1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Update: Mellanox Techonologies 21 * 22 * Added Infiniband support 23 * 24 * Copyright (C) 2016 Mellanox Techonologies 25 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 26 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 27 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 28 * This program is free software; you can redistribute it and/or modify 29 * it under the terms of the GNU General Public License as published by 30 * the Free Software Foundation, version 2. 31 */ 32 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/slab.h> 36 #include <linux/string.h> 37 #include <linux/errno.h> 38 #include <linux/audit.h> 39 #include <linux/flex_array.h> 40 #include "security.h" 41 42 #include "policydb.h" 43 #include "conditional.h" 44 #include "mls.h" 45 #include "services.h" 46 47 #define _DEBUG_HASHES 48 49 #ifdef DEBUG_HASHES 50 static const char *symtab_name[SYM_NUM] = { 51 "common prefixes", 52 "classes", 53 "roles", 54 "types", 55 "users", 56 "bools", 57 "levels", 58 "categories", 59 }; 60 #endif 61 62 static unsigned int symtab_sizes[SYM_NUM] = { 63 2, 64 32, 65 16, 66 512, 67 128, 68 16, 69 16, 70 16, 71 }; 72 73 struct policydb_compat_info { 74 int version; 75 int sym_num; 76 int ocon_num; 77 }; 78 79 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 80 static struct policydb_compat_info policydb_compat[] = { 81 { 82 .version = POLICYDB_VERSION_BASE, 83 .sym_num = SYM_NUM - 3, 84 .ocon_num = OCON_NUM - 3, 85 }, 86 { 87 .version = POLICYDB_VERSION_BOOL, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM - 3, 90 }, 91 { 92 .version = POLICYDB_VERSION_IPV6, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM - 2, 95 }, 96 { 97 .version = POLICYDB_VERSION_NLCLASS, 98 .sym_num = SYM_NUM - 2, 99 .ocon_num = OCON_NUM - 2, 100 }, 101 { 102 .version = POLICYDB_VERSION_MLS, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM - 2, 105 }, 106 { 107 .version = POLICYDB_VERSION_AVTAB, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM - 2, 110 }, 111 { 112 .version = POLICYDB_VERSION_RANGETRANS, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM - 2, 115 }, 116 { 117 .version = POLICYDB_VERSION_POLCAP, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM - 2, 120 }, 121 { 122 .version = POLICYDB_VERSION_PERMISSIVE, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM - 2, 125 }, 126 { 127 .version = POLICYDB_VERSION_BOUNDARY, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM - 2, 130 }, 131 { 132 .version = POLICYDB_VERSION_FILENAME_TRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM - 2, 135 }, 136 { 137 .version = POLICYDB_VERSION_ROLETRANS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM - 2, 140 }, 141 { 142 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM - 2, 145 }, 146 { 147 .version = POLICYDB_VERSION_DEFAULT_TYPE, 148 .sym_num = SYM_NUM, 149 .ocon_num = OCON_NUM - 2, 150 }, 151 { 152 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 153 .sym_num = SYM_NUM, 154 .ocon_num = OCON_NUM - 2, 155 }, 156 { 157 .version = POLICYDB_VERSION_XPERMS_IOCTL, 158 .sym_num = SYM_NUM, 159 .ocon_num = OCON_NUM - 2, 160 }, 161 { 162 .version = POLICYDB_VERSION_INFINIBAND, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NUM, 165 }, 166 }; 167 168 static struct policydb_compat_info *policydb_lookup_compat(int version) 169 { 170 int i; 171 struct policydb_compat_info *info = NULL; 172 173 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 174 if (policydb_compat[i].version == version) { 175 info = &policydb_compat[i]; 176 break; 177 } 178 } 179 return info; 180 } 181 182 /* 183 * Initialize the role table. 184 */ 185 static int roles_init(struct policydb *p) 186 { 187 char *key = NULL; 188 int rc; 189 struct role_datum *role; 190 191 role = kzalloc(sizeof(*role), GFP_KERNEL); 192 if (!role) 193 return -ENOMEM; 194 195 rc = -EINVAL; 196 role->value = ++p->p_roles.nprim; 197 if (role->value != OBJECT_R_VAL) 198 goto out; 199 200 rc = -ENOMEM; 201 key = kstrdup(OBJECT_R, GFP_KERNEL); 202 if (!key) 203 goto out; 204 205 rc = hashtab_insert(p->p_roles.table, key, role); 206 if (rc) 207 goto out; 208 209 return 0; 210 out: 211 kfree(key); 212 kfree(role); 213 return rc; 214 } 215 216 static u32 filenametr_hash(struct hashtab *h, const void *k) 217 { 218 const struct filename_trans *ft = k; 219 unsigned long hash; 220 unsigned int byte_num; 221 unsigned char focus; 222 223 hash = ft->stype ^ ft->ttype ^ ft->tclass; 224 225 byte_num = 0; 226 while ((focus = ft->name[byte_num++])) 227 hash = partial_name_hash(focus, hash); 228 return hash & (h->size - 1); 229 } 230 231 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 232 { 233 const struct filename_trans *ft1 = k1; 234 const struct filename_trans *ft2 = k2; 235 int v; 236 237 v = ft1->stype - ft2->stype; 238 if (v) 239 return v; 240 241 v = ft1->ttype - ft2->ttype; 242 if (v) 243 return v; 244 245 v = ft1->tclass - ft2->tclass; 246 if (v) 247 return v; 248 249 return strcmp(ft1->name, ft2->name); 250 251 } 252 253 static u32 rangetr_hash(struct hashtab *h, const void *k) 254 { 255 const struct range_trans *key = k; 256 return (key->source_type + (key->target_type << 3) + 257 (key->target_class << 5)) & (h->size - 1); 258 } 259 260 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 261 { 262 const struct range_trans *key1 = k1, *key2 = k2; 263 int v; 264 265 v = key1->source_type - key2->source_type; 266 if (v) 267 return v; 268 269 v = key1->target_type - key2->target_type; 270 if (v) 271 return v; 272 273 v = key1->target_class - key2->target_class; 274 275 return v; 276 } 277 278 /* 279 * Initialize a policy database structure. 280 */ 281 static int policydb_init(struct policydb *p) 282 { 283 int i, rc; 284 285 memset(p, 0, sizeof(*p)); 286 287 for (i = 0; i < SYM_NUM; i++) { 288 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 289 if (rc) 290 goto out; 291 } 292 293 rc = avtab_init(&p->te_avtab); 294 if (rc) 295 goto out; 296 297 rc = roles_init(p); 298 if (rc) 299 goto out; 300 301 rc = cond_policydb_init(p); 302 if (rc) 303 goto out; 304 305 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 306 if (!p->filename_trans) { 307 rc = -ENOMEM; 308 goto out; 309 } 310 311 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 312 if (!p->range_tr) { 313 rc = -ENOMEM; 314 goto out; 315 } 316 317 ebitmap_init(&p->filename_trans_ttypes); 318 ebitmap_init(&p->policycaps); 319 ebitmap_init(&p->permissive_map); 320 321 return 0; 322 out: 323 hashtab_destroy(p->filename_trans); 324 hashtab_destroy(p->range_tr); 325 for (i = 0; i < SYM_NUM; i++) 326 hashtab_destroy(p->symtab[i].table); 327 return rc; 328 } 329 330 /* 331 * The following *_index functions are used to 332 * define the val_to_name and val_to_struct arrays 333 * in a policy database structure. The val_to_name 334 * arrays are used when converting security context 335 * structures into string representations. The 336 * val_to_struct arrays are used when the attributes 337 * of a class, role, or user are needed. 338 */ 339 340 static int common_index(void *key, void *datum, void *datap) 341 { 342 struct policydb *p; 343 struct common_datum *comdatum; 344 struct flex_array *fa; 345 346 comdatum = datum; 347 p = datap; 348 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 349 return -EINVAL; 350 351 fa = p->sym_val_to_name[SYM_COMMONS]; 352 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 353 GFP_KERNEL | __GFP_ZERO)) 354 BUG(); 355 return 0; 356 } 357 358 static int class_index(void *key, void *datum, void *datap) 359 { 360 struct policydb *p; 361 struct class_datum *cladatum; 362 struct flex_array *fa; 363 364 cladatum = datum; 365 p = datap; 366 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 367 return -EINVAL; 368 fa = p->sym_val_to_name[SYM_CLASSES]; 369 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 370 GFP_KERNEL | __GFP_ZERO)) 371 BUG(); 372 p->class_val_to_struct[cladatum->value - 1] = cladatum; 373 return 0; 374 } 375 376 static int role_index(void *key, void *datum, void *datap) 377 { 378 struct policydb *p; 379 struct role_datum *role; 380 struct flex_array *fa; 381 382 role = datum; 383 p = datap; 384 if (!role->value 385 || role->value > p->p_roles.nprim 386 || role->bounds > p->p_roles.nprim) 387 return -EINVAL; 388 389 fa = p->sym_val_to_name[SYM_ROLES]; 390 if (flex_array_put_ptr(fa, role->value - 1, key, 391 GFP_KERNEL | __GFP_ZERO)) 392 BUG(); 393 p->role_val_to_struct[role->value - 1] = role; 394 return 0; 395 } 396 397 static int type_index(void *key, void *datum, void *datap) 398 { 399 struct policydb *p; 400 struct type_datum *typdatum; 401 struct flex_array *fa; 402 403 typdatum = datum; 404 p = datap; 405 406 if (typdatum->primary) { 407 if (!typdatum->value 408 || typdatum->value > p->p_types.nprim 409 || typdatum->bounds > p->p_types.nprim) 410 return -EINVAL; 411 fa = p->sym_val_to_name[SYM_TYPES]; 412 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 413 GFP_KERNEL | __GFP_ZERO)) 414 BUG(); 415 416 fa = p->type_val_to_struct_array; 417 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 418 GFP_KERNEL | __GFP_ZERO)) 419 BUG(); 420 } 421 422 return 0; 423 } 424 425 static int user_index(void *key, void *datum, void *datap) 426 { 427 struct policydb *p; 428 struct user_datum *usrdatum; 429 struct flex_array *fa; 430 431 usrdatum = datum; 432 p = datap; 433 if (!usrdatum->value 434 || usrdatum->value > p->p_users.nprim 435 || usrdatum->bounds > p->p_users.nprim) 436 return -EINVAL; 437 438 fa = p->sym_val_to_name[SYM_USERS]; 439 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 440 GFP_KERNEL | __GFP_ZERO)) 441 BUG(); 442 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 443 return 0; 444 } 445 446 static int sens_index(void *key, void *datum, void *datap) 447 { 448 struct policydb *p; 449 struct level_datum *levdatum; 450 struct flex_array *fa; 451 452 levdatum = datum; 453 p = datap; 454 455 if (!levdatum->isalias) { 456 if (!levdatum->level->sens || 457 levdatum->level->sens > p->p_levels.nprim) 458 return -EINVAL; 459 fa = p->sym_val_to_name[SYM_LEVELS]; 460 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 461 GFP_KERNEL | __GFP_ZERO)) 462 BUG(); 463 } 464 465 return 0; 466 } 467 468 static int cat_index(void *key, void *datum, void *datap) 469 { 470 struct policydb *p; 471 struct cat_datum *catdatum; 472 struct flex_array *fa; 473 474 catdatum = datum; 475 p = datap; 476 477 if (!catdatum->isalias) { 478 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 479 return -EINVAL; 480 fa = p->sym_val_to_name[SYM_CATS]; 481 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 482 GFP_KERNEL | __GFP_ZERO)) 483 BUG(); 484 } 485 486 return 0; 487 } 488 489 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 490 { 491 common_index, 492 class_index, 493 role_index, 494 type_index, 495 user_index, 496 cond_index_bool, 497 sens_index, 498 cat_index, 499 }; 500 501 #ifdef DEBUG_HASHES 502 static void hash_eval(struct hashtab *h, const char *hash_name) 503 { 504 struct hashtab_info info; 505 506 hashtab_stat(h, &info); 507 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, " 508 "longest chain length %d\n", hash_name, h->nel, 509 info.slots_used, h->size, info.max_chain_len); 510 } 511 512 static void symtab_hash_eval(struct symtab *s) 513 { 514 int i; 515 516 for (i = 0; i < SYM_NUM; i++) 517 hash_eval(s[i].table, symtab_name[i]); 518 } 519 520 #else 521 static inline void hash_eval(struct hashtab *h, char *hash_name) 522 { 523 } 524 #endif 525 526 /* 527 * Define the other val_to_name and val_to_struct arrays 528 * in a policy database structure. 529 * 530 * Caller must clean up on failure. 531 */ 532 static int policydb_index(struct policydb *p) 533 { 534 int i, rc; 535 536 if (p->mls_enabled) 537 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 538 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 539 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 540 else 541 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 542 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 543 p->p_bools.nprim); 544 545 pr_debug("SELinux: %d classes, %d rules\n", 546 p->p_classes.nprim, p->te_avtab.nel); 547 548 #ifdef DEBUG_HASHES 549 avtab_hash_eval(&p->te_avtab, "rules"); 550 symtab_hash_eval(p->symtab); 551 #endif 552 553 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 554 sizeof(*p->class_val_to_struct), 555 GFP_KERNEL); 556 if (!p->class_val_to_struct) 557 return -ENOMEM; 558 559 p->role_val_to_struct = kcalloc(p->p_roles.nprim, 560 sizeof(*p->role_val_to_struct), 561 GFP_KERNEL); 562 if (!p->role_val_to_struct) 563 return -ENOMEM; 564 565 p->user_val_to_struct = kcalloc(p->p_users.nprim, 566 sizeof(*p->user_val_to_struct), 567 GFP_KERNEL); 568 if (!p->user_val_to_struct) 569 return -ENOMEM; 570 571 /* Yes, I want the sizeof the pointer, not the structure */ 572 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 573 p->p_types.nprim, 574 GFP_KERNEL | __GFP_ZERO); 575 if (!p->type_val_to_struct_array) 576 return -ENOMEM; 577 578 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 579 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 580 if (rc) 581 goto out; 582 583 rc = cond_init_bool_indexes(p); 584 if (rc) 585 goto out; 586 587 for (i = 0; i < SYM_NUM; i++) { 588 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 589 p->symtab[i].nprim, 590 GFP_KERNEL | __GFP_ZERO); 591 if (!p->sym_val_to_name[i]) 592 return -ENOMEM; 593 594 rc = flex_array_prealloc(p->sym_val_to_name[i], 595 0, p->symtab[i].nprim, 596 GFP_KERNEL | __GFP_ZERO); 597 if (rc) 598 goto out; 599 600 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 601 if (rc) 602 goto out; 603 } 604 rc = 0; 605 out: 606 return rc; 607 } 608 609 /* 610 * The following *_destroy functions are used to 611 * free any memory allocated for each kind of 612 * symbol data in the policy database. 613 */ 614 615 static int perm_destroy(void *key, void *datum, void *p) 616 { 617 kfree(key); 618 kfree(datum); 619 return 0; 620 } 621 622 static int common_destroy(void *key, void *datum, void *p) 623 { 624 struct common_datum *comdatum; 625 626 kfree(key); 627 if (datum) { 628 comdatum = datum; 629 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 630 hashtab_destroy(comdatum->permissions.table); 631 } 632 kfree(datum); 633 return 0; 634 } 635 636 static void constraint_expr_destroy(struct constraint_expr *expr) 637 { 638 if (expr) { 639 ebitmap_destroy(&expr->names); 640 if (expr->type_names) { 641 ebitmap_destroy(&expr->type_names->types); 642 ebitmap_destroy(&expr->type_names->negset); 643 kfree(expr->type_names); 644 } 645 kfree(expr); 646 } 647 } 648 649 static int cls_destroy(void *key, void *datum, void *p) 650 { 651 struct class_datum *cladatum; 652 struct constraint_node *constraint, *ctemp; 653 struct constraint_expr *e, *etmp; 654 655 kfree(key); 656 if (datum) { 657 cladatum = datum; 658 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 659 hashtab_destroy(cladatum->permissions.table); 660 constraint = cladatum->constraints; 661 while (constraint) { 662 e = constraint->expr; 663 while (e) { 664 etmp = e; 665 e = e->next; 666 constraint_expr_destroy(etmp); 667 } 668 ctemp = constraint; 669 constraint = constraint->next; 670 kfree(ctemp); 671 } 672 673 constraint = cladatum->validatetrans; 674 while (constraint) { 675 e = constraint->expr; 676 while (e) { 677 etmp = e; 678 e = e->next; 679 constraint_expr_destroy(etmp); 680 } 681 ctemp = constraint; 682 constraint = constraint->next; 683 kfree(ctemp); 684 } 685 kfree(cladatum->comkey); 686 } 687 kfree(datum); 688 return 0; 689 } 690 691 static int role_destroy(void *key, void *datum, void *p) 692 { 693 struct role_datum *role; 694 695 kfree(key); 696 if (datum) { 697 role = datum; 698 ebitmap_destroy(&role->dominates); 699 ebitmap_destroy(&role->types); 700 } 701 kfree(datum); 702 return 0; 703 } 704 705 static int type_destroy(void *key, void *datum, void *p) 706 { 707 kfree(key); 708 kfree(datum); 709 return 0; 710 } 711 712 static int user_destroy(void *key, void *datum, void *p) 713 { 714 struct user_datum *usrdatum; 715 716 kfree(key); 717 if (datum) { 718 usrdatum = datum; 719 ebitmap_destroy(&usrdatum->roles); 720 ebitmap_destroy(&usrdatum->range.level[0].cat); 721 ebitmap_destroy(&usrdatum->range.level[1].cat); 722 ebitmap_destroy(&usrdatum->dfltlevel.cat); 723 } 724 kfree(datum); 725 return 0; 726 } 727 728 static int sens_destroy(void *key, void *datum, void *p) 729 { 730 struct level_datum *levdatum; 731 732 kfree(key); 733 if (datum) { 734 levdatum = datum; 735 ebitmap_destroy(&levdatum->level->cat); 736 kfree(levdatum->level); 737 } 738 kfree(datum); 739 return 0; 740 } 741 742 static int cat_destroy(void *key, void *datum, void *p) 743 { 744 kfree(key); 745 kfree(datum); 746 return 0; 747 } 748 749 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 750 { 751 common_destroy, 752 cls_destroy, 753 role_destroy, 754 type_destroy, 755 user_destroy, 756 cond_destroy_bool, 757 sens_destroy, 758 cat_destroy, 759 }; 760 761 static int filenametr_destroy(void *key, void *datum, void *p) 762 { 763 struct filename_trans *ft = key; 764 kfree(ft->name); 765 kfree(key); 766 kfree(datum); 767 cond_resched(); 768 return 0; 769 } 770 771 static int range_tr_destroy(void *key, void *datum, void *p) 772 { 773 struct mls_range *rt = datum; 774 kfree(key); 775 ebitmap_destroy(&rt->level[0].cat); 776 ebitmap_destroy(&rt->level[1].cat); 777 kfree(datum); 778 cond_resched(); 779 return 0; 780 } 781 782 static void ocontext_destroy(struct ocontext *c, int i) 783 { 784 if (!c) 785 return; 786 787 context_destroy(&c->context[0]); 788 context_destroy(&c->context[1]); 789 if (i == OCON_ISID || i == OCON_FS || 790 i == OCON_NETIF || i == OCON_FSUSE) 791 kfree(c->u.name); 792 kfree(c); 793 } 794 795 /* 796 * Free any memory allocated by a policy database structure. 797 */ 798 void policydb_destroy(struct policydb *p) 799 { 800 struct ocontext *c, *ctmp; 801 struct genfs *g, *gtmp; 802 int i; 803 struct role_allow *ra, *lra = NULL; 804 struct role_trans *tr, *ltr = NULL; 805 806 for (i = 0; i < SYM_NUM; i++) { 807 cond_resched(); 808 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 809 hashtab_destroy(p->symtab[i].table); 810 } 811 812 for (i = 0; i < SYM_NUM; i++) { 813 if (p->sym_val_to_name[i]) 814 flex_array_free(p->sym_val_to_name[i]); 815 } 816 817 kfree(p->class_val_to_struct); 818 kfree(p->role_val_to_struct); 819 kfree(p->user_val_to_struct); 820 if (p->type_val_to_struct_array) 821 flex_array_free(p->type_val_to_struct_array); 822 823 avtab_destroy(&p->te_avtab); 824 825 for (i = 0; i < OCON_NUM; i++) { 826 cond_resched(); 827 c = p->ocontexts[i]; 828 while (c) { 829 ctmp = c; 830 c = c->next; 831 ocontext_destroy(ctmp, i); 832 } 833 p->ocontexts[i] = NULL; 834 } 835 836 g = p->genfs; 837 while (g) { 838 cond_resched(); 839 kfree(g->fstype); 840 c = g->head; 841 while (c) { 842 ctmp = c; 843 c = c->next; 844 ocontext_destroy(ctmp, OCON_FSUSE); 845 } 846 gtmp = g; 847 g = g->next; 848 kfree(gtmp); 849 } 850 p->genfs = NULL; 851 852 cond_policydb_destroy(p); 853 854 for (tr = p->role_tr; tr; tr = tr->next) { 855 cond_resched(); 856 kfree(ltr); 857 ltr = tr; 858 } 859 kfree(ltr); 860 861 for (ra = p->role_allow; ra; ra = ra->next) { 862 cond_resched(); 863 kfree(lra); 864 lra = ra; 865 } 866 kfree(lra); 867 868 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 869 hashtab_destroy(p->filename_trans); 870 871 hashtab_map(p->range_tr, range_tr_destroy, NULL); 872 hashtab_destroy(p->range_tr); 873 874 if (p->type_attr_map_array) { 875 for (i = 0; i < p->p_types.nprim; i++) { 876 struct ebitmap *e; 877 878 e = flex_array_get(p->type_attr_map_array, i); 879 if (!e) 880 continue; 881 ebitmap_destroy(e); 882 } 883 flex_array_free(p->type_attr_map_array); 884 } 885 886 ebitmap_destroy(&p->filename_trans_ttypes); 887 ebitmap_destroy(&p->policycaps); 888 ebitmap_destroy(&p->permissive_map); 889 } 890 891 /* 892 * Load the initial SIDs specified in a policy database 893 * structure into a SID table. 894 */ 895 int policydb_load_isids(struct policydb *p, struct sidtab *s) 896 { 897 struct ocontext *head, *c; 898 int rc; 899 900 rc = sidtab_init(s); 901 if (rc) { 902 pr_err("SELinux: out of memory on SID table init\n"); 903 goto out; 904 } 905 906 head = p->ocontexts[OCON_ISID]; 907 for (c = head; c; c = c->next) { 908 rc = -EINVAL; 909 if (!c->context[0].user) { 910 pr_err("SELinux: SID %s was never defined.\n", 911 c->u.name); 912 goto out; 913 } 914 915 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 916 if (rc) { 917 pr_err("SELinux: unable to load initial SID %s.\n", 918 c->u.name); 919 goto out; 920 } 921 } 922 rc = 0; 923 out: 924 return rc; 925 } 926 927 int policydb_class_isvalid(struct policydb *p, unsigned int class) 928 { 929 if (!class || class > p->p_classes.nprim) 930 return 0; 931 return 1; 932 } 933 934 int policydb_role_isvalid(struct policydb *p, unsigned int role) 935 { 936 if (!role || role > p->p_roles.nprim) 937 return 0; 938 return 1; 939 } 940 941 int policydb_type_isvalid(struct policydb *p, unsigned int type) 942 { 943 if (!type || type > p->p_types.nprim) 944 return 0; 945 return 1; 946 } 947 948 /* 949 * Return 1 if the fields in the security context 950 * structure `c' are valid. Return 0 otherwise. 951 */ 952 int policydb_context_isvalid(struct policydb *p, struct context *c) 953 { 954 struct role_datum *role; 955 struct user_datum *usrdatum; 956 957 if (!c->role || c->role > p->p_roles.nprim) 958 return 0; 959 960 if (!c->user || c->user > p->p_users.nprim) 961 return 0; 962 963 if (!c->type || c->type > p->p_types.nprim) 964 return 0; 965 966 if (c->role != OBJECT_R_VAL) { 967 /* 968 * Role must be authorized for the type. 969 */ 970 role = p->role_val_to_struct[c->role - 1]; 971 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 972 /* role may not be associated with type */ 973 return 0; 974 975 /* 976 * User must be authorized for the role. 977 */ 978 usrdatum = p->user_val_to_struct[c->user - 1]; 979 if (!usrdatum) 980 return 0; 981 982 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 983 /* user may not be associated with role */ 984 return 0; 985 } 986 987 if (!mls_context_isvalid(p, c)) 988 return 0; 989 990 return 1; 991 } 992 993 /* 994 * Read a MLS range structure from a policydb binary 995 * representation file. 996 */ 997 static int mls_read_range_helper(struct mls_range *r, void *fp) 998 { 999 __le32 buf[2]; 1000 u32 items; 1001 int rc; 1002 1003 rc = next_entry(buf, fp, sizeof(u32)); 1004 if (rc) 1005 goto out; 1006 1007 rc = -EINVAL; 1008 items = le32_to_cpu(buf[0]); 1009 if (items > ARRAY_SIZE(buf)) { 1010 pr_err("SELinux: mls: range overflow\n"); 1011 goto out; 1012 } 1013 1014 rc = next_entry(buf, fp, sizeof(u32) * items); 1015 if (rc) { 1016 pr_err("SELinux: mls: truncated range\n"); 1017 goto out; 1018 } 1019 1020 r->level[0].sens = le32_to_cpu(buf[0]); 1021 if (items > 1) 1022 r->level[1].sens = le32_to_cpu(buf[1]); 1023 else 1024 r->level[1].sens = r->level[0].sens; 1025 1026 rc = ebitmap_read(&r->level[0].cat, fp); 1027 if (rc) { 1028 pr_err("SELinux: mls: error reading low categories\n"); 1029 goto out; 1030 } 1031 if (items > 1) { 1032 rc = ebitmap_read(&r->level[1].cat, fp); 1033 if (rc) { 1034 pr_err("SELinux: mls: error reading high categories\n"); 1035 goto bad_high; 1036 } 1037 } else { 1038 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1039 if (rc) { 1040 pr_err("SELinux: mls: out of memory\n"); 1041 goto bad_high; 1042 } 1043 } 1044 1045 return 0; 1046 bad_high: 1047 ebitmap_destroy(&r->level[0].cat); 1048 out: 1049 return rc; 1050 } 1051 1052 /* 1053 * Read and validate a security context structure 1054 * from a policydb binary representation file. 1055 */ 1056 static int context_read_and_validate(struct context *c, 1057 struct policydb *p, 1058 void *fp) 1059 { 1060 __le32 buf[3]; 1061 int rc; 1062 1063 rc = next_entry(buf, fp, sizeof buf); 1064 if (rc) { 1065 pr_err("SELinux: context truncated\n"); 1066 goto out; 1067 } 1068 c->user = le32_to_cpu(buf[0]); 1069 c->role = le32_to_cpu(buf[1]); 1070 c->type = le32_to_cpu(buf[2]); 1071 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1072 rc = mls_read_range_helper(&c->range, fp); 1073 if (rc) { 1074 pr_err("SELinux: error reading MLS range of context\n"); 1075 goto out; 1076 } 1077 } 1078 1079 rc = -EINVAL; 1080 if (!policydb_context_isvalid(p, c)) { 1081 pr_err("SELinux: invalid security context\n"); 1082 context_destroy(c); 1083 goto out; 1084 } 1085 rc = 0; 1086 out: 1087 return rc; 1088 } 1089 1090 /* 1091 * The following *_read functions are used to 1092 * read the symbol data from a policy database 1093 * binary representation file. 1094 */ 1095 1096 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1097 { 1098 int rc; 1099 char *str; 1100 1101 if ((len == 0) || (len == (u32)-1)) 1102 return -EINVAL; 1103 1104 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1105 if (!str) 1106 return -ENOMEM; 1107 1108 /* it's expected the caller should free the str */ 1109 *strp = str; 1110 1111 rc = next_entry(str, fp, len); 1112 if (rc) 1113 return rc; 1114 1115 str[len] = '\0'; 1116 return 0; 1117 } 1118 1119 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1120 { 1121 char *key = NULL; 1122 struct perm_datum *perdatum; 1123 int rc; 1124 __le32 buf[2]; 1125 u32 len; 1126 1127 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1128 if (!perdatum) 1129 return -ENOMEM; 1130 1131 rc = next_entry(buf, fp, sizeof buf); 1132 if (rc) 1133 goto bad; 1134 1135 len = le32_to_cpu(buf[0]); 1136 perdatum->value = le32_to_cpu(buf[1]); 1137 1138 rc = str_read(&key, GFP_KERNEL, fp, len); 1139 if (rc) 1140 goto bad; 1141 1142 rc = hashtab_insert(h, key, perdatum); 1143 if (rc) 1144 goto bad; 1145 1146 return 0; 1147 bad: 1148 perm_destroy(key, perdatum, NULL); 1149 return rc; 1150 } 1151 1152 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1153 { 1154 char *key = NULL; 1155 struct common_datum *comdatum; 1156 __le32 buf[4]; 1157 u32 len, nel; 1158 int i, rc; 1159 1160 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1161 if (!comdatum) 1162 return -ENOMEM; 1163 1164 rc = next_entry(buf, fp, sizeof buf); 1165 if (rc) 1166 goto bad; 1167 1168 len = le32_to_cpu(buf[0]); 1169 comdatum->value = le32_to_cpu(buf[1]); 1170 1171 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1172 if (rc) 1173 goto bad; 1174 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1175 nel = le32_to_cpu(buf[3]); 1176 1177 rc = str_read(&key, GFP_KERNEL, fp, len); 1178 if (rc) 1179 goto bad; 1180 1181 for (i = 0; i < nel; i++) { 1182 rc = perm_read(p, comdatum->permissions.table, fp); 1183 if (rc) 1184 goto bad; 1185 } 1186 1187 rc = hashtab_insert(h, key, comdatum); 1188 if (rc) 1189 goto bad; 1190 return 0; 1191 bad: 1192 common_destroy(key, comdatum, NULL); 1193 return rc; 1194 } 1195 1196 static void type_set_init(struct type_set *t) 1197 { 1198 ebitmap_init(&t->types); 1199 ebitmap_init(&t->negset); 1200 } 1201 1202 static int type_set_read(struct type_set *t, void *fp) 1203 { 1204 __le32 buf[1]; 1205 int rc; 1206 1207 if (ebitmap_read(&t->types, fp)) 1208 return -EINVAL; 1209 if (ebitmap_read(&t->negset, fp)) 1210 return -EINVAL; 1211 1212 rc = next_entry(buf, fp, sizeof(u32)); 1213 if (rc < 0) 1214 return -EINVAL; 1215 t->flags = le32_to_cpu(buf[0]); 1216 1217 return 0; 1218 } 1219 1220 1221 static int read_cons_helper(struct policydb *p, 1222 struct constraint_node **nodep, 1223 int ncons, int allowxtarget, void *fp) 1224 { 1225 struct constraint_node *c, *lc; 1226 struct constraint_expr *e, *le; 1227 __le32 buf[3]; 1228 u32 nexpr; 1229 int rc, i, j, depth; 1230 1231 lc = NULL; 1232 for (i = 0; i < ncons; i++) { 1233 c = kzalloc(sizeof(*c), GFP_KERNEL); 1234 if (!c) 1235 return -ENOMEM; 1236 1237 if (lc) 1238 lc->next = c; 1239 else 1240 *nodep = c; 1241 1242 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1243 if (rc) 1244 return rc; 1245 c->permissions = le32_to_cpu(buf[0]); 1246 nexpr = le32_to_cpu(buf[1]); 1247 le = NULL; 1248 depth = -1; 1249 for (j = 0; j < nexpr; j++) { 1250 e = kzalloc(sizeof(*e), GFP_KERNEL); 1251 if (!e) 1252 return -ENOMEM; 1253 1254 if (le) 1255 le->next = e; 1256 else 1257 c->expr = e; 1258 1259 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1260 if (rc) 1261 return rc; 1262 e->expr_type = le32_to_cpu(buf[0]); 1263 e->attr = le32_to_cpu(buf[1]); 1264 e->op = le32_to_cpu(buf[2]); 1265 1266 switch (e->expr_type) { 1267 case CEXPR_NOT: 1268 if (depth < 0) 1269 return -EINVAL; 1270 break; 1271 case CEXPR_AND: 1272 case CEXPR_OR: 1273 if (depth < 1) 1274 return -EINVAL; 1275 depth--; 1276 break; 1277 case CEXPR_ATTR: 1278 if (depth == (CEXPR_MAXDEPTH - 1)) 1279 return -EINVAL; 1280 depth++; 1281 break; 1282 case CEXPR_NAMES: 1283 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1284 return -EINVAL; 1285 if (depth == (CEXPR_MAXDEPTH - 1)) 1286 return -EINVAL; 1287 depth++; 1288 rc = ebitmap_read(&e->names, fp); 1289 if (rc) 1290 return rc; 1291 if (p->policyvers >= 1292 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1293 e->type_names = kzalloc(sizeof 1294 (*e->type_names), 1295 GFP_KERNEL); 1296 if (!e->type_names) 1297 return -ENOMEM; 1298 type_set_init(e->type_names); 1299 rc = type_set_read(e->type_names, fp); 1300 if (rc) 1301 return rc; 1302 } 1303 break; 1304 default: 1305 return -EINVAL; 1306 } 1307 le = e; 1308 } 1309 if (depth != 0) 1310 return -EINVAL; 1311 lc = c; 1312 } 1313 1314 return 0; 1315 } 1316 1317 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1318 { 1319 char *key = NULL; 1320 struct class_datum *cladatum; 1321 __le32 buf[6]; 1322 u32 len, len2, ncons, nel; 1323 int i, rc; 1324 1325 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1326 if (!cladatum) 1327 return -ENOMEM; 1328 1329 rc = next_entry(buf, fp, sizeof(u32)*6); 1330 if (rc) 1331 goto bad; 1332 1333 len = le32_to_cpu(buf[0]); 1334 len2 = le32_to_cpu(buf[1]); 1335 cladatum->value = le32_to_cpu(buf[2]); 1336 1337 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1338 if (rc) 1339 goto bad; 1340 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1341 nel = le32_to_cpu(buf[4]); 1342 1343 ncons = le32_to_cpu(buf[5]); 1344 1345 rc = str_read(&key, GFP_KERNEL, fp, len); 1346 if (rc) 1347 goto bad; 1348 1349 if (len2) { 1350 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1351 if (rc) 1352 goto bad; 1353 1354 rc = -EINVAL; 1355 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1356 if (!cladatum->comdatum) { 1357 pr_err("SELinux: unknown common %s\n", 1358 cladatum->comkey); 1359 goto bad; 1360 } 1361 } 1362 for (i = 0; i < nel; i++) { 1363 rc = perm_read(p, cladatum->permissions.table, fp); 1364 if (rc) 1365 goto bad; 1366 } 1367 1368 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1369 if (rc) 1370 goto bad; 1371 1372 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1373 /* grab the validatetrans rules */ 1374 rc = next_entry(buf, fp, sizeof(u32)); 1375 if (rc) 1376 goto bad; 1377 ncons = le32_to_cpu(buf[0]); 1378 rc = read_cons_helper(p, &cladatum->validatetrans, 1379 ncons, 1, fp); 1380 if (rc) 1381 goto bad; 1382 } 1383 1384 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1385 rc = next_entry(buf, fp, sizeof(u32) * 3); 1386 if (rc) 1387 goto bad; 1388 1389 cladatum->default_user = le32_to_cpu(buf[0]); 1390 cladatum->default_role = le32_to_cpu(buf[1]); 1391 cladatum->default_range = le32_to_cpu(buf[2]); 1392 } 1393 1394 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1395 rc = next_entry(buf, fp, sizeof(u32) * 1); 1396 if (rc) 1397 goto bad; 1398 cladatum->default_type = le32_to_cpu(buf[0]); 1399 } 1400 1401 rc = hashtab_insert(h, key, cladatum); 1402 if (rc) 1403 goto bad; 1404 1405 return 0; 1406 bad: 1407 cls_destroy(key, cladatum, NULL); 1408 return rc; 1409 } 1410 1411 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1412 { 1413 char *key = NULL; 1414 struct role_datum *role; 1415 int rc, to_read = 2; 1416 __le32 buf[3]; 1417 u32 len; 1418 1419 role = kzalloc(sizeof(*role), GFP_KERNEL); 1420 if (!role) 1421 return -ENOMEM; 1422 1423 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1424 to_read = 3; 1425 1426 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1427 if (rc) 1428 goto bad; 1429 1430 len = le32_to_cpu(buf[0]); 1431 role->value = le32_to_cpu(buf[1]); 1432 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1433 role->bounds = le32_to_cpu(buf[2]); 1434 1435 rc = str_read(&key, GFP_KERNEL, fp, len); 1436 if (rc) 1437 goto bad; 1438 1439 rc = ebitmap_read(&role->dominates, fp); 1440 if (rc) 1441 goto bad; 1442 1443 rc = ebitmap_read(&role->types, fp); 1444 if (rc) 1445 goto bad; 1446 1447 if (strcmp(key, OBJECT_R) == 0) { 1448 rc = -EINVAL; 1449 if (role->value != OBJECT_R_VAL) { 1450 pr_err("SELinux: Role %s has wrong value %d\n", 1451 OBJECT_R, role->value); 1452 goto bad; 1453 } 1454 rc = 0; 1455 goto bad; 1456 } 1457 1458 rc = hashtab_insert(h, key, role); 1459 if (rc) 1460 goto bad; 1461 return 0; 1462 bad: 1463 role_destroy(key, role, NULL); 1464 return rc; 1465 } 1466 1467 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1468 { 1469 char *key = NULL; 1470 struct type_datum *typdatum; 1471 int rc, to_read = 3; 1472 __le32 buf[4]; 1473 u32 len; 1474 1475 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1476 if (!typdatum) 1477 return -ENOMEM; 1478 1479 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1480 to_read = 4; 1481 1482 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1483 if (rc) 1484 goto bad; 1485 1486 len = le32_to_cpu(buf[0]); 1487 typdatum->value = le32_to_cpu(buf[1]); 1488 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1489 u32 prop = le32_to_cpu(buf[2]); 1490 1491 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1492 typdatum->primary = 1; 1493 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1494 typdatum->attribute = 1; 1495 1496 typdatum->bounds = le32_to_cpu(buf[3]); 1497 } else { 1498 typdatum->primary = le32_to_cpu(buf[2]); 1499 } 1500 1501 rc = str_read(&key, GFP_KERNEL, fp, len); 1502 if (rc) 1503 goto bad; 1504 1505 rc = hashtab_insert(h, key, typdatum); 1506 if (rc) 1507 goto bad; 1508 return 0; 1509 bad: 1510 type_destroy(key, typdatum, NULL); 1511 return rc; 1512 } 1513 1514 1515 /* 1516 * Read a MLS level structure from a policydb binary 1517 * representation file. 1518 */ 1519 static int mls_read_level(struct mls_level *lp, void *fp) 1520 { 1521 __le32 buf[1]; 1522 int rc; 1523 1524 memset(lp, 0, sizeof(*lp)); 1525 1526 rc = next_entry(buf, fp, sizeof buf); 1527 if (rc) { 1528 pr_err("SELinux: mls: truncated level\n"); 1529 return rc; 1530 } 1531 lp->sens = le32_to_cpu(buf[0]); 1532 1533 rc = ebitmap_read(&lp->cat, fp); 1534 if (rc) { 1535 pr_err("SELinux: mls: error reading level categories\n"); 1536 return rc; 1537 } 1538 return 0; 1539 } 1540 1541 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1542 { 1543 char *key = NULL; 1544 struct user_datum *usrdatum; 1545 int rc, to_read = 2; 1546 __le32 buf[3]; 1547 u32 len; 1548 1549 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1550 if (!usrdatum) 1551 return -ENOMEM; 1552 1553 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1554 to_read = 3; 1555 1556 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1557 if (rc) 1558 goto bad; 1559 1560 len = le32_to_cpu(buf[0]); 1561 usrdatum->value = le32_to_cpu(buf[1]); 1562 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1563 usrdatum->bounds = le32_to_cpu(buf[2]); 1564 1565 rc = str_read(&key, GFP_KERNEL, fp, len); 1566 if (rc) 1567 goto bad; 1568 1569 rc = ebitmap_read(&usrdatum->roles, fp); 1570 if (rc) 1571 goto bad; 1572 1573 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1574 rc = mls_read_range_helper(&usrdatum->range, fp); 1575 if (rc) 1576 goto bad; 1577 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1578 if (rc) 1579 goto bad; 1580 } 1581 1582 rc = hashtab_insert(h, key, usrdatum); 1583 if (rc) 1584 goto bad; 1585 return 0; 1586 bad: 1587 user_destroy(key, usrdatum, NULL); 1588 return rc; 1589 } 1590 1591 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1592 { 1593 char *key = NULL; 1594 struct level_datum *levdatum; 1595 int rc; 1596 __le32 buf[2]; 1597 u32 len; 1598 1599 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1600 if (!levdatum) 1601 return -ENOMEM; 1602 1603 rc = next_entry(buf, fp, sizeof buf); 1604 if (rc) 1605 goto bad; 1606 1607 len = le32_to_cpu(buf[0]); 1608 levdatum->isalias = le32_to_cpu(buf[1]); 1609 1610 rc = str_read(&key, GFP_ATOMIC, fp, len); 1611 if (rc) 1612 goto bad; 1613 1614 rc = -ENOMEM; 1615 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC); 1616 if (!levdatum->level) 1617 goto bad; 1618 1619 rc = mls_read_level(levdatum->level, fp); 1620 if (rc) 1621 goto bad; 1622 1623 rc = hashtab_insert(h, key, levdatum); 1624 if (rc) 1625 goto bad; 1626 return 0; 1627 bad: 1628 sens_destroy(key, levdatum, NULL); 1629 return rc; 1630 } 1631 1632 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1633 { 1634 char *key = NULL; 1635 struct cat_datum *catdatum; 1636 int rc; 1637 __le32 buf[3]; 1638 u32 len; 1639 1640 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1641 if (!catdatum) 1642 return -ENOMEM; 1643 1644 rc = next_entry(buf, fp, sizeof buf); 1645 if (rc) 1646 goto bad; 1647 1648 len = le32_to_cpu(buf[0]); 1649 catdatum->value = le32_to_cpu(buf[1]); 1650 catdatum->isalias = le32_to_cpu(buf[2]); 1651 1652 rc = str_read(&key, GFP_ATOMIC, fp, len); 1653 if (rc) 1654 goto bad; 1655 1656 rc = hashtab_insert(h, key, catdatum); 1657 if (rc) 1658 goto bad; 1659 return 0; 1660 bad: 1661 cat_destroy(key, catdatum, NULL); 1662 return rc; 1663 } 1664 1665 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1666 { 1667 common_read, 1668 class_read, 1669 role_read, 1670 type_read, 1671 user_read, 1672 cond_read_bool, 1673 sens_read, 1674 cat_read, 1675 }; 1676 1677 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1678 { 1679 struct user_datum *upper, *user; 1680 struct policydb *p = datap; 1681 int depth = 0; 1682 1683 upper = user = datum; 1684 while (upper->bounds) { 1685 struct ebitmap_node *node; 1686 unsigned long bit; 1687 1688 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1689 pr_err("SELinux: user %s: " 1690 "too deep or looped boundary", 1691 (char *) key); 1692 return -EINVAL; 1693 } 1694 1695 upper = p->user_val_to_struct[upper->bounds - 1]; 1696 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1697 if (ebitmap_get_bit(&upper->roles, bit)) 1698 continue; 1699 1700 pr_err("SELinux: boundary violated policy: " 1701 "user=%s role=%s bounds=%s\n", 1702 sym_name(p, SYM_USERS, user->value - 1), 1703 sym_name(p, SYM_ROLES, bit), 1704 sym_name(p, SYM_USERS, upper->value - 1)); 1705 1706 return -EINVAL; 1707 } 1708 } 1709 1710 return 0; 1711 } 1712 1713 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1714 { 1715 struct role_datum *upper, *role; 1716 struct policydb *p = datap; 1717 int depth = 0; 1718 1719 upper = role = datum; 1720 while (upper->bounds) { 1721 struct ebitmap_node *node; 1722 unsigned long bit; 1723 1724 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1725 pr_err("SELinux: role %s: " 1726 "too deep or looped bounds\n", 1727 (char *) key); 1728 return -EINVAL; 1729 } 1730 1731 upper = p->role_val_to_struct[upper->bounds - 1]; 1732 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1733 if (ebitmap_get_bit(&upper->types, bit)) 1734 continue; 1735 1736 pr_err("SELinux: boundary violated policy: " 1737 "role=%s type=%s bounds=%s\n", 1738 sym_name(p, SYM_ROLES, role->value - 1), 1739 sym_name(p, SYM_TYPES, bit), 1740 sym_name(p, SYM_ROLES, upper->value - 1)); 1741 1742 return -EINVAL; 1743 } 1744 } 1745 1746 return 0; 1747 } 1748 1749 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1750 { 1751 struct type_datum *upper; 1752 struct policydb *p = datap; 1753 int depth = 0; 1754 1755 upper = datum; 1756 while (upper->bounds) { 1757 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1758 pr_err("SELinux: type %s: " 1759 "too deep or looped boundary\n", 1760 (char *) key); 1761 return -EINVAL; 1762 } 1763 1764 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1765 upper->bounds - 1); 1766 BUG_ON(!upper); 1767 1768 if (upper->attribute) { 1769 pr_err("SELinux: type %s: " 1770 "bounded by attribute %s", 1771 (char *) key, 1772 sym_name(p, SYM_TYPES, upper->value - 1)); 1773 return -EINVAL; 1774 } 1775 } 1776 1777 return 0; 1778 } 1779 1780 static int policydb_bounds_sanity_check(struct policydb *p) 1781 { 1782 int rc; 1783 1784 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1785 return 0; 1786 1787 rc = hashtab_map(p->p_users.table, 1788 user_bounds_sanity_check, p); 1789 if (rc) 1790 return rc; 1791 1792 rc = hashtab_map(p->p_roles.table, 1793 role_bounds_sanity_check, p); 1794 if (rc) 1795 return rc; 1796 1797 rc = hashtab_map(p->p_types.table, 1798 type_bounds_sanity_check, p); 1799 if (rc) 1800 return rc; 1801 1802 return 0; 1803 } 1804 1805 u16 string_to_security_class(struct policydb *p, const char *name) 1806 { 1807 struct class_datum *cladatum; 1808 1809 cladatum = hashtab_search(p->p_classes.table, name); 1810 if (!cladatum) 1811 return 0; 1812 1813 return cladatum->value; 1814 } 1815 1816 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1817 { 1818 struct class_datum *cladatum; 1819 struct perm_datum *perdatum = NULL; 1820 struct common_datum *comdatum; 1821 1822 if (!tclass || tclass > p->p_classes.nprim) 1823 return 0; 1824 1825 cladatum = p->class_val_to_struct[tclass-1]; 1826 comdatum = cladatum->comdatum; 1827 if (comdatum) 1828 perdatum = hashtab_search(comdatum->permissions.table, 1829 name); 1830 if (!perdatum) 1831 perdatum = hashtab_search(cladatum->permissions.table, 1832 name); 1833 if (!perdatum) 1834 return 0; 1835 1836 return 1U << (perdatum->value-1); 1837 } 1838 1839 static int range_read(struct policydb *p, void *fp) 1840 { 1841 struct range_trans *rt = NULL; 1842 struct mls_range *r = NULL; 1843 int i, rc; 1844 __le32 buf[2]; 1845 u32 nel; 1846 1847 if (p->policyvers < POLICYDB_VERSION_MLS) 1848 return 0; 1849 1850 rc = next_entry(buf, fp, sizeof(u32)); 1851 if (rc) 1852 return rc; 1853 1854 nel = le32_to_cpu(buf[0]); 1855 for (i = 0; i < nel; i++) { 1856 rc = -ENOMEM; 1857 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1858 if (!rt) 1859 goto out; 1860 1861 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1862 if (rc) 1863 goto out; 1864 1865 rt->source_type = le32_to_cpu(buf[0]); 1866 rt->target_type = le32_to_cpu(buf[1]); 1867 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1868 rc = next_entry(buf, fp, sizeof(u32)); 1869 if (rc) 1870 goto out; 1871 rt->target_class = le32_to_cpu(buf[0]); 1872 } else 1873 rt->target_class = p->process_class; 1874 1875 rc = -EINVAL; 1876 if (!policydb_type_isvalid(p, rt->source_type) || 1877 !policydb_type_isvalid(p, rt->target_type) || 1878 !policydb_class_isvalid(p, rt->target_class)) 1879 goto out; 1880 1881 rc = -ENOMEM; 1882 r = kzalloc(sizeof(*r), GFP_KERNEL); 1883 if (!r) 1884 goto out; 1885 1886 rc = mls_read_range_helper(r, fp); 1887 if (rc) 1888 goto out; 1889 1890 rc = -EINVAL; 1891 if (!mls_range_isvalid(p, r)) { 1892 pr_warn("SELinux: rangetrans: invalid range\n"); 1893 goto out; 1894 } 1895 1896 rc = hashtab_insert(p->range_tr, rt, r); 1897 if (rc) 1898 goto out; 1899 1900 rt = NULL; 1901 r = NULL; 1902 } 1903 hash_eval(p->range_tr, "rangetr"); 1904 rc = 0; 1905 out: 1906 kfree(rt); 1907 kfree(r); 1908 return rc; 1909 } 1910 1911 static int filename_trans_read(struct policydb *p, void *fp) 1912 { 1913 struct filename_trans *ft; 1914 struct filename_trans_datum *otype; 1915 char *name; 1916 u32 nel, len; 1917 __le32 buf[4]; 1918 int rc, i; 1919 1920 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1921 return 0; 1922 1923 rc = next_entry(buf, fp, sizeof(u32)); 1924 if (rc) 1925 return rc; 1926 nel = le32_to_cpu(buf[0]); 1927 1928 for (i = 0; i < nel; i++) { 1929 otype = NULL; 1930 name = NULL; 1931 1932 rc = -ENOMEM; 1933 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1934 if (!ft) 1935 goto out; 1936 1937 rc = -ENOMEM; 1938 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1939 if (!otype) 1940 goto out; 1941 1942 /* length of the path component string */ 1943 rc = next_entry(buf, fp, sizeof(u32)); 1944 if (rc) 1945 goto out; 1946 len = le32_to_cpu(buf[0]); 1947 1948 /* path component string */ 1949 rc = str_read(&name, GFP_KERNEL, fp, len); 1950 if (rc) 1951 goto out; 1952 1953 ft->name = name; 1954 1955 rc = next_entry(buf, fp, sizeof(u32) * 4); 1956 if (rc) 1957 goto out; 1958 1959 ft->stype = le32_to_cpu(buf[0]); 1960 ft->ttype = le32_to_cpu(buf[1]); 1961 ft->tclass = le32_to_cpu(buf[2]); 1962 1963 otype->otype = le32_to_cpu(buf[3]); 1964 1965 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1966 if (rc) 1967 goto out; 1968 1969 rc = hashtab_insert(p->filename_trans, ft, otype); 1970 if (rc) { 1971 /* 1972 * Do not return -EEXIST to the caller, or the system 1973 * will not boot. 1974 */ 1975 if (rc != -EEXIST) 1976 goto out; 1977 /* But free memory to avoid memory leak. */ 1978 kfree(ft); 1979 kfree(name); 1980 kfree(otype); 1981 } 1982 } 1983 hash_eval(p->filename_trans, "filenametr"); 1984 return 0; 1985 out: 1986 kfree(ft); 1987 kfree(name); 1988 kfree(otype); 1989 1990 return rc; 1991 } 1992 1993 static int genfs_read(struct policydb *p, void *fp) 1994 { 1995 int i, j, rc; 1996 u32 nel, nel2, len, len2; 1997 __le32 buf[1]; 1998 struct ocontext *l, *c; 1999 struct ocontext *newc = NULL; 2000 struct genfs *genfs_p, *genfs; 2001 struct genfs *newgenfs = NULL; 2002 2003 rc = next_entry(buf, fp, sizeof(u32)); 2004 if (rc) 2005 return rc; 2006 nel = le32_to_cpu(buf[0]); 2007 2008 for (i = 0; i < nel; i++) { 2009 rc = next_entry(buf, fp, sizeof(u32)); 2010 if (rc) 2011 goto out; 2012 len = le32_to_cpu(buf[0]); 2013 2014 rc = -ENOMEM; 2015 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2016 if (!newgenfs) 2017 goto out; 2018 2019 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2020 if (rc) 2021 goto out; 2022 2023 for (genfs_p = NULL, genfs = p->genfs; genfs; 2024 genfs_p = genfs, genfs = genfs->next) { 2025 rc = -EINVAL; 2026 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2027 pr_err("SELinux: dup genfs fstype %s\n", 2028 newgenfs->fstype); 2029 goto out; 2030 } 2031 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2032 break; 2033 } 2034 newgenfs->next = genfs; 2035 if (genfs_p) 2036 genfs_p->next = newgenfs; 2037 else 2038 p->genfs = newgenfs; 2039 genfs = newgenfs; 2040 newgenfs = NULL; 2041 2042 rc = next_entry(buf, fp, sizeof(u32)); 2043 if (rc) 2044 goto out; 2045 2046 nel2 = le32_to_cpu(buf[0]); 2047 for (j = 0; j < nel2; j++) { 2048 rc = next_entry(buf, fp, sizeof(u32)); 2049 if (rc) 2050 goto out; 2051 len = le32_to_cpu(buf[0]); 2052 2053 rc = -ENOMEM; 2054 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2055 if (!newc) 2056 goto out; 2057 2058 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2059 if (rc) 2060 goto out; 2061 2062 rc = next_entry(buf, fp, sizeof(u32)); 2063 if (rc) 2064 goto out; 2065 2066 newc->v.sclass = le32_to_cpu(buf[0]); 2067 rc = context_read_and_validate(&newc->context[0], p, fp); 2068 if (rc) 2069 goto out; 2070 2071 for (l = NULL, c = genfs->head; c; 2072 l = c, c = c->next) { 2073 rc = -EINVAL; 2074 if (!strcmp(newc->u.name, c->u.name) && 2075 (!c->v.sclass || !newc->v.sclass || 2076 newc->v.sclass == c->v.sclass)) { 2077 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2078 genfs->fstype, c->u.name); 2079 goto out; 2080 } 2081 len = strlen(newc->u.name); 2082 len2 = strlen(c->u.name); 2083 if (len > len2) 2084 break; 2085 } 2086 2087 newc->next = c; 2088 if (l) 2089 l->next = newc; 2090 else 2091 genfs->head = newc; 2092 newc = NULL; 2093 } 2094 } 2095 rc = 0; 2096 out: 2097 if (newgenfs) { 2098 kfree(newgenfs->fstype); 2099 kfree(newgenfs); 2100 } 2101 ocontext_destroy(newc, OCON_FSUSE); 2102 2103 return rc; 2104 } 2105 2106 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2107 void *fp) 2108 { 2109 int i, j, rc; 2110 u32 nel, len; 2111 __be64 prefixbuf[1]; 2112 __le32 buf[3]; 2113 struct ocontext *l, *c; 2114 u32 nodebuf[8]; 2115 2116 for (i = 0; i < info->ocon_num; i++) { 2117 rc = next_entry(buf, fp, sizeof(u32)); 2118 if (rc) 2119 goto out; 2120 nel = le32_to_cpu(buf[0]); 2121 2122 l = NULL; 2123 for (j = 0; j < nel; j++) { 2124 rc = -ENOMEM; 2125 c = kzalloc(sizeof(*c), GFP_KERNEL); 2126 if (!c) 2127 goto out; 2128 if (l) 2129 l->next = c; 2130 else 2131 p->ocontexts[i] = c; 2132 l = c; 2133 2134 switch (i) { 2135 case OCON_ISID: 2136 rc = next_entry(buf, fp, sizeof(u32)); 2137 if (rc) 2138 goto out; 2139 2140 c->sid[0] = le32_to_cpu(buf[0]); 2141 rc = context_read_and_validate(&c->context[0], p, fp); 2142 if (rc) 2143 goto out; 2144 break; 2145 case OCON_FS: 2146 case OCON_NETIF: 2147 rc = next_entry(buf, fp, sizeof(u32)); 2148 if (rc) 2149 goto out; 2150 len = le32_to_cpu(buf[0]); 2151 2152 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2153 if (rc) 2154 goto out; 2155 2156 rc = context_read_and_validate(&c->context[0], p, fp); 2157 if (rc) 2158 goto out; 2159 rc = context_read_and_validate(&c->context[1], p, fp); 2160 if (rc) 2161 goto out; 2162 break; 2163 case OCON_PORT: 2164 rc = next_entry(buf, fp, sizeof(u32)*3); 2165 if (rc) 2166 goto out; 2167 c->u.port.protocol = le32_to_cpu(buf[0]); 2168 c->u.port.low_port = le32_to_cpu(buf[1]); 2169 c->u.port.high_port = le32_to_cpu(buf[2]); 2170 rc = context_read_and_validate(&c->context[0], p, fp); 2171 if (rc) 2172 goto out; 2173 break; 2174 case OCON_NODE: 2175 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2176 if (rc) 2177 goto out; 2178 c->u.node.addr = nodebuf[0]; /* network order */ 2179 c->u.node.mask = nodebuf[1]; /* network order */ 2180 rc = context_read_and_validate(&c->context[0], p, fp); 2181 if (rc) 2182 goto out; 2183 break; 2184 case OCON_FSUSE: 2185 rc = next_entry(buf, fp, sizeof(u32)*2); 2186 if (rc) 2187 goto out; 2188 2189 rc = -EINVAL; 2190 c->v.behavior = le32_to_cpu(buf[0]); 2191 /* Determined at runtime, not in policy DB. */ 2192 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2193 goto out; 2194 if (c->v.behavior > SECURITY_FS_USE_MAX) 2195 goto out; 2196 2197 len = le32_to_cpu(buf[1]); 2198 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2199 if (rc) 2200 goto out; 2201 2202 rc = context_read_and_validate(&c->context[0], p, fp); 2203 if (rc) 2204 goto out; 2205 break; 2206 case OCON_NODE6: { 2207 int k; 2208 2209 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2210 if (rc) 2211 goto out; 2212 for (k = 0; k < 4; k++) 2213 c->u.node6.addr[k] = nodebuf[k]; 2214 for (k = 0; k < 4; k++) 2215 c->u.node6.mask[k] = nodebuf[k+4]; 2216 rc = context_read_and_validate(&c->context[0], p, fp); 2217 if (rc) 2218 goto out; 2219 break; 2220 } 2221 case OCON_IBPKEY: { 2222 u32 pkey_lo, pkey_hi; 2223 2224 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2225 if (rc) 2226 goto out; 2227 2228 /* we need to have subnet_prefix in CPU order */ 2229 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); 2230 2231 rc = next_entry(buf, fp, sizeof(u32) * 2); 2232 if (rc) 2233 goto out; 2234 2235 pkey_lo = le32_to_cpu(buf[0]); 2236 pkey_hi = le32_to_cpu(buf[1]); 2237 2238 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2239 rc = -EINVAL; 2240 goto out; 2241 } 2242 2243 c->u.ibpkey.low_pkey = pkey_lo; 2244 c->u.ibpkey.high_pkey = pkey_hi; 2245 2246 rc = context_read_and_validate(&c->context[0], 2247 p, 2248 fp); 2249 if (rc) 2250 goto out; 2251 break; 2252 } 2253 case OCON_IBENDPORT: { 2254 u32 port; 2255 2256 rc = next_entry(buf, fp, sizeof(u32) * 2); 2257 if (rc) 2258 goto out; 2259 len = le32_to_cpu(buf[0]); 2260 2261 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); 2262 if (rc) 2263 goto out; 2264 2265 port = le32_to_cpu(buf[1]); 2266 if (port > U8_MAX || port == 0) { 2267 rc = -EINVAL; 2268 goto out; 2269 } 2270 2271 c->u.ibendport.port = port; 2272 2273 rc = context_read_and_validate(&c->context[0], 2274 p, 2275 fp); 2276 if (rc) 2277 goto out; 2278 break; 2279 } /* end case */ 2280 } /* end switch */ 2281 } 2282 } 2283 rc = 0; 2284 out: 2285 return rc; 2286 } 2287 2288 /* 2289 * Read the configuration data from a policy database binary 2290 * representation file into a policy database structure. 2291 */ 2292 int policydb_read(struct policydb *p, void *fp) 2293 { 2294 struct role_allow *ra, *lra; 2295 struct role_trans *tr, *ltr; 2296 int i, j, rc; 2297 __le32 buf[4]; 2298 u32 len, nprim, nel; 2299 2300 char *policydb_str; 2301 struct policydb_compat_info *info; 2302 2303 rc = policydb_init(p); 2304 if (rc) 2305 return rc; 2306 2307 /* Read the magic number and string length. */ 2308 rc = next_entry(buf, fp, sizeof(u32) * 2); 2309 if (rc) 2310 goto bad; 2311 2312 rc = -EINVAL; 2313 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2314 pr_err("SELinux: policydb magic number 0x%x does " 2315 "not match expected magic number 0x%x\n", 2316 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2317 goto bad; 2318 } 2319 2320 rc = -EINVAL; 2321 len = le32_to_cpu(buf[1]); 2322 if (len != strlen(POLICYDB_STRING)) { 2323 pr_err("SELinux: policydb string length %d does not " 2324 "match expected length %zu\n", 2325 len, strlen(POLICYDB_STRING)); 2326 goto bad; 2327 } 2328 2329 rc = -ENOMEM; 2330 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2331 if (!policydb_str) { 2332 pr_err("SELinux: unable to allocate memory for policydb " 2333 "string of length %d\n", len); 2334 goto bad; 2335 } 2336 2337 rc = next_entry(policydb_str, fp, len); 2338 if (rc) { 2339 pr_err("SELinux: truncated policydb string identifier\n"); 2340 kfree(policydb_str); 2341 goto bad; 2342 } 2343 2344 rc = -EINVAL; 2345 policydb_str[len] = '\0'; 2346 if (strcmp(policydb_str, POLICYDB_STRING)) { 2347 pr_err("SELinux: policydb string %s does not match " 2348 "my string %s\n", policydb_str, POLICYDB_STRING); 2349 kfree(policydb_str); 2350 goto bad; 2351 } 2352 /* Done with policydb_str. */ 2353 kfree(policydb_str); 2354 policydb_str = NULL; 2355 2356 /* Read the version and table sizes. */ 2357 rc = next_entry(buf, fp, sizeof(u32)*4); 2358 if (rc) 2359 goto bad; 2360 2361 rc = -EINVAL; 2362 p->policyvers = le32_to_cpu(buf[0]); 2363 if (p->policyvers < POLICYDB_VERSION_MIN || 2364 p->policyvers > POLICYDB_VERSION_MAX) { 2365 pr_err("SELinux: policydb version %d does not match " 2366 "my version range %d-%d\n", 2367 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2368 goto bad; 2369 } 2370 2371 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2372 p->mls_enabled = 1; 2373 2374 rc = -EINVAL; 2375 if (p->policyvers < POLICYDB_VERSION_MLS) { 2376 pr_err("SELinux: security policydb version %d " 2377 "(MLS) not backwards compatible\n", 2378 p->policyvers); 2379 goto bad; 2380 } 2381 } 2382 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2383 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2384 2385 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2386 rc = ebitmap_read(&p->policycaps, fp); 2387 if (rc) 2388 goto bad; 2389 } 2390 2391 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2392 rc = ebitmap_read(&p->permissive_map, fp); 2393 if (rc) 2394 goto bad; 2395 } 2396 2397 rc = -EINVAL; 2398 info = policydb_lookup_compat(p->policyvers); 2399 if (!info) { 2400 pr_err("SELinux: unable to find policy compat info " 2401 "for version %d\n", p->policyvers); 2402 goto bad; 2403 } 2404 2405 rc = -EINVAL; 2406 if (le32_to_cpu(buf[2]) != info->sym_num || 2407 le32_to_cpu(buf[3]) != info->ocon_num) { 2408 pr_err("SELinux: policydb table sizes (%d,%d) do " 2409 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2410 le32_to_cpu(buf[3]), 2411 info->sym_num, info->ocon_num); 2412 goto bad; 2413 } 2414 2415 for (i = 0; i < info->sym_num; i++) { 2416 rc = next_entry(buf, fp, sizeof(u32)*2); 2417 if (rc) 2418 goto bad; 2419 nprim = le32_to_cpu(buf[0]); 2420 nel = le32_to_cpu(buf[1]); 2421 for (j = 0; j < nel; j++) { 2422 rc = read_f[i](p, p->symtab[i].table, fp); 2423 if (rc) 2424 goto bad; 2425 } 2426 2427 p->symtab[i].nprim = nprim; 2428 } 2429 2430 rc = -EINVAL; 2431 p->process_class = string_to_security_class(p, "process"); 2432 if (!p->process_class) 2433 goto bad; 2434 2435 rc = avtab_read(&p->te_avtab, fp, p); 2436 if (rc) 2437 goto bad; 2438 2439 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2440 rc = cond_read_list(p, fp); 2441 if (rc) 2442 goto bad; 2443 } 2444 2445 rc = next_entry(buf, fp, sizeof(u32)); 2446 if (rc) 2447 goto bad; 2448 nel = le32_to_cpu(buf[0]); 2449 ltr = NULL; 2450 for (i = 0; i < nel; i++) { 2451 rc = -ENOMEM; 2452 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2453 if (!tr) 2454 goto bad; 2455 if (ltr) 2456 ltr->next = tr; 2457 else 2458 p->role_tr = tr; 2459 rc = next_entry(buf, fp, sizeof(u32)*3); 2460 if (rc) 2461 goto bad; 2462 2463 rc = -EINVAL; 2464 tr->role = le32_to_cpu(buf[0]); 2465 tr->type = le32_to_cpu(buf[1]); 2466 tr->new_role = le32_to_cpu(buf[2]); 2467 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2468 rc = next_entry(buf, fp, sizeof(u32)); 2469 if (rc) 2470 goto bad; 2471 tr->tclass = le32_to_cpu(buf[0]); 2472 } else 2473 tr->tclass = p->process_class; 2474 2475 rc = -EINVAL; 2476 if (!policydb_role_isvalid(p, tr->role) || 2477 !policydb_type_isvalid(p, tr->type) || 2478 !policydb_class_isvalid(p, tr->tclass) || 2479 !policydb_role_isvalid(p, tr->new_role)) 2480 goto bad; 2481 ltr = tr; 2482 } 2483 2484 rc = next_entry(buf, fp, sizeof(u32)); 2485 if (rc) 2486 goto bad; 2487 nel = le32_to_cpu(buf[0]); 2488 lra = NULL; 2489 for (i = 0; i < nel; i++) { 2490 rc = -ENOMEM; 2491 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2492 if (!ra) 2493 goto bad; 2494 if (lra) 2495 lra->next = ra; 2496 else 2497 p->role_allow = ra; 2498 rc = next_entry(buf, fp, sizeof(u32)*2); 2499 if (rc) 2500 goto bad; 2501 2502 rc = -EINVAL; 2503 ra->role = le32_to_cpu(buf[0]); 2504 ra->new_role = le32_to_cpu(buf[1]); 2505 if (!policydb_role_isvalid(p, ra->role) || 2506 !policydb_role_isvalid(p, ra->new_role)) 2507 goto bad; 2508 lra = ra; 2509 } 2510 2511 rc = filename_trans_read(p, fp); 2512 if (rc) 2513 goto bad; 2514 2515 rc = policydb_index(p); 2516 if (rc) 2517 goto bad; 2518 2519 rc = -EINVAL; 2520 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2521 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2522 if (!p->process_trans_perms) 2523 goto bad; 2524 2525 rc = ocontext_read(p, info, fp); 2526 if (rc) 2527 goto bad; 2528 2529 rc = genfs_read(p, fp); 2530 if (rc) 2531 goto bad; 2532 2533 rc = range_read(p, fp); 2534 if (rc) 2535 goto bad; 2536 2537 rc = -ENOMEM; 2538 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2539 p->p_types.nprim, 2540 GFP_KERNEL | __GFP_ZERO); 2541 if (!p->type_attr_map_array) 2542 goto bad; 2543 2544 /* preallocate so we don't have to worry about the put ever failing */ 2545 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2546 GFP_KERNEL | __GFP_ZERO); 2547 if (rc) 2548 goto bad; 2549 2550 for (i = 0; i < p->p_types.nprim; i++) { 2551 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2552 2553 BUG_ON(!e); 2554 ebitmap_init(e); 2555 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2556 rc = ebitmap_read(e, fp); 2557 if (rc) 2558 goto bad; 2559 } 2560 /* add the type itself as the degenerate case */ 2561 rc = ebitmap_set_bit(e, i, 1); 2562 if (rc) 2563 goto bad; 2564 } 2565 2566 rc = policydb_bounds_sanity_check(p); 2567 if (rc) 2568 goto bad; 2569 2570 rc = 0; 2571 out: 2572 return rc; 2573 bad: 2574 policydb_destroy(p); 2575 goto out; 2576 } 2577 2578 /* 2579 * Write a MLS level structure to a policydb binary 2580 * representation file. 2581 */ 2582 static int mls_write_level(struct mls_level *l, void *fp) 2583 { 2584 __le32 buf[1]; 2585 int rc; 2586 2587 buf[0] = cpu_to_le32(l->sens); 2588 rc = put_entry(buf, sizeof(u32), 1, fp); 2589 if (rc) 2590 return rc; 2591 2592 rc = ebitmap_write(&l->cat, fp); 2593 if (rc) 2594 return rc; 2595 2596 return 0; 2597 } 2598 2599 /* 2600 * Write a MLS range structure to a policydb binary 2601 * representation file. 2602 */ 2603 static int mls_write_range_helper(struct mls_range *r, void *fp) 2604 { 2605 __le32 buf[3]; 2606 size_t items; 2607 int rc, eq; 2608 2609 eq = mls_level_eq(&r->level[1], &r->level[0]); 2610 2611 if (eq) 2612 items = 2; 2613 else 2614 items = 3; 2615 buf[0] = cpu_to_le32(items-1); 2616 buf[1] = cpu_to_le32(r->level[0].sens); 2617 if (!eq) 2618 buf[2] = cpu_to_le32(r->level[1].sens); 2619 2620 BUG_ON(items > ARRAY_SIZE(buf)); 2621 2622 rc = put_entry(buf, sizeof(u32), items, fp); 2623 if (rc) 2624 return rc; 2625 2626 rc = ebitmap_write(&r->level[0].cat, fp); 2627 if (rc) 2628 return rc; 2629 if (!eq) { 2630 rc = ebitmap_write(&r->level[1].cat, fp); 2631 if (rc) 2632 return rc; 2633 } 2634 2635 return 0; 2636 } 2637 2638 static int sens_write(void *vkey, void *datum, void *ptr) 2639 { 2640 char *key = vkey; 2641 struct level_datum *levdatum = datum; 2642 struct policy_data *pd = ptr; 2643 void *fp = pd->fp; 2644 __le32 buf[2]; 2645 size_t len; 2646 int rc; 2647 2648 len = strlen(key); 2649 buf[0] = cpu_to_le32(len); 2650 buf[1] = cpu_to_le32(levdatum->isalias); 2651 rc = put_entry(buf, sizeof(u32), 2, fp); 2652 if (rc) 2653 return rc; 2654 2655 rc = put_entry(key, 1, len, fp); 2656 if (rc) 2657 return rc; 2658 2659 rc = mls_write_level(levdatum->level, fp); 2660 if (rc) 2661 return rc; 2662 2663 return 0; 2664 } 2665 2666 static int cat_write(void *vkey, void *datum, void *ptr) 2667 { 2668 char *key = vkey; 2669 struct cat_datum *catdatum = datum; 2670 struct policy_data *pd = ptr; 2671 void *fp = pd->fp; 2672 __le32 buf[3]; 2673 size_t len; 2674 int rc; 2675 2676 len = strlen(key); 2677 buf[0] = cpu_to_le32(len); 2678 buf[1] = cpu_to_le32(catdatum->value); 2679 buf[2] = cpu_to_le32(catdatum->isalias); 2680 rc = put_entry(buf, sizeof(u32), 3, fp); 2681 if (rc) 2682 return rc; 2683 2684 rc = put_entry(key, 1, len, fp); 2685 if (rc) 2686 return rc; 2687 2688 return 0; 2689 } 2690 2691 static int role_trans_write(struct policydb *p, void *fp) 2692 { 2693 struct role_trans *r = p->role_tr; 2694 struct role_trans *tr; 2695 u32 buf[3]; 2696 size_t nel; 2697 int rc; 2698 2699 nel = 0; 2700 for (tr = r; tr; tr = tr->next) 2701 nel++; 2702 buf[0] = cpu_to_le32(nel); 2703 rc = put_entry(buf, sizeof(u32), 1, fp); 2704 if (rc) 2705 return rc; 2706 for (tr = r; tr; tr = tr->next) { 2707 buf[0] = cpu_to_le32(tr->role); 2708 buf[1] = cpu_to_le32(tr->type); 2709 buf[2] = cpu_to_le32(tr->new_role); 2710 rc = put_entry(buf, sizeof(u32), 3, fp); 2711 if (rc) 2712 return rc; 2713 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2714 buf[0] = cpu_to_le32(tr->tclass); 2715 rc = put_entry(buf, sizeof(u32), 1, fp); 2716 if (rc) 2717 return rc; 2718 } 2719 } 2720 2721 return 0; 2722 } 2723 2724 static int role_allow_write(struct role_allow *r, void *fp) 2725 { 2726 struct role_allow *ra; 2727 u32 buf[2]; 2728 size_t nel; 2729 int rc; 2730 2731 nel = 0; 2732 for (ra = r; ra; ra = ra->next) 2733 nel++; 2734 buf[0] = cpu_to_le32(nel); 2735 rc = put_entry(buf, sizeof(u32), 1, fp); 2736 if (rc) 2737 return rc; 2738 for (ra = r; ra; ra = ra->next) { 2739 buf[0] = cpu_to_le32(ra->role); 2740 buf[1] = cpu_to_le32(ra->new_role); 2741 rc = put_entry(buf, sizeof(u32), 2, fp); 2742 if (rc) 2743 return rc; 2744 } 2745 return 0; 2746 } 2747 2748 /* 2749 * Write a security context structure 2750 * to a policydb binary representation file. 2751 */ 2752 static int context_write(struct policydb *p, struct context *c, 2753 void *fp) 2754 { 2755 int rc; 2756 __le32 buf[3]; 2757 2758 buf[0] = cpu_to_le32(c->user); 2759 buf[1] = cpu_to_le32(c->role); 2760 buf[2] = cpu_to_le32(c->type); 2761 2762 rc = put_entry(buf, sizeof(u32), 3, fp); 2763 if (rc) 2764 return rc; 2765 2766 rc = mls_write_range_helper(&c->range, fp); 2767 if (rc) 2768 return rc; 2769 2770 return 0; 2771 } 2772 2773 /* 2774 * The following *_write functions are used to 2775 * write the symbol data to a policy database 2776 * binary representation file. 2777 */ 2778 2779 static int perm_write(void *vkey, void *datum, void *fp) 2780 { 2781 char *key = vkey; 2782 struct perm_datum *perdatum = datum; 2783 __le32 buf[2]; 2784 size_t len; 2785 int rc; 2786 2787 len = strlen(key); 2788 buf[0] = cpu_to_le32(len); 2789 buf[1] = cpu_to_le32(perdatum->value); 2790 rc = put_entry(buf, sizeof(u32), 2, fp); 2791 if (rc) 2792 return rc; 2793 2794 rc = put_entry(key, 1, len, fp); 2795 if (rc) 2796 return rc; 2797 2798 return 0; 2799 } 2800 2801 static int common_write(void *vkey, void *datum, void *ptr) 2802 { 2803 char *key = vkey; 2804 struct common_datum *comdatum = datum; 2805 struct policy_data *pd = ptr; 2806 void *fp = pd->fp; 2807 __le32 buf[4]; 2808 size_t len; 2809 int rc; 2810 2811 len = strlen(key); 2812 buf[0] = cpu_to_le32(len); 2813 buf[1] = cpu_to_le32(comdatum->value); 2814 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2815 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2816 rc = put_entry(buf, sizeof(u32), 4, fp); 2817 if (rc) 2818 return rc; 2819 2820 rc = put_entry(key, 1, len, fp); 2821 if (rc) 2822 return rc; 2823 2824 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2825 if (rc) 2826 return rc; 2827 2828 return 0; 2829 } 2830 2831 static int type_set_write(struct type_set *t, void *fp) 2832 { 2833 int rc; 2834 __le32 buf[1]; 2835 2836 if (ebitmap_write(&t->types, fp)) 2837 return -EINVAL; 2838 if (ebitmap_write(&t->negset, fp)) 2839 return -EINVAL; 2840 2841 buf[0] = cpu_to_le32(t->flags); 2842 rc = put_entry(buf, sizeof(u32), 1, fp); 2843 if (rc) 2844 return -EINVAL; 2845 2846 return 0; 2847 } 2848 2849 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2850 void *fp) 2851 { 2852 struct constraint_node *c; 2853 struct constraint_expr *e; 2854 __le32 buf[3]; 2855 u32 nel; 2856 int rc; 2857 2858 for (c = node; c; c = c->next) { 2859 nel = 0; 2860 for (e = c->expr; e; e = e->next) 2861 nel++; 2862 buf[0] = cpu_to_le32(c->permissions); 2863 buf[1] = cpu_to_le32(nel); 2864 rc = put_entry(buf, sizeof(u32), 2, fp); 2865 if (rc) 2866 return rc; 2867 for (e = c->expr; e; e = e->next) { 2868 buf[0] = cpu_to_le32(e->expr_type); 2869 buf[1] = cpu_to_le32(e->attr); 2870 buf[2] = cpu_to_le32(e->op); 2871 rc = put_entry(buf, sizeof(u32), 3, fp); 2872 if (rc) 2873 return rc; 2874 2875 switch (e->expr_type) { 2876 case CEXPR_NAMES: 2877 rc = ebitmap_write(&e->names, fp); 2878 if (rc) 2879 return rc; 2880 if (p->policyvers >= 2881 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2882 rc = type_set_write(e->type_names, fp); 2883 if (rc) 2884 return rc; 2885 } 2886 break; 2887 default: 2888 break; 2889 } 2890 } 2891 } 2892 2893 return 0; 2894 } 2895 2896 static int class_write(void *vkey, void *datum, void *ptr) 2897 { 2898 char *key = vkey; 2899 struct class_datum *cladatum = datum; 2900 struct policy_data *pd = ptr; 2901 void *fp = pd->fp; 2902 struct policydb *p = pd->p; 2903 struct constraint_node *c; 2904 __le32 buf[6]; 2905 u32 ncons; 2906 size_t len, len2; 2907 int rc; 2908 2909 len = strlen(key); 2910 if (cladatum->comkey) 2911 len2 = strlen(cladatum->comkey); 2912 else 2913 len2 = 0; 2914 2915 ncons = 0; 2916 for (c = cladatum->constraints; c; c = c->next) 2917 ncons++; 2918 2919 buf[0] = cpu_to_le32(len); 2920 buf[1] = cpu_to_le32(len2); 2921 buf[2] = cpu_to_le32(cladatum->value); 2922 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2923 if (cladatum->permissions.table) 2924 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2925 else 2926 buf[4] = 0; 2927 buf[5] = cpu_to_le32(ncons); 2928 rc = put_entry(buf, sizeof(u32), 6, fp); 2929 if (rc) 2930 return rc; 2931 2932 rc = put_entry(key, 1, len, fp); 2933 if (rc) 2934 return rc; 2935 2936 if (cladatum->comkey) { 2937 rc = put_entry(cladatum->comkey, 1, len2, fp); 2938 if (rc) 2939 return rc; 2940 } 2941 2942 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2943 if (rc) 2944 return rc; 2945 2946 rc = write_cons_helper(p, cladatum->constraints, fp); 2947 if (rc) 2948 return rc; 2949 2950 /* write out the validatetrans rule */ 2951 ncons = 0; 2952 for (c = cladatum->validatetrans; c; c = c->next) 2953 ncons++; 2954 2955 buf[0] = cpu_to_le32(ncons); 2956 rc = put_entry(buf, sizeof(u32), 1, fp); 2957 if (rc) 2958 return rc; 2959 2960 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2961 if (rc) 2962 return rc; 2963 2964 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2965 buf[0] = cpu_to_le32(cladatum->default_user); 2966 buf[1] = cpu_to_le32(cladatum->default_role); 2967 buf[2] = cpu_to_le32(cladatum->default_range); 2968 2969 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2970 if (rc) 2971 return rc; 2972 } 2973 2974 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2975 buf[0] = cpu_to_le32(cladatum->default_type); 2976 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2977 if (rc) 2978 return rc; 2979 } 2980 2981 return 0; 2982 } 2983 2984 static int role_write(void *vkey, void *datum, void *ptr) 2985 { 2986 char *key = vkey; 2987 struct role_datum *role = datum; 2988 struct policy_data *pd = ptr; 2989 void *fp = pd->fp; 2990 struct policydb *p = pd->p; 2991 __le32 buf[3]; 2992 size_t items, len; 2993 int rc; 2994 2995 len = strlen(key); 2996 items = 0; 2997 buf[items++] = cpu_to_le32(len); 2998 buf[items++] = cpu_to_le32(role->value); 2999 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3000 buf[items++] = cpu_to_le32(role->bounds); 3001 3002 BUG_ON(items > ARRAY_SIZE(buf)); 3003 3004 rc = put_entry(buf, sizeof(u32), items, fp); 3005 if (rc) 3006 return rc; 3007 3008 rc = put_entry(key, 1, len, fp); 3009 if (rc) 3010 return rc; 3011 3012 rc = ebitmap_write(&role->dominates, fp); 3013 if (rc) 3014 return rc; 3015 3016 rc = ebitmap_write(&role->types, fp); 3017 if (rc) 3018 return rc; 3019 3020 return 0; 3021 } 3022 3023 static int type_write(void *vkey, void *datum, void *ptr) 3024 { 3025 char *key = vkey; 3026 struct type_datum *typdatum = datum; 3027 struct policy_data *pd = ptr; 3028 struct policydb *p = pd->p; 3029 void *fp = pd->fp; 3030 __le32 buf[4]; 3031 int rc; 3032 size_t items, len; 3033 3034 len = strlen(key); 3035 items = 0; 3036 buf[items++] = cpu_to_le32(len); 3037 buf[items++] = cpu_to_le32(typdatum->value); 3038 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3039 u32 properties = 0; 3040 3041 if (typdatum->primary) 3042 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3043 3044 if (typdatum->attribute) 3045 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3046 3047 buf[items++] = cpu_to_le32(properties); 3048 buf[items++] = cpu_to_le32(typdatum->bounds); 3049 } else { 3050 buf[items++] = cpu_to_le32(typdatum->primary); 3051 } 3052 BUG_ON(items > ARRAY_SIZE(buf)); 3053 rc = put_entry(buf, sizeof(u32), items, fp); 3054 if (rc) 3055 return rc; 3056 3057 rc = put_entry(key, 1, len, fp); 3058 if (rc) 3059 return rc; 3060 3061 return 0; 3062 } 3063 3064 static int user_write(void *vkey, void *datum, void *ptr) 3065 { 3066 char *key = vkey; 3067 struct user_datum *usrdatum = datum; 3068 struct policy_data *pd = ptr; 3069 struct policydb *p = pd->p; 3070 void *fp = pd->fp; 3071 __le32 buf[3]; 3072 size_t items, len; 3073 int rc; 3074 3075 len = strlen(key); 3076 items = 0; 3077 buf[items++] = cpu_to_le32(len); 3078 buf[items++] = cpu_to_le32(usrdatum->value); 3079 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3080 buf[items++] = cpu_to_le32(usrdatum->bounds); 3081 BUG_ON(items > ARRAY_SIZE(buf)); 3082 rc = put_entry(buf, sizeof(u32), items, fp); 3083 if (rc) 3084 return rc; 3085 3086 rc = put_entry(key, 1, len, fp); 3087 if (rc) 3088 return rc; 3089 3090 rc = ebitmap_write(&usrdatum->roles, fp); 3091 if (rc) 3092 return rc; 3093 3094 rc = mls_write_range_helper(&usrdatum->range, fp); 3095 if (rc) 3096 return rc; 3097 3098 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3099 if (rc) 3100 return rc; 3101 3102 return 0; 3103 } 3104 3105 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3106 void *datap) = 3107 { 3108 common_write, 3109 class_write, 3110 role_write, 3111 type_write, 3112 user_write, 3113 cond_write_bool, 3114 sens_write, 3115 cat_write, 3116 }; 3117 3118 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3119 void *fp) 3120 { 3121 unsigned int i, j, rc; 3122 size_t nel, len; 3123 __be64 prefixbuf[1]; 3124 __le32 buf[3]; 3125 u32 nodebuf[8]; 3126 struct ocontext *c; 3127 for (i = 0; i < info->ocon_num; i++) { 3128 nel = 0; 3129 for (c = p->ocontexts[i]; c; c = c->next) 3130 nel++; 3131 buf[0] = cpu_to_le32(nel); 3132 rc = put_entry(buf, sizeof(u32), 1, fp); 3133 if (rc) 3134 return rc; 3135 for (c = p->ocontexts[i]; c; c = c->next) { 3136 switch (i) { 3137 case OCON_ISID: 3138 buf[0] = cpu_to_le32(c->sid[0]); 3139 rc = put_entry(buf, sizeof(u32), 1, fp); 3140 if (rc) 3141 return rc; 3142 rc = context_write(p, &c->context[0], fp); 3143 if (rc) 3144 return rc; 3145 break; 3146 case OCON_FS: 3147 case OCON_NETIF: 3148 len = strlen(c->u.name); 3149 buf[0] = cpu_to_le32(len); 3150 rc = put_entry(buf, sizeof(u32), 1, fp); 3151 if (rc) 3152 return rc; 3153 rc = put_entry(c->u.name, 1, len, fp); 3154 if (rc) 3155 return rc; 3156 rc = context_write(p, &c->context[0], fp); 3157 if (rc) 3158 return rc; 3159 rc = context_write(p, &c->context[1], fp); 3160 if (rc) 3161 return rc; 3162 break; 3163 case OCON_PORT: 3164 buf[0] = cpu_to_le32(c->u.port.protocol); 3165 buf[1] = cpu_to_le32(c->u.port.low_port); 3166 buf[2] = cpu_to_le32(c->u.port.high_port); 3167 rc = put_entry(buf, sizeof(u32), 3, fp); 3168 if (rc) 3169 return rc; 3170 rc = context_write(p, &c->context[0], fp); 3171 if (rc) 3172 return rc; 3173 break; 3174 case OCON_NODE: 3175 nodebuf[0] = c->u.node.addr; /* network order */ 3176 nodebuf[1] = c->u.node.mask; /* network order */ 3177 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3178 if (rc) 3179 return rc; 3180 rc = context_write(p, &c->context[0], fp); 3181 if (rc) 3182 return rc; 3183 break; 3184 case OCON_FSUSE: 3185 buf[0] = cpu_to_le32(c->v.behavior); 3186 len = strlen(c->u.name); 3187 buf[1] = cpu_to_le32(len); 3188 rc = put_entry(buf, sizeof(u32), 2, fp); 3189 if (rc) 3190 return rc; 3191 rc = put_entry(c->u.name, 1, len, fp); 3192 if (rc) 3193 return rc; 3194 rc = context_write(p, &c->context[0], fp); 3195 if (rc) 3196 return rc; 3197 break; 3198 case OCON_NODE6: 3199 for (j = 0; j < 4; j++) 3200 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3201 for (j = 0; j < 4; j++) 3202 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3203 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3204 if (rc) 3205 return rc; 3206 rc = context_write(p, &c->context[0], fp); 3207 if (rc) 3208 return rc; 3209 break; 3210 case OCON_IBPKEY: 3211 /* subnet_prefix is in CPU order */ 3212 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); 3213 3214 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3215 if (rc) 3216 return rc; 3217 3218 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3219 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3220 3221 rc = put_entry(buf, sizeof(u32), 2, fp); 3222 if (rc) 3223 return rc; 3224 rc = context_write(p, &c->context[0], fp); 3225 if (rc) 3226 return rc; 3227 break; 3228 case OCON_IBENDPORT: 3229 len = strlen(c->u.ibendport.dev_name); 3230 buf[0] = cpu_to_le32(len); 3231 buf[1] = cpu_to_le32(c->u.ibendport.port); 3232 rc = put_entry(buf, sizeof(u32), 2, fp); 3233 if (rc) 3234 return rc; 3235 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp); 3236 if (rc) 3237 return rc; 3238 rc = context_write(p, &c->context[0], fp); 3239 if (rc) 3240 return rc; 3241 break; 3242 } 3243 } 3244 } 3245 return 0; 3246 } 3247 3248 static int genfs_write(struct policydb *p, void *fp) 3249 { 3250 struct genfs *genfs; 3251 struct ocontext *c; 3252 size_t len; 3253 __le32 buf[1]; 3254 int rc; 3255 3256 len = 0; 3257 for (genfs = p->genfs; genfs; genfs = genfs->next) 3258 len++; 3259 buf[0] = cpu_to_le32(len); 3260 rc = put_entry(buf, sizeof(u32), 1, fp); 3261 if (rc) 3262 return rc; 3263 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3264 len = strlen(genfs->fstype); 3265 buf[0] = cpu_to_le32(len); 3266 rc = put_entry(buf, sizeof(u32), 1, fp); 3267 if (rc) 3268 return rc; 3269 rc = put_entry(genfs->fstype, 1, len, fp); 3270 if (rc) 3271 return rc; 3272 len = 0; 3273 for (c = genfs->head; c; c = c->next) 3274 len++; 3275 buf[0] = cpu_to_le32(len); 3276 rc = put_entry(buf, sizeof(u32), 1, fp); 3277 if (rc) 3278 return rc; 3279 for (c = genfs->head; c; c = c->next) { 3280 len = strlen(c->u.name); 3281 buf[0] = cpu_to_le32(len); 3282 rc = put_entry(buf, sizeof(u32), 1, fp); 3283 if (rc) 3284 return rc; 3285 rc = put_entry(c->u.name, 1, len, fp); 3286 if (rc) 3287 return rc; 3288 buf[0] = cpu_to_le32(c->v.sclass); 3289 rc = put_entry(buf, sizeof(u32), 1, fp); 3290 if (rc) 3291 return rc; 3292 rc = context_write(p, &c->context[0], fp); 3293 if (rc) 3294 return rc; 3295 } 3296 } 3297 return 0; 3298 } 3299 3300 static int hashtab_cnt(void *key, void *data, void *ptr) 3301 { 3302 int *cnt = ptr; 3303 *cnt = *cnt + 1; 3304 3305 return 0; 3306 } 3307 3308 static int range_write_helper(void *key, void *data, void *ptr) 3309 { 3310 __le32 buf[2]; 3311 struct range_trans *rt = key; 3312 struct mls_range *r = data; 3313 struct policy_data *pd = ptr; 3314 void *fp = pd->fp; 3315 struct policydb *p = pd->p; 3316 int rc; 3317 3318 buf[0] = cpu_to_le32(rt->source_type); 3319 buf[1] = cpu_to_le32(rt->target_type); 3320 rc = put_entry(buf, sizeof(u32), 2, fp); 3321 if (rc) 3322 return rc; 3323 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3324 buf[0] = cpu_to_le32(rt->target_class); 3325 rc = put_entry(buf, sizeof(u32), 1, fp); 3326 if (rc) 3327 return rc; 3328 } 3329 rc = mls_write_range_helper(r, fp); 3330 if (rc) 3331 return rc; 3332 3333 return 0; 3334 } 3335 3336 static int range_write(struct policydb *p, void *fp) 3337 { 3338 __le32 buf[1]; 3339 int rc, nel; 3340 struct policy_data pd; 3341 3342 pd.p = p; 3343 pd.fp = fp; 3344 3345 /* count the number of entries in the hashtab */ 3346 nel = 0; 3347 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3348 if (rc) 3349 return rc; 3350 3351 buf[0] = cpu_to_le32(nel); 3352 rc = put_entry(buf, sizeof(u32), 1, fp); 3353 if (rc) 3354 return rc; 3355 3356 /* actually write all of the entries */ 3357 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3358 if (rc) 3359 return rc; 3360 3361 return 0; 3362 } 3363 3364 static int filename_write_helper(void *key, void *data, void *ptr) 3365 { 3366 __le32 buf[4]; 3367 struct filename_trans *ft = key; 3368 struct filename_trans_datum *otype = data; 3369 void *fp = ptr; 3370 int rc; 3371 u32 len; 3372 3373 len = strlen(ft->name); 3374 buf[0] = cpu_to_le32(len); 3375 rc = put_entry(buf, sizeof(u32), 1, fp); 3376 if (rc) 3377 return rc; 3378 3379 rc = put_entry(ft->name, sizeof(char), len, fp); 3380 if (rc) 3381 return rc; 3382 3383 buf[0] = cpu_to_le32(ft->stype); 3384 buf[1] = cpu_to_le32(ft->ttype); 3385 buf[2] = cpu_to_le32(ft->tclass); 3386 buf[3] = cpu_to_le32(otype->otype); 3387 3388 rc = put_entry(buf, sizeof(u32), 4, fp); 3389 if (rc) 3390 return rc; 3391 3392 return 0; 3393 } 3394 3395 static int filename_trans_write(struct policydb *p, void *fp) 3396 { 3397 u32 nel; 3398 __le32 buf[1]; 3399 int rc; 3400 3401 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3402 return 0; 3403 3404 nel = 0; 3405 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3406 if (rc) 3407 return rc; 3408 3409 buf[0] = cpu_to_le32(nel); 3410 rc = put_entry(buf, sizeof(u32), 1, fp); 3411 if (rc) 3412 return rc; 3413 3414 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3415 if (rc) 3416 return rc; 3417 3418 return 0; 3419 } 3420 3421 /* 3422 * Write the configuration data in a policy database 3423 * structure to a policy database binary representation 3424 * file. 3425 */ 3426 int policydb_write(struct policydb *p, void *fp) 3427 { 3428 unsigned int i, num_syms; 3429 int rc; 3430 __le32 buf[4]; 3431 u32 config; 3432 size_t len; 3433 struct policydb_compat_info *info; 3434 3435 /* 3436 * refuse to write policy older than compressed avtab 3437 * to simplify the writer. There are other tests dropped 3438 * since we assume this throughout the writer code. Be 3439 * careful if you ever try to remove this restriction 3440 */ 3441 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3442 pr_err("SELinux: refusing to write policy version %d." 3443 " Because it is less than version %d\n", p->policyvers, 3444 POLICYDB_VERSION_AVTAB); 3445 return -EINVAL; 3446 } 3447 3448 config = 0; 3449 if (p->mls_enabled) 3450 config |= POLICYDB_CONFIG_MLS; 3451 3452 if (p->reject_unknown) 3453 config |= REJECT_UNKNOWN; 3454 if (p->allow_unknown) 3455 config |= ALLOW_UNKNOWN; 3456 3457 /* Write the magic number and string identifiers. */ 3458 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3459 len = strlen(POLICYDB_STRING); 3460 buf[1] = cpu_to_le32(len); 3461 rc = put_entry(buf, sizeof(u32), 2, fp); 3462 if (rc) 3463 return rc; 3464 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3465 if (rc) 3466 return rc; 3467 3468 /* Write the version, config, and table sizes. */ 3469 info = policydb_lookup_compat(p->policyvers); 3470 if (!info) { 3471 pr_err("SELinux: compatibility lookup failed for policy " 3472 "version %d", p->policyvers); 3473 return -EINVAL; 3474 } 3475 3476 buf[0] = cpu_to_le32(p->policyvers); 3477 buf[1] = cpu_to_le32(config); 3478 buf[2] = cpu_to_le32(info->sym_num); 3479 buf[3] = cpu_to_le32(info->ocon_num); 3480 3481 rc = put_entry(buf, sizeof(u32), 4, fp); 3482 if (rc) 3483 return rc; 3484 3485 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3486 rc = ebitmap_write(&p->policycaps, fp); 3487 if (rc) 3488 return rc; 3489 } 3490 3491 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3492 rc = ebitmap_write(&p->permissive_map, fp); 3493 if (rc) 3494 return rc; 3495 } 3496 3497 num_syms = info->sym_num; 3498 for (i = 0; i < num_syms; i++) { 3499 struct policy_data pd; 3500 3501 pd.fp = fp; 3502 pd.p = p; 3503 3504 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3505 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3506 3507 rc = put_entry(buf, sizeof(u32), 2, fp); 3508 if (rc) 3509 return rc; 3510 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3511 if (rc) 3512 return rc; 3513 } 3514 3515 rc = avtab_write(p, &p->te_avtab, fp); 3516 if (rc) 3517 return rc; 3518 3519 rc = cond_write_list(p, p->cond_list, fp); 3520 if (rc) 3521 return rc; 3522 3523 rc = role_trans_write(p, fp); 3524 if (rc) 3525 return rc; 3526 3527 rc = role_allow_write(p->role_allow, fp); 3528 if (rc) 3529 return rc; 3530 3531 rc = filename_trans_write(p, fp); 3532 if (rc) 3533 return rc; 3534 3535 rc = ocontext_write(p, info, fp); 3536 if (rc) 3537 return rc; 3538 3539 rc = genfs_write(p, fp); 3540 if (rc) 3541 return rc; 3542 3543 rc = range_write(p, fp); 3544 if (rc) 3545 return rc; 3546 3547 for (i = 0; i < p->p_types.nprim; i++) { 3548 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3549 3550 BUG_ON(!e); 3551 rc = ebitmap_write(e, fp); 3552 if (rc) 3553 return rc; 3554 } 3555 3556 return 0; 3557 } 3558