1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Updated: Hewlett-Packard <paul@paul-moore.com> 17 * 18 * Added support for the policy capability bitmap 19 * 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 23 * This program is free software; you can redistribute it and/or modify 24 * it under the terms of the GNU General Public License as published by 25 * the Free Software Foundation, version 2. 26 */ 27 28 #include <linux/kernel.h> 29 #include <linux/sched.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <linux/errno.h> 33 #include <linux/audit.h> 34 #include <linux/flex_array.h> 35 #include "security.h" 36 37 #include "policydb.h" 38 #include "conditional.h" 39 #include "mls.h" 40 #include "services.h" 41 42 #define _DEBUG_HASHES 43 44 #ifdef DEBUG_HASHES 45 static const char *symtab_name[SYM_NUM] = { 46 "common prefixes", 47 "classes", 48 "roles", 49 "types", 50 "users", 51 "bools", 52 "levels", 53 "categories", 54 }; 55 #endif 56 57 static unsigned int symtab_sizes[SYM_NUM] = { 58 2, 59 32, 60 16, 61 512, 62 128, 63 16, 64 16, 65 16, 66 }; 67 68 struct policydb_compat_info { 69 int version; 70 int sym_num; 71 int ocon_num; 72 }; 73 74 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 75 static struct policydb_compat_info policydb_compat[] = { 76 { 77 .version = POLICYDB_VERSION_BASE, 78 .sym_num = SYM_NUM - 3, 79 .ocon_num = OCON_NUM - 1, 80 }, 81 { 82 .version = POLICYDB_VERSION_BOOL, 83 .sym_num = SYM_NUM - 2, 84 .ocon_num = OCON_NUM - 1, 85 }, 86 { 87 .version = POLICYDB_VERSION_IPV6, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_NUM, 90 }, 91 { 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NUM, 95 }, 96 { 97 .version = POLICYDB_VERSION_MLS, 98 .sym_num = SYM_NUM, 99 .ocon_num = OCON_NUM, 100 }, 101 { 102 .version = POLICYDB_VERSION_AVTAB, 103 .sym_num = SYM_NUM, 104 .ocon_num = OCON_NUM, 105 }, 106 { 107 .version = POLICYDB_VERSION_RANGETRANS, 108 .sym_num = SYM_NUM, 109 .ocon_num = OCON_NUM, 110 }, 111 { 112 .version = POLICYDB_VERSION_POLCAP, 113 .sym_num = SYM_NUM, 114 .ocon_num = OCON_NUM, 115 }, 116 { 117 .version = POLICYDB_VERSION_PERMISSIVE, 118 .sym_num = SYM_NUM, 119 .ocon_num = OCON_NUM, 120 }, 121 { 122 .version = POLICYDB_VERSION_BOUNDARY, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NUM, 125 }, 126 { 127 .version = POLICYDB_VERSION_FILENAME_TRANS, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NUM, 130 }, 131 { 132 .version = POLICYDB_VERSION_ROLETRANS, 133 .sym_num = SYM_NUM, 134 .ocon_num = OCON_NUM, 135 }, 136 { 137 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 138 .sym_num = SYM_NUM, 139 .ocon_num = OCON_NUM, 140 }, 141 { 142 .version = POLICYDB_VERSION_DEFAULT_TYPE, 143 .sym_num = SYM_NUM, 144 .ocon_num = OCON_NUM, 145 }, 146 { 147 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 148 .sym_num = SYM_NUM, 149 .ocon_num = OCON_NUM, 150 }, 151 }; 152 153 static struct policydb_compat_info *policydb_lookup_compat(int version) 154 { 155 int i; 156 struct policydb_compat_info *info = NULL; 157 158 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 159 if (policydb_compat[i].version == version) { 160 info = &policydb_compat[i]; 161 break; 162 } 163 } 164 return info; 165 } 166 167 /* 168 * Initialize the role table. 169 */ 170 static int roles_init(struct policydb *p) 171 { 172 char *key = NULL; 173 int rc; 174 struct role_datum *role; 175 176 rc = -ENOMEM; 177 role = kzalloc(sizeof(*role), GFP_KERNEL); 178 if (!role) 179 goto out; 180 181 rc = -EINVAL; 182 role->value = ++p->p_roles.nprim; 183 if (role->value != OBJECT_R_VAL) 184 goto out; 185 186 rc = -ENOMEM; 187 key = kstrdup(OBJECT_R, GFP_KERNEL); 188 if (!key) 189 goto out; 190 191 rc = hashtab_insert(p->p_roles.table, key, role); 192 if (rc) 193 goto out; 194 195 return 0; 196 out: 197 kfree(key); 198 kfree(role); 199 return rc; 200 } 201 202 static u32 filenametr_hash(struct hashtab *h, const void *k) 203 { 204 const struct filename_trans *ft = k; 205 unsigned long hash; 206 unsigned int byte_num; 207 unsigned char focus; 208 209 hash = ft->stype ^ ft->ttype ^ ft->tclass; 210 211 byte_num = 0; 212 while ((focus = ft->name[byte_num++])) 213 hash = partial_name_hash(focus, hash); 214 return hash & (h->size - 1); 215 } 216 217 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2) 218 { 219 const struct filename_trans *ft1 = k1; 220 const struct filename_trans *ft2 = k2; 221 int v; 222 223 v = ft1->stype - ft2->stype; 224 if (v) 225 return v; 226 227 v = ft1->ttype - ft2->ttype; 228 if (v) 229 return v; 230 231 v = ft1->tclass - ft2->tclass; 232 if (v) 233 return v; 234 235 return strcmp(ft1->name, ft2->name); 236 237 } 238 239 static u32 rangetr_hash(struct hashtab *h, const void *k) 240 { 241 const struct range_trans *key = k; 242 return (key->source_type + (key->target_type << 3) + 243 (key->target_class << 5)) & (h->size - 1); 244 } 245 246 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) 247 { 248 const struct range_trans *key1 = k1, *key2 = k2; 249 int v; 250 251 v = key1->source_type - key2->source_type; 252 if (v) 253 return v; 254 255 v = key1->target_type - key2->target_type; 256 if (v) 257 return v; 258 259 v = key1->target_class - key2->target_class; 260 261 return v; 262 } 263 264 /* 265 * Initialize a policy database structure. 266 */ 267 static int policydb_init(struct policydb *p) 268 { 269 int i, rc; 270 271 memset(p, 0, sizeof(*p)); 272 273 for (i = 0; i < SYM_NUM; i++) { 274 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 275 if (rc) 276 goto out; 277 } 278 279 rc = avtab_init(&p->te_avtab); 280 if (rc) 281 goto out; 282 283 rc = roles_init(p); 284 if (rc) 285 goto out; 286 287 rc = cond_policydb_init(p); 288 if (rc) 289 goto out; 290 291 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 292 if (!p->filename_trans) 293 goto out; 294 295 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 296 if (!p->range_tr) 297 goto out; 298 299 ebitmap_init(&p->filename_trans_ttypes); 300 ebitmap_init(&p->policycaps); 301 ebitmap_init(&p->permissive_map); 302 303 return 0; 304 out: 305 hashtab_destroy(p->filename_trans); 306 hashtab_destroy(p->range_tr); 307 for (i = 0; i < SYM_NUM; i++) 308 hashtab_destroy(p->symtab[i].table); 309 return rc; 310 } 311 312 /* 313 * The following *_index functions are used to 314 * define the val_to_name and val_to_struct arrays 315 * in a policy database structure. The val_to_name 316 * arrays are used when converting security context 317 * structures into string representations. The 318 * val_to_struct arrays are used when the attributes 319 * of a class, role, or user are needed. 320 */ 321 322 static int common_index(void *key, void *datum, void *datap) 323 { 324 struct policydb *p; 325 struct common_datum *comdatum; 326 struct flex_array *fa; 327 328 comdatum = datum; 329 p = datap; 330 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 331 return -EINVAL; 332 333 fa = p->sym_val_to_name[SYM_COMMONS]; 334 if (flex_array_put_ptr(fa, comdatum->value - 1, key, 335 GFP_KERNEL | __GFP_ZERO)) 336 BUG(); 337 return 0; 338 } 339 340 static int class_index(void *key, void *datum, void *datap) 341 { 342 struct policydb *p; 343 struct class_datum *cladatum; 344 struct flex_array *fa; 345 346 cladatum = datum; 347 p = datap; 348 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 349 return -EINVAL; 350 fa = p->sym_val_to_name[SYM_CLASSES]; 351 if (flex_array_put_ptr(fa, cladatum->value - 1, key, 352 GFP_KERNEL | __GFP_ZERO)) 353 BUG(); 354 p->class_val_to_struct[cladatum->value - 1] = cladatum; 355 return 0; 356 } 357 358 static int role_index(void *key, void *datum, void *datap) 359 { 360 struct policydb *p; 361 struct role_datum *role; 362 struct flex_array *fa; 363 364 role = datum; 365 p = datap; 366 if (!role->value 367 || role->value > p->p_roles.nprim 368 || role->bounds > p->p_roles.nprim) 369 return -EINVAL; 370 371 fa = p->sym_val_to_name[SYM_ROLES]; 372 if (flex_array_put_ptr(fa, role->value - 1, key, 373 GFP_KERNEL | __GFP_ZERO)) 374 BUG(); 375 p->role_val_to_struct[role->value - 1] = role; 376 return 0; 377 } 378 379 static int type_index(void *key, void *datum, void *datap) 380 { 381 struct policydb *p; 382 struct type_datum *typdatum; 383 struct flex_array *fa; 384 385 typdatum = datum; 386 p = datap; 387 388 if (typdatum->primary) { 389 if (!typdatum->value 390 || typdatum->value > p->p_types.nprim 391 || typdatum->bounds > p->p_types.nprim) 392 return -EINVAL; 393 fa = p->sym_val_to_name[SYM_TYPES]; 394 if (flex_array_put_ptr(fa, typdatum->value - 1, key, 395 GFP_KERNEL | __GFP_ZERO)) 396 BUG(); 397 398 fa = p->type_val_to_struct_array; 399 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, 400 GFP_KERNEL | __GFP_ZERO)) 401 BUG(); 402 } 403 404 return 0; 405 } 406 407 static int user_index(void *key, void *datum, void *datap) 408 { 409 struct policydb *p; 410 struct user_datum *usrdatum; 411 struct flex_array *fa; 412 413 usrdatum = datum; 414 p = datap; 415 if (!usrdatum->value 416 || usrdatum->value > p->p_users.nprim 417 || usrdatum->bounds > p->p_users.nprim) 418 return -EINVAL; 419 420 fa = p->sym_val_to_name[SYM_USERS]; 421 if (flex_array_put_ptr(fa, usrdatum->value - 1, key, 422 GFP_KERNEL | __GFP_ZERO)) 423 BUG(); 424 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 425 return 0; 426 } 427 428 static int sens_index(void *key, void *datum, void *datap) 429 { 430 struct policydb *p; 431 struct level_datum *levdatum; 432 struct flex_array *fa; 433 434 levdatum = datum; 435 p = datap; 436 437 if (!levdatum->isalias) { 438 if (!levdatum->level->sens || 439 levdatum->level->sens > p->p_levels.nprim) 440 return -EINVAL; 441 fa = p->sym_val_to_name[SYM_LEVELS]; 442 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, 443 GFP_KERNEL | __GFP_ZERO)) 444 BUG(); 445 } 446 447 return 0; 448 } 449 450 static int cat_index(void *key, void *datum, void *datap) 451 { 452 struct policydb *p; 453 struct cat_datum *catdatum; 454 struct flex_array *fa; 455 456 catdatum = datum; 457 p = datap; 458 459 if (!catdatum->isalias) { 460 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 461 return -EINVAL; 462 fa = p->sym_val_to_name[SYM_CATS]; 463 if (flex_array_put_ptr(fa, catdatum->value - 1, key, 464 GFP_KERNEL | __GFP_ZERO)) 465 BUG(); 466 } 467 468 return 0; 469 } 470 471 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 472 { 473 common_index, 474 class_index, 475 role_index, 476 type_index, 477 user_index, 478 cond_index_bool, 479 sens_index, 480 cat_index, 481 }; 482 483 #ifdef DEBUG_HASHES 484 static void hash_eval(struct hashtab *h, const char *hash_name) 485 { 486 struct hashtab_info info; 487 488 hashtab_stat(h, &info); 489 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " 490 "longest chain length %d\n", hash_name, h->nel, 491 info.slots_used, h->size, info.max_chain_len); 492 } 493 494 static void symtab_hash_eval(struct symtab *s) 495 { 496 int i; 497 498 for (i = 0; i < SYM_NUM; i++) 499 hash_eval(s[i].table, symtab_name[i]); 500 } 501 502 #else 503 static inline void hash_eval(struct hashtab *h, char *hash_name) 504 { 505 } 506 #endif 507 508 /* 509 * Define the other val_to_name and val_to_struct arrays 510 * in a policy database structure. 511 * 512 * Caller must clean up on failure. 513 */ 514 static int policydb_index(struct policydb *p) 515 { 516 int i, rc; 517 518 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 519 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 520 if (p->mls_enabled) 521 printk(", %d sens, %d cats", p->p_levels.nprim, 522 p->p_cats.nprim); 523 printk("\n"); 524 525 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", 526 p->p_classes.nprim, p->te_avtab.nel); 527 528 #ifdef DEBUG_HASHES 529 avtab_hash_eval(&p->te_avtab, "rules"); 530 symtab_hash_eval(p->symtab); 531 #endif 532 533 rc = -ENOMEM; 534 p->class_val_to_struct = 535 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), 536 GFP_KERNEL); 537 if (!p->class_val_to_struct) 538 goto out; 539 540 rc = -ENOMEM; 541 p->role_val_to_struct = 542 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 543 GFP_KERNEL); 544 if (!p->role_val_to_struct) 545 goto out; 546 547 rc = -ENOMEM; 548 p->user_val_to_struct = 549 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 550 GFP_KERNEL); 551 if (!p->user_val_to_struct) 552 goto out; 553 554 /* Yes, I want the sizeof the pointer, not the structure */ 555 rc = -ENOMEM; 556 p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), 557 p->p_types.nprim, 558 GFP_KERNEL | __GFP_ZERO); 559 if (!p->type_val_to_struct_array) 560 goto out; 561 562 rc = flex_array_prealloc(p->type_val_to_struct_array, 0, 563 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); 564 if (rc) 565 goto out; 566 567 rc = cond_init_bool_indexes(p); 568 if (rc) 569 goto out; 570 571 for (i = 0; i < SYM_NUM; i++) { 572 rc = -ENOMEM; 573 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), 574 p->symtab[i].nprim, 575 GFP_KERNEL | __GFP_ZERO); 576 if (!p->sym_val_to_name[i]) 577 goto out; 578 579 rc = flex_array_prealloc(p->sym_val_to_name[i], 580 0, p->symtab[i].nprim, 581 GFP_KERNEL | __GFP_ZERO); 582 if (rc) 583 goto out; 584 585 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 586 if (rc) 587 goto out; 588 } 589 rc = 0; 590 out: 591 return rc; 592 } 593 594 /* 595 * The following *_destroy functions are used to 596 * free any memory allocated for each kind of 597 * symbol data in the policy database. 598 */ 599 600 static int perm_destroy(void *key, void *datum, void *p) 601 { 602 kfree(key); 603 kfree(datum); 604 return 0; 605 } 606 607 static int common_destroy(void *key, void *datum, void *p) 608 { 609 struct common_datum *comdatum; 610 611 kfree(key); 612 if (datum) { 613 comdatum = datum; 614 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 615 hashtab_destroy(comdatum->permissions.table); 616 } 617 kfree(datum); 618 return 0; 619 } 620 621 static void constraint_expr_destroy(struct constraint_expr *expr) 622 { 623 if (expr) { 624 ebitmap_destroy(&expr->names); 625 if (expr->type_names) { 626 ebitmap_destroy(&expr->type_names->types); 627 ebitmap_destroy(&expr->type_names->negset); 628 kfree(expr->type_names); 629 } 630 kfree(expr); 631 } 632 } 633 634 static int cls_destroy(void *key, void *datum, void *p) 635 { 636 struct class_datum *cladatum; 637 struct constraint_node *constraint, *ctemp; 638 struct constraint_expr *e, *etmp; 639 640 kfree(key); 641 if (datum) { 642 cladatum = datum; 643 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 644 hashtab_destroy(cladatum->permissions.table); 645 constraint = cladatum->constraints; 646 while (constraint) { 647 e = constraint->expr; 648 while (e) { 649 etmp = e; 650 e = e->next; 651 constraint_expr_destroy(etmp); 652 } 653 ctemp = constraint; 654 constraint = constraint->next; 655 kfree(ctemp); 656 } 657 658 constraint = cladatum->validatetrans; 659 while (constraint) { 660 e = constraint->expr; 661 while (e) { 662 etmp = e; 663 e = e->next; 664 constraint_expr_destroy(etmp); 665 } 666 ctemp = constraint; 667 constraint = constraint->next; 668 kfree(ctemp); 669 } 670 kfree(cladatum->comkey); 671 } 672 kfree(datum); 673 return 0; 674 } 675 676 static int role_destroy(void *key, void *datum, void *p) 677 { 678 struct role_datum *role; 679 680 kfree(key); 681 if (datum) { 682 role = datum; 683 ebitmap_destroy(&role->dominates); 684 ebitmap_destroy(&role->types); 685 } 686 kfree(datum); 687 return 0; 688 } 689 690 static int type_destroy(void *key, void *datum, void *p) 691 { 692 kfree(key); 693 kfree(datum); 694 return 0; 695 } 696 697 static int user_destroy(void *key, void *datum, void *p) 698 { 699 struct user_datum *usrdatum; 700 701 kfree(key); 702 if (datum) { 703 usrdatum = datum; 704 ebitmap_destroy(&usrdatum->roles); 705 ebitmap_destroy(&usrdatum->range.level[0].cat); 706 ebitmap_destroy(&usrdatum->range.level[1].cat); 707 ebitmap_destroy(&usrdatum->dfltlevel.cat); 708 } 709 kfree(datum); 710 return 0; 711 } 712 713 static int sens_destroy(void *key, void *datum, void *p) 714 { 715 struct level_datum *levdatum; 716 717 kfree(key); 718 if (datum) { 719 levdatum = datum; 720 ebitmap_destroy(&levdatum->level->cat); 721 kfree(levdatum->level); 722 } 723 kfree(datum); 724 return 0; 725 } 726 727 static int cat_destroy(void *key, void *datum, void *p) 728 { 729 kfree(key); 730 kfree(datum); 731 return 0; 732 } 733 734 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 735 { 736 common_destroy, 737 cls_destroy, 738 role_destroy, 739 type_destroy, 740 user_destroy, 741 cond_destroy_bool, 742 sens_destroy, 743 cat_destroy, 744 }; 745 746 static int filenametr_destroy(void *key, void *datum, void *p) 747 { 748 struct filename_trans *ft = key; 749 kfree(ft->name); 750 kfree(key); 751 kfree(datum); 752 cond_resched(); 753 return 0; 754 } 755 756 static int range_tr_destroy(void *key, void *datum, void *p) 757 { 758 struct mls_range *rt = datum; 759 kfree(key); 760 ebitmap_destroy(&rt->level[0].cat); 761 ebitmap_destroy(&rt->level[1].cat); 762 kfree(datum); 763 cond_resched(); 764 return 0; 765 } 766 767 static void ocontext_destroy(struct ocontext *c, int i) 768 { 769 if (!c) 770 return; 771 772 context_destroy(&c->context[0]); 773 context_destroy(&c->context[1]); 774 if (i == OCON_ISID || i == OCON_FS || 775 i == OCON_NETIF || i == OCON_FSUSE) 776 kfree(c->u.name); 777 kfree(c); 778 } 779 780 /* 781 * Free any memory allocated by a policy database structure. 782 */ 783 void policydb_destroy(struct policydb *p) 784 { 785 struct ocontext *c, *ctmp; 786 struct genfs *g, *gtmp; 787 int i; 788 struct role_allow *ra, *lra = NULL; 789 struct role_trans *tr, *ltr = NULL; 790 791 for (i = 0; i < SYM_NUM; i++) { 792 cond_resched(); 793 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 794 hashtab_destroy(p->symtab[i].table); 795 } 796 797 for (i = 0; i < SYM_NUM; i++) { 798 if (p->sym_val_to_name[i]) 799 flex_array_free(p->sym_val_to_name[i]); 800 } 801 802 kfree(p->class_val_to_struct); 803 kfree(p->role_val_to_struct); 804 kfree(p->user_val_to_struct); 805 if (p->type_val_to_struct_array) 806 flex_array_free(p->type_val_to_struct_array); 807 808 avtab_destroy(&p->te_avtab); 809 810 for (i = 0; i < OCON_NUM; i++) { 811 cond_resched(); 812 c = p->ocontexts[i]; 813 while (c) { 814 ctmp = c; 815 c = c->next; 816 ocontext_destroy(ctmp, i); 817 } 818 p->ocontexts[i] = NULL; 819 } 820 821 g = p->genfs; 822 while (g) { 823 cond_resched(); 824 kfree(g->fstype); 825 c = g->head; 826 while (c) { 827 ctmp = c; 828 c = c->next; 829 ocontext_destroy(ctmp, OCON_FSUSE); 830 } 831 gtmp = g; 832 g = g->next; 833 kfree(gtmp); 834 } 835 p->genfs = NULL; 836 837 cond_policydb_destroy(p); 838 839 for (tr = p->role_tr; tr; tr = tr->next) { 840 cond_resched(); 841 kfree(ltr); 842 ltr = tr; 843 } 844 kfree(ltr); 845 846 for (ra = p->role_allow; ra; ra = ra->next) { 847 cond_resched(); 848 kfree(lra); 849 lra = ra; 850 } 851 kfree(lra); 852 853 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 854 hashtab_destroy(p->filename_trans); 855 856 hashtab_map(p->range_tr, range_tr_destroy, NULL); 857 hashtab_destroy(p->range_tr); 858 859 if (p->type_attr_map_array) { 860 for (i = 0; i < p->p_types.nprim; i++) { 861 struct ebitmap *e; 862 863 e = flex_array_get(p->type_attr_map_array, i); 864 if (!e) 865 continue; 866 ebitmap_destroy(e); 867 } 868 flex_array_free(p->type_attr_map_array); 869 } 870 871 ebitmap_destroy(&p->filename_trans_ttypes); 872 ebitmap_destroy(&p->policycaps); 873 ebitmap_destroy(&p->permissive_map); 874 875 return; 876 } 877 878 /* 879 * Load the initial SIDs specified in a policy database 880 * structure into a SID table. 881 */ 882 int policydb_load_isids(struct policydb *p, struct sidtab *s) 883 { 884 struct ocontext *head, *c; 885 int rc; 886 887 rc = sidtab_init(s); 888 if (rc) { 889 printk(KERN_ERR "SELinux: out of memory on SID table init\n"); 890 goto out; 891 } 892 893 head = p->ocontexts[OCON_ISID]; 894 for (c = head; c; c = c->next) { 895 rc = -EINVAL; 896 if (!c->context[0].user) { 897 printk(KERN_ERR "SELinux: SID %s was never defined.\n", 898 c->u.name); 899 goto out; 900 } 901 902 rc = sidtab_insert(s, c->sid[0], &c->context[0]); 903 if (rc) { 904 printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", 905 c->u.name); 906 goto out; 907 } 908 } 909 rc = 0; 910 out: 911 return rc; 912 } 913 914 int policydb_class_isvalid(struct policydb *p, unsigned int class) 915 { 916 if (!class || class > p->p_classes.nprim) 917 return 0; 918 return 1; 919 } 920 921 int policydb_role_isvalid(struct policydb *p, unsigned int role) 922 { 923 if (!role || role > p->p_roles.nprim) 924 return 0; 925 return 1; 926 } 927 928 int policydb_type_isvalid(struct policydb *p, unsigned int type) 929 { 930 if (!type || type > p->p_types.nprim) 931 return 0; 932 return 1; 933 } 934 935 /* 936 * Return 1 if the fields in the security context 937 * structure `c' are valid. Return 0 otherwise. 938 */ 939 int policydb_context_isvalid(struct policydb *p, struct context *c) 940 { 941 struct role_datum *role; 942 struct user_datum *usrdatum; 943 944 if (!c->role || c->role > p->p_roles.nprim) 945 return 0; 946 947 if (!c->user || c->user > p->p_users.nprim) 948 return 0; 949 950 if (!c->type || c->type > p->p_types.nprim) 951 return 0; 952 953 if (c->role != OBJECT_R_VAL) { 954 /* 955 * Role must be authorized for the type. 956 */ 957 role = p->role_val_to_struct[c->role - 1]; 958 if (!ebitmap_get_bit(&role->types, c->type - 1)) 959 /* role may not be associated with type */ 960 return 0; 961 962 /* 963 * User must be authorized for the role. 964 */ 965 usrdatum = p->user_val_to_struct[c->user - 1]; 966 if (!usrdatum) 967 return 0; 968 969 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 970 /* user may not be associated with role */ 971 return 0; 972 } 973 974 if (!mls_context_isvalid(p, c)) 975 return 0; 976 977 return 1; 978 } 979 980 /* 981 * Read a MLS range structure from a policydb binary 982 * representation file. 983 */ 984 static int mls_read_range_helper(struct mls_range *r, void *fp) 985 { 986 __le32 buf[2]; 987 u32 items; 988 int rc; 989 990 rc = next_entry(buf, fp, sizeof(u32)); 991 if (rc) 992 goto out; 993 994 rc = -EINVAL; 995 items = le32_to_cpu(buf[0]); 996 if (items > ARRAY_SIZE(buf)) { 997 printk(KERN_ERR "SELinux: mls: range overflow\n"); 998 goto out; 999 } 1000 1001 rc = next_entry(buf, fp, sizeof(u32) * items); 1002 if (rc) { 1003 printk(KERN_ERR "SELinux: mls: truncated range\n"); 1004 goto out; 1005 } 1006 1007 r->level[0].sens = le32_to_cpu(buf[0]); 1008 if (items > 1) 1009 r->level[1].sens = le32_to_cpu(buf[1]); 1010 else 1011 r->level[1].sens = r->level[0].sens; 1012 1013 rc = ebitmap_read(&r->level[0].cat, fp); 1014 if (rc) { 1015 printk(KERN_ERR "SELinux: mls: error reading low categories\n"); 1016 goto out; 1017 } 1018 if (items > 1) { 1019 rc = ebitmap_read(&r->level[1].cat, fp); 1020 if (rc) { 1021 printk(KERN_ERR "SELinux: mls: error reading high categories\n"); 1022 goto bad_high; 1023 } 1024 } else { 1025 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1026 if (rc) { 1027 printk(KERN_ERR "SELinux: mls: out of memory\n"); 1028 goto bad_high; 1029 } 1030 } 1031 1032 return 0; 1033 bad_high: 1034 ebitmap_destroy(&r->level[0].cat); 1035 out: 1036 return rc; 1037 } 1038 1039 /* 1040 * Read and validate a security context structure 1041 * from a policydb binary representation file. 1042 */ 1043 static int context_read_and_validate(struct context *c, 1044 struct policydb *p, 1045 void *fp) 1046 { 1047 __le32 buf[3]; 1048 int rc; 1049 1050 rc = next_entry(buf, fp, sizeof buf); 1051 if (rc) { 1052 printk(KERN_ERR "SELinux: context truncated\n"); 1053 goto out; 1054 } 1055 c->user = le32_to_cpu(buf[0]); 1056 c->role = le32_to_cpu(buf[1]); 1057 c->type = le32_to_cpu(buf[2]); 1058 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1059 rc = mls_read_range_helper(&c->range, fp); 1060 if (rc) { 1061 printk(KERN_ERR "SELinux: error reading MLS range of context\n"); 1062 goto out; 1063 } 1064 } 1065 1066 rc = -EINVAL; 1067 if (!policydb_context_isvalid(p, c)) { 1068 printk(KERN_ERR "SELinux: invalid security context\n"); 1069 context_destroy(c); 1070 goto out; 1071 } 1072 rc = 0; 1073 out: 1074 return rc; 1075 } 1076 1077 /* 1078 * The following *_read functions are used to 1079 * read the symbol data from a policy database 1080 * binary representation file. 1081 */ 1082 1083 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1084 { 1085 int rc; 1086 char *str; 1087 1088 str = kmalloc(len + 1, flags); 1089 if (!str) 1090 return -ENOMEM; 1091 1092 /* it's expected the caller should free the str */ 1093 *strp = str; 1094 1095 rc = next_entry(str, fp, len); 1096 if (rc) 1097 return rc; 1098 1099 str[len] = '\0'; 1100 return 0; 1101 } 1102 1103 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 1104 { 1105 char *key = NULL; 1106 struct perm_datum *perdatum; 1107 int rc; 1108 __le32 buf[2]; 1109 u32 len; 1110 1111 rc = -ENOMEM; 1112 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1113 if (!perdatum) 1114 goto bad; 1115 1116 rc = next_entry(buf, fp, sizeof buf); 1117 if (rc) 1118 goto bad; 1119 1120 len = le32_to_cpu(buf[0]); 1121 perdatum->value = le32_to_cpu(buf[1]); 1122 1123 rc = str_read(&key, GFP_KERNEL, fp, len); 1124 if (rc) 1125 goto bad; 1126 1127 rc = hashtab_insert(h, key, perdatum); 1128 if (rc) 1129 goto bad; 1130 1131 return 0; 1132 bad: 1133 perm_destroy(key, perdatum, NULL); 1134 return rc; 1135 } 1136 1137 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 1138 { 1139 char *key = NULL; 1140 struct common_datum *comdatum; 1141 __le32 buf[4]; 1142 u32 len, nel; 1143 int i, rc; 1144 1145 rc = -ENOMEM; 1146 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1147 if (!comdatum) 1148 goto bad; 1149 1150 rc = next_entry(buf, fp, sizeof buf); 1151 if (rc) 1152 goto bad; 1153 1154 len = le32_to_cpu(buf[0]); 1155 comdatum->value = le32_to_cpu(buf[1]); 1156 1157 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 1158 if (rc) 1159 goto bad; 1160 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1161 nel = le32_to_cpu(buf[3]); 1162 1163 rc = str_read(&key, GFP_KERNEL, fp, len); 1164 if (rc) 1165 goto bad; 1166 1167 for (i = 0; i < nel; i++) { 1168 rc = perm_read(p, comdatum->permissions.table, fp); 1169 if (rc) 1170 goto bad; 1171 } 1172 1173 rc = hashtab_insert(h, key, comdatum); 1174 if (rc) 1175 goto bad; 1176 return 0; 1177 bad: 1178 common_destroy(key, comdatum, NULL); 1179 return rc; 1180 } 1181 1182 static void type_set_init(struct type_set *t) 1183 { 1184 ebitmap_init(&t->types); 1185 ebitmap_init(&t->negset); 1186 } 1187 1188 static int type_set_read(struct type_set *t, void *fp) 1189 { 1190 __le32 buf[1]; 1191 int rc; 1192 1193 if (ebitmap_read(&t->types, fp)) 1194 return -EINVAL; 1195 if (ebitmap_read(&t->negset, fp)) 1196 return -EINVAL; 1197 1198 rc = next_entry(buf, fp, sizeof(u32)); 1199 if (rc < 0) 1200 return -EINVAL; 1201 t->flags = le32_to_cpu(buf[0]); 1202 1203 return 0; 1204 } 1205 1206 1207 static int read_cons_helper(struct policydb *p, 1208 struct constraint_node **nodep, 1209 int ncons, int allowxtarget, void *fp) 1210 { 1211 struct constraint_node *c, *lc; 1212 struct constraint_expr *e, *le; 1213 __le32 buf[3]; 1214 u32 nexpr; 1215 int rc, i, j, depth; 1216 1217 lc = NULL; 1218 for (i = 0; i < ncons; i++) { 1219 c = kzalloc(sizeof(*c), GFP_KERNEL); 1220 if (!c) 1221 return -ENOMEM; 1222 1223 if (lc) 1224 lc->next = c; 1225 else 1226 *nodep = c; 1227 1228 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1229 if (rc) 1230 return rc; 1231 c->permissions = le32_to_cpu(buf[0]); 1232 nexpr = le32_to_cpu(buf[1]); 1233 le = NULL; 1234 depth = -1; 1235 for (j = 0; j < nexpr; j++) { 1236 e = kzalloc(sizeof(*e), GFP_KERNEL); 1237 if (!e) 1238 return -ENOMEM; 1239 1240 if (le) 1241 le->next = e; 1242 else 1243 c->expr = e; 1244 1245 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1246 if (rc) 1247 return rc; 1248 e->expr_type = le32_to_cpu(buf[0]); 1249 e->attr = le32_to_cpu(buf[1]); 1250 e->op = le32_to_cpu(buf[2]); 1251 1252 switch (e->expr_type) { 1253 case CEXPR_NOT: 1254 if (depth < 0) 1255 return -EINVAL; 1256 break; 1257 case CEXPR_AND: 1258 case CEXPR_OR: 1259 if (depth < 1) 1260 return -EINVAL; 1261 depth--; 1262 break; 1263 case CEXPR_ATTR: 1264 if (depth == (CEXPR_MAXDEPTH - 1)) 1265 return -EINVAL; 1266 depth++; 1267 break; 1268 case CEXPR_NAMES: 1269 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1270 return -EINVAL; 1271 if (depth == (CEXPR_MAXDEPTH - 1)) 1272 return -EINVAL; 1273 depth++; 1274 rc = ebitmap_read(&e->names, fp); 1275 if (rc) 1276 return rc; 1277 if (p->policyvers >= 1278 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1279 e->type_names = kzalloc(sizeof 1280 (*e->type_names), 1281 GFP_KERNEL); 1282 if (!e->type_names) 1283 return -ENOMEM; 1284 type_set_init(e->type_names); 1285 rc = type_set_read(e->type_names, fp); 1286 if (rc) 1287 return rc; 1288 } 1289 break; 1290 default: 1291 return -EINVAL; 1292 } 1293 le = e; 1294 } 1295 if (depth != 0) 1296 return -EINVAL; 1297 lc = c; 1298 } 1299 1300 return 0; 1301 } 1302 1303 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 1304 { 1305 char *key = NULL; 1306 struct class_datum *cladatum; 1307 __le32 buf[6]; 1308 u32 len, len2, ncons, nel; 1309 int i, rc; 1310 1311 rc = -ENOMEM; 1312 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1313 if (!cladatum) 1314 goto bad; 1315 1316 rc = next_entry(buf, fp, sizeof(u32)*6); 1317 if (rc) 1318 goto bad; 1319 1320 len = le32_to_cpu(buf[0]); 1321 len2 = le32_to_cpu(buf[1]); 1322 cladatum->value = le32_to_cpu(buf[2]); 1323 1324 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1325 if (rc) 1326 goto bad; 1327 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1328 nel = le32_to_cpu(buf[4]); 1329 1330 ncons = le32_to_cpu(buf[5]); 1331 1332 rc = str_read(&key, GFP_KERNEL, fp, len); 1333 if (rc) 1334 goto bad; 1335 1336 if (len2) { 1337 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1338 if (rc) 1339 goto bad; 1340 1341 rc = -EINVAL; 1342 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); 1343 if (!cladatum->comdatum) { 1344 printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); 1345 goto bad; 1346 } 1347 } 1348 for (i = 0; i < nel; i++) { 1349 rc = perm_read(p, cladatum->permissions.table, fp); 1350 if (rc) 1351 goto bad; 1352 } 1353 1354 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1355 if (rc) 1356 goto bad; 1357 1358 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1359 /* grab the validatetrans rules */ 1360 rc = next_entry(buf, fp, sizeof(u32)); 1361 if (rc) 1362 goto bad; 1363 ncons = le32_to_cpu(buf[0]); 1364 rc = read_cons_helper(p, &cladatum->validatetrans, 1365 ncons, 1, fp); 1366 if (rc) 1367 goto bad; 1368 } 1369 1370 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1371 rc = next_entry(buf, fp, sizeof(u32) * 3); 1372 if (rc) 1373 goto bad; 1374 1375 cladatum->default_user = le32_to_cpu(buf[0]); 1376 cladatum->default_role = le32_to_cpu(buf[1]); 1377 cladatum->default_range = le32_to_cpu(buf[2]); 1378 } 1379 1380 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1381 rc = next_entry(buf, fp, sizeof(u32) * 1); 1382 if (rc) 1383 goto bad; 1384 cladatum->default_type = le32_to_cpu(buf[0]); 1385 } 1386 1387 rc = hashtab_insert(h, key, cladatum); 1388 if (rc) 1389 goto bad; 1390 1391 return 0; 1392 bad: 1393 cls_destroy(key, cladatum, NULL); 1394 return rc; 1395 } 1396 1397 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1398 { 1399 char *key = NULL; 1400 struct role_datum *role; 1401 int rc, to_read = 2; 1402 __le32 buf[3]; 1403 u32 len; 1404 1405 rc = -ENOMEM; 1406 role = kzalloc(sizeof(*role), GFP_KERNEL); 1407 if (!role) 1408 goto bad; 1409 1410 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1411 to_read = 3; 1412 1413 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1414 if (rc) 1415 goto bad; 1416 1417 len = le32_to_cpu(buf[0]); 1418 role->value = le32_to_cpu(buf[1]); 1419 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1420 role->bounds = le32_to_cpu(buf[2]); 1421 1422 rc = str_read(&key, GFP_KERNEL, fp, len); 1423 if (rc) 1424 goto bad; 1425 1426 rc = ebitmap_read(&role->dominates, fp); 1427 if (rc) 1428 goto bad; 1429 1430 rc = ebitmap_read(&role->types, fp); 1431 if (rc) 1432 goto bad; 1433 1434 if (strcmp(key, OBJECT_R) == 0) { 1435 rc = -EINVAL; 1436 if (role->value != OBJECT_R_VAL) { 1437 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", 1438 OBJECT_R, role->value); 1439 goto bad; 1440 } 1441 rc = 0; 1442 goto bad; 1443 } 1444 1445 rc = hashtab_insert(h, key, role); 1446 if (rc) 1447 goto bad; 1448 return 0; 1449 bad: 1450 role_destroy(key, role, NULL); 1451 return rc; 1452 } 1453 1454 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1455 { 1456 char *key = NULL; 1457 struct type_datum *typdatum; 1458 int rc, to_read = 3; 1459 __le32 buf[4]; 1460 u32 len; 1461 1462 rc = -ENOMEM; 1463 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1464 if (!typdatum) 1465 goto bad; 1466 1467 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1468 to_read = 4; 1469 1470 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1471 if (rc) 1472 goto bad; 1473 1474 len = le32_to_cpu(buf[0]); 1475 typdatum->value = le32_to_cpu(buf[1]); 1476 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1477 u32 prop = le32_to_cpu(buf[2]); 1478 1479 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1480 typdatum->primary = 1; 1481 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1482 typdatum->attribute = 1; 1483 1484 typdatum->bounds = le32_to_cpu(buf[3]); 1485 } else { 1486 typdatum->primary = le32_to_cpu(buf[2]); 1487 } 1488 1489 rc = str_read(&key, GFP_KERNEL, fp, len); 1490 if (rc) 1491 goto bad; 1492 1493 rc = hashtab_insert(h, key, typdatum); 1494 if (rc) 1495 goto bad; 1496 return 0; 1497 bad: 1498 type_destroy(key, typdatum, NULL); 1499 return rc; 1500 } 1501 1502 1503 /* 1504 * Read a MLS level structure from a policydb binary 1505 * representation file. 1506 */ 1507 static int mls_read_level(struct mls_level *lp, void *fp) 1508 { 1509 __le32 buf[1]; 1510 int rc; 1511 1512 memset(lp, 0, sizeof(*lp)); 1513 1514 rc = next_entry(buf, fp, sizeof buf); 1515 if (rc) { 1516 printk(KERN_ERR "SELinux: mls: truncated level\n"); 1517 return rc; 1518 } 1519 lp->sens = le32_to_cpu(buf[0]); 1520 1521 rc = ebitmap_read(&lp->cat, fp); 1522 if (rc) { 1523 printk(KERN_ERR "SELinux: mls: error reading level categories\n"); 1524 return rc; 1525 } 1526 return 0; 1527 } 1528 1529 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1530 { 1531 char *key = NULL; 1532 struct user_datum *usrdatum; 1533 int rc, to_read = 2; 1534 __le32 buf[3]; 1535 u32 len; 1536 1537 rc = -ENOMEM; 1538 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1539 if (!usrdatum) 1540 goto bad; 1541 1542 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1543 to_read = 3; 1544 1545 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1546 if (rc) 1547 goto bad; 1548 1549 len = le32_to_cpu(buf[0]); 1550 usrdatum->value = le32_to_cpu(buf[1]); 1551 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1552 usrdatum->bounds = le32_to_cpu(buf[2]); 1553 1554 rc = str_read(&key, GFP_KERNEL, fp, len); 1555 if (rc) 1556 goto bad; 1557 1558 rc = ebitmap_read(&usrdatum->roles, fp); 1559 if (rc) 1560 goto bad; 1561 1562 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1563 rc = mls_read_range_helper(&usrdatum->range, fp); 1564 if (rc) 1565 goto bad; 1566 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1567 if (rc) 1568 goto bad; 1569 } 1570 1571 rc = hashtab_insert(h, key, usrdatum); 1572 if (rc) 1573 goto bad; 1574 return 0; 1575 bad: 1576 user_destroy(key, usrdatum, NULL); 1577 return rc; 1578 } 1579 1580 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1581 { 1582 char *key = NULL; 1583 struct level_datum *levdatum; 1584 int rc; 1585 __le32 buf[2]; 1586 u32 len; 1587 1588 rc = -ENOMEM; 1589 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); 1590 if (!levdatum) 1591 goto bad; 1592 1593 rc = next_entry(buf, fp, sizeof buf); 1594 if (rc) 1595 goto bad; 1596 1597 len = le32_to_cpu(buf[0]); 1598 levdatum->isalias = le32_to_cpu(buf[1]); 1599 1600 rc = str_read(&key, GFP_ATOMIC, fp, len); 1601 if (rc) 1602 goto bad; 1603 1604 rc = -ENOMEM; 1605 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1606 if (!levdatum->level) 1607 goto bad; 1608 1609 rc = mls_read_level(levdatum->level, fp); 1610 if (rc) 1611 goto bad; 1612 1613 rc = hashtab_insert(h, key, levdatum); 1614 if (rc) 1615 goto bad; 1616 return 0; 1617 bad: 1618 sens_destroy(key, levdatum, NULL); 1619 return rc; 1620 } 1621 1622 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1623 { 1624 char *key = NULL; 1625 struct cat_datum *catdatum; 1626 int rc; 1627 __le32 buf[3]; 1628 u32 len; 1629 1630 rc = -ENOMEM; 1631 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); 1632 if (!catdatum) 1633 goto bad; 1634 1635 rc = next_entry(buf, fp, sizeof buf); 1636 if (rc) 1637 goto bad; 1638 1639 len = le32_to_cpu(buf[0]); 1640 catdatum->value = le32_to_cpu(buf[1]); 1641 catdatum->isalias = le32_to_cpu(buf[2]); 1642 1643 rc = str_read(&key, GFP_ATOMIC, fp, len); 1644 if (rc) 1645 goto bad; 1646 1647 rc = hashtab_insert(h, key, catdatum); 1648 if (rc) 1649 goto bad; 1650 return 0; 1651 bad: 1652 cat_destroy(key, catdatum, NULL); 1653 return rc; 1654 } 1655 1656 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1657 { 1658 common_read, 1659 class_read, 1660 role_read, 1661 type_read, 1662 user_read, 1663 cond_read_bool, 1664 sens_read, 1665 cat_read, 1666 }; 1667 1668 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1669 { 1670 struct user_datum *upper, *user; 1671 struct policydb *p = datap; 1672 int depth = 0; 1673 1674 upper = user = datum; 1675 while (upper->bounds) { 1676 struct ebitmap_node *node; 1677 unsigned long bit; 1678 1679 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1680 printk(KERN_ERR "SELinux: user %s: " 1681 "too deep or looped boundary", 1682 (char *) key); 1683 return -EINVAL; 1684 } 1685 1686 upper = p->user_val_to_struct[upper->bounds - 1]; 1687 ebitmap_for_each_positive_bit(&user->roles, node, bit) { 1688 if (ebitmap_get_bit(&upper->roles, bit)) 1689 continue; 1690 1691 printk(KERN_ERR 1692 "SELinux: boundary violated policy: " 1693 "user=%s role=%s bounds=%s\n", 1694 sym_name(p, SYM_USERS, user->value - 1), 1695 sym_name(p, SYM_ROLES, bit), 1696 sym_name(p, SYM_USERS, upper->value - 1)); 1697 1698 return -EINVAL; 1699 } 1700 } 1701 1702 return 0; 1703 } 1704 1705 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1706 { 1707 struct role_datum *upper, *role; 1708 struct policydb *p = datap; 1709 int depth = 0; 1710 1711 upper = role = datum; 1712 while (upper->bounds) { 1713 struct ebitmap_node *node; 1714 unsigned long bit; 1715 1716 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1717 printk(KERN_ERR "SELinux: role %s: " 1718 "too deep or looped bounds\n", 1719 (char *) key); 1720 return -EINVAL; 1721 } 1722 1723 upper = p->role_val_to_struct[upper->bounds - 1]; 1724 ebitmap_for_each_positive_bit(&role->types, node, bit) { 1725 if (ebitmap_get_bit(&upper->types, bit)) 1726 continue; 1727 1728 printk(KERN_ERR 1729 "SELinux: boundary violated policy: " 1730 "role=%s type=%s bounds=%s\n", 1731 sym_name(p, SYM_ROLES, role->value - 1), 1732 sym_name(p, SYM_TYPES, bit), 1733 sym_name(p, SYM_ROLES, upper->value - 1)); 1734 1735 return -EINVAL; 1736 } 1737 } 1738 1739 return 0; 1740 } 1741 1742 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1743 { 1744 struct type_datum *upper; 1745 struct policydb *p = datap; 1746 int depth = 0; 1747 1748 upper = datum; 1749 while (upper->bounds) { 1750 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1751 printk(KERN_ERR "SELinux: type %s: " 1752 "too deep or looped boundary\n", 1753 (char *) key); 1754 return -EINVAL; 1755 } 1756 1757 upper = flex_array_get_ptr(p->type_val_to_struct_array, 1758 upper->bounds - 1); 1759 BUG_ON(!upper); 1760 1761 if (upper->attribute) { 1762 printk(KERN_ERR "SELinux: type %s: " 1763 "bounded by attribute %s", 1764 (char *) key, 1765 sym_name(p, SYM_TYPES, upper->value - 1)); 1766 return -EINVAL; 1767 } 1768 } 1769 1770 return 0; 1771 } 1772 1773 static int policydb_bounds_sanity_check(struct policydb *p) 1774 { 1775 int rc; 1776 1777 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1778 return 0; 1779 1780 rc = hashtab_map(p->p_users.table, 1781 user_bounds_sanity_check, p); 1782 if (rc) 1783 return rc; 1784 1785 rc = hashtab_map(p->p_roles.table, 1786 role_bounds_sanity_check, p); 1787 if (rc) 1788 return rc; 1789 1790 rc = hashtab_map(p->p_types.table, 1791 type_bounds_sanity_check, p); 1792 if (rc) 1793 return rc; 1794 1795 return 0; 1796 } 1797 1798 u16 string_to_security_class(struct policydb *p, const char *name) 1799 { 1800 struct class_datum *cladatum; 1801 1802 cladatum = hashtab_search(p->p_classes.table, name); 1803 if (!cladatum) 1804 return 0; 1805 1806 return cladatum->value; 1807 } 1808 1809 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1810 { 1811 struct class_datum *cladatum; 1812 struct perm_datum *perdatum = NULL; 1813 struct common_datum *comdatum; 1814 1815 if (!tclass || tclass > p->p_classes.nprim) 1816 return 0; 1817 1818 cladatum = p->class_val_to_struct[tclass-1]; 1819 comdatum = cladatum->comdatum; 1820 if (comdatum) 1821 perdatum = hashtab_search(comdatum->permissions.table, 1822 name); 1823 if (!perdatum) 1824 perdatum = hashtab_search(cladatum->permissions.table, 1825 name); 1826 if (!perdatum) 1827 return 0; 1828 1829 return 1U << (perdatum->value-1); 1830 } 1831 1832 static int range_read(struct policydb *p, void *fp) 1833 { 1834 struct range_trans *rt = NULL; 1835 struct mls_range *r = NULL; 1836 int i, rc; 1837 __le32 buf[2]; 1838 u32 nel; 1839 1840 if (p->policyvers < POLICYDB_VERSION_MLS) 1841 return 0; 1842 1843 rc = next_entry(buf, fp, sizeof(u32)); 1844 if (rc) 1845 goto out; 1846 1847 nel = le32_to_cpu(buf[0]); 1848 for (i = 0; i < nel; i++) { 1849 rc = -ENOMEM; 1850 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1851 if (!rt) 1852 goto out; 1853 1854 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1855 if (rc) 1856 goto out; 1857 1858 rt->source_type = le32_to_cpu(buf[0]); 1859 rt->target_type = le32_to_cpu(buf[1]); 1860 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1861 rc = next_entry(buf, fp, sizeof(u32)); 1862 if (rc) 1863 goto out; 1864 rt->target_class = le32_to_cpu(buf[0]); 1865 } else 1866 rt->target_class = p->process_class; 1867 1868 rc = -EINVAL; 1869 if (!policydb_type_isvalid(p, rt->source_type) || 1870 !policydb_type_isvalid(p, rt->target_type) || 1871 !policydb_class_isvalid(p, rt->target_class)) 1872 goto out; 1873 1874 rc = -ENOMEM; 1875 r = kzalloc(sizeof(*r), GFP_KERNEL); 1876 if (!r) 1877 goto out; 1878 1879 rc = mls_read_range_helper(r, fp); 1880 if (rc) 1881 goto out; 1882 1883 rc = -EINVAL; 1884 if (!mls_range_isvalid(p, r)) { 1885 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); 1886 goto out; 1887 } 1888 1889 rc = hashtab_insert(p->range_tr, rt, r); 1890 if (rc) 1891 goto out; 1892 1893 rt = NULL; 1894 r = NULL; 1895 } 1896 hash_eval(p->range_tr, "rangetr"); 1897 rc = 0; 1898 out: 1899 kfree(rt); 1900 kfree(r); 1901 return rc; 1902 } 1903 1904 static int filename_trans_read(struct policydb *p, void *fp) 1905 { 1906 struct filename_trans *ft; 1907 struct filename_trans_datum *otype; 1908 char *name; 1909 u32 nel, len; 1910 __le32 buf[4]; 1911 int rc, i; 1912 1913 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 1914 return 0; 1915 1916 rc = next_entry(buf, fp, sizeof(u32)); 1917 if (rc) 1918 return rc; 1919 nel = le32_to_cpu(buf[0]); 1920 1921 for (i = 0; i < nel; i++) { 1922 ft = NULL; 1923 otype = NULL; 1924 name = NULL; 1925 1926 rc = -ENOMEM; 1927 ft = kzalloc(sizeof(*ft), GFP_KERNEL); 1928 if (!ft) 1929 goto out; 1930 1931 rc = -ENOMEM; 1932 otype = kmalloc(sizeof(*otype), GFP_KERNEL); 1933 if (!otype) 1934 goto out; 1935 1936 /* length of the path component string */ 1937 rc = next_entry(buf, fp, sizeof(u32)); 1938 if (rc) 1939 goto out; 1940 len = le32_to_cpu(buf[0]); 1941 1942 /* path component string */ 1943 rc = str_read(&name, GFP_KERNEL, fp, len); 1944 if (rc) 1945 goto out; 1946 1947 ft->name = name; 1948 1949 rc = next_entry(buf, fp, sizeof(u32) * 4); 1950 if (rc) 1951 goto out; 1952 1953 ft->stype = le32_to_cpu(buf[0]); 1954 ft->ttype = le32_to_cpu(buf[1]); 1955 ft->tclass = le32_to_cpu(buf[2]); 1956 1957 otype->otype = le32_to_cpu(buf[3]); 1958 1959 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1); 1960 if (rc) 1961 goto out; 1962 1963 rc = hashtab_insert(p->filename_trans, ft, otype); 1964 if (rc) { 1965 /* 1966 * Do not return -EEXIST to the caller, or the system 1967 * will not boot. 1968 */ 1969 if (rc != -EEXIST) 1970 goto out; 1971 /* But free memory to avoid memory leak. */ 1972 kfree(ft); 1973 kfree(name); 1974 kfree(otype); 1975 } 1976 } 1977 hash_eval(p->filename_trans, "filenametr"); 1978 return 0; 1979 out: 1980 kfree(ft); 1981 kfree(name); 1982 kfree(otype); 1983 1984 return rc; 1985 } 1986 1987 static int genfs_read(struct policydb *p, void *fp) 1988 { 1989 int i, j, rc; 1990 u32 nel, nel2, len, len2; 1991 __le32 buf[1]; 1992 struct ocontext *l, *c; 1993 struct ocontext *newc = NULL; 1994 struct genfs *genfs_p, *genfs; 1995 struct genfs *newgenfs = NULL; 1996 1997 rc = next_entry(buf, fp, sizeof(u32)); 1998 if (rc) 1999 goto out; 2000 nel = le32_to_cpu(buf[0]); 2001 2002 for (i = 0; i < nel; i++) { 2003 rc = next_entry(buf, fp, sizeof(u32)); 2004 if (rc) 2005 goto out; 2006 len = le32_to_cpu(buf[0]); 2007 2008 rc = -ENOMEM; 2009 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2010 if (!newgenfs) 2011 goto out; 2012 2013 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2014 if (rc) 2015 goto out; 2016 2017 for (genfs_p = NULL, genfs = p->genfs; genfs; 2018 genfs_p = genfs, genfs = genfs->next) { 2019 rc = -EINVAL; 2020 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2021 printk(KERN_ERR "SELinux: dup genfs fstype %s\n", 2022 newgenfs->fstype); 2023 goto out; 2024 } 2025 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2026 break; 2027 } 2028 newgenfs->next = genfs; 2029 if (genfs_p) 2030 genfs_p->next = newgenfs; 2031 else 2032 p->genfs = newgenfs; 2033 genfs = newgenfs; 2034 newgenfs = NULL; 2035 2036 rc = next_entry(buf, fp, sizeof(u32)); 2037 if (rc) 2038 goto out; 2039 2040 nel2 = le32_to_cpu(buf[0]); 2041 for (j = 0; j < nel2; j++) { 2042 rc = next_entry(buf, fp, sizeof(u32)); 2043 if (rc) 2044 goto out; 2045 len = le32_to_cpu(buf[0]); 2046 2047 rc = -ENOMEM; 2048 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2049 if (!newc) 2050 goto out; 2051 2052 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2053 if (rc) 2054 goto out; 2055 2056 rc = next_entry(buf, fp, sizeof(u32)); 2057 if (rc) 2058 goto out; 2059 2060 newc->v.sclass = le32_to_cpu(buf[0]); 2061 rc = context_read_and_validate(&newc->context[0], p, fp); 2062 if (rc) 2063 goto out; 2064 2065 for (l = NULL, c = genfs->head; c; 2066 l = c, c = c->next) { 2067 rc = -EINVAL; 2068 if (!strcmp(newc->u.name, c->u.name) && 2069 (!c->v.sclass || !newc->v.sclass || 2070 newc->v.sclass == c->v.sclass)) { 2071 printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", 2072 genfs->fstype, c->u.name); 2073 goto out; 2074 } 2075 len = strlen(newc->u.name); 2076 len2 = strlen(c->u.name); 2077 if (len > len2) 2078 break; 2079 } 2080 2081 newc->next = c; 2082 if (l) 2083 l->next = newc; 2084 else 2085 genfs->head = newc; 2086 newc = NULL; 2087 } 2088 } 2089 rc = 0; 2090 out: 2091 if (newgenfs) 2092 kfree(newgenfs->fstype); 2093 kfree(newgenfs); 2094 ocontext_destroy(newc, OCON_FSUSE); 2095 2096 return rc; 2097 } 2098 2099 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, 2100 void *fp) 2101 { 2102 int i, j, rc; 2103 u32 nel, len; 2104 __le32 buf[3]; 2105 struct ocontext *l, *c; 2106 u32 nodebuf[8]; 2107 2108 for (i = 0; i < info->ocon_num; i++) { 2109 rc = next_entry(buf, fp, sizeof(u32)); 2110 if (rc) 2111 goto out; 2112 nel = le32_to_cpu(buf[0]); 2113 2114 l = NULL; 2115 for (j = 0; j < nel; j++) { 2116 rc = -ENOMEM; 2117 c = kzalloc(sizeof(*c), GFP_KERNEL); 2118 if (!c) 2119 goto out; 2120 if (l) 2121 l->next = c; 2122 else 2123 p->ocontexts[i] = c; 2124 l = c; 2125 2126 switch (i) { 2127 case OCON_ISID: 2128 rc = next_entry(buf, fp, sizeof(u32)); 2129 if (rc) 2130 goto out; 2131 2132 c->sid[0] = le32_to_cpu(buf[0]); 2133 rc = context_read_and_validate(&c->context[0], p, fp); 2134 if (rc) 2135 goto out; 2136 break; 2137 case OCON_FS: 2138 case OCON_NETIF: 2139 rc = next_entry(buf, fp, sizeof(u32)); 2140 if (rc) 2141 goto out; 2142 len = le32_to_cpu(buf[0]); 2143 2144 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2145 if (rc) 2146 goto out; 2147 2148 rc = context_read_and_validate(&c->context[0], p, fp); 2149 if (rc) 2150 goto out; 2151 rc = context_read_and_validate(&c->context[1], p, fp); 2152 if (rc) 2153 goto out; 2154 break; 2155 case OCON_PORT: 2156 rc = next_entry(buf, fp, sizeof(u32)*3); 2157 if (rc) 2158 goto out; 2159 c->u.port.protocol = le32_to_cpu(buf[0]); 2160 c->u.port.low_port = le32_to_cpu(buf[1]); 2161 c->u.port.high_port = le32_to_cpu(buf[2]); 2162 rc = context_read_and_validate(&c->context[0], p, fp); 2163 if (rc) 2164 goto out; 2165 break; 2166 case OCON_NODE: 2167 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2168 if (rc) 2169 goto out; 2170 c->u.node.addr = nodebuf[0]; /* network order */ 2171 c->u.node.mask = nodebuf[1]; /* network order */ 2172 rc = context_read_and_validate(&c->context[0], p, fp); 2173 if (rc) 2174 goto out; 2175 break; 2176 case OCON_FSUSE: 2177 rc = next_entry(buf, fp, sizeof(u32)*2); 2178 if (rc) 2179 goto out; 2180 2181 rc = -EINVAL; 2182 c->v.behavior = le32_to_cpu(buf[0]); 2183 /* Determined at runtime, not in policy DB. */ 2184 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2185 goto out; 2186 if (c->v.behavior > SECURITY_FS_USE_MAX) 2187 goto out; 2188 2189 len = le32_to_cpu(buf[1]); 2190 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2191 if (rc) 2192 goto out; 2193 2194 rc = context_read_and_validate(&c->context[0], p, fp); 2195 if (rc) 2196 goto out; 2197 break; 2198 case OCON_NODE6: { 2199 int k; 2200 2201 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2202 if (rc) 2203 goto out; 2204 for (k = 0; k < 4; k++) 2205 c->u.node6.addr[k] = nodebuf[k]; 2206 for (k = 0; k < 4; k++) 2207 c->u.node6.mask[k] = nodebuf[k+4]; 2208 rc = context_read_and_validate(&c->context[0], p, fp); 2209 if (rc) 2210 goto out; 2211 break; 2212 } 2213 } 2214 } 2215 } 2216 rc = 0; 2217 out: 2218 return rc; 2219 } 2220 2221 /* 2222 * Read the configuration data from a policy database binary 2223 * representation file into a policy database structure. 2224 */ 2225 int policydb_read(struct policydb *p, void *fp) 2226 { 2227 struct role_allow *ra, *lra; 2228 struct role_trans *tr, *ltr; 2229 int i, j, rc; 2230 __le32 buf[4]; 2231 u32 len, nprim, nel; 2232 2233 char *policydb_str; 2234 struct policydb_compat_info *info; 2235 2236 rc = policydb_init(p); 2237 if (rc) 2238 return rc; 2239 2240 /* Read the magic number and string length. */ 2241 rc = next_entry(buf, fp, sizeof(u32) * 2); 2242 if (rc) 2243 goto bad; 2244 2245 rc = -EINVAL; 2246 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2247 printk(KERN_ERR "SELinux: policydb magic number 0x%x does " 2248 "not match expected magic number 0x%x\n", 2249 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2250 goto bad; 2251 } 2252 2253 rc = -EINVAL; 2254 len = le32_to_cpu(buf[1]); 2255 if (len != strlen(POLICYDB_STRING)) { 2256 printk(KERN_ERR "SELinux: policydb string length %d does not " 2257 "match expected length %Zu\n", 2258 len, strlen(POLICYDB_STRING)); 2259 goto bad; 2260 } 2261 2262 rc = -ENOMEM; 2263 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2264 if (!policydb_str) { 2265 printk(KERN_ERR "SELinux: unable to allocate memory for policydb " 2266 "string of length %d\n", len); 2267 goto bad; 2268 } 2269 2270 rc = next_entry(policydb_str, fp, len); 2271 if (rc) { 2272 printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); 2273 kfree(policydb_str); 2274 goto bad; 2275 } 2276 2277 rc = -EINVAL; 2278 policydb_str[len] = '\0'; 2279 if (strcmp(policydb_str, POLICYDB_STRING)) { 2280 printk(KERN_ERR "SELinux: policydb string %s does not match " 2281 "my string %s\n", policydb_str, POLICYDB_STRING); 2282 kfree(policydb_str); 2283 goto bad; 2284 } 2285 /* Done with policydb_str. */ 2286 kfree(policydb_str); 2287 policydb_str = NULL; 2288 2289 /* Read the version and table sizes. */ 2290 rc = next_entry(buf, fp, sizeof(u32)*4); 2291 if (rc) 2292 goto bad; 2293 2294 rc = -EINVAL; 2295 p->policyvers = le32_to_cpu(buf[0]); 2296 if (p->policyvers < POLICYDB_VERSION_MIN || 2297 p->policyvers > POLICYDB_VERSION_MAX) { 2298 printk(KERN_ERR "SELinux: policydb version %d does not match " 2299 "my version range %d-%d\n", 2300 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 2301 goto bad; 2302 } 2303 2304 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2305 p->mls_enabled = 1; 2306 2307 rc = -EINVAL; 2308 if (p->policyvers < POLICYDB_VERSION_MLS) { 2309 printk(KERN_ERR "SELinux: security policydb version %d " 2310 "(MLS) not backwards compatible\n", 2311 p->policyvers); 2312 goto bad; 2313 } 2314 } 2315 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2316 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2317 2318 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2319 rc = ebitmap_read(&p->policycaps, fp); 2320 if (rc) 2321 goto bad; 2322 } 2323 2324 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2325 rc = ebitmap_read(&p->permissive_map, fp); 2326 if (rc) 2327 goto bad; 2328 } 2329 2330 rc = -EINVAL; 2331 info = policydb_lookup_compat(p->policyvers); 2332 if (!info) { 2333 printk(KERN_ERR "SELinux: unable to find policy compat info " 2334 "for version %d\n", p->policyvers); 2335 goto bad; 2336 } 2337 2338 rc = -EINVAL; 2339 if (le32_to_cpu(buf[2]) != info->sym_num || 2340 le32_to_cpu(buf[3]) != info->ocon_num) { 2341 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " 2342 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), 2343 le32_to_cpu(buf[3]), 2344 info->sym_num, info->ocon_num); 2345 goto bad; 2346 } 2347 2348 for (i = 0; i < info->sym_num; i++) { 2349 rc = next_entry(buf, fp, sizeof(u32)*2); 2350 if (rc) 2351 goto bad; 2352 nprim = le32_to_cpu(buf[0]); 2353 nel = le32_to_cpu(buf[1]); 2354 for (j = 0; j < nel; j++) { 2355 rc = read_f[i](p, p->symtab[i].table, fp); 2356 if (rc) 2357 goto bad; 2358 } 2359 2360 p->symtab[i].nprim = nprim; 2361 } 2362 2363 rc = -EINVAL; 2364 p->process_class = string_to_security_class(p, "process"); 2365 if (!p->process_class) 2366 goto bad; 2367 2368 rc = avtab_read(&p->te_avtab, fp, p); 2369 if (rc) 2370 goto bad; 2371 2372 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2373 rc = cond_read_list(p, fp); 2374 if (rc) 2375 goto bad; 2376 } 2377 2378 rc = next_entry(buf, fp, sizeof(u32)); 2379 if (rc) 2380 goto bad; 2381 nel = le32_to_cpu(buf[0]); 2382 ltr = NULL; 2383 for (i = 0; i < nel; i++) { 2384 rc = -ENOMEM; 2385 tr = kzalloc(sizeof(*tr), GFP_KERNEL); 2386 if (!tr) 2387 goto bad; 2388 if (ltr) 2389 ltr->next = tr; 2390 else 2391 p->role_tr = tr; 2392 rc = next_entry(buf, fp, sizeof(u32)*3); 2393 if (rc) 2394 goto bad; 2395 2396 rc = -EINVAL; 2397 tr->role = le32_to_cpu(buf[0]); 2398 tr->type = le32_to_cpu(buf[1]); 2399 tr->new_role = le32_to_cpu(buf[2]); 2400 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2401 rc = next_entry(buf, fp, sizeof(u32)); 2402 if (rc) 2403 goto bad; 2404 tr->tclass = le32_to_cpu(buf[0]); 2405 } else 2406 tr->tclass = p->process_class; 2407 2408 if (!policydb_role_isvalid(p, tr->role) || 2409 !policydb_type_isvalid(p, tr->type) || 2410 !policydb_class_isvalid(p, tr->tclass) || 2411 !policydb_role_isvalid(p, tr->new_role)) 2412 goto bad; 2413 ltr = tr; 2414 } 2415 2416 rc = next_entry(buf, fp, sizeof(u32)); 2417 if (rc) 2418 goto bad; 2419 nel = le32_to_cpu(buf[0]); 2420 lra = NULL; 2421 for (i = 0; i < nel; i++) { 2422 rc = -ENOMEM; 2423 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2424 if (!ra) 2425 goto bad; 2426 if (lra) 2427 lra->next = ra; 2428 else 2429 p->role_allow = ra; 2430 rc = next_entry(buf, fp, sizeof(u32)*2); 2431 if (rc) 2432 goto bad; 2433 2434 rc = -EINVAL; 2435 ra->role = le32_to_cpu(buf[0]); 2436 ra->new_role = le32_to_cpu(buf[1]); 2437 if (!policydb_role_isvalid(p, ra->role) || 2438 !policydb_role_isvalid(p, ra->new_role)) 2439 goto bad; 2440 lra = ra; 2441 } 2442 2443 rc = filename_trans_read(p, fp); 2444 if (rc) 2445 goto bad; 2446 2447 rc = policydb_index(p); 2448 if (rc) 2449 goto bad; 2450 2451 rc = -EINVAL; 2452 p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); 2453 p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); 2454 if (!p->process_trans_perms) 2455 goto bad; 2456 2457 rc = ocontext_read(p, info, fp); 2458 if (rc) 2459 goto bad; 2460 2461 rc = genfs_read(p, fp); 2462 if (rc) 2463 goto bad; 2464 2465 rc = range_read(p, fp); 2466 if (rc) 2467 goto bad; 2468 2469 rc = -ENOMEM; 2470 p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), 2471 p->p_types.nprim, 2472 GFP_KERNEL | __GFP_ZERO); 2473 if (!p->type_attr_map_array) 2474 goto bad; 2475 2476 /* preallocate so we don't have to worry about the put ever failing */ 2477 rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, 2478 GFP_KERNEL | __GFP_ZERO); 2479 if (rc) 2480 goto bad; 2481 2482 for (i = 0; i < p->p_types.nprim; i++) { 2483 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 2484 2485 BUG_ON(!e); 2486 ebitmap_init(e); 2487 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2488 rc = ebitmap_read(e, fp); 2489 if (rc) 2490 goto bad; 2491 } 2492 /* add the type itself as the degenerate case */ 2493 rc = ebitmap_set_bit(e, i, 1); 2494 if (rc) 2495 goto bad; 2496 } 2497 2498 rc = policydb_bounds_sanity_check(p); 2499 if (rc) 2500 goto bad; 2501 2502 rc = 0; 2503 out: 2504 return rc; 2505 bad: 2506 policydb_destroy(p); 2507 goto out; 2508 } 2509 2510 /* 2511 * Write a MLS level structure to a policydb binary 2512 * representation file. 2513 */ 2514 static int mls_write_level(struct mls_level *l, void *fp) 2515 { 2516 __le32 buf[1]; 2517 int rc; 2518 2519 buf[0] = cpu_to_le32(l->sens); 2520 rc = put_entry(buf, sizeof(u32), 1, fp); 2521 if (rc) 2522 return rc; 2523 2524 rc = ebitmap_write(&l->cat, fp); 2525 if (rc) 2526 return rc; 2527 2528 return 0; 2529 } 2530 2531 /* 2532 * Write a MLS range structure to a policydb binary 2533 * representation file. 2534 */ 2535 static int mls_write_range_helper(struct mls_range *r, void *fp) 2536 { 2537 __le32 buf[3]; 2538 size_t items; 2539 int rc, eq; 2540 2541 eq = mls_level_eq(&r->level[1], &r->level[0]); 2542 2543 if (eq) 2544 items = 2; 2545 else 2546 items = 3; 2547 buf[0] = cpu_to_le32(items-1); 2548 buf[1] = cpu_to_le32(r->level[0].sens); 2549 if (!eq) 2550 buf[2] = cpu_to_le32(r->level[1].sens); 2551 2552 BUG_ON(items > ARRAY_SIZE(buf)); 2553 2554 rc = put_entry(buf, sizeof(u32), items, fp); 2555 if (rc) 2556 return rc; 2557 2558 rc = ebitmap_write(&r->level[0].cat, fp); 2559 if (rc) 2560 return rc; 2561 if (!eq) { 2562 rc = ebitmap_write(&r->level[1].cat, fp); 2563 if (rc) 2564 return rc; 2565 } 2566 2567 return 0; 2568 } 2569 2570 static int sens_write(void *vkey, void *datum, void *ptr) 2571 { 2572 char *key = vkey; 2573 struct level_datum *levdatum = datum; 2574 struct policy_data *pd = ptr; 2575 void *fp = pd->fp; 2576 __le32 buf[2]; 2577 size_t len; 2578 int rc; 2579 2580 len = strlen(key); 2581 buf[0] = cpu_to_le32(len); 2582 buf[1] = cpu_to_le32(levdatum->isalias); 2583 rc = put_entry(buf, sizeof(u32), 2, fp); 2584 if (rc) 2585 return rc; 2586 2587 rc = put_entry(key, 1, len, fp); 2588 if (rc) 2589 return rc; 2590 2591 rc = mls_write_level(levdatum->level, fp); 2592 if (rc) 2593 return rc; 2594 2595 return 0; 2596 } 2597 2598 static int cat_write(void *vkey, void *datum, void *ptr) 2599 { 2600 char *key = vkey; 2601 struct cat_datum *catdatum = datum; 2602 struct policy_data *pd = ptr; 2603 void *fp = pd->fp; 2604 __le32 buf[3]; 2605 size_t len; 2606 int rc; 2607 2608 len = strlen(key); 2609 buf[0] = cpu_to_le32(len); 2610 buf[1] = cpu_to_le32(catdatum->value); 2611 buf[2] = cpu_to_le32(catdatum->isalias); 2612 rc = put_entry(buf, sizeof(u32), 3, fp); 2613 if (rc) 2614 return rc; 2615 2616 rc = put_entry(key, 1, len, fp); 2617 if (rc) 2618 return rc; 2619 2620 return 0; 2621 } 2622 2623 static int role_trans_write(struct policydb *p, void *fp) 2624 { 2625 struct role_trans *r = p->role_tr; 2626 struct role_trans *tr; 2627 u32 buf[3]; 2628 size_t nel; 2629 int rc; 2630 2631 nel = 0; 2632 for (tr = r; tr; tr = tr->next) 2633 nel++; 2634 buf[0] = cpu_to_le32(nel); 2635 rc = put_entry(buf, sizeof(u32), 1, fp); 2636 if (rc) 2637 return rc; 2638 for (tr = r; tr; tr = tr->next) { 2639 buf[0] = cpu_to_le32(tr->role); 2640 buf[1] = cpu_to_le32(tr->type); 2641 buf[2] = cpu_to_le32(tr->new_role); 2642 rc = put_entry(buf, sizeof(u32), 3, fp); 2643 if (rc) 2644 return rc; 2645 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2646 buf[0] = cpu_to_le32(tr->tclass); 2647 rc = put_entry(buf, sizeof(u32), 1, fp); 2648 if (rc) 2649 return rc; 2650 } 2651 } 2652 2653 return 0; 2654 } 2655 2656 static int role_allow_write(struct role_allow *r, void *fp) 2657 { 2658 struct role_allow *ra; 2659 u32 buf[2]; 2660 size_t nel; 2661 int rc; 2662 2663 nel = 0; 2664 for (ra = r; ra; ra = ra->next) 2665 nel++; 2666 buf[0] = cpu_to_le32(nel); 2667 rc = put_entry(buf, sizeof(u32), 1, fp); 2668 if (rc) 2669 return rc; 2670 for (ra = r; ra; ra = ra->next) { 2671 buf[0] = cpu_to_le32(ra->role); 2672 buf[1] = cpu_to_le32(ra->new_role); 2673 rc = put_entry(buf, sizeof(u32), 2, fp); 2674 if (rc) 2675 return rc; 2676 } 2677 return 0; 2678 } 2679 2680 /* 2681 * Write a security context structure 2682 * to a policydb binary representation file. 2683 */ 2684 static int context_write(struct policydb *p, struct context *c, 2685 void *fp) 2686 { 2687 int rc; 2688 __le32 buf[3]; 2689 2690 buf[0] = cpu_to_le32(c->user); 2691 buf[1] = cpu_to_le32(c->role); 2692 buf[2] = cpu_to_le32(c->type); 2693 2694 rc = put_entry(buf, sizeof(u32), 3, fp); 2695 if (rc) 2696 return rc; 2697 2698 rc = mls_write_range_helper(&c->range, fp); 2699 if (rc) 2700 return rc; 2701 2702 return 0; 2703 } 2704 2705 /* 2706 * The following *_write functions are used to 2707 * write the symbol data to a policy database 2708 * binary representation file. 2709 */ 2710 2711 static int perm_write(void *vkey, void *datum, void *fp) 2712 { 2713 char *key = vkey; 2714 struct perm_datum *perdatum = datum; 2715 __le32 buf[2]; 2716 size_t len; 2717 int rc; 2718 2719 len = strlen(key); 2720 buf[0] = cpu_to_le32(len); 2721 buf[1] = cpu_to_le32(perdatum->value); 2722 rc = put_entry(buf, sizeof(u32), 2, fp); 2723 if (rc) 2724 return rc; 2725 2726 rc = put_entry(key, 1, len, fp); 2727 if (rc) 2728 return rc; 2729 2730 return 0; 2731 } 2732 2733 static int common_write(void *vkey, void *datum, void *ptr) 2734 { 2735 char *key = vkey; 2736 struct common_datum *comdatum = datum; 2737 struct policy_data *pd = ptr; 2738 void *fp = pd->fp; 2739 __le32 buf[4]; 2740 size_t len; 2741 int rc; 2742 2743 len = strlen(key); 2744 buf[0] = cpu_to_le32(len); 2745 buf[1] = cpu_to_le32(comdatum->value); 2746 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 2747 buf[3] = cpu_to_le32(comdatum->permissions.table->nel); 2748 rc = put_entry(buf, sizeof(u32), 4, fp); 2749 if (rc) 2750 return rc; 2751 2752 rc = put_entry(key, 1, len, fp); 2753 if (rc) 2754 return rc; 2755 2756 rc = hashtab_map(comdatum->permissions.table, perm_write, fp); 2757 if (rc) 2758 return rc; 2759 2760 return 0; 2761 } 2762 2763 static int type_set_write(struct type_set *t, void *fp) 2764 { 2765 int rc; 2766 __le32 buf[1]; 2767 2768 if (ebitmap_write(&t->types, fp)) 2769 return -EINVAL; 2770 if (ebitmap_write(&t->negset, fp)) 2771 return -EINVAL; 2772 2773 buf[0] = cpu_to_le32(t->flags); 2774 rc = put_entry(buf, sizeof(u32), 1, fp); 2775 if (rc) 2776 return -EINVAL; 2777 2778 return 0; 2779 } 2780 2781 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 2782 void *fp) 2783 { 2784 struct constraint_node *c; 2785 struct constraint_expr *e; 2786 __le32 buf[3]; 2787 u32 nel; 2788 int rc; 2789 2790 for (c = node; c; c = c->next) { 2791 nel = 0; 2792 for (e = c->expr; e; e = e->next) 2793 nel++; 2794 buf[0] = cpu_to_le32(c->permissions); 2795 buf[1] = cpu_to_le32(nel); 2796 rc = put_entry(buf, sizeof(u32), 2, fp); 2797 if (rc) 2798 return rc; 2799 for (e = c->expr; e; e = e->next) { 2800 buf[0] = cpu_to_le32(e->expr_type); 2801 buf[1] = cpu_to_le32(e->attr); 2802 buf[2] = cpu_to_le32(e->op); 2803 rc = put_entry(buf, sizeof(u32), 3, fp); 2804 if (rc) 2805 return rc; 2806 2807 switch (e->expr_type) { 2808 case CEXPR_NAMES: 2809 rc = ebitmap_write(&e->names, fp); 2810 if (rc) 2811 return rc; 2812 if (p->policyvers >= 2813 POLICYDB_VERSION_CONSTRAINT_NAMES) { 2814 rc = type_set_write(e->type_names, fp); 2815 if (rc) 2816 return rc; 2817 } 2818 break; 2819 default: 2820 break; 2821 } 2822 } 2823 } 2824 2825 return 0; 2826 } 2827 2828 static int class_write(void *vkey, void *datum, void *ptr) 2829 { 2830 char *key = vkey; 2831 struct class_datum *cladatum = datum; 2832 struct policy_data *pd = ptr; 2833 void *fp = pd->fp; 2834 struct policydb *p = pd->p; 2835 struct constraint_node *c; 2836 __le32 buf[6]; 2837 u32 ncons; 2838 size_t len, len2; 2839 int rc; 2840 2841 len = strlen(key); 2842 if (cladatum->comkey) 2843 len2 = strlen(cladatum->comkey); 2844 else 2845 len2 = 0; 2846 2847 ncons = 0; 2848 for (c = cladatum->constraints; c; c = c->next) 2849 ncons++; 2850 2851 buf[0] = cpu_to_le32(len); 2852 buf[1] = cpu_to_le32(len2); 2853 buf[2] = cpu_to_le32(cladatum->value); 2854 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 2855 if (cladatum->permissions.table) 2856 buf[4] = cpu_to_le32(cladatum->permissions.table->nel); 2857 else 2858 buf[4] = 0; 2859 buf[5] = cpu_to_le32(ncons); 2860 rc = put_entry(buf, sizeof(u32), 6, fp); 2861 if (rc) 2862 return rc; 2863 2864 rc = put_entry(key, 1, len, fp); 2865 if (rc) 2866 return rc; 2867 2868 if (cladatum->comkey) { 2869 rc = put_entry(cladatum->comkey, 1, len2, fp); 2870 if (rc) 2871 return rc; 2872 } 2873 2874 rc = hashtab_map(cladatum->permissions.table, perm_write, fp); 2875 if (rc) 2876 return rc; 2877 2878 rc = write_cons_helper(p, cladatum->constraints, fp); 2879 if (rc) 2880 return rc; 2881 2882 /* write out the validatetrans rule */ 2883 ncons = 0; 2884 for (c = cladatum->validatetrans; c; c = c->next) 2885 ncons++; 2886 2887 buf[0] = cpu_to_le32(ncons); 2888 rc = put_entry(buf, sizeof(u32), 1, fp); 2889 if (rc) 2890 return rc; 2891 2892 rc = write_cons_helper(p, cladatum->validatetrans, fp); 2893 if (rc) 2894 return rc; 2895 2896 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 2897 buf[0] = cpu_to_le32(cladatum->default_user); 2898 buf[1] = cpu_to_le32(cladatum->default_role); 2899 buf[2] = cpu_to_le32(cladatum->default_range); 2900 2901 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 2902 if (rc) 2903 return rc; 2904 } 2905 2906 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 2907 buf[0] = cpu_to_le32(cladatum->default_type); 2908 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 2909 if (rc) 2910 return rc; 2911 } 2912 2913 return 0; 2914 } 2915 2916 static int role_write(void *vkey, void *datum, void *ptr) 2917 { 2918 char *key = vkey; 2919 struct role_datum *role = datum; 2920 struct policy_data *pd = ptr; 2921 void *fp = pd->fp; 2922 struct policydb *p = pd->p; 2923 __le32 buf[3]; 2924 size_t items, len; 2925 int rc; 2926 2927 len = strlen(key); 2928 items = 0; 2929 buf[items++] = cpu_to_le32(len); 2930 buf[items++] = cpu_to_le32(role->value); 2931 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 2932 buf[items++] = cpu_to_le32(role->bounds); 2933 2934 BUG_ON(items > ARRAY_SIZE(buf)); 2935 2936 rc = put_entry(buf, sizeof(u32), items, fp); 2937 if (rc) 2938 return rc; 2939 2940 rc = put_entry(key, 1, len, fp); 2941 if (rc) 2942 return rc; 2943 2944 rc = ebitmap_write(&role->dominates, fp); 2945 if (rc) 2946 return rc; 2947 2948 rc = ebitmap_write(&role->types, fp); 2949 if (rc) 2950 return rc; 2951 2952 return 0; 2953 } 2954 2955 static int type_write(void *vkey, void *datum, void *ptr) 2956 { 2957 char *key = vkey; 2958 struct type_datum *typdatum = datum; 2959 struct policy_data *pd = ptr; 2960 struct policydb *p = pd->p; 2961 void *fp = pd->fp; 2962 __le32 buf[4]; 2963 int rc; 2964 size_t items, len; 2965 2966 len = strlen(key); 2967 items = 0; 2968 buf[items++] = cpu_to_le32(len); 2969 buf[items++] = cpu_to_le32(typdatum->value); 2970 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 2971 u32 properties = 0; 2972 2973 if (typdatum->primary) 2974 properties |= TYPEDATUM_PROPERTY_PRIMARY; 2975 2976 if (typdatum->attribute) 2977 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 2978 2979 buf[items++] = cpu_to_le32(properties); 2980 buf[items++] = cpu_to_le32(typdatum->bounds); 2981 } else { 2982 buf[items++] = cpu_to_le32(typdatum->primary); 2983 } 2984 BUG_ON(items > ARRAY_SIZE(buf)); 2985 rc = put_entry(buf, sizeof(u32), items, fp); 2986 if (rc) 2987 return rc; 2988 2989 rc = put_entry(key, 1, len, fp); 2990 if (rc) 2991 return rc; 2992 2993 return 0; 2994 } 2995 2996 static int user_write(void *vkey, void *datum, void *ptr) 2997 { 2998 char *key = vkey; 2999 struct user_datum *usrdatum = datum; 3000 struct policy_data *pd = ptr; 3001 struct policydb *p = pd->p; 3002 void *fp = pd->fp; 3003 __le32 buf[3]; 3004 size_t items, len; 3005 int rc; 3006 3007 len = strlen(key); 3008 items = 0; 3009 buf[items++] = cpu_to_le32(len); 3010 buf[items++] = cpu_to_le32(usrdatum->value); 3011 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3012 buf[items++] = cpu_to_le32(usrdatum->bounds); 3013 BUG_ON(items > ARRAY_SIZE(buf)); 3014 rc = put_entry(buf, sizeof(u32), items, fp); 3015 if (rc) 3016 return rc; 3017 3018 rc = put_entry(key, 1, len, fp); 3019 if (rc) 3020 return rc; 3021 3022 rc = ebitmap_write(&usrdatum->roles, fp); 3023 if (rc) 3024 return rc; 3025 3026 rc = mls_write_range_helper(&usrdatum->range, fp); 3027 if (rc) 3028 return rc; 3029 3030 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3031 if (rc) 3032 return rc; 3033 3034 return 0; 3035 } 3036 3037 static int (*write_f[SYM_NUM]) (void *key, void *datum, 3038 void *datap) = 3039 { 3040 common_write, 3041 class_write, 3042 role_write, 3043 type_write, 3044 user_write, 3045 cond_write_bool, 3046 sens_write, 3047 cat_write, 3048 }; 3049 3050 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, 3051 void *fp) 3052 { 3053 unsigned int i, j, rc; 3054 size_t nel, len; 3055 __le32 buf[3]; 3056 u32 nodebuf[8]; 3057 struct ocontext *c; 3058 for (i = 0; i < info->ocon_num; i++) { 3059 nel = 0; 3060 for (c = p->ocontexts[i]; c; c = c->next) 3061 nel++; 3062 buf[0] = cpu_to_le32(nel); 3063 rc = put_entry(buf, sizeof(u32), 1, fp); 3064 if (rc) 3065 return rc; 3066 for (c = p->ocontexts[i]; c; c = c->next) { 3067 switch (i) { 3068 case OCON_ISID: 3069 buf[0] = cpu_to_le32(c->sid[0]); 3070 rc = put_entry(buf, sizeof(u32), 1, fp); 3071 if (rc) 3072 return rc; 3073 rc = context_write(p, &c->context[0], fp); 3074 if (rc) 3075 return rc; 3076 break; 3077 case OCON_FS: 3078 case OCON_NETIF: 3079 len = strlen(c->u.name); 3080 buf[0] = cpu_to_le32(len); 3081 rc = put_entry(buf, sizeof(u32), 1, fp); 3082 if (rc) 3083 return rc; 3084 rc = put_entry(c->u.name, 1, len, fp); 3085 if (rc) 3086 return rc; 3087 rc = context_write(p, &c->context[0], fp); 3088 if (rc) 3089 return rc; 3090 rc = context_write(p, &c->context[1], fp); 3091 if (rc) 3092 return rc; 3093 break; 3094 case OCON_PORT: 3095 buf[0] = cpu_to_le32(c->u.port.protocol); 3096 buf[1] = cpu_to_le32(c->u.port.low_port); 3097 buf[2] = cpu_to_le32(c->u.port.high_port); 3098 rc = put_entry(buf, sizeof(u32), 3, fp); 3099 if (rc) 3100 return rc; 3101 rc = context_write(p, &c->context[0], fp); 3102 if (rc) 3103 return rc; 3104 break; 3105 case OCON_NODE: 3106 nodebuf[0] = c->u.node.addr; /* network order */ 3107 nodebuf[1] = c->u.node.mask; /* network order */ 3108 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3109 if (rc) 3110 return rc; 3111 rc = context_write(p, &c->context[0], fp); 3112 if (rc) 3113 return rc; 3114 break; 3115 case OCON_FSUSE: 3116 buf[0] = cpu_to_le32(c->v.behavior); 3117 len = strlen(c->u.name); 3118 buf[1] = cpu_to_le32(len); 3119 rc = put_entry(buf, sizeof(u32), 2, fp); 3120 if (rc) 3121 return rc; 3122 rc = put_entry(c->u.name, 1, len, fp); 3123 if (rc) 3124 return rc; 3125 rc = context_write(p, &c->context[0], fp); 3126 if (rc) 3127 return rc; 3128 break; 3129 case OCON_NODE6: 3130 for (j = 0; j < 4; j++) 3131 nodebuf[j] = c->u.node6.addr[j]; /* network order */ 3132 for (j = 0; j < 4; j++) 3133 nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ 3134 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3135 if (rc) 3136 return rc; 3137 rc = context_write(p, &c->context[0], fp); 3138 if (rc) 3139 return rc; 3140 break; 3141 } 3142 } 3143 } 3144 return 0; 3145 } 3146 3147 static int genfs_write(struct policydb *p, void *fp) 3148 { 3149 struct genfs *genfs; 3150 struct ocontext *c; 3151 size_t len; 3152 __le32 buf[1]; 3153 int rc; 3154 3155 len = 0; 3156 for (genfs = p->genfs; genfs; genfs = genfs->next) 3157 len++; 3158 buf[0] = cpu_to_le32(len); 3159 rc = put_entry(buf, sizeof(u32), 1, fp); 3160 if (rc) 3161 return rc; 3162 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3163 len = strlen(genfs->fstype); 3164 buf[0] = cpu_to_le32(len); 3165 rc = put_entry(buf, sizeof(u32), 1, fp); 3166 if (rc) 3167 return rc; 3168 rc = put_entry(genfs->fstype, 1, len, fp); 3169 if (rc) 3170 return rc; 3171 len = 0; 3172 for (c = genfs->head; c; c = c->next) 3173 len++; 3174 buf[0] = cpu_to_le32(len); 3175 rc = put_entry(buf, sizeof(u32), 1, fp); 3176 if (rc) 3177 return rc; 3178 for (c = genfs->head; c; c = c->next) { 3179 len = strlen(c->u.name); 3180 buf[0] = cpu_to_le32(len); 3181 rc = put_entry(buf, sizeof(u32), 1, fp); 3182 if (rc) 3183 return rc; 3184 rc = put_entry(c->u.name, 1, len, fp); 3185 if (rc) 3186 return rc; 3187 buf[0] = cpu_to_le32(c->v.sclass); 3188 rc = put_entry(buf, sizeof(u32), 1, fp); 3189 if (rc) 3190 return rc; 3191 rc = context_write(p, &c->context[0], fp); 3192 if (rc) 3193 return rc; 3194 } 3195 } 3196 return 0; 3197 } 3198 3199 static int hashtab_cnt(void *key, void *data, void *ptr) 3200 { 3201 int *cnt = ptr; 3202 *cnt = *cnt + 1; 3203 3204 return 0; 3205 } 3206 3207 static int range_write_helper(void *key, void *data, void *ptr) 3208 { 3209 __le32 buf[2]; 3210 struct range_trans *rt = key; 3211 struct mls_range *r = data; 3212 struct policy_data *pd = ptr; 3213 void *fp = pd->fp; 3214 struct policydb *p = pd->p; 3215 int rc; 3216 3217 buf[0] = cpu_to_le32(rt->source_type); 3218 buf[1] = cpu_to_le32(rt->target_type); 3219 rc = put_entry(buf, sizeof(u32), 2, fp); 3220 if (rc) 3221 return rc; 3222 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3223 buf[0] = cpu_to_le32(rt->target_class); 3224 rc = put_entry(buf, sizeof(u32), 1, fp); 3225 if (rc) 3226 return rc; 3227 } 3228 rc = mls_write_range_helper(r, fp); 3229 if (rc) 3230 return rc; 3231 3232 return 0; 3233 } 3234 3235 static int range_write(struct policydb *p, void *fp) 3236 { 3237 __le32 buf[1]; 3238 int rc, nel; 3239 struct policy_data pd; 3240 3241 pd.p = p; 3242 pd.fp = fp; 3243 3244 /* count the number of entries in the hashtab */ 3245 nel = 0; 3246 rc = hashtab_map(p->range_tr, hashtab_cnt, &nel); 3247 if (rc) 3248 return rc; 3249 3250 buf[0] = cpu_to_le32(nel); 3251 rc = put_entry(buf, sizeof(u32), 1, fp); 3252 if (rc) 3253 return rc; 3254 3255 /* actually write all of the entries */ 3256 rc = hashtab_map(p->range_tr, range_write_helper, &pd); 3257 if (rc) 3258 return rc; 3259 3260 return 0; 3261 } 3262 3263 static int filename_write_helper(void *key, void *data, void *ptr) 3264 { 3265 __le32 buf[4]; 3266 struct filename_trans *ft = key; 3267 struct filename_trans_datum *otype = data; 3268 void *fp = ptr; 3269 int rc; 3270 u32 len; 3271 3272 len = strlen(ft->name); 3273 buf[0] = cpu_to_le32(len); 3274 rc = put_entry(buf, sizeof(u32), 1, fp); 3275 if (rc) 3276 return rc; 3277 3278 rc = put_entry(ft->name, sizeof(char), len, fp); 3279 if (rc) 3280 return rc; 3281 3282 buf[0] = cpu_to_le32(ft->stype); 3283 buf[1] = cpu_to_le32(ft->ttype); 3284 buf[2] = cpu_to_le32(ft->tclass); 3285 buf[3] = cpu_to_le32(otype->otype); 3286 3287 rc = put_entry(buf, sizeof(u32), 4, fp); 3288 if (rc) 3289 return rc; 3290 3291 return 0; 3292 } 3293 3294 static int filename_trans_write(struct policydb *p, void *fp) 3295 { 3296 u32 nel; 3297 __le32 buf[1]; 3298 int rc; 3299 3300 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3301 return 0; 3302 3303 nel = 0; 3304 rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); 3305 if (rc) 3306 return rc; 3307 3308 buf[0] = cpu_to_le32(nel); 3309 rc = put_entry(buf, sizeof(u32), 1, fp); 3310 if (rc) 3311 return rc; 3312 3313 rc = hashtab_map(p->filename_trans, filename_write_helper, fp); 3314 if (rc) 3315 return rc; 3316 3317 return 0; 3318 } 3319 3320 /* 3321 * Write the configuration data in a policy database 3322 * structure to a policy database binary representation 3323 * file. 3324 */ 3325 int policydb_write(struct policydb *p, void *fp) 3326 { 3327 unsigned int i, num_syms; 3328 int rc; 3329 __le32 buf[4]; 3330 u32 config; 3331 size_t len; 3332 struct policydb_compat_info *info; 3333 3334 /* 3335 * refuse to write policy older than compressed avtab 3336 * to simplify the writer. There are other tests dropped 3337 * since we assume this throughout the writer code. Be 3338 * careful if you ever try to remove this restriction 3339 */ 3340 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3341 printk(KERN_ERR "SELinux: refusing to write policy version %d." 3342 " Because it is less than version %d\n", p->policyvers, 3343 POLICYDB_VERSION_AVTAB); 3344 return -EINVAL; 3345 } 3346 3347 config = 0; 3348 if (p->mls_enabled) 3349 config |= POLICYDB_CONFIG_MLS; 3350 3351 if (p->reject_unknown) 3352 config |= REJECT_UNKNOWN; 3353 if (p->allow_unknown) 3354 config |= ALLOW_UNKNOWN; 3355 3356 /* Write the magic number and string identifiers. */ 3357 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3358 len = strlen(POLICYDB_STRING); 3359 buf[1] = cpu_to_le32(len); 3360 rc = put_entry(buf, sizeof(u32), 2, fp); 3361 if (rc) 3362 return rc; 3363 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3364 if (rc) 3365 return rc; 3366 3367 /* Write the version, config, and table sizes. */ 3368 info = policydb_lookup_compat(p->policyvers); 3369 if (!info) { 3370 printk(KERN_ERR "SELinux: compatibility lookup failed for policy " 3371 "version %d", p->policyvers); 3372 return -EINVAL; 3373 } 3374 3375 buf[0] = cpu_to_le32(p->policyvers); 3376 buf[1] = cpu_to_le32(config); 3377 buf[2] = cpu_to_le32(info->sym_num); 3378 buf[3] = cpu_to_le32(info->ocon_num); 3379 3380 rc = put_entry(buf, sizeof(u32), 4, fp); 3381 if (rc) 3382 return rc; 3383 3384 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3385 rc = ebitmap_write(&p->policycaps, fp); 3386 if (rc) 3387 return rc; 3388 } 3389 3390 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3391 rc = ebitmap_write(&p->permissive_map, fp); 3392 if (rc) 3393 return rc; 3394 } 3395 3396 num_syms = info->sym_num; 3397 for (i = 0; i < num_syms; i++) { 3398 struct policy_data pd; 3399 3400 pd.fp = fp; 3401 pd.p = p; 3402 3403 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3404 buf[1] = cpu_to_le32(p->symtab[i].table->nel); 3405 3406 rc = put_entry(buf, sizeof(u32), 2, fp); 3407 if (rc) 3408 return rc; 3409 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd); 3410 if (rc) 3411 return rc; 3412 } 3413 3414 rc = avtab_write(p, &p->te_avtab, fp); 3415 if (rc) 3416 return rc; 3417 3418 rc = cond_write_list(p, p->cond_list, fp); 3419 if (rc) 3420 return rc; 3421 3422 rc = role_trans_write(p, fp); 3423 if (rc) 3424 return rc; 3425 3426 rc = role_allow_write(p->role_allow, fp); 3427 if (rc) 3428 return rc; 3429 3430 rc = filename_trans_write(p, fp); 3431 if (rc) 3432 return rc; 3433 3434 rc = ocontext_write(p, info, fp); 3435 if (rc) 3436 return rc; 3437 3438 rc = genfs_write(p, fp); 3439 if (rc) 3440 return rc; 3441 3442 rc = range_write(p, fp); 3443 if (rc) 3444 return rc; 3445 3446 for (i = 0; i < p->p_types.nprim; i++) { 3447 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i); 3448 3449 BUG_ON(!e); 3450 rc = ebitmap_write(e, fp); 3451 if (rc) 3452 return rc; 3453 } 3454 3455 return 0; 3456 } 3457