1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * Support for enhanced MLS infrastructure. 11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * Added conditional policy language extensions 16 * Copyright (C) 2003-2004 Tresys Technology, LLC 17 * 18 * Updated: Hewlett-Packard <paul@paul-moore.com> 19 * Added support for the policy capability bitmap 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * 22 * Update: Mellanox Techonologies 23 * Added Infiniband support 24 * Copyright (C) 2016 Mellanox Techonologies 25 */ 26 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/string.h> 31 #include <linux/errno.h> 32 #include <linux/audit.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 #include "services.h" 39 40 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 41 /* clang-format off */ 42 static const char *const symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 /* clang-format off */ 53 #endif 54 55 struct policydb_compat_info { 56 unsigned int version; 57 unsigned int sym_num; 58 unsigned int ocon_num; 59 }; 60 61 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 62 static const struct policydb_compat_info policydb_compat[] = { 63 { 64 .version = POLICYDB_VERSION_BASE, 65 .sym_num = SYM_NUM - 3, 66 .ocon_num = OCON_NUM - 3, 67 }, 68 { 69 .version = POLICYDB_VERSION_BOOL, 70 .sym_num = SYM_NUM - 2, 71 .ocon_num = OCON_NUM - 3, 72 }, 73 { 74 .version = POLICYDB_VERSION_IPV6, 75 .sym_num = SYM_NUM - 2, 76 .ocon_num = OCON_NUM - 2, 77 }, 78 { 79 .version = POLICYDB_VERSION_NLCLASS, 80 .sym_num = SYM_NUM - 2, 81 .ocon_num = OCON_NUM - 2, 82 }, 83 { 84 .version = POLICYDB_VERSION_MLS, 85 .sym_num = SYM_NUM, 86 .ocon_num = OCON_NUM - 2, 87 }, 88 { 89 .version = POLICYDB_VERSION_AVTAB, 90 .sym_num = SYM_NUM, 91 .ocon_num = OCON_NUM - 2, 92 }, 93 { 94 .version = POLICYDB_VERSION_RANGETRANS, 95 .sym_num = SYM_NUM, 96 .ocon_num = OCON_NUM - 2, 97 }, 98 { 99 .version = POLICYDB_VERSION_POLCAP, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NUM - 2, 102 }, 103 { 104 .version = POLICYDB_VERSION_PERMISSIVE, 105 .sym_num = SYM_NUM, 106 .ocon_num = OCON_NUM - 2, 107 }, 108 { 109 .version = POLICYDB_VERSION_BOUNDARY, 110 .sym_num = SYM_NUM, 111 .ocon_num = OCON_NUM - 2, 112 }, 113 { 114 .version = POLICYDB_VERSION_FILENAME_TRANS, 115 .sym_num = SYM_NUM, 116 .ocon_num = OCON_NUM - 2, 117 }, 118 { 119 .version = POLICYDB_VERSION_ROLETRANS, 120 .sym_num = SYM_NUM, 121 .ocon_num = OCON_NUM - 2, 122 }, 123 { 124 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 125 .sym_num = SYM_NUM, 126 .ocon_num = OCON_NUM - 2, 127 }, 128 { 129 .version = POLICYDB_VERSION_DEFAULT_TYPE, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NUM - 2, 132 }, 133 { 134 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NUM - 2, 137 }, 138 { 139 .version = POLICYDB_VERSION_XPERMS_IOCTL, 140 .sym_num = SYM_NUM, 141 .ocon_num = OCON_NUM - 2, 142 }, 143 { 144 .version = POLICYDB_VERSION_INFINIBAND, 145 .sym_num = SYM_NUM, 146 .ocon_num = OCON_NUM, 147 }, 148 { 149 .version = POLICYDB_VERSION_GLBLUB, 150 .sym_num = SYM_NUM, 151 .ocon_num = OCON_NUM, 152 }, 153 { 154 .version = POLICYDB_VERSION_COMP_FTRANS, 155 .sym_num = SYM_NUM, 156 .ocon_num = OCON_NUM, 157 }, 158 { 159 .version = POLICYDB_VERSION_COND_XPERMS, 160 .sym_num = SYM_NUM, 161 .ocon_num = OCON_NUM, 162 }, 163 }; 164 165 static const struct policydb_compat_info * 166 policydb_lookup_compat(unsigned int version) 167 { 168 unsigned int i; 169 170 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 171 if (policydb_compat[i].version == version) 172 return &policydb_compat[i]; 173 } 174 175 return NULL; 176 } 177 178 /* 179 * The following *_destroy functions are used to 180 * free any memory allocated for each kind of 181 * symbol data in the policy database. 182 */ 183 184 static int perm_destroy(void *key, void *datum, void *p) 185 { 186 kfree(key); 187 kfree(datum); 188 return 0; 189 } 190 191 static int common_destroy(void *key, void *datum, void *p) 192 { 193 struct common_datum *comdatum; 194 195 kfree(key); 196 if (datum) { 197 comdatum = datum; 198 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 199 hashtab_destroy(&comdatum->permissions.table); 200 } 201 kfree(datum); 202 return 0; 203 } 204 205 static void constraint_expr_destroy(struct constraint_expr *expr) 206 { 207 if (expr) { 208 ebitmap_destroy(&expr->names); 209 if (expr->type_names) { 210 ebitmap_destroy(&expr->type_names->types); 211 ebitmap_destroy(&expr->type_names->negset); 212 kfree(expr->type_names); 213 } 214 kfree(expr); 215 } 216 } 217 218 static int cls_destroy(void *key, void *datum, void *p) 219 { 220 struct class_datum *cladatum; 221 struct constraint_node *constraint, *ctemp; 222 struct constraint_expr *e, *etmp; 223 224 kfree(key); 225 if (datum) { 226 cladatum = datum; 227 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 228 hashtab_destroy(&cladatum->permissions.table); 229 constraint = cladatum->constraints; 230 while (constraint) { 231 e = constraint->expr; 232 while (e) { 233 etmp = e; 234 e = e->next; 235 constraint_expr_destroy(etmp); 236 } 237 ctemp = constraint; 238 constraint = constraint->next; 239 kfree(ctemp); 240 } 241 242 constraint = cladatum->validatetrans; 243 while (constraint) { 244 e = constraint->expr; 245 while (e) { 246 etmp = e; 247 e = e->next; 248 constraint_expr_destroy(etmp); 249 } 250 ctemp = constraint; 251 constraint = constraint->next; 252 kfree(ctemp); 253 } 254 kfree(cladatum->comkey); 255 } 256 kfree(datum); 257 return 0; 258 } 259 260 static int role_destroy(void *key, void *datum, void *p) 261 { 262 struct role_datum *role; 263 264 kfree(key); 265 if (datum) { 266 role = datum; 267 ebitmap_destroy(&role->dominates); 268 ebitmap_destroy(&role->types); 269 } 270 kfree(datum); 271 return 0; 272 } 273 274 static int type_destroy(void *key, void *datum, void *p) 275 { 276 kfree(key); 277 kfree(datum); 278 return 0; 279 } 280 281 static int user_destroy(void *key, void *datum, void *p) 282 { 283 struct user_datum *usrdatum; 284 285 kfree(key); 286 if (datum) { 287 usrdatum = datum; 288 ebitmap_destroy(&usrdatum->roles); 289 ebitmap_destroy(&usrdatum->range.level[0].cat); 290 ebitmap_destroy(&usrdatum->range.level[1].cat); 291 ebitmap_destroy(&usrdatum->dfltlevel.cat); 292 } 293 kfree(datum); 294 return 0; 295 } 296 297 static int sens_destroy(void *key, void *datum, void *p) 298 { 299 struct level_datum *levdatum; 300 301 kfree(key); 302 if (datum) { 303 levdatum = datum; 304 ebitmap_destroy(&levdatum->level.cat); 305 } 306 kfree(datum); 307 return 0; 308 } 309 310 static int cat_destroy(void *key, void *datum, void *p) 311 { 312 kfree(key); 313 kfree(datum); 314 return 0; 315 } 316 317 /* clang-format off */ 318 static int (*const destroy_f[SYM_NUM])(void *key, void *datum, void *datap) = { 319 common_destroy, 320 cls_destroy, 321 role_destroy, 322 type_destroy, 323 user_destroy, 324 cond_destroy_bool, 325 sens_destroy, 326 cat_destroy, 327 }; 328 /* clang-format on */ 329 330 static int filenametr_destroy(void *key, void *datum, void *p) 331 { 332 struct filename_trans_key *ft = key; 333 struct filename_trans_datum *next, *d = datum; 334 335 kfree(ft->name); 336 kfree(key); 337 do { 338 ebitmap_destroy(&d->stypes); 339 next = d->next; 340 kfree(d); 341 d = next; 342 } while (unlikely(d)); 343 cond_resched(); 344 return 0; 345 } 346 347 static int range_tr_destroy(void *key, void *datum, void *p) 348 { 349 struct mls_range *rt = datum; 350 351 kfree(key); 352 ebitmap_destroy(&rt->level[0].cat); 353 ebitmap_destroy(&rt->level[1].cat); 354 kfree(datum); 355 cond_resched(); 356 return 0; 357 } 358 359 static int role_tr_destroy(void *key, void *datum, void *p) 360 { 361 kfree(key); 362 kfree(datum); 363 return 0; 364 } 365 366 static void ocontext_destroy(struct ocontext *c, unsigned int i) 367 { 368 if (!c) 369 return; 370 371 context_destroy(&c->context[0]); 372 context_destroy(&c->context[1]); 373 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || 374 i == OCON_FSUSE) 375 kfree(c->u.name); 376 kfree(c); 377 } 378 379 /* 380 * Initialize the role table. 381 */ 382 static int roles_init(struct policydb *p) 383 { 384 char *key = NULL; 385 int rc; 386 struct role_datum *role; 387 388 role = kzalloc(sizeof(*role), GFP_KERNEL); 389 if (!role) 390 return -ENOMEM; 391 392 rc = -EINVAL; 393 role->value = ++p->p_roles.nprim; 394 if (role->value != OBJECT_R_VAL) 395 goto out; 396 397 rc = -ENOMEM; 398 key = kstrdup(OBJECT_R, GFP_KERNEL); 399 if (!key) 400 goto out; 401 402 rc = symtab_insert(&p->p_roles, key, role); 403 if (rc) 404 goto out; 405 406 return 0; 407 out: 408 kfree(key); 409 kfree(role); 410 return rc; 411 } 412 413 static u32 filenametr_hash(const void *k) 414 { 415 const struct filename_trans_key *ft = k; 416 unsigned long salt = ft->ttype ^ ft->tclass; 417 418 return full_name_hash((void *)salt, ft->name, strlen(ft->name)); 419 } 420 421 static int filenametr_cmp(const void *k1, const void *k2) 422 { 423 const struct filename_trans_key *ft1 = k1; 424 const struct filename_trans_key *ft2 = k2; 425 int v; 426 427 v = ft1->ttype - ft2->ttype; 428 if (v) 429 return v; 430 431 v = ft1->tclass - ft2->tclass; 432 if (v) 433 return v; 434 435 return strcmp(ft1->name, ft2->name); 436 } 437 438 static const struct hashtab_key_params filenametr_key_params = { 439 .hash = filenametr_hash, 440 .cmp = filenametr_cmp, 441 }; 442 443 struct filename_trans_datum * 444 policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key) 445 { 446 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 447 } 448 449 static u32 rangetr_hash(const void *k) 450 { 451 const struct range_trans *key = k; 452 453 return key->source_type + (key->target_type << 3) + 454 (key->target_class << 5); 455 } 456 457 static int rangetr_cmp(const void *k1, const void *k2) 458 { 459 const struct range_trans *key1 = k1, *key2 = k2; 460 int v; 461 462 v = key1->source_type - key2->source_type; 463 if (v) 464 return v; 465 466 v = key1->target_type - key2->target_type; 467 if (v) 468 return v; 469 470 v = key1->target_class - key2->target_class; 471 472 return v; 473 } 474 475 static const struct hashtab_key_params rangetr_key_params = { 476 .hash = rangetr_hash, 477 .cmp = rangetr_cmp, 478 }; 479 480 struct mls_range *policydb_rangetr_search(struct policydb *p, 481 struct range_trans *key) 482 { 483 return hashtab_search(&p->range_tr, key, rangetr_key_params); 484 } 485 486 static u32 role_trans_hash(const void *k) 487 { 488 const struct role_trans_key *key = k; 489 490 return jhash_3words(key->role, key->type, 491 (u32)key->tclass << 16 | key->tclass, 0); 492 } 493 494 static int role_trans_cmp(const void *k1, const void *k2) 495 { 496 const struct role_trans_key *key1 = k1, *key2 = k2; 497 int v; 498 499 v = key1->role - key2->role; 500 if (v) 501 return v; 502 503 v = key1->type - key2->type; 504 if (v) 505 return v; 506 507 return key1->tclass - key2->tclass; 508 } 509 510 static const struct hashtab_key_params roletr_key_params = { 511 .hash = role_trans_hash, 512 .cmp = role_trans_cmp, 513 }; 514 515 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 516 struct role_trans_key *key) 517 { 518 return hashtab_search(&p->role_tr, key, roletr_key_params); 519 } 520 521 /* 522 * Initialize a policy database structure. 523 */ 524 static void policydb_init(struct policydb *p) 525 { 526 memset(p, 0, sizeof(*p)); 527 528 avtab_init(&p->te_avtab); 529 cond_policydb_init(p); 530 531 ebitmap_init(&p->filename_trans_ttypes); 532 ebitmap_init(&p->policycaps); 533 ebitmap_init(&p->permissive_map); 534 } 535 536 /* 537 * The following *_index functions are used to 538 * define the val_to_name and val_to_struct arrays 539 * in a policy database structure. The val_to_name 540 * arrays are used when converting security context 541 * structures into string representations. The 542 * val_to_struct arrays are used when the attributes 543 * of a class, role, or user are needed. 544 */ 545 546 static int common_index(void *key, void *datum, void *datap) 547 { 548 struct policydb *p; 549 struct common_datum *comdatum; 550 551 comdatum = datum; 552 p = datap; 553 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 554 return -EINVAL; 555 556 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 557 558 return 0; 559 } 560 561 static int class_index(void *key, void *datum, void *datap) 562 { 563 struct policydb *p; 564 struct class_datum *cladatum; 565 566 cladatum = datum; 567 p = datap; 568 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 569 return -EINVAL; 570 571 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 572 p->class_val_to_struct[cladatum->value - 1] = cladatum; 573 return 0; 574 } 575 576 static int role_index(void *key, void *datum, void *datap) 577 { 578 struct policydb *p; 579 struct role_datum *role; 580 581 role = datum; 582 p = datap; 583 if (!role->value || role->value > p->p_roles.nprim || 584 role->bounds > p->p_roles.nprim) 585 return -EINVAL; 586 587 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 588 p->role_val_to_struct[role->value - 1] = role; 589 return 0; 590 } 591 592 static int type_index(void *key, void *datum, void *datap) 593 { 594 struct policydb *p; 595 struct type_datum *typdatum; 596 597 typdatum = datum; 598 p = datap; 599 600 if (typdatum->primary) { 601 if (!typdatum->value || typdatum->value > p->p_types.nprim || 602 typdatum->bounds > p->p_types.nprim) 603 return -EINVAL; 604 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 605 p->type_val_to_struct[typdatum->value - 1] = typdatum; 606 } 607 608 return 0; 609 } 610 611 static int user_index(void *key, void *datum, void *datap) 612 { 613 struct policydb *p; 614 struct user_datum *usrdatum; 615 616 usrdatum = datum; 617 p = datap; 618 if (!usrdatum->value || usrdatum->value > p->p_users.nprim || 619 usrdatum->bounds > p->p_users.nprim) 620 return -EINVAL; 621 622 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 623 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 624 return 0; 625 } 626 627 static int sens_index(void *key, void *datum, void *datap) 628 { 629 struct policydb *p; 630 struct level_datum *levdatum; 631 632 levdatum = datum; 633 p = datap; 634 635 if (!levdatum->isalias) { 636 if (!levdatum->level.sens || 637 levdatum->level.sens > p->p_levels.nprim) 638 return -EINVAL; 639 640 p->sym_val_to_name[SYM_LEVELS][levdatum->level.sens - 1] = key; 641 } 642 643 return 0; 644 } 645 646 static int cat_index(void *key, void *datum, void *datap) 647 { 648 struct policydb *p; 649 struct cat_datum *catdatum; 650 651 catdatum = datum; 652 p = datap; 653 654 if (!catdatum->isalias) { 655 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 656 return -EINVAL; 657 658 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 659 } 660 661 return 0; 662 } 663 664 /* clang-format off */ 665 static int (*const index_f[SYM_NUM])(void *key, void *datum, void *datap) = { 666 common_index, 667 class_index, 668 role_index, 669 type_index, 670 user_index, 671 cond_index_bool, 672 sens_index, 673 cat_index, 674 }; 675 /* clang-format on */ 676 677 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 678 static void hash_eval(struct hashtab *h, const char *hash_name, 679 const char *hash_details) 680 { 681 struct hashtab_info info; 682 683 hashtab_stat(h, &info); 684 pr_debug( 685 "SELinux: %s%s%s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n", 686 hash_name, hash_details ? "@" : "", hash_details ?: "", h->nel, 687 info.slots_used, h->size, info.max_chain_len, 688 info.chain2_len_sum); 689 } 690 691 static void symtab_hash_eval(struct symtab *s) 692 { 693 int i; 694 695 for (i = 0; i < SYM_NUM; i++) 696 hash_eval(&s[i].table, symtab_name[i], NULL); 697 } 698 699 #else 700 static inline void hash_eval(struct hashtab *h, const char *hash_name, 701 const char *hash_details) 702 { 703 } 704 static inline void symtab_hash_eval(struct symtab *s) 705 { 706 } 707 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ 708 709 /* 710 * Define the other val_to_name and val_to_struct arrays 711 * in a policy database structure. 712 * 713 * Caller must clean up on failure. 714 */ 715 static int policydb_index(struct policydb *p) 716 { 717 int i, rc; 718 719 if (p->mls_enabled) 720 pr_debug( 721 "SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 722 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 723 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 724 else 725 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 726 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 727 p->p_bools.nprim); 728 729 pr_debug("SELinux: %d classes, %d rules\n", p->p_classes.nprim, 730 p->te_avtab.nel); 731 732 avtab_hash_eval(&p->te_avtab, "rules"); 733 symtab_hash_eval(p->symtab); 734 735 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 736 sizeof(*p->class_val_to_struct), 737 GFP_KERNEL); 738 if (!p->class_val_to_struct) 739 return -ENOMEM; 740 741 p->role_val_to_struct = kcalloc( 742 p->p_roles.nprim, sizeof(*p->role_val_to_struct), GFP_KERNEL); 743 if (!p->role_val_to_struct) 744 return -ENOMEM; 745 746 p->user_val_to_struct = kcalloc( 747 p->p_users.nprim, sizeof(*p->user_val_to_struct), GFP_KERNEL); 748 if (!p->user_val_to_struct) 749 return -ENOMEM; 750 751 p->type_val_to_struct = kvcalloc( 752 p->p_types.nprim, sizeof(*p->type_val_to_struct), GFP_KERNEL); 753 if (!p->type_val_to_struct) 754 return -ENOMEM; 755 756 rc = cond_init_bool_indexes(p); 757 if (rc) 758 goto out; 759 760 for (i = 0; i < SYM_NUM; i++) { 761 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 762 sizeof(char *), GFP_KERNEL); 763 if (!p->sym_val_to_name[i]) 764 return -ENOMEM; 765 766 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 767 if (rc) 768 goto out; 769 } 770 rc = 0; 771 out: 772 return rc; 773 } 774 775 /* 776 * Free any memory allocated by a policy database structure. 777 */ 778 void policydb_destroy(struct policydb *p) 779 { 780 struct ocontext *c, *ctmp; 781 struct genfs *g, *gtmp; 782 u32 i; 783 struct role_allow *ra, *lra = NULL; 784 785 for (i = 0; i < SYM_NUM; i++) { 786 cond_resched(); 787 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 788 hashtab_destroy(&p->symtab[i].table); 789 } 790 791 for (i = 0; i < SYM_NUM; i++) 792 kvfree(p->sym_val_to_name[i]); 793 794 kfree(p->class_val_to_struct); 795 kfree(p->role_val_to_struct); 796 kfree(p->user_val_to_struct); 797 kvfree(p->type_val_to_struct); 798 799 avtab_destroy(&p->te_avtab); 800 801 for (i = 0; i < OCON_NUM; i++) { 802 cond_resched(); 803 c = p->ocontexts[i]; 804 while (c) { 805 ctmp = c; 806 c = c->next; 807 ocontext_destroy(ctmp, i); 808 } 809 p->ocontexts[i] = NULL; 810 } 811 812 g = p->genfs; 813 while (g) { 814 cond_resched(); 815 kfree(g->fstype); 816 c = g->head; 817 while (c) { 818 ctmp = c; 819 c = c->next; 820 ocontext_destroy(ctmp, OCON_FSUSE); 821 } 822 gtmp = g; 823 g = g->next; 824 kfree(gtmp); 825 } 826 p->genfs = NULL; 827 828 cond_policydb_destroy(p); 829 830 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 831 hashtab_destroy(&p->role_tr); 832 833 for (ra = p->role_allow; ra; ra = ra->next) { 834 cond_resched(); 835 kfree(lra); 836 lra = ra; 837 } 838 kfree(lra); 839 840 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 841 hashtab_destroy(&p->filename_trans); 842 843 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 844 hashtab_destroy(&p->range_tr); 845 846 if (p->type_attr_map_array) { 847 for (i = 0; i < p->p_types.nprim; i++) 848 ebitmap_destroy(&p->type_attr_map_array[i]); 849 kvfree(p->type_attr_map_array); 850 } 851 852 ebitmap_destroy(&p->filename_trans_ttypes); 853 ebitmap_destroy(&p->policycaps); 854 ebitmap_destroy(&p->permissive_map); 855 } 856 857 /* 858 * Load the initial SIDs specified in a policy database 859 * structure into a SID table. 860 */ 861 int policydb_load_isids(struct policydb *p, struct sidtab *s) 862 { 863 struct ocontext *head, *c; 864 bool isid_init; 865 int rc; 866 867 rc = sidtab_init(s); 868 if (rc) { 869 pr_err("SELinux: out of memory on SID table init\n"); 870 return rc; 871 } 872 873 isid_init = ebitmap_get_bit(&p->policycaps, 874 POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT); 875 876 head = p->ocontexts[OCON_ISID]; 877 for (c = head; c; c = c->next) { 878 u32 sid = c->sid[0]; 879 const char *name = security_get_initial_sid_context(sid); 880 881 if (sid == SECSID_NULL) { 882 pr_err("SELinux: SID 0 was assigned a context.\n"); 883 sidtab_destroy(s); 884 return -EINVAL; 885 } 886 887 /* Ignore initial SIDs unused by this kernel. */ 888 if (!name) 889 continue; 890 891 /* 892 * Also ignore SECINITSID_INIT if the policy doesn't declare 893 * support for it 894 */ 895 if (sid == SECINITSID_INIT && !isid_init) 896 continue; 897 898 rc = sidtab_set_initial(s, sid, &c->context[0]); 899 if (rc) { 900 pr_err("SELinux: unable to load initial SID %s.\n", 901 name); 902 sidtab_destroy(s); 903 return rc; 904 } 905 906 /* 907 * If the policy doesn't support the "userspace_initial_context" 908 * capability, set SECINITSID_INIT to the same context as 909 * SECINITSID_KERNEL. This ensures the same behavior as before 910 * the reintroduction of SECINITSID_INIT, where all tasks 911 * started before policy load would initially get the context 912 * corresponding to SECINITSID_KERNEL. 913 */ 914 if (sid == SECINITSID_KERNEL && !isid_init) { 915 rc = sidtab_set_initial(s, SECINITSID_INIT, 916 &c->context[0]); 917 if (rc) { 918 pr_err("SELinux: unable to load initial SID %s.\n", 919 name); 920 sidtab_destroy(s); 921 return rc; 922 } 923 } 924 } 925 return 0; 926 } 927 928 int policydb_class_isvalid(struct policydb *p, unsigned int class) 929 { 930 if (!class || class > p->p_classes.nprim) 931 return 0; 932 return 1; 933 } 934 935 int policydb_role_isvalid(struct policydb *p, unsigned int role) 936 { 937 if (!role || role > p->p_roles.nprim) 938 return 0; 939 return 1; 940 } 941 942 int policydb_type_isvalid(struct policydb *p, unsigned int type) 943 { 944 if (!type || type > p->p_types.nprim) 945 return 0; 946 return 1; 947 } 948 949 /* 950 * Return 1 if the fields in the security context 951 * structure `c' are valid. Return 0 otherwise. 952 */ 953 int policydb_context_isvalid(struct policydb *p, struct context *c) 954 { 955 struct role_datum *role; 956 struct user_datum *usrdatum; 957 958 if (!c->role || c->role > p->p_roles.nprim) 959 return 0; 960 961 if (!c->user || c->user > p->p_users.nprim) 962 return 0; 963 964 if (!c->type || c->type > p->p_types.nprim) 965 return 0; 966 967 if (c->role != OBJECT_R_VAL) { 968 /* 969 * Role must be authorized for the type. 970 */ 971 role = p->role_val_to_struct[c->role - 1]; 972 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 973 /* role may not be associated with type */ 974 return 0; 975 976 /* 977 * User must be authorized for the role. 978 */ 979 usrdatum = p->user_val_to_struct[c->user - 1]; 980 if (!usrdatum) 981 return 0; 982 983 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 984 /* user may not be associated with role */ 985 return 0; 986 } 987 988 if (!mls_context_isvalid(p, c)) 989 return 0; 990 991 return 1; 992 } 993 994 /* 995 * Read a MLS range structure from a policydb binary 996 * representation file. 997 */ 998 static int mls_read_range_helper(struct mls_range *r, struct policy_file *fp) 999 { 1000 __le32 buf[2]; 1001 u32 items; 1002 int rc; 1003 1004 rc = next_entry(buf, fp, sizeof(u32)); 1005 if (rc) 1006 goto out; 1007 1008 rc = -EINVAL; 1009 items = le32_to_cpu(buf[0]); 1010 if (items > ARRAY_SIZE(buf)) { 1011 pr_err("SELinux: mls: range overflow\n"); 1012 goto out; 1013 } 1014 1015 rc = next_entry(buf, fp, sizeof(u32) * items); 1016 if (rc) { 1017 pr_err("SELinux: mls: truncated range\n"); 1018 goto out; 1019 } 1020 1021 r->level[0].sens = le32_to_cpu(buf[0]); 1022 if (items > 1) 1023 r->level[1].sens = le32_to_cpu(buf[1]); 1024 else 1025 r->level[1].sens = r->level[0].sens; 1026 1027 rc = ebitmap_read(&r->level[0].cat, fp); 1028 if (rc) { 1029 pr_err("SELinux: mls: error reading low categories\n"); 1030 goto out; 1031 } 1032 if (items > 1) { 1033 rc = ebitmap_read(&r->level[1].cat, fp); 1034 if (rc) { 1035 pr_err("SELinux: mls: error reading high categories\n"); 1036 goto bad_high; 1037 } 1038 } else { 1039 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1040 if (rc) { 1041 pr_err("SELinux: mls: out of memory\n"); 1042 goto bad_high; 1043 } 1044 } 1045 1046 return 0; 1047 bad_high: 1048 ebitmap_destroy(&r->level[0].cat); 1049 out: 1050 return rc; 1051 } 1052 1053 /* 1054 * Read and validate a security context structure 1055 * from a policydb binary representation file. 1056 */ 1057 static int context_read_and_validate(struct context *c, struct policydb *p, 1058 struct policy_file *fp) 1059 { 1060 __le32 buf[3]; 1061 int rc; 1062 1063 rc = next_entry(buf, fp, sizeof buf); 1064 if (rc) { 1065 pr_err("SELinux: context truncated\n"); 1066 goto out; 1067 } 1068 c->user = le32_to_cpu(buf[0]); 1069 c->role = le32_to_cpu(buf[1]); 1070 c->type = le32_to_cpu(buf[2]); 1071 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1072 rc = mls_read_range_helper(&c->range, fp); 1073 if (rc) { 1074 pr_err("SELinux: error reading MLS range of context\n"); 1075 goto out; 1076 } 1077 } 1078 1079 rc = -EINVAL; 1080 if (!policydb_context_isvalid(p, c)) { 1081 pr_err("SELinux: invalid security context\n"); 1082 context_destroy(c); 1083 goto out; 1084 } 1085 rc = 0; 1086 out: 1087 return rc; 1088 } 1089 1090 /* 1091 * The following *_read functions are used to 1092 * read the symbol data from a policy database 1093 * binary representation file. 1094 */ 1095 1096 int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len) 1097 { 1098 int rc; 1099 char *str; 1100 1101 if ((len == 0) || (len == (u32)-1)) 1102 return -EINVAL; 1103 1104 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1105 if (!str) 1106 return -ENOMEM; 1107 1108 rc = next_entry(str, fp, len); 1109 if (rc) { 1110 kfree(str); 1111 return rc; 1112 } 1113 1114 str[len] = '\0'; 1115 *strp = str; 1116 return 0; 1117 } 1118 1119 static int perm_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1120 { 1121 char *key = NULL; 1122 struct perm_datum *perdatum; 1123 int rc; 1124 __le32 buf[2]; 1125 u32 len; 1126 1127 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1128 if (!perdatum) 1129 return -ENOMEM; 1130 1131 rc = next_entry(buf, fp, sizeof buf); 1132 if (rc) 1133 goto bad; 1134 1135 len = le32_to_cpu(buf[0]); 1136 perdatum->value = le32_to_cpu(buf[1]); 1137 1138 rc = str_read(&key, GFP_KERNEL, fp, len); 1139 if (rc) 1140 goto bad; 1141 1142 rc = symtab_insert(s, key, perdatum); 1143 if (rc) 1144 goto bad; 1145 1146 return 0; 1147 bad: 1148 perm_destroy(key, perdatum, NULL); 1149 return rc; 1150 } 1151 1152 static int common_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1153 { 1154 char *key = NULL; 1155 struct common_datum *comdatum; 1156 __le32 buf[4]; 1157 u32 i, len, nel; 1158 int rc; 1159 1160 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1161 if (!comdatum) 1162 return -ENOMEM; 1163 1164 rc = next_entry(buf, fp, sizeof buf); 1165 if (rc) 1166 goto bad; 1167 1168 len = le32_to_cpu(buf[0]); 1169 comdatum->value = le32_to_cpu(buf[1]); 1170 nel = le32_to_cpu(buf[3]); 1171 1172 rc = symtab_init(&comdatum->permissions, nel); 1173 if (rc) 1174 goto bad; 1175 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1176 1177 rc = str_read(&key, GFP_KERNEL, fp, len); 1178 if (rc) 1179 goto bad; 1180 1181 for (i = 0; i < nel; i++) { 1182 rc = perm_read(p, &comdatum->permissions, fp); 1183 if (rc) 1184 goto bad; 1185 } 1186 1187 hash_eval(&comdatum->permissions.table, "common_permissions", key); 1188 1189 rc = symtab_insert(s, key, comdatum); 1190 if (rc) 1191 goto bad; 1192 return 0; 1193 bad: 1194 common_destroy(key, comdatum, NULL); 1195 return rc; 1196 } 1197 1198 static void type_set_init(struct type_set *t) 1199 { 1200 ebitmap_init(&t->types); 1201 ebitmap_init(&t->negset); 1202 } 1203 1204 static int type_set_read(struct type_set *t, struct policy_file *fp) 1205 { 1206 __le32 buf[1]; 1207 int rc; 1208 1209 if (ebitmap_read(&t->types, fp)) 1210 return -EINVAL; 1211 if (ebitmap_read(&t->negset, fp)) 1212 return -EINVAL; 1213 1214 rc = next_entry(buf, fp, sizeof(u32)); 1215 if (rc < 0) 1216 return -EINVAL; 1217 t->flags = le32_to_cpu(buf[0]); 1218 1219 return 0; 1220 } 1221 1222 static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, 1223 u32 ncons, int allowxtarget, struct policy_file *fp) 1224 { 1225 struct constraint_node *c, *lc; 1226 struct constraint_expr *e, *le; 1227 __le32 buf[3]; 1228 u32 i, j, nexpr; 1229 int rc, depth; 1230 1231 lc = NULL; 1232 for (i = 0; i < ncons; i++) { 1233 c = kzalloc(sizeof(*c), GFP_KERNEL); 1234 if (!c) 1235 return -ENOMEM; 1236 1237 if (lc) 1238 lc->next = c; 1239 else 1240 *nodep = c; 1241 1242 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1243 if (rc) 1244 return rc; 1245 c->permissions = le32_to_cpu(buf[0]); 1246 nexpr = le32_to_cpu(buf[1]); 1247 le = NULL; 1248 depth = -1; 1249 for (j = 0; j < nexpr; j++) { 1250 e = kzalloc(sizeof(*e), GFP_KERNEL); 1251 if (!e) 1252 return -ENOMEM; 1253 1254 if (le) 1255 le->next = e; 1256 else 1257 c->expr = e; 1258 1259 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1260 if (rc) 1261 return rc; 1262 e->expr_type = le32_to_cpu(buf[0]); 1263 e->attr = le32_to_cpu(buf[1]); 1264 e->op = le32_to_cpu(buf[2]); 1265 1266 switch (e->expr_type) { 1267 case CEXPR_NOT: 1268 if (depth < 0) 1269 return -EINVAL; 1270 break; 1271 case CEXPR_AND: 1272 case CEXPR_OR: 1273 if (depth < 1) 1274 return -EINVAL; 1275 depth--; 1276 break; 1277 case CEXPR_ATTR: 1278 if (depth == (CEXPR_MAXDEPTH - 1)) 1279 return -EINVAL; 1280 depth++; 1281 break; 1282 case CEXPR_NAMES: 1283 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1284 return -EINVAL; 1285 if (depth == (CEXPR_MAXDEPTH - 1)) 1286 return -EINVAL; 1287 depth++; 1288 rc = ebitmap_read(&e->names, fp); 1289 if (rc) 1290 return rc; 1291 if (p->policyvers >= 1292 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1293 e->type_names = 1294 kzalloc(sizeof(*e->type_names), 1295 GFP_KERNEL); 1296 if (!e->type_names) 1297 return -ENOMEM; 1298 type_set_init(e->type_names); 1299 rc = type_set_read(e->type_names, fp); 1300 if (rc) 1301 return rc; 1302 } 1303 break; 1304 default: 1305 return -EINVAL; 1306 } 1307 le = e; 1308 } 1309 if (depth != 0) 1310 return -EINVAL; 1311 lc = c; 1312 } 1313 1314 return 0; 1315 } 1316 1317 static int class_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1318 { 1319 char *key = NULL; 1320 struct class_datum *cladatum; 1321 __le32 buf[6]; 1322 u32 i, len, len2, ncons, nel; 1323 int rc; 1324 1325 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1326 if (!cladatum) 1327 return -ENOMEM; 1328 1329 rc = next_entry(buf, fp, sizeof(u32) * 6); 1330 if (rc) 1331 goto bad; 1332 1333 len = le32_to_cpu(buf[0]); 1334 len2 = le32_to_cpu(buf[1]); 1335 cladatum->value = le32_to_cpu(buf[2]); 1336 nel = le32_to_cpu(buf[4]); 1337 1338 rc = symtab_init(&cladatum->permissions, nel); 1339 if (rc) 1340 goto bad; 1341 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1342 1343 ncons = le32_to_cpu(buf[5]); 1344 1345 rc = str_read(&key, GFP_KERNEL, fp, len); 1346 if (rc) 1347 goto bad; 1348 1349 if (len2) { 1350 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1351 if (rc) 1352 goto bad; 1353 1354 rc = -EINVAL; 1355 cladatum->comdatum = 1356 symtab_search(&p->p_commons, cladatum->comkey); 1357 if (!cladatum->comdatum) { 1358 pr_err("SELinux: unknown common %s\n", 1359 cladatum->comkey); 1360 goto bad; 1361 } 1362 } 1363 for (i = 0; i < nel; i++) { 1364 rc = perm_read(p, &cladatum->permissions, fp); 1365 if (rc) 1366 goto bad; 1367 } 1368 1369 hash_eval(&cladatum->permissions.table, "class_permissions", key); 1370 1371 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1372 if (rc) 1373 goto bad; 1374 1375 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1376 /* grab the validatetrans rules */ 1377 rc = next_entry(buf, fp, sizeof(u32)); 1378 if (rc) 1379 goto bad; 1380 ncons = le32_to_cpu(buf[0]); 1381 rc = read_cons_helper(p, &cladatum->validatetrans, ncons, 1, 1382 fp); 1383 if (rc) 1384 goto bad; 1385 } 1386 1387 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1388 rc = next_entry(buf, fp, sizeof(u32) * 3); 1389 if (rc) 1390 goto bad; 1391 1392 cladatum->default_user = le32_to_cpu(buf[0]); 1393 cladatum->default_role = le32_to_cpu(buf[1]); 1394 cladatum->default_range = le32_to_cpu(buf[2]); 1395 } 1396 1397 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1398 rc = next_entry(buf, fp, sizeof(u32) * 1); 1399 if (rc) 1400 goto bad; 1401 cladatum->default_type = le32_to_cpu(buf[0]); 1402 } 1403 1404 rc = symtab_insert(s, key, cladatum); 1405 if (rc) 1406 goto bad; 1407 1408 return 0; 1409 bad: 1410 cls_destroy(key, cladatum, NULL); 1411 return rc; 1412 } 1413 1414 static int role_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1415 { 1416 char *key = NULL; 1417 struct role_datum *role; 1418 int rc; 1419 unsigned int to_read = 2; 1420 __le32 buf[3]; 1421 u32 len; 1422 1423 role = kzalloc(sizeof(*role), GFP_KERNEL); 1424 if (!role) 1425 return -ENOMEM; 1426 1427 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1428 to_read = 3; 1429 1430 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1431 if (rc) 1432 goto bad; 1433 1434 len = le32_to_cpu(buf[0]); 1435 role->value = le32_to_cpu(buf[1]); 1436 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1437 role->bounds = le32_to_cpu(buf[2]); 1438 1439 rc = str_read(&key, GFP_KERNEL, fp, len); 1440 if (rc) 1441 goto bad; 1442 1443 rc = ebitmap_read(&role->dominates, fp); 1444 if (rc) 1445 goto bad; 1446 1447 rc = ebitmap_read(&role->types, fp); 1448 if (rc) 1449 goto bad; 1450 1451 if (strcmp(key, OBJECT_R) == 0) { 1452 rc = -EINVAL; 1453 if (role->value != OBJECT_R_VAL) { 1454 pr_err("SELinux: Role %s has wrong value %d\n", 1455 OBJECT_R, role->value); 1456 goto bad; 1457 } 1458 rc = 0; 1459 goto bad; 1460 } 1461 1462 rc = symtab_insert(s, key, role); 1463 if (rc) 1464 goto bad; 1465 return 0; 1466 bad: 1467 role_destroy(key, role, NULL); 1468 return rc; 1469 } 1470 1471 static int type_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1472 { 1473 char *key = NULL; 1474 struct type_datum *typdatum; 1475 int rc; 1476 unsigned int to_read = 3; 1477 __le32 buf[4]; 1478 u32 len; 1479 1480 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1481 if (!typdatum) 1482 return -ENOMEM; 1483 1484 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1485 to_read = 4; 1486 1487 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1488 if (rc) 1489 goto bad; 1490 1491 len = le32_to_cpu(buf[0]); 1492 typdatum->value = le32_to_cpu(buf[1]); 1493 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1494 u32 prop = le32_to_cpu(buf[2]); 1495 1496 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1497 typdatum->primary = 1; 1498 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1499 typdatum->attribute = 1; 1500 1501 typdatum->bounds = le32_to_cpu(buf[3]); 1502 } else { 1503 typdatum->primary = le32_to_cpu(buf[2]); 1504 } 1505 1506 rc = str_read(&key, GFP_KERNEL, fp, len); 1507 if (rc) 1508 goto bad; 1509 1510 rc = symtab_insert(s, key, typdatum); 1511 if (rc) 1512 goto bad; 1513 return 0; 1514 bad: 1515 type_destroy(key, typdatum, NULL); 1516 return rc; 1517 } 1518 1519 /* 1520 * Read a MLS level structure from a policydb binary 1521 * representation file. 1522 */ 1523 static int mls_read_level(struct mls_level *lp, struct policy_file *fp) 1524 { 1525 __le32 buf[1]; 1526 int rc; 1527 1528 memset(lp, 0, sizeof(*lp)); 1529 1530 rc = next_entry(buf, fp, sizeof buf); 1531 if (rc) { 1532 pr_err("SELinux: mls: truncated level\n"); 1533 return rc; 1534 } 1535 lp->sens = le32_to_cpu(buf[0]); 1536 1537 rc = ebitmap_read(&lp->cat, fp); 1538 if (rc) { 1539 pr_err("SELinux: mls: error reading level categories\n"); 1540 return rc; 1541 } 1542 return 0; 1543 } 1544 1545 static int user_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1546 { 1547 char *key = NULL; 1548 struct user_datum *usrdatum; 1549 int rc; 1550 unsigned int to_read = 2; 1551 __le32 buf[3]; 1552 u32 len; 1553 1554 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1555 if (!usrdatum) 1556 return -ENOMEM; 1557 1558 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1559 to_read = 3; 1560 1561 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1562 if (rc) 1563 goto bad; 1564 1565 len = le32_to_cpu(buf[0]); 1566 usrdatum->value = le32_to_cpu(buf[1]); 1567 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1568 usrdatum->bounds = le32_to_cpu(buf[2]); 1569 1570 rc = str_read(&key, GFP_KERNEL, fp, len); 1571 if (rc) 1572 goto bad; 1573 1574 rc = ebitmap_read(&usrdatum->roles, fp); 1575 if (rc) 1576 goto bad; 1577 1578 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1579 rc = mls_read_range_helper(&usrdatum->range, fp); 1580 if (rc) 1581 goto bad; 1582 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1583 if (rc) 1584 goto bad; 1585 } 1586 1587 rc = symtab_insert(s, key, usrdatum); 1588 if (rc) 1589 goto bad; 1590 return 0; 1591 bad: 1592 user_destroy(key, usrdatum, NULL); 1593 return rc; 1594 } 1595 1596 static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1597 { 1598 char *key = NULL; 1599 struct level_datum *levdatum; 1600 int rc; 1601 __le32 buf[2]; 1602 u32 len; 1603 1604 levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); 1605 if (!levdatum) 1606 return -ENOMEM; 1607 1608 rc = next_entry(buf, fp, sizeof buf); 1609 if (rc) 1610 goto bad; 1611 1612 len = le32_to_cpu(buf[0]); 1613 levdatum->isalias = le32_to_cpu(buf[1]); 1614 1615 rc = str_read(&key, GFP_KERNEL, fp, len); 1616 if (rc) 1617 goto bad; 1618 1619 rc = mls_read_level(&levdatum->level, fp); 1620 if (rc) 1621 goto bad; 1622 1623 rc = symtab_insert(s, key, levdatum); 1624 if (rc) 1625 goto bad; 1626 return 0; 1627 bad: 1628 sens_destroy(key, levdatum, NULL); 1629 return rc; 1630 } 1631 1632 static int cat_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1633 { 1634 char *key = NULL; 1635 struct cat_datum *catdatum; 1636 int rc; 1637 __le32 buf[3]; 1638 u32 len; 1639 1640 catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); 1641 if (!catdatum) 1642 return -ENOMEM; 1643 1644 rc = next_entry(buf, fp, sizeof buf); 1645 if (rc) 1646 goto bad; 1647 1648 len = le32_to_cpu(buf[0]); 1649 catdatum->value = le32_to_cpu(buf[1]); 1650 catdatum->isalias = le32_to_cpu(buf[2]); 1651 1652 rc = str_read(&key, GFP_KERNEL, fp, len); 1653 if (rc) 1654 goto bad; 1655 1656 rc = symtab_insert(s, key, catdatum); 1657 if (rc) 1658 goto bad; 1659 return 0; 1660 bad: 1661 cat_destroy(key, catdatum, NULL); 1662 return rc; 1663 } 1664 1665 /* clang-format off */ 1666 static int (*const read_f[SYM_NUM])(struct policydb *p, struct symtab *s, 1667 struct policy_file *fp) = { 1668 common_read, 1669 class_read, 1670 role_read, 1671 type_read, 1672 user_read, 1673 cond_read_bool, 1674 sens_read, 1675 cat_read, 1676 }; 1677 /* clang-format on */ 1678 1679 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1680 { 1681 struct user_datum *upper, *user; 1682 struct policydb *p = datap; 1683 int depth = 0; 1684 1685 upper = user = datum; 1686 while (upper->bounds) { 1687 struct ebitmap_node *node; 1688 u32 bit; 1689 1690 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1691 pr_err("SELinux: user %s: " 1692 "too deep or looped boundary\n", 1693 (char *)key); 1694 return -EINVAL; 1695 } 1696 1697 upper = p->user_val_to_struct[upper->bounds - 1]; 1698 ebitmap_for_each_positive_bit(&user->roles, node, bit) 1699 { 1700 if (ebitmap_get_bit(&upper->roles, bit)) 1701 continue; 1702 1703 pr_err("SELinux: boundary violated policy: " 1704 "user=%s role=%s bounds=%s\n", 1705 sym_name(p, SYM_USERS, user->value - 1), 1706 sym_name(p, SYM_ROLES, bit), 1707 sym_name(p, SYM_USERS, upper->value - 1)); 1708 1709 return -EINVAL; 1710 } 1711 } 1712 1713 return 0; 1714 } 1715 1716 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1717 { 1718 struct role_datum *upper, *role; 1719 struct policydb *p = datap; 1720 int depth = 0; 1721 1722 upper = role = datum; 1723 while (upper->bounds) { 1724 struct ebitmap_node *node; 1725 u32 bit; 1726 1727 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1728 pr_err("SELinux: role %s: " 1729 "too deep or looped bounds\n", 1730 (char *)key); 1731 return -EINVAL; 1732 } 1733 1734 upper = p->role_val_to_struct[upper->bounds - 1]; 1735 ebitmap_for_each_positive_bit(&role->types, node, bit) 1736 { 1737 if (ebitmap_get_bit(&upper->types, bit)) 1738 continue; 1739 1740 pr_err("SELinux: boundary violated policy: " 1741 "role=%s type=%s bounds=%s\n", 1742 sym_name(p, SYM_ROLES, role->value - 1), 1743 sym_name(p, SYM_TYPES, bit), 1744 sym_name(p, SYM_ROLES, upper->value - 1)); 1745 1746 return -EINVAL; 1747 } 1748 } 1749 1750 return 0; 1751 } 1752 1753 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1754 { 1755 struct type_datum *upper; 1756 struct policydb *p = datap; 1757 int depth = 0; 1758 1759 upper = datum; 1760 while (upper->bounds) { 1761 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1762 pr_err("SELinux: type %s: " 1763 "too deep or looped boundary\n", 1764 (char *)key); 1765 return -EINVAL; 1766 } 1767 1768 upper = p->type_val_to_struct[upper->bounds - 1]; 1769 BUG_ON(!upper); 1770 1771 if (upper->attribute) { 1772 pr_err("SELinux: type %s: " 1773 "bounded by attribute %s\n", 1774 (char *)key, 1775 sym_name(p, SYM_TYPES, upper->value - 1)); 1776 return -EINVAL; 1777 } 1778 } 1779 1780 return 0; 1781 } 1782 1783 static int policydb_bounds_sanity_check(struct policydb *p) 1784 { 1785 int rc; 1786 1787 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1788 return 0; 1789 1790 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1791 if (rc) 1792 return rc; 1793 1794 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1795 if (rc) 1796 return rc; 1797 1798 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1799 if (rc) 1800 return rc; 1801 1802 return 0; 1803 } 1804 1805 u16 string_to_security_class(struct policydb *p, const char *name) 1806 { 1807 struct class_datum *cladatum; 1808 1809 cladatum = symtab_search(&p->p_classes, name); 1810 if (!cladatum) 1811 return 0; 1812 1813 return cladatum->value; 1814 } 1815 1816 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1817 { 1818 struct class_datum *cladatum; 1819 struct perm_datum *perdatum = NULL; 1820 struct common_datum *comdatum; 1821 1822 if (!tclass || tclass > p->p_classes.nprim) 1823 return 0; 1824 1825 cladatum = p->class_val_to_struct[tclass - 1]; 1826 comdatum = cladatum->comdatum; 1827 if (comdatum) 1828 perdatum = symtab_search(&comdatum->permissions, name); 1829 if (!perdatum) 1830 perdatum = symtab_search(&cladatum->permissions, name); 1831 if (!perdatum) 1832 return 0; 1833 1834 return 1U << (perdatum->value - 1); 1835 } 1836 1837 static int range_read(struct policydb *p, struct policy_file *fp) 1838 { 1839 struct range_trans *rt = NULL; 1840 struct mls_range *r = NULL; 1841 int rc; 1842 __le32 buf[2]; 1843 u32 i, nel; 1844 1845 if (p->policyvers < POLICYDB_VERSION_MLS) 1846 return 0; 1847 1848 rc = next_entry(buf, fp, sizeof(u32)); 1849 if (rc) 1850 return rc; 1851 1852 nel = le32_to_cpu(buf[0]); 1853 1854 rc = hashtab_init(&p->range_tr, nel); 1855 if (rc) 1856 return rc; 1857 1858 for (i = 0; i < nel; i++) { 1859 rc = -ENOMEM; 1860 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1861 if (!rt) 1862 goto out; 1863 1864 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1865 if (rc) 1866 goto out; 1867 1868 rt->source_type = le32_to_cpu(buf[0]); 1869 rt->target_type = le32_to_cpu(buf[1]); 1870 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1871 rc = next_entry(buf, fp, sizeof(u32)); 1872 if (rc) 1873 goto out; 1874 rt->target_class = le32_to_cpu(buf[0]); 1875 } else 1876 rt->target_class = p->process_class; 1877 1878 rc = -EINVAL; 1879 if (!policydb_type_isvalid(p, rt->source_type) || 1880 !policydb_type_isvalid(p, rt->target_type) || 1881 !policydb_class_isvalid(p, rt->target_class)) 1882 goto out; 1883 1884 rc = -ENOMEM; 1885 r = kzalloc(sizeof(*r), GFP_KERNEL); 1886 if (!r) 1887 goto out; 1888 1889 rc = mls_read_range_helper(r, fp); 1890 if (rc) 1891 goto out; 1892 1893 rc = -EINVAL; 1894 if (!mls_range_isvalid(p, r)) { 1895 pr_warn("SELinux: rangetrans: invalid range\n"); 1896 goto out; 1897 } 1898 1899 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1900 if (rc) 1901 goto out; 1902 1903 rt = NULL; 1904 r = NULL; 1905 } 1906 hash_eval(&p->range_tr, "rangetr", NULL); 1907 rc = 0; 1908 out: 1909 kfree(rt); 1910 kfree(r); 1911 return rc; 1912 } 1913 1914 static int filename_trans_read_helper_compat(struct policydb *p, struct policy_file *fp) 1915 { 1916 struct filename_trans_key key, *ft = NULL; 1917 struct filename_trans_datum *last, *datum = NULL; 1918 char *name = NULL; 1919 u32 len, stype, otype; 1920 __le32 buf[4]; 1921 int rc; 1922 1923 /* length of the path component string */ 1924 rc = next_entry(buf, fp, sizeof(u32)); 1925 if (rc) 1926 return rc; 1927 len = le32_to_cpu(buf[0]); 1928 1929 /* path component string */ 1930 rc = str_read(&name, GFP_KERNEL, fp, len); 1931 if (rc) 1932 return rc; 1933 1934 rc = next_entry(buf, fp, sizeof(u32) * 4); 1935 if (rc) 1936 goto out; 1937 1938 stype = le32_to_cpu(buf[0]); 1939 key.ttype = le32_to_cpu(buf[1]); 1940 key.tclass = le32_to_cpu(buf[2]); 1941 key.name = name; 1942 1943 otype = le32_to_cpu(buf[3]); 1944 1945 last = NULL; 1946 datum = policydb_filenametr_search(p, &key); 1947 while (datum) { 1948 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1949 /* conflicting/duplicate rules are ignored */ 1950 datum = NULL; 1951 rc = 0; 1952 goto out; 1953 } 1954 if (likely(datum->otype == otype)) 1955 break; 1956 last = datum; 1957 datum = datum->next; 1958 } 1959 if (!datum) { 1960 rc = -ENOMEM; 1961 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1962 if (!datum) 1963 goto out; 1964 1965 ebitmap_init(&datum->stypes); 1966 datum->otype = otype; 1967 datum->next = NULL; 1968 1969 if (unlikely(last)) { 1970 last->next = datum; 1971 } else { 1972 rc = -ENOMEM; 1973 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1974 if (!ft) 1975 goto out; 1976 1977 rc = hashtab_insert(&p->filename_trans, ft, datum, 1978 filenametr_key_params); 1979 if (rc) 1980 goto out; 1981 name = NULL; 1982 1983 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1984 key.ttype, 1); 1985 if (rc) 1986 return rc; 1987 } 1988 } 1989 kfree(name); 1990 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1991 1992 out: 1993 kfree(ft); 1994 kfree(name); 1995 kfree(datum); 1996 return rc; 1997 } 1998 1999 static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp) 2000 { 2001 struct filename_trans_key *ft = NULL; 2002 struct filename_trans_datum **dst, *datum, *first = NULL; 2003 char *name = NULL; 2004 u32 len, ttype, tclass, ndatum, i; 2005 __le32 buf[3]; 2006 int rc; 2007 2008 /* length of the path component string */ 2009 rc = next_entry(buf, fp, sizeof(u32)); 2010 if (rc) 2011 return rc; 2012 len = le32_to_cpu(buf[0]); 2013 2014 /* path component string */ 2015 rc = str_read(&name, GFP_KERNEL, fp, len); 2016 if (rc) 2017 return rc; 2018 2019 rc = next_entry(buf, fp, sizeof(u32) * 3); 2020 if (rc) 2021 goto out; 2022 2023 ttype = le32_to_cpu(buf[0]); 2024 tclass = le32_to_cpu(buf[1]); 2025 2026 ndatum = le32_to_cpu(buf[2]); 2027 if (ndatum == 0) { 2028 pr_err("SELinux: Filename transition key with no datum\n"); 2029 rc = -ENOENT; 2030 goto out; 2031 } 2032 2033 dst = &first; 2034 for (i = 0; i < ndatum; i++) { 2035 rc = -ENOMEM; 2036 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2037 if (!datum) 2038 goto out; 2039 2040 datum->next = NULL; 2041 *dst = datum; 2042 2043 /* ebitmap_read() will at least init the bitmap */ 2044 rc = ebitmap_read(&datum->stypes, fp); 2045 if (rc) 2046 goto out; 2047 2048 rc = next_entry(buf, fp, sizeof(u32)); 2049 if (rc) 2050 goto out; 2051 2052 datum->otype = le32_to_cpu(buf[0]); 2053 2054 dst = &datum->next; 2055 } 2056 2057 rc = -ENOMEM; 2058 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2059 if (!ft) 2060 goto out; 2061 2062 ft->ttype = ttype; 2063 ft->tclass = tclass; 2064 ft->name = name; 2065 2066 rc = hashtab_insert(&p->filename_trans, ft, first, 2067 filenametr_key_params); 2068 if (rc == -EEXIST) 2069 pr_err("SELinux: Duplicate filename transition key\n"); 2070 if (rc) 2071 goto out; 2072 2073 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2074 2075 out: 2076 kfree(ft); 2077 kfree(name); 2078 while (first) { 2079 datum = first; 2080 first = first->next; 2081 2082 ebitmap_destroy(&datum->stypes); 2083 kfree(datum); 2084 } 2085 return rc; 2086 } 2087 2088 static int filename_trans_read(struct policydb *p, struct policy_file *fp) 2089 { 2090 u32 nel, i; 2091 __le32 buf[1]; 2092 int rc; 2093 2094 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2095 return 0; 2096 2097 rc = next_entry(buf, fp, sizeof(u32)); 2098 if (rc) 2099 return rc; 2100 nel = le32_to_cpu(buf[0]); 2101 2102 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2103 p->compat_filename_trans_count = nel; 2104 2105 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2106 if (rc) 2107 return rc; 2108 2109 for (i = 0; i < nel; i++) { 2110 rc = filename_trans_read_helper_compat(p, fp); 2111 if (rc) 2112 return rc; 2113 } 2114 } else { 2115 rc = hashtab_init(&p->filename_trans, nel); 2116 if (rc) 2117 return rc; 2118 2119 for (i = 0; i < nel; i++) { 2120 rc = filename_trans_read_helper(p, fp); 2121 if (rc) 2122 return rc; 2123 } 2124 } 2125 hash_eval(&p->filename_trans, "filenametr", NULL); 2126 return 0; 2127 } 2128 2129 static int genfs_read(struct policydb *p, struct policy_file *fp) 2130 { 2131 int rc; 2132 u32 i, j, nel, nel2, len, len2; 2133 __le32 buf[1]; 2134 struct ocontext *l, *c; 2135 struct ocontext *newc = NULL; 2136 struct genfs *genfs_p, *genfs; 2137 struct genfs *newgenfs = NULL; 2138 2139 rc = next_entry(buf, fp, sizeof(u32)); 2140 if (rc) 2141 return rc; 2142 nel = le32_to_cpu(buf[0]); 2143 2144 for (i = 0; i < nel; i++) { 2145 rc = next_entry(buf, fp, sizeof(u32)); 2146 if (rc) 2147 goto out; 2148 len = le32_to_cpu(buf[0]); 2149 2150 rc = -ENOMEM; 2151 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2152 if (!newgenfs) 2153 goto out; 2154 2155 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2156 if (rc) 2157 goto out; 2158 2159 for (genfs_p = NULL, genfs = p->genfs; genfs; 2160 genfs_p = genfs, genfs = genfs->next) { 2161 rc = -EINVAL; 2162 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2163 pr_err("SELinux: dup genfs fstype %s\n", 2164 newgenfs->fstype); 2165 goto out; 2166 } 2167 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2168 break; 2169 } 2170 newgenfs->next = genfs; 2171 if (genfs_p) 2172 genfs_p->next = newgenfs; 2173 else 2174 p->genfs = newgenfs; 2175 genfs = newgenfs; 2176 newgenfs = NULL; 2177 2178 rc = next_entry(buf, fp, sizeof(u32)); 2179 if (rc) 2180 goto out; 2181 2182 nel2 = le32_to_cpu(buf[0]); 2183 for (j = 0; j < nel2; j++) { 2184 rc = next_entry(buf, fp, sizeof(u32)); 2185 if (rc) 2186 goto out; 2187 len = le32_to_cpu(buf[0]); 2188 2189 rc = -ENOMEM; 2190 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2191 if (!newc) 2192 goto out; 2193 2194 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2195 if (rc) 2196 goto out; 2197 2198 rc = next_entry(buf, fp, sizeof(u32)); 2199 if (rc) 2200 goto out; 2201 2202 newc->v.sclass = le32_to_cpu(buf[0]); 2203 rc = context_read_and_validate(&newc->context[0], p, 2204 fp); 2205 if (rc) 2206 goto out; 2207 2208 for (l = NULL, c = genfs->head; c; l = c, c = c->next) { 2209 rc = -EINVAL; 2210 if (!strcmp(newc->u.name, c->u.name) && 2211 (!c->v.sclass || !newc->v.sclass || 2212 newc->v.sclass == c->v.sclass)) { 2213 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2214 genfs->fstype, c->u.name); 2215 goto out; 2216 } 2217 len = strlen(newc->u.name); 2218 len2 = strlen(c->u.name); 2219 if (len > len2) 2220 break; 2221 } 2222 2223 newc->next = c; 2224 if (l) 2225 l->next = newc; 2226 else 2227 genfs->head = newc; 2228 newc = NULL; 2229 } 2230 } 2231 rc = 0; 2232 out: 2233 if (newgenfs) { 2234 kfree(newgenfs->fstype); 2235 kfree(newgenfs); 2236 } 2237 ocontext_destroy(newc, OCON_FSUSE); 2238 2239 return rc; 2240 } 2241 2242 static int ocontext_read(struct policydb *p, 2243 const struct policydb_compat_info *info, struct policy_file *fp) 2244 { 2245 int rc; 2246 unsigned int i; 2247 u32 j, nel, len; 2248 __be64 prefixbuf[1]; 2249 __le32 buf[3]; 2250 struct ocontext *l, *c; 2251 u32 nodebuf[8]; 2252 2253 for (i = 0; i < info->ocon_num; i++) { 2254 rc = next_entry(buf, fp, sizeof(u32)); 2255 if (rc) 2256 goto out; 2257 nel = le32_to_cpu(buf[0]); 2258 2259 l = NULL; 2260 for (j = 0; j < nel; j++) { 2261 rc = -ENOMEM; 2262 c = kzalloc(sizeof(*c), GFP_KERNEL); 2263 if (!c) 2264 goto out; 2265 if (l) 2266 l->next = c; 2267 else 2268 p->ocontexts[i] = c; 2269 l = c; 2270 2271 switch (i) { 2272 case OCON_ISID: 2273 rc = next_entry(buf, fp, sizeof(u32)); 2274 if (rc) 2275 goto out; 2276 2277 c->sid[0] = le32_to_cpu(buf[0]); 2278 rc = context_read_and_validate(&c->context[0], 2279 p, fp); 2280 if (rc) 2281 goto out; 2282 break; 2283 case OCON_FS: 2284 case OCON_NETIF: 2285 rc = next_entry(buf, fp, sizeof(u32)); 2286 if (rc) 2287 goto out; 2288 len = le32_to_cpu(buf[0]); 2289 2290 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2291 if (rc) 2292 goto out; 2293 2294 if (i == OCON_FS) 2295 pr_warn("SELinux: void and deprecated fs ocon %s\n", 2296 c->u.name); 2297 2298 rc = context_read_and_validate(&c->context[0], 2299 p, fp); 2300 if (rc) 2301 goto out; 2302 rc = context_read_and_validate(&c->context[1], 2303 p, fp); 2304 if (rc) 2305 goto out; 2306 break; 2307 case OCON_PORT: 2308 rc = next_entry(buf, fp, sizeof(u32) * 3); 2309 if (rc) 2310 goto out; 2311 c->u.port.protocol = le32_to_cpu(buf[0]); 2312 c->u.port.low_port = le32_to_cpu(buf[1]); 2313 c->u.port.high_port = le32_to_cpu(buf[2]); 2314 rc = context_read_and_validate(&c->context[0], 2315 p, fp); 2316 if (rc) 2317 goto out; 2318 break; 2319 case OCON_NODE: 2320 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2321 if (rc) 2322 goto out; 2323 c->u.node.addr = nodebuf[0]; /* network order */ 2324 c->u.node.mask = nodebuf[1]; /* network order */ 2325 rc = context_read_and_validate(&c->context[0], 2326 p, fp); 2327 if (rc) 2328 goto out; 2329 break; 2330 case OCON_FSUSE: 2331 rc = next_entry(buf, fp, sizeof(u32) * 2); 2332 if (rc) 2333 goto out; 2334 2335 rc = -EINVAL; 2336 c->v.behavior = le32_to_cpu(buf[0]); 2337 /* Determined at runtime, not in policy DB. */ 2338 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2339 goto out; 2340 if (c->v.behavior > SECURITY_FS_USE_MAX) 2341 goto out; 2342 2343 len = le32_to_cpu(buf[1]); 2344 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2345 if (rc) 2346 goto out; 2347 2348 rc = context_read_and_validate(&c->context[0], 2349 p, fp); 2350 if (rc) 2351 goto out; 2352 break; 2353 case OCON_NODE6: { 2354 int k; 2355 2356 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2357 if (rc) 2358 goto out; 2359 for (k = 0; k < 4; k++) 2360 c->u.node6.addr[k] = nodebuf[k]; 2361 for (k = 0; k < 4; k++) 2362 c->u.node6.mask[k] = nodebuf[k + 4]; 2363 rc = context_read_and_validate(&c->context[0], 2364 p, fp); 2365 if (rc) 2366 goto out; 2367 break; 2368 } 2369 case OCON_IBPKEY: { 2370 u32 pkey_lo, pkey_hi; 2371 2372 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2373 if (rc) 2374 goto out; 2375 2376 /* we need to have subnet_prefix in CPU order */ 2377 c->u.ibpkey.subnet_prefix = 2378 be64_to_cpu(prefixbuf[0]); 2379 2380 rc = next_entry(buf, fp, sizeof(u32) * 2); 2381 if (rc) 2382 goto out; 2383 2384 pkey_lo = le32_to_cpu(buf[0]); 2385 pkey_hi = le32_to_cpu(buf[1]); 2386 2387 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2388 rc = -EINVAL; 2389 goto out; 2390 } 2391 2392 c->u.ibpkey.low_pkey = pkey_lo; 2393 c->u.ibpkey.high_pkey = pkey_hi; 2394 2395 rc = context_read_and_validate(&c->context[0], 2396 p, fp); 2397 if (rc) 2398 goto out; 2399 break; 2400 } 2401 case OCON_IBENDPORT: { 2402 u32 port; 2403 2404 rc = next_entry(buf, fp, sizeof(u32) * 2); 2405 if (rc) 2406 goto out; 2407 len = le32_to_cpu(buf[0]); 2408 2409 rc = str_read(&c->u.ibendport.dev_name, 2410 GFP_KERNEL, fp, len); 2411 if (rc) 2412 goto out; 2413 2414 port = le32_to_cpu(buf[1]); 2415 if (port > U8_MAX || port == 0) { 2416 rc = -EINVAL; 2417 goto out; 2418 } 2419 2420 c->u.ibendport.port = port; 2421 2422 rc = context_read_and_validate(&c->context[0], 2423 p, fp); 2424 if (rc) 2425 goto out; 2426 break; 2427 } /* end case */ 2428 } /* end switch */ 2429 } 2430 } 2431 rc = 0; 2432 out: 2433 return rc; 2434 } 2435 2436 /* 2437 * Read the configuration data from a policy database binary 2438 * representation file into a policy database structure. 2439 */ 2440 int policydb_read(struct policydb *p, struct policy_file *fp) 2441 { 2442 struct role_allow *ra, *lra; 2443 struct role_trans_key *rtk = NULL; 2444 struct role_trans_datum *rtd = NULL; 2445 int rc; 2446 __le32 buf[4]; 2447 u32 i, j, len, nprim, nel, perm; 2448 2449 char *policydb_str; 2450 const struct policydb_compat_info *info; 2451 2452 policydb_init(p); 2453 2454 /* Read the magic number and string length. */ 2455 rc = next_entry(buf, fp, sizeof(u32) * 2); 2456 if (rc) 2457 goto bad; 2458 2459 rc = -EINVAL; 2460 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2461 pr_err("SELinux: policydb magic number 0x%x does " 2462 "not match expected magic number 0x%x\n", 2463 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2464 goto bad; 2465 } 2466 2467 rc = -EINVAL; 2468 len = le32_to_cpu(buf[1]); 2469 if (len != strlen(POLICYDB_STRING)) { 2470 pr_err("SELinux: policydb string length %d does not " 2471 "match expected length %zu\n", 2472 len, strlen(POLICYDB_STRING)); 2473 goto bad; 2474 } 2475 2476 rc = str_read(&policydb_str, GFP_KERNEL, fp, len); 2477 if (rc) { 2478 if (rc == -ENOMEM) { 2479 pr_err("SELinux: unable to allocate memory for policydb string of length %d\n", 2480 len); 2481 } else { 2482 pr_err("SELinux: truncated policydb string identifier\n"); 2483 } 2484 goto bad; 2485 } 2486 2487 rc = -EINVAL; 2488 if (strcmp(policydb_str, POLICYDB_STRING)) { 2489 pr_err("SELinux: policydb string %s does not match " 2490 "my string %s\n", 2491 policydb_str, POLICYDB_STRING); 2492 kfree(policydb_str); 2493 goto bad; 2494 } 2495 /* Done with policydb_str. */ 2496 kfree(policydb_str); 2497 policydb_str = NULL; 2498 2499 /* Read the version and table sizes. */ 2500 rc = next_entry(buf, fp, sizeof(u32) * 4); 2501 if (rc) 2502 goto bad; 2503 2504 rc = -EINVAL; 2505 p->policyvers = le32_to_cpu(buf[0]); 2506 if (p->policyvers < POLICYDB_VERSION_MIN || 2507 p->policyvers > POLICYDB_VERSION_MAX) { 2508 pr_err("SELinux: policydb version %d does not match " 2509 "my version range %d-%d\n", 2510 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, 2511 POLICYDB_VERSION_MAX); 2512 goto bad; 2513 } 2514 2515 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2516 p->mls_enabled = 1; 2517 2518 rc = -EINVAL; 2519 if (p->policyvers < POLICYDB_VERSION_MLS) { 2520 pr_err("SELinux: security policydb version %d " 2521 "(MLS) not backwards compatible\n", 2522 p->policyvers); 2523 goto bad; 2524 } 2525 } 2526 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2527 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2528 2529 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2530 rc = ebitmap_read(&p->policycaps, fp); 2531 if (rc) 2532 goto bad; 2533 } 2534 2535 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2536 rc = ebitmap_read(&p->permissive_map, fp); 2537 if (rc) 2538 goto bad; 2539 } 2540 2541 rc = -EINVAL; 2542 info = policydb_lookup_compat(p->policyvers); 2543 if (!info) { 2544 pr_err("SELinux: unable to find policy compat info " 2545 "for version %d\n", 2546 p->policyvers); 2547 goto bad; 2548 } 2549 2550 rc = -EINVAL; 2551 if (le32_to_cpu(buf[2]) != info->sym_num || 2552 le32_to_cpu(buf[3]) != info->ocon_num) { 2553 pr_err("SELinux: policydb table sizes (%d,%d) do " 2554 "not match mine (%d,%d)\n", 2555 le32_to_cpu(buf[2]), le32_to_cpu(buf[3]), info->sym_num, 2556 info->ocon_num); 2557 goto bad; 2558 } 2559 2560 for (i = 0; i < info->sym_num; i++) { 2561 rc = next_entry(buf, fp, sizeof(u32) * 2); 2562 if (rc) 2563 goto bad; 2564 nprim = le32_to_cpu(buf[0]); 2565 nel = le32_to_cpu(buf[1]); 2566 2567 rc = symtab_init(&p->symtab[i], nel); 2568 if (rc) 2569 goto out; 2570 2571 if (i == SYM_ROLES) { 2572 rc = roles_init(p); 2573 if (rc) 2574 goto out; 2575 } 2576 2577 for (j = 0; j < nel; j++) { 2578 rc = read_f[i](p, &p->symtab[i], fp); 2579 if (rc) 2580 goto bad; 2581 } 2582 2583 p->symtab[i].nprim = nprim; 2584 } 2585 2586 rc = -EINVAL; 2587 p->process_class = string_to_security_class(p, "process"); 2588 if (!p->process_class) { 2589 pr_err("SELinux: process class is required, not defined in policy\n"); 2590 goto bad; 2591 } 2592 2593 rc = avtab_read(&p->te_avtab, fp, p); 2594 if (rc) 2595 goto bad; 2596 2597 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2598 rc = cond_read_list(p, fp); 2599 if (rc) 2600 goto bad; 2601 } 2602 2603 rc = next_entry(buf, fp, sizeof(u32)); 2604 if (rc) 2605 goto bad; 2606 nel = le32_to_cpu(buf[0]); 2607 2608 rc = hashtab_init(&p->role_tr, nel); 2609 if (rc) 2610 goto bad; 2611 for (i = 0; i < nel; i++) { 2612 rc = -ENOMEM; 2613 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2614 if (!rtk) 2615 goto bad; 2616 2617 rc = -ENOMEM; 2618 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2619 if (!rtd) 2620 goto bad; 2621 2622 rc = next_entry(buf, fp, sizeof(u32) * 3); 2623 if (rc) 2624 goto bad; 2625 2626 rtk->role = le32_to_cpu(buf[0]); 2627 rtk->type = le32_to_cpu(buf[1]); 2628 rtd->new_role = le32_to_cpu(buf[2]); 2629 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2630 rc = next_entry(buf, fp, sizeof(u32)); 2631 if (rc) 2632 goto bad; 2633 rtk->tclass = le32_to_cpu(buf[0]); 2634 } else 2635 rtk->tclass = p->process_class; 2636 2637 rc = -EINVAL; 2638 if (!policydb_role_isvalid(p, rtk->role) || 2639 !policydb_type_isvalid(p, rtk->type) || 2640 !policydb_class_isvalid(p, rtk->tclass) || 2641 !policydb_role_isvalid(p, rtd->new_role)) 2642 goto bad; 2643 2644 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2645 if (rc) 2646 goto bad; 2647 2648 rtk = NULL; 2649 rtd = NULL; 2650 } 2651 2652 hash_eval(&p->role_tr, "roletr", NULL); 2653 2654 rc = next_entry(buf, fp, sizeof(u32)); 2655 if (rc) 2656 goto bad; 2657 nel = le32_to_cpu(buf[0]); 2658 lra = NULL; 2659 for (i = 0; i < nel; i++) { 2660 rc = -ENOMEM; 2661 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2662 if (!ra) 2663 goto bad; 2664 if (lra) 2665 lra->next = ra; 2666 else 2667 p->role_allow = ra; 2668 rc = next_entry(buf, fp, sizeof(u32) * 2); 2669 if (rc) 2670 goto bad; 2671 2672 rc = -EINVAL; 2673 ra->role = le32_to_cpu(buf[0]); 2674 ra->new_role = le32_to_cpu(buf[1]); 2675 if (!policydb_role_isvalid(p, ra->role) || 2676 !policydb_role_isvalid(p, ra->new_role)) 2677 goto bad; 2678 lra = ra; 2679 } 2680 2681 rc = filename_trans_read(p, fp); 2682 if (rc) 2683 goto bad; 2684 2685 rc = policydb_index(p); 2686 if (rc) 2687 goto bad; 2688 2689 rc = -EINVAL; 2690 perm = string_to_av_perm(p, p->process_class, "transition"); 2691 if (!perm) { 2692 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2693 goto bad; 2694 } 2695 p->process_trans_perms = perm; 2696 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2697 if (!perm) { 2698 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2699 goto bad; 2700 } 2701 p->process_trans_perms |= perm; 2702 2703 rc = ocontext_read(p, info, fp); 2704 if (rc) 2705 goto bad; 2706 2707 rc = genfs_read(p, fp); 2708 if (rc) 2709 goto bad; 2710 2711 rc = range_read(p, fp); 2712 if (rc) 2713 goto bad; 2714 2715 rc = -ENOMEM; 2716 p->type_attr_map_array = kvcalloc( 2717 p->p_types.nprim, sizeof(*p->type_attr_map_array), GFP_KERNEL); 2718 if (!p->type_attr_map_array) 2719 goto bad; 2720 2721 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2722 for (i = 0; i < p->p_types.nprim; i++) 2723 ebitmap_init(&p->type_attr_map_array[i]); 2724 2725 for (i = 0; i < p->p_types.nprim; i++) { 2726 struct ebitmap *e = &p->type_attr_map_array[i]; 2727 2728 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2729 rc = ebitmap_read(e, fp); 2730 if (rc) 2731 goto bad; 2732 } 2733 /* add the type itself as the degenerate case */ 2734 rc = ebitmap_set_bit(e, i, 1); 2735 if (rc) 2736 goto bad; 2737 } 2738 2739 rc = policydb_bounds_sanity_check(p); 2740 if (rc) 2741 goto bad; 2742 2743 rc = 0; 2744 out: 2745 return rc; 2746 bad: 2747 kfree(rtk); 2748 kfree(rtd); 2749 policydb_destroy(p); 2750 goto out; 2751 } 2752 2753 /* 2754 * Write a MLS level structure to a policydb binary 2755 * representation file. 2756 */ 2757 static int mls_write_level(struct mls_level *l, struct policy_file *fp) 2758 { 2759 __le32 buf[1]; 2760 int rc; 2761 2762 buf[0] = cpu_to_le32(l->sens); 2763 rc = put_entry(buf, sizeof(u32), 1, fp); 2764 if (rc) 2765 return rc; 2766 2767 rc = ebitmap_write(&l->cat, fp); 2768 if (rc) 2769 return rc; 2770 2771 return 0; 2772 } 2773 2774 /* 2775 * Write a MLS range structure to a policydb binary 2776 * representation file. 2777 */ 2778 static int mls_write_range_helper(struct mls_range *r, struct policy_file *fp) 2779 { 2780 __le32 buf[3]; 2781 size_t items; 2782 int rc, eq; 2783 2784 eq = mls_level_eq(&r->level[1], &r->level[0]); 2785 2786 if (eq) 2787 items = 2; 2788 else 2789 items = 3; 2790 buf[0] = cpu_to_le32(items - 1); 2791 buf[1] = cpu_to_le32(r->level[0].sens); 2792 if (!eq) 2793 buf[2] = cpu_to_le32(r->level[1].sens); 2794 2795 BUG_ON(items > ARRAY_SIZE(buf)); 2796 2797 rc = put_entry(buf, sizeof(u32), items, fp); 2798 if (rc) 2799 return rc; 2800 2801 rc = ebitmap_write(&r->level[0].cat, fp); 2802 if (rc) 2803 return rc; 2804 if (!eq) { 2805 rc = ebitmap_write(&r->level[1].cat, fp); 2806 if (rc) 2807 return rc; 2808 } 2809 2810 return 0; 2811 } 2812 2813 static int sens_write(void *vkey, void *datum, void *ptr) 2814 { 2815 char *key = vkey; 2816 struct level_datum *levdatum = datum; 2817 struct policy_data *pd = ptr; 2818 struct policy_file *fp = pd->fp; 2819 __le32 buf[2]; 2820 size_t len; 2821 int rc; 2822 2823 len = strlen(key); 2824 buf[0] = cpu_to_le32(len); 2825 buf[1] = cpu_to_le32(levdatum->isalias); 2826 rc = put_entry(buf, sizeof(u32), 2, fp); 2827 if (rc) 2828 return rc; 2829 2830 rc = put_entry(key, 1, len, fp); 2831 if (rc) 2832 return rc; 2833 2834 rc = mls_write_level(&levdatum->level, fp); 2835 if (rc) 2836 return rc; 2837 2838 return 0; 2839 } 2840 2841 static int cat_write(void *vkey, void *datum, void *ptr) 2842 { 2843 char *key = vkey; 2844 struct cat_datum *catdatum = datum; 2845 struct policy_data *pd = ptr; 2846 struct policy_file *fp = pd->fp; 2847 __le32 buf[3]; 2848 size_t len; 2849 int rc; 2850 2851 len = strlen(key); 2852 buf[0] = cpu_to_le32(len); 2853 buf[1] = cpu_to_le32(catdatum->value); 2854 buf[2] = cpu_to_le32(catdatum->isalias); 2855 rc = put_entry(buf, sizeof(u32), 3, fp); 2856 if (rc) 2857 return rc; 2858 2859 rc = put_entry(key, 1, len, fp); 2860 if (rc) 2861 return rc; 2862 2863 return 0; 2864 } 2865 2866 static int role_trans_write_one(void *key, void *datum, void *ptr) 2867 { 2868 struct role_trans_key *rtk = key; 2869 struct role_trans_datum *rtd = datum; 2870 struct policy_data *pd = ptr; 2871 struct policy_file *fp = pd->fp; 2872 struct policydb *p = pd->p; 2873 __le32 buf[3]; 2874 int rc; 2875 2876 buf[0] = cpu_to_le32(rtk->role); 2877 buf[1] = cpu_to_le32(rtk->type); 2878 buf[2] = cpu_to_le32(rtd->new_role); 2879 rc = put_entry(buf, sizeof(u32), 3, fp); 2880 if (rc) 2881 return rc; 2882 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2883 buf[0] = cpu_to_le32(rtk->tclass); 2884 rc = put_entry(buf, sizeof(u32), 1, fp); 2885 if (rc) 2886 return rc; 2887 } 2888 return 0; 2889 } 2890 2891 static int role_trans_write(struct policydb *p, struct policy_file *fp) 2892 { 2893 struct policy_data pd = { .p = p, .fp = fp }; 2894 __le32 buf[1]; 2895 int rc; 2896 2897 buf[0] = cpu_to_le32(p->role_tr.nel); 2898 rc = put_entry(buf, sizeof(u32), 1, fp); 2899 if (rc) 2900 return rc; 2901 2902 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2903 } 2904 2905 static int role_allow_write(struct role_allow *r, struct policy_file *fp) 2906 { 2907 struct role_allow *ra; 2908 __le32 buf[2]; 2909 size_t nel; 2910 int rc; 2911 2912 nel = 0; 2913 for (ra = r; ra; ra = ra->next) 2914 nel++; 2915 buf[0] = cpu_to_le32(nel); 2916 rc = put_entry(buf, sizeof(u32), 1, fp); 2917 if (rc) 2918 return rc; 2919 for (ra = r; ra; ra = ra->next) { 2920 buf[0] = cpu_to_le32(ra->role); 2921 buf[1] = cpu_to_le32(ra->new_role); 2922 rc = put_entry(buf, sizeof(u32), 2, fp); 2923 if (rc) 2924 return rc; 2925 } 2926 return 0; 2927 } 2928 2929 /* 2930 * Write a security context structure 2931 * to a policydb binary representation file. 2932 */ 2933 static int context_write(struct policydb *p, struct context *c, struct policy_file *fp) 2934 { 2935 int rc; 2936 __le32 buf[3]; 2937 2938 buf[0] = cpu_to_le32(c->user); 2939 buf[1] = cpu_to_le32(c->role); 2940 buf[2] = cpu_to_le32(c->type); 2941 2942 rc = put_entry(buf, sizeof(u32), 3, fp); 2943 if (rc) 2944 return rc; 2945 2946 rc = mls_write_range_helper(&c->range, fp); 2947 if (rc) 2948 return rc; 2949 2950 return 0; 2951 } 2952 2953 /* 2954 * The following *_write functions are used to 2955 * write the symbol data to a policy database 2956 * binary representation file. 2957 */ 2958 2959 static int perm_write(void *vkey, void *datum, void *fp) 2960 { 2961 char *key = vkey; 2962 struct perm_datum *perdatum = datum; 2963 __le32 buf[2]; 2964 size_t len; 2965 int rc; 2966 2967 len = strlen(key); 2968 buf[0] = cpu_to_le32(len); 2969 buf[1] = cpu_to_le32(perdatum->value); 2970 rc = put_entry(buf, sizeof(u32), 2, fp); 2971 if (rc) 2972 return rc; 2973 2974 rc = put_entry(key, 1, len, fp); 2975 if (rc) 2976 return rc; 2977 2978 return 0; 2979 } 2980 2981 static int common_write(void *vkey, void *datum, void *ptr) 2982 { 2983 char *key = vkey; 2984 struct common_datum *comdatum = datum; 2985 struct policy_data *pd = ptr; 2986 struct policy_file *fp = pd->fp; 2987 __le32 buf[4]; 2988 size_t len; 2989 int rc; 2990 2991 len = strlen(key); 2992 buf[0] = cpu_to_le32(len); 2993 buf[1] = cpu_to_le32(comdatum->value); 2994 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2995 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 2996 rc = put_entry(buf, sizeof(u32), 4, fp); 2997 if (rc) 2998 return rc; 2999 3000 rc = put_entry(key, 1, len, fp); 3001 if (rc) 3002 return rc; 3003 3004 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 3005 if (rc) 3006 return rc; 3007 3008 return 0; 3009 } 3010 3011 static int type_set_write(struct type_set *t, struct policy_file *fp) 3012 { 3013 int rc; 3014 __le32 buf[1]; 3015 3016 if (ebitmap_write(&t->types, fp)) 3017 return -EINVAL; 3018 if (ebitmap_write(&t->negset, fp)) 3019 return -EINVAL; 3020 3021 buf[0] = cpu_to_le32(t->flags); 3022 rc = put_entry(buf, sizeof(u32), 1, fp); 3023 if (rc) 3024 return -EINVAL; 3025 3026 return 0; 3027 } 3028 3029 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 3030 struct policy_file *fp) 3031 { 3032 struct constraint_node *c; 3033 struct constraint_expr *e; 3034 __le32 buf[3]; 3035 u32 nel; 3036 int rc; 3037 3038 for (c = node; c; c = c->next) { 3039 nel = 0; 3040 for (e = c->expr; e; e = e->next) 3041 nel++; 3042 buf[0] = cpu_to_le32(c->permissions); 3043 buf[1] = cpu_to_le32(nel); 3044 rc = put_entry(buf, sizeof(u32), 2, fp); 3045 if (rc) 3046 return rc; 3047 for (e = c->expr; e; e = e->next) { 3048 buf[0] = cpu_to_le32(e->expr_type); 3049 buf[1] = cpu_to_le32(e->attr); 3050 buf[2] = cpu_to_le32(e->op); 3051 rc = put_entry(buf, sizeof(u32), 3, fp); 3052 if (rc) 3053 return rc; 3054 3055 switch (e->expr_type) { 3056 case CEXPR_NAMES: 3057 rc = ebitmap_write(&e->names, fp); 3058 if (rc) 3059 return rc; 3060 if (p->policyvers >= 3061 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3062 rc = type_set_write(e->type_names, fp); 3063 if (rc) 3064 return rc; 3065 } 3066 break; 3067 default: 3068 break; 3069 } 3070 } 3071 } 3072 3073 return 0; 3074 } 3075 3076 static int class_write(void *vkey, void *datum, void *ptr) 3077 { 3078 char *key = vkey; 3079 struct class_datum *cladatum = datum; 3080 struct policy_data *pd = ptr; 3081 struct policy_file *fp = pd->fp; 3082 struct policydb *p = pd->p; 3083 struct constraint_node *c; 3084 __le32 buf[6]; 3085 u32 ncons; 3086 size_t len, len2; 3087 int rc; 3088 3089 len = strlen(key); 3090 if (cladatum->comkey) 3091 len2 = strlen(cladatum->comkey); 3092 else 3093 len2 = 0; 3094 3095 ncons = 0; 3096 for (c = cladatum->constraints; c; c = c->next) 3097 ncons++; 3098 3099 buf[0] = cpu_to_le32(len); 3100 buf[1] = cpu_to_le32(len2); 3101 buf[2] = cpu_to_le32(cladatum->value); 3102 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3103 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3104 buf[5] = cpu_to_le32(ncons); 3105 rc = put_entry(buf, sizeof(u32), 6, fp); 3106 if (rc) 3107 return rc; 3108 3109 rc = put_entry(key, 1, len, fp); 3110 if (rc) 3111 return rc; 3112 3113 if (cladatum->comkey) { 3114 rc = put_entry(cladatum->comkey, 1, len2, fp); 3115 if (rc) 3116 return rc; 3117 } 3118 3119 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3120 if (rc) 3121 return rc; 3122 3123 rc = write_cons_helper(p, cladatum->constraints, fp); 3124 if (rc) 3125 return rc; 3126 3127 /* write out the validatetrans rule */ 3128 ncons = 0; 3129 for (c = cladatum->validatetrans; c; c = c->next) 3130 ncons++; 3131 3132 buf[0] = cpu_to_le32(ncons); 3133 rc = put_entry(buf, sizeof(u32), 1, fp); 3134 if (rc) 3135 return rc; 3136 3137 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3138 if (rc) 3139 return rc; 3140 3141 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3142 buf[0] = cpu_to_le32(cladatum->default_user); 3143 buf[1] = cpu_to_le32(cladatum->default_role); 3144 buf[2] = cpu_to_le32(cladatum->default_range); 3145 3146 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3147 if (rc) 3148 return rc; 3149 } 3150 3151 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3152 buf[0] = cpu_to_le32(cladatum->default_type); 3153 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3154 if (rc) 3155 return rc; 3156 } 3157 3158 return 0; 3159 } 3160 3161 static int role_write(void *vkey, void *datum, void *ptr) 3162 { 3163 char *key = vkey; 3164 struct role_datum *role = datum; 3165 struct policy_data *pd = ptr; 3166 struct policy_file *fp = pd->fp; 3167 struct policydb *p = pd->p; 3168 __le32 buf[3]; 3169 size_t items, len; 3170 int rc; 3171 3172 len = strlen(key); 3173 items = 0; 3174 buf[items++] = cpu_to_le32(len); 3175 buf[items++] = cpu_to_le32(role->value); 3176 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3177 buf[items++] = cpu_to_le32(role->bounds); 3178 3179 BUG_ON(items > ARRAY_SIZE(buf)); 3180 3181 rc = put_entry(buf, sizeof(u32), items, fp); 3182 if (rc) 3183 return rc; 3184 3185 rc = put_entry(key, 1, len, fp); 3186 if (rc) 3187 return rc; 3188 3189 rc = ebitmap_write(&role->dominates, fp); 3190 if (rc) 3191 return rc; 3192 3193 rc = ebitmap_write(&role->types, fp); 3194 if (rc) 3195 return rc; 3196 3197 return 0; 3198 } 3199 3200 static int type_write(void *vkey, void *datum, void *ptr) 3201 { 3202 char *key = vkey; 3203 struct type_datum *typdatum = datum; 3204 struct policy_data *pd = ptr; 3205 struct policydb *p = pd->p; 3206 struct policy_file *fp = pd->fp; 3207 __le32 buf[4]; 3208 int rc; 3209 size_t items, len; 3210 3211 len = strlen(key); 3212 items = 0; 3213 buf[items++] = cpu_to_le32(len); 3214 buf[items++] = cpu_to_le32(typdatum->value); 3215 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3216 u32 properties = 0; 3217 3218 if (typdatum->primary) 3219 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3220 3221 if (typdatum->attribute) 3222 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3223 3224 buf[items++] = cpu_to_le32(properties); 3225 buf[items++] = cpu_to_le32(typdatum->bounds); 3226 } else { 3227 buf[items++] = cpu_to_le32(typdatum->primary); 3228 } 3229 BUG_ON(items > ARRAY_SIZE(buf)); 3230 rc = put_entry(buf, sizeof(u32), items, fp); 3231 if (rc) 3232 return rc; 3233 3234 rc = put_entry(key, 1, len, fp); 3235 if (rc) 3236 return rc; 3237 3238 return 0; 3239 } 3240 3241 static int user_write(void *vkey, void *datum, void *ptr) 3242 { 3243 char *key = vkey; 3244 struct user_datum *usrdatum = datum; 3245 struct policy_data *pd = ptr; 3246 struct policydb *p = pd->p; 3247 struct policy_file *fp = pd->fp; 3248 __le32 buf[3]; 3249 size_t items, len; 3250 int rc; 3251 3252 len = strlen(key); 3253 items = 0; 3254 buf[items++] = cpu_to_le32(len); 3255 buf[items++] = cpu_to_le32(usrdatum->value); 3256 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3257 buf[items++] = cpu_to_le32(usrdatum->bounds); 3258 BUG_ON(items > ARRAY_SIZE(buf)); 3259 rc = put_entry(buf, sizeof(u32), items, fp); 3260 if (rc) 3261 return rc; 3262 3263 rc = put_entry(key, 1, len, fp); 3264 if (rc) 3265 return rc; 3266 3267 rc = ebitmap_write(&usrdatum->roles, fp); 3268 if (rc) 3269 return rc; 3270 3271 rc = mls_write_range_helper(&usrdatum->range, fp); 3272 if (rc) 3273 return rc; 3274 3275 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3276 if (rc) 3277 return rc; 3278 3279 return 0; 3280 } 3281 3282 /* clang-format off */ 3283 static int (*const write_f[SYM_NUM])(void *key, void *datum, void *datap) = { 3284 common_write, 3285 class_write, 3286 role_write, 3287 type_write, 3288 user_write, 3289 cond_write_bool, 3290 sens_write, 3291 cat_write, 3292 }; 3293 /* clang-format on */ 3294 3295 static int ocontext_write(struct policydb *p, 3296 const struct policydb_compat_info *info, 3297 struct policy_file *fp) 3298 { 3299 unsigned int i, j; 3300 int rc; 3301 size_t nel, len; 3302 __be64 prefixbuf[1]; 3303 __le32 buf[3]; 3304 u32 nodebuf[8]; 3305 struct ocontext *c; 3306 for (i = 0; i < info->ocon_num; i++) { 3307 nel = 0; 3308 for (c = p->ocontexts[i]; c; c = c->next) 3309 nel++; 3310 buf[0] = cpu_to_le32(nel); 3311 rc = put_entry(buf, sizeof(u32), 1, fp); 3312 if (rc) 3313 return rc; 3314 for (c = p->ocontexts[i]; c; c = c->next) { 3315 switch (i) { 3316 case OCON_ISID: 3317 buf[0] = cpu_to_le32(c->sid[0]); 3318 rc = put_entry(buf, sizeof(u32), 1, fp); 3319 if (rc) 3320 return rc; 3321 rc = context_write(p, &c->context[0], fp); 3322 if (rc) 3323 return rc; 3324 break; 3325 case OCON_FS: 3326 case OCON_NETIF: 3327 len = strlen(c->u.name); 3328 buf[0] = cpu_to_le32(len); 3329 rc = put_entry(buf, sizeof(u32), 1, fp); 3330 if (rc) 3331 return rc; 3332 rc = put_entry(c->u.name, 1, len, fp); 3333 if (rc) 3334 return rc; 3335 rc = context_write(p, &c->context[0], fp); 3336 if (rc) 3337 return rc; 3338 rc = context_write(p, &c->context[1], fp); 3339 if (rc) 3340 return rc; 3341 break; 3342 case OCON_PORT: 3343 buf[0] = cpu_to_le32(c->u.port.protocol); 3344 buf[1] = cpu_to_le32(c->u.port.low_port); 3345 buf[2] = cpu_to_le32(c->u.port.high_port); 3346 rc = put_entry(buf, sizeof(u32), 3, fp); 3347 if (rc) 3348 return rc; 3349 rc = context_write(p, &c->context[0], fp); 3350 if (rc) 3351 return rc; 3352 break; 3353 case OCON_NODE: 3354 nodebuf[0] = c->u.node.addr; /* network order */ 3355 nodebuf[1] = c->u.node.mask; /* network order */ 3356 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3357 if (rc) 3358 return rc; 3359 rc = context_write(p, &c->context[0], fp); 3360 if (rc) 3361 return rc; 3362 break; 3363 case OCON_FSUSE: 3364 buf[0] = cpu_to_le32(c->v.behavior); 3365 len = strlen(c->u.name); 3366 buf[1] = cpu_to_le32(len); 3367 rc = put_entry(buf, sizeof(u32), 2, fp); 3368 if (rc) 3369 return rc; 3370 rc = put_entry(c->u.name, 1, len, fp); 3371 if (rc) 3372 return rc; 3373 rc = context_write(p, &c->context[0], fp); 3374 if (rc) 3375 return rc; 3376 break; 3377 case OCON_NODE6: 3378 for (j = 0; j < 4; j++) 3379 nodebuf[j] = 3380 c->u.node6.addr 3381 [j]; /* network order */ 3382 for (j = 0; j < 4; j++) 3383 nodebuf[j + 4] = 3384 c->u.node6.mask 3385 [j]; /* network order */ 3386 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3387 if (rc) 3388 return rc; 3389 rc = context_write(p, &c->context[0], fp); 3390 if (rc) 3391 return rc; 3392 break; 3393 case OCON_IBPKEY: 3394 /* subnet_prefix is in CPU order */ 3395 prefixbuf[0] = 3396 cpu_to_be64(c->u.ibpkey.subnet_prefix); 3397 3398 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3399 if (rc) 3400 return rc; 3401 3402 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3403 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3404 3405 rc = put_entry(buf, sizeof(u32), 2, fp); 3406 if (rc) 3407 return rc; 3408 rc = context_write(p, &c->context[0], fp); 3409 if (rc) 3410 return rc; 3411 break; 3412 case OCON_IBENDPORT: 3413 len = strlen(c->u.ibendport.dev_name); 3414 buf[0] = cpu_to_le32(len); 3415 buf[1] = cpu_to_le32(c->u.ibendport.port); 3416 rc = put_entry(buf, sizeof(u32), 2, fp); 3417 if (rc) 3418 return rc; 3419 rc = put_entry(c->u.ibendport.dev_name, 1, len, 3420 fp); 3421 if (rc) 3422 return rc; 3423 rc = context_write(p, &c->context[0], fp); 3424 if (rc) 3425 return rc; 3426 break; 3427 } 3428 } 3429 } 3430 return 0; 3431 } 3432 3433 static int genfs_write(struct policydb *p, struct policy_file *fp) 3434 { 3435 struct genfs *genfs; 3436 struct ocontext *c; 3437 size_t len; 3438 __le32 buf[1]; 3439 int rc; 3440 3441 len = 0; 3442 for (genfs = p->genfs; genfs; genfs = genfs->next) 3443 len++; 3444 buf[0] = cpu_to_le32(len); 3445 rc = put_entry(buf, sizeof(u32), 1, fp); 3446 if (rc) 3447 return rc; 3448 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3449 len = strlen(genfs->fstype); 3450 buf[0] = cpu_to_le32(len); 3451 rc = put_entry(buf, sizeof(u32), 1, fp); 3452 if (rc) 3453 return rc; 3454 rc = put_entry(genfs->fstype, 1, len, fp); 3455 if (rc) 3456 return rc; 3457 len = 0; 3458 for (c = genfs->head; c; c = c->next) 3459 len++; 3460 buf[0] = cpu_to_le32(len); 3461 rc = put_entry(buf, sizeof(u32), 1, fp); 3462 if (rc) 3463 return rc; 3464 for (c = genfs->head; c; c = c->next) { 3465 len = strlen(c->u.name); 3466 buf[0] = cpu_to_le32(len); 3467 rc = put_entry(buf, sizeof(u32), 1, fp); 3468 if (rc) 3469 return rc; 3470 rc = put_entry(c->u.name, 1, len, fp); 3471 if (rc) 3472 return rc; 3473 buf[0] = cpu_to_le32(c->v.sclass); 3474 rc = put_entry(buf, sizeof(u32), 1, fp); 3475 if (rc) 3476 return rc; 3477 rc = context_write(p, &c->context[0], fp); 3478 if (rc) 3479 return rc; 3480 } 3481 } 3482 return 0; 3483 } 3484 3485 static int range_write_helper(void *key, void *data, void *ptr) 3486 { 3487 __le32 buf[2]; 3488 struct range_trans *rt = key; 3489 struct mls_range *r = data; 3490 struct policy_data *pd = ptr; 3491 struct policy_file *fp = pd->fp; 3492 struct policydb *p = pd->p; 3493 int rc; 3494 3495 buf[0] = cpu_to_le32(rt->source_type); 3496 buf[1] = cpu_to_le32(rt->target_type); 3497 rc = put_entry(buf, sizeof(u32), 2, fp); 3498 if (rc) 3499 return rc; 3500 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3501 buf[0] = cpu_to_le32(rt->target_class); 3502 rc = put_entry(buf, sizeof(u32), 1, fp); 3503 if (rc) 3504 return rc; 3505 } 3506 rc = mls_write_range_helper(r, fp); 3507 if (rc) 3508 return rc; 3509 3510 return 0; 3511 } 3512 3513 static int range_write(struct policydb *p, struct policy_file *fp) 3514 { 3515 __le32 buf[1]; 3516 int rc; 3517 struct policy_data pd; 3518 3519 pd.p = p; 3520 pd.fp = fp; 3521 3522 buf[0] = cpu_to_le32(p->range_tr.nel); 3523 rc = put_entry(buf, sizeof(u32), 1, fp); 3524 if (rc) 3525 return rc; 3526 3527 /* actually write all of the entries */ 3528 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3529 if (rc) 3530 return rc; 3531 3532 return 0; 3533 } 3534 3535 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3536 { 3537 struct filename_trans_key *ft = key; 3538 struct filename_trans_datum *datum = data; 3539 struct ebitmap_node *node; 3540 struct policy_file *fp = ptr; 3541 __le32 buf[4]; 3542 int rc; 3543 u32 bit, len = strlen(ft->name); 3544 3545 do { 3546 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) 3547 { 3548 buf[0] = cpu_to_le32(len); 3549 rc = put_entry(buf, sizeof(u32), 1, fp); 3550 if (rc) 3551 return rc; 3552 3553 rc = put_entry(ft->name, sizeof(char), len, fp); 3554 if (rc) 3555 return rc; 3556 3557 buf[0] = cpu_to_le32(bit + 1); 3558 buf[1] = cpu_to_le32(ft->ttype); 3559 buf[2] = cpu_to_le32(ft->tclass); 3560 buf[3] = cpu_to_le32(datum->otype); 3561 3562 rc = put_entry(buf, sizeof(u32), 4, fp); 3563 if (rc) 3564 return rc; 3565 } 3566 3567 datum = datum->next; 3568 } while (unlikely(datum)); 3569 3570 return 0; 3571 } 3572 3573 static int filename_write_helper(void *key, void *data, void *ptr) 3574 { 3575 struct filename_trans_key *ft = key; 3576 struct filename_trans_datum *datum; 3577 struct policy_file *fp = ptr; 3578 __le32 buf[3]; 3579 int rc; 3580 u32 ndatum, len = strlen(ft->name); 3581 3582 buf[0] = cpu_to_le32(len); 3583 rc = put_entry(buf, sizeof(u32), 1, fp); 3584 if (rc) 3585 return rc; 3586 3587 rc = put_entry(ft->name, sizeof(char), len, fp); 3588 if (rc) 3589 return rc; 3590 3591 ndatum = 0; 3592 datum = data; 3593 do { 3594 ndatum++; 3595 datum = datum->next; 3596 } while (unlikely(datum)); 3597 3598 buf[0] = cpu_to_le32(ft->ttype); 3599 buf[1] = cpu_to_le32(ft->tclass); 3600 buf[2] = cpu_to_le32(ndatum); 3601 rc = put_entry(buf, sizeof(u32), 3, fp); 3602 if (rc) 3603 return rc; 3604 3605 datum = data; 3606 do { 3607 rc = ebitmap_write(&datum->stypes, fp); 3608 if (rc) 3609 return rc; 3610 3611 buf[0] = cpu_to_le32(datum->otype); 3612 rc = put_entry(buf, sizeof(u32), 1, fp); 3613 if (rc) 3614 return rc; 3615 3616 datum = datum->next; 3617 } while (unlikely(datum)); 3618 3619 return 0; 3620 } 3621 3622 static int filename_trans_write(struct policydb *p, struct policy_file *fp) 3623 { 3624 __le32 buf[1]; 3625 int rc; 3626 3627 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3628 return 0; 3629 3630 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3631 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3632 rc = put_entry(buf, sizeof(u32), 1, fp); 3633 if (rc) 3634 return rc; 3635 3636 rc = hashtab_map(&p->filename_trans, 3637 filename_write_helper_compat, fp); 3638 } else { 3639 buf[0] = cpu_to_le32(p->filename_trans.nel); 3640 rc = put_entry(buf, sizeof(u32), 1, fp); 3641 if (rc) 3642 return rc; 3643 3644 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3645 } 3646 return rc; 3647 } 3648 3649 /* 3650 * Write the configuration data in a policy database 3651 * structure to a policy database binary representation 3652 * file. 3653 */ 3654 int policydb_write(struct policydb *p, struct policy_file *fp) 3655 { 3656 unsigned int num_syms; 3657 int rc; 3658 __le32 buf[4]; 3659 u32 config, i; 3660 size_t len; 3661 const struct policydb_compat_info *info; 3662 3663 /* 3664 * refuse to write policy older than compressed avtab 3665 * to simplify the writer. There are other tests dropped 3666 * since we assume this throughout the writer code. Be 3667 * careful if you ever try to remove this restriction 3668 */ 3669 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3670 pr_err("SELinux: refusing to write policy version %d." 3671 " Because it is less than version %d\n", 3672 p->policyvers, POLICYDB_VERSION_AVTAB); 3673 return -EINVAL; 3674 } 3675 3676 config = 0; 3677 if (p->mls_enabled) 3678 config |= POLICYDB_CONFIG_MLS; 3679 3680 if (p->reject_unknown) 3681 config |= REJECT_UNKNOWN; 3682 if (p->allow_unknown) 3683 config |= ALLOW_UNKNOWN; 3684 3685 /* Write the magic number and string identifiers. */ 3686 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3687 len = strlen(POLICYDB_STRING); 3688 buf[1] = cpu_to_le32(len); 3689 rc = put_entry(buf, sizeof(u32), 2, fp); 3690 if (rc) 3691 return rc; 3692 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3693 if (rc) 3694 return rc; 3695 3696 /* Write the version, config, and table sizes. */ 3697 info = policydb_lookup_compat(p->policyvers); 3698 if (!info) { 3699 pr_err("SELinux: compatibility lookup failed for policy " 3700 "version %d\n", 3701 p->policyvers); 3702 return -EINVAL; 3703 } 3704 3705 buf[0] = cpu_to_le32(p->policyvers); 3706 buf[1] = cpu_to_le32(config); 3707 buf[2] = cpu_to_le32(info->sym_num); 3708 buf[3] = cpu_to_le32(info->ocon_num); 3709 3710 rc = put_entry(buf, sizeof(u32), 4, fp); 3711 if (rc) 3712 return rc; 3713 3714 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3715 rc = ebitmap_write(&p->policycaps, fp); 3716 if (rc) 3717 return rc; 3718 } 3719 3720 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3721 rc = ebitmap_write(&p->permissive_map, fp); 3722 if (rc) 3723 return rc; 3724 } 3725 3726 num_syms = info->sym_num; 3727 for (i = 0; i < num_syms; i++) { 3728 struct policy_data pd; 3729 3730 pd.fp = fp; 3731 pd.p = p; 3732 3733 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3734 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3735 3736 rc = put_entry(buf, sizeof(u32), 2, fp); 3737 if (rc) 3738 return rc; 3739 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3740 if (rc) 3741 return rc; 3742 } 3743 3744 rc = avtab_write(p, &p->te_avtab, fp); 3745 if (rc) 3746 return rc; 3747 3748 rc = cond_write_list(p, fp); 3749 if (rc) 3750 return rc; 3751 3752 rc = role_trans_write(p, fp); 3753 if (rc) 3754 return rc; 3755 3756 rc = role_allow_write(p->role_allow, fp); 3757 if (rc) 3758 return rc; 3759 3760 rc = filename_trans_write(p, fp); 3761 if (rc) 3762 return rc; 3763 3764 rc = ocontext_write(p, info, fp); 3765 if (rc) 3766 return rc; 3767 3768 rc = genfs_write(p, fp); 3769 if (rc) 3770 return rc; 3771 3772 rc = range_write(p, fp); 3773 if (rc) 3774 return rc; 3775 3776 for (i = 0; i < p->p_types.nprim; i++) { 3777 struct ebitmap *e = &p->type_attr_map_array[i]; 3778 3779 rc = ebitmap_write(e, fp); 3780 if (rc) 3781 return rc; 3782 } 3783 3784 return 0; 3785 } 3786