1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * Support for enhanced MLS infrastructure. 11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * Added conditional policy language extensions 16 * Copyright (C) 2003-2004 Tresys Technology, LLC 17 * 18 * Updated: Hewlett-Packard <paul@paul-moore.com> 19 * Added support for the policy capability bitmap 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * 22 * Update: Mellanox Techonologies 23 * Added Infiniband support 24 * Copyright (C) 2016 Mellanox Techonologies 25 */ 26 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/string.h> 31 #include <linux/errno.h> 32 #include <linux/audit.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 #include "services.h" 39 40 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 41 /* clang-format off */ 42 static const char *const symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 /* clang-format off */ 53 #endif 54 55 struct policydb_compat_info { 56 unsigned int version; 57 unsigned int sym_num; 58 unsigned int ocon_num; 59 }; 60 61 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 62 static const struct policydb_compat_info policydb_compat[] = { 63 { 64 .version = POLICYDB_VERSION_BASE, 65 .sym_num = SYM_NUM - 3, 66 .ocon_num = OCON_NUM - 3, 67 }, 68 { 69 .version = POLICYDB_VERSION_BOOL, 70 .sym_num = SYM_NUM - 2, 71 .ocon_num = OCON_NUM - 3, 72 }, 73 { 74 .version = POLICYDB_VERSION_IPV6, 75 .sym_num = SYM_NUM - 2, 76 .ocon_num = OCON_NUM - 2, 77 }, 78 { 79 .version = POLICYDB_VERSION_NLCLASS, 80 .sym_num = SYM_NUM - 2, 81 .ocon_num = OCON_NUM - 2, 82 }, 83 { 84 .version = POLICYDB_VERSION_MLS, 85 .sym_num = SYM_NUM, 86 .ocon_num = OCON_NUM - 2, 87 }, 88 { 89 .version = POLICYDB_VERSION_AVTAB, 90 .sym_num = SYM_NUM, 91 .ocon_num = OCON_NUM - 2, 92 }, 93 { 94 .version = POLICYDB_VERSION_RANGETRANS, 95 .sym_num = SYM_NUM, 96 .ocon_num = OCON_NUM - 2, 97 }, 98 { 99 .version = POLICYDB_VERSION_POLCAP, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NUM - 2, 102 }, 103 { 104 .version = POLICYDB_VERSION_PERMISSIVE, 105 .sym_num = SYM_NUM, 106 .ocon_num = OCON_NUM - 2, 107 }, 108 { 109 .version = POLICYDB_VERSION_BOUNDARY, 110 .sym_num = SYM_NUM, 111 .ocon_num = OCON_NUM - 2, 112 }, 113 { 114 .version = POLICYDB_VERSION_FILENAME_TRANS, 115 .sym_num = SYM_NUM, 116 .ocon_num = OCON_NUM - 2, 117 }, 118 { 119 .version = POLICYDB_VERSION_ROLETRANS, 120 .sym_num = SYM_NUM, 121 .ocon_num = OCON_NUM - 2, 122 }, 123 { 124 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 125 .sym_num = SYM_NUM, 126 .ocon_num = OCON_NUM - 2, 127 }, 128 { 129 .version = POLICYDB_VERSION_DEFAULT_TYPE, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NUM - 2, 132 }, 133 { 134 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NUM - 2, 137 }, 138 { 139 .version = POLICYDB_VERSION_XPERMS_IOCTL, 140 .sym_num = SYM_NUM, 141 .ocon_num = OCON_NUM - 2, 142 }, 143 { 144 .version = POLICYDB_VERSION_INFINIBAND, 145 .sym_num = SYM_NUM, 146 .ocon_num = OCON_NUM, 147 }, 148 { 149 .version = POLICYDB_VERSION_GLBLUB, 150 .sym_num = SYM_NUM, 151 .ocon_num = OCON_NUM, 152 }, 153 { 154 .version = POLICYDB_VERSION_COMP_FTRANS, 155 .sym_num = SYM_NUM, 156 .ocon_num = OCON_NUM, 157 }, 158 { 159 .version = POLICYDB_VERSION_COND_XPERMS, 160 .sym_num = SYM_NUM, 161 .ocon_num = OCON_NUM, 162 }, 163 { 164 .version = POLICYDB_VERSION_NEVERAUDIT, 165 .sym_num = SYM_NUM, 166 .ocon_num = OCON_NUM, 167 }, 168 }; 169 170 static const struct policydb_compat_info * 171 policydb_lookup_compat(unsigned int version) 172 { 173 unsigned int i; 174 175 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 176 if (policydb_compat[i].version == version) 177 return &policydb_compat[i]; 178 } 179 180 return NULL; 181 } 182 183 /* 184 * The following *_destroy functions are used to 185 * free any memory allocated for each kind of 186 * symbol data in the policy database. 187 */ 188 189 static int perm_destroy(void *key, void *datum, void *p) 190 { 191 kfree(key); 192 kfree(datum); 193 return 0; 194 } 195 196 static int common_destroy(void *key, void *datum, void *p) 197 { 198 struct common_datum *comdatum; 199 200 kfree(key); 201 if (datum) { 202 comdatum = datum; 203 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 204 hashtab_destroy(&comdatum->permissions.table); 205 } 206 kfree(datum); 207 return 0; 208 } 209 210 static void constraint_expr_destroy(struct constraint_expr *expr) 211 { 212 if (expr) { 213 ebitmap_destroy(&expr->names); 214 if (expr->type_names) { 215 ebitmap_destroy(&expr->type_names->types); 216 ebitmap_destroy(&expr->type_names->negset); 217 kfree(expr->type_names); 218 } 219 kfree(expr); 220 } 221 } 222 223 static int cls_destroy(void *key, void *datum, void *p) 224 { 225 struct class_datum *cladatum; 226 struct constraint_node *constraint, *ctemp; 227 struct constraint_expr *e, *etmp; 228 229 kfree(key); 230 if (datum) { 231 cladatum = datum; 232 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 233 hashtab_destroy(&cladatum->permissions.table); 234 constraint = cladatum->constraints; 235 while (constraint) { 236 e = constraint->expr; 237 while (e) { 238 etmp = e; 239 e = e->next; 240 constraint_expr_destroy(etmp); 241 } 242 ctemp = constraint; 243 constraint = constraint->next; 244 kfree(ctemp); 245 } 246 247 constraint = cladatum->validatetrans; 248 while (constraint) { 249 e = constraint->expr; 250 while (e) { 251 etmp = e; 252 e = e->next; 253 constraint_expr_destroy(etmp); 254 } 255 ctemp = constraint; 256 constraint = constraint->next; 257 kfree(ctemp); 258 } 259 kfree(cladatum->comkey); 260 } 261 kfree(datum); 262 return 0; 263 } 264 265 static int role_destroy(void *key, void *datum, void *p) 266 { 267 struct role_datum *role; 268 269 kfree(key); 270 if (datum) { 271 role = datum; 272 ebitmap_destroy(&role->dominates); 273 ebitmap_destroy(&role->types); 274 } 275 kfree(datum); 276 return 0; 277 } 278 279 static int type_destroy(void *key, void *datum, void *p) 280 { 281 kfree(key); 282 kfree(datum); 283 return 0; 284 } 285 286 static int user_destroy(void *key, void *datum, void *p) 287 { 288 struct user_datum *usrdatum; 289 290 kfree(key); 291 if (datum) { 292 usrdatum = datum; 293 ebitmap_destroy(&usrdatum->roles); 294 ebitmap_destroy(&usrdatum->range.level[0].cat); 295 ebitmap_destroy(&usrdatum->range.level[1].cat); 296 ebitmap_destroy(&usrdatum->dfltlevel.cat); 297 } 298 kfree(datum); 299 return 0; 300 } 301 302 static int sens_destroy(void *key, void *datum, void *p) 303 { 304 struct level_datum *levdatum; 305 306 kfree(key); 307 if (datum) { 308 levdatum = datum; 309 ebitmap_destroy(&levdatum->level.cat); 310 } 311 kfree(datum); 312 return 0; 313 } 314 315 static int cat_destroy(void *key, void *datum, void *p) 316 { 317 kfree(key); 318 kfree(datum); 319 return 0; 320 } 321 322 /* clang-format off */ 323 static int (*const destroy_f[SYM_NUM])(void *key, void *datum, void *datap) = { 324 common_destroy, 325 cls_destroy, 326 role_destroy, 327 type_destroy, 328 user_destroy, 329 cond_destroy_bool, 330 sens_destroy, 331 cat_destroy, 332 }; 333 /* clang-format on */ 334 335 static int filenametr_destroy(void *key, void *datum, void *p) 336 { 337 struct filename_trans_key *ft = key; 338 struct filename_trans_datum *next, *d = datum; 339 340 kfree(ft->name); 341 kfree(key); 342 do { 343 ebitmap_destroy(&d->stypes); 344 next = d->next; 345 kfree(d); 346 d = next; 347 } while (unlikely(d)); 348 cond_resched(); 349 return 0; 350 } 351 352 static int range_tr_destroy(void *key, void *datum, void *p) 353 { 354 struct mls_range *rt = datum; 355 356 kfree(key); 357 ebitmap_destroy(&rt->level[0].cat); 358 ebitmap_destroy(&rt->level[1].cat); 359 kfree(datum); 360 cond_resched(); 361 return 0; 362 } 363 364 static int role_tr_destroy(void *key, void *datum, void *p) 365 { 366 kfree(key); 367 kfree(datum); 368 return 0; 369 } 370 371 static void ocontext_destroy(struct ocontext *c, unsigned int i) 372 { 373 if (!c) 374 return; 375 376 context_destroy(&c->context[0]); 377 context_destroy(&c->context[1]); 378 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || 379 i == OCON_FSUSE) 380 kfree(c->u.name); 381 kfree(c); 382 } 383 384 /* 385 * Initialize the role table. 386 */ 387 static int roles_init(struct policydb *p) 388 { 389 char *key = NULL; 390 int rc; 391 struct role_datum *role; 392 393 role = kzalloc(sizeof(*role), GFP_KERNEL); 394 if (!role) 395 return -ENOMEM; 396 397 rc = -EINVAL; 398 role->value = ++p->p_roles.nprim; 399 if (role->value != OBJECT_R_VAL) 400 goto out; 401 402 rc = -ENOMEM; 403 key = kstrdup(OBJECT_R, GFP_KERNEL); 404 if (!key) 405 goto out; 406 407 rc = symtab_insert(&p->p_roles, key, role); 408 if (rc) 409 goto out; 410 411 return 0; 412 out: 413 kfree(key); 414 kfree(role); 415 return rc; 416 } 417 418 static u32 filenametr_hash(const void *k) 419 { 420 const struct filename_trans_key *ft = k; 421 unsigned long salt = ft->ttype ^ ft->tclass; 422 423 return full_name_hash((void *)salt, ft->name, strlen(ft->name)); 424 } 425 426 static int filenametr_cmp(const void *k1, const void *k2) 427 { 428 const struct filename_trans_key *ft1 = k1; 429 const struct filename_trans_key *ft2 = k2; 430 int v; 431 432 v = ft1->ttype - ft2->ttype; 433 if (v) 434 return v; 435 436 v = ft1->tclass - ft2->tclass; 437 if (v) 438 return v; 439 440 return strcmp(ft1->name, ft2->name); 441 } 442 443 static const struct hashtab_key_params filenametr_key_params = { 444 .hash = filenametr_hash, 445 .cmp = filenametr_cmp, 446 }; 447 448 struct filename_trans_datum * 449 policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key) 450 { 451 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 452 } 453 454 static u32 rangetr_hash(const void *k) 455 { 456 const struct range_trans *key = k; 457 458 return key->source_type + (key->target_type << 3) + 459 (key->target_class << 5); 460 } 461 462 static int rangetr_cmp(const void *k1, const void *k2) 463 { 464 const struct range_trans *key1 = k1, *key2 = k2; 465 int v; 466 467 v = key1->source_type - key2->source_type; 468 if (v) 469 return v; 470 471 v = key1->target_type - key2->target_type; 472 if (v) 473 return v; 474 475 v = key1->target_class - key2->target_class; 476 477 return v; 478 } 479 480 static const struct hashtab_key_params rangetr_key_params = { 481 .hash = rangetr_hash, 482 .cmp = rangetr_cmp, 483 }; 484 485 struct mls_range *policydb_rangetr_search(struct policydb *p, 486 struct range_trans *key) 487 { 488 return hashtab_search(&p->range_tr, key, rangetr_key_params); 489 } 490 491 static u32 role_trans_hash(const void *k) 492 { 493 const struct role_trans_key *key = k; 494 495 return jhash_3words(key->role, key->type, 496 (u32)key->tclass << 16 | key->tclass, 0); 497 } 498 499 static int role_trans_cmp(const void *k1, const void *k2) 500 { 501 const struct role_trans_key *key1 = k1, *key2 = k2; 502 int v; 503 504 v = key1->role - key2->role; 505 if (v) 506 return v; 507 508 v = key1->type - key2->type; 509 if (v) 510 return v; 511 512 return key1->tclass - key2->tclass; 513 } 514 515 static const struct hashtab_key_params roletr_key_params = { 516 .hash = role_trans_hash, 517 .cmp = role_trans_cmp, 518 }; 519 520 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 521 struct role_trans_key *key) 522 { 523 return hashtab_search(&p->role_tr, key, roletr_key_params); 524 } 525 526 /* 527 * Initialize a policy database structure. 528 */ 529 static void policydb_init(struct policydb *p) 530 { 531 memset(p, 0, sizeof(*p)); 532 533 avtab_init(&p->te_avtab); 534 cond_policydb_init(p); 535 536 ebitmap_init(&p->filename_trans_ttypes); 537 ebitmap_init(&p->policycaps); 538 ebitmap_init(&p->permissive_map); 539 ebitmap_init(&p->neveraudit_map); 540 } 541 542 /* 543 * The following *_index functions are used to 544 * define the val_to_name and val_to_struct arrays 545 * in a policy database structure. The val_to_name 546 * arrays are used when converting security context 547 * structures into string representations. The 548 * val_to_struct arrays are used when the attributes 549 * of a class, role, or user are needed. 550 */ 551 552 static int common_index(void *key, void *datum, void *datap) 553 { 554 struct policydb *p; 555 struct common_datum *comdatum; 556 557 comdatum = datum; 558 p = datap; 559 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 560 return -EINVAL; 561 562 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 563 564 return 0; 565 } 566 567 static int class_index(void *key, void *datum, void *datap) 568 { 569 struct policydb *p; 570 struct class_datum *cladatum; 571 572 cladatum = datum; 573 p = datap; 574 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 575 return -EINVAL; 576 577 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 578 p->class_val_to_struct[cladatum->value - 1] = cladatum; 579 return 0; 580 } 581 582 static int role_index(void *key, void *datum, void *datap) 583 { 584 struct policydb *p; 585 struct role_datum *role; 586 587 role = datum; 588 p = datap; 589 if (!role->value || role->value > p->p_roles.nprim || 590 role->bounds > p->p_roles.nprim) 591 return -EINVAL; 592 593 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 594 p->role_val_to_struct[role->value - 1] = role; 595 return 0; 596 } 597 598 static int type_index(void *key, void *datum, void *datap) 599 { 600 struct policydb *p; 601 struct type_datum *typdatum; 602 603 typdatum = datum; 604 p = datap; 605 606 if (typdatum->primary) { 607 if (!typdatum->value || typdatum->value > p->p_types.nprim || 608 typdatum->bounds > p->p_types.nprim) 609 return -EINVAL; 610 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 611 p->type_val_to_struct[typdatum->value - 1] = typdatum; 612 } 613 614 return 0; 615 } 616 617 static int user_index(void *key, void *datum, void *datap) 618 { 619 struct policydb *p; 620 struct user_datum *usrdatum; 621 622 usrdatum = datum; 623 p = datap; 624 if (!usrdatum->value || usrdatum->value > p->p_users.nprim || 625 usrdatum->bounds > p->p_users.nprim) 626 return -EINVAL; 627 628 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 629 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 630 return 0; 631 } 632 633 static int sens_index(void *key, void *datum, void *datap) 634 { 635 struct policydb *p; 636 struct level_datum *levdatum; 637 638 levdatum = datum; 639 p = datap; 640 641 if (!levdatum->isalias) { 642 if (!levdatum->level.sens || 643 levdatum->level.sens > p->p_levels.nprim) 644 return -EINVAL; 645 646 p->sym_val_to_name[SYM_LEVELS][levdatum->level.sens - 1] = key; 647 } 648 649 return 0; 650 } 651 652 static int cat_index(void *key, void *datum, void *datap) 653 { 654 struct policydb *p; 655 struct cat_datum *catdatum; 656 657 catdatum = datum; 658 p = datap; 659 660 if (!catdatum->isalias) { 661 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 662 return -EINVAL; 663 664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 665 } 666 667 return 0; 668 } 669 670 /* clang-format off */ 671 static int (*const index_f[SYM_NUM])(void *key, void *datum, void *datap) = { 672 common_index, 673 class_index, 674 role_index, 675 type_index, 676 user_index, 677 cond_index_bool, 678 sens_index, 679 cat_index, 680 }; 681 /* clang-format on */ 682 683 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 684 static void hash_eval(struct hashtab *h, const char *hash_name, 685 const char *hash_details) 686 { 687 struct hashtab_info info; 688 689 hashtab_stat(h, &info); 690 pr_debug( 691 "SELinux: %s%s%s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n", 692 hash_name, hash_details ? "@" : "", hash_details ?: "", h->nel, 693 info.slots_used, h->size, info.max_chain_len, 694 info.chain2_len_sum); 695 } 696 697 static void symtab_hash_eval(struct symtab *s) 698 { 699 int i; 700 701 for (i = 0; i < SYM_NUM; i++) 702 hash_eval(&s[i].table, symtab_name[i], NULL); 703 } 704 705 #else 706 static inline void hash_eval(struct hashtab *h, const char *hash_name, 707 const char *hash_details) 708 { 709 } 710 static inline void symtab_hash_eval(struct symtab *s) 711 { 712 } 713 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ 714 715 /* 716 * Define the other val_to_name and val_to_struct arrays 717 * in a policy database structure. 718 * 719 * Caller must clean up on failure. 720 */ 721 static int policydb_index(struct policydb *p) 722 { 723 int i, rc; 724 725 if (p->mls_enabled) 726 pr_debug( 727 "SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 728 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 729 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 730 else 731 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 732 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 733 p->p_bools.nprim); 734 735 pr_debug("SELinux: %d classes, %d rules\n", p->p_classes.nprim, 736 p->te_avtab.nel); 737 738 avtab_hash_eval(&p->te_avtab, "rules"); 739 symtab_hash_eval(p->symtab); 740 741 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 742 sizeof(*p->class_val_to_struct), 743 GFP_KERNEL); 744 if (!p->class_val_to_struct) 745 return -ENOMEM; 746 747 p->role_val_to_struct = kcalloc( 748 p->p_roles.nprim, sizeof(*p->role_val_to_struct), GFP_KERNEL); 749 if (!p->role_val_to_struct) 750 return -ENOMEM; 751 752 p->user_val_to_struct = kcalloc( 753 p->p_users.nprim, sizeof(*p->user_val_to_struct), GFP_KERNEL); 754 if (!p->user_val_to_struct) 755 return -ENOMEM; 756 757 p->type_val_to_struct = kvcalloc( 758 p->p_types.nprim, sizeof(*p->type_val_to_struct), GFP_KERNEL); 759 if (!p->type_val_to_struct) 760 return -ENOMEM; 761 762 rc = cond_init_bool_indexes(p); 763 if (rc) 764 goto out; 765 766 for (i = 0; i < SYM_NUM; i++) { 767 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 768 sizeof(char *), GFP_KERNEL); 769 if (!p->sym_val_to_name[i]) 770 return -ENOMEM; 771 772 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 773 if (rc) 774 goto out; 775 } 776 rc = 0; 777 out: 778 return rc; 779 } 780 781 /* 782 * Free any memory allocated by a policy database structure. 783 */ 784 void policydb_destroy(struct policydb *p) 785 { 786 struct ocontext *c, *ctmp; 787 struct genfs *g, *gtmp; 788 u32 i; 789 struct role_allow *ra, *lra = NULL; 790 791 for (i = 0; i < SYM_NUM; i++) { 792 cond_resched(); 793 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 794 hashtab_destroy(&p->symtab[i].table); 795 } 796 797 for (i = 0; i < SYM_NUM; i++) 798 kvfree(p->sym_val_to_name[i]); 799 800 kfree(p->class_val_to_struct); 801 kfree(p->role_val_to_struct); 802 kfree(p->user_val_to_struct); 803 kvfree(p->type_val_to_struct); 804 805 avtab_destroy(&p->te_avtab); 806 807 for (i = 0; i < OCON_NUM; i++) { 808 cond_resched(); 809 c = p->ocontexts[i]; 810 while (c) { 811 ctmp = c; 812 c = c->next; 813 ocontext_destroy(ctmp, i); 814 } 815 p->ocontexts[i] = NULL; 816 } 817 818 g = p->genfs; 819 while (g) { 820 cond_resched(); 821 kfree(g->fstype); 822 c = g->head; 823 while (c) { 824 ctmp = c; 825 c = c->next; 826 ocontext_destroy(ctmp, OCON_FSUSE); 827 } 828 gtmp = g; 829 g = g->next; 830 kfree(gtmp); 831 } 832 p->genfs = NULL; 833 834 cond_policydb_destroy(p); 835 836 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 837 hashtab_destroy(&p->role_tr); 838 839 for (ra = p->role_allow; ra; ra = ra->next) { 840 cond_resched(); 841 kfree(lra); 842 lra = ra; 843 } 844 kfree(lra); 845 846 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 847 hashtab_destroy(&p->filename_trans); 848 849 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 850 hashtab_destroy(&p->range_tr); 851 852 if (p->type_attr_map_array) { 853 for (i = 0; i < p->p_types.nprim; i++) 854 ebitmap_destroy(&p->type_attr_map_array[i]); 855 kvfree(p->type_attr_map_array); 856 } 857 858 ebitmap_destroy(&p->filename_trans_ttypes); 859 ebitmap_destroy(&p->policycaps); 860 ebitmap_destroy(&p->permissive_map); 861 ebitmap_destroy(&p->neveraudit_map); 862 } 863 864 /* 865 * Load the initial SIDs specified in a policy database 866 * structure into a SID table. 867 */ 868 int policydb_load_isids(struct policydb *p, struct sidtab *s) 869 { 870 struct ocontext *head, *c; 871 bool isid_init; 872 int rc; 873 874 rc = sidtab_init(s); 875 if (rc) { 876 pr_err("SELinux: out of memory on SID table init\n"); 877 return rc; 878 } 879 880 isid_init = ebitmap_get_bit(&p->policycaps, 881 POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT); 882 883 head = p->ocontexts[OCON_ISID]; 884 for (c = head; c; c = c->next) { 885 u32 sid = c->sid[0]; 886 const char *name = security_get_initial_sid_context(sid); 887 888 if (sid == SECSID_NULL) { 889 pr_err("SELinux: SID 0 was assigned a context.\n"); 890 sidtab_destroy(s); 891 return -EINVAL; 892 } 893 894 /* Ignore initial SIDs unused by this kernel. */ 895 if (!name) 896 continue; 897 898 /* 899 * Also ignore SECINITSID_INIT if the policy doesn't declare 900 * support for it 901 */ 902 if (sid == SECINITSID_INIT && !isid_init) 903 continue; 904 905 rc = sidtab_set_initial(s, sid, &c->context[0]); 906 if (rc) { 907 pr_err("SELinux: unable to load initial SID %s.\n", 908 name); 909 sidtab_destroy(s); 910 return rc; 911 } 912 913 /* 914 * If the policy doesn't support the "userspace_initial_context" 915 * capability, set SECINITSID_INIT to the same context as 916 * SECINITSID_KERNEL. This ensures the same behavior as before 917 * the reintroduction of SECINITSID_INIT, where all tasks 918 * started before policy load would initially get the context 919 * corresponding to SECINITSID_KERNEL. 920 */ 921 if (sid == SECINITSID_KERNEL && !isid_init) { 922 rc = sidtab_set_initial(s, SECINITSID_INIT, 923 &c->context[0]); 924 if (rc) { 925 pr_err("SELinux: unable to load initial SID %s.\n", 926 name); 927 sidtab_destroy(s); 928 return rc; 929 } 930 } 931 } 932 return 0; 933 } 934 935 int policydb_class_isvalid(struct policydb *p, unsigned int class) 936 { 937 if (!class || class > p->p_classes.nprim) 938 return 0; 939 return 1; 940 } 941 942 int policydb_role_isvalid(struct policydb *p, unsigned int role) 943 { 944 if (!role || role > p->p_roles.nprim) 945 return 0; 946 return 1; 947 } 948 949 int policydb_type_isvalid(struct policydb *p, unsigned int type) 950 { 951 if (!type || type > p->p_types.nprim) 952 return 0; 953 return 1; 954 } 955 956 /* 957 * Return 1 if the fields in the security context 958 * structure `c' are valid. Return 0 otherwise. 959 */ 960 int policydb_context_isvalid(struct policydb *p, struct context *c) 961 { 962 struct role_datum *role; 963 struct user_datum *usrdatum; 964 965 if (!c->role || c->role > p->p_roles.nprim) 966 return 0; 967 968 if (!c->user || c->user > p->p_users.nprim) 969 return 0; 970 971 if (!c->type || c->type > p->p_types.nprim) 972 return 0; 973 974 if (c->role != OBJECT_R_VAL) { 975 /* 976 * Role must be authorized for the type. 977 */ 978 role = p->role_val_to_struct[c->role - 1]; 979 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 980 /* role may not be associated with type */ 981 return 0; 982 983 /* 984 * User must be authorized for the role. 985 */ 986 usrdatum = p->user_val_to_struct[c->user - 1]; 987 if (!usrdatum) 988 return 0; 989 990 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 991 /* user may not be associated with role */ 992 return 0; 993 } 994 995 if (!mls_context_isvalid(p, c)) 996 return 0; 997 998 return 1; 999 } 1000 1001 /* 1002 * Read a MLS range structure from a policydb binary 1003 * representation file. 1004 */ 1005 static int mls_read_range_helper(struct mls_range *r, struct policy_file *fp) 1006 { 1007 __le32 buf[2]; 1008 u32 items; 1009 int rc; 1010 1011 rc = next_entry(buf, fp, sizeof(u32)); 1012 if (rc) 1013 goto out; 1014 1015 rc = -EINVAL; 1016 items = le32_to_cpu(buf[0]); 1017 if (items > ARRAY_SIZE(buf)) { 1018 pr_err("SELinux: mls: range overflow\n"); 1019 goto out; 1020 } 1021 1022 rc = next_entry(buf, fp, sizeof(u32) * items); 1023 if (rc) { 1024 pr_err("SELinux: mls: truncated range\n"); 1025 goto out; 1026 } 1027 1028 r->level[0].sens = le32_to_cpu(buf[0]); 1029 if (items > 1) 1030 r->level[1].sens = le32_to_cpu(buf[1]); 1031 else 1032 r->level[1].sens = r->level[0].sens; 1033 1034 rc = ebitmap_read(&r->level[0].cat, fp); 1035 if (rc) { 1036 pr_err("SELinux: mls: error reading low categories\n"); 1037 goto out; 1038 } 1039 if (items > 1) { 1040 rc = ebitmap_read(&r->level[1].cat, fp); 1041 if (rc) { 1042 pr_err("SELinux: mls: error reading high categories\n"); 1043 goto bad_high; 1044 } 1045 } else { 1046 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1047 if (rc) { 1048 pr_err("SELinux: mls: out of memory\n"); 1049 goto bad_high; 1050 } 1051 } 1052 1053 return 0; 1054 bad_high: 1055 ebitmap_destroy(&r->level[0].cat); 1056 out: 1057 return rc; 1058 } 1059 1060 /* 1061 * Read and validate a security context structure 1062 * from a policydb binary representation file. 1063 */ 1064 static int context_read_and_validate(struct context *c, struct policydb *p, 1065 struct policy_file *fp) 1066 { 1067 __le32 buf[3]; 1068 int rc; 1069 1070 rc = next_entry(buf, fp, sizeof buf); 1071 if (rc) { 1072 pr_err("SELinux: context truncated\n"); 1073 goto out; 1074 } 1075 c->user = le32_to_cpu(buf[0]); 1076 c->role = le32_to_cpu(buf[1]); 1077 c->type = le32_to_cpu(buf[2]); 1078 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1079 rc = mls_read_range_helper(&c->range, fp); 1080 if (rc) { 1081 pr_err("SELinux: error reading MLS range of context\n"); 1082 goto out; 1083 } 1084 } 1085 1086 rc = -EINVAL; 1087 if (!policydb_context_isvalid(p, c)) { 1088 pr_err("SELinux: invalid security context\n"); 1089 context_destroy(c); 1090 goto out; 1091 } 1092 rc = 0; 1093 out: 1094 return rc; 1095 } 1096 1097 /* 1098 * The following *_read functions are used to 1099 * read the symbol data from a policy database 1100 * binary representation file. 1101 */ 1102 1103 int str_read(char **strp, gfp_t flags, struct policy_file *fp, u32 len) 1104 { 1105 int rc; 1106 char *str; 1107 1108 if ((len == 0) || (len == (u32)-1)) 1109 return -EINVAL; 1110 1111 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1112 if (!str) 1113 return -ENOMEM; 1114 1115 rc = next_entry(str, fp, len); 1116 if (rc) { 1117 kfree(str); 1118 return rc; 1119 } 1120 1121 str[len] = '\0'; 1122 *strp = str; 1123 return 0; 1124 } 1125 1126 static int perm_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1127 { 1128 char *key = NULL; 1129 struct perm_datum *perdatum; 1130 int rc; 1131 __le32 buf[2]; 1132 u32 len; 1133 1134 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1135 if (!perdatum) 1136 return -ENOMEM; 1137 1138 rc = next_entry(buf, fp, sizeof buf); 1139 if (rc) 1140 goto bad; 1141 1142 len = le32_to_cpu(buf[0]); 1143 perdatum->value = le32_to_cpu(buf[1]); 1144 1145 rc = str_read(&key, GFP_KERNEL, fp, len); 1146 if (rc) 1147 goto bad; 1148 1149 rc = symtab_insert(s, key, perdatum); 1150 if (rc) 1151 goto bad; 1152 1153 return 0; 1154 bad: 1155 perm_destroy(key, perdatum, NULL); 1156 return rc; 1157 } 1158 1159 static int common_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1160 { 1161 char *key = NULL; 1162 struct common_datum *comdatum; 1163 __le32 buf[4]; 1164 u32 i, len, nel; 1165 int rc; 1166 1167 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1168 if (!comdatum) 1169 return -ENOMEM; 1170 1171 rc = next_entry(buf, fp, sizeof buf); 1172 if (rc) 1173 goto bad; 1174 1175 len = le32_to_cpu(buf[0]); 1176 comdatum->value = le32_to_cpu(buf[1]); 1177 nel = le32_to_cpu(buf[3]); 1178 1179 rc = symtab_init(&comdatum->permissions, nel); 1180 if (rc) 1181 goto bad; 1182 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1183 1184 rc = str_read(&key, GFP_KERNEL, fp, len); 1185 if (rc) 1186 goto bad; 1187 1188 for (i = 0; i < nel; i++) { 1189 rc = perm_read(p, &comdatum->permissions, fp); 1190 if (rc) 1191 goto bad; 1192 } 1193 1194 hash_eval(&comdatum->permissions.table, "common_permissions", key); 1195 1196 rc = symtab_insert(s, key, comdatum); 1197 if (rc) 1198 goto bad; 1199 return 0; 1200 bad: 1201 common_destroy(key, comdatum, NULL); 1202 return rc; 1203 } 1204 1205 static void type_set_init(struct type_set *t) 1206 { 1207 ebitmap_init(&t->types); 1208 ebitmap_init(&t->negset); 1209 } 1210 1211 static int type_set_read(struct type_set *t, struct policy_file *fp) 1212 { 1213 __le32 buf[1]; 1214 int rc; 1215 1216 if (ebitmap_read(&t->types, fp)) 1217 return -EINVAL; 1218 if (ebitmap_read(&t->negset, fp)) 1219 return -EINVAL; 1220 1221 rc = next_entry(buf, fp, sizeof(u32)); 1222 if (rc < 0) 1223 return -EINVAL; 1224 t->flags = le32_to_cpu(buf[0]); 1225 1226 return 0; 1227 } 1228 1229 static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, 1230 u32 ncons, int allowxtarget, struct policy_file *fp) 1231 { 1232 struct constraint_node *c, *lc; 1233 struct constraint_expr *e, *le; 1234 __le32 buf[3]; 1235 u32 i, j, nexpr; 1236 int rc, depth; 1237 1238 lc = NULL; 1239 for (i = 0; i < ncons; i++) { 1240 c = kzalloc(sizeof(*c), GFP_KERNEL); 1241 if (!c) 1242 return -ENOMEM; 1243 1244 if (lc) 1245 lc->next = c; 1246 else 1247 *nodep = c; 1248 1249 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1250 if (rc) 1251 return rc; 1252 c->permissions = le32_to_cpu(buf[0]); 1253 nexpr = le32_to_cpu(buf[1]); 1254 le = NULL; 1255 depth = -1; 1256 for (j = 0; j < nexpr; j++) { 1257 e = kzalloc(sizeof(*e), GFP_KERNEL); 1258 if (!e) 1259 return -ENOMEM; 1260 1261 if (le) 1262 le->next = e; 1263 else 1264 c->expr = e; 1265 1266 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1267 if (rc) 1268 return rc; 1269 e->expr_type = le32_to_cpu(buf[0]); 1270 e->attr = le32_to_cpu(buf[1]); 1271 e->op = le32_to_cpu(buf[2]); 1272 1273 switch (e->expr_type) { 1274 case CEXPR_NOT: 1275 if (depth < 0) 1276 return -EINVAL; 1277 break; 1278 case CEXPR_AND: 1279 case CEXPR_OR: 1280 if (depth < 1) 1281 return -EINVAL; 1282 depth--; 1283 break; 1284 case CEXPR_ATTR: 1285 if (depth == (CEXPR_MAXDEPTH - 1)) 1286 return -EINVAL; 1287 depth++; 1288 break; 1289 case CEXPR_NAMES: 1290 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1291 return -EINVAL; 1292 if (depth == (CEXPR_MAXDEPTH - 1)) 1293 return -EINVAL; 1294 depth++; 1295 rc = ebitmap_read(&e->names, fp); 1296 if (rc) 1297 return rc; 1298 if (p->policyvers >= 1299 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1300 e->type_names = 1301 kzalloc(sizeof(*e->type_names), 1302 GFP_KERNEL); 1303 if (!e->type_names) 1304 return -ENOMEM; 1305 type_set_init(e->type_names); 1306 rc = type_set_read(e->type_names, fp); 1307 if (rc) 1308 return rc; 1309 } 1310 break; 1311 default: 1312 return -EINVAL; 1313 } 1314 le = e; 1315 } 1316 if (depth != 0) 1317 return -EINVAL; 1318 lc = c; 1319 } 1320 1321 return 0; 1322 } 1323 1324 static int class_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1325 { 1326 char *key = NULL; 1327 struct class_datum *cladatum; 1328 __le32 buf[6]; 1329 u32 i, len, len2, ncons, nel; 1330 int rc; 1331 1332 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1333 if (!cladatum) 1334 return -ENOMEM; 1335 1336 rc = next_entry(buf, fp, sizeof(u32) * 6); 1337 if (rc) 1338 goto bad; 1339 1340 len = le32_to_cpu(buf[0]); 1341 len2 = le32_to_cpu(buf[1]); 1342 cladatum->value = le32_to_cpu(buf[2]); 1343 nel = le32_to_cpu(buf[4]); 1344 1345 rc = symtab_init(&cladatum->permissions, nel); 1346 if (rc) 1347 goto bad; 1348 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1349 1350 ncons = le32_to_cpu(buf[5]); 1351 1352 rc = str_read(&key, GFP_KERNEL, fp, len); 1353 if (rc) 1354 goto bad; 1355 1356 if (len2) { 1357 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1358 if (rc) 1359 goto bad; 1360 1361 rc = -EINVAL; 1362 cladatum->comdatum = 1363 symtab_search(&p->p_commons, cladatum->comkey); 1364 if (!cladatum->comdatum) { 1365 pr_err("SELinux: unknown common %s\n", 1366 cladatum->comkey); 1367 goto bad; 1368 } 1369 } 1370 for (i = 0; i < nel; i++) { 1371 rc = perm_read(p, &cladatum->permissions, fp); 1372 if (rc) 1373 goto bad; 1374 } 1375 1376 hash_eval(&cladatum->permissions.table, "class_permissions", key); 1377 1378 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1379 if (rc) 1380 goto bad; 1381 1382 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1383 /* grab the validatetrans rules */ 1384 rc = next_entry(buf, fp, sizeof(u32)); 1385 if (rc) 1386 goto bad; 1387 ncons = le32_to_cpu(buf[0]); 1388 rc = read_cons_helper(p, &cladatum->validatetrans, ncons, 1, 1389 fp); 1390 if (rc) 1391 goto bad; 1392 } 1393 1394 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1395 rc = next_entry(buf, fp, sizeof(u32) * 3); 1396 if (rc) 1397 goto bad; 1398 1399 cladatum->default_user = le32_to_cpu(buf[0]); 1400 cladatum->default_role = le32_to_cpu(buf[1]); 1401 cladatum->default_range = le32_to_cpu(buf[2]); 1402 } 1403 1404 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1405 rc = next_entry(buf, fp, sizeof(u32) * 1); 1406 if (rc) 1407 goto bad; 1408 cladatum->default_type = le32_to_cpu(buf[0]); 1409 } 1410 1411 rc = symtab_insert(s, key, cladatum); 1412 if (rc) 1413 goto bad; 1414 1415 return 0; 1416 bad: 1417 cls_destroy(key, cladatum, NULL); 1418 return rc; 1419 } 1420 1421 static int role_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1422 { 1423 char *key = NULL; 1424 struct role_datum *role; 1425 int rc; 1426 unsigned int to_read = 2; 1427 __le32 buf[3]; 1428 u32 len; 1429 1430 role = kzalloc(sizeof(*role), GFP_KERNEL); 1431 if (!role) 1432 return -ENOMEM; 1433 1434 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1435 to_read = 3; 1436 1437 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1438 if (rc) 1439 goto bad; 1440 1441 len = le32_to_cpu(buf[0]); 1442 role->value = le32_to_cpu(buf[1]); 1443 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1444 role->bounds = le32_to_cpu(buf[2]); 1445 1446 rc = str_read(&key, GFP_KERNEL, fp, len); 1447 if (rc) 1448 goto bad; 1449 1450 rc = ebitmap_read(&role->dominates, fp); 1451 if (rc) 1452 goto bad; 1453 1454 rc = ebitmap_read(&role->types, fp); 1455 if (rc) 1456 goto bad; 1457 1458 if (strcmp(key, OBJECT_R) == 0) { 1459 rc = -EINVAL; 1460 if (role->value != OBJECT_R_VAL) { 1461 pr_err("SELinux: Role %s has wrong value %d\n", 1462 OBJECT_R, role->value); 1463 goto bad; 1464 } 1465 rc = 0; 1466 goto bad; 1467 } 1468 1469 rc = symtab_insert(s, key, role); 1470 if (rc) 1471 goto bad; 1472 return 0; 1473 bad: 1474 role_destroy(key, role, NULL); 1475 return rc; 1476 } 1477 1478 static int type_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1479 { 1480 char *key = NULL; 1481 struct type_datum *typdatum; 1482 int rc; 1483 unsigned int to_read = 3; 1484 __le32 buf[4]; 1485 u32 len; 1486 1487 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1488 if (!typdatum) 1489 return -ENOMEM; 1490 1491 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1492 to_read = 4; 1493 1494 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1495 if (rc) 1496 goto bad; 1497 1498 len = le32_to_cpu(buf[0]); 1499 typdatum->value = le32_to_cpu(buf[1]); 1500 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1501 u32 prop = le32_to_cpu(buf[2]); 1502 1503 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1504 typdatum->primary = 1; 1505 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1506 typdatum->attribute = 1; 1507 1508 typdatum->bounds = le32_to_cpu(buf[3]); 1509 } else { 1510 typdatum->primary = le32_to_cpu(buf[2]); 1511 } 1512 1513 rc = str_read(&key, GFP_KERNEL, fp, len); 1514 if (rc) 1515 goto bad; 1516 1517 rc = symtab_insert(s, key, typdatum); 1518 if (rc) 1519 goto bad; 1520 return 0; 1521 bad: 1522 type_destroy(key, typdatum, NULL); 1523 return rc; 1524 } 1525 1526 /* 1527 * Read a MLS level structure from a policydb binary 1528 * representation file. 1529 */ 1530 static int mls_read_level(struct mls_level *lp, struct policy_file *fp) 1531 { 1532 __le32 buf[1]; 1533 int rc; 1534 1535 memset(lp, 0, sizeof(*lp)); 1536 1537 rc = next_entry(buf, fp, sizeof buf); 1538 if (rc) { 1539 pr_err("SELinux: mls: truncated level\n"); 1540 return rc; 1541 } 1542 lp->sens = le32_to_cpu(buf[0]); 1543 1544 rc = ebitmap_read(&lp->cat, fp); 1545 if (rc) { 1546 pr_err("SELinux: mls: error reading level categories\n"); 1547 return rc; 1548 } 1549 return 0; 1550 } 1551 1552 static int user_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1553 { 1554 char *key = NULL; 1555 struct user_datum *usrdatum; 1556 int rc; 1557 unsigned int to_read = 2; 1558 __le32 buf[3]; 1559 u32 len; 1560 1561 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1562 if (!usrdatum) 1563 return -ENOMEM; 1564 1565 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1566 to_read = 3; 1567 1568 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1569 if (rc) 1570 goto bad; 1571 1572 len = le32_to_cpu(buf[0]); 1573 usrdatum->value = le32_to_cpu(buf[1]); 1574 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1575 usrdatum->bounds = le32_to_cpu(buf[2]); 1576 1577 rc = str_read(&key, GFP_KERNEL, fp, len); 1578 if (rc) 1579 goto bad; 1580 1581 rc = ebitmap_read(&usrdatum->roles, fp); 1582 if (rc) 1583 goto bad; 1584 1585 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1586 rc = mls_read_range_helper(&usrdatum->range, fp); 1587 if (rc) 1588 goto bad; 1589 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1590 if (rc) 1591 goto bad; 1592 } 1593 1594 rc = symtab_insert(s, key, usrdatum); 1595 if (rc) 1596 goto bad; 1597 return 0; 1598 bad: 1599 user_destroy(key, usrdatum, NULL); 1600 return rc; 1601 } 1602 1603 static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1604 { 1605 char *key = NULL; 1606 struct level_datum *levdatum; 1607 int rc; 1608 __le32 buf[2]; 1609 u32 len; 1610 1611 levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); 1612 if (!levdatum) 1613 return -ENOMEM; 1614 1615 rc = next_entry(buf, fp, sizeof buf); 1616 if (rc) 1617 goto bad; 1618 1619 len = le32_to_cpu(buf[0]); 1620 levdatum->isalias = le32_to_cpu(buf[1]); 1621 1622 rc = str_read(&key, GFP_KERNEL, fp, len); 1623 if (rc) 1624 goto bad; 1625 1626 rc = mls_read_level(&levdatum->level, fp); 1627 if (rc) 1628 goto bad; 1629 1630 rc = symtab_insert(s, key, levdatum); 1631 if (rc) 1632 goto bad; 1633 return 0; 1634 bad: 1635 sens_destroy(key, levdatum, NULL); 1636 return rc; 1637 } 1638 1639 static int cat_read(struct policydb *p, struct symtab *s, struct policy_file *fp) 1640 { 1641 char *key = NULL; 1642 struct cat_datum *catdatum; 1643 int rc; 1644 __le32 buf[3]; 1645 u32 len; 1646 1647 catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); 1648 if (!catdatum) 1649 return -ENOMEM; 1650 1651 rc = next_entry(buf, fp, sizeof buf); 1652 if (rc) 1653 goto bad; 1654 1655 len = le32_to_cpu(buf[0]); 1656 catdatum->value = le32_to_cpu(buf[1]); 1657 catdatum->isalias = le32_to_cpu(buf[2]); 1658 1659 rc = str_read(&key, GFP_KERNEL, fp, len); 1660 if (rc) 1661 goto bad; 1662 1663 rc = symtab_insert(s, key, catdatum); 1664 if (rc) 1665 goto bad; 1666 return 0; 1667 bad: 1668 cat_destroy(key, catdatum, NULL); 1669 return rc; 1670 } 1671 1672 /* clang-format off */ 1673 static int (*const read_f[SYM_NUM])(struct policydb *p, struct symtab *s, 1674 struct policy_file *fp) = { 1675 common_read, 1676 class_read, 1677 role_read, 1678 type_read, 1679 user_read, 1680 cond_read_bool, 1681 sens_read, 1682 cat_read, 1683 }; 1684 /* clang-format on */ 1685 1686 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1687 { 1688 struct user_datum *upper, *user; 1689 struct policydb *p = datap; 1690 int depth = 0; 1691 1692 upper = user = datum; 1693 while (upper->bounds) { 1694 struct ebitmap_node *node; 1695 u32 bit; 1696 1697 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1698 pr_err("SELinux: user %s: " 1699 "too deep or looped boundary\n", 1700 (char *)key); 1701 return -EINVAL; 1702 } 1703 1704 upper = p->user_val_to_struct[upper->bounds - 1]; 1705 ebitmap_for_each_positive_bit(&user->roles, node, bit) 1706 { 1707 if (ebitmap_get_bit(&upper->roles, bit)) 1708 continue; 1709 1710 pr_err("SELinux: boundary violated policy: " 1711 "user=%s role=%s bounds=%s\n", 1712 sym_name(p, SYM_USERS, user->value - 1), 1713 sym_name(p, SYM_ROLES, bit), 1714 sym_name(p, SYM_USERS, upper->value - 1)); 1715 1716 return -EINVAL; 1717 } 1718 } 1719 1720 return 0; 1721 } 1722 1723 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1724 { 1725 struct role_datum *upper, *role; 1726 struct policydb *p = datap; 1727 int depth = 0; 1728 1729 upper = role = datum; 1730 while (upper->bounds) { 1731 struct ebitmap_node *node; 1732 u32 bit; 1733 1734 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1735 pr_err("SELinux: role %s: " 1736 "too deep or looped bounds\n", 1737 (char *)key); 1738 return -EINVAL; 1739 } 1740 1741 upper = p->role_val_to_struct[upper->bounds - 1]; 1742 ebitmap_for_each_positive_bit(&role->types, node, bit) 1743 { 1744 if (ebitmap_get_bit(&upper->types, bit)) 1745 continue; 1746 1747 pr_err("SELinux: boundary violated policy: " 1748 "role=%s type=%s bounds=%s\n", 1749 sym_name(p, SYM_ROLES, role->value - 1), 1750 sym_name(p, SYM_TYPES, bit), 1751 sym_name(p, SYM_ROLES, upper->value - 1)); 1752 1753 return -EINVAL; 1754 } 1755 } 1756 1757 return 0; 1758 } 1759 1760 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1761 { 1762 struct type_datum *upper; 1763 struct policydb *p = datap; 1764 int depth = 0; 1765 1766 upper = datum; 1767 while (upper->bounds) { 1768 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1769 pr_err("SELinux: type %s: " 1770 "too deep or looped boundary\n", 1771 (char *)key); 1772 return -EINVAL; 1773 } 1774 1775 upper = p->type_val_to_struct[upper->bounds - 1]; 1776 BUG_ON(!upper); 1777 1778 if (upper->attribute) { 1779 pr_err("SELinux: type %s: " 1780 "bounded by attribute %s\n", 1781 (char *)key, 1782 sym_name(p, SYM_TYPES, upper->value - 1)); 1783 return -EINVAL; 1784 } 1785 } 1786 1787 return 0; 1788 } 1789 1790 static int policydb_bounds_sanity_check(struct policydb *p) 1791 { 1792 int rc; 1793 1794 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1795 return 0; 1796 1797 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1798 if (rc) 1799 return rc; 1800 1801 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1802 if (rc) 1803 return rc; 1804 1805 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1806 if (rc) 1807 return rc; 1808 1809 return 0; 1810 } 1811 1812 u16 string_to_security_class(struct policydb *p, const char *name) 1813 { 1814 struct class_datum *cladatum; 1815 1816 cladatum = symtab_search(&p->p_classes, name); 1817 if (!cladatum) 1818 return 0; 1819 1820 return cladatum->value; 1821 } 1822 1823 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1824 { 1825 struct class_datum *cladatum; 1826 struct perm_datum *perdatum = NULL; 1827 struct common_datum *comdatum; 1828 1829 if (!tclass || tclass > p->p_classes.nprim) 1830 return 0; 1831 1832 cladatum = p->class_val_to_struct[tclass - 1]; 1833 comdatum = cladatum->comdatum; 1834 if (comdatum) 1835 perdatum = symtab_search(&comdatum->permissions, name); 1836 if (!perdatum) 1837 perdatum = symtab_search(&cladatum->permissions, name); 1838 if (!perdatum) 1839 return 0; 1840 1841 return 1U << (perdatum->value - 1); 1842 } 1843 1844 static int range_read(struct policydb *p, struct policy_file *fp) 1845 { 1846 struct range_trans *rt = NULL; 1847 struct mls_range *r = NULL; 1848 int rc; 1849 __le32 buf[2]; 1850 u32 i, nel; 1851 1852 if (p->policyvers < POLICYDB_VERSION_MLS) 1853 return 0; 1854 1855 rc = next_entry(buf, fp, sizeof(u32)); 1856 if (rc) 1857 return rc; 1858 1859 nel = le32_to_cpu(buf[0]); 1860 1861 rc = hashtab_init(&p->range_tr, nel); 1862 if (rc) 1863 return rc; 1864 1865 for (i = 0; i < nel; i++) { 1866 rc = -ENOMEM; 1867 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1868 if (!rt) 1869 goto out; 1870 1871 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1872 if (rc) 1873 goto out; 1874 1875 rt->source_type = le32_to_cpu(buf[0]); 1876 rt->target_type = le32_to_cpu(buf[1]); 1877 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1878 rc = next_entry(buf, fp, sizeof(u32)); 1879 if (rc) 1880 goto out; 1881 rt->target_class = le32_to_cpu(buf[0]); 1882 } else 1883 rt->target_class = p->process_class; 1884 1885 rc = -EINVAL; 1886 if (!policydb_type_isvalid(p, rt->source_type) || 1887 !policydb_type_isvalid(p, rt->target_type) || 1888 !policydb_class_isvalid(p, rt->target_class)) 1889 goto out; 1890 1891 rc = -ENOMEM; 1892 r = kzalloc(sizeof(*r), GFP_KERNEL); 1893 if (!r) 1894 goto out; 1895 1896 rc = mls_read_range_helper(r, fp); 1897 if (rc) 1898 goto out; 1899 1900 rc = -EINVAL; 1901 if (!mls_range_isvalid(p, r)) { 1902 pr_warn("SELinux: rangetrans: invalid range\n"); 1903 goto out; 1904 } 1905 1906 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1907 if (rc) 1908 goto out; 1909 1910 rt = NULL; 1911 r = NULL; 1912 } 1913 hash_eval(&p->range_tr, "rangetr", NULL); 1914 rc = 0; 1915 out: 1916 kfree(rt); 1917 kfree(r); 1918 return rc; 1919 } 1920 1921 static int filename_trans_read_helper_compat(struct policydb *p, struct policy_file *fp) 1922 { 1923 struct filename_trans_key key, *ft = NULL; 1924 struct filename_trans_datum *last, *datum = NULL; 1925 char *name = NULL; 1926 u32 len, stype, otype; 1927 __le32 buf[4]; 1928 int rc; 1929 1930 /* length of the path component string */ 1931 rc = next_entry(buf, fp, sizeof(u32)); 1932 if (rc) 1933 return rc; 1934 len = le32_to_cpu(buf[0]); 1935 1936 /* path component string */ 1937 rc = str_read(&name, GFP_KERNEL, fp, len); 1938 if (rc) 1939 return rc; 1940 1941 rc = next_entry(buf, fp, sizeof(u32) * 4); 1942 if (rc) 1943 goto out; 1944 1945 stype = le32_to_cpu(buf[0]); 1946 key.ttype = le32_to_cpu(buf[1]); 1947 key.tclass = le32_to_cpu(buf[2]); 1948 key.name = name; 1949 1950 otype = le32_to_cpu(buf[3]); 1951 1952 last = NULL; 1953 datum = policydb_filenametr_search(p, &key); 1954 while (datum) { 1955 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1956 /* conflicting/duplicate rules are ignored */ 1957 datum = NULL; 1958 rc = 0; 1959 goto out; 1960 } 1961 if (likely(datum->otype == otype)) 1962 break; 1963 last = datum; 1964 datum = datum->next; 1965 } 1966 if (!datum) { 1967 rc = -ENOMEM; 1968 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1969 if (!datum) 1970 goto out; 1971 1972 ebitmap_init(&datum->stypes); 1973 datum->otype = otype; 1974 datum->next = NULL; 1975 1976 if (unlikely(last)) { 1977 last->next = datum; 1978 } else { 1979 rc = -ENOMEM; 1980 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1981 if (!ft) 1982 goto out; 1983 1984 rc = hashtab_insert(&p->filename_trans, ft, datum, 1985 filenametr_key_params); 1986 if (rc) 1987 goto out; 1988 name = NULL; 1989 1990 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1991 key.ttype, 1); 1992 if (rc) 1993 return rc; 1994 } 1995 } 1996 kfree(name); 1997 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1998 1999 out: 2000 kfree(ft); 2001 kfree(name); 2002 kfree(datum); 2003 return rc; 2004 } 2005 2006 static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp) 2007 { 2008 struct filename_trans_key *ft = NULL; 2009 struct filename_trans_datum **dst, *datum, *first = NULL; 2010 char *name = NULL; 2011 u32 len, ttype, tclass, ndatum, i; 2012 __le32 buf[3]; 2013 int rc; 2014 2015 /* length of the path component string */ 2016 rc = next_entry(buf, fp, sizeof(u32)); 2017 if (rc) 2018 return rc; 2019 len = le32_to_cpu(buf[0]); 2020 2021 /* path component string */ 2022 rc = str_read(&name, GFP_KERNEL, fp, len); 2023 if (rc) 2024 return rc; 2025 2026 rc = next_entry(buf, fp, sizeof(u32) * 3); 2027 if (rc) 2028 goto out; 2029 2030 ttype = le32_to_cpu(buf[0]); 2031 tclass = le32_to_cpu(buf[1]); 2032 2033 ndatum = le32_to_cpu(buf[2]); 2034 if (ndatum == 0) { 2035 pr_err("SELinux: Filename transition key with no datum\n"); 2036 rc = -ENOENT; 2037 goto out; 2038 } 2039 2040 dst = &first; 2041 for (i = 0; i < ndatum; i++) { 2042 rc = -ENOMEM; 2043 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2044 if (!datum) 2045 goto out; 2046 2047 datum->next = NULL; 2048 *dst = datum; 2049 2050 /* ebitmap_read() will at least init the bitmap */ 2051 rc = ebitmap_read(&datum->stypes, fp); 2052 if (rc) 2053 goto out; 2054 2055 rc = next_entry(buf, fp, sizeof(u32)); 2056 if (rc) 2057 goto out; 2058 2059 datum->otype = le32_to_cpu(buf[0]); 2060 2061 dst = &datum->next; 2062 } 2063 2064 rc = -ENOMEM; 2065 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2066 if (!ft) 2067 goto out; 2068 2069 ft->ttype = ttype; 2070 ft->tclass = tclass; 2071 ft->name = name; 2072 2073 rc = hashtab_insert(&p->filename_trans, ft, first, 2074 filenametr_key_params); 2075 if (rc == -EEXIST) 2076 pr_err("SELinux: Duplicate filename transition key\n"); 2077 if (rc) 2078 goto out; 2079 2080 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2081 2082 out: 2083 kfree(ft); 2084 kfree(name); 2085 while (first) { 2086 datum = first; 2087 first = first->next; 2088 2089 ebitmap_destroy(&datum->stypes); 2090 kfree(datum); 2091 } 2092 return rc; 2093 } 2094 2095 static int filename_trans_read(struct policydb *p, struct policy_file *fp) 2096 { 2097 u32 nel, i; 2098 __le32 buf[1]; 2099 int rc; 2100 2101 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2102 return 0; 2103 2104 rc = next_entry(buf, fp, sizeof(u32)); 2105 if (rc) 2106 return rc; 2107 nel = le32_to_cpu(buf[0]); 2108 2109 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2110 p->compat_filename_trans_count = nel; 2111 2112 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2113 if (rc) 2114 return rc; 2115 2116 for (i = 0; i < nel; i++) { 2117 rc = filename_trans_read_helper_compat(p, fp); 2118 if (rc) 2119 return rc; 2120 } 2121 } else { 2122 rc = hashtab_init(&p->filename_trans, nel); 2123 if (rc) 2124 return rc; 2125 2126 for (i = 0; i < nel; i++) { 2127 rc = filename_trans_read_helper(p, fp); 2128 if (rc) 2129 return rc; 2130 } 2131 } 2132 hash_eval(&p->filename_trans, "filenametr", NULL); 2133 return 0; 2134 } 2135 2136 static int genfs_read(struct policydb *p, struct policy_file *fp) 2137 { 2138 int rc; 2139 u32 i, j, nel, nel2, len, len2; 2140 __le32 buf[1]; 2141 struct ocontext *l, *c; 2142 struct ocontext *newc = NULL; 2143 struct genfs *genfs_p, *genfs; 2144 struct genfs *newgenfs = NULL; 2145 2146 rc = next_entry(buf, fp, sizeof(u32)); 2147 if (rc) 2148 return rc; 2149 nel = le32_to_cpu(buf[0]); 2150 2151 for (i = 0; i < nel; i++) { 2152 rc = next_entry(buf, fp, sizeof(u32)); 2153 if (rc) 2154 goto out; 2155 len = le32_to_cpu(buf[0]); 2156 2157 rc = -ENOMEM; 2158 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2159 if (!newgenfs) 2160 goto out; 2161 2162 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2163 if (rc) 2164 goto out; 2165 2166 for (genfs_p = NULL, genfs = p->genfs; genfs; 2167 genfs_p = genfs, genfs = genfs->next) { 2168 rc = -EINVAL; 2169 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2170 pr_err("SELinux: dup genfs fstype %s\n", 2171 newgenfs->fstype); 2172 goto out; 2173 } 2174 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2175 break; 2176 } 2177 newgenfs->next = genfs; 2178 if (genfs_p) 2179 genfs_p->next = newgenfs; 2180 else 2181 p->genfs = newgenfs; 2182 genfs = newgenfs; 2183 newgenfs = NULL; 2184 2185 rc = next_entry(buf, fp, sizeof(u32)); 2186 if (rc) 2187 goto out; 2188 2189 nel2 = le32_to_cpu(buf[0]); 2190 for (j = 0; j < nel2; j++) { 2191 rc = next_entry(buf, fp, sizeof(u32)); 2192 if (rc) 2193 goto out; 2194 len = le32_to_cpu(buf[0]); 2195 2196 rc = -ENOMEM; 2197 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2198 if (!newc) 2199 goto out; 2200 2201 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2202 if (rc) 2203 goto out; 2204 2205 rc = next_entry(buf, fp, sizeof(u32)); 2206 if (rc) 2207 goto out; 2208 2209 newc->v.sclass = le32_to_cpu(buf[0]); 2210 rc = context_read_and_validate(&newc->context[0], p, 2211 fp); 2212 if (rc) 2213 goto out; 2214 2215 for (l = NULL, c = genfs->head; c; l = c, c = c->next) { 2216 rc = -EINVAL; 2217 if (!strcmp(newc->u.name, c->u.name) && 2218 (!c->v.sclass || !newc->v.sclass || 2219 newc->v.sclass == c->v.sclass)) { 2220 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2221 genfs->fstype, c->u.name); 2222 goto out; 2223 } 2224 len = strlen(newc->u.name); 2225 len2 = strlen(c->u.name); 2226 if (len > len2) 2227 break; 2228 } 2229 2230 newc->next = c; 2231 if (l) 2232 l->next = newc; 2233 else 2234 genfs->head = newc; 2235 newc = NULL; 2236 } 2237 } 2238 rc = 0; 2239 out: 2240 if (newgenfs) { 2241 kfree(newgenfs->fstype); 2242 kfree(newgenfs); 2243 } 2244 ocontext_destroy(newc, OCON_FSUSE); 2245 2246 return rc; 2247 } 2248 2249 static int ocontext_read(struct policydb *p, 2250 const struct policydb_compat_info *info, struct policy_file *fp) 2251 { 2252 int rc; 2253 unsigned int i; 2254 u32 j, nel, len; 2255 __be64 prefixbuf[1]; 2256 __le32 buf[3]; 2257 struct ocontext *l, *c; 2258 u32 nodebuf[8]; 2259 2260 for (i = 0; i < info->ocon_num; i++) { 2261 rc = next_entry(buf, fp, sizeof(u32)); 2262 if (rc) 2263 goto out; 2264 nel = le32_to_cpu(buf[0]); 2265 2266 l = NULL; 2267 for (j = 0; j < nel; j++) { 2268 rc = -ENOMEM; 2269 c = kzalloc(sizeof(*c), GFP_KERNEL); 2270 if (!c) 2271 goto out; 2272 if (l) 2273 l->next = c; 2274 else 2275 p->ocontexts[i] = c; 2276 l = c; 2277 2278 switch (i) { 2279 case OCON_ISID: 2280 rc = next_entry(buf, fp, sizeof(u32)); 2281 if (rc) 2282 goto out; 2283 2284 c->sid[0] = le32_to_cpu(buf[0]); 2285 rc = context_read_and_validate(&c->context[0], 2286 p, fp); 2287 if (rc) 2288 goto out; 2289 break; 2290 case OCON_FS: 2291 case OCON_NETIF: 2292 rc = next_entry(buf, fp, sizeof(u32)); 2293 if (rc) 2294 goto out; 2295 len = le32_to_cpu(buf[0]); 2296 2297 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2298 if (rc) 2299 goto out; 2300 2301 if (i == OCON_FS) 2302 pr_warn("SELinux: void and deprecated fs ocon %s\n", 2303 c->u.name); 2304 2305 rc = context_read_and_validate(&c->context[0], 2306 p, fp); 2307 if (rc) 2308 goto out; 2309 rc = context_read_and_validate(&c->context[1], 2310 p, fp); 2311 if (rc) 2312 goto out; 2313 break; 2314 case OCON_PORT: 2315 rc = next_entry(buf, fp, sizeof(u32) * 3); 2316 if (rc) 2317 goto out; 2318 c->u.port.protocol = le32_to_cpu(buf[0]); 2319 c->u.port.low_port = le32_to_cpu(buf[1]); 2320 c->u.port.high_port = le32_to_cpu(buf[2]); 2321 rc = context_read_and_validate(&c->context[0], 2322 p, fp); 2323 if (rc) 2324 goto out; 2325 break; 2326 case OCON_NODE: 2327 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2328 if (rc) 2329 goto out; 2330 c->u.node.addr = nodebuf[0]; /* network order */ 2331 c->u.node.mask = nodebuf[1]; /* network order */ 2332 rc = context_read_and_validate(&c->context[0], 2333 p, fp); 2334 if (rc) 2335 goto out; 2336 break; 2337 case OCON_FSUSE: 2338 rc = next_entry(buf, fp, sizeof(u32) * 2); 2339 if (rc) 2340 goto out; 2341 2342 rc = -EINVAL; 2343 c->v.behavior = le32_to_cpu(buf[0]); 2344 /* Determined at runtime, not in policy DB. */ 2345 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2346 goto out; 2347 if (c->v.behavior > SECURITY_FS_USE_MAX) 2348 goto out; 2349 2350 len = le32_to_cpu(buf[1]); 2351 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2352 if (rc) 2353 goto out; 2354 2355 rc = context_read_and_validate(&c->context[0], 2356 p, fp); 2357 if (rc) 2358 goto out; 2359 break; 2360 case OCON_NODE6: { 2361 int k; 2362 2363 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2364 if (rc) 2365 goto out; 2366 for (k = 0; k < 4; k++) 2367 c->u.node6.addr[k] = nodebuf[k]; 2368 for (k = 0; k < 4; k++) 2369 c->u.node6.mask[k] = nodebuf[k + 4]; 2370 rc = context_read_and_validate(&c->context[0], 2371 p, fp); 2372 if (rc) 2373 goto out; 2374 break; 2375 } 2376 case OCON_IBPKEY: { 2377 u32 pkey_lo, pkey_hi; 2378 2379 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2380 if (rc) 2381 goto out; 2382 2383 /* we need to have subnet_prefix in CPU order */ 2384 c->u.ibpkey.subnet_prefix = 2385 be64_to_cpu(prefixbuf[0]); 2386 2387 rc = next_entry(buf, fp, sizeof(u32) * 2); 2388 if (rc) 2389 goto out; 2390 2391 pkey_lo = le32_to_cpu(buf[0]); 2392 pkey_hi = le32_to_cpu(buf[1]); 2393 2394 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2395 rc = -EINVAL; 2396 goto out; 2397 } 2398 2399 c->u.ibpkey.low_pkey = pkey_lo; 2400 c->u.ibpkey.high_pkey = pkey_hi; 2401 2402 rc = context_read_and_validate(&c->context[0], 2403 p, fp); 2404 if (rc) 2405 goto out; 2406 break; 2407 } 2408 case OCON_IBENDPORT: { 2409 u32 port; 2410 2411 rc = next_entry(buf, fp, sizeof(u32) * 2); 2412 if (rc) 2413 goto out; 2414 len = le32_to_cpu(buf[0]); 2415 2416 rc = str_read(&c->u.ibendport.dev_name, 2417 GFP_KERNEL, fp, len); 2418 if (rc) 2419 goto out; 2420 2421 port = le32_to_cpu(buf[1]); 2422 if (port > U8_MAX || port == 0) { 2423 rc = -EINVAL; 2424 goto out; 2425 } 2426 2427 c->u.ibendport.port = port; 2428 2429 rc = context_read_and_validate(&c->context[0], 2430 p, fp); 2431 if (rc) 2432 goto out; 2433 break; 2434 } /* end case */ 2435 } /* end switch */ 2436 } 2437 } 2438 rc = 0; 2439 out: 2440 return rc; 2441 } 2442 2443 /* 2444 * Read the configuration data from a policy database binary 2445 * representation file into a policy database structure. 2446 */ 2447 int policydb_read(struct policydb *p, struct policy_file *fp) 2448 { 2449 struct role_allow *ra, *lra; 2450 struct role_trans_key *rtk = NULL; 2451 struct role_trans_datum *rtd = NULL; 2452 int rc; 2453 __le32 buf[4]; 2454 u32 i, j, len, nprim, nel, perm; 2455 2456 char *policydb_str; 2457 const struct policydb_compat_info *info; 2458 2459 policydb_init(p); 2460 2461 /* Read the magic number and string length. */ 2462 rc = next_entry(buf, fp, sizeof(u32) * 2); 2463 if (rc) 2464 goto bad; 2465 2466 rc = -EINVAL; 2467 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2468 pr_err("SELinux: policydb magic number 0x%x does " 2469 "not match expected magic number 0x%x\n", 2470 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2471 goto bad; 2472 } 2473 2474 rc = -EINVAL; 2475 len = le32_to_cpu(buf[1]); 2476 if (len != strlen(POLICYDB_STRING)) { 2477 pr_err("SELinux: policydb string length %d does not " 2478 "match expected length %zu\n", 2479 len, strlen(POLICYDB_STRING)); 2480 goto bad; 2481 } 2482 2483 rc = str_read(&policydb_str, GFP_KERNEL, fp, len); 2484 if (rc) { 2485 if (rc == -ENOMEM) { 2486 pr_err("SELinux: unable to allocate memory for policydb string of length %d\n", 2487 len); 2488 } else { 2489 pr_err("SELinux: truncated policydb string identifier\n"); 2490 } 2491 goto bad; 2492 } 2493 2494 rc = -EINVAL; 2495 if (strcmp(policydb_str, POLICYDB_STRING)) { 2496 pr_err("SELinux: policydb string %s does not match " 2497 "my string %s\n", 2498 policydb_str, POLICYDB_STRING); 2499 kfree(policydb_str); 2500 goto bad; 2501 } 2502 /* Done with policydb_str. */ 2503 kfree(policydb_str); 2504 policydb_str = NULL; 2505 2506 /* Read the version and table sizes. */ 2507 rc = next_entry(buf, fp, sizeof(u32) * 4); 2508 if (rc) 2509 goto bad; 2510 2511 rc = -EINVAL; 2512 p->policyvers = le32_to_cpu(buf[0]); 2513 if (p->policyvers < POLICYDB_VERSION_MIN || 2514 p->policyvers > POLICYDB_VERSION_MAX) { 2515 pr_err("SELinux: policydb version %d does not match " 2516 "my version range %d-%d\n", 2517 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, 2518 POLICYDB_VERSION_MAX); 2519 goto bad; 2520 } 2521 2522 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2523 p->mls_enabled = 1; 2524 2525 rc = -EINVAL; 2526 if (p->policyvers < POLICYDB_VERSION_MLS) { 2527 pr_err("SELinux: security policydb version %d " 2528 "(MLS) not backwards compatible\n", 2529 p->policyvers); 2530 goto bad; 2531 } 2532 } 2533 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2534 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2535 2536 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2537 rc = ebitmap_read(&p->policycaps, fp); 2538 if (rc) 2539 goto bad; 2540 } 2541 2542 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2543 rc = ebitmap_read(&p->permissive_map, fp); 2544 if (rc) 2545 goto bad; 2546 } 2547 2548 if (p->policyvers >= POLICYDB_VERSION_NEVERAUDIT) { 2549 rc = ebitmap_read(&p->neveraudit_map, fp); 2550 if (rc) 2551 goto bad; 2552 } 2553 2554 rc = -EINVAL; 2555 info = policydb_lookup_compat(p->policyvers); 2556 if (!info) { 2557 pr_err("SELinux: unable to find policy compat info " 2558 "for version %d\n", 2559 p->policyvers); 2560 goto bad; 2561 } 2562 2563 rc = -EINVAL; 2564 if (le32_to_cpu(buf[2]) != info->sym_num || 2565 le32_to_cpu(buf[3]) != info->ocon_num) { 2566 pr_err("SELinux: policydb table sizes (%d,%d) do " 2567 "not match mine (%d,%d)\n", 2568 le32_to_cpu(buf[2]), le32_to_cpu(buf[3]), info->sym_num, 2569 info->ocon_num); 2570 goto bad; 2571 } 2572 2573 for (i = 0; i < info->sym_num; i++) { 2574 rc = next_entry(buf, fp, sizeof(u32) * 2); 2575 if (rc) 2576 goto bad; 2577 nprim = le32_to_cpu(buf[0]); 2578 nel = le32_to_cpu(buf[1]); 2579 2580 rc = symtab_init(&p->symtab[i], nel); 2581 if (rc) 2582 goto out; 2583 2584 if (i == SYM_ROLES) { 2585 rc = roles_init(p); 2586 if (rc) 2587 goto out; 2588 } 2589 2590 for (j = 0; j < nel; j++) { 2591 rc = read_f[i](p, &p->symtab[i], fp); 2592 if (rc) 2593 goto bad; 2594 } 2595 2596 p->symtab[i].nprim = nprim; 2597 } 2598 2599 rc = -EINVAL; 2600 p->process_class = string_to_security_class(p, "process"); 2601 if (!p->process_class) { 2602 pr_err("SELinux: process class is required, not defined in policy\n"); 2603 goto bad; 2604 } 2605 2606 rc = avtab_read(&p->te_avtab, fp, p); 2607 if (rc) 2608 goto bad; 2609 2610 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2611 rc = cond_read_list(p, fp); 2612 if (rc) 2613 goto bad; 2614 } 2615 2616 rc = next_entry(buf, fp, sizeof(u32)); 2617 if (rc) 2618 goto bad; 2619 nel = le32_to_cpu(buf[0]); 2620 2621 rc = hashtab_init(&p->role_tr, nel); 2622 if (rc) 2623 goto bad; 2624 for (i = 0; i < nel; i++) { 2625 rc = -ENOMEM; 2626 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2627 if (!rtk) 2628 goto bad; 2629 2630 rc = -ENOMEM; 2631 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2632 if (!rtd) 2633 goto bad; 2634 2635 rc = next_entry(buf, fp, sizeof(u32) * 3); 2636 if (rc) 2637 goto bad; 2638 2639 rtk->role = le32_to_cpu(buf[0]); 2640 rtk->type = le32_to_cpu(buf[1]); 2641 rtd->new_role = le32_to_cpu(buf[2]); 2642 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2643 rc = next_entry(buf, fp, sizeof(u32)); 2644 if (rc) 2645 goto bad; 2646 rtk->tclass = le32_to_cpu(buf[0]); 2647 } else 2648 rtk->tclass = p->process_class; 2649 2650 rc = -EINVAL; 2651 if (!policydb_role_isvalid(p, rtk->role) || 2652 !policydb_type_isvalid(p, rtk->type) || 2653 !policydb_class_isvalid(p, rtk->tclass) || 2654 !policydb_role_isvalid(p, rtd->new_role)) 2655 goto bad; 2656 2657 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2658 if (rc) 2659 goto bad; 2660 2661 rtk = NULL; 2662 rtd = NULL; 2663 } 2664 2665 hash_eval(&p->role_tr, "roletr", NULL); 2666 2667 rc = next_entry(buf, fp, sizeof(u32)); 2668 if (rc) 2669 goto bad; 2670 nel = le32_to_cpu(buf[0]); 2671 lra = NULL; 2672 for (i = 0; i < nel; i++) { 2673 rc = -ENOMEM; 2674 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2675 if (!ra) 2676 goto bad; 2677 if (lra) 2678 lra->next = ra; 2679 else 2680 p->role_allow = ra; 2681 rc = next_entry(buf, fp, sizeof(u32) * 2); 2682 if (rc) 2683 goto bad; 2684 2685 rc = -EINVAL; 2686 ra->role = le32_to_cpu(buf[0]); 2687 ra->new_role = le32_to_cpu(buf[1]); 2688 if (!policydb_role_isvalid(p, ra->role) || 2689 !policydb_role_isvalid(p, ra->new_role)) 2690 goto bad; 2691 lra = ra; 2692 } 2693 2694 rc = filename_trans_read(p, fp); 2695 if (rc) 2696 goto bad; 2697 2698 rc = policydb_index(p); 2699 if (rc) 2700 goto bad; 2701 2702 rc = -EINVAL; 2703 perm = string_to_av_perm(p, p->process_class, "transition"); 2704 if (!perm) { 2705 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2706 goto bad; 2707 } 2708 p->process_trans_perms = perm; 2709 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2710 if (!perm) { 2711 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2712 goto bad; 2713 } 2714 p->process_trans_perms |= perm; 2715 2716 rc = ocontext_read(p, info, fp); 2717 if (rc) 2718 goto bad; 2719 2720 rc = genfs_read(p, fp); 2721 if (rc) 2722 goto bad; 2723 2724 rc = range_read(p, fp); 2725 if (rc) 2726 goto bad; 2727 2728 rc = -ENOMEM; 2729 p->type_attr_map_array = kvcalloc( 2730 p->p_types.nprim, sizeof(*p->type_attr_map_array), GFP_KERNEL); 2731 if (!p->type_attr_map_array) 2732 goto bad; 2733 2734 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2735 for (i = 0; i < p->p_types.nprim; i++) 2736 ebitmap_init(&p->type_attr_map_array[i]); 2737 2738 for (i = 0; i < p->p_types.nprim; i++) { 2739 struct ebitmap *e = &p->type_attr_map_array[i]; 2740 2741 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2742 rc = ebitmap_read(e, fp); 2743 if (rc) 2744 goto bad; 2745 } 2746 /* add the type itself as the degenerate case */ 2747 rc = ebitmap_set_bit(e, i, 1); 2748 if (rc) 2749 goto bad; 2750 } 2751 2752 rc = policydb_bounds_sanity_check(p); 2753 if (rc) 2754 goto bad; 2755 2756 rc = 0; 2757 out: 2758 return rc; 2759 bad: 2760 kfree(rtk); 2761 kfree(rtd); 2762 policydb_destroy(p); 2763 goto out; 2764 } 2765 2766 /* 2767 * Write a MLS level structure to a policydb binary 2768 * representation file. 2769 */ 2770 static int mls_write_level(struct mls_level *l, struct policy_file *fp) 2771 { 2772 __le32 buf[1]; 2773 int rc; 2774 2775 buf[0] = cpu_to_le32(l->sens); 2776 rc = put_entry(buf, sizeof(u32), 1, fp); 2777 if (rc) 2778 return rc; 2779 2780 rc = ebitmap_write(&l->cat, fp); 2781 if (rc) 2782 return rc; 2783 2784 return 0; 2785 } 2786 2787 /* 2788 * Write a MLS range structure to a policydb binary 2789 * representation file. 2790 */ 2791 static int mls_write_range_helper(struct mls_range *r, struct policy_file *fp) 2792 { 2793 __le32 buf[3]; 2794 size_t items; 2795 int rc, eq; 2796 2797 eq = mls_level_eq(&r->level[1], &r->level[0]); 2798 2799 if (eq) 2800 items = 2; 2801 else 2802 items = 3; 2803 buf[0] = cpu_to_le32(items - 1); 2804 buf[1] = cpu_to_le32(r->level[0].sens); 2805 if (!eq) 2806 buf[2] = cpu_to_le32(r->level[1].sens); 2807 2808 BUG_ON(items > ARRAY_SIZE(buf)); 2809 2810 rc = put_entry(buf, sizeof(u32), items, fp); 2811 if (rc) 2812 return rc; 2813 2814 rc = ebitmap_write(&r->level[0].cat, fp); 2815 if (rc) 2816 return rc; 2817 if (!eq) { 2818 rc = ebitmap_write(&r->level[1].cat, fp); 2819 if (rc) 2820 return rc; 2821 } 2822 2823 return 0; 2824 } 2825 2826 static int sens_write(void *vkey, void *datum, void *ptr) 2827 { 2828 char *key = vkey; 2829 struct level_datum *levdatum = datum; 2830 struct policy_data *pd = ptr; 2831 struct policy_file *fp = pd->fp; 2832 __le32 buf[2]; 2833 size_t len; 2834 int rc; 2835 2836 len = strlen(key); 2837 buf[0] = cpu_to_le32(len); 2838 buf[1] = cpu_to_le32(levdatum->isalias); 2839 rc = put_entry(buf, sizeof(u32), 2, fp); 2840 if (rc) 2841 return rc; 2842 2843 rc = put_entry(key, 1, len, fp); 2844 if (rc) 2845 return rc; 2846 2847 rc = mls_write_level(&levdatum->level, fp); 2848 if (rc) 2849 return rc; 2850 2851 return 0; 2852 } 2853 2854 static int cat_write(void *vkey, void *datum, void *ptr) 2855 { 2856 char *key = vkey; 2857 struct cat_datum *catdatum = datum; 2858 struct policy_data *pd = ptr; 2859 struct policy_file *fp = pd->fp; 2860 __le32 buf[3]; 2861 size_t len; 2862 int rc; 2863 2864 len = strlen(key); 2865 buf[0] = cpu_to_le32(len); 2866 buf[1] = cpu_to_le32(catdatum->value); 2867 buf[2] = cpu_to_le32(catdatum->isalias); 2868 rc = put_entry(buf, sizeof(u32), 3, fp); 2869 if (rc) 2870 return rc; 2871 2872 rc = put_entry(key, 1, len, fp); 2873 if (rc) 2874 return rc; 2875 2876 return 0; 2877 } 2878 2879 static int role_trans_write_one(void *key, void *datum, void *ptr) 2880 { 2881 struct role_trans_key *rtk = key; 2882 struct role_trans_datum *rtd = datum; 2883 struct policy_data *pd = ptr; 2884 struct policy_file *fp = pd->fp; 2885 struct policydb *p = pd->p; 2886 __le32 buf[3]; 2887 int rc; 2888 2889 buf[0] = cpu_to_le32(rtk->role); 2890 buf[1] = cpu_to_le32(rtk->type); 2891 buf[2] = cpu_to_le32(rtd->new_role); 2892 rc = put_entry(buf, sizeof(u32), 3, fp); 2893 if (rc) 2894 return rc; 2895 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2896 buf[0] = cpu_to_le32(rtk->tclass); 2897 rc = put_entry(buf, sizeof(u32), 1, fp); 2898 if (rc) 2899 return rc; 2900 } 2901 return 0; 2902 } 2903 2904 static int role_trans_write(struct policydb *p, struct policy_file *fp) 2905 { 2906 struct policy_data pd = { .p = p, .fp = fp }; 2907 __le32 buf[1]; 2908 int rc; 2909 2910 buf[0] = cpu_to_le32(p->role_tr.nel); 2911 rc = put_entry(buf, sizeof(u32), 1, fp); 2912 if (rc) 2913 return rc; 2914 2915 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2916 } 2917 2918 static int role_allow_write(struct role_allow *r, struct policy_file *fp) 2919 { 2920 struct role_allow *ra; 2921 __le32 buf[2]; 2922 size_t nel; 2923 int rc; 2924 2925 nel = 0; 2926 for (ra = r; ra; ra = ra->next) 2927 nel++; 2928 buf[0] = cpu_to_le32(nel); 2929 rc = put_entry(buf, sizeof(u32), 1, fp); 2930 if (rc) 2931 return rc; 2932 for (ra = r; ra; ra = ra->next) { 2933 buf[0] = cpu_to_le32(ra->role); 2934 buf[1] = cpu_to_le32(ra->new_role); 2935 rc = put_entry(buf, sizeof(u32), 2, fp); 2936 if (rc) 2937 return rc; 2938 } 2939 return 0; 2940 } 2941 2942 /* 2943 * Write a security context structure 2944 * to a policydb binary representation file. 2945 */ 2946 static int context_write(struct policydb *p, struct context *c, struct policy_file *fp) 2947 { 2948 int rc; 2949 __le32 buf[3]; 2950 2951 buf[0] = cpu_to_le32(c->user); 2952 buf[1] = cpu_to_le32(c->role); 2953 buf[2] = cpu_to_le32(c->type); 2954 2955 rc = put_entry(buf, sizeof(u32), 3, fp); 2956 if (rc) 2957 return rc; 2958 2959 rc = mls_write_range_helper(&c->range, fp); 2960 if (rc) 2961 return rc; 2962 2963 return 0; 2964 } 2965 2966 /* 2967 * The following *_write functions are used to 2968 * write the symbol data to a policy database 2969 * binary representation file. 2970 */ 2971 2972 static int perm_write(void *vkey, void *datum, void *fp) 2973 { 2974 char *key = vkey; 2975 struct perm_datum *perdatum = datum; 2976 __le32 buf[2]; 2977 size_t len; 2978 int rc; 2979 2980 len = strlen(key); 2981 buf[0] = cpu_to_le32(len); 2982 buf[1] = cpu_to_le32(perdatum->value); 2983 rc = put_entry(buf, sizeof(u32), 2, fp); 2984 if (rc) 2985 return rc; 2986 2987 rc = put_entry(key, 1, len, fp); 2988 if (rc) 2989 return rc; 2990 2991 return 0; 2992 } 2993 2994 static int common_write(void *vkey, void *datum, void *ptr) 2995 { 2996 char *key = vkey; 2997 struct common_datum *comdatum = datum; 2998 struct policy_data *pd = ptr; 2999 struct policy_file *fp = pd->fp; 3000 __le32 buf[4]; 3001 size_t len; 3002 int rc; 3003 3004 len = strlen(key); 3005 buf[0] = cpu_to_le32(len); 3006 buf[1] = cpu_to_le32(comdatum->value); 3007 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 3008 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 3009 rc = put_entry(buf, sizeof(u32), 4, fp); 3010 if (rc) 3011 return rc; 3012 3013 rc = put_entry(key, 1, len, fp); 3014 if (rc) 3015 return rc; 3016 3017 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 3018 if (rc) 3019 return rc; 3020 3021 return 0; 3022 } 3023 3024 static int type_set_write(struct type_set *t, struct policy_file *fp) 3025 { 3026 int rc; 3027 __le32 buf[1]; 3028 3029 if (ebitmap_write(&t->types, fp)) 3030 return -EINVAL; 3031 if (ebitmap_write(&t->negset, fp)) 3032 return -EINVAL; 3033 3034 buf[0] = cpu_to_le32(t->flags); 3035 rc = put_entry(buf, sizeof(u32), 1, fp); 3036 if (rc) 3037 return -EINVAL; 3038 3039 return 0; 3040 } 3041 3042 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 3043 struct policy_file *fp) 3044 { 3045 struct constraint_node *c; 3046 struct constraint_expr *e; 3047 __le32 buf[3]; 3048 u32 nel; 3049 int rc; 3050 3051 for (c = node; c; c = c->next) { 3052 nel = 0; 3053 for (e = c->expr; e; e = e->next) 3054 nel++; 3055 buf[0] = cpu_to_le32(c->permissions); 3056 buf[1] = cpu_to_le32(nel); 3057 rc = put_entry(buf, sizeof(u32), 2, fp); 3058 if (rc) 3059 return rc; 3060 for (e = c->expr; e; e = e->next) { 3061 buf[0] = cpu_to_le32(e->expr_type); 3062 buf[1] = cpu_to_le32(e->attr); 3063 buf[2] = cpu_to_le32(e->op); 3064 rc = put_entry(buf, sizeof(u32), 3, fp); 3065 if (rc) 3066 return rc; 3067 3068 switch (e->expr_type) { 3069 case CEXPR_NAMES: 3070 rc = ebitmap_write(&e->names, fp); 3071 if (rc) 3072 return rc; 3073 if (p->policyvers >= 3074 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3075 rc = type_set_write(e->type_names, fp); 3076 if (rc) 3077 return rc; 3078 } 3079 break; 3080 default: 3081 break; 3082 } 3083 } 3084 } 3085 3086 return 0; 3087 } 3088 3089 static int class_write(void *vkey, void *datum, void *ptr) 3090 { 3091 char *key = vkey; 3092 struct class_datum *cladatum = datum; 3093 struct policy_data *pd = ptr; 3094 struct policy_file *fp = pd->fp; 3095 struct policydb *p = pd->p; 3096 struct constraint_node *c; 3097 __le32 buf[6]; 3098 u32 ncons; 3099 size_t len, len2; 3100 int rc; 3101 3102 len = strlen(key); 3103 if (cladatum->comkey) 3104 len2 = strlen(cladatum->comkey); 3105 else 3106 len2 = 0; 3107 3108 ncons = 0; 3109 for (c = cladatum->constraints; c; c = c->next) 3110 ncons++; 3111 3112 buf[0] = cpu_to_le32(len); 3113 buf[1] = cpu_to_le32(len2); 3114 buf[2] = cpu_to_le32(cladatum->value); 3115 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3116 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3117 buf[5] = cpu_to_le32(ncons); 3118 rc = put_entry(buf, sizeof(u32), 6, fp); 3119 if (rc) 3120 return rc; 3121 3122 rc = put_entry(key, 1, len, fp); 3123 if (rc) 3124 return rc; 3125 3126 if (cladatum->comkey) { 3127 rc = put_entry(cladatum->comkey, 1, len2, fp); 3128 if (rc) 3129 return rc; 3130 } 3131 3132 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3133 if (rc) 3134 return rc; 3135 3136 rc = write_cons_helper(p, cladatum->constraints, fp); 3137 if (rc) 3138 return rc; 3139 3140 /* write out the validatetrans rule */ 3141 ncons = 0; 3142 for (c = cladatum->validatetrans; c; c = c->next) 3143 ncons++; 3144 3145 buf[0] = cpu_to_le32(ncons); 3146 rc = put_entry(buf, sizeof(u32), 1, fp); 3147 if (rc) 3148 return rc; 3149 3150 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3151 if (rc) 3152 return rc; 3153 3154 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3155 buf[0] = cpu_to_le32(cladatum->default_user); 3156 buf[1] = cpu_to_le32(cladatum->default_role); 3157 buf[2] = cpu_to_le32(cladatum->default_range); 3158 3159 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3160 if (rc) 3161 return rc; 3162 } 3163 3164 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3165 buf[0] = cpu_to_le32(cladatum->default_type); 3166 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3167 if (rc) 3168 return rc; 3169 } 3170 3171 return 0; 3172 } 3173 3174 static int role_write(void *vkey, void *datum, void *ptr) 3175 { 3176 char *key = vkey; 3177 struct role_datum *role = datum; 3178 struct policy_data *pd = ptr; 3179 struct policy_file *fp = pd->fp; 3180 struct policydb *p = pd->p; 3181 __le32 buf[3]; 3182 size_t items, len; 3183 int rc; 3184 3185 len = strlen(key); 3186 items = 0; 3187 buf[items++] = cpu_to_le32(len); 3188 buf[items++] = cpu_to_le32(role->value); 3189 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3190 buf[items++] = cpu_to_le32(role->bounds); 3191 3192 BUG_ON(items > ARRAY_SIZE(buf)); 3193 3194 rc = put_entry(buf, sizeof(u32), items, fp); 3195 if (rc) 3196 return rc; 3197 3198 rc = put_entry(key, 1, len, fp); 3199 if (rc) 3200 return rc; 3201 3202 rc = ebitmap_write(&role->dominates, fp); 3203 if (rc) 3204 return rc; 3205 3206 rc = ebitmap_write(&role->types, fp); 3207 if (rc) 3208 return rc; 3209 3210 return 0; 3211 } 3212 3213 static int type_write(void *vkey, void *datum, void *ptr) 3214 { 3215 char *key = vkey; 3216 struct type_datum *typdatum = datum; 3217 struct policy_data *pd = ptr; 3218 struct policydb *p = pd->p; 3219 struct policy_file *fp = pd->fp; 3220 __le32 buf[4]; 3221 int rc; 3222 size_t items, len; 3223 3224 len = strlen(key); 3225 items = 0; 3226 buf[items++] = cpu_to_le32(len); 3227 buf[items++] = cpu_to_le32(typdatum->value); 3228 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3229 u32 properties = 0; 3230 3231 if (typdatum->primary) 3232 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3233 3234 if (typdatum->attribute) 3235 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3236 3237 buf[items++] = cpu_to_le32(properties); 3238 buf[items++] = cpu_to_le32(typdatum->bounds); 3239 } else { 3240 buf[items++] = cpu_to_le32(typdatum->primary); 3241 } 3242 BUG_ON(items > ARRAY_SIZE(buf)); 3243 rc = put_entry(buf, sizeof(u32), items, fp); 3244 if (rc) 3245 return rc; 3246 3247 rc = put_entry(key, 1, len, fp); 3248 if (rc) 3249 return rc; 3250 3251 return 0; 3252 } 3253 3254 static int user_write(void *vkey, void *datum, void *ptr) 3255 { 3256 char *key = vkey; 3257 struct user_datum *usrdatum = datum; 3258 struct policy_data *pd = ptr; 3259 struct policydb *p = pd->p; 3260 struct policy_file *fp = pd->fp; 3261 __le32 buf[3]; 3262 size_t items, len; 3263 int rc; 3264 3265 len = strlen(key); 3266 items = 0; 3267 buf[items++] = cpu_to_le32(len); 3268 buf[items++] = cpu_to_le32(usrdatum->value); 3269 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3270 buf[items++] = cpu_to_le32(usrdatum->bounds); 3271 BUG_ON(items > ARRAY_SIZE(buf)); 3272 rc = put_entry(buf, sizeof(u32), items, fp); 3273 if (rc) 3274 return rc; 3275 3276 rc = put_entry(key, 1, len, fp); 3277 if (rc) 3278 return rc; 3279 3280 rc = ebitmap_write(&usrdatum->roles, fp); 3281 if (rc) 3282 return rc; 3283 3284 rc = mls_write_range_helper(&usrdatum->range, fp); 3285 if (rc) 3286 return rc; 3287 3288 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3289 if (rc) 3290 return rc; 3291 3292 return 0; 3293 } 3294 3295 /* clang-format off */ 3296 static int (*const write_f[SYM_NUM])(void *key, void *datum, void *datap) = { 3297 common_write, 3298 class_write, 3299 role_write, 3300 type_write, 3301 user_write, 3302 cond_write_bool, 3303 sens_write, 3304 cat_write, 3305 }; 3306 /* clang-format on */ 3307 3308 static int ocontext_write(struct policydb *p, 3309 const struct policydb_compat_info *info, 3310 struct policy_file *fp) 3311 { 3312 unsigned int i, j; 3313 int rc; 3314 size_t nel, len; 3315 __be64 prefixbuf[1]; 3316 __le32 buf[3]; 3317 u32 nodebuf[8]; 3318 struct ocontext *c; 3319 for (i = 0; i < info->ocon_num; i++) { 3320 nel = 0; 3321 for (c = p->ocontexts[i]; c; c = c->next) 3322 nel++; 3323 buf[0] = cpu_to_le32(nel); 3324 rc = put_entry(buf, sizeof(u32), 1, fp); 3325 if (rc) 3326 return rc; 3327 for (c = p->ocontexts[i]; c; c = c->next) { 3328 switch (i) { 3329 case OCON_ISID: 3330 buf[0] = cpu_to_le32(c->sid[0]); 3331 rc = put_entry(buf, sizeof(u32), 1, fp); 3332 if (rc) 3333 return rc; 3334 rc = context_write(p, &c->context[0], fp); 3335 if (rc) 3336 return rc; 3337 break; 3338 case OCON_FS: 3339 case OCON_NETIF: 3340 len = strlen(c->u.name); 3341 buf[0] = cpu_to_le32(len); 3342 rc = put_entry(buf, sizeof(u32), 1, fp); 3343 if (rc) 3344 return rc; 3345 rc = put_entry(c->u.name, 1, len, fp); 3346 if (rc) 3347 return rc; 3348 rc = context_write(p, &c->context[0], fp); 3349 if (rc) 3350 return rc; 3351 rc = context_write(p, &c->context[1], fp); 3352 if (rc) 3353 return rc; 3354 break; 3355 case OCON_PORT: 3356 buf[0] = cpu_to_le32(c->u.port.protocol); 3357 buf[1] = cpu_to_le32(c->u.port.low_port); 3358 buf[2] = cpu_to_le32(c->u.port.high_port); 3359 rc = put_entry(buf, sizeof(u32), 3, fp); 3360 if (rc) 3361 return rc; 3362 rc = context_write(p, &c->context[0], fp); 3363 if (rc) 3364 return rc; 3365 break; 3366 case OCON_NODE: 3367 nodebuf[0] = c->u.node.addr; /* network order */ 3368 nodebuf[1] = c->u.node.mask; /* network order */ 3369 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3370 if (rc) 3371 return rc; 3372 rc = context_write(p, &c->context[0], fp); 3373 if (rc) 3374 return rc; 3375 break; 3376 case OCON_FSUSE: 3377 buf[0] = cpu_to_le32(c->v.behavior); 3378 len = strlen(c->u.name); 3379 buf[1] = cpu_to_le32(len); 3380 rc = put_entry(buf, sizeof(u32), 2, fp); 3381 if (rc) 3382 return rc; 3383 rc = put_entry(c->u.name, 1, len, fp); 3384 if (rc) 3385 return rc; 3386 rc = context_write(p, &c->context[0], fp); 3387 if (rc) 3388 return rc; 3389 break; 3390 case OCON_NODE6: 3391 for (j = 0; j < 4; j++) 3392 nodebuf[j] = 3393 c->u.node6.addr 3394 [j]; /* network order */ 3395 for (j = 0; j < 4; j++) 3396 nodebuf[j + 4] = 3397 c->u.node6.mask 3398 [j]; /* network order */ 3399 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3400 if (rc) 3401 return rc; 3402 rc = context_write(p, &c->context[0], fp); 3403 if (rc) 3404 return rc; 3405 break; 3406 case OCON_IBPKEY: 3407 /* subnet_prefix is in CPU order */ 3408 prefixbuf[0] = 3409 cpu_to_be64(c->u.ibpkey.subnet_prefix); 3410 3411 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3412 if (rc) 3413 return rc; 3414 3415 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3416 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3417 3418 rc = put_entry(buf, sizeof(u32), 2, fp); 3419 if (rc) 3420 return rc; 3421 rc = context_write(p, &c->context[0], fp); 3422 if (rc) 3423 return rc; 3424 break; 3425 case OCON_IBENDPORT: 3426 len = strlen(c->u.ibendport.dev_name); 3427 buf[0] = cpu_to_le32(len); 3428 buf[1] = cpu_to_le32(c->u.ibendport.port); 3429 rc = put_entry(buf, sizeof(u32), 2, fp); 3430 if (rc) 3431 return rc; 3432 rc = put_entry(c->u.ibendport.dev_name, 1, len, 3433 fp); 3434 if (rc) 3435 return rc; 3436 rc = context_write(p, &c->context[0], fp); 3437 if (rc) 3438 return rc; 3439 break; 3440 } 3441 } 3442 } 3443 return 0; 3444 } 3445 3446 static int genfs_write(struct policydb *p, struct policy_file *fp) 3447 { 3448 struct genfs *genfs; 3449 struct ocontext *c; 3450 size_t len; 3451 __le32 buf[1]; 3452 int rc; 3453 3454 len = 0; 3455 for (genfs = p->genfs; genfs; genfs = genfs->next) 3456 len++; 3457 buf[0] = cpu_to_le32(len); 3458 rc = put_entry(buf, sizeof(u32), 1, fp); 3459 if (rc) 3460 return rc; 3461 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3462 len = strlen(genfs->fstype); 3463 buf[0] = cpu_to_le32(len); 3464 rc = put_entry(buf, sizeof(u32), 1, fp); 3465 if (rc) 3466 return rc; 3467 rc = put_entry(genfs->fstype, 1, len, fp); 3468 if (rc) 3469 return rc; 3470 len = 0; 3471 for (c = genfs->head; c; c = c->next) 3472 len++; 3473 buf[0] = cpu_to_le32(len); 3474 rc = put_entry(buf, sizeof(u32), 1, fp); 3475 if (rc) 3476 return rc; 3477 for (c = genfs->head; c; c = c->next) { 3478 len = strlen(c->u.name); 3479 buf[0] = cpu_to_le32(len); 3480 rc = put_entry(buf, sizeof(u32), 1, fp); 3481 if (rc) 3482 return rc; 3483 rc = put_entry(c->u.name, 1, len, fp); 3484 if (rc) 3485 return rc; 3486 buf[0] = cpu_to_le32(c->v.sclass); 3487 rc = put_entry(buf, sizeof(u32), 1, fp); 3488 if (rc) 3489 return rc; 3490 rc = context_write(p, &c->context[0], fp); 3491 if (rc) 3492 return rc; 3493 } 3494 } 3495 return 0; 3496 } 3497 3498 static int range_write_helper(void *key, void *data, void *ptr) 3499 { 3500 __le32 buf[2]; 3501 struct range_trans *rt = key; 3502 struct mls_range *r = data; 3503 struct policy_data *pd = ptr; 3504 struct policy_file *fp = pd->fp; 3505 struct policydb *p = pd->p; 3506 int rc; 3507 3508 buf[0] = cpu_to_le32(rt->source_type); 3509 buf[1] = cpu_to_le32(rt->target_type); 3510 rc = put_entry(buf, sizeof(u32), 2, fp); 3511 if (rc) 3512 return rc; 3513 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3514 buf[0] = cpu_to_le32(rt->target_class); 3515 rc = put_entry(buf, sizeof(u32), 1, fp); 3516 if (rc) 3517 return rc; 3518 } 3519 rc = mls_write_range_helper(r, fp); 3520 if (rc) 3521 return rc; 3522 3523 return 0; 3524 } 3525 3526 static int range_write(struct policydb *p, struct policy_file *fp) 3527 { 3528 __le32 buf[1]; 3529 int rc; 3530 struct policy_data pd; 3531 3532 pd.p = p; 3533 pd.fp = fp; 3534 3535 buf[0] = cpu_to_le32(p->range_tr.nel); 3536 rc = put_entry(buf, sizeof(u32), 1, fp); 3537 if (rc) 3538 return rc; 3539 3540 /* actually write all of the entries */ 3541 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3542 if (rc) 3543 return rc; 3544 3545 return 0; 3546 } 3547 3548 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3549 { 3550 struct filename_trans_key *ft = key; 3551 struct filename_trans_datum *datum = data; 3552 struct ebitmap_node *node; 3553 struct policy_file *fp = ptr; 3554 __le32 buf[4]; 3555 int rc; 3556 u32 bit, len = strlen(ft->name); 3557 3558 do { 3559 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) 3560 { 3561 buf[0] = cpu_to_le32(len); 3562 rc = put_entry(buf, sizeof(u32), 1, fp); 3563 if (rc) 3564 return rc; 3565 3566 rc = put_entry(ft->name, sizeof(char), len, fp); 3567 if (rc) 3568 return rc; 3569 3570 buf[0] = cpu_to_le32(bit + 1); 3571 buf[1] = cpu_to_le32(ft->ttype); 3572 buf[2] = cpu_to_le32(ft->tclass); 3573 buf[3] = cpu_to_le32(datum->otype); 3574 3575 rc = put_entry(buf, sizeof(u32), 4, fp); 3576 if (rc) 3577 return rc; 3578 } 3579 3580 datum = datum->next; 3581 } while (unlikely(datum)); 3582 3583 return 0; 3584 } 3585 3586 static int filename_write_helper(void *key, void *data, void *ptr) 3587 { 3588 struct filename_trans_key *ft = key; 3589 struct filename_trans_datum *datum; 3590 struct policy_file *fp = ptr; 3591 __le32 buf[3]; 3592 int rc; 3593 u32 ndatum, len = strlen(ft->name); 3594 3595 buf[0] = cpu_to_le32(len); 3596 rc = put_entry(buf, sizeof(u32), 1, fp); 3597 if (rc) 3598 return rc; 3599 3600 rc = put_entry(ft->name, sizeof(char), len, fp); 3601 if (rc) 3602 return rc; 3603 3604 ndatum = 0; 3605 datum = data; 3606 do { 3607 ndatum++; 3608 datum = datum->next; 3609 } while (unlikely(datum)); 3610 3611 buf[0] = cpu_to_le32(ft->ttype); 3612 buf[1] = cpu_to_le32(ft->tclass); 3613 buf[2] = cpu_to_le32(ndatum); 3614 rc = put_entry(buf, sizeof(u32), 3, fp); 3615 if (rc) 3616 return rc; 3617 3618 datum = data; 3619 do { 3620 rc = ebitmap_write(&datum->stypes, fp); 3621 if (rc) 3622 return rc; 3623 3624 buf[0] = cpu_to_le32(datum->otype); 3625 rc = put_entry(buf, sizeof(u32), 1, fp); 3626 if (rc) 3627 return rc; 3628 3629 datum = datum->next; 3630 } while (unlikely(datum)); 3631 3632 return 0; 3633 } 3634 3635 static int filename_trans_write(struct policydb *p, struct policy_file *fp) 3636 { 3637 __le32 buf[1]; 3638 int rc; 3639 3640 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3641 return 0; 3642 3643 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3644 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3645 rc = put_entry(buf, sizeof(u32), 1, fp); 3646 if (rc) 3647 return rc; 3648 3649 rc = hashtab_map(&p->filename_trans, 3650 filename_write_helper_compat, fp); 3651 } else { 3652 buf[0] = cpu_to_le32(p->filename_trans.nel); 3653 rc = put_entry(buf, sizeof(u32), 1, fp); 3654 if (rc) 3655 return rc; 3656 3657 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3658 } 3659 return rc; 3660 } 3661 3662 /* 3663 * Write the configuration data in a policy database 3664 * structure to a policy database binary representation 3665 * file. 3666 */ 3667 int policydb_write(struct policydb *p, struct policy_file *fp) 3668 { 3669 unsigned int num_syms; 3670 int rc; 3671 __le32 buf[4]; 3672 u32 config, i; 3673 size_t len; 3674 const struct policydb_compat_info *info; 3675 3676 /* 3677 * refuse to write policy older than compressed avtab 3678 * to simplify the writer. There are other tests dropped 3679 * since we assume this throughout the writer code. Be 3680 * careful if you ever try to remove this restriction 3681 */ 3682 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3683 pr_err("SELinux: refusing to write policy version %d." 3684 " Because it is less than version %d\n", 3685 p->policyvers, POLICYDB_VERSION_AVTAB); 3686 return -EINVAL; 3687 } 3688 3689 config = 0; 3690 if (p->mls_enabled) 3691 config |= POLICYDB_CONFIG_MLS; 3692 3693 if (p->reject_unknown) 3694 config |= REJECT_UNKNOWN; 3695 if (p->allow_unknown) 3696 config |= ALLOW_UNKNOWN; 3697 3698 /* Write the magic number and string identifiers. */ 3699 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3700 len = strlen(POLICYDB_STRING); 3701 buf[1] = cpu_to_le32(len); 3702 rc = put_entry(buf, sizeof(u32), 2, fp); 3703 if (rc) 3704 return rc; 3705 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3706 if (rc) 3707 return rc; 3708 3709 /* Write the version, config, and table sizes. */ 3710 info = policydb_lookup_compat(p->policyvers); 3711 if (!info) { 3712 pr_err("SELinux: compatibility lookup failed for policy " 3713 "version %d\n", 3714 p->policyvers); 3715 return -EINVAL; 3716 } 3717 3718 buf[0] = cpu_to_le32(p->policyvers); 3719 buf[1] = cpu_to_le32(config); 3720 buf[2] = cpu_to_le32(info->sym_num); 3721 buf[3] = cpu_to_le32(info->ocon_num); 3722 3723 rc = put_entry(buf, sizeof(u32), 4, fp); 3724 if (rc) 3725 return rc; 3726 3727 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3728 rc = ebitmap_write(&p->policycaps, fp); 3729 if (rc) 3730 return rc; 3731 } 3732 3733 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3734 rc = ebitmap_write(&p->permissive_map, fp); 3735 if (rc) 3736 return rc; 3737 } 3738 3739 if (p->policyvers >= POLICYDB_VERSION_NEVERAUDIT) { 3740 rc = ebitmap_write(&p->neveraudit_map, fp); 3741 if (rc) 3742 return rc; 3743 } 3744 3745 num_syms = info->sym_num; 3746 for (i = 0; i < num_syms; i++) { 3747 struct policy_data pd; 3748 3749 pd.fp = fp; 3750 pd.p = p; 3751 3752 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3753 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3754 3755 rc = put_entry(buf, sizeof(u32), 2, fp); 3756 if (rc) 3757 return rc; 3758 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3759 if (rc) 3760 return rc; 3761 } 3762 3763 rc = avtab_write(p, &p->te_avtab, fp); 3764 if (rc) 3765 return rc; 3766 3767 rc = cond_write_list(p, fp); 3768 if (rc) 3769 return rc; 3770 3771 rc = role_trans_write(p, fp); 3772 if (rc) 3773 return rc; 3774 3775 rc = role_allow_write(p->role_allow, fp); 3776 if (rc) 3777 return rc; 3778 3779 rc = filename_trans_write(p, fp); 3780 if (rc) 3781 return rc; 3782 3783 rc = ocontext_write(p, info, fp); 3784 if (rc) 3785 return rc; 3786 3787 rc = genfs_write(p, fp); 3788 if (rc) 3789 return rc; 3790 3791 rc = range_write(p, fp); 3792 if (rc) 3793 return rc; 3794 3795 for (i = 0; i < p->p_types.nprim; i++) { 3796 struct ebitmap *e = &p->type_attr_map_array[i]; 3797 3798 rc = ebitmap_write(e, fp); 3799 if (rc) 3800 return rc; 3801 } 3802 3803 return 0; 3804 } 3805