 2043 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 2044 if (rc) 2045 goto out; 2046 2047 rt = NULL; 2048 r = NULL; 2049 } 2050 hash_eval(&p->range_tr, "rangetr", NULL); 2051 rc = 0; 2052 out: 2053 kfree(rt); 2054 kfree(r); 2055 if (rc) 2056 pr_err("SELinux: invalid range\n"); 2057 return rc; 2058 } 2059 2060 static int filename_trans_read_helper_compat(struct policydb *p, struct policy_file *fp) 2061 { 2062 struct filename_trans_key key, *ft = NULL; 2063 struct filename_trans_datum *last, *datum = NULL; 2064 char *name = NULL; 2065 u32 len, stype, otype, val; 2066 __le32 buf[4]; 2067 int rc; 2068 2069 /* length of the path component string */ 2070 rc = next_entry(buf, fp, sizeof(u32)); 2071 if (rc) 2072 return rc; 2073 len = le32_to_cpu(buf[0]); 2074 2075 /* path component string */ 2076 rc = str_read(&name, GFP_KERNEL, fp, len); 2077 if (rc) 2078 return rc; 2079 2080 rc = next_entry(buf, fp, sizeof(u32) * 4); 2081 if (rc) 2082 goto out; 2083 2084 rc = -EINVAL; 2085 stype = le32_to_cpu(buf[0]); 2086 if (!policydb_type_isvalid(p, stype)) 2087 goto out; 2088 key.ttype = le32_to_cpu(buf[1]); 2089 if (!policydb_type_isvalid(p, key.ttype)) 2090 goto out; 2091 val = le32_to_cpu(buf[2]); 2092 if (val > U16_MAX || !policydb_class_isvalid(p, val)) 2093 goto out; 2094 key.tclass = val; 2095 key.name = name; 2096 2097 otype = le32_to_cpu(buf[3]); 2098 if (!policydb_simpletype_isvalid(p, otype)) 2099 goto out; 2100 2101 last = NULL; 2102 datum = policydb_filenametr_search(p, &key); 2103 while (datum) { 2104 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 2105 /* conflicting/duplicate rules are ignored */ 2106 datum = NULL; 2107 rc = 0; 2108 goto out; 2109 } 2110 if (likely(datum->otype == otype)) 2111 break; 2112 last = datum; 2113 datum = datum->next; 2114 } 2115 if (!datum) { 2116 rc = -ENOMEM; 2117 datum = kmalloc_obj(*datum); 2118 if (!datum) 2119 goto out; 2120 2121 ebitmap_init(&datum->stypes); 2122 datum->otype = otype; 2123 datum->next = NULL; 2124 2125 if (unlikely(last)) { 2126 last->next = datum; 2127 } else { 2128 rc = -ENOMEM; 2129 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 2130 if (!ft) 2131 goto out; 2132 2133 rc = hashtab_insert(&p->filename_trans, ft, datum, 2134 filenametr_key_params); 2135 if (rc) 2136 goto out; 2137 name = NULL; 2138 2139 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 2140 key.ttype, 1); 2141 if (rc) 2142 return rc; 2143 } 2144 } 2145 kfree(name); 2146 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 2147 2148 out: 2149 kfree(ft); 2150 kfree(name); 2151 kfree(datum); 2152 2153 if (rc) 2154 pr_err("SELinux: invalid compat filename transition\n"); 2155 return rc; 2156 } 2157 2158 static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp) 2159 { 2160 struct filename_trans_key *ft = NULL; 2161 struct filename_trans_datum **dst, *datum, *first = NULL; 2162 char *name = NULL; 2163 u32 len, ttype, ndatum, i, val; 2164 u16 tclass; 2165 __le32 buf[3]; 2166 int rc; 2167 2168 /* length of the path component string */ 2169 rc = next_entry(buf, fp, sizeof(u32)); 2170 if (rc) 2171 return rc; 2172 len = le32_to_cpu(buf[0]); 2173 2174 /* path component string */ 2175 rc = str_read(&name, GFP_KERNEL, fp, len); 2176 if (rc) 2177 return rc; 2178 2179 rc = next_entry(buf, fp, sizeof(u32) * 3); 2180 if (rc) 2181 goto out; 2182 2183 rc = -EINVAL; 2184 ttype = le32_to_cpu(buf[0]); 2185 if (!policydb_type_isvalid(p, ttype)) 2186 goto out; 2187 val = le32_to_cpu(buf[1]); 2188 rc = -EINVAL; 2189 if (val > U16_MAX || !policydb_class_isvalid(p, val)) 2190 goto out; 2191 tclass = val; 2192 2193 ndatum = le32_to_cpu(buf[2]); 2194 if (ndatum == 0) { 2195 pr_err("SELinux: Filename transition key with no datum\n"); 2196 rc = -ENOENT; 2197 goto out; 2198 } 2199 2200 dst = &first; 2201 for (i = 0; i < ndatum; i++) { 2202 rc = -ENOMEM; 2203 datum = kmalloc_obj(*datum); 2204 if (!datum) 2205 goto out; 2206 2207 datum->next = NULL; 2208 *dst = datum; 2209 2210 /* ebitmap_read() will at least init the bitmap */ 2211 rc = ebitmap_read(&datum->stypes, fp); 2212 if (rc) 2213 goto out; 2214 2215 rc = next_entry(buf, fp, sizeof(u32)); 2216 if (rc) 2217 goto out; 2218 2219 datum->otype = le32_to_cpu(buf[0]); 2220 2221 rc = -EINVAL; 2222 if (!policydb_simpletype_isvalid(p, datum->otype)) 2223 goto out; 2224 2225 dst = &datum->next; 2226 } 2227 2228 rc = -ENOMEM; 2229 ft = kmalloc_obj(*ft); 2230 if (!ft) 2231 goto out; 2232 2233 ft->ttype = ttype; 2234 ft->tclass = tclass; 2235 ft->name = name; 2236 2237 rc = hashtab_insert(&p->filename_trans, ft, first, 2238 filenametr_key_params); 2239 if (rc == -EEXIST) 2240 pr_err("SELinux: Duplicate filename transition key\n"); 2241 if (rc) 2242 goto out; 2243 2244 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2245 2246 out: 2247 kfree(ft); 2248 kfree(name); 2249 while (first) { 2250 datum = first; 2251 first = first->next; 2252 2253 ebitmap_destroy(&datum->stypes); 2254 kfree(datum); 2255 } 2256 2257 if (rc) 2258 pr_err("SELinux: invalid filename transition\n"); 2259 return rc; 2260 } 2261 2262 static int filename_trans_read(struct policydb *p, struct policy_file *fp) 2263 { 2264 u32 nel, i; 2265 __le32 buf[1]; 2266 int rc; 2267 2268 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2269 return 0; 2270 2271 rc = next_entry(buf, fp, sizeof(u32)); 2272 if (rc) 2273 return rc; 2274 nel = le32_to_cpu(buf[0]); 2275 2276 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2277 p->compat_filename_trans_count = nel; 2278 2279 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2280 if (rc) 2281 return rc; 2282 2283 for (i = 0; i < nel; i++) { 2284 rc = filename_trans_read_helper_compat(p, fp); 2285 if (rc) 2286 return rc; 2287 } 2288 } else { 2289 rc = hashtab_init(&p->filename_trans, nel); 2290 if (rc) 2291 return rc; 2292 2293 for (i = 0; i < nel; i++) { 2294 rc = filename_trans_read_helper(p, fp); 2295 if (rc) 2296 return rc; 2297 } 2298 } 2299 hash_eval(&p->filename_trans, "filenametr", NULL); 2300 return 0; 2301 } 2302 2303 static int genfs_read(struct policydb *p, struct policy_file *fp) 2304 { 2305 int rc; 2306 u32 i, j, nel, nel2, len, len2, val; 2307 __le32 buf[1]; 2308 struct ocontext *l, *c; 2309 struct ocontext *newc = NULL; 2310 struct genfs *genfs_p, *genfs; 2311 struct genfs *newgenfs = NULL; 2312 2313 rc = next_entry(buf, fp, sizeof(u32)); 2314 if (rc) 2315 return rc; 2316 nel = le32_to_cpu(buf[0]); 2317 2318 for (i = 0; i < nel; i++) { 2319 rc = next_entry(buf, fp, sizeof(u32)); 2320 if (rc) 2321 goto out; 2322 len = le32_to_cpu(buf[0]); 2323 2324 rc = -ENOMEM; 2325 newgenfs = kzalloc_obj(*newgenfs); 2326 if (!newgenfs) 2327 goto out; 2328 2329 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2330 if (rc) 2331 goto out; 2332 2333 for (genfs_p = NULL, genfs = p->genfs; genfs; 2334 genfs_p = genfs, genfs = genfs->next) { 2335 rc = -EINVAL; 2336 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2337 pr_err("SELinux: dup genfs fstype %s\n", 2338 newgenfs->fstype); 2339 goto out; 2340 } 2341 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2342 break; 2343 } 2344 newgenfs->next = genfs; 2345 if (genfs_p) 2346 genfs_p->next = newgenfs; 2347 else 2348 p->genfs = newgenfs; 2349 genfs = newgenfs; 2350 newgenfs = NULL; 2351 2352 rc = next_entry(buf, fp, sizeof(u32)); 2353 if (rc) 2354 goto out; 2355 2356 nel2 = le32_to_cpu(buf[0]); 2357 for (j = 0; j < nel2; j++) { 2358 rc = next_entry(buf, fp, sizeof(u32)); 2359 if (rc) 2360 goto out; 2361 len = le32_to_cpu(buf[0]); 2362 2363 rc = -ENOMEM; 2364 newc = kzalloc_obj(*newc); 2365 if (!newc) 2366 goto out; 2367 2368 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2369 if (rc) 2370 goto out; 2371 2372 rc = next_entry(buf, fp, sizeof(u32)); 2373 if (rc) 2374 goto out; 2375 2376 rc = -EINVAL; 2377 val = le32_to_cpu(buf[0]); 2378 if (val > U16_MAX || (val != 0 && !policydb_class_isvalid(p, val))) 2379 goto out; 2380 newc->v.sclass = val; 2381 rc = context_read_and_validate(&newc->context[0], p, 2382 fp); 2383 if (rc) 2384 goto out; 2385 2386 for (l = NULL, c = genfs->head; c; l = c, c = c->next) { 2387 rc = -EINVAL; 2388 if (!strcmp(newc->u.name, c->u.name) && 2389 (!c->v.sclass || !newc->v.sclass || 2390 newc->v.sclass == c->v.sclass)) { 2391 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2392 genfs->fstype, c->u.name); 2393 goto out; 2394 } 2395 len = strlen(newc->u.name); 2396 len2 = strlen(c->u.name); 2397 if (len > len2) 2398 break; 2399 } 2400 2401 newc->next = c; 2402 if (l) 2403 l->next = newc; 2404 else 2405 genfs->head = newc; 2406 newc = NULL; 2407 } 2408 } 2409 rc = 0; 2410 out: 2411 if (newgenfs) { 2412 kfree(newgenfs->fstype); 2413 kfree(newgenfs); 2414 } 2415 ocontext_destroy(newc, OCON_FSUSE); 2416 2417 if (rc) 2418 pr_err("SELinux: invalid genfs\n"); 2419 2420 return rc; 2421 } 2422 2423 static int ocontext_read(struct policydb *p, 2424 const struct policydb_compat_info *info, struct policy_file *fp) 2425 { 2426 int rc; 2427 unsigned int i; 2428 u32 j, nel, len, val; 2429 __be64 prefixbuf[1]; 2430 __le32 buf[3]; 2431 struct ocontext *l, *c; 2432 u32 nodebuf[8]; 2433 2434 for (i = 0; i < info->ocon_num; i++) { 2435 rc = next_entry(buf, fp, sizeof(u32)); 2436 if (rc) 2437 goto out; 2438 nel = le32_to_cpu(buf[0]); 2439 2440 l = NULL; 2441 for (j = 0; j < nel; j++) { 2442 rc = -ENOMEM; 2443 c = kzalloc_obj(*c); 2444 if (!c) 2445 goto out; 2446 if (l) 2447 l->next = c; 2448 else 2449 p->ocontexts[i] = c; 2450 l = c; 2451 2452 switch (i) { 2453 case OCON_ISID: 2454 rc = next_entry(buf, fp, sizeof(u32)); 2455 if (rc) 2456 goto out; 2457 2458 c->sid[0] = le32_to_cpu(buf[0]); 2459 rc = context_read_and_validate(&c->context[0], 2460 p, fp); 2461 if (rc) 2462 goto out; 2463 break; 2464 case OCON_FS: 2465 case OCON_NETIF: 2466 rc = next_entry(buf, fp, sizeof(u32)); 2467 if (rc) 2468 goto out; 2469 len = le32_to_cpu(buf[0]); 2470 2471 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2472 if (rc) 2473 goto out; 2474 2475 if (i == OCON_FS) 2476 pr_warn("SELinux: void and deprecated fs ocon %s\n", 2477 c->u.name); 2478 2479 rc = context_read_and_validate(&c->context[0], 2480 p, fp); 2481 if (rc) 2482 goto out; 2483 rc = context_read_and_validate(&c->context[1], 2484 p, fp); 2485 if (rc) 2486 goto out; 2487 break; 2488 case OCON_PORT: 2489 rc = next_entry(buf, fp, sizeof(u32) * 3); 2490 if (rc) 2491 goto out; 2492 2493 rc = -EINVAL; 2494 val = le32_to_cpu(buf[0]); 2495 if (val > U8_MAX) 2496 goto out; 2497 c->u.port.protocol = val; 2498 val = le32_to_cpu(buf[1]); 2499 if (val > U16_MAX) 2500 goto out; 2501 c->u.port.low_port = val; 2502 val = le32_to_cpu(buf[2]); 2503 if (val > U16_MAX) 2504 goto out; 2505 c->u.port.high_port = val; 2506 if (c->u.port.low_port == 0 || 2507 c->u.port.low_port > c->u.port.high_port) 2508 goto out; 2509 2510 rc = context_read_and_validate(&c->context[0], p, fp); 2511 if (rc) 2512 goto out; 2513 break; 2514 case OCON_NODE: 2515 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2516 if (rc) 2517 goto out; 2518 c->u.node.addr = nodebuf[0]; /* network order */ 2519 c->u.node.mask = nodebuf[1]; /* network order */ 2520 rc = context_read_and_validate(&c->context[0], 2521 p, fp); 2522 if (rc) 2523 goto out; 2524 break; 2525 case OCON_FSUSE: 2526 rc = next_entry(buf, fp, sizeof(u32) * 2); 2527 if (rc) 2528 goto out; 2529 2530 rc = -EINVAL; 2531 c->v.behavior = le32_to_cpu(buf[0]); 2532 /* Determined at runtime, not in policy DB. */ 2533 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2534 goto out; 2535 if (c->v.behavior > SECURITY_FS_USE_MAX) 2536 goto out; 2537 2538 len = le32_to_cpu(buf[1]); 2539 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2540 if (rc) 2541 goto out; 2542 2543 rc = context_read_and_validate(&c->context[0], 2544 p, fp); 2545 if (rc) 2546 goto out; 2547 break; 2548 case OCON_NODE6: { 2549 int k; 2550 2551 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2552 if (rc) 2553 goto out; 2554 for (k = 0; k < 4; k++) 2555 c->u.node6.addr[k] = nodebuf[k]; 2556 for (k = 0; k < 4; k++) 2557 c->u.node6.mask[k] = nodebuf[k + 4]; 2558 rc = context_read_and_validate(&c->context[0], 2559 p, fp); 2560 if (rc) 2561 goto out; 2562 break; 2563 } 2564 case OCON_IBPKEY: { 2565 u32 pkey_lo, pkey_hi; 2566 2567 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2568 if (rc) 2569 goto out; 2570 2571 /* we need to have subnet_prefix in CPU order */ 2572 c->u.ibpkey.subnet_prefix = 2573 be64_to_cpu(prefixbuf[0]); 2574 2575 rc = next_entry(buf, fp, sizeof(u32) * 2); 2576 if (rc) 2577 goto out; 2578 2579 pkey_lo = le32_to_cpu(buf[0]); 2580 pkey_hi = le32_to_cpu(buf[1]); 2581 2582 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2583 rc = -EINVAL; 2584 goto out; 2585 } 2586 2587 c->u.ibpkey.low_pkey = pkey_lo; 2588 c->u.ibpkey.high_pkey = pkey_hi; 2589 2590 rc = context_read_and_validate(&c->context[0], 2591 p, fp); 2592 if (rc) 2593 goto out; 2594 break; 2595 } 2596 case OCON_IBENDPORT: { 2597 u32 port; 2598 2599 rc = next_entry(buf, fp, sizeof(u32) * 2); 2600 if (rc) 2601 goto out; 2602 len = le32_to_cpu(buf[0]); 2603 2604 rc = str_read(&c->u.ibendport.dev_name, 2605 GFP_KERNEL, fp, len); 2606 if (rc) 2607 goto out; 2608 2609 port = le32_to_cpu(buf[1]); 2610 if (port > U8_MAX || port == 0) { 2611 rc = -EINVAL; 2612 goto out; 2613 } 2614 2615 c->u.ibendport.port = port; 2616 2617 rc = context_read_and_validate(&c->context[0], 2618 p, fp); 2619 if (rc) 2620 goto out; 2621 break; 2622 } /* end case */ 2623 } /* end switch */ 2624 } 2625 } 2626 rc = 0; 2627 out: 2628 if (rc) 2629 pr_err("SELinux: invalid ocon\n"); 2630 return rc; 2631 } 2632 2633 /* 2634 * Read the configuration data from a policy database binary 2635 * representation file into a policy database structure. 2636 */ 2637 int policydb_read(struct policydb *p, struct policy_file *fp) 2638 { 2639 struct role_allow *ra, *lra; 2640 struct role_trans_key *rtk = NULL; 2641 struct role_trans_datum *rtd = NULL; 2642 int rc; 2643 __le32 buf[4]; 2644 u32 i, j, len, nprim, nel, perm, val; 2645 2646 char *policydb_str; 2647 const struct policydb_compat_info *info; 2648 2649 policydb_init(p); 2650 2651 /* Read the magic number and string length. */ 2652 rc = next_entry(buf, fp, sizeof(u32) * 2); 2653 if (rc) 2654 goto bad; 2655 2656 rc = -EINVAL; 2657 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2658 pr_err("SELinux: policydb magic number 0x%x does " 2659 "not match expected magic number 0x%x\n", 2660 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2661 goto bad; 2662 } 2663 2664 rc = -EINVAL; 2665 len = le32_to_cpu(buf[1]); 2666 if (len != strlen(POLICYDB_STRING)) { 2667 pr_err("SELinux: policydb string length %d does not " 2668 "match expected length %zu\n", 2669 len, strlen(POLICYDB_STRING)); 2670 goto bad; 2671 } 2672 2673 rc = str_read(&policydb_str, GFP_KERNEL, fp, len); 2674 if (rc) { 2675 if (rc == -ENOMEM) { 2676 pr_err("SELinux: unable to allocate memory for policydb string of length %d\n", 2677 len); 2678 } else { 2679 pr_err("SELinux: truncated policydb string identifier\n"); 2680 } 2681 goto bad; 2682 } 2683 2684 rc = -EINVAL; 2685 if (strcmp(policydb_str, POLICYDB_STRING)) { 2686 pr_err("SELinux: policydb string %s does not match " 2687 "my string %s\n", 2688 policydb_str, POLICYDB_STRING); 2689 kfree(policydb_str); 2690 goto bad; 2691 } 2692 /* Done with policydb_str. */ 2693 kfree(policydb_str); 2694 policydb_str = NULL; 2695 2696 /* Read the version and table sizes. */ 2697 rc = next_entry(buf, fp, sizeof(u32) * 4); 2698 if (rc) 2699 goto bad; 2700 2701 rc = -EINVAL; 2702 p->policyvers = le32_to_cpu(buf[0]); 2703 if (p->policyvers < POLICYDB_VERSION_MIN || 2704 p->policyvers > POLICYDB_VERSION_MAX) { 2705 pr_err("SELinux: policydb version %d does not match " 2706 "my version range %d-%d\n", 2707 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, 2708 POLICYDB_VERSION_MAX); 2709 goto bad; 2710 } 2711 2712 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2713 p->mls_enabled = 1; 2714 2715 rc = -EINVAL; 2716 if (p->policyvers < POLICYDB_VERSION_MLS) { 2717 pr_err("SELinux: security policydb version %d " 2718 "(MLS) not backwards compatible\n", 2719 p->policyvers); 2720 goto bad; 2721 } 2722 } 2723 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2724 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2725 2726 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2727 rc = ebitmap_read(&p->policycaps, fp); 2728 if (rc) 2729 goto bad; 2730 } 2731 2732 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2733 rc = ebitmap_read(&p->permissive_map, fp); 2734 if (rc) 2735 goto bad; 2736 } 2737 2738 if (p->policyvers >= POLICYDB_VERSION_NEVERAUDIT) { 2739 rc = ebitmap_read(&p->neveraudit_map, fp); 2740 if (rc) 2741 goto bad; 2742 } 2743 2744 rc = -EINVAL; 2745 info = policydb_lookup_compat(p->policyvers); 2746 if (!info) { 2747 pr_err("SELinux: unable to find policy compat info " 2748 "for version %d\n", 2749 p->policyvers); 2750 goto bad; 2751 } 2752 2753 rc = -EINVAL; 2754 if (le32_to_cpu(buf[2]) != info->sym_num || 2755 le32_to_cpu(buf[3]) != info->ocon_num) { 2756 pr_err("SELinux: policydb table sizes (%d,%d) do " 2757 "not match mine (%d,%d)\n", 2758 le32_to_cpu(buf[2]), le32_to_cpu(buf[3]), info->sym_num, 2759 info->ocon_num); 2760 goto bad; 2761 } 2762 2763 for (i = 0; i < info->sym_num; i++) { 2764 rc = next_entry(buf, fp, sizeof(u32) * 2); 2765 if (rc) 2766 goto bad; 2767 nprim = le32_to_cpu(buf[0]); 2768 nel = le32_to_cpu(buf[1]); 2769 2770 /* every read_f() implementation reads at least 128 bytes 2771 * for any valid entry 2772 */ 2773 rc = size_check(4 * sizeof(u32), nel, fp); 2774 if (rc) 2775 goto out; 2776 2777 rc = symtab_init(&p->symtab[i], nel); 2778 if (rc) 2779 goto out; 2780 2781 if (i == SYM_ROLES) { 2782 rc = roles_init(p); 2783 if (rc) 2784 goto out; 2785 } 2786 2787 for (j = 0; j < nel; j++) { 2788 rc = read_f[i](p, &p->symtab[i], fp); 2789 if (rc) 2790 goto bad; 2791 } 2792 2793 p->symtab[i].nprim = nprim; 2794 } 2795 2796 rc = policydb_index(p); 2797 if (rc) 2798 goto bad; 2799 2800 rc = -EINVAL; 2801 p->process_class = string_to_security_class(p, "process"); 2802 if (!p->process_class) { 2803 pr_err("SELinux: process class is required, not defined in policy\n"); 2804 goto bad; 2805 } 2806 2807 rc = avtab_read(&p->te_avtab, fp, p); 2808 if (rc) 2809 goto bad; 2810 2811 avtab_hash_eval(&p->te_avtab, "rules"); 2812 2813 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2814 rc = cond_read_list(p, fp); 2815 if (rc) 2816 goto bad; 2817 } 2818 2819 rc = next_entry(buf, fp, sizeof(u32)); 2820 if (rc) 2821 goto bad; 2822 nel = le32_to_cpu(buf[0]); 2823 2824 /* we read at least 96 bytes for any valid role-transition */ 2825 rc = size_check(3 * sizeof(u32), nel, fp); 2826 if (rc) 2827 goto bad; 2828 2829 rc = hashtab_init(&p->role_tr, nel); 2830 if (rc) 2831 goto bad; 2832 for (i = 0; i < nel; i++) { 2833 rc = -ENOMEM; 2834 rtk = kmalloc_obj(*rtk); 2835 if (!rtk) 2836 goto bad; 2837 2838 rc = -ENOMEM; 2839 rtd = kmalloc_obj(*rtd); 2840 if (!rtd) 2841 goto bad; 2842 2843 rc = next_entry(buf, fp, sizeof(u32) * 3); 2844 if (rc) 2845 goto bad; 2846 2847 rtk->role = le32_to_cpu(buf[0]); 2848 rtk->type = le32_to_cpu(buf[1]); 2849 rtd->new_role = le32_to_cpu(buf[2]); 2850 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2851 rc = next_entry(buf, fp, sizeof(u32)); 2852 if (rc) 2853 goto bad; 2854 rc = -EINVAL; 2855 val = le32_to_cpu(buf[0]); 2856 if (val > U16_MAX) 2857 goto bad; 2858 rtk->tclass = val; 2859 } else 2860 rtk->tclass = p->process_class; 2861 2862 rc = -EINVAL; 2863 if (!policydb_role_isvalid(p, rtk->role) || 2864 !policydb_type_isvalid(p, rtk->type) || 2865 !policydb_class_isvalid(p, rtk->tclass) || 2866 !policydb_role_isvalid(p, rtd->new_role)) 2867 goto bad; 2868 2869 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2870 if (rc) 2871 goto bad; 2872 2873 rtk = NULL; 2874 rtd = NULL; 2875 } 2876 2877 hash_eval(&p->role_tr, "roletr", NULL); 2878 2879 rc = next_entry(buf, fp, sizeof(u32)); 2880 if (rc) 2881 goto bad; 2882 nel = le32_to_cpu(buf[0]); 2883 lra = NULL; 2884 for (i = 0; i < nel; i++) { 2885 rc = -ENOMEM; 2886 ra = kzalloc_obj(*ra); 2887 if (!ra) 2888 goto bad; 2889 if (lra) 2890 lra->next = ra; 2891 else 2892 p->role_allow = ra; 2893 rc = next_entry(buf, fp, sizeof(u32) * 2); 2894 if (rc) 2895 goto bad; 2896 2897 rc = -EINVAL; 2898 ra->role = le32_to_cpu(buf[0]); 2899 ra->new_role = le32_to_cpu(buf[1]); 2900 if (!policydb_role_isvalid(p, ra->role) || 2901 !policydb_role_isvalid(p, ra->new_role)) 2902 goto bad; 2903 lra = ra; 2904 } 2905 2906 rc = filename_trans_read(p, fp); 2907 if (rc) 2908 goto bad; 2909 2910 rc = -EINVAL; 2911 perm = string_to_av_perm(p, p->process_class, "transition"); 2912 if (!perm) { 2913 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2914 goto bad; 2915 } 2916 p->process_trans_perms = perm; 2917 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2918 if (!perm) { 2919 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2920 goto bad; 2921 } 2922 p->process_trans_perms |= perm; 2923 2924 rc = ocontext_read(p, info, fp); 2925 if (rc) 2926 goto bad; 2927 2928 rc = genfs_read(p, fp); 2929 if (rc) 2930 goto bad; 2931 2932 rc = range_read(p, fp); 2933 if (rc) 2934 goto bad; 2935 2936 rc = -ENOMEM; 2937 p->type_attr_map_array = kvzalloc_objs(*p->type_attr_map_array, 2938 p->p_types.nprim); 2939 if (!p->type_attr_map_array) 2940 goto bad; 2941 2942 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2943 for (i = 0; i < p->p_types.nprim; i++) 2944 ebitmap_init(&p->type_attr_map_array[i]); 2945 2946 for (i = 0; i < p->p_types.nprim; i++) { 2947 struct ebitmap *e = &p->type_attr_map_array[i]; 2948 2949 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2950 rc = ebitmap_read(e, fp); 2951 if (rc) 2952 goto bad; 2953 } 2954 2955 rc = -EINVAL; 2956 if (ebitmap_get_highest_set_bit(e) >= p->p_types.nprim) 2957 goto bad; 2958 2959 /* add the type itself as the degenerate case */ 2960 rc = ebitmap_set_bit(e, i, 1); 2961 if (rc) 2962 goto bad; 2963 } 2964 2965 rc = policydb_bounds_sanity_check(p); 2966 if (rc) 2967 goto bad; 2968 2969 rc = 0; 2970 out: 2971 return rc; 2972 bad: 2973 kfree(rtk); 2974 kfree(rtd); 2975 policydb_destroy(p); 2976 goto out; 2977 } 2978 2979 /* 2980 * Write a MLS level structure to a policydb binary 2981 * representation file. 2982 */ 2983 static int mls_write_level(struct mls_level *l, struct policy_file *fp) 2984 { 2985 __le32 buf[1]; 2986 int rc; 2987 2988 buf[0] = cpu_to_le32(l->sens); 2989 rc = put_entry(buf, sizeof(u32), 1, fp); 2990 if (rc) 2991 return rc; 2992 2993 rc = ebitmap_write(&l->cat, fp); 2994 if (rc) 2995 return rc; 2996 2997 return 0; 2998 } 2999 3000 /* 3001 * Write a MLS range structure to a policydb binary 3002 * representation file. 3003 */ 3004 static int mls_write_range_helper(struct mls_range *r, struct policy_file *fp) 3005 { 3006 __le32 buf[3]; 3007 size_t items; 3008 int rc, eq; 3009 3010 eq = mls_level_eq(&r->level[1], &r->level[0]); 3011 3012 if (eq) 3013 items = 2; 3014 else 3015 items = 3; 3016 buf[0] = cpu_to_le32(items - 1); 3017 buf[1] = cpu_to_le32(r->level[0].sens); 3018 if (!eq) 3019 buf[2] = cpu_to_le32(r->level[1].sens); 3020 3021 BUG_ON(items > ARRAY_SIZE(buf)); 3022 3023 rc = put_entry(buf, sizeof(u32), items, fp); 3024 if (rc) 3025 return rc; 3026 3027 rc = ebitmap_write(&r->level[0].cat, fp); 3028 if (rc) 3029 return rc; 3030 if (!eq) { 3031 rc = ebitmap_write(&r->level[1].cat, fp); 3032 if (rc) 3033 return rc; 3034 } 3035 3036 return 0; 3037 } 3038 3039 static int sens_write(void *vkey, void *datum, void *ptr) 3040 { 3041 char *key = vkey; 3042 struct level_datum *levdatum = datum; 3043 struct policy_data *pd = ptr; 3044 struct policy_file *fp = pd->fp; 3045 __le32 buf[2]; 3046 size_t len; 3047 int rc; 3048 3049 len = strlen(key); 3050 buf[0] = cpu_to_le32(len); 3051 buf[1] = cpu_to_le32(levdatum->isalias); 3052 rc = put_entry(buf, sizeof(u32), 2, fp); 3053 if (rc) 3054 return rc; 3055 3056 rc = put_entry(key, 1, len, fp); 3057 if (rc) 3058 return rc; 3059 3060 rc = mls_write_level(&levdatum->level, fp); 3061 if (rc) 3062 return rc; 3063 3064 return 0; 3065 } 3066 3067 static int cat_write(void *vkey, void *datum, void *ptr) 3068 { 3069 char *key = vkey; 3070 struct cat_datum *catdatum = datum; 3071 struct policy_data *pd = ptr; 3072 struct policy_file *fp = pd->fp; 3073 __le32 buf[3]; 3074 size_t len; 3075 int rc; 3076 3077 len = strlen(key); 3078 buf[0] = cpu_to_le32(len); 3079 buf[1] = cpu_to_le32(catdatum->value); 3080 buf[2] = cpu_to_le32(catdatum->isalias); 3081 rc = put_entry(buf, sizeof(u32), 3, fp); 3082 if (rc) 3083 return rc; 3084 3085 rc = put_entry(key, 1, len, fp); 3086 if (rc) 3087 return rc; 3088 3089 return 0; 3090 } 3091 3092 static int role_trans_write_one(void *key, void *datum, void *ptr) 3093 { 3094 struct role_trans_key *rtk = key; 3095 struct role_trans_datum *rtd = datum; 3096 struct policy_data *pd = ptr; 3097 struct policy_file *fp = pd->fp; 3098 struct policydb *p = pd->p; 3099 __le32 buf[3]; 3100 int rc; 3101 3102 buf[0] = cpu_to_le32(rtk->role); 3103 buf[1] = cpu_to_le32(rtk->type); 3104 buf[2] = cpu_to_le32(rtd->new_role); 3105 rc = put_entry(buf, sizeof(u32), 3, fp); 3106 if (rc) 3107 return rc; 3108 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 3109 buf[0] = cpu_to_le32(rtk->tclass); 3110 rc = put_entry(buf, sizeof(u32), 1, fp); 3111 if (rc) 3112 return rc; 3113 } 3114 return 0; 3115 } 3116 3117 static int role_trans_write(struct policydb *p, struct policy_file *fp) 3118 { 3119 struct policy_data pd = { .p = p, .fp = fp }; 3120 __le32 buf[1]; 3121 int rc; 3122 3123 buf[0] = cpu_to_le32(p->role_tr.nel); 3124 rc = put_entry(buf, sizeof(u32), 1, fp); 3125 if (rc) 3126 return rc; 3127 3128 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 3129 } 3130 3131 static int role_allow_write(struct role_allow *r, struct policy_file *fp) 3132 { 3133 struct role_allow *ra; 3134 __le32 buf[2]; 3135 size_t nel; 3136 int rc; 3137 3138 nel = 0; 3139 for (ra = r; ra; ra = ra->next) 3140 nel++; 3141 buf[0] = cpu_to_le32(nel); 3142 rc = put_entry(buf, sizeof(u32), 1, fp); 3143 if (rc) 3144 return rc; 3145 for (ra = r; ra; ra = ra->next) { 3146 buf[0] = cpu_to_le32(ra->role); 3147 buf[1] = cpu_to_le32(ra->new_role); 3148 rc = put_entry(buf, sizeof(u32), 2, fp); 3149 if (rc) 3150 return rc; 3151 } 3152 return 0; 3153 } 3154 3155 /* 3156 * Write a security context structure 3157 * to a policydb binary representation file. 3158 */ 3159 static int context_write(struct policydb *p, struct context *c, struct policy_file *fp) 3160 { 3161 int rc; 3162 __le32 buf[3]; 3163 3164 buf[0] = cpu_to_le32(c->user); 3165 buf[1] = cpu_to_le32(c->role); 3166 buf[2] = cpu_to_le32(c->type); 3167 3168 rc = put_entry(buf, sizeof(u32), 3, fp); 3169 if (rc) 3170 return rc; 3171 3172 rc = mls_write_range_helper(&c->range, fp); 3173 if (rc) 3174 return rc; 3175 3176 return 0; 3177 } 3178 3179 /* 3180 * The following *_write functions are used to 3181 * write the symbol data to a policy database 3182 * binary representation file. 3183 */ 3184 3185 static int perm_write(void *vkey, void *datum, void *fp) 3186 { 3187 char *key = vkey; 3188 struct perm_datum *perdatum = datum; 3189 __le32 buf[2]; 3190 size_t len; 3191 int rc; 3192 3193 len = strlen(key); 3194 buf[0] = cpu_to_le32(len); 3195 buf[1] = cpu_to_le32(perdatum->value); 3196 rc = put_entry(buf, sizeof(u32), 2, fp); 3197 if (rc) 3198 return rc; 3199 3200 rc = put_entry(key, 1, len, fp); 3201 if (rc) 3202 return rc; 3203 3204 return 0; 3205 } 3206 3207 static int common_write(void *vkey, void *datum, void *ptr) 3208 { 3209 char *key = vkey; 3210 struct common_datum *comdatum = datum; 3211 struct policy_data *pd = ptr; 3212 struct policy_file *fp = pd->fp; 3213 __le32 buf[4]; 3214 size_t len; 3215 int rc; 3216 3217 len = strlen(key); 3218 buf[0] = cpu_to_le32(len); 3219 buf[1] = cpu_to_le32(comdatum->value); 3220 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 3221 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 3222 rc = put_entry(buf, sizeof(u32), 4, fp); 3223 if (rc) 3224 return rc; 3225 3226 rc = put_entry(key, 1, len, fp); 3227 if (rc) 3228 return rc; 3229 3230 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 3231 if (rc) 3232 return rc; 3233 3234 return 0; 3235 } 3236 3237 static int type_set_write(struct type_set *t, struct policy_file *fp) 3238 { 3239 int rc; 3240 __le32 buf[1]; 3241 3242 if (ebitmap_write(&t->types, fp)) 3243 return -EINVAL; 3244 if (ebitmap_write(&t->negset, fp)) 3245 return -EINVAL; 3246 3247 buf[0] = cpu_to_le32(t->flags); 3248 rc = put_entry(buf, sizeof(u32), 1, fp); 3249 if (rc) 3250 return -EINVAL; 3251 3252 return 0; 3253 } 3254 3255 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 3256 struct policy_file *fp) 3257 { 3258 struct constraint_node *c; 3259 struct constraint_expr *e; 3260 __le32 buf[3]; 3261 u32 nel; 3262 int rc; 3263 3264 for (c = node; c; c = c->next) { 3265 nel = 0; 3266 for (e = c->expr; e; e = e->next) 3267 nel++; 3268 buf[0] = cpu_to_le32(c->permissions); 3269 buf[1] = cpu_to_le32(nel); 3270 rc = put_entry(buf, sizeof(u32), 2, fp); 3271 if (rc) 3272 return rc; 3273 for (e = c->expr; e; e = e->next) { 3274 buf[0] = cpu_to_le32(e->expr_type); 3275 buf[1] = cpu_to_le32(e->attr); 3276 buf[2] = cpu_to_le32(e->op); 3277 rc = put_entry(buf, sizeof(u32), 3, fp); 3278 if (rc) 3279 return rc; 3280 3281 switch (e->expr_type) { 3282 case CEXPR_NAMES: 3283 rc = ebitmap_write(&e->names, fp); 3284 if (rc) 3285 return rc; 3286 if (p->policyvers >= 3287 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3288 rc = type_set_write(e->type_names, fp); 3289 if (rc) 3290 return rc; 3291 } 3292 break; 3293 default: 3294 break; 3295 } 3296 } 3297 } 3298 3299 return 0; 3300 } 3301 3302 static int class_write(void *vkey, void *datum, void *ptr) 3303 { 3304 char *key = vkey; 3305 struct class_datum *cladatum = datum; 3306 struct policy_data *pd = ptr; 3307 struct policy_file *fp = pd->fp; 3308 struct policydb *p = pd->p; 3309 struct constraint_node *c; 3310 __le32 buf[6]; 3311 u32 ncons; 3312 size_t len, len2; 3313 int rc; 3314 3315 len = strlen(key); 3316 if (cladatum->comkey) 3317 len2 = strlen(cladatum->comkey); 3318 else 3319 len2 = 0; 3320 3321 ncons = 0; 3322 for (c = cladatum->constraints; c; c = c->next) 3323 ncons++; 3324 3325 buf[0] = cpu_to_le32(len); 3326 buf[1] = cpu_to_le32(len2); 3327 buf[2] = cpu_to_le32(cladatum->value); 3328 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3329 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3330 buf[5] = cpu_to_le32(ncons); 3331 rc = put_entry(buf, sizeof(u32), 6, fp); 3332 if (rc) 3333 return rc; 3334 3335 rc = put_entry(key, 1, len, fp); 3336 if (rc) 3337 return rc; 3338 3339 if (cladatum->comkey) { 3340 rc = put_entry(cladatum->comkey, 1, len2, fp); 3341 if (rc) 3342 return rc; 3343 } 3344 3345 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3346 if (rc) 3347 return rc; 3348 3349 rc = write_cons_helper(p, cladatum->constraints, fp); 3350 if (rc) 3351 return rc; 3352 3353 /* write out the validatetrans rule */ 3354 ncons = 0; 3355 for (c = cladatum->validatetrans; c; c = c->next) 3356 ncons++; 3357 3358 buf[0] = cpu_to_le32(ncons); 3359 rc = put_entry(buf, sizeof(u32), 1, fp); 3360 if (rc) 3361 return rc; 3362 3363 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3364 if (rc) 3365 return rc; 3366 3367 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3368 buf[0] = cpu_to_le32(cladatum->default_user); 3369 buf[1] = cpu_to_le32(cladatum->default_role); 3370 buf[2] = cpu_to_le32(cladatum->default_range); 3371 3372 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3373 if (rc) 3374 return rc; 3375 } 3376 3377 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3378 buf[0] = cpu_to_le32(cladatum->default_type); 3379 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3380 if (rc) 3381 return rc; 3382 } 3383 3384 return 0; 3385 } 3386 3387 static int role_write(void *vkey, void *datum, void *ptr) 3388 { 3389 char *key = vkey; 3390 struct role_datum *role = datum; 3391 struct policy_data *pd = ptr; 3392 struct policy_file *fp = pd->fp; 3393 struct policydb *p = pd->p; 3394 __le32 buf[3]; 3395 size_t items, len; 3396 int rc; 3397 3398 len = strlen(key); 3399 items = 0; 3400 buf[items++] = cpu_to_le32(len); 3401 buf[items++] = cpu_to_le32(role->value); 3402 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3403 buf[items++] = cpu_to_le32(role->bounds); 3404 3405 BUG_ON(items > ARRAY_SIZE(buf)); 3406 3407 rc = put_entry(buf, sizeof(u32), items, fp); 3408 if (rc) 3409 return rc; 3410 3411 rc = put_entry(key, 1, len, fp); 3412 if (rc) 3413 return rc; 3414 3415 rc = ebitmap_write(&role->dominates, fp); 3416 if (rc) 3417 return rc; 3418 3419 rc = ebitmap_write(&role->types, fp); 3420 if (rc) 3421 return rc; 3422 3423 return 0; 3424 } 3425 3426 static int type_write(void *vkey, void *datum, void *ptr) 3427 { 3428 char *key = vkey; 3429 struct type_datum *typdatum = datum; 3430 struct policy_data *pd = ptr; 3431 struct policydb *p = pd->p; 3432 struct policy_file *fp = pd->fp; 3433 __le32 buf[4]; 3434 int rc; 3435 size_t items, len; 3436 3437 len = strlen(key); 3438 items = 0; 3439 buf[items++] = cpu_to_le32(len); 3440 buf[items++] = cpu_to_le32(typdatum->value); 3441 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3442 u32 properties = 0; 3443 3444 if (typdatum->primary) 3445 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3446 3447 if (typdatum->attribute) 3448 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3449 3450 buf[items++] = cpu_to_le32(properties); 3451 buf[items++] = cpu_to_le32(typdatum->bounds); 3452 } else { 3453 buf[items++] = cpu_to_le32(typdatum->primary); 3454 } 3455 BUG_ON(items > ARRAY_SIZE(buf)); 3456 rc = put_entry(buf, sizeof(u32), items, fp); 3457 if (rc) 3458 return rc; 3459 3460 rc = put_entry(key, 1, len, fp); 3461 if (rc) 3462 return rc; 3463 3464 return 0; 3465 } 3466 3467 static int user_write(void *vkey, void *datum, void *ptr) 3468 { 3469 char *key = vkey; 3470 struct user_datum *usrdatum = datum; 3471 struct policy_data *pd = ptr; 3472 struct policydb *p = pd->p; 3473 struct policy_file *fp = pd->fp; 3474 __le32 buf[3]; 3475 size_t items, len; 3476 int rc; 3477 3478 len = strlen(key); 3479 items = 0; 3480 buf[items++] = cpu_to_le32(len); 3481 buf[items++] = cpu_to_le32(usrdatum->value); 3482 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3483 buf[items++] = cpu_to_le32(usrdatum->bounds); 3484 BUG_ON(items > ARRAY_SIZE(buf)); 3485 rc = put_entry(buf, sizeof(u32), items, fp); 3486 if (rc) 3487 return rc; 3488 3489 rc = put_entry(key, 1, len, fp); 3490 if (rc) 3491 return rc; 3492 3493 rc = ebitmap_write(&usrdatum->roles, fp); 3494 if (rc) 3495 return rc; 3496 3497 rc = mls_write_range_helper(&usrdatum->range, fp); 3498 if (rc) 3499 return rc; 3500 3501 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3502 if (rc) 3503 return rc; 3504 3505 return 0; 3506 } 3507 3508 /* clang-format off */ 3509 static int (*const write_f[SYM_NUM])(void *key, void *datum, void *datap) = { 3510 common_write, 3511 class_write, 3512 role_write, 3513 type_write, 3514 user_write, 3515 cond_write_bool, 3516 sens_write, 3517 cat_write, 3518 }; 3519 /* clang-format on */ 3520 3521 static int ocontext_write(struct policydb *p, 3522 const struct policydb_compat_info *info, 3523 struct policy_file *fp) 3524 { 3525 unsigned int i, j; 3526 int rc; 3527 size_t nel, len; 3528 __be64 prefixbuf[1]; 3529 __le32 buf[3]; 3530 u32 nodebuf[8]; 3531 struct ocontext *c; 3532 for (i = 0; i < info->ocon_num; i++) { 3533 nel = 0; 3534 for (c = p->ocontexts[i]; c; c = c->next) 3535 nel++; 3536 buf[0] = cpu_to_le32(nel); 3537 rc = put_entry(buf, sizeof(u32), 1, fp); 3538 if (rc) 3539 return rc; 3540 for (c = p->ocontexts[i]; c; c = c->next) { 3541 switch (i) { 3542 case OCON_ISID: 3543 buf[0] = cpu_to_le32(c->sid[0]); 3544 rc = put_entry(buf, sizeof(u32), 1, fp); 3545 if (rc) 3546 return rc; 3547 rc = context_write(p, &c->context[0], fp); 3548 if (rc) 3549 return rc; 3550 break; 3551 case OCON_FS: 3552 case OCON_NETIF: 3553 len = strlen(c->u.name); 3554 buf[0] = cpu_to_le32(len); 3555 rc = put_entry(buf, sizeof(u32), 1, fp); 3556 if (rc) 3557 return rc; 3558 rc = put_entry(c->u.name, 1, len, fp); 3559 if (rc) 3560 return rc; 3561 rc = context_write(p, &c->context[0], fp); 3562 if (rc) 3563 return rc; 3564 rc = context_write(p, &c->context[1], fp); 3565 if (rc) 3566 return rc; 3567 break; 3568 case OCON_PORT: 3569 buf[0] = cpu_to_le32(c->u.port.protocol); 3570 buf[1] = cpu_to_le32(c->u.port.low_port); 3571 buf[2] = cpu_to_le32(c->u.port.high_port); 3572 rc = put_entry(buf, sizeof(u32), 3, fp); 3573 if (rc) 3574 return rc; 3575 rc = context_write(p, &c->context[0], fp); 3576 if (rc) 3577 return rc; 3578 break; 3579 case OCON_NODE: 3580 nodebuf[0] = c->u.node.addr; /* network order */ 3581 nodebuf[1] = c->u.node.mask; /* network order */ 3582 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3583 if (rc) 3584 return rc; 3585 rc = context_write(p, &c->context[0], fp); 3586 if (rc) 3587 return rc; 3588 break; 3589 case OCON_FSUSE: 3590 buf[0] = cpu_to_le32(c->v.behavior); 3591 len = strlen(c->u.name); 3592 buf[1] = cpu_to_le32(len); 3593 rc = put_entry(buf, sizeof(u32), 2, fp); 3594 if (rc) 3595 return rc; 3596 rc = put_entry(c->u.name, 1, len, fp); 3597 if (rc) 3598 return rc; 3599 rc = context_write(p, &c->context[0], fp); 3600 if (rc) 3601 return rc; 3602 break; 3603 case OCON_NODE6: 3604 for (j = 0; j < 4; j++) 3605 nodebuf[j] = 3606 c->u.node6.addr 3607 [j]; /* network order */ 3608 for (j = 0; j < 4; j++) 3609 nodebuf[j + 4] = 3610 c->u.node6.mask 3611 [j]; /* network order */ 3612 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3613 if (rc) 3614 return rc; 3615 rc = context_write(p, &c->context[0], fp); 3616 if (rc) 3617 return rc; 3618 break; 3619 case OCON_IBPKEY: 3620 /* subnet_prefix is in CPU order */ 3621 prefixbuf[0] = 3622 cpu_to_be64(c->u.ibpkey.subnet_prefix); 3623 3624 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3625 if (rc) 3626 return rc; 3627 3628 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3629 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3630 3631 rc = put_entry(buf, sizeof(u32), 2, fp); 3632 if (rc) 3633 return rc; 3634 rc = context_write(p, &c->context[0], fp); 3635 if (rc) 3636 return rc; 3637 break; 3638 case OCON_IBENDPORT: 3639 len = strlen(c->u.ibendport.dev_name); 3640 buf[0] = cpu_to_le32(len); 3641 buf[1] = cpu_to_le32(c->u.ibendport.port); 3642 rc = put_entry(buf, sizeof(u32), 2, fp); 3643 if (rc) 3644 return rc; 3645 rc = put_entry(c->u.ibendport.dev_name, 1, len, 3646 fp); 3647 if (rc) 3648 return rc; 3649 rc = context_write(p, &c->context[0], fp); 3650 if (rc) 3651 return rc; 3652 break; 3653 } 3654 } 3655 } 3656 return 0; 3657 } 3658 3659 static int genfs_write(struct policydb *p, struct policy_file *fp) 3660 { 3661 struct genfs *genfs; 3662 struct ocontext *c; 3663 size_t len; 3664 __le32 buf[1]; 3665 int rc; 3666 3667 len = 0; 3668 for (genfs = p->genfs; genfs; genfs = genfs->next) 3669 len++; 3670 buf[0] = cpu_to_le32(len); 3671 rc = put_entry(buf, sizeof(u32), 1, fp); 3672 if (rc) 3673 return rc; 3674 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3675 len = strlen(genfs->fstype); 3676 buf[0] = cpu_to_le32(len); 3677 rc = put_entry(buf, sizeof(u32), 1, fp); 3678 if (rc) 3679 return rc; 3680 rc = put_entry(genfs->fstype, 1, len, fp); 3681 if (rc) 3682 return rc; 3683 len = 0; 3684 for (c = genfs->head; c; c = c->next) 3685 len++; 3686 buf[0] = cpu_to_le32(len); 3687 rc = put_entry(buf, sizeof(u32), 1, fp); 3688 if (rc) 3689 return rc; 3690 for (c = genfs->head; c; c = c->next) { 3691 len = strlen(c->u.name); 3692 buf[0] = cpu_to_le32(len); 3693 rc = put_entry(buf, sizeof(u32), 1, fp); 3694 if (rc) 3695 return rc; 3696 rc = put_entry(c->u.name, 1, len, fp); 3697 if (rc) 3698 return rc; 3699 buf[0] = cpu_to_le32(c->v.sclass); 3700 rc = put_entry(buf, sizeof(u32), 1, fp); 3701 if (rc) 3702 return rc; 3703 rc = context_write(p, &c->context[0], fp); 3704 if (rc) 3705 return rc; 3706 } 3707 } 3708 return 0; 3709 } 3710 3711 static int range_write_helper(void *key, void *data, void *ptr) 3712 { 3713 __le32 buf[2]; 3714 struct range_trans *rt = key; 3715 struct mls_range *r = data; 3716 struct policy_data *pd = ptr; 3717 struct policy_file *fp = pd->fp; 3718 struct policydb *p = pd->p; 3719 int rc; 3720 3721 buf[0] = cpu_to_le32(rt->source_type); 3722 buf[1] = cpu_to_le32(rt->target_type); 3723 rc = put_entry(buf, sizeof(u32), 2, fp); 3724 if (rc) 3725 return rc; 3726 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3727 buf[0] = cpu_to_le32(rt->target_class); 3728 rc = put_entry(buf, sizeof(u32), 1, fp); 3729 if (rc) 3730 return rc; 3731 } 3732 rc = mls_write_range_helper(r, fp); 3733 if (rc) 3734 return rc; 3735 3736 return 0; 3737 } 3738 3739 static int range_write(struct policydb *p, struct policy_file *fp) 3740 { 3741 __le32 buf[1]; 3742 int rc; 3743 struct policy_data pd; 3744 3745 pd.p = p; 3746 pd.fp = fp; 3747 3748 buf[0] = cpu_to_le32(p->range_tr.nel); 3749 rc = put_entry(buf, sizeof(u32), 1, fp); 3750 if (rc) 3751 return rc; 3752 3753 /* actually write all of the entries */ 3754 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3755 if (rc) 3756 return rc; 3757 3758 return 0; 3759 } 3760 3761 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3762 { 3763 struct filename_trans_key *ft = key; 3764 struct filename_trans_datum *datum = data; 3765 struct ebitmap_node *node; 3766 struct policy_file *fp = ptr; 3767 __le32 buf[4]; 3768 int rc; 3769 u32 bit, len = strlen(ft->name); 3770 3771 do { 3772 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) 3773 { 3774 buf[0] = cpu_to_le32(len); 3775 rc = put_entry(buf, sizeof(u32), 1, fp); 3776 if (rc) 3777 return rc; 3778 3779 rc = put_entry(ft->name, sizeof(char), len, fp); 3780 if (rc) 3781 return rc; 3782 3783 buf[0] = cpu_to_le32(bit + 1); 3784 buf[1] = cpu_to_le32(ft->ttype); 3785 buf[2] = cpu_to_le32(ft->tclass); 3786 buf[3] = cpu_to_le32(datum->otype); 3787 3788 rc = put_entry(buf, sizeof(u32), 4, fp); 3789 if (rc) 3790 return rc; 3791 } 3792 3793 datum = datum->next; 3794 } while (unlikely(datum)); 3795 3796 return 0; 3797 } 3798 3799 static int filename_write_helper(void *key, void *data, void *ptr) 3800 { 3801 struct filename_trans_key *ft = key; 3802 struct filename_trans_datum *datum; 3803 struct policy_file *fp = ptr; 3804 __le32 buf[3]; 3805 int rc; 3806 u32 ndatum, len = strlen(ft->name); 3807 3808 buf[0] = cpu_to_le32(len); 3809 rc = put_entry(buf, sizeof(u32), 1, fp); 3810 if (rc) 3811 return rc; 3812 3813 rc = put_entry(ft->name, sizeof(char), len, fp); 3814 if (rc) 3815 return rc; 3816 3817 ndatum = 0; 3818 datum = data; 3819 do { 3820 ndatum++; 3821 datum = datum->next; 3822 } while (unlikely(datum)); 3823 3824 buf[0] = cpu_to_le32(ft->ttype); 3825 buf[1] = cpu_to_le32(ft->tclass); 3826 buf[2] = cpu_to_le32(ndatum); 3827 rc = put_entry(buf, sizeof(u32), 3, fp); 3828 if (rc) 3829 return rc; 3830 3831 datum = data; 3832 do { 3833 rc = ebitmap_write(&datum->stypes, fp); 3834 if (rc) 3835 return rc; 3836 3837 buf[0] = cpu_to_le32(datum->otype); 3838 rc = put_entry(buf, sizeof(u32), 1, fp); 3839 if (rc) 3840 return rc; 3841 3842 datum = datum->next; 3843 } while (unlikely(datum)); 3844 3845 return 0; 3846 } 3847 3848 static int filename_trans_write(struct policydb *p, struct policy_file *fp) 3849 { 3850 __le32 buf[1]; 3851 int rc; 3852 3853 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3854 return 0; 3855 3856 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3857 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3858 rc = put_entry(buf, sizeof(u32), 1, fp); 3859 if (rc) 3860 return rc; 3861 3862 rc = hashtab_map(&p->filename_trans, 3863 filename_write_helper_compat, fp); 3864 } else { 3865 buf[0] = cpu_to_le32(p->filename_trans.nel); 3866 rc = put_entry(buf, sizeof(u32), 1, fp); 3867 if (rc) 3868 return rc; 3869 3870 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3871 } 3872 return rc; 3873 } 3874 3875 /* 3876 * Write the configuration data in a policy database 3877 * structure to a policy database binary representation 3878 * file. 3879 */ 3880 int policydb_write(struct policydb *p, struct policy_file *fp) 3881 { 3882 unsigned int num_syms; 3883 int rc; 3884 __le32 buf[4]; 3885 u32 config, i; 3886 size_t len; 3887 const struct policydb_compat_info *info; 3888 3889 /* 3890 * refuse to write policy older than compressed avtab 3891 * to simplify the writer. There are other tests dropped 3892 * since we assume this throughout the writer code. Be 3893 * careful if you ever try to remove this restriction 3894 */ 3895 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3896 pr_err("SELinux: refusing to write policy version %d." 3897 " Because it is less than version %d\n", 3898 p->policyvers, POLICYDB_VERSION_AVTAB); 3899 return -EINVAL; 3900 } 3901 3902 config = 0; 3903 if (p->mls_enabled) 3904 config |= POLICYDB_CONFIG_MLS; 3905 3906 if (p->reject_unknown) 3907 config |= REJECT_UNKNOWN; 3908 if (p->allow_unknown) 3909 config |= ALLOW_UNKNOWN; 3910 3911 /* Write the magic number and string identifiers. */ 3912 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3913 len = strlen(POLICYDB_STRING); 3914 buf[1] = cpu_to_le32(len); 3915 rc = put_entry(buf, sizeof(u32), 2, fp); 3916 if (rc) 3917 return rc; 3918 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3919 if (rc) 3920 return rc; 3921 3922 /* Write the version, config, and table sizes. */ 3923 info = policydb_lookup_compat(p->policyvers); 3924 if (!info) { 3925 pr_err("SELinux: compatibility lookup failed for policy " 3926 "version %d\n", 3927 p->policyvers); 3928 return -EINVAL; 3929 } 3930 3931 buf[0] = cpu_to_le32(p->policyvers); 3932 buf[1] = cpu_to_le32(config); 3933 buf[2] = cpu_to_le32(info->sym_num); 3934 buf[3] = cpu_to_le32(info->ocon_num); 3935 3936 rc = put_entry(buf, sizeof(u32), 4, fp); 3937 if (rc) 3938 return rc; 3939 3940 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3941 rc = ebitmap_write(&p->policycaps, fp); 3942 if (rc) 3943 return rc; 3944 } 3945 3946 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3947 rc = ebitmap_write(&p->permissive_map, fp); 3948 if (rc) 3949 return rc; 3950 } 3951 3952 if (p->policyvers >= POLICYDB_VERSION_NEVERAUDIT) { 3953 rc = ebitmap_write(&p->neveraudit_map, fp); 3954 if (rc) 3955 return rc; 3956 } 3957 3958 num_syms = info->sym_num; 3959 for (i = 0; i < num_syms; i++) { 3960 struct policy_data pd; 3961 3962 pd.fp = fp; 3963 pd.p = p; 3964 3965 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3966 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3967 3968 rc = put_entry(buf, sizeof(u32), 2, fp); 3969 if (rc) 3970 return rc; 3971 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3972 if (rc) 3973 return rc; 3974 } 3975 3976 rc = avtab_write(p, &p->te_avtab, fp); 3977 if (rc) 3978 return rc; 3979 3980 rc = cond_write_list(p, fp); 3981 if (rc) 3982 return rc; 3983 3984 rc = role_trans_write(p, fp); 3985 if (rc) 3986 return rc; 3987 3988 rc = role_allow_write(p->role_allow, fp); 3989 if (rc) 3990 return rc; 3991 3992 rc = filename_trans_write(p, fp); 3993 if (rc) 3994 return rc; 3995 3996 rc = ocontext_write(p, info, fp); 3997 if (rc) 3998 return rc; 3999 4000 rc = genfs_write(p, fp); 4001 if (rc) 4002 return rc; 4003 4004 rc = range_write(p, fp); 4005 if (rc) 4006 return rc; 4007 4008 for (i = 0; i < p->p_types.nprim; i++) { 4009 struct ebitmap *e = &p->type_attr_map_array[i]; 4010 4011 rc = ebitmap_write(e, fp); 4012 if (rc) 4013 return rc; 4014 } 4015 4016 return 0; 4017 } 4018