1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 18 * This program is free software; you can redistribute it and/or modify 19 * it under the terms of the GNU General Public License as published by 20 * the Free Software Foundation, version 2. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/sched.h> 25 #include <linux/slab.h> 26 #include <linux/string.h> 27 #include <linux/errno.h> 28 #include "security.h" 29 30 #include "policydb.h" 31 #include "conditional.h" 32 #include "mls.h" 33 34 #define _DEBUG_HASHES 35 36 #ifdef DEBUG_HASHES 37 static char *symtab_name[SYM_NUM] = { 38 "common prefixes", 39 "classes", 40 "roles", 41 "types", 42 "users", 43 "bools", 44 "levels", 45 "categories", 46 }; 47 #endif 48 49 int selinux_mls_enabled = 0; 50 51 static unsigned int symtab_sizes[SYM_NUM] = { 52 2, 53 32, 54 16, 55 512, 56 128, 57 16, 58 16, 59 16, 60 }; 61 62 struct policydb_compat_info { 63 int version; 64 int sym_num; 65 int ocon_num; 66 }; 67 68 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 69 static struct policydb_compat_info policydb_compat[] = { 70 { 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_NUM - 1, 74 }, 75 { 76 .version = POLICYDB_VERSION_BOOL, 77 .sym_num = SYM_NUM - 2, 78 .ocon_num = OCON_NUM - 1, 79 }, 80 { 81 .version = POLICYDB_VERSION_IPV6, 82 .sym_num = SYM_NUM - 2, 83 .ocon_num = OCON_NUM, 84 }, 85 { 86 .version = POLICYDB_VERSION_NLCLASS, 87 .sym_num = SYM_NUM - 2, 88 .ocon_num = OCON_NUM, 89 }, 90 { 91 .version = POLICYDB_VERSION_MLS, 92 .sym_num = SYM_NUM, 93 .ocon_num = OCON_NUM, 94 }, 95 { 96 .version = POLICYDB_VERSION_AVTAB, 97 .sym_num = SYM_NUM, 98 .ocon_num = OCON_NUM, 99 }, 100 { 101 .version = POLICYDB_VERSION_RANGETRANS, 102 .sym_num = SYM_NUM, 103 .ocon_num = OCON_NUM, 104 }, 105 }; 106 107 static struct policydb_compat_info *policydb_lookup_compat(int version) 108 { 109 int i; 110 struct policydb_compat_info *info = NULL; 111 112 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 113 if (policydb_compat[i].version == version) { 114 info = &policydb_compat[i]; 115 break; 116 } 117 } 118 return info; 119 } 120 121 /* 122 * Initialize the role table. 123 */ 124 static int roles_init(struct policydb *p) 125 { 126 char *key = NULL; 127 int rc; 128 struct role_datum *role; 129 130 role = kzalloc(sizeof(*role), GFP_KERNEL); 131 if (!role) { 132 rc = -ENOMEM; 133 goto out; 134 } 135 role->value = ++p->p_roles.nprim; 136 if (role->value != OBJECT_R_VAL) { 137 rc = -EINVAL; 138 goto out_free_role; 139 } 140 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); 141 if (!key) { 142 rc = -ENOMEM; 143 goto out_free_role; 144 } 145 strcpy(key, OBJECT_R); 146 rc = hashtab_insert(p->p_roles.table, key, role); 147 if (rc) 148 goto out_free_key; 149 out: 150 return rc; 151 152 out_free_key: 153 kfree(key); 154 out_free_role: 155 kfree(role); 156 goto out; 157 } 158 159 /* 160 * Initialize a policy database structure. 161 */ 162 static int policydb_init(struct policydb *p) 163 { 164 int i, rc; 165 166 memset(p, 0, sizeof(*p)); 167 168 for (i = 0; i < SYM_NUM; i++) { 169 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 170 if (rc) 171 goto out_free_symtab; 172 } 173 174 rc = avtab_init(&p->te_avtab); 175 if (rc) 176 goto out_free_symtab; 177 178 rc = roles_init(p); 179 if (rc) 180 goto out_free_avtab; 181 182 rc = cond_policydb_init(p); 183 if (rc) 184 goto out_free_avtab; 185 186 out: 187 return rc; 188 189 out_free_avtab: 190 avtab_destroy(&p->te_avtab); 191 192 out_free_symtab: 193 for (i = 0; i < SYM_NUM; i++) 194 hashtab_destroy(p->symtab[i].table); 195 goto out; 196 } 197 198 /* 199 * The following *_index functions are used to 200 * define the val_to_name and val_to_struct arrays 201 * in a policy database structure. The val_to_name 202 * arrays are used when converting security context 203 * structures into string representations. The 204 * val_to_struct arrays are used when the attributes 205 * of a class, role, or user are needed. 206 */ 207 208 static int common_index(void *key, void *datum, void *datap) 209 { 210 struct policydb *p; 211 struct common_datum *comdatum; 212 213 comdatum = datum; 214 p = datap; 215 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 216 return -EINVAL; 217 p->p_common_val_to_name[comdatum->value - 1] = key; 218 return 0; 219 } 220 221 static int class_index(void *key, void *datum, void *datap) 222 { 223 struct policydb *p; 224 struct class_datum *cladatum; 225 226 cladatum = datum; 227 p = datap; 228 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 229 return -EINVAL; 230 p->p_class_val_to_name[cladatum->value - 1] = key; 231 p->class_val_to_struct[cladatum->value - 1] = cladatum; 232 return 0; 233 } 234 235 static int role_index(void *key, void *datum, void *datap) 236 { 237 struct policydb *p; 238 struct role_datum *role; 239 240 role = datum; 241 p = datap; 242 if (!role->value || role->value > p->p_roles.nprim) 243 return -EINVAL; 244 p->p_role_val_to_name[role->value - 1] = key; 245 p->role_val_to_struct[role->value - 1] = role; 246 return 0; 247 } 248 249 static int type_index(void *key, void *datum, void *datap) 250 { 251 struct policydb *p; 252 struct type_datum *typdatum; 253 254 typdatum = datum; 255 p = datap; 256 257 if (typdatum->primary) { 258 if (!typdatum->value || typdatum->value > p->p_types.nprim) 259 return -EINVAL; 260 p->p_type_val_to_name[typdatum->value - 1] = key; 261 } 262 263 return 0; 264 } 265 266 static int user_index(void *key, void *datum, void *datap) 267 { 268 struct policydb *p; 269 struct user_datum *usrdatum; 270 271 usrdatum = datum; 272 p = datap; 273 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 274 return -EINVAL; 275 p->p_user_val_to_name[usrdatum->value - 1] = key; 276 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 277 return 0; 278 } 279 280 static int sens_index(void *key, void *datum, void *datap) 281 { 282 struct policydb *p; 283 struct level_datum *levdatum; 284 285 levdatum = datum; 286 p = datap; 287 288 if (!levdatum->isalias) { 289 if (!levdatum->level->sens || 290 levdatum->level->sens > p->p_levels.nprim) 291 return -EINVAL; 292 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 293 } 294 295 return 0; 296 } 297 298 static int cat_index(void *key, void *datum, void *datap) 299 { 300 struct policydb *p; 301 struct cat_datum *catdatum; 302 303 catdatum = datum; 304 p = datap; 305 306 if (!catdatum->isalias) { 307 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 308 return -EINVAL; 309 p->p_cat_val_to_name[catdatum->value - 1] = key; 310 } 311 312 return 0; 313 } 314 315 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 316 { 317 common_index, 318 class_index, 319 role_index, 320 type_index, 321 user_index, 322 cond_index_bool, 323 sens_index, 324 cat_index, 325 }; 326 327 /* 328 * Define the common val_to_name array and the class 329 * val_to_name and val_to_struct arrays in a policy 330 * database structure. 331 * 332 * Caller must clean up upon failure. 333 */ 334 static int policydb_index_classes(struct policydb *p) 335 { 336 int rc; 337 338 p->p_common_val_to_name = 339 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 340 if (!p->p_common_val_to_name) { 341 rc = -ENOMEM; 342 goto out; 343 } 344 345 rc = hashtab_map(p->p_commons.table, common_index, p); 346 if (rc) 347 goto out; 348 349 p->class_val_to_struct = 350 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 351 if (!p->class_val_to_struct) { 352 rc = -ENOMEM; 353 goto out; 354 } 355 356 p->p_class_val_to_name = 357 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 358 if (!p->p_class_val_to_name) { 359 rc = -ENOMEM; 360 goto out; 361 } 362 363 rc = hashtab_map(p->p_classes.table, class_index, p); 364 out: 365 return rc; 366 } 367 368 #ifdef DEBUG_HASHES 369 static void symtab_hash_eval(struct symtab *s) 370 { 371 int i; 372 373 for (i = 0; i < SYM_NUM; i++) { 374 struct hashtab *h = s[i].table; 375 struct hashtab_info info; 376 377 hashtab_stat(h, &info); 378 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " 379 "longest chain length %d\n", symtab_name[i], h->nel, 380 info.slots_used, h->size, info.max_chain_len); 381 } 382 } 383 #endif 384 385 /* 386 * Define the other val_to_name and val_to_struct arrays 387 * in a policy database structure. 388 * 389 * Caller must clean up on failure. 390 */ 391 static int policydb_index_others(struct policydb *p) 392 { 393 int i, rc = 0; 394 395 printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", 396 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 397 if (selinux_mls_enabled) 398 printk(", %d sens, %d cats", p->p_levels.nprim, 399 p->p_cats.nprim); 400 printk("\n"); 401 402 printk(KERN_DEBUG "security: %d classes, %d rules\n", 403 p->p_classes.nprim, p->te_avtab.nel); 404 405 #ifdef DEBUG_HASHES 406 avtab_hash_eval(&p->te_avtab, "rules"); 407 symtab_hash_eval(p->symtab); 408 #endif 409 410 p->role_val_to_struct = 411 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 412 GFP_KERNEL); 413 if (!p->role_val_to_struct) { 414 rc = -ENOMEM; 415 goto out; 416 } 417 418 p->user_val_to_struct = 419 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 420 GFP_KERNEL); 421 if (!p->user_val_to_struct) { 422 rc = -ENOMEM; 423 goto out; 424 } 425 426 if (cond_init_bool_indexes(p)) { 427 rc = -ENOMEM; 428 goto out; 429 } 430 431 for (i = SYM_ROLES; i < SYM_NUM; i++) { 432 p->sym_val_to_name[i] = 433 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 434 if (!p->sym_val_to_name[i]) { 435 rc = -ENOMEM; 436 goto out; 437 } 438 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 439 if (rc) 440 goto out; 441 } 442 443 out: 444 return rc; 445 } 446 447 /* 448 * The following *_destroy functions are used to 449 * free any memory allocated for each kind of 450 * symbol data in the policy database. 451 */ 452 453 static int perm_destroy(void *key, void *datum, void *p) 454 { 455 kfree(key); 456 kfree(datum); 457 return 0; 458 } 459 460 static int common_destroy(void *key, void *datum, void *p) 461 { 462 struct common_datum *comdatum; 463 464 kfree(key); 465 comdatum = datum; 466 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 467 hashtab_destroy(comdatum->permissions.table); 468 kfree(datum); 469 return 0; 470 } 471 472 static int cls_destroy(void *key, void *datum, void *p) 473 { 474 struct class_datum *cladatum; 475 struct constraint_node *constraint, *ctemp; 476 struct constraint_expr *e, *etmp; 477 478 kfree(key); 479 cladatum = datum; 480 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 481 hashtab_destroy(cladatum->permissions.table); 482 constraint = cladatum->constraints; 483 while (constraint) { 484 e = constraint->expr; 485 while (e) { 486 ebitmap_destroy(&e->names); 487 etmp = e; 488 e = e->next; 489 kfree(etmp); 490 } 491 ctemp = constraint; 492 constraint = constraint->next; 493 kfree(ctemp); 494 } 495 496 constraint = cladatum->validatetrans; 497 while (constraint) { 498 e = constraint->expr; 499 while (e) { 500 ebitmap_destroy(&e->names); 501 etmp = e; 502 e = e->next; 503 kfree(etmp); 504 } 505 ctemp = constraint; 506 constraint = constraint->next; 507 kfree(ctemp); 508 } 509 510 kfree(cladatum->comkey); 511 kfree(datum); 512 return 0; 513 } 514 515 static int role_destroy(void *key, void *datum, void *p) 516 { 517 struct role_datum *role; 518 519 kfree(key); 520 role = datum; 521 ebitmap_destroy(&role->dominates); 522 ebitmap_destroy(&role->types); 523 kfree(datum); 524 return 0; 525 } 526 527 static int type_destroy(void *key, void *datum, void *p) 528 { 529 kfree(key); 530 kfree(datum); 531 return 0; 532 } 533 534 static int user_destroy(void *key, void *datum, void *p) 535 { 536 struct user_datum *usrdatum; 537 538 kfree(key); 539 usrdatum = datum; 540 ebitmap_destroy(&usrdatum->roles); 541 ebitmap_destroy(&usrdatum->range.level[0].cat); 542 ebitmap_destroy(&usrdatum->range.level[1].cat); 543 ebitmap_destroy(&usrdatum->dfltlevel.cat); 544 kfree(datum); 545 return 0; 546 } 547 548 static int sens_destroy(void *key, void *datum, void *p) 549 { 550 struct level_datum *levdatum; 551 552 kfree(key); 553 levdatum = datum; 554 ebitmap_destroy(&levdatum->level->cat); 555 kfree(levdatum->level); 556 kfree(datum); 557 return 0; 558 } 559 560 static int cat_destroy(void *key, void *datum, void *p) 561 { 562 kfree(key); 563 kfree(datum); 564 return 0; 565 } 566 567 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 568 { 569 common_destroy, 570 cls_destroy, 571 role_destroy, 572 type_destroy, 573 user_destroy, 574 cond_destroy_bool, 575 sens_destroy, 576 cat_destroy, 577 }; 578 579 static void ocontext_destroy(struct ocontext *c, int i) 580 { 581 context_destroy(&c->context[0]); 582 context_destroy(&c->context[1]); 583 if (i == OCON_ISID || i == OCON_FS || 584 i == OCON_NETIF || i == OCON_FSUSE) 585 kfree(c->u.name); 586 kfree(c); 587 } 588 589 /* 590 * Free any memory allocated by a policy database structure. 591 */ 592 void policydb_destroy(struct policydb *p) 593 { 594 struct ocontext *c, *ctmp; 595 struct genfs *g, *gtmp; 596 int i; 597 struct role_allow *ra, *lra = NULL; 598 struct role_trans *tr, *ltr = NULL; 599 struct range_trans *rt, *lrt = NULL; 600 601 for (i = 0; i < SYM_NUM; i++) { 602 cond_resched(); 603 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 604 hashtab_destroy(p->symtab[i].table); 605 } 606 607 for (i = 0; i < SYM_NUM; i++) 608 kfree(p->sym_val_to_name[i]); 609 610 kfree(p->class_val_to_struct); 611 kfree(p->role_val_to_struct); 612 kfree(p->user_val_to_struct); 613 614 avtab_destroy(&p->te_avtab); 615 616 for (i = 0; i < OCON_NUM; i++) { 617 cond_resched(); 618 c = p->ocontexts[i]; 619 while (c) { 620 ctmp = c; 621 c = c->next; 622 ocontext_destroy(ctmp,i); 623 } 624 p->ocontexts[i] = NULL; 625 } 626 627 g = p->genfs; 628 while (g) { 629 cond_resched(); 630 kfree(g->fstype); 631 c = g->head; 632 while (c) { 633 ctmp = c; 634 c = c->next; 635 ocontext_destroy(ctmp,OCON_FSUSE); 636 } 637 gtmp = g; 638 g = g->next; 639 kfree(gtmp); 640 } 641 p->genfs = NULL; 642 643 cond_policydb_destroy(p); 644 645 for (tr = p->role_tr; tr; tr = tr->next) { 646 cond_resched(); 647 kfree(ltr); 648 ltr = tr; 649 } 650 kfree(ltr); 651 652 for (ra = p->role_allow; ra; ra = ra -> next) { 653 cond_resched(); 654 kfree(lra); 655 lra = ra; 656 } 657 kfree(lra); 658 659 for (rt = p->range_tr; rt; rt = rt -> next) { 660 cond_resched(); 661 if (lrt) { 662 ebitmap_destroy(&lrt->target_range.level[0].cat); 663 ebitmap_destroy(&lrt->target_range.level[1].cat); 664 kfree(lrt); 665 } 666 lrt = rt; 667 } 668 if (lrt) { 669 ebitmap_destroy(&lrt->target_range.level[0].cat); 670 ebitmap_destroy(&lrt->target_range.level[1].cat); 671 kfree(lrt); 672 } 673 674 if (p->type_attr_map) { 675 for (i = 0; i < p->p_types.nprim; i++) 676 ebitmap_destroy(&p->type_attr_map[i]); 677 } 678 kfree(p->type_attr_map); 679 680 return; 681 } 682 683 /* 684 * Load the initial SIDs specified in a policy database 685 * structure into a SID table. 686 */ 687 int policydb_load_isids(struct policydb *p, struct sidtab *s) 688 { 689 struct ocontext *head, *c; 690 int rc; 691 692 rc = sidtab_init(s); 693 if (rc) { 694 printk(KERN_ERR "security: out of memory on SID table init\n"); 695 goto out; 696 } 697 698 head = p->ocontexts[OCON_ISID]; 699 for (c = head; c; c = c->next) { 700 if (!c->context[0].user) { 701 printk(KERN_ERR "security: SID %s was never " 702 "defined.\n", c->u.name); 703 rc = -EINVAL; 704 goto out; 705 } 706 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 707 printk(KERN_ERR "security: unable to load initial " 708 "SID %s.\n", c->u.name); 709 rc = -EINVAL; 710 goto out; 711 } 712 } 713 out: 714 return rc; 715 } 716 717 /* 718 * Return 1 if the fields in the security context 719 * structure `c' are valid. Return 0 otherwise. 720 */ 721 int policydb_context_isvalid(struct policydb *p, struct context *c) 722 { 723 struct role_datum *role; 724 struct user_datum *usrdatum; 725 726 if (!c->role || c->role > p->p_roles.nprim) 727 return 0; 728 729 if (!c->user || c->user > p->p_users.nprim) 730 return 0; 731 732 if (!c->type || c->type > p->p_types.nprim) 733 return 0; 734 735 if (c->role != OBJECT_R_VAL) { 736 /* 737 * Role must be authorized for the type. 738 */ 739 role = p->role_val_to_struct[c->role - 1]; 740 if (!ebitmap_get_bit(&role->types, 741 c->type - 1)) 742 /* role may not be associated with type */ 743 return 0; 744 745 /* 746 * User must be authorized for the role. 747 */ 748 usrdatum = p->user_val_to_struct[c->user - 1]; 749 if (!usrdatum) 750 return 0; 751 752 if (!ebitmap_get_bit(&usrdatum->roles, 753 c->role - 1)) 754 /* user may not be associated with role */ 755 return 0; 756 } 757 758 if (!mls_context_isvalid(p, c)) 759 return 0; 760 761 return 1; 762 } 763 764 /* 765 * Read a MLS range structure from a policydb binary 766 * representation file. 767 */ 768 static int mls_read_range_helper(struct mls_range *r, void *fp) 769 { 770 __le32 buf[2]; 771 u32 items; 772 int rc; 773 774 rc = next_entry(buf, fp, sizeof(u32)); 775 if (rc < 0) 776 goto out; 777 778 items = le32_to_cpu(buf[0]); 779 if (items > ARRAY_SIZE(buf)) { 780 printk(KERN_ERR "security: mls: range overflow\n"); 781 rc = -EINVAL; 782 goto out; 783 } 784 rc = next_entry(buf, fp, sizeof(u32) * items); 785 if (rc < 0) { 786 printk(KERN_ERR "security: mls: truncated range\n"); 787 goto out; 788 } 789 r->level[0].sens = le32_to_cpu(buf[0]); 790 if (items > 1) 791 r->level[1].sens = le32_to_cpu(buf[1]); 792 else 793 r->level[1].sens = r->level[0].sens; 794 795 rc = ebitmap_read(&r->level[0].cat, fp); 796 if (rc) { 797 printk(KERN_ERR "security: mls: error reading low " 798 "categories\n"); 799 goto out; 800 } 801 if (items > 1) { 802 rc = ebitmap_read(&r->level[1].cat, fp); 803 if (rc) { 804 printk(KERN_ERR "security: mls: error reading high " 805 "categories\n"); 806 goto bad_high; 807 } 808 } else { 809 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 810 if (rc) { 811 printk(KERN_ERR "security: mls: out of memory\n"); 812 goto bad_high; 813 } 814 } 815 816 rc = 0; 817 out: 818 return rc; 819 bad_high: 820 ebitmap_destroy(&r->level[0].cat); 821 goto out; 822 } 823 824 /* 825 * Read and validate a security context structure 826 * from a policydb binary representation file. 827 */ 828 static int context_read_and_validate(struct context *c, 829 struct policydb *p, 830 void *fp) 831 { 832 __le32 buf[3]; 833 int rc; 834 835 rc = next_entry(buf, fp, sizeof buf); 836 if (rc < 0) { 837 printk(KERN_ERR "security: context truncated\n"); 838 goto out; 839 } 840 c->user = le32_to_cpu(buf[0]); 841 c->role = le32_to_cpu(buf[1]); 842 c->type = le32_to_cpu(buf[2]); 843 if (p->policyvers >= POLICYDB_VERSION_MLS) { 844 if (mls_read_range_helper(&c->range, fp)) { 845 printk(KERN_ERR "security: error reading MLS range of " 846 "context\n"); 847 rc = -EINVAL; 848 goto out; 849 } 850 } 851 852 if (!policydb_context_isvalid(p, c)) { 853 printk(KERN_ERR "security: invalid security context\n"); 854 context_destroy(c); 855 rc = -EINVAL; 856 } 857 out: 858 return rc; 859 } 860 861 /* 862 * The following *_read functions are used to 863 * read the symbol data from a policy database 864 * binary representation file. 865 */ 866 867 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 868 { 869 char *key = NULL; 870 struct perm_datum *perdatum; 871 int rc; 872 __le32 buf[2]; 873 u32 len; 874 875 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 876 if (!perdatum) { 877 rc = -ENOMEM; 878 goto out; 879 } 880 881 rc = next_entry(buf, fp, sizeof buf); 882 if (rc < 0) 883 goto bad; 884 885 len = le32_to_cpu(buf[0]); 886 perdatum->value = le32_to_cpu(buf[1]); 887 888 key = kmalloc(len + 1,GFP_KERNEL); 889 if (!key) { 890 rc = -ENOMEM; 891 goto bad; 892 } 893 rc = next_entry(key, fp, len); 894 if (rc < 0) 895 goto bad; 896 key[len] = 0; 897 898 rc = hashtab_insert(h, key, perdatum); 899 if (rc) 900 goto bad; 901 out: 902 return rc; 903 bad: 904 perm_destroy(key, perdatum, NULL); 905 goto out; 906 } 907 908 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 909 { 910 char *key = NULL; 911 struct common_datum *comdatum; 912 __le32 buf[4]; 913 u32 len, nel; 914 int i, rc; 915 916 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 917 if (!comdatum) { 918 rc = -ENOMEM; 919 goto out; 920 } 921 922 rc = next_entry(buf, fp, sizeof buf); 923 if (rc < 0) 924 goto bad; 925 926 len = le32_to_cpu(buf[0]); 927 comdatum->value = le32_to_cpu(buf[1]); 928 929 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 930 if (rc) 931 goto bad; 932 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 933 nel = le32_to_cpu(buf[3]); 934 935 key = kmalloc(len + 1,GFP_KERNEL); 936 if (!key) { 937 rc = -ENOMEM; 938 goto bad; 939 } 940 rc = next_entry(key, fp, len); 941 if (rc < 0) 942 goto bad; 943 key[len] = 0; 944 945 for (i = 0; i < nel; i++) { 946 rc = perm_read(p, comdatum->permissions.table, fp); 947 if (rc) 948 goto bad; 949 } 950 951 rc = hashtab_insert(h, key, comdatum); 952 if (rc) 953 goto bad; 954 out: 955 return rc; 956 bad: 957 common_destroy(key, comdatum, NULL); 958 goto out; 959 } 960 961 static int read_cons_helper(struct constraint_node **nodep, int ncons, 962 int allowxtarget, void *fp) 963 { 964 struct constraint_node *c, *lc; 965 struct constraint_expr *e, *le; 966 __le32 buf[3]; 967 u32 nexpr; 968 int rc, i, j, depth; 969 970 lc = NULL; 971 for (i = 0; i < ncons; i++) { 972 c = kzalloc(sizeof(*c), GFP_KERNEL); 973 if (!c) 974 return -ENOMEM; 975 976 if (lc) { 977 lc->next = c; 978 } else { 979 *nodep = c; 980 } 981 982 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 983 if (rc < 0) 984 return rc; 985 c->permissions = le32_to_cpu(buf[0]); 986 nexpr = le32_to_cpu(buf[1]); 987 le = NULL; 988 depth = -1; 989 for (j = 0; j < nexpr; j++) { 990 e = kzalloc(sizeof(*e), GFP_KERNEL); 991 if (!e) 992 return -ENOMEM; 993 994 if (le) { 995 le->next = e; 996 } else { 997 c->expr = e; 998 } 999 1000 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1001 if (rc < 0) 1002 return rc; 1003 e->expr_type = le32_to_cpu(buf[0]); 1004 e->attr = le32_to_cpu(buf[1]); 1005 e->op = le32_to_cpu(buf[2]); 1006 1007 switch (e->expr_type) { 1008 case CEXPR_NOT: 1009 if (depth < 0) 1010 return -EINVAL; 1011 break; 1012 case CEXPR_AND: 1013 case CEXPR_OR: 1014 if (depth < 1) 1015 return -EINVAL; 1016 depth--; 1017 break; 1018 case CEXPR_ATTR: 1019 if (depth == (CEXPR_MAXDEPTH - 1)) 1020 return -EINVAL; 1021 depth++; 1022 break; 1023 case CEXPR_NAMES: 1024 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1025 return -EINVAL; 1026 if (depth == (CEXPR_MAXDEPTH - 1)) 1027 return -EINVAL; 1028 depth++; 1029 if (ebitmap_read(&e->names, fp)) 1030 return -EINVAL; 1031 break; 1032 default: 1033 return -EINVAL; 1034 } 1035 le = e; 1036 } 1037 if (depth != 0) 1038 return -EINVAL; 1039 lc = c; 1040 } 1041 1042 return 0; 1043 } 1044 1045 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1046 { 1047 char *key = NULL; 1048 struct class_datum *cladatum; 1049 __le32 buf[6]; 1050 u32 len, len2, ncons, nel; 1051 int i, rc; 1052 1053 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1054 if (!cladatum) { 1055 rc = -ENOMEM; 1056 goto out; 1057 } 1058 1059 rc = next_entry(buf, fp, sizeof(u32)*6); 1060 if (rc < 0) 1061 goto bad; 1062 1063 len = le32_to_cpu(buf[0]); 1064 len2 = le32_to_cpu(buf[1]); 1065 cladatum->value = le32_to_cpu(buf[2]); 1066 1067 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1068 if (rc) 1069 goto bad; 1070 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1071 nel = le32_to_cpu(buf[4]); 1072 1073 ncons = le32_to_cpu(buf[5]); 1074 1075 key = kmalloc(len + 1,GFP_KERNEL); 1076 if (!key) { 1077 rc = -ENOMEM; 1078 goto bad; 1079 } 1080 rc = next_entry(key, fp, len); 1081 if (rc < 0) 1082 goto bad; 1083 key[len] = 0; 1084 1085 if (len2) { 1086 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); 1087 if (!cladatum->comkey) { 1088 rc = -ENOMEM; 1089 goto bad; 1090 } 1091 rc = next_entry(cladatum->comkey, fp, len2); 1092 if (rc < 0) 1093 goto bad; 1094 cladatum->comkey[len2] = 0; 1095 1096 cladatum->comdatum = hashtab_search(p->p_commons.table, 1097 cladatum->comkey); 1098 if (!cladatum->comdatum) { 1099 printk(KERN_ERR "security: unknown common %s\n", 1100 cladatum->comkey); 1101 rc = -EINVAL; 1102 goto bad; 1103 } 1104 } 1105 for (i = 0; i < nel; i++) { 1106 rc = perm_read(p, cladatum->permissions.table, fp); 1107 if (rc) 1108 goto bad; 1109 } 1110 1111 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1112 if (rc) 1113 goto bad; 1114 1115 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1116 /* grab the validatetrans rules */ 1117 rc = next_entry(buf, fp, sizeof(u32)); 1118 if (rc < 0) 1119 goto bad; 1120 ncons = le32_to_cpu(buf[0]); 1121 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1122 if (rc) 1123 goto bad; 1124 } 1125 1126 rc = hashtab_insert(h, key, cladatum); 1127 if (rc) 1128 goto bad; 1129 1130 rc = 0; 1131 out: 1132 return rc; 1133 bad: 1134 cls_destroy(key, cladatum, NULL); 1135 goto out; 1136 } 1137 1138 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1139 { 1140 char *key = NULL; 1141 struct role_datum *role; 1142 int rc; 1143 __le32 buf[2]; 1144 u32 len; 1145 1146 role = kzalloc(sizeof(*role), GFP_KERNEL); 1147 if (!role) { 1148 rc = -ENOMEM; 1149 goto out; 1150 } 1151 1152 rc = next_entry(buf, fp, sizeof buf); 1153 if (rc < 0) 1154 goto bad; 1155 1156 len = le32_to_cpu(buf[0]); 1157 role->value = le32_to_cpu(buf[1]); 1158 1159 key = kmalloc(len + 1,GFP_KERNEL); 1160 if (!key) { 1161 rc = -ENOMEM; 1162 goto bad; 1163 } 1164 rc = next_entry(key, fp, len); 1165 if (rc < 0) 1166 goto bad; 1167 key[len] = 0; 1168 1169 rc = ebitmap_read(&role->dominates, fp); 1170 if (rc) 1171 goto bad; 1172 1173 rc = ebitmap_read(&role->types, fp); 1174 if (rc) 1175 goto bad; 1176 1177 if (strcmp(key, OBJECT_R) == 0) { 1178 if (role->value != OBJECT_R_VAL) { 1179 printk(KERN_ERR "Role %s has wrong value %d\n", 1180 OBJECT_R, role->value); 1181 rc = -EINVAL; 1182 goto bad; 1183 } 1184 rc = 0; 1185 goto bad; 1186 } 1187 1188 rc = hashtab_insert(h, key, role); 1189 if (rc) 1190 goto bad; 1191 out: 1192 return rc; 1193 bad: 1194 role_destroy(key, role, NULL); 1195 goto out; 1196 } 1197 1198 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1199 { 1200 char *key = NULL; 1201 struct type_datum *typdatum; 1202 int rc; 1203 __le32 buf[3]; 1204 u32 len; 1205 1206 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); 1207 if (!typdatum) { 1208 rc = -ENOMEM; 1209 return rc; 1210 } 1211 1212 rc = next_entry(buf, fp, sizeof buf); 1213 if (rc < 0) 1214 goto bad; 1215 1216 len = le32_to_cpu(buf[0]); 1217 typdatum->value = le32_to_cpu(buf[1]); 1218 typdatum->primary = le32_to_cpu(buf[2]); 1219 1220 key = kmalloc(len + 1,GFP_KERNEL); 1221 if (!key) { 1222 rc = -ENOMEM; 1223 goto bad; 1224 } 1225 rc = next_entry(key, fp, len); 1226 if (rc < 0) 1227 goto bad; 1228 key[len] = 0; 1229 1230 rc = hashtab_insert(h, key, typdatum); 1231 if (rc) 1232 goto bad; 1233 out: 1234 return rc; 1235 bad: 1236 type_destroy(key, typdatum, NULL); 1237 goto out; 1238 } 1239 1240 1241 /* 1242 * Read a MLS level structure from a policydb binary 1243 * representation file. 1244 */ 1245 static int mls_read_level(struct mls_level *lp, void *fp) 1246 { 1247 __le32 buf[1]; 1248 int rc; 1249 1250 memset(lp, 0, sizeof(*lp)); 1251 1252 rc = next_entry(buf, fp, sizeof buf); 1253 if (rc < 0) { 1254 printk(KERN_ERR "security: mls: truncated level\n"); 1255 goto bad; 1256 } 1257 lp->sens = le32_to_cpu(buf[0]); 1258 1259 if (ebitmap_read(&lp->cat, fp)) { 1260 printk(KERN_ERR "security: mls: error reading level " 1261 "categories\n"); 1262 goto bad; 1263 } 1264 return 0; 1265 1266 bad: 1267 return -EINVAL; 1268 } 1269 1270 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1271 { 1272 char *key = NULL; 1273 struct user_datum *usrdatum; 1274 int rc; 1275 __le32 buf[2]; 1276 u32 len; 1277 1278 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1279 if (!usrdatum) { 1280 rc = -ENOMEM; 1281 goto out; 1282 } 1283 1284 rc = next_entry(buf, fp, sizeof buf); 1285 if (rc < 0) 1286 goto bad; 1287 1288 len = le32_to_cpu(buf[0]); 1289 usrdatum->value = le32_to_cpu(buf[1]); 1290 1291 key = kmalloc(len + 1,GFP_KERNEL); 1292 if (!key) { 1293 rc = -ENOMEM; 1294 goto bad; 1295 } 1296 rc = next_entry(key, fp, len); 1297 if (rc < 0) 1298 goto bad; 1299 key[len] = 0; 1300 1301 rc = ebitmap_read(&usrdatum->roles, fp); 1302 if (rc) 1303 goto bad; 1304 1305 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1306 rc = mls_read_range_helper(&usrdatum->range, fp); 1307 if (rc) 1308 goto bad; 1309 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1310 if (rc) 1311 goto bad; 1312 } 1313 1314 rc = hashtab_insert(h, key, usrdatum); 1315 if (rc) 1316 goto bad; 1317 out: 1318 return rc; 1319 bad: 1320 user_destroy(key, usrdatum, NULL); 1321 goto out; 1322 } 1323 1324 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1325 { 1326 char *key = NULL; 1327 struct level_datum *levdatum; 1328 int rc; 1329 __le32 buf[2]; 1330 u32 len; 1331 1332 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1333 if (!levdatum) { 1334 rc = -ENOMEM; 1335 goto out; 1336 } 1337 1338 rc = next_entry(buf, fp, sizeof buf); 1339 if (rc < 0) 1340 goto bad; 1341 1342 len = le32_to_cpu(buf[0]); 1343 levdatum->isalias = le32_to_cpu(buf[1]); 1344 1345 key = kmalloc(len + 1,GFP_ATOMIC); 1346 if (!key) { 1347 rc = -ENOMEM; 1348 goto bad; 1349 } 1350 rc = next_entry(key, fp, len); 1351 if (rc < 0) 1352 goto bad; 1353 key[len] = 0; 1354 1355 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1356 if (!levdatum->level) { 1357 rc = -ENOMEM; 1358 goto bad; 1359 } 1360 if (mls_read_level(levdatum->level, fp)) { 1361 rc = -EINVAL; 1362 goto bad; 1363 } 1364 1365 rc = hashtab_insert(h, key, levdatum); 1366 if (rc) 1367 goto bad; 1368 out: 1369 return rc; 1370 bad: 1371 sens_destroy(key, levdatum, NULL); 1372 goto out; 1373 } 1374 1375 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1376 { 1377 char *key = NULL; 1378 struct cat_datum *catdatum; 1379 int rc; 1380 __le32 buf[3]; 1381 u32 len; 1382 1383 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1384 if (!catdatum) { 1385 rc = -ENOMEM; 1386 goto out; 1387 } 1388 1389 rc = next_entry(buf, fp, sizeof buf); 1390 if (rc < 0) 1391 goto bad; 1392 1393 len = le32_to_cpu(buf[0]); 1394 catdatum->value = le32_to_cpu(buf[1]); 1395 catdatum->isalias = le32_to_cpu(buf[2]); 1396 1397 key = kmalloc(len + 1,GFP_ATOMIC); 1398 if (!key) { 1399 rc = -ENOMEM; 1400 goto bad; 1401 } 1402 rc = next_entry(key, fp, len); 1403 if (rc < 0) 1404 goto bad; 1405 key[len] = 0; 1406 1407 rc = hashtab_insert(h, key, catdatum); 1408 if (rc) 1409 goto bad; 1410 out: 1411 return rc; 1412 1413 bad: 1414 cat_destroy(key, catdatum, NULL); 1415 goto out; 1416 } 1417 1418 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1419 { 1420 common_read, 1421 class_read, 1422 role_read, 1423 type_read, 1424 user_read, 1425 cond_read_bool, 1426 sens_read, 1427 cat_read, 1428 }; 1429 1430 extern int ss_initialized; 1431 1432 /* 1433 * Read the configuration data from a policy database binary 1434 * representation file into a policy database structure. 1435 */ 1436 int policydb_read(struct policydb *p, void *fp) 1437 { 1438 struct role_allow *ra, *lra; 1439 struct role_trans *tr, *ltr; 1440 struct ocontext *l, *c, *newc; 1441 struct genfs *genfs_p, *genfs, *newgenfs; 1442 int i, j, rc; 1443 __le32 buf[8]; 1444 u32 len, len2, config, nprim, nel, nel2; 1445 char *policydb_str; 1446 struct policydb_compat_info *info; 1447 struct range_trans *rt, *lrt; 1448 1449 config = 0; 1450 1451 rc = policydb_init(p); 1452 if (rc) 1453 goto out; 1454 1455 /* Read the magic number and string length. */ 1456 rc = next_entry(buf, fp, sizeof(u32)* 2); 1457 if (rc < 0) 1458 goto bad; 1459 1460 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 1461 printk(KERN_ERR "security: policydb magic number 0x%x does " 1462 "not match expected magic number 0x%x\n", 1463 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 1464 goto bad; 1465 } 1466 1467 len = le32_to_cpu(buf[1]); 1468 if (len != strlen(POLICYDB_STRING)) { 1469 printk(KERN_ERR "security: policydb string length %d does not " 1470 "match expected length %Zu\n", 1471 len, strlen(POLICYDB_STRING)); 1472 goto bad; 1473 } 1474 policydb_str = kmalloc(len + 1,GFP_KERNEL); 1475 if (!policydb_str) { 1476 printk(KERN_ERR "security: unable to allocate memory for policydb " 1477 "string of length %d\n", len); 1478 rc = -ENOMEM; 1479 goto bad; 1480 } 1481 rc = next_entry(policydb_str, fp, len); 1482 if (rc < 0) { 1483 printk(KERN_ERR "security: truncated policydb string identifier\n"); 1484 kfree(policydb_str); 1485 goto bad; 1486 } 1487 policydb_str[len] = 0; 1488 if (strcmp(policydb_str, POLICYDB_STRING)) { 1489 printk(KERN_ERR "security: policydb string %s does not match " 1490 "my string %s\n", policydb_str, POLICYDB_STRING); 1491 kfree(policydb_str); 1492 goto bad; 1493 } 1494 /* Done with policydb_str. */ 1495 kfree(policydb_str); 1496 policydb_str = NULL; 1497 1498 /* Read the version, config, and table sizes. */ 1499 rc = next_entry(buf, fp, sizeof(u32)*4); 1500 if (rc < 0) 1501 goto bad; 1502 1503 p->policyvers = le32_to_cpu(buf[0]); 1504 if (p->policyvers < POLICYDB_VERSION_MIN || 1505 p->policyvers > POLICYDB_VERSION_MAX) { 1506 printk(KERN_ERR "security: policydb version %d does not match " 1507 "my version range %d-%d\n", 1508 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1509 goto bad; 1510 } 1511 1512 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1513 if (ss_initialized && !selinux_mls_enabled) { 1514 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1515 "policies\n"); 1516 goto bad; 1517 } 1518 selinux_mls_enabled = 1; 1519 config |= POLICYDB_CONFIG_MLS; 1520 1521 if (p->policyvers < POLICYDB_VERSION_MLS) { 1522 printk(KERN_ERR "security policydb version %d (MLS) " 1523 "not backwards compatible\n", p->policyvers); 1524 goto bad; 1525 } 1526 } else { 1527 if (ss_initialized && selinux_mls_enabled) { 1528 printk(KERN_ERR "Cannot switch between MLS and non-MLS " 1529 "policies\n"); 1530 goto bad; 1531 } 1532 } 1533 1534 info = policydb_lookup_compat(p->policyvers); 1535 if (!info) { 1536 printk(KERN_ERR "security: unable to find policy compat info " 1537 "for version %d\n", p->policyvers); 1538 goto bad; 1539 } 1540 1541 if (le32_to_cpu(buf[2]) != info->sym_num || 1542 le32_to_cpu(buf[3]) != info->ocon_num) { 1543 printk(KERN_ERR "security: policydb table sizes (%d,%d) do " 1544 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 1545 le32_to_cpu(buf[3]), 1546 info->sym_num, info->ocon_num); 1547 goto bad; 1548 } 1549 1550 for (i = 0; i < info->sym_num; i++) { 1551 rc = next_entry(buf, fp, sizeof(u32)*2); 1552 if (rc < 0) 1553 goto bad; 1554 nprim = le32_to_cpu(buf[0]); 1555 nel = le32_to_cpu(buf[1]); 1556 for (j = 0; j < nel; j++) { 1557 rc = read_f[i](p, p->symtab[i].table, fp); 1558 if (rc) 1559 goto bad; 1560 } 1561 1562 p->symtab[i].nprim = nprim; 1563 } 1564 1565 rc = avtab_read(&p->te_avtab, fp, p->policyvers); 1566 if (rc) 1567 goto bad; 1568 1569 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1570 rc = cond_read_list(p, fp); 1571 if (rc) 1572 goto bad; 1573 } 1574 1575 rc = next_entry(buf, fp, sizeof(u32)); 1576 if (rc < 0) 1577 goto bad; 1578 nel = le32_to_cpu(buf[0]); 1579 ltr = NULL; 1580 for (i = 0; i < nel; i++) { 1581 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 1582 if (!tr) { 1583 rc = -ENOMEM; 1584 goto bad; 1585 } 1586 if (ltr) { 1587 ltr->next = tr; 1588 } else { 1589 p->role_tr = tr; 1590 } 1591 rc = next_entry(buf, fp, sizeof(u32)*3); 1592 if (rc < 0) 1593 goto bad; 1594 tr->role = le32_to_cpu(buf[0]); 1595 tr->type = le32_to_cpu(buf[1]); 1596 tr->new_role = le32_to_cpu(buf[2]); 1597 ltr = tr; 1598 } 1599 1600 rc = next_entry(buf, fp, sizeof(u32)); 1601 if (rc < 0) 1602 goto bad; 1603 nel = le32_to_cpu(buf[0]); 1604 lra = NULL; 1605 for (i = 0; i < nel; i++) { 1606 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 1607 if (!ra) { 1608 rc = -ENOMEM; 1609 goto bad; 1610 } 1611 if (lra) { 1612 lra->next = ra; 1613 } else { 1614 p->role_allow = ra; 1615 } 1616 rc = next_entry(buf, fp, sizeof(u32)*2); 1617 if (rc < 0) 1618 goto bad; 1619 ra->role = le32_to_cpu(buf[0]); 1620 ra->new_role = le32_to_cpu(buf[1]); 1621 lra = ra; 1622 } 1623 1624 rc = policydb_index_classes(p); 1625 if (rc) 1626 goto bad; 1627 1628 rc = policydb_index_others(p); 1629 if (rc) 1630 goto bad; 1631 1632 for (i = 0; i < info->ocon_num; i++) { 1633 rc = next_entry(buf, fp, sizeof(u32)); 1634 if (rc < 0) 1635 goto bad; 1636 nel = le32_to_cpu(buf[0]); 1637 l = NULL; 1638 for (j = 0; j < nel; j++) { 1639 c = kzalloc(sizeof(*c), GFP_KERNEL); 1640 if (!c) { 1641 rc = -ENOMEM; 1642 goto bad; 1643 } 1644 if (l) { 1645 l->next = c; 1646 } else { 1647 p->ocontexts[i] = c; 1648 } 1649 l = c; 1650 rc = -EINVAL; 1651 switch (i) { 1652 case OCON_ISID: 1653 rc = next_entry(buf, fp, sizeof(u32)); 1654 if (rc < 0) 1655 goto bad; 1656 c->sid[0] = le32_to_cpu(buf[0]); 1657 rc = context_read_and_validate(&c->context[0], p, fp); 1658 if (rc) 1659 goto bad; 1660 break; 1661 case OCON_FS: 1662 case OCON_NETIF: 1663 rc = next_entry(buf, fp, sizeof(u32)); 1664 if (rc < 0) 1665 goto bad; 1666 len = le32_to_cpu(buf[0]); 1667 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1668 if (!c->u.name) { 1669 rc = -ENOMEM; 1670 goto bad; 1671 } 1672 rc = next_entry(c->u.name, fp, len); 1673 if (rc < 0) 1674 goto bad; 1675 c->u.name[len] = 0; 1676 rc = context_read_and_validate(&c->context[0], p, fp); 1677 if (rc) 1678 goto bad; 1679 rc = context_read_and_validate(&c->context[1], p, fp); 1680 if (rc) 1681 goto bad; 1682 break; 1683 case OCON_PORT: 1684 rc = next_entry(buf, fp, sizeof(u32)*3); 1685 if (rc < 0) 1686 goto bad; 1687 c->u.port.protocol = le32_to_cpu(buf[0]); 1688 c->u.port.low_port = le32_to_cpu(buf[1]); 1689 c->u.port.high_port = le32_to_cpu(buf[2]); 1690 rc = context_read_and_validate(&c->context[0], p, fp); 1691 if (rc) 1692 goto bad; 1693 break; 1694 case OCON_NODE: 1695 rc = next_entry(buf, fp, sizeof(u32)* 2); 1696 if (rc < 0) 1697 goto bad; 1698 c->u.node.addr = le32_to_cpu(buf[0]); 1699 c->u.node.mask = le32_to_cpu(buf[1]); 1700 rc = context_read_and_validate(&c->context[0], p, fp); 1701 if (rc) 1702 goto bad; 1703 break; 1704 case OCON_FSUSE: 1705 rc = next_entry(buf, fp, sizeof(u32)*2); 1706 if (rc < 0) 1707 goto bad; 1708 c->v.behavior = le32_to_cpu(buf[0]); 1709 if (c->v.behavior > SECURITY_FS_USE_NONE) 1710 goto bad; 1711 len = le32_to_cpu(buf[1]); 1712 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1713 if (!c->u.name) { 1714 rc = -ENOMEM; 1715 goto bad; 1716 } 1717 rc = next_entry(c->u.name, fp, len); 1718 if (rc < 0) 1719 goto bad; 1720 c->u.name[len] = 0; 1721 rc = context_read_and_validate(&c->context[0], p, fp); 1722 if (rc) 1723 goto bad; 1724 break; 1725 case OCON_NODE6: { 1726 int k; 1727 1728 rc = next_entry(buf, fp, sizeof(u32) * 8); 1729 if (rc < 0) 1730 goto bad; 1731 for (k = 0; k < 4; k++) 1732 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1733 for (k = 0; k < 4; k++) 1734 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1735 if (context_read_and_validate(&c->context[0], p, fp)) 1736 goto bad; 1737 break; 1738 } 1739 } 1740 } 1741 } 1742 1743 rc = next_entry(buf, fp, sizeof(u32)); 1744 if (rc < 0) 1745 goto bad; 1746 nel = le32_to_cpu(buf[0]); 1747 genfs_p = NULL; 1748 rc = -EINVAL; 1749 for (i = 0; i < nel; i++) { 1750 rc = next_entry(buf, fp, sizeof(u32)); 1751 if (rc < 0) 1752 goto bad; 1753 len = le32_to_cpu(buf[0]); 1754 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 1755 if (!newgenfs) { 1756 rc = -ENOMEM; 1757 goto bad; 1758 } 1759 1760 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1761 if (!newgenfs->fstype) { 1762 rc = -ENOMEM; 1763 kfree(newgenfs); 1764 goto bad; 1765 } 1766 rc = next_entry(newgenfs->fstype, fp, len); 1767 if (rc < 0) { 1768 kfree(newgenfs->fstype); 1769 kfree(newgenfs); 1770 goto bad; 1771 } 1772 newgenfs->fstype[len] = 0; 1773 for (genfs_p = NULL, genfs = p->genfs; genfs; 1774 genfs_p = genfs, genfs = genfs->next) { 1775 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1776 printk(KERN_ERR "security: dup genfs " 1777 "fstype %s\n", newgenfs->fstype); 1778 kfree(newgenfs->fstype); 1779 kfree(newgenfs); 1780 goto bad; 1781 } 1782 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1783 break; 1784 } 1785 newgenfs->next = genfs; 1786 if (genfs_p) 1787 genfs_p->next = newgenfs; 1788 else 1789 p->genfs = newgenfs; 1790 rc = next_entry(buf, fp, sizeof(u32)); 1791 if (rc < 0) 1792 goto bad; 1793 nel2 = le32_to_cpu(buf[0]); 1794 for (j = 0; j < nel2; j++) { 1795 rc = next_entry(buf, fp, sizeof(u32)); 1796 if (rc < 0) 1797 goto bad; 1798 len = le32_to_cpu(buf[0]); 1799 1800 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 1801 if (!newc) { 1802 rc = -ENOMEM; 1803 goto bad; 1804 } 1805 1806 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1807 if (!newc->u.name) { 1808 rc = -ENOMEM; 1809 goto bad_newc; 1810 } 1811 rc = next_entry(newc->u.name, fp, len); 1812 if (rc < 0) 1813 goto bad_newc; 1814 newc->u.name[len] = 0; 1815 rc = next_entry(buf, fp, sizeof(u32)); 1816 if (rc < 0) 1817 goto bad_newc; 1818 newc->v.sclass = le32_to_cpu(buf[0]); 1819 if (context_read_and_validate(&newc->context[0], p, fp)) 1820 goto bad_newc; 1821 for (l = NULL, c = newgenfs->head; c; 1822 l = c, c = c->next) { 1823 if (!strcmp(newc->u.name, c->u.name) && 1824 (!c->v.sclass || !newc->v.sclass || 1825 newc->v.sclass == c->v.sclass)) { 1826 printk(KERN_ERR "security: dup genfs " 1827 "entry (%s,%s)\n", 1828 newgenfs->fstype, c->u.name); 1829 goto bad_newc; 1830 } 1831 len = strlen(newc->u.name); 1832 len2 = strlen(c->u.name); 1833 if (len > len2) 1834 break; 1835 } 1836 1837 newc->next = c; 1838 if (l) 1839 l->next = newc; 1840 else 1841 newgenfs->head = newc; 1842 } 1843 } 1844 1845 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1846 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; 1847 rc = next_entry(buf, fp, sizeof(u32)); 1848 if (rc < 0) 1849 goto bad; 1850 nel = le32_to_cpu(buf[0]); 1851 lrt = NULL; 1852 for (i = 0; i < nel; i++) { 1853 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1854 if (!rt) { 1855 rc = -ENOMEM; 1856 goto bad; 1857 } 1858 if (lrt) 1859 lrt->next = rt; 1860 else 1861 p->range_tr = rt; 1862 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1863 if (rc < 0) 1864 goto bad; 1865 rt->source_type = le32_to_cpu(buf[0]); 1866 rt->target_type = le32_to_cpu(buf[1]); 1867 if (new_rangetr) { 1868 rc = next_entry(buf, fp, sizeof(u32)); 1869 if (rc < 0) 1870 goto bad; 1871 rt->target_class = le32_to_cpu(buf[0]); 1872 } else 1873 rt->target_class = SECCLASS_PROCESS; 1874 rc = mls_read_range_helper(&rt->target_range, fp); 1875 if (rc) 1876 goto bad; 1877 lrt = rt; 1878 } 1879 } 1880 1881 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); 1882 if (!p->type_attr_map) 1883 goto bad; 1884 1885 for (i = 0; i < p->p_types.nprim; i++) { 1886 ebitmap_init(&p->type_attr_map[i]); 1887 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 1888 if (ebitmap_read(&p->type_attr_map[i], fp)) 1889 goto bad; 1890 } 1891 /* add the type itself as the degenerate case */ 1892 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 1893 goto bad; 1894 } 1895 1896 rc = 0; 1897 out: 1898 return rc; 1899 bad_newc: 1900 ocontext_destroy(newc,OCON_FSUSE); 1901 bad: 1902 if (!rc) 1903 rc = -EINVAL; 1904 policydb_destroy(p); 1905 goto out; 1906 } 1907