1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Implementation of the policy database. 4 * 5 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 6 */ 7 8 /* 9 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 10 * Support for enhanced MLS infrastructure. 11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 12 * 13 * Updated: Frank Mayer <mayerf@tresys.com> and 14 * Karl MacMillan <kmacmillan@tresys.com> 15 * Added conditional policy language extensions 16 * Copyright (C) 2003-2004 Tresys Technology, LLC 17 * 18 * Updated: Hewlett-Packard <paul@paul-moore.com> 19 * Added support for the policy capability bitmap 20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. 21 * 22 * Update: Mellanox Techonologies 23 * Added Infiniband support 24 * Copyright (C) 2016 Mellanox Techonologies 25 */ 26 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/string.h> 31 #include <linux/errno.h> 32 #include <linux/audit.h> 33 #include "security.h" 34 35 #include "policydb.h" 36 #include "conditional.h" 37 #include "mls.h" 38 #include "services.h" 39 40 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 41 /* clang-format off */ 42 static const char *const symtab_name[SYM_NUM] = { 43 "common prefixes", 44 "classes", 45 "roles", 46 "types", 47 "users", 48 "bools", 49 "levels", 50 "categories", 51 }; 52 /* clang-format off */ 53 #endif 54 55 struct policydb_compat_info { 56 unsigned int version; 57 unsigned int sym_num; 58 unsigned int ocon_num; 59 }; 60 61 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 62 static const struct policydb_compat_info policydb_compat[] = { 63 { 64 .version = POLICYDB_VERSION_BASE, 65 .sym_num = SYM_NUM - 3, 66 .ocon_num = OCON_NUM - 3, 67 }, 68 { 69 .version = POLICYDB_VERSION_BOOL, 70 .sym_num = SYM_NUM - 2, 71 .ocon_num = OCON_NUM - 3, 72 }, 73 { 74 .version = POLICYDB_VERSION_IPV6, 75 .sym_num = SYM_NUM - 2, 76 .ocon_num = OCON_NUM - 2, 77 }, 78 { 79 .version = POLICYDB_VERSION_NLCLASS, 80 .sym_num = SYM_NUM - 2, 81 .ocon_num = OCON_NUM - 2, 82 }, 83 { 84 .version = POLICYDB_VERSION_MLS, 85 .sym_num = SYM_NUM, 86 .ocon_num = OCON_NUM - 2, 87 }, 88 { 89 .version = POLICYDB_VERSION_AVTAB, 90 .sym_num = SYM_NUM, 91 .ocon_num = OCON_NUM - 2, 92 }, 93 { 94 .version = POLICYDB_VERSION_RANGETRANS, 95 .sym_num = SYM_NUM, 96 .ocon_num = OCON_NUM - 2, 97 }, 98 { 99 .version = POLICYDB_VERSION_POLCAP, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NUM - 2, 102 }, 103 { 104 .version = POLICYDB_VERSION_PERMISSIVE, 105 .sym_num = SYM_NUM, 106 .ocon_num = OCON_NUM - 2, 107 }, 108 { 109 .version = POLICYDB_VERSION_BOUNDARY, 110 .sym_num = SYM_NUM, 111 .ocon_num = OCON_NUM - 2, 112 }, 113 { 114 .version = POLICYDB_VERSION_FILENAME_TRANS, 115 .sym_num = SYM_NUM, 116 .ocon_num = OCON_NUM - 2, 117 }, 118 { 119 .version = POLICYDB_VERSION_ROLETRANS, 120 .sym_num = SYM_NUM, 121 .ocon_num = OCON_NUM - 2, 122 }, 123 { 124 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 125 .sym_num = SYM_NUM, 126 .ocon_num = OCON_NUM - 2, 127 }, 128 { 129 .version = POLICYDB_VERSION_DEFAULT_TYPE, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NUM - 2, 132 }, 133 { 134 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NUM - 2, 137 }, 138 { 139 .version = POLICYDB_VERSION_XPERMS_IOCTL, 140 .sym_num = SYM_NUM, 141 .ocon_num = OCON_NUM - 2, 142 }, 143 { 144 .version = POLICYDB_VERSION_INFINIBAND, 145 .sym_num = SYM_NUM, 146 .ocon_num = OCON_NUM, 147 }, 148 { 149 .version = POLICYDB_VERSION_GLBLUB, 150 .sym_num = SYM_NUM, 151 .ocon_num = OCON_NUM, 152 }, 153 { 154 .version = POLICYDB_VERSION_COMP_FTRANS, 155 .sym_num = SYM_NUM, 156 .ocon_num = OCON_NUM, 157 }, 158 }; 159 160 static const struct policydb_compat_info * 161 policydb_lookup_compat(unsigned int version) 162 { 163 unsigned int i; 164 165 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { 166 if (policydb_compat[i].version == version) 167 return &policydb_compat[i]; 168 } 169 170 return NULL; 171 } 172 173 /* 174 * The following *_destroy functions are used to 175 * free any memory allocated for each kind of 176 * symbol data in the policy database. 177 */ 178 179 static int perm_destroy(void *key, void *datum, void *p) 180 { 181 kfree(key); 182 kfree(datum); 183 return 0; 184 } 185 186 static int common_destroy(void *key, void *datum, void *p) 187 { 188 struct common_datum *comdatum; 189 190 kfree(key); 191 if (datum) { 192 comdatum = datum; 193 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL); 194 hashtab_destroy(&comdatum->permissions.table); 195 } 196 kfree(datum); 197 return 0; 198 } 199 200 static void constraint_expr_destroy(struct constraint_expr *expr) 201 { 202 if (expr) { 203 ebitmap_destroy(&expr->names); 204 if (expr->type_names) { 205 ebitmap_destroy(&expr->type_names->types); 206 ebitmap_destroy(&expr->type_names->negset); 207 kfree(expr->type_names); 208 } 209 kfree(expr); 210 } 211 } 212 213 static int cls_destroy(void *key, void *datum, void *p) 214 { 215 struct class_datum *cladatum; 216 struct constraint_node *constraint, *ctemp; 217 struct constraint_expr *e, *etmp; 218 219 kfree(key); 220 if (datum) { 221 cladatum = datum; 222 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL); 223 hashtab_destroy(&cladatum->permissions.table); 224 constraint = cladatum->constraints; 225 while (constraint) { 226 e = constraint->expr; 227 while (e) { 228 etmp = e; 229 e = e->next; 230 constraint_expr_destroy(etmp); 231 } 232 ctemp = constraint; 233 constraint = constraint->next; 234 kfree(ctemp); 235 } 236 237 constraint = cladatum->validatetrans; 238 while (constraint) { 239 e = constraint->expr; 240 while (e) { 241 etmp = e; 242 e = e->next; 243 constraint_expr_destroy(etmp); 244 } 245 ctemp = constraint; 246 constraint = constraint->next; 247 kfree(ctemp); 248 } 249 kfree(cladatum->comkey); 250 } 251 kfree(datum); 252 return 0; 253 } 254 255 static int role_destroy(void *key, void *datum, void *p) 256 { 257 struct role_datum *role; 258 259 kfree(key); 260 if (datum) { 261 role = datum; 262 ebitmap_destroy(&role->dominates); 263 ebitmap_destroy(&role->types); 264 } 265 kfree(datum); 266 return 0; 267 } 268 269 static int type_destroy(void *key, void *datum, void *p) 270 { 271 kfree(key); 272 kfree(datum); 273 return 0; 274 } 275 276 static int user_destroy(void *key, void *datum, void *p) 277 { 278 struct user_datum *usrdatum; 279 280 kfree(key); 281 if (datum) { 282 usrdatum = datum; 283 ebitmap_destroy(&usrdatum->roles); 284 ebitmap_destroy(&usrdatum->range.level[0].cat); 285 ebitmap_destroy(&usrdatum->range.level[1].cat); 286 ebitmap_destroy(&usrdatum->dfltlevel.cat); 287 } 288 kfree(datum); 289 return 0; 290 } 291 292 static int sens_destroy(void *key, void *datum, void *p) 293 { 294 struct level_datum *levdatum; 295 296 kfree(key); 297 if (datum) { 298 levdatum = datum; 299 if (levdatum->level) 300 ebitmap_destroy(&levdatum->level->cat); 301 kfree(levdatum->level); 302 } 303 kfree(datum); 304 return 0; 305 } 306 307 static int cat_destroy(void *key, void *datum, void *p) 308 { 309 kfree(key); 310 kfree(datum); 311 return 0; 312 } 313 314 /* clang-format off */ 315 static int (*const destroy_f[SYM_NUM])(void *key, void *datum, void *datap) = { 316 common_destroy, 317 cls_destroy, 318 role_destroy, 319 type_destroy, 320 user_destroy, 321 cond_destroy_bool, 322 sens_destroy, 323 cat_destroy, 324 }; 325 /* clang-format on */ 326 327 static int filenametr_destroy(void *key, void *datum, void *p) 328 { 329 struct filename_trans_key *ft = key; 330 struct filename_trans_datum *next, *d = datum; 331 332 kfree(ft->name); 333 kfree(key); 334 do { 335 ebitmap_destroy(&d->stypes); 336 next = d->next; 337 kfree(d); 338 d = next; 339 } while (unlikely(d)); 340 cond_resched(); 341 return 0; 342 } 343 344 static int range_tr_destroy(void *key, void *datum, void *p) 345 { 346 struct mls_range *rt = datum; 347 348 kfree(key); 349 ebitmap_destroy(&rt->level[0].cat); 350 ebitmap_destroy(&rt->level[1].cat); 351 kfree(datum); 352 cond_resched(); 353 return 0; 354 } 355 356 static int role_tr_destroy(void *key, void *datum, void *p) 357 { 358 kfree(key); 359 kfree(datum); 360 return 0; 361 } 362 363 static void ocontext_destroy(struct ocontext *c, unsigned int i) 364 { 365 if (!c) 366 return; 367 368 context_destroy(&c->context[0]); 369 context_destroy(&c->context[1]); 370 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF || 371 i == OCON_FSUSE) 372 kfree(c->u.name); 373 kfree(c); 374 } 375 376 /* 377 * Initialize the role table. 378 */ 379 static int roles_init(struct policydb *p) 380 { 381 char *key = NULL; 382 int rc; 383 struct role_datum *role; 384 385 role = kzalloc(sizeof(*role), GFP_KERNEL); 386 if (!role) 387 return -ENOMEM; 388 389 rc = -EINVAL; 390 role->value = ++p->p_roles.nprim; 391 if (role->value != OBJECT_R_VAL) 392 goto out; 393 394 rc = -ENOMEM; 395 key = kstrdup(OBJECT_R, GFP_KERNEL); 396 if (!key) 397 goto out; 398 399 rc = symtab_insert(&p->p_roles, key, role); 400 if (rc) 401 goto out; 402 403 return 0; 404 out: 405 kfree(key); 406 kfree(role); 407 return rc; 408 } 409 410 static u32 filenametr_hash(const void *k) 411 { 412 const struct filename_trans_key *ft = k; 413 unsigned long salt = ft->ttype ^ ft->tclass; 414 415 return full_name_hash((void *)salt, ft->name, strlen(ft->name)); 416 } 417 418 static int filenametr_cmp(const void *k1, const void *k2) 419 { 420 const struct filename_trans_key *ft1 = k1; 421 const struct filename_trans_key *ft2 = k2; 422 int v; 423 424 v = ft1->ttype - ft2->ttype; 425 if (v) 426 return v; 427 428 v = ft1->tclass - ft2->tclass; 429 if (v) 430 return v; 431 432 return strcmp(ft1->name, ft2->name); 433 } 434 435 static const struct hashtab_key_params filenametr_key_params = { 436 .hash = filenametr_hash, 437 .cmp = filenametr_cmp, 438 }; 439 440 struct filename_trans_datum * 441 policydb_filenametr_search(struct policydb *p, struct filename_trans_key *key) 442 { 443 return hashtab_search(&p->filename_trans, key, filenametr_key_params); 444 } 445 446 static u32 rangetr_hash(const void *k) 447 { 448 const struct range_trans *key = k; 449 450 return key->source_type + (key->target_type << 3) + 451 (key->target_class << 5); 452 } 453 454 static int rangetr_cmp(const void *k1, const void *k2) 455 { 456 const struct range_trans *key1 = k1, *key2 = k2; 457 int v; 458 459 v = key1->source_type - key2->source_type; 460 if (v) 461 return v; 462 463 v = key1->target_type - key2->target_type; 464 if (v) 465 return v; 466 467 v = key1->target_class - key2->target_class; 468 469 return v; 470 } 471 472 static const struct hashtab_key_params rangetr_key_params = { 473 .hash = rangetr_hash, 474 .cmp = rangetr_cmp, 475 }; 476 477 struct mls_range *policydb_rangetr_search(struct policydb *p, 478 struct range_trans *key) 479 { 480 return hashtab_search(&p->range_tr, key, rangetr_key_params); 481 } 482 483 static u32 role_trans_hash(const void *k) 484 { 485 const struct role_trans_key *key = k; 486 487 return jhash_3words(key->role, key->type, 488 (u32)key->tclass << 16 | key->tclass, 0); 489 } 490 491 static int role_trans_cmp(const void *k1, const void *k2) 492 { 493 const struct role_trans_key *key1 = k1, *key2 = k2; 494 int v; 495 496 v = key1->role - key2->role; 497 if (v) 498 return v; 499 500 v = key1->type - key2->type; 501 if (v) 502 return v; 503 504 return key1->tclass - key2->tclass; 505 } 506 507 static const struct hashtab_key_params roletr_key_params = { 508 .hash = role_trans_hash, 509 .cmp = role_trans_cmp, 510 }; 511 512 struct role_trans_datum *policydb_roletr_search(struct policydb *p, 513 struct role_trans_key *key) 514 { 515 return hashtab_search(&p->role_tr, key, roletr_key_params); 516 } 517 518 /* 519 * Initialize a policy database structure. 520 */ 521 static void policydb_init(struct policydb *p) 522 { 523 memset(p, 0, sizeof(*p)); 524 525 avtab_init(&p->te_avtab); 526 cond_policydb_init(p); 527 528 ebitmap_init(&p->filename_trans_ttypes); 529 ebitmap_init(&p->policycaps); 530 ebitmap_init(&p->permissive_map); 531 } 532 533 /* 534 * The following *_index functions are used to 535 * define the val_to_name and val_to_struct arrays 536 * in a policy database structure. The val_to_name 537 * arrays are used when converting security context 538 * structures into string representations. The 539 * val_to_struct arrays are used when the attributes 540 * of a class, role, or user are needed. 541 */ 542 543 static int common_index(void *key, void *datum, void *datap) 544 { 545 struct policydb *p; 546 struct common_datum *comdatum; 547 548 comdatum = datum; 549 p = datap; 550 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 551 return -EINVAL; 552 553 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; 554 555 return 0; 556 } 557 558 static int class_index(void *key, void *datum, void *datap) 559 { 560 struct policydb *p; 561 struct class_datum *cladatum; 562 563 cladatum = datum; 564 p = datap; 565 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 566 return -EINVAL; 567 568 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; 569 p->class_val_to_struct[cladatum->value - 1] = cladatum; 570 return 0; 571 } 572 573 static int role_index(void *key, void *datum, void *datap) 574 { 575 struct policydb *p; 576 struct role_datum *role; 577 578 role = datum; 579 p = datap; 580 if (!role->value || role->value > p->p_roles.nprim || 581 role->bounds > p->p_roles.nprim) 582 return -EINVAL; 583 584 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; 585 p->role_val_to_struct[role->value - 1] = role; 586 return 0; 587 } 588 589 static int type_index(void *key, void *datum, void *datap) 590 { 591 struct policydb *p; 592 struct type_datum *typdatum; 593 594 typdatum = datum; 595 p = datap; 596 597 if (typdatum->primary) { 598 if (!typdatum->value || typdatum->value > p->p_types.nprim || 599 typdatum->bounds > p->p_types.nprim) 600 return -EINVAL; 601 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; 602 p->type_val_to_struct[typdatum->value - 1] = typdatum; 603 } 604 605 return 0; 606 } 607 608 static int user_index(void *key, void *datum, void *datap) 609 { 610 struct policydb *p; 611 struct user_datum *usrdatum; 612 613 usrdatum = datum; 614 p = datap; 615 if (!usrdatum->value || usrdatum->value > p->p_users.nprim || 616 usrdatum->bounds > p->p_users.nprim) 617 return -EINVAL; 618 619 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; 620 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 621 return 0; 622 } 623 624 static int sens_index(void *key, void *datum, void *datap) 625 { 626 struct policydb *p; 627 struct level_datum *levdatum; 628 629 levdatum = datum; 630 p = datap; 631 632 if (!levdatum->isalias) { 633 if (!levdatum->level->sens || 634 levdatum->level->sens > p->p_levels.nprim) 635 return -EINVAL; 636 637 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; 638 } 639 640 return 0; 641 } 642 643 static int cat_index(void *key, void *datum, void *datap) 644 { 645 struct policydb *p; 646 struct cat_datum *catdatum; 647 648 catdatum = datum; 649 p = datap; 650 651 if (!catdatum->isalias) { 652 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 653 return -EINVAL; 654 655 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; 656 } 657 658 return 0; 659 } 660 661 /* clang-format off */ 662 static int (*const index_f[SYM_NUM])(void *key, void *datum, void *datap) = { 663 common_index, 664 class_index, 665 role_index, 666 type_index, 667 user_index, 668 cond_index_bool, 669 sens_index, 670 cat_index, 671 }; 672 /* clang-format on */ 673 674 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 675 static void hash_eval(struct hashtab *h, const char *hash_name, 676 const char *hash_details) 677 { 678 struct hashtab_info info; 679 680 hashtab_stat(h, &info); 681 pr_debug( 682 "SELinux: %s%s%s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n", 683 hash_name, hash_details ? "@" : "", hash_details ?: "", h->nel, 684 info.slots_used, h->size, info.max_chain_len, 685 info.chain2_len_sum); 686 } 687 688 static void symtab_hash_eval(struct symtab *s) 689 { 690 int i; 691 692 for (i = 0; i < SYM_NUM; i++) 693 hash_eval(&s[i].table, symtab_name[i], NULL); 694 } 695 696 #else 697 static inline void hash_eval(struct hashtab *h, const char *hash_name, 698 const char *hash_details) 699 { 700 } 701 static inline void symtab_hash_eval(struct symtab *s) 702 { 703 } 704 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ 705 706 /* 707 * Define the other val_to_name and val_to_struct arrays 708 * in a policy database structure. 709 * 710 * Caller must clean up on failure. 711 */ 712 static int policydb_index(struct policydb *p) 713 { 714 int i, rc; 715 716 if (p->mls_enabled) 717 pr_debug( 718 "SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n", 719 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 720 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); 721 else 722 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n", 723 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 724 p->p_bools.nprim); 725 726 pr_debug("SELinux: %d classes, %d rules\n", p->p_classes.nprim, 727 p->te_avtab.nel); 728 729 avtab_hash_eval(&p->te_avtab, "rules"); 730 symtab_hash_eval(p->symtab); 731 732 p->class_val_to_struct = kcalloc(p->p_classes.nprim, 733 sizeof(*p->class_val_to_struct), 734 GFP_KERNEL); 735 if (!p->class_val_to_struct) 736 return -ENOMEM; 737 738 p->role_val_to_struct = kcalloc( 739 p->p_roles.nprim, sizeof(*p->role_val_to_struct), GFP_KERNEL); 740 if (!p->role_val_to_struct) 741 return -ENOMEM; 742 743 p->user_val_to_struct = kcalloc( 744 p->p_users.nprim, sizeof(*p->user_val_to_struct), GFP_KERNEL); 745 if (!p->user_val_to_struct) 746 return -ENOMEM; 747 748 p->type_val_to_struct = kvcalloc( 749 p->p_types.nprim, sizeof(*p->type_val_to_struct), GFP_KERNEL); 750 if (!p->type_val_to_struct) 751 return -ENOMEM; 752 753 rc = cond_init_bool_indexes(p); 754 if (rc) 755 goto out; 756 757 for (i = 0; i < SYM_NUM; i++) { 758 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim, 759 sizeof(char *), GFP_KERNEL); 760 if (!p->sym_val_to_name[i]) 761 return -ENOMEM; 762 763 rc = hashtab_map(&p->symtab[i].table, index_f[i], p); 764 if (rc) 765 goto out; 766 } 767 rc = 0; 768 out: 769 return rc; 770 } 771 772 /* 773 * Free any memory allocated by a policy database structure. 774 */ 775 void policydb_destroy(struct policydb *p) 776 { 777 struct ocontext *c, *ctmp; 778 struct genfs *g, *gtmp; 779 u32 i; 780 struct role_allow *ra, *lra = NULL; 781 782 for (i = 0; i < SYM_NUM; i++) { 783 cond_resched(); 784 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL); 785 hashtab_destroy(&p->symtab[i].table); 786 } 787 788 for (i = 0; i < SYM_NUM; i++) 789 kvfree(p->sym_val_to_name[i]); 790 791 kfree(p->class_val_to_struct); 792 kfree(p->role_val_to_struct); 793 kfree(p->user_val_to_struct); 794 kvfree(p->type_val_to_struct); 795 796 avtab_destroy(&p->te_avtab); 797 798 for (i = 0; i < OCON_NUM; i++) { 799 cond_resched(); 800 c = p->ocontexts[i]; 801 while (c) { 802 ctmp = c; 803 c = c->next; 804 ocontext_destroy(ctmp, i); 805 } 806 p->ocontexts[i] = NULL; 807 } 808 809 g = p->genfs; 810 while (g) { 811 cond_resched(); 812 kfree(g->fstype); 813 c = g->head; 814 while (c) { 815 ctmp = c; 816 c = c->next; 817 ocontext_destroy(ctmp, OCON_FSUSE); 818 } 819 gtmp = g; 820 g = g->next; 821 kfree(gtmp); 822 } 823 p->genfs = NULL; 824 825 cond_policydb_destroy(p); 826 827 hashtab_map(&p->role_tr, role_tr_destroy, NULL); 828 hashtab_destroy(&p->role_tr); 829 830 for (ra = p->role_allow; ra; ra = ra->next) { 831 cond_resched(); 832 kfree(lra); 833 lra = ra; 834 } 835 kfree(lra); 836 837 hashtab_map(&p->filename_trans, filenametr_destroy, NULL); 838 hashtab_destroy(&p->filename_trans); 839 840 hashtab_map(&p->range_tr, range_tr_destroy, NULL); 841 hashtab_destroy(&p->range_tr); 842 843 if (p->type_attr_map_array) { 844 for (i = 0; i < p->p_types.nprim; i++) 845 ebitmap_destroy(&p->type_attr_map_array[i]); 846 kvfree(p->type_attr_map_array); 847 } 848 849 ebitmap_destroy(&p->filename_trans_ttypes); 850 ebitmap_destroy(&p->policycaps); 851 ebitmap_destroy(&p->permissive_map); 852 } 853 854 /* 855 * Load the initial SIDs specified in a policy database 856 * structure into a SID table. 857 */ 858 int policydb_load_isids(struct policydb *p, struct sidtab *s) 859 { 860 struct ocontext *head, *c; 861 bool isid_init; 862 int rc; 863 864 rc = sidtab_init(s); 865 if (rc) { 866 pr_err("SELinux: out of memory on SID table init\n"); 867 return rc; 868 } 869 870 isid_init = ebitmap_get_bit(&p->policycaps, 871 POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT); 872 873 head = p->ocontexts[OCON_ISID]; 874 for (c = head; c; c = c->next) { 875 u32 sid = c->sid[0]; 876 const char *name = security_get_initial_sid_context(sid); 877 878 if (sid == SECSID_NULL) { 879 pr_err("SELinux: SID 0 was assigned a context.\n"); 880 sidtab_destroy(s); 881 return -EINVAL; 882 } 883 884 /* Ignore initial SIDs unused by this kernel. */ 885 if (!name) 886 continue; 887 888 /* 889 * Also ignore SECINITSID_INIT if the policy doesn't declare 890 * support for it 891 */ 892 if (sid == SECINITSID_INIT && !isid_init) 893 continue; 894 895 rc = sidtab_set_initial(s, sid, &c->context[0]); 896 if (rc) { 897 pr_err("SELinux: unable to load initial SID %s.\n", 898 name); 899 sidtab_destroy(s); 900 return rc; 901 } 902 903 /* 904 * If the policy doesn't support the "userspace_initial_context" 905 * capability, set SECINITSID_INIT to the same context as 906 * SECINITSID_KERNEL. This ensures the same behavior as before 907 * the reintroduction of SECINITSID_INIT, where all tasks 908 * started before policy load would initially get the context 909 * corresponding to SECINITSID_KERNEL. 910 */ 911 if (sid == SECINITSID_KERNEL && !isid_init) { 912 rc = sidtab_set_initial(s, SECINITSID_INIT, 913 &c->context[0]); 914 if (rc) { 915 pr_err("SELinux: unable to load initial SID %s.\n", 916 name); 917 sidtab_destroy(s); 918 return rc; 919 } 920 } 921 } 922 return 0; 923 } 924 925 int policydb_class_isvalid(struct policydb *p, unsigned int class) 926 { 927 if (!class || class > p->p_classes.nprim) 928 return 0; 929 return 1; 930 } 931 932 int policydb_role_isvalid(struct policydb *p, unsigned int role) 933 { 934 if (!role || role > p->p_roles.nprim) 935 return 0; 936 return 1; 937 } 938 939 int policydb_type_isvalid(struct policydb *p, unsigned int type) 940 { 941 if (!type || type > p->p_types.nprim) 942 return 0; 943 return 1; 944 } 945 946 /* 947 * Return 1 if the fields in the security context 948 * structure `c' are valid. Return 0 otherwise. 949 */ 950 int policydb_context_isvalid(struct policydb *p, struct context *c) 951 { 952 struct role_datum *role; 953 struct user_datum *usrdatum; 954 955 if (!c->role || c->role > p->p_roles.nprim) 956 return 0; 957 958 if (!c->user || c->user > p->p_users.nprim) 959 return 0; 960 961 if (!c->type || c->type > p->p_types.nprim) 962 return 0; 963 964 if (c->role != OBJECT_R_VAL) { 965 /* 966 * Role must be authorized for the type. 967 */ 968 role = p->role_val_to_struct[c->role - 1]; 969 if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) 970 /* role may not be associated with type */ 971 return 0; 972 973 /* 974 * User must be authorized for the role. 975 */ 976 usrdatum = p->user_val_to_struct[c->user - 1]; 977 if (!usrdatum) 978 return 0; 979 980 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1)) 981 /* user may not be associated with role */ 982 return 0; 983 } 984 985 if (!mls_context_isvalid(p, c)) 986 return 0; 987 988 return 1; 989 } 990 991 /* 992 * Read a MLS range structure from a policydb binary 993 * representation file. 994 */ 995 static int mls_read_range_helper(struct mls_range *r, void *fp) 996 { 997 __le32 buf[2]; 998 u32 items; 999 int rc; 1000 1001 rc = next_entry(buf, fp, sizeof(u32)); 1002 if (rc) 1003 goto out; 1004 1005 rc = -EINVAL; 1006 items = le32_to_cpu(buf[0]); 1007 if (items > ARRAY_SIZE(buf)) { 1008 pr_err("SELinux: mls: range overflow\n"); 1009 goto out; 1010 } 1011 1012 rc = next_entry(buf, fp, sizeof(u32) * items); 1013 if (rc) { 1014 pr_err("SELinux: mls: truncated range\n"); 1015 goto out; 1016 } 1017 1018 r->level[0].sens = le32_to_cpu(buf[0]); 1019 if (items > 1) 1020 r->level[1].sens = le32_to_cpu(buf[1]); 1021 else 1022 r->level[1].sens = r->level[0].sens; 1023 1024 rc = ebitmap_read(&r->level[0].cat, fp); 1025 if (rc) { 1026 pr_err("SELinux: mls: error reading low categories\n"); 1027 goto out; 1028 } 1029 if (items > 1) { 1030 rc = ebitmap_read(&r->level[1].cat, fp); 1031 if (rc) { 1032 pr_err("SELinux: mls: error reading high categories\n"); 1033 goto bad_high; 1034 } 1035 } else { 1036 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1037 if (rc) { 1038 pr_err("SELinux: mls: out of memory\n"); 1039 goto bad_high; 1040 } 1041 } 1042 1043 return 0; 1044 bad_high: 1045 ebitmap_destroy(&r->level[0].cat); 1046 out: 1047 return rc; 1048 } 1049 1050 /* 1051 * Read and validate a security context structure 1052 * from a policydb binary representation file. 1053 */ 1054 static int context_read_and_validate(struct context *c, struct policydb *p, 1055 void *fp) 1056 { 1057 __le32 buf[3]; 1058 int rc; 1059 1060 rc = next_entry(buf, fp, sizeof buf); 1061 if (rc) { 1062 pr_err("SELinux: context truncated\n"); 1063 goto out; 1064 } 1065 c->user = le32_to_cpu(buf[0]); 1066 c->role = le32_to_cpu(buf[1]); 1067 c->type = le32_to_cpu(buf[2]); 1068 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1069 rc = mls_read_range_helper(&c->range, fp); 1070 if (rc) { 1071 pr_err("SELinux: error reading MLS range of context\n"); 1072 goto out; 1073 } 1074 } 1075 1076 rc = -EINVAL; 1077 if (!policydb_context_isvalid(p, c)) { 1078 pr_err("SELinux: invalid security context\n"); 1079 context_destroy(c); 1080 goto out; 1081 } 1082 rc = 0; 1083 out: 1084 return rc; 1085 } 1086 1087 /* 1088 * The following *_read functions are used to 1089 * read the symbol data from a policy database 1090 * binary representation file. 1091 */ 1092 1093 static int str_read(char **strp, gfp_t flags, void *fp, u32 len) 1094 { 1095 int rc; 1096 char *str; 1097 1098 if ((len == 0) || (len == (u32)-1)) 1099 return -EINVAL; 1100 1101 str = kmalloc(len + 1, flags | __GFP_NOWARN); 1102 if (!str) 1103 return -ENOMEM; 1104 1105 rc = next_entry(str, fp, len); 1106 if (rc) { 1107 kfree(str); 1108 return rc; 1109 } 1110 1111 str[len] = '\0'; 1112 *strp = str; 1113 return 0; 1114 } 1115 1116 static int perm_read(struct policydb *p, struct symtab *s, void *fp) 1117 { 1118 char *key = NULL; 1119 struct perm_datum *perdatum; 1120 int rc; 1121 __le32 buf[2]; 1122 u32 len; 1123 1124 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); 1125 if (!perdatum) 1126 return -ENOMEM; 1127 1128 rc = next_entry(buf, fp, sizeof buf); 1129 if (rc) 1130 goto bad; 1131 1132 len = le32_to_cpu(buf[0]); 1133 perdatum->value = le32_to_cpu(buf[1]); 1134 1135 rc = str_read(&key, GFP_KERNEL, fp, len); 1136 if (rc) 1137 goto bad; 1138 1139 rc = symtab_insert(s, key, perdatum); 1140 if (rc) 1141 goto bad; 1142 1143 return 0; 1144 bad: 1145 perm_destroy(key, perdatum, NULL); 1146 return rc; 1147 } 1148 1149 static int common_read(struct policydb *p, struct symtab *s, void *fp) 1150 { 1151 char *key = NULL; 1152 struct common_datum *comdatum; 1153 __le32 buf[4]; 1154 u32 i, len, nel; 1155 int rc; 1156 1157 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); 1158 if (!comdatum) 1159 return -ENOMEM; 1160 1161 rc = next_entry(buf, fp, sizeof buf); 1162 if (rc) 1163 goto bad; 1164 1165 len = le32_to_cpu(buf[0]); 1166 comdatum->value = le32_to_cpu(buf[1]); 1167 nel = le32_to_cpu(buf[3]); 1168 1169 rc = symtab_init(&comdatum->permissions, nel); 1170 if (rc) 1171 goto bad; 1172 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1173 1174 rc = str_read(&key, GFP_KERNEL, fp, len); 1175 if (rc) 1176 goto bad; 1177 1178 for (i = 0; i < nel; i++) { 1179 rc = perm_read(p, &comdatum->permissions, fp); 1180 if (rc) 1181 goto bad; 1182 } 1183 1184 hash_eval(&comdatum->permissions.table, "common_permissions", key); 1185 1186 rc = symtab_insert(s, key, comdatum); 1187 if (rc) 1188 goto bad; 1189 return 0; 1190 bad: 1191 common_destroy(key, comdatum, NULL); 1192 return rc; 1193 } 1194 1195 static void type_set_init(struct type_set *t) 1196 { 1197 ebitmap_init(&t->types); 1198 ebitmap_init(&t->negset); 1199 } 1200 1201 static int type_set_read(struct type_set *t, void *fp) 1202 { 1203 __le32 buf[1]; 1204 int rc; 1205 1206 if (ebitmap_read(&t->types, fp)) 1207 return -EINVAL; 1208 if (ebitmap_read(&t->negset, fp)) 1209 return -EINVAL; 1210 1211 rc = next_entry(buf, fp, sizeof(u32)); 1212 if (rc < 0) 1213 return -EINVAL; 1214 t->flags = le32_to_cpu(buf[0]); 1215 1216 return 0; 1217 } 1218 1219 static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, 1220 u32 ncons, int allowxtarget, void *fp) 1221 { 1222 struct constraint_node *c, *lc; 1223 struct constraint_expr *e, *le; 1224 __le32 buf[3]; 1225 u32 i, j, nexpr; 1226 int rc, depth; 1227 1228 lc = NULL; 1229 for (i = 0; i < ncons; i++) { 1230 c = kzalloc(sizeof(*c), GFP_KERNEL); 1231 if (!c) 1232 return -ENOMEM; 1233 1234 if (lc) 1235 lc->next = c; 1236 else 1237 *nodep = c; 1238 1239 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1240 if (rc) 1241 return rc; 1242 c->permissions = le32_to_cpu(buf[0]); 1243 nexpr = le32_to_cpu(buf[1]); 1244 le = NULL; 1245 depth = -1; 1246 for (j = 0; j < nexpr; j++) { 1247 e = kzalloc(sizeof(*e), GFP_KERNEL); 1248 if (!e) 1249 return -ENOMEM; 1250 1251 if (le) 1252 le->next = e; 1253 else 1254 c->expr = e; 1255 1256 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 1257 if (rc) 1258 return rc; 1259 e->expr_type = le32_to_cpu(buf[0]); 1260 e->attr = le32_to_cpu(buf[1]); 1261 e->op = le32_to_cpu(buf[2]); 1262 1263 switch (e->expr_type) { 1264 case CEXPR_NOT: 1265 if (depth < 0) 1266 return -EINVAL; 1267 break; 1268 case CEXPR_AND: 1269 case CEXPR_OR: 1270 if (depth < 1) 1271 return -EINVAL; 1272 depth--; 1273 break; 1274 case CEXPR_ATTR: 1275 if (depth == (CEXPR_MAXDEPTH - 1)) 1276 return -EINVAL; 1277 depth++; 1278 break; 1279 case CEXPR_NAMES: 1280 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1281 return -EINVAL; 1282 if (depth == (CEXPR_MAXDEPTH - 1)) 1283 return -EINVAL; 1284 depth++; 1285 rc = ebitmap_read(&e->names, fp); 1286 if (rc) 1287 return rc; 1288 if (p->policyvers >= 1289 POLICYDB_VERSION_CONSTRAINT_NAMES) { 1290 e->type_names = 1291 kzalloc(sizeof(*e->type_names), 1292 GFP_KERNEL); 1293 if (!e->type_names) 1294 return -ENOMEM; 1295 type_set_init(e->type_names); 1296 rc = type_set_read(e->type_names, fp); 1297 if (rc) 1298 return rc; 1299 } 1300 break; 1301 default: 1302 return -EINVAL; 1303 } 1304 le = e; 1305 } 1306 if (depth != 0) 1307 return -EINVAL; 1308 lc = c; 1309 } 1310 1311 return 0; 1312 } 1313 1314 static int class_read(struct policydb *p, struct symtab *s, void *fp) 1315 { 1316 char *key = NULL; 1317 struct class_datum *cladatum; 1318 __le32 buf[6]; 1319 u32 i, len, len2, ncons, nel; 1320 int rc; 1321 1322 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); 1323 if (!cladatum) 1324 return -ENOMEM; 1325 1326 rc = next_entry(buf, fp, sizeof(u32) * 6); 1327 if (rc) 1328 goto bad; 1329 1330 len = le32_to_cpu(buf[0]); 1331 len2 = le32_to_cpu(buf[1]); 1332 cladatum->value = le32_to_cpu(buf[2]); 1333 nel = le32_to_cpu(buf[4]); 1334 1335 rc = symtab_init(&cladatum->permissions, nel); 1336 if (rc) 1337 goto bad; 1338 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1339 1340 ncons = le32_to_cpu(buf[5]); 1341 1342 rc = str_read(&key, GFP_KERNEL, fp, len); 1343 if (rc) 1344 goto bad; 1345 1346 if (len2) { 1347 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); 1348 if (rc) 1349 goto bad; 1350 1351 rc = -EINVAL; 1352 cladatum->comdatum = 1353 symtab_search(&p->p_commons, cladatum->comkey); 1354 if (!cladatum->comdatum) { 1355 pr_err("SELinux: unknown common %s\n", 1356 cladatum->comkey); 1357 goto bad; 1358 } 1359 } 1360 for (i = 0; i < nel; i++) { 1361 rc = perm_read(p, &cladatum->permissions, fp); 1362 if (rc) 1363 goto bad; 1364 } 1365 1366 hash_eval(&cladatum->permissions.table, "class_permissions", key); 1367 1368 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); 1369 if (rc) 1370 goto bad; 1371 1372 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1373 /* grab the validatetrans rules */ 1374 rc = next_entry(buf, fp, sizeof(u32)); 1375 if (rc) 1376 goto bad; 1377 ncons = le32_to_cpu(buf[0]); 1378 rc = read_cons_helper(p, &cladatum->validatetrans, ncons, 1, 1379 fp); 1380 if (rc) 1381 goto bad; 1382 } 1383 1384 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 1385 rc = next_entry(buf, fp, sizeof(u32) * 3); 1386 if (rc) 1387 goto bad; 1388 1389 cladatum->default_user = le32_to_cpu(buf[0]); 1390 cladatum->default_role = le32_to_cpu(buf[1]); 1391 cladatum->default_range = le32_to_cpu(buf[2]); 1392 } 1393 1394 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 1395 rc = next_entry(buf, fp, sizeof(u32) * 1); 1396 if (rc) 1397 goto bad; 1398 cladatum->default_type = le32_to_cpu(buf[0]); 1399 } 1400 1401 rc = symtab_insert(s, key, cladatum); 1402 if (rc) 1403 goto bad; 1404 1405 return 0; 1406 bad: 1407 cls_destroy(key, cladatum, NULL); 1408 return rc; 1409 } 1410 1411 static int role_read(struct policydb *p, struct symtab *s, void *fp) 1412 { 1413 char *key = NULL; 1414 struct role_datum *role; 1415 int rc; 1416 unsigned int to_read = 2; 1417 __le32 buf[3]; 1418 u32 len; 1419 1420 role = kzalloc(sizeof(*role), GFP_KERNEL); 1421 if (!role) 1422 return -ENOMEM; 1423 1424 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1425 to_read = 3; 1426 1427 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1428 if (rc) 1429 goto bad; 1430 1431 len = le32_to_cpu(buf[0]); 1432 role->value = le32_to_cpu(buf[1]); 1433 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1434 role->bounds = le32_to_cpu(buf[2]); 1435 1436 rc = str_read(&key, GFP_KERNEL, fp, len); 1437 if (rc) 1438 goto bad; 1439 1440 rc = ebitmap_read(&role->dominates, fp); 1441 if (rc) 1442 goto bad; 1443 1444 rc = ebitmap_read(&role->types, fp); 1445 if (rc) 1446 goto bad; 1447 1448 if (strcmp(key, OBJECT_R) == 0) { 1449 rc = -EINVAL; 1450 if (role->value != OBJECT_R_VAL) { 1451 pr_err("SELinux: Role %s has wrong value %d\n", 1452 OBJECT_R, role->value); 1453 goto bad; 1454 } 1455 rc = 0; 1456 goto bad; 1457 } 1458 1459 rc = symtab_insert(s, key, role); 1460 if (rc) 1461 goto bad; 1462 return 0; 1463 bad: 1464 role_destroy(key, role, NULL); 1465 return rc; 1466 } 1467 1468 static int type_read(struct policydb *p, struct symtab *s, void *fp) 1469 { 1470 char *key = NULL; 1471 struct type_datum *typdatum; 1472 int rc; 1473 unsigned int to_read = 3; 1474 __le32 buf[4]; 1475 u32 len; 1476 1477 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); 1478 if (!typdatum) 1479 return -ENOMEM; 1480 1481 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1482 to_read = 4; 1483 1484 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1485 if (rc) 1486 goto bad; 1487 1488 len = le32_to_cpu(buf[0]); 1489 typdatum->value = le32_to_cpu(buf[1]); 1490 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 1491 u32 prop = le32_to_cpu(buf[2]); 1492 1493 if (prop & TYPEDATUM_PROPERTY_PRIMARY) 1494 typdatum->primary = 1; 1495 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) 1496 typdatum->attribute = 1; 1497 1498 typdatum->bounds = le32_to_cpu(buf[3]); 1499 } else { 1500 typdatum->primary = le32_to_cpu(buf[2]); 1501 } 1502 1503 rc = str_read(&key, GFP_KERNEL, fp, len); 1504 if (rc) 1505 goto bad; 1506 1507 rc = symtab_insert(s, key, typdatum); 1508 if (rc) 1509 goto bad; 1510 return 0; 1511 bad: 1512 type_destroy(key, typdatum, NULL); 1513 return rc; 1514 } 1515 1516 /* 1517 * Read a MLS level structure from a policydb binary 1518 * representation file. 1519 */ 1520 static int mls_read_level(struct mls_level *lp, void *fp) 1521 { 1522 __le32 buf[1]; 1523 int rc; 1524 1525 memset(lp, 0, sizeof(*lp)); 1526 1527 rc = next_entry(buf, fp, sizeof buf); 1528 if (rc) { 1529 pr_err("SELinux: mls: truncated level\n"); 1530 return rc; 1531 } 1532 lp->sens = le32_to_cpu(buf[0]); 1533 1534 rc = ebitmap_read(&lp->cat, fp); 1535 if (rc) { 1536 pr_err("SELinux: mls: error reading level categories\n"); 1537 return rc; 1538 } 1539 return 0; 1540 } 1541 1542 static int user_read(struct policydb *p, struct symtab *s, void *fp) 1543 { 1544 char *key = NULL; 1545 struct user_datum *usrdatum; 1546 int rc; 1547 unsigned int to_read = 2; 1548 __le32 buf[3]; 1549 u32 len; 1550 1551 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); 1552 if (!usrdatum) 1553 return -ENOMEM; 1554 1555 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1556 to_read = 3; 1557 1558 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read); 1559 if (rc) 1560 goto bad; 1561 1562 len = le32_to_cpu(buf[0]); 1563 usrdatum->value = le32_to_cpu(buf[1]); 1564 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 1565 usrdatum->bounds = le32_to_cpu(buf[2]); 1566 1567 rc = str_read(&key, GFP_KERNEL, fp, len); 1568 if (rc) 1569 goto bad; 1570 1571 rc = ebitmap_read(&usrdatum->roles, fp); 1572 if (rc) 1573 goto bad; 1574 1575 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1576 rc = mls_read_range_helper(&usrdatum->range, fp); 1577 if (rc) 1578 goto bad; 1579 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1580 if (rc) 1581 goto bad; 1582 } 1583 1584 rc = symtab_insert(s, key, usrdatum); 1585 if (rc) 1586 goto bad; 1587 return 0; 1588 bad: 1589 user_destroy(key, usrdatum, NULL); 1590 return rc; 1591 } 1592 1593 static int sens_read(struct policydb *p, struct symtab *s, void *fp) 1594 { 1595 char *key = NULL; 1596 struct level_datum *levdatum; 1597 int rc; 1598 __le32 buf[2]; 1599 u32 len; 1600 1601 levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); 1602 if (!levdatum) 1603 return -ENOMEM; 1604 1605 rc = next_entry(buf, fp, sizeof buf); 1606 if (rc) 1607 goto bad; 1608 1609 len = le32_to_cpu(buf[0]); 1610 levdatum->isalias = le32_to_cpu(buf[1]); 1611 1612 rc = str_read(&key, GFP_KERNEL, fp, len); 1613 if (rc) 1614 goto bad; 1615 1616 rc = -ENOMEM; 1617 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_KERNEL); 1618 if (!levdatum->level) 1619 goto bad; 1620 1621 rc = mls_read_level(levdatum->level, fp); 1622 if (rc) 1623 goto bad; 1624 1625 rc = symtab_insert(s, key, levdatum); 1626 if (rc) 1627 goto bad; 1628 return 0; 1629 bad: 1630 sens_destroy(key, levdatum, NULL); 1631 return rc; 1632 } 1633 1634 static int cat_read(struct policydb *p, struct symtab *s, void *fp) 1635 { 1636 char *key = NULL; 1637 struct cat_datum *catdatum; 1638 int rc; 1639 __le32 buf[3]; 1640 u32 len; 1641 1642 catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); 1643 if (!catdatum) 1644 return -ENOMEM; 1645 1646 rc = next_entry(buf, fp, sizeof buf); 1647 if (rc) 1648 goto bad; 1649 1650 len = le32_to_cpu(buf[0]); 1651 catdatum->value = le32_to_cpu(buf[1]); 1652 catdatum->isalias = le32_to_cpu(buf[2]); 1653 1654 rc = str_read(&key, GFP_KERNEL, fp, len); 1655 if (rc) 1656 goto bad; 1657 1658 rc = symtab_insert(s, key, catdatum); 1659 if (rc) 1660 goto bad; 1661 return 0; 1662 bad: 1663 cat_destroy(key, catdatum, NULL); 1664 return rc; 1665 } 1666 1667 /* clang-format off */ 1668 static int (*const read_f[SYM_NUM])(struct policydb *p, struct symtab *s, 1669 void *fp) = { 1670 common_read, 1671 class_read, 1672 role_read, 1673 type_read, 1674 user_read, 1675 cond_read_bool, 1676 sens_read, 1677 cat_read, 1678 }; 1679 /* clang-format on */ 1680 1681 static int user_bounds_sanity_check(void *key, void *datum, void *datap) 1682 { 1683 struct user_datum *upper, *user; 1684 struct policydb *p = datap; 1685 int depth = 0; 1686 1687 upper = user = datum; 1688 while (upper->bounds) { 1689 struct ebitmap_node *node; 1690 u32 bit; 1691 1692 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1693 pr_err("SELinux: user %s: " 1694 "too deep or looped boundary\n", 1695 (char *)key); 1696 return -EINVAL; 1697 } 1698 1699 upper = p->user_val_to_struct[upper->bounds - 1]; 1700 ebitmap_for_each_positive_bit(&user->roles, node, bit) 1701 { 1702 if (ebitmap_get_bit(&upper->roles, bit)) 1703 continue; 1704 1705 pr_err("SELinux: boundary violated policy: " 1706 "user=%s role=%s bounds=%s\n", 1707 sym_name(p, SYM_USERS, user->value - 1), 1708 sym_name(p, SYM_ROLES, bit), 1709 sym_name(p, SYM_USERS, upper->value - 1)); 1710 1711 return -EINVAL; 1712 } 1713 } 1714 1715 return 0; 1716 } 1717 1718 static int role_bounds_sanity_check(void *key, void *datum, void *datap) 1719 { 1720 struct role_datum *upper, *role; 1721 struct policydb *p = datap; 1722 int depth = 0; 1723 1724 upper = role = datum; 1725 while (upper->bounds) { 1726 struct ebitmap_node *node; 1727 u32 bit; 1728 1729 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1730 pr_err("SELinux: role %s: " 1731 "too deep or looped bounds\n", 1732 (char *)key); 1733 return -EINVAL; 1734 } 1735 1736 upper = p->role_val_to_struct[upper->bounds - 1]; 1737 ebitmap_for_each_positive_bit(&role->types, node, bit) 1738 { 1739 if (ebitmap_get_bit(&upper->types, bit)) 1740 continue; 1741 1742 pr_err("SELinux: boundary violated policy: " 1743 "role=%s type=%s bounds=%s\n", 1744 sym_name(p, SYM_ROLES, role->value - 1), 1745 sym_name(p, SYM_TYPES, bit), 1746 sym_name(p, SYM_ROLES, upper->value - 1)); 1747 1748 return -EINVAL; 1749 } 1750 } 1751 1752 return 0; 1753 } 1754 1755 static int type_bounds_sanity_check(void *key, void *datum, void *datap) 1756 { 1757 struct type_datum *upper; 1758 struct policydb *p = datap; 1759 int depth = 0; 1760 1761 upper = datum; 1762 while (upper->bounds) { 1763 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { 1764 pr_err("SELinux: type %s: " 1765 "too deep or looped boundary\n", 1766 (char *)key); 1767 return -EINVAL; 1768 } 1769 1770 upper = p->type_val_to_struct[upper->bounds - 1]; 1771 BUG_ON(!upper); 1772 1773 if (upper->attribute) { 1774 pr_err("SELinux: type %s: " 1775 "bounded by attribute %s\n", 1776 (char *)key, 1777 sym_name(p, SYM_TYPES, upper->value - 1)); 1778 return -EINVAL; 1779 } 1780 } 1781 1782 return 0; 1783 } 1784 1785 static int policydb_bounds_sanity_check(struct policydb *p) 1786 { 1787 int rc; 1788 1789 if (p->policyvers < POLICYDB_VERSION_BOUNDARY) 1790 return 0; 1791 1792 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p); 1793 if (rc) 1794 return rc; 1795 1796 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p); 1797 if (rc) 1798 return rc; 1799 1800 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p); 1801 if (rc) 1802 return rc; 1803 1804 return 0; 1805 } 1806 1807 u16 string_to_security_class(struct policydb *p, const char *name) 1808 { 1809 struct class_datum *cladatum; 1810 1811 cladatum = symtab_search(&p->p_classes, name); 1812 if (!cladatum) 1813 return 0; 1814 1815 return cladatum->value; 1816 } 1817 1818 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) 1819 { 1820 struct class_datum *cladatum; 1821 struct perm_datum *perdatum = NULL; 1822 struct common_datum *comdatum; 1823 1824 if (!tclass || tclass > p->p_classes.nprim) 1825 return 0; 1826 1827 cladatum = p->class_val_to_struct[tclass - 1]; 1828 comdatum = cladatum->comdatum; 1829 if (comdatum) 1830 perdatum = symtab_search(&comdatum->permissions, name); 1831 if (!perdatum) 1832 perdatum = symtab_search(&cladatum->permissions, name); 1833 if (!perdatum) 1834 return 0; 1835 1836 return 1U << (perdatum->value - 1); 1837 } 1838 1839 static int range_read(struct policydb *p, void *fp) 1840 { 1841 struct range_trans *rt = NULL; 1842 struct mls_range *r = NULL; 1843 int rc; 1844 __le32 buf[2]; 1845 u32 i, nel; 1846 1847 if (p->policyvers < POLICYDB_VERSION_MLS) 1848 return 0; 1849 1850 rc = next_entry(buf, fp, sizeof(u32)); 1851 if (rc) 1852 return rc; 1853 1854 nel = le32_to_cpu(buf[0]); 1855 1856 rc = hashtab_init(&p->range_tr, nel); 1857 if (rc) 1858 return rc; 1859 1860 for (i = 0; i < nel; i++) { 1861 rc = -ENOMEM; 1862 rt = kzalloc(sizeof(*rt), GFP_KERNEL); 1863 if (!rt) 1864 goto out; 1865 1866 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1867 if (rc) 1868 goto out; 1869 1870 rt->source_type = le32_to_cpu(buf[0]); 1871 rt->target_type = le32_to_cpu(buf[1]); 1872 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 1873 rc = next_entry(buf, fp, sizeof(u32)); 1874 if (rc) 1875 goto out; 1876 rt->target_class = le32_to_cpu(buf[0]); 1877 } else 1878 rt->target_class = p->process_class; 1879 1880 rc = -EINVAL; 1881 if (!policydb_type_isvalid(p, rt->source_type) || 1882 !policydb_type_isvalid(p, rt->target_type) || 1883 !policydb_class_isvalid(p, rt->target_class)) 1884 goto out; 1885 1886 rc = -ENOMEM; 1887 r = kzalloc(sizeof(*r), GFP_KERNEL); 1888 if (!r) 1889 goto out; 1890 1891 rc = mls_read_range_helper(r, fp); 1892 if (rc) 1893 goto out; 1894 1895 rc = -EINVAL; 1896 if (!mls_range_isvalid(p, r)) { 1897 pr_warn("SELinux: rangetrans: invalid range\n"); 1898 goto out; 1899 } 1900 1901 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params); 1902 if (rc) 1903 goto out; 1904 1905 rt = NULL; 1906 r = NULL; 1907 } 1908 hash_eval(&p->range_tr, "rangetr", NULL); 1909 rc = 0; 1910 out: 1911 kfree(rt); 1912 kfree(r); 1913 return rc; 1914 } 1915 1916 static int filename_trans_read_helper_compat(struct policydb *p, void *fp) 1917 { 1918 struct filename_trans_key key, *ft = NULL; 1919 struct filename_trans_datum *last, *datum = NULL; 1920 char *name = NULL; 1921 u32 len, stype, otype; 1922 __le32 buf[4]; 1923 int rc; 1924 1925 /* length of the path component string */ 1926 rc = next_entry(buf, fp, sizeof(u32)); 1927 if (rc) 1928 return rc; 1929 len = le32_to_cpu(buf[0]); 1930 1931 /* path component string */ 1932 rc = str_read(&name, GFP_KERNEL, fp, len); 1933 if (rc) 1934 return rc; 1935 1936 rc = next_entry(buf, fp, sizeof(u32) * 4); 1937 if (rc) 1938 goto out; 1939 1940 stype = le32_to_cpu(buf[0]); 1941 key.ttype = le32_to_cpu(buf[1]); 1942 key.tclass = le32_to_cpu(buf[2]); 1943 key.name = name; 1944 1945 otype = le32_to_cpu(buf[3]); 1946 1947 last = NULL; 1948 datum = policydb_filenametr_search(p, &key); 1949 while (datum) { 1950 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { 1951 /* conflicting/duplicate rules are ignored */ 1952 datum = NULL; 1953 rc = 0; 1954 goto out; 1955 } 1956 if (likely(datum->otype == otype)) 1957 break; 1958 last = datum; 1959 datum = datum->next; 1960 } 1961 if (!datum) { 1962 rc = -ENOMEM; 1963 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 1964 if (!datum) 1965 goto out; 1966 1967 ebitmap_init(&datum->stypes); 1968 datum->otype = otype; 1969 datum->next = NULL; 1970 1971 if (unlikely(last)) { 1972 last->next = datum; 1973 } else { 1974 rc = -ENOMEM; 1975 ft = kmemdup(&key, sizeof(key), GFP_KERNEL); 1976 if (!ft) 1977 goto out; 1978 1979 rc = hashtab_insert(&p->filename_trans, ft, datum, 1980 filenametr_key_params); 1981 if (rc) 1982 goto out; 1983 name = NULL; 1984 1985 rc = ebitmap_set_bit(&p->filename_trans_ttypes, 1986 key.ttype, 1); 1987 if (rc) 1988 return rc; 1989 } 1990 } 1991 kfree(name); 1992 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 1993 1994 out: 1995 kfree(ft); 1996 kfree(name); 1997 kfree(datum); 1998 return rc; 1999 } 2000 2001 static int filename_trans_read_helper(struct policydb *p, void *fp) 2002 { 2003 struct filename_trans_key *ft = NULL; 2004 struct filename_trans_datum **dst, *datum, *first = NULL; 2005 char *name = NULL; 2006 u32 len, ttype, tclass, ndatum, i; 2007 __le32 buf[3]; 2008 int rc; 2009 2010 /* length of the path component string */ 2011 rc = next_entry(buf, fp, sizeof(u32)); 2012 if (rc) 2013 return rc; 2014 len = le32_to_cpu(buf[0]); 2015 2016 /* path component string */ 2017 rc = str_read(&name, GFP_KERNEL, fp, len); 2018 if (rc) 2019 return rc; 2020 2021 rc = next_entry(buf, fp, sizeof(u32) * 3); 2022 if (rc) 2023 goto out; 2024 2025 ttype = le32_to_cpu(buf[0]); 2026 tclass = le32_to_cpu(buf[1]); 2027 2028 ndatum = le32_to_cpu(buf[2]); 2029 if (ndatum == 0) { 2030 pr_err("SELinux: Filename transition key with no datum\n"); 2031 rc = -ENOENT; 2032 goto out; 2033 } 2034 2035 dst = &first; 2036 for (i = 0; i < ndatum; i++) { 2037 rc = -ENOMEM; 2038 datum = kmalloc(sizeof(*datum), GFP_KERNEL); 2039 if (!datum) 2040 goto out; 2041 2042 datum->next = NULL; 2043 *dst = datum; 2044 2045 /* ebitmap_read() will at least init the bitmap */ 2046 rc = ebitmap_read(&datum->stypes, fp); 2047 if (rc) 2048 goto out; 2049 2050 rc = next_entry(buf, fp, sizeof(u32)); 2051 if (rc) 2052 goto out; 2053 2054 datum->otype = le32_to_cpu(buf[0]); 2055 2056 dst = &datum->next; 2057 } 2058 2059 rc = -ENOMEM; 2060 ft = kmalloc(sizeof(*ft), GFP_KERNEL); 2061 if (!ft) 2062 goto out; 2063 2064 ft->ttype = ttype; 2065 ft->tclass = tclass; 2066 ft->name = name; 2067 2068 rc = hashtab_insert(&p->filename_trans, ft, first, 2069 filenametr_key_params); 2070 if (rc == -EEXIST) 2071 pr_err("SELinux: Duplicate filename transition key\n"); 2072 if (rc) 2073 goto out; 2074 2075 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1); 2076 2077 out: 2078 kfree(ft); 2079 kfree(name); 2080 while (first) { 2081 datum = first; 2082 first = first->next; 2083 2084 ebitmap_destroy(&datum->stypes); 2085 kfree(datum); 2086 } 2087 return rc; 2088 } 2089 2090 static int filename_trans_read(struct policydb *p, void *fp) 2091 { 2092 u32 nel, i; 2093 __le32 buf[1]; 2094 int rc; 2095 2096 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 2097 return 0; 2098 2099 rc = next_entry(buf, fp, sizeof(u32)); 2100 if (rc) 2101 return rc; 2102 nel = le32_to_cpu(buf[0]); 2103 2104 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2105 p->compat_filename_trans_count = nel; 2106 2107 rc = hashtab_init(&p->filename_trans, (1 << 11)); 2108 if (rc) 2109 return rc; 2110 2111 for (i = 0; i < nel; i++) { 2112 rc = filename_trans_read_helper_compat(p, fp); 2113 if (rc) 2114 return rc; 2115 } 2116 } else { 2117 rc = hashtab_init(&p->filename_trans, nel); 2118 if (rc) 2119 return rc; 2120 2121 for (i = 0; i < nel; i++) { 2122 rc = filename_trans_read_helper(p, fp); 2123 if (rc) 2124 return rc; 2125 } 2126 } 2127 hash_eval(&p->filename_trans, "filenametr", NULL); 2128 return 0; 2129 } 2130 2131 static int genfs_read(struct policydb *p, void *fp) 2132 { 2133 int rc; 2134 u32 i, j, nel, nel2, len, len2; 2135 __le32 buf[1]; 2136 struct ocontext *l, *c; 2137 struct ocontext *newc = NULL; 2138 struct genfs *genfs_p, *genfs; 2139 struct genfs *newgenfs = NULL; 2140 2141 rc = next_entry(buf, fp, sizeof(u32)); 2142 if (rc) 2143 return rc; 2144 nel = le32_to_cpu(buf[0]); 2145 2146 for (i = 0; i < nel; i++) { 2147 rc = next_entry(buf, fp, sizeof(u32)); 2148 if (rc) 2149 goto out; 2150 len = le32_to_cpu(buf[0]); 2151 2152 rc = -ENOMEM; 2153 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); 2154 if (!newgenfs) 2155 goto out; 2156 2157 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); 2158 if (rc) 2159 goto out; 2160 2161 for (genfs_p = NULL, genfs = p->genfs; genfs; 2162 genfs_p = genfs, genfs = genfs->next) { 2163 rc = -EINVAL; 2164 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2165 pr_err("SELinux: dup genfs fstype %s\n", 2166 newgenfs->fstype); 2167 goto out; 2168 } 2169 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2170 break; 2171 } 2172 newgenfs->next = genfs; 2173 if (genfs_p) 2174 genfs_p->next = newgenfs; 2175 else 2176 p->genfs = newgenfs; 2177 genfs = newgenfs; 2178 newgenfs = NULL; 2179 2180 rc = next_entry(buf, fp, sizeof(u32)); 2181 if (rc) 2182 goto out; 2183 2184 nel2 = le32_to_cpu(buf[0]); 2185 for (j = 0; j < nel2; j++) { 2186 rc = next_entry(buf, fp, sizeof(u32)); 2187 if (rc) 2188 goto out; 2189 len = le32_to_cpu(buf[0]); 2190 2191 rc = -ENOMEM; 2192 newc = kzalloc(sizeof(*newc), GFP_KERNEL); 2193 if (!newc) 2194 goto out; 2195 2196 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); 2197 if (rc) 2198 goto out; 2199 2200 rc = next_entry(buf, fp, sizeof(u32)); 2201 if (rc) 2202 goto out; 2203 2204 newc->v.sclass = le32_to_cpu(buf[0]); 2205 rc = context_read_and_validate(&newc->context[0], p, 2206 fp); 2207 if (rc) 2208 goto out; 2209 2210 for (l = NULL, c = genfs->head; c; l = c, c = c->next) { 2211 rc = -EINVAL; 2212 if (!strcmp(newc->u.name, c->u.name) && 2213 (!c->v.sclass || !newc->v.sclass || 2214 newc->v.sclass == c->v.sclass)) { 2215 pr_err("SELinux: dup genfs entry (%s,%s)\n", 2216 genfs->fstype, c->u.name); 2217 goto out; 2218 } 2219 len = strlen(newc->u.name); 2220 len2 = strlen(c->u.name); 2221 if (len > len2) 2222 break; 2223 } 2224 2225 newc->next = c; 2226 if (l) 2227 l->next = newc; 2228 else 2229 genfs->head = newc; 2230 newc = NULL; 2231 } 2232 } 2233 rc = 0; 2234 out: 2235 if (newgenfs) { 2236 kfree(newgenfs->fstype); 2237 kfree(newgenfs); 2238 } 2239 ocontext_destroy(newc, OCON_FSUSE); 2240 2241 return rc; 2242 } 2243 2244 static int ocontext_read(struct policydb *p, 2245 const struct policydb_compat_info *info, void *fp) 2246 { 2247 int rc; 2248 unsigned int i; 2249 u32 j, nel, len; 2250 __be64 prefixbuf[1]; 2251 __le32 buf[3]; 2252 struct ocontext *l, *c; 2253 u32 nodebuf[8]; 2254 2255 for (i = 0; i < info->ocon_num; i++) { 2256 rc = next_entry(buf, fp, sizeof(u32)); 2257 if (rc) 2258 goto out; 2259 nel = le32_to_cpu(buf[0]); 2260 2261 l = NULL; 2262 for (j = 0; j < nel; j++) { 2263 rc = -ENOMEM; 2264 c = kzalloc(sizeof(*c), GFP_KERNEL); 2265 if (!c) 2266 goto out; 2267 if (l) 2268 l->next = c; 2269 else 2270 p->ocontexts[i] = c; 2271 l = c; 2272 2273 switch (i) { 2274 case OCON_ISID: 2275 rc = next_entry(buf, fp, sizeof(u32)); 2276 if (rc) 2277 goto out; 2278 2279 c->sid[0] = le32_to_cpu(buf[0]); 2280 rc = context_read_and_validate(&c->context[0], 2281 p, fp); 2282 if (rc) 2283 goto out; 2284 break; 2285 case OCON_FS: 2286 case OCON_NETIF: 2287 rc = next_entry(buf, fp, sizeof(u32)); 2288 if (rc) 2289 goto out; 2290 len = le32_to_cpu(buf[0]); 2291 2292 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2293 if (rc) 2294 goto out; 2295 2296 if (i == OCON_FS) 2297 pr_warn("SELinux: void and deprecated fs ocon %s\n", 2298 c->u.name); 2299 2300 rc = context_read_and_validate(&c->context[0], 2301 p, fp); 2302 if (rc) 2303 goto out; 2304 rc = context_read_and_validate(&c->context[1], 2305 p, fp); 2306 if (rc) 2307 goto out; 2308 break; 2309 case OCON_PORT: 2310 rc = next_entry(buf, fp, sizeof(u32) * 3); 2311 if (rc) 2312 goto out; 2313 c->u.port.protocol = le32_to_cpu(buf[0]); 2314 c->u.port.low_port = le32_to_cpu(buf[1]); 2315 c->u.port.high_port = le32_to_cpu(buf[2]); 2316 rc = context_read_and_validate(&c->context[0], 2317 p, fp); 2318 if (rc) 2319 goto out; 2320 break; 2321 case OCON_NODE: 2322 rc = next_entry(nodebuf, fp, sizeof(u32) * 2); 2323 if (rc) 2324 goto out; 2325 c->u.node.addr = nodebuf[0]; /* network order */ 2326 c->u.node.mask = nodebuf[1]; /* network order */ 2327 rc = context_read_and_validate(&c->context[0], 2328 p, fp); 2329 if (rc) 2330 goto out; 2331 break; 2332 case OCON_FSUSE: 2333 rc = next_entry(buf, fp, sizeof(u32) * 2); 2334 if (rc) 2335 goto out; 2336 2337 rc = -EINVAL; 2338 c->v.behavior = le32_to_cpu(buf[0]); 2339 /* Determined at runtime, not in policy DB. */ 2340 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) 2341 goto out; 2342 if (c->v.behavior > SECURITY_FS_USE_MAX) 2343 goto out; 2344 2345 len = le32_to_cpu(buf[1]); 2346 rc = str_read(&c->u.name, GFP_KERNEL, fp, len); 2347 if (rc) 2348 goto out; 2349 2350 rc = context_read_and_validate(&c->context[0], 2351 p, fp); 2352 if (rc) 2353 goto out; 2354 break; 2355 case OCON_NODE6: { 2356 int k; 2357 2358 rc = next_entry(nodebuf, fp, sizeof(u32) * 8); 2359 if (rc) 2360 goto out; 2361 for (k = 0; k < 4; k++) 2362 c->u.node6.addr[k] = nodebuf[k]; 2363 for (k = 0; k < 4; k++) 2364 c->u.node6.mask[k] = nodebuf[k + 4]; 2365 rc = context_read_and_validate(&c->context[0], 2366 p, fp); 2367 if (rc) 2368 goto out; 2369 break; 2370 } 2371 case OCON_IBPKEY: { 2372 u32 pkey_lo, pkey_hi; 2373 2374 rc = next_entry(prefixbuf, fp, sizeof(u64)); 2375 if (rc) 2376 goto out; 2377 2378 /* we need to have subnet_prefix in CPU order */ 2379 c->u.ibpkey.subnet_prefix = 2380 be64_to_cpu(prefixbuf[0]); 2381 2382 rc = next_entry(buf, fp, sizeof(u32) * 2); 2383 if (rc) 2384 goto out; 2385 2386 pkey_lo = le32_to_cpu(buf[0]); 2387 pkey_hi = le32_to_cpu(buf[1]); 2388 2389 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { 2390 rc = -EINVAL; 2391 goto out; 2392 } 2393 2394 c->u.ibpkey.low_pkey = pkey_lo; 2395 c->u.ibpkey.high_pkey = pkey_hi; 2396 2397 rc = context_read_and_validate(&c->context[0], 2398 p, fp); 2399 if (rc) 2400 goto out; 2401 break; 2402 } 2403 case OCON_IBENDPORT: { 2404 u32 port; 2405 2406 rc = next_entry(buf, fp, sizeof(u32) * 2); 2407 if (rc) 2408 goto out; 2409 len = le32_to_cpu(buf[0]); 2410 2411 rc = str_read(&c->u.ibendport.dev_name, 2412 GFP_KERNEL, fp, len); 2413 if (rc) 2414 goto out; 2415 2416 port = le32_to_cpu(buf[1]); 2417 if (port > U8_MAX || port == 0) { 2418 rc = -EINVAL; 2419 goto out; 2420 } 2421 2422 c->u.ibendport.port = port; 2423 2424 rc = context_read_and_validate(&c->context[0], 2425 p, fp); 2426 if (rc) 2427 goto out; 2428 break; 2429 } /* end case */ 2430 } /* end switch */ 2431 } 2432 } 2433 rc = 0; 2434 out: 2435 return rc; 2436 } 2437 2438 /* 2439 * Read the configuration data from a policy database binary 2440 * representation file into a policy database structure. 2441 */ 2442 int policydb_read(struct policydb *p, void *fp) 2443 { 2444 struct role_allow *ra, *lra; 2445 struct role_trans_key *rtk = NULL; 2446 struct role_trans_datum *rtd = NULL; 2447 int rc; 2448 __le32 buf[4]; 2449 u32 i, j, len, nprim, nel, perm; 2450 2451 char *policydb_str; 2452 const struct policydb_compat_info *info; 2453 2454 policydb_init(p); 2455 2456 /* Read the magic number and string length. */ 2457 rc = next_entry(buf, fp, sizeof(u32) * 2); 2458 if (rc) 2459 goto bad; 2460 2461 rc = -EINVAL; 2462 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { 2463 pr_err("SELinux: policydb magic number 0x%x does " 2464 "not match expected magic number 0x%x\n", 2465 le32_to_cpu(buf[0]), POLICYDB_MAGIC); 2466 goto bad; 2467 } 2468 2469 rc = -EINVAL; 2470 len = le32_to_cpu(buf[1]); 2471 if (len != strlen(POLICYDB_STRING)) { 2472 pr_err("SELinux: policydb string length %d does not " 2473 "match expected length %zu\n", 2474 len, strlen(POLICYDB_STRING)); 2475 goto bad; 2476 } 2477 2478 rc = -ENOMEM; 2479 policydb_str = kmalloc(len + 1, GFP_KERNEL); 2480 if (!policydb_str) { 2481 pr_err("SELinux: unable to allocate memory for policydb " 2482 "string of length %d\n", 2483 len); 2484 goto bad; 2485 } 2486 2487 rc = next_entry(policydb_str, fp, len); 2488 if (rc) { 2489 pr_err("SELinux: truncated policydb string identifier\n"); 2490 kfree(policydb_str); 2491 goto bad; 2492 } 2493 2494 rc = -EINVAL; 2495 policydb_str[len] = '\0'; 2496 if (strcmp(policydb_str, POLICYDB_STRING)) { 2497 pr_err("SELinux: policydb string %s does not match " 2498 "my string %s\n", 2499 policydb_str, POLICYDB_STRING); 2500 kfree(policydb_str); 2501 goto bad; 2502 } 2503 /* Done with policydb_str. */ 2504 kfree(policydb_str); 2505 policydb_str = NULL; 2506 2507 /* Read the version and table sizes. */ 2508 rc = next_entry(buf, fp, sizeof(u32) * 4); 2509 if (rc) 2510 goto bad; 2511 2512 rc = -EINVAL; 2513 p->policyvers = le32_to_cpu(buf[0]); 2514 if (p->policyvers < POLICYDB_VERSION_MIN || 2515 p->policyvers > POLICYDB_VERSION_MAX) { 2516 pr_err("SELinux: policydb version %d does not match " 2517 "my version range %d-%d\n", 2518 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, 2519 POLICYDB_VERSION_MAX); 2520 goto bad; 2521 } 2522 2523 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 2524 p->mls_enabled = 1; 2525 2526 rc = -EINVAL; 2527 if (p->policyvers < POLICYDB_VERSION_MLS) { 2528 pr_err("SELinux: security policydb version %d " 2529 "(MLS) not backwards compatible\n", 2530 p->policyvers); 2531 goto bad; 2532 } 2533 } 2534 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 2535 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 2536 2537 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 2538 rc = ebitmap_read(&p->policycaps, fp); 2539 if (rc) 2540 goto bad; 2541 } 2542 2543 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 2544 rc = ebitmap_read(&p->permissive_map, fp); 2545 if (rc) 2546 goto bad; 2547 } 2548 2549 rc = -EINVAL; 2550 info = policydb_lookup_compat(p->policyvers); 2551 if (!info) { 2552 pr_err("SELinux: unable to find policy compat info " 2553 "for version %d\n", 2554 p->policyvers); 2555 goto bad; 2556 } 2557 2558 rc = -EINVAL; 2559 if (le32_to_cpu(buf[2]) != info->sym_num || 2560 le32_to_cpu(buf[3]) != info->ocon_num) { 2561 pr_err("SELinux: policydb table sizes (%d,%d) do " 2562 "not match mine (%d,%d)\n", 2563 le32_to_cpu(buf[2]), le32_to_cpu(buf[3]), info->sym_num, 2564 info->ocon_num); 2565 goto bad; 2566 } 2567 2568 for (i = 0; i < info->sym_num; i++) { 2569 rc = next_entry(buf, fp, sizeof(u32) * 2); 2570 if (rc) 2571 goto bad; 2572 nprim = le32_to_cpu(buf[0]); 2573 nel = le32_to_cpu(buf[1]); 2574 2575 rc = symtab_init(&p->symtab[i], nel); 2576 if (rc) 2577 goto out; 2578 2579 if (i == SYM_ROLES) { 2580 rc = roles_init(p); 2581 if (rc) 2582 goto out; 2583 } 2584 2585 for (j = 0; j < nel; j++) { 2586 rc = read_f[i](p, &p->symtab[i], fp); 2587 if (rc) 2588 goto bad; 2589 } 2590 2591 p->symtab[i].nprim = nprim; 2592 } 2593 2594 rc = -EINVAL; 2595 p->process_class = string_to_security_class(p, "process"); 2596 if (!p->process_class) { 2597 pr_err("SELinux: process class is required, not defined in policy\n"); 2598 goto bad; 2599 } 2600 2601 rc = avtab_read(&p->te_avtab, fp, p); 2602 if (rc) 2603 goto bad; 2604 2605 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 2606 rc = cond_read_list(p, fp); 2607 if (rc) 2608 goto bad; 2609 } 2610 2611 rc = next_entry(buf, fp, sizeof(u32)); 2612 if (rc) 2613 goto bad; 2614 nel = le32_to_cpu(buf[0]); 2615 2616 rc = hashtab_init(&p->role_tr, nel); 2617 if (rc) 2618 goto bad; 2619 for (i = 0; i < nel; i++) { 2620 rc = -ENOMEM; 2621 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); 2622 if (!rtk) 2623 goto bad; 2624 2625 rc = -ENOMEM; 2626 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); 2627 if (!rtd) 2628 goto bad; 2629 2630 rc = next_entry(buf, fp, sizeof(u32) * 3); 2631 if (rc) 2632 goto bad; 2633 2634 rtk->role = le32_to_cpu(buf[0]); 2635 rtk->type = le32_to_cpu(buf[1]); 2636 rtd->new_role = le32_to_cpu(buf[2]); 2637 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2638 rc = next_entry(buf, fp, sizeof(u32)); 2639 if (rc) 2640 goto bad; 2641 rtk->tclass = le32_to_cpu(buf[0]); 2642 } else 2643 rtk->tclass = p->process_class; 2644 2645 rc = -EINVAL; 2646 if (!policydb_role_isvalid(p, rtk->role) || 2647 !policydb_type_isvalid(p, rtk->type) || 2648 !policydb_class_isvalid(p, rtk->tclass) || 2649 !policydb_role_isvalid(p, rtd->new_role)) 2650 goto bad; 2651 2652 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params); 2653 if (rc) 2654 goto bad; 2655 2656 rtk = NULL; 2657 rtd = NULL; 2658 } 2659 2660 hash_eval(&p->role_tr, "roletr", NULL); 2661 2662 rc = next_entry(buf, fp, sizeof(u32)); 2663 if (rc) 2664 goto bad; 2665 nel = le32_to_cpu(buf[0]); 2666 lra = NULL; 2667 for (i = 0; i < nel; i++) { 2668 rc = -ENOMEM; 2669 ra = kzalloc(sizeof(*ra), GFP_KERNEL); 2670 if (!ra) 2671 goto bad; 2672 if (lra) 2673 lra->next = ra; 2674 else 2675 p->role_allow = ra; 2676 rc = next_entry(buf, fp, sizeof(u32) * 2); 2677 if (rc) 2678 goto bad; 2679 2680 rc = -EINVAL; 2681 ra->role = le32_to_cpu(buf[0]); 2682 ra->new_role = le32_to_cpu(buf[1]); 2683 if (!policydb_role_isvalid(p, ra->role) || 2684 !policydb_role_isvalid(p, ra->new_role)) 2685 goto bad; 2686 lra = ra; 2687 } 2688 2689 rc = filename_trans_read(p, fp); 2690 if (rc) 2691 goto bad; 2692 2693 rc = policydb_index(p); 2694 if (rc) 2695 goto bad; 2696 2697 rc = -EINVAL; 2698 perm = string_to_av_perm(p, p->process_class, "transition"); 2699 if (!perm) { 2700 pr_err("SELinux: process transition permission is required, not defined in policy\n"); 2701 goto bad; 2702 } 2703 p->process_trans_perms = perm; 2704 perm = string_to_av_perm(p, p->process_class, "dyntransition"); 2705 if (!perm) { 2706 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n"); 2707 goto bad; 2708 } 2709 p->process_trans_perms |= perm; 2710 2711 rc = ocontext_read(p, info, fp); 2712 if (rc) 2713 goto bad; 2714 2715 rc = genfs_read(p, fp); 2716 if (rc) 2717 goto bad; 2718 2719 rc = range_read(p, fp); 2720 if (rc) 2721 goto bad; 2722 2723 rc = -ENOMEM; 2724 p->type_attr_map_array = kvcalloc( 2725 p->p_types.nprim, sizeof(*p->type_attr_map_array), GFP_KERNEL); 2726 if (!p->type_attr_map_array) 2727 goto bad; 2728 2729 /* just in case ebitmap_init() becomes more than just a memset(0): */ 2730 for (i = 0; i < p->p_types.nprim; i++) 2731 ebitmap_init(&p->type_attr_map_array[i]); 2732 2733 for (i = 0; i < p->p_types.nprim; i++) { 2734 struct ebitmap *e = &p->type_attr_map_array[i]; 2735 2736 if (p->policyvers >= POLICYDB_VERSION_AVTAB) { 2737 rc = ebitmap_read(e, fp); 2738 if (rc) 2739 goto bad; 2740 } 2741 /* add the type itself as the degenerate case */ 2742 rc = ebitmap_set_bit(e, i, 1); 2743 if (rc) 2744 goto bad; 2745 } 2746 2747 rc = policydb_bounds_sanity_check(p); 2748 if (rc) 2749 goto bad; 2750 2751 rc = 0; 2752 out: 2753 return rc; 2754 bad: 2755 kfree(rtk); 2756 kfree(rtd); 2757 policydb_destroy(p); 2758 goto out; 2759 } 2760 2761 /* 2762 * Write a MLS level structure to a policydb binary 2763 * representation file. 2764 */ 2765 static int mls_write_level(struct mls_level *l, void *fp) 2766 { 2767 __le32 buf[1]; 2768 int rc; 2769 2770 buf[0] = cpu_to_le32(l->sens); 2771 rc = put_entry(buf, sizeof(u32), 1, fp); 2772 if (rc) 2773 return rc; 2774 2775 rc = ebitmap_write(&l->cat, fp); 2776 if (rc) 2777 return rc; 2778 2779 return 0; 2780 } 2781 2782 /* 2783 * Write a MLS range structure to a policydb binary 2784 * representation file. 2785 */ 2786 static int mls_write_range_helper(struct mls_range *r, void *fp) 2787 { 2788 __le32 buf[3]; 2789 size_t items; 2790 int rc, eq; 2791 2792 eq = mls_level_eq(&r->level[1], &r->level[0]); 2793 2794 if (eq) 2795 items = 2; 2796 else 2797 items = 3; 2798 buf[0] = cpu_to_le32(items - 1); 2799 buf[1] = cpu_to_le32(r->level[0].sens); 2800 if (!eq) 2801 buf[2] = cpu_to_le32(r->level[1].sens); 2802 2803 BUG_ON(items > ARRAY_SIZE(buf)); 2804 2805 rc = put_entry(buf, sizeof(u32), items, fp); 2806 if (rc) 2807 return rc; 2808 2809 rc = ebitmap_write(&r->level[0].cat, fp); 2810 if (rc) 2811 return rc; 2812 if (!eq) { 2813 rc = ebitmap_write(&r->level[1].cat, fp); 2814 if (rc) 2815 return rc; 2816 } 2817 2818 return 0; 2819 } 2820 2821 static int sens_write(void *vkey, void *datum, void *ptr) 2822 { 2823 char *key = vkey; 2824 struct level_datum *levdatum = datum; 2825 struct policy_data *pd = ptr; 2826 void *fp = pd->fp; 2827 __le32 buf[2]; 2828 size_t len; 2829 int rc; 2830 2831 len = strlen(key); 2832 buf[0] = cpu_to_le32(len); 2833 buf[1] = cpu_to_le32(levdatum->isalias); 2834 rc = put_entry(buf, sizeof(u32), 2, fp); 2835 if (rc) 2836 return rc; 2837 2838 rc = put_entry(key, 1, len, fp); 2839 if (rc) 2840 return rc; 2841 2842 rc = mls_write_level(levdatum->level, fp); 2843 if (rc) 2844 return rc; 2845 2846 return 0; 2847 } 2848 2849 static int cat_write(void *vkey, void *datum, void *ptr) 2850 { 2851 char *key = vkey; 2852 struct cat_datum *catdatum = datum; 2853 struct policy_data *pd = ptr; 2854 void *fp = pd->fp; 2855 __le32 buf[3]; 2856 size_t len; 2857 int rc; 2858 2859 len = strlen(key); 2860 buf[0] = cpu_to_le32(len); 2861 buf[1] = cpu_to_le32(catdatum->value); 2862 buf[2] = cpu_to_le32(catdatum->isalias); 2863 rc = put_entry(buf, sizeof(u32), 3, fp); 2864 if (rc) 2865 return rc; 2866 2867 rc = put_entry(key, 1, len, fp); 2868 if (rc) 2869 return rc; 2870 2871 return 0; 2872 } 2873 2874 static int role_trans_write_one(void *key, void *datum, void *ptr) 2875 { 2876 struct role_trans_key *rtk = key; 2877 struct role_trans_datum *rtd = datum; 2878 struct policy_data *pd = ptr; 2879 void *fp = pd->fp; 2880 struct policydb *p = pd->p; 2881 __le32 buf[3]; 2882 int rc; 2883 2884 buf[0] = cpu_to_le32(rtk->role); 2885 buf[1] = cpu_to_le32(rtk->type); 2886 buf[2] = cpu_to_le32(rtd->new_role); 2887 rc = put_entry(buf, sizeof(u32), 3, fp); 2888 if (rc) 2889 return rc; 2890 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { 2891 buf[0] = cpu_to_le32(rtk->tclass); 2892 rc = put_entry(buf, sizeof(u32), 1, fp); 2893 if (rc) 2894 return rc; 2895 } 2896 return 0; 2897 } 2898 2899 static int role_trans_write(struct policydb *p, void *fp) 2900 { 2901 struct policy_data pd = { .p = p, .fp = fp }; 2902 __le32 buf[1]; 2903 int rc; 2904 2905 buf[0] = cpu_to_le32(p->role_tr.nel); 2906 rc = put_entry(buf, sizeof(u32), 1, fp); 2907 if (rc) 2908 return rc; 2909 2910 return hashtab_map(&p->role_tr, role_trans_write_one, &pd); 2911 } 2912 2913 static int role_allow_write(struct role_allow *r, void *fp) 2914 { 2915 struct role_allow *ra; 2916 __le32 buf[2]; 2917 size_t nel; 2918 int rc; 2919 2920 nel = 0; 2921 for (ra = r; ra; ra = ra->next) 2922 nel++; 2923 buf[0] = cpu_to_le32(nel); 2924 rc = put_entry(buf, sizeof(u32), 1, fp); 2925 if (rc) 2926 return rc; 2927 for (ra = r; ra; ra = ra->next) { 2928 buf[0] = cpu_to_le32(ra->role); 2929 buf[1] = cpu_to_le32(ra->new_role); 2930 rc = put_entry(buf, sizeof(u32), 2, fp); 2931 if (rc) 2932 return rc; 2933 } 2934 return 0; 2935 } 2936 2937 /* 2938 * Write a security context structure 2939 * to a policydb binary representation file. 2940 */ 2941 static int context_write(struct policydb *p, struct context *c, void *fp) 2942 { 2943 int rc; 2944 __le32 buf[3]; 2945 2946 buf[0] = cpu_to_le32(c->user); 2947 buf[1] = cpu_to_le32(c->role); 2948 buf[2] = cpu_to_le32(c->type); 2949 2950 rc = put_entry(buf, sizeof(u32), 3, fp); 2951 if (rc) 2952 return rc; 2953 2954 rc = mls_write_range_helper(&c->range, fp); 2955 if (rc) 2956 return rc; 2957 2958 return 0; 2959 } 2960 2961 /* 2962 * The following *_write functions are used to 2963 * write the symbol data to a policy database 2964 * binary representation file. 2965 */ 2966 2967 static int perm_write(void *vkey, void *datum, void *fp) 2968 { 2969 char *key = vkey; 2970 struct perm_datum *perdatum = datum; 2971 __le32 buf[2]; 2972 size_t len; 2973 int rc; 2974 2975 len = strlen(key); 2976 buf[0] = cpu_to_le32(len); 2977 buf[1] = cpu_to_le32(perdatum->value); 2978 rc = put_entry(buf, sizeof(u32), 2, fp); 2979 if (rc) 2980 return rc; 2981 2982 rc = put_entry(key, 1, len, fp); 2983 if (rc) 2984 return rc; 2985 2986 return 0; 2987 } 2988 2989 static int common_write(void *vkey, void *datum, void *ptr) 2990 { 2991 char *key = vkey; 2992 struct common_datum *comdatum = datum; 2993 struct policy_data *pd = ptr; 2994 void *fp = pd->fp; 2995 __le32 buf[4]; 2996 size_t len; 2997 int rc; 2998 2999 len = strlen(key); 3000 buf[0] = cpu_to_le32(len); 3001 buf[1] = cpu_to_le32(comdatum->value); 3002 buf[2] = cpu_to_le32(comdatum->permissions.nprim); 3003 buf[3] = cpu_to_le32(comdatum->permissions.table.nel); 3004 rc = put_entry(buf, sizeof(u32), 4, fp); 3005 if (rc) 3006 return rc; 3007 3008 rc = put_entry(key, 1, len, fp); 3009 if (rc) 3010 return rc; 3011 3012 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp); 3013 if (rc) 3014 return rc; 3015 3016 return 0; 3017 } 3018 3019 static int type_set_write(struct type_set *t, void *fp) 3020 { 3021 int rc; 3022 __le32 buf[1]; 3023 3024 if (ebitmap_write(&t->types, fp)) 3025 return -EINVAL; 3026 if (ebitmap_write(&t->negset, fp)) 3027 return -EINVAL; 3028 3029 buf[0] = cpu_to_le32(t->flags); 3030 rc = put_entry(buf, sizeof(u32), 1, fp); 3031 if (rc) 3032 return -EINVAL; 3033 3034 return 0; 3035 } 3036 3037 static int write_cons_helper(struct policydb *p, struct constraint_node *node, 3038 void *fp) 3039 { 3040 struct constraint_node *c; 3041 struct constraint_expr *e; 3042 __le32 buf[3]; 3043 u32 nel; 3044 int rc; 3045 3046 for (c = node; c; c = c->next) { 3047 nel = 0; 3048 for (e = c->expr; e; e = e->next) 3049 nel++; 3050 buf[0] = cpu_to_le32(c->permissions); 3051 buf[1] = cpu_to_le32(nel); 3052 rc = put_entry(buf, sizeof(u32), 2, fp); 3053 if (rc) 3054 return rc; 3055 for (e = c->expr; e; e = e->next) { 3056 buf[0] = cpu_to_le32(e->expr_type); 3057 buf[1] = cpu_to_le32(e->attr); 3058 buf[2] = cpu_to_le32(e->op); 3059 rc = put_entry(buf, sizeof(u32), 3, fp); 3060 if (rc) 3061 return rc; 3062 3063 switch (e->expr_type) { 3064 case CEXPR_NAMES: 3065 rc = ebitmap_write(&e->names, fp); 3066 if (rc) 3067 return rc; 3068 if (p->policyvers >= 3069 POLICYDB_VERSION_CONSTRAINT_NAMES) { 3070 rc = type_set_write(e->type_names, fp); 3071 if (rc) 3072 return rc; 3073 } 3074 break; 3075 default: 3076 break; 3077 } 3078 } 3079 } 3080 3081 return 0; 3082 } 3083 3084 static int class_write(void *vkey, void *datum, void *ptr) 3085 { 3086 char *key = vkey; 3087 struct class_datum *cladatum = datum; 3088 struct policy_data *pd = ptr; 3089 void *fp = pd->fp; 3090 struct policydb *p = pd->p; 3091 struct constraint_node *c; 3092 __le32 buf[6]; 3093 u32 ncons; 3094 size_t len, len2; 3095 int rc; 3096 3097 len = strlen(key); 3098 if (cladatum->comkey) 3099 len2 = strlen(cladatum->comkey); 3100 else 3101 len2 = 0; 3102 3103 ncons = 0; 3104 for (c = cladatum->constraints; c; c = c->next) 3105 ncons++; 3106 3107 buf[0] = cpu_to_le32(len); 3108 buf[1] = cpu_to_le32(len2); 3109 buf[2] = cpu_to_le32(cladatum->value); 3110 buf[3] = cpu_to_le32(cladatum->permissions.nprim); 3111 buf[4] = cpu_to_le32(cladatum->permissions.table.nel); 3112 buf[5] = cpu_to_le32(ncons); 3113 rc = put_entry(buf, sizeof(u32), 6, fp); 3114 if (rc) 3115 return rc; 3116 3117 rc = put_entry(key, 1, len, fp); 3118 if (rc) 3119 return rc; 3120 3121 if (cladatum->comkey) { 3122 rc = put_entry(cladatum->comkey, 1, len2, fp); 3123 if (rc) 3124 return rc; 3125 } 3126 3127 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp); 3128 if (rc) 3129 return rc; 3130 3131 rc = write_cons_helper(p, cladatum->constraints, fp); 3132 if (rc) 3133 return rc; 3134 3135 /* write out the validatetrans rule */ 3136 ncons = 0; 3137 for (c = cladatum->validatetrans; c; c = c->next) 3138 ncons++; 3139 3140 buf[0] = cpu_to_le32(ncons); 3141 rc = put_entry(buf, sizeof(u32), 1, fp); 3142 if (rc) 3143 return rc; 3144 3145 rc = write_cons_helper(p, cladatum->validatetrans, fp); 3146 if (rc) 3147 return rc; 3148 3149 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { 3150 buf[0] = cpu_to_le32(cladatum->default_user); 3151 buf[1] = cpu_to_le32(cladatum->default_role); 3152 buf[2] = cpu_to_le32(cladatum->default_range); 3153 3154 rc = put_entry(buf, sizeof(uint32_t), 3, fp); 3155 if (rc) 3156 return rc; 3157 } 3158 3159 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { 3160 buf[0] = cpu_to_le32(cladatum->default_type); 3161 rc = put_entry(buf, sizeof(uint32_t), 1, fp); 3162 if (rc) 3163 return rc; 3164 } 3165 3166 return 0; 3167 } 3168 3169 static int role_write(void *vkey, void *datum, void *ptr) 3170 { 3171 char *key = vkey; 3172 struct role_datum *role = datum; 3173 struct policy_data *pd = ptr; 3174 void *fp = pd->fp; 3175 struct policydb *p = pd->p; 3176 __le32 buf[3]; 3177 size_t items, len; 3178 int rc; 3179 3180 len = strlen(key); 3181 items = 0; 3182 buf[items++] = cpu_to_le32(len); 3183 buf[items++] = cpu_to_le32(role->value); 3184 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3185 buf[items++] = cpu_to_le32(role->bounds); 3186 3187 BUG_ON(items > ARRAY_SIZE(buf)); 3188 3189 rc = put_entry(buf, sizeof(u32), items, fp); 3190 if (rc) 3191 return rc; 3192 3193 rc = put_entry(key, 1, len, fp); 3194 if (rc) 3195 return rc; 3196 3197 rc = ebitmap_write(&role->dominates, fp); 3198 if (rc) 3199 return rc; 3200 3201 rc = ebitmap_write(&role->types, fp); 3202 if (rc) 3203 return rc; 3204 3205 return 0; 3206 } 3207 3208 static int type_write(void *vkey, void *datum, void *ptr) 3209 { 3210 char *key = vkey; 3211 struct type_datum *typdatum = datum; 3212 struct policy_data *pd = ptr; 3213 struct policydb *p = pd->p; 3214 void *fp = pd->fp; 3215 __le32 buf[4]; 3216 int rc; 3217 size_t items, len; 3218 3219 len = strlen(key); 3220 items = 0; 3221 buf[items++] = cpu_to_le32(len); 3222 buf[items++] = cpu_to_le32(typdatum->value); 3223 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { 3224 u32 properties = 0; 3225 3226 if (typdatum->primary) 3227 properties |= TYPEDATUM_PROPERTY_PRIMARY; 3228 3229 if (typdatum->attribute) 3230 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; 3231 3232 buf[items++] = cpu_to_le32(properties); 3233 buf[items++] = cpu_to_le32(typdatum->bounds); 3234 } else { 3235 buf[items++] = cpu_to_le32(typdatum->primary); 3236 } 3237 BUG_ON(items > ARRAY_SIZE(buf)); 3238 rc = put_entry(buf, sizeof(u32), items, fp); 3239 if (rc) 3240 return rc; 3241 3242 rc = put_entry(key, 1, len, fp); 3243 if (rc) 3244 return rc; 3245 3246 return 0; 3247 } 3248 3249 static int user_write(void *vkey, void *datum, void *ptr) 3250 { 3251 char *key = vkey; 3252 struct user_datum *usrdatum = datum; 3253 struct policy_data *pd = ptr; 3254 struct policydb *p = pd->p; 3255 void *fp = pd->fp; 3256 __le32 buf[3]; 3257 size_t items, len; 3258 int rc; 3259 3260 len = strlen(key); 3261 items = 0; 3262 buf[items++] = cpu_to_le32(len); 3263 buf[items++] = cpu_to_le32(usrdatum->value); 3264 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) 3265 buf[items++] = cpu_to_le32(usrdatum->bounds); 3266 BUG_ON(items > ARRAY_SIZE(buf)); 3267 rc = put_entry(buf, sizeof(u32), items, fp); 3268 if (rc) 3269 return rc; 3270 3271 rc = put_entry(key, 1, len, fp); 3272 if (rc) 3273 return rc; 3274 3275 rc = ebitmap_write(&usrdatum->roles, fp); 3276 if (rc) 3277 return rc; 3278 3279 rc = mls_write_range_helper(&usrdatum->range, fp); 3280 if (rc) 3281 return rc; 3282 3283 rc = mls_write_level(&usrdatum->dfltlevel, fp); 3284 if (rc) 3285 return rc; 3286 3287 return 0; 3288 } 3289 3290 /* clang-format off */ 3291 static int (*const write_f[SYM_NUM])(void *key, void *datum, void *datap) = { 3292 common_write, 3293 class_write, 3294 role_write, 3295 type_write, 3296 user_write, 3297 cond_write_bool, 3298 sens_write, 3299 cat_write, 3300 }; 3301 /* clang-format on */ 3302 3303 static int ocontext_write(struct policydb *p, 3304 const struct policydb_compat_info *info, void *fp) 3305 { 3306 unsigned int i, j; 3307 int rc; 3308 size_t nel, len; 3309 __be64 prefixbuf[1]; 3310 __le32 buf[3]; 3311 u32 nodebuf[8]; 3312 struct ocontext *c; 3313 for (i = 0; i < info->ocon_num; i++) { 3314 nel = 0; 3315 for (c = p->ocontexts[i]; c; c = c->next) 3316 nel++; 3317 buf[0] = cpu_to_le32(nel); 3318 rc = put_entry(buf, sizeof(u32), 1, fp); 3319 if (rc) 3320 return rc; 3321 for (c = p->ocontexts[i]; c; c = c->next) { 3322 switch (i) { 3323 case OCON_ISID: 3324 buf[0] = cpu_to_le32(c->sid[0]); 3325 rc = put_entry(buf, sizeof(u32), 1, fp); 3326 if (rc) 3327 return rc; 3328 rc = context_write(p, &c->context[0], fp); 3329 if (rc) 3330 return rc; 3331 break; 3332 case OCON_FS: 3333 case OCON_NETIF: 3334 len = strlen(c->u.name); 3335 buf[0] = cpu_to_le32(len); 3336 rc = put_entry(buf, sizeof(u32), 1, fp); 3337 if (rc) 3338 return rc; 3339 rc = put_entry(c->u.name, 1, len, fp); 3340 if (rc) 3341 return rc; 3342 rc = context_write(p, &c->context[0], fp); 3343 if (rc) 3344 return rc; 3345 rc = context_write(p, &c->context[1], fp); 3346 if (rc) 3347 return rc; 3348 break; 3349 case OCON_PORT: 3350 buf[0] = cpu_to_le32(c->u.port.protocol); 3351 buf[1] = cpu_to_le32(c->u.port.low_port); 3352 buf[2] = cpu_to_le32(c->u.port.high_port); 3353 rc = put_entry(buf, sizeof(u32), 3, fp); 3354 if (rc) 3355 return rc; 3356 rc = context_write(p, &c->context[0], fp); 3357 if (rc) 3358 return rc; 3359 break; 3360 case OCON_NODE: 3361 nodebuf[0] = c->u.node.addr; /* network order */ 3362 nodebuf[1] = c->u.node.mask; /* network order */ 3363 rc = put_entry(nodebuf, sizeof(u32), 2, fp); 3364 if (rc) 3365 return rc; 3366 rc = context_write(p, &c->context[0], fp); 3367 if (rc) 3368 return rc; 3369 break; 3370 case OCON_FSUSE: 3371 buf[0] = cpu_to_le32(c->v.behavior); 3372 len = strlen(c->u.name); 3373 buf[1] = cpu_to_le32(len); 3374 rc = put_entry(buf, sizeof(u32), 2, fp); 3375 if (rc) 3376 return rc; 3377 rc = put_entry(c->u.name, 1, len, fp); 3378 if (rc) 3379 return rc; 3380 rc = context_write(p, &c->context[0], fp); 3381 if (rc) 3382 return rc; 3383 break; 3384 case OCON_NODE6: 3385 for (j = 0; j < 4; j++) 3386 nodebuf[j] = 3387 c->u.node6.addr 3388 [j]; /* network order */ 3389 for (j = 0; j < 4; j++) 3390 nodebuf[j + 4] = 3391 c->u.node6.mask 3392 [j]; /* network order */ 3393 rc = put_entry(nodebuf, sizeof(u32), 8, fp); 3394 if (rc) 3395 return rc; 3396 rc = context_write(p, &c->context[0], fp); 3397 if (rc) 3398 return rc; 3399 break; 3400 case OCON_IBPKEY: 3401 /* subnet_prefix is in CPU order */ 3402 prefixbuf[0] = 3403 cpu_to_be64(c->u.ibpkey.subnet_prefix); 3404 3405 rc = put_entry(prefixbuf, sizeof(u64), 1, fp); 3406 if (rc) 3407 return rc; 3408 3409 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); 3410 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); 3411 3412 rc = put_entry(buf, sizeof(u32), 2, fp); 3413 if (rc) 3414 return rc; 3415 rc = context_write(p, &c->context[0], fp); 3416 if (rc) 3417 return rc; 3418 break; 3419 case OCON_IBENDPORT: 3420 len = strlen(c->u.ibendport.dev_name); 3421 buf[0] = cpu_to_le32(len); 3422 buf[1] = cpu_to_le32(c->u.ibendport.port); 3423 rc = put_entry(buf, sizeof(u32), 2, fp); 3424 if (rc) 3425 return rc; 3426 rc = put_entry(c->u.ibendport.dev_name, 1, len, 3427 fp); 3428 if (rc) 3429 return rc; 3430 rc = context_write(p, &c->context[0], fp); 3431 if (rc) 3432 return rc; 3433 break; 3434 } 3435 } 3436 } 3437 return 0; 3438 } 3439 3440 static int genfs_write(struct policydb *p, void *fp) 3441 { 3442 struct genfs *genfs; 3443 struct ocontext *c; 3444 size_t len; 3445 __le32 buf[1]; 3446 int rc; 3447 3448 len = 0; 3449 for (genfs = p->genfs; genfs; genfs = genfs->next) 3450 len++; 3451 buf[0] = cpu_to_le32(len); 3452 rc = put_entry(buf, sizeof(u32), 1, fp); 3453 if (rc) 3454 return rc; 3455 for (genfs = p->genfs; genfs; genfs = genfs->next) { 3456 len = strlen(genfs->fstype); 3457 buf[0] = cpu_to_le32(len); 3458 rc = put_entry(buf, sizeof(u32), 1, fp); 3459 if (rc) 3460 return rc; 3461 rc = put_entry(genfs->fstype, 1, len, fp); 3462 if (rc) 3463 return rc; 3464 len = 0; 3465 for (c = genfs->head; c; c = c->next) 3466 len++; 3467 buf[0] = cpu_to_le32(len); 3468 rc = put_entry(buf, sizeof(u32), 1, fp); 3469 if (rc) 3470 return rc; 3471 for (c = genfs->head; c; c = c->next) { 3472 len = strlen(c->u.name); 3473 buf[0] = cpu_to_le32(len); 3474 rc = put_entry(buf, sizeof(u32), 1, fp); 3475 if (rc) 3476 return rc; 3477 rc = put_entry(c->u.name, 1, len, fp); 3478 if (rc) 3479 return rc; 3480 buf[0] = cpu_to_le32(c->v.sclass); 3481 rc = put_entry(buf, sizeof(u32), 1, fp); 3482 if (rc) 3483 return rc; 3484 rc = context_write(p, &c->context[0], fp); 3485 if (rc) 3486 return rc; 3487 } 3488 } 3489 return 0; 3490 } 3491 3492 static int range_write_helper(void *key, void *data, void *ptr) 3493 { 3494 __le32 buf[2]; 3495 struct range_trans *rt = key; 3496 struct mls_range *r = data; 3497 struct policy_data *pd = ptr; 3498 void *fp = pd->fp; 3499 struct policydb *p = pd->p; 3500 int rc; 3501 3502 buf[0] = cpu_to_le32(rt->source_type); 3503 buf[1] = cpu_to_le32(rt->target_type); 3504 rc = put_entry(buf, sizeof(u32), 2, fp); 3505 if (rc) 3506 return rc; 3507 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { 3508 buf[0] = cpu_to_le32(rt->target_class); 3509 rc = put_entry(buf, sizeof(u32), 1, fp); 3510 if (rc) 3511 return rc; 3512 } 3513 rc = mls_write_range_helper(r, fp); 3514 if (rc) 3515 return rc; 3516 3517 return 0; 3518 } 3519 3520 static int range_write(struct policydb *p, void *fp) 3521 { 3522 __le32 buf[1]; 3523 int rc; 3524 struct policy_data pd; 3525 3526 pd.p = p; 3527 pd.fp = fp; 3528 3529 buf[0] = cpu_to_le32(p->range_tr.nel); 3530 rc = put_entry(buf, sizeof(u32), 1, fp); 3531 if (rc) 3532 return rc; 3533 3534 /* actually write all of the entries */ 3535 rc = hashtab_map(&p->range_tr, range_write_helper, &pd); 3536 if (rc) 3537 return rc; 3538 3539 return 0; 3540 } 3541 3542 static int filename_write_helper_compat(void *key, void *data, void *ptr) 3543 { 3544 struct filename_trans_key *ft = key; 3545 struct filename_trans_datum *datum = data; 3546 struct ebitmap_node *node; 3547 void *fp = ptr; 3548 __le32 buf[4]; 3549 int rc; 3550 u32 bit, len = strlen(ft->name); 3551 3552 do { 3553 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) 3554 { 3555 buf[0] = cpu_to_le32(len); 3556 rc = put_entry(buf, sizeof(u32), 1, fp); 3557 if (rc) 3558 return rc; 3559 3560 rc = put_entry(ft->name, sizeof(char), len, fp); 3561 if (rc) 3562 return rc; 3563 3564 buf[0] = cpu_to_le32(bit + 1); 3565 buf[1] = cpu_to_le32(ft->ttype); 3566 buf[2] = cpu_to_le32(ft->tclass); 3567 buf[3] = cpu_to_le32(datum->otype); 3568 3569 rc = put_entry(buf, sizeof(u32), 4, fp); 3570 if (rc) 3571 return rc; 3572 } 3573 3574 datum = datum->next; 3575 } while (unlikely(datum)); 3576 3577 return 0; 3578 } 3579 3580 static int filename_write_helper(void *key, void *data, void *ptr) 3581 { 3582 struct filename_trans_key *ft = key; 3583 struct filename_trans_datum *datum; 3584 void *fp = ptr; 3585 __le32 buf[3]; 3586 int rc; 3587 u32 ndatum, len = strlen(ft->name); 3588 3589 buf[0] = cpu_to_le32(len); 3590 rc = put_entry(buf, sizeof(u32), 1, fp); 3591 if (rc) 3592 return rc; 3593 3594 rc = put_entry(ft->name, sizeof(char), len, fp); 3595 if (rc) 3596 return rc; 3597 3598 ndatum = 0; 3599 datum = data; 3600 do { 3601 ndatum++; 3602 datum = datum->next; 3603 } while (unlikely(datum)); 3604 3605 buf[0] = cpu_to_le32(ft->ttype); 3606 buf[1] = cpu_to_le32(ft->tclass); 3607 buf[2] = cpu_to_le32(ndatum); 3608 rc = put_entry(buf, sizeof(u32), 3, fp); 3609 if (rc) 3610 return rc; 3611 3612 datum = data; 3613 do { 3614 rc = ebitmap_write(&datum->stypes, fp); 3615 if (rc) 3616 return rc; 3617 3618 buf[0] = cpu_to_le32(datum->otype); 3619 rc = put_entry(buf, sizeof(u32), 1, fp); 3620 if (rc) 3621 return rc; 3622 3623 datum = datum->next; 3624 } while (unlikely(datum)); 3625 3626 return 0; 3627 } 3628 3629 static int filename_trans_write(struct policydb *p, void *fp) 3630 { 3631 __le32 buf[1]; 3632 int rc; 3633 3634 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) 3635 return 0; 3636 3637 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 3638 buf[0] = cpu_to_le32(p->compat_filename_trans_count); 3639 rc = put_entry(buf, sizeof(u32), 1, fp); 3640 if (rc) 3641 return rc; 3642 3643 rc = hashtab_map(&p->filename_trans, 3644 filename_write_helper_compat, fp); 3645 } else { 3646 buf[0] = cpu_to_le32(p->filename_trans.nel); 3647 rc = put_entry(buf, sizeof(u32), 1, fp); 3648 if (rc) 3649 return rc; 3650 3651 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp); 3652 } 3653 return rc; 3654 } 3655 3656 /* 3657 * Write the configuration data in a policy database 3658 * structure to a policy database binary representation 3659 * file. 3660 */ 3661 int policydb_write(struct policydb *p, void *fp) 3662 { 3663 unsigned int num_syms; 3664 int rc; 3665 __le32 buf[4]; 3666 u32 config, i; 3667 size_t len; 3668 const struct policydb_compat_info *info; 3669 3670 /* 3671 * refuse to write policy older than compressed avtab 3672 * to simplify the writer. There are other tests dropped 3673 * since we assume this throughout the writer code. Be 3674 * careful if you ever try to remove this restriction 3675 */ 3676 if (p->policyvers < POLICYDB_VERSION_AVTAB) { 3677 pr_err("SELinux: refusing to write policy version %d." 3678 " Because it is less than version %d\n", 3679 p->policyvers, POLICYDB_VERSION_AVTAB); 3680 return -EINVAL; 3681 } 3682 3683 config = 0; 3684 if (p->mls_enabled) 3685 config |= POLICYDB_CONFIG_MLS; 3686 3687 if (p->reject_unknown) 3688 config |= REJECT_UNKNOWN; 3689 if (p->allow_unknown) 3690 config |= ALLOW_UNKNOWN; 3691 3692 /* Write the magic number and string identifiers. */ 3693 buf[0] = cpu_to_le32(POLICYDB_MAGIC); 3694 len = strlen(POLICYDB_STRING); 3695 buf[1] = cpu_to_le32(len); 3696 rc = put_entry(buf, sizeof(u32), 2, fp); 3697 if (rc) 3698 return rc; 3699 rc = put_entry(POLICYDB_STRING, 1, len, fp); 3700 if (rc) 3701 return rc; 3702 3703 /* Write the version, config, and table sizes. */ 3704 info = policydb_lookup_compat(p->policyvers); 3705 if (!info) { 3706 pr_err("SELinux: compatibility lookup failed for policy " 3707 "version %d\n", 3708 p->policyvers); 3709 return -EINVAL; 3710 } 3711 3712 buf[0] = cpu_to_le32(p->policyvers); 3713 buf[1] = cpu_to_le32(config); 3714 buf[2] = cpu_to_le32(info->sym_num); 3715 buf[3] = cpu_to_le32(info->ocon_num); 3716 3717 rc = put_entry(buf, sizeof(u32), 4, fp); 3718 if (rc) 3719 return rc; 3720 3721 if (p->policyvers >= POLICYDB_VERSION_POLCAP) { 3722 rc = ebitmap_write(&p->policycaps, fp); 3723 if (rc) 3724 return rc; 3725 } 3726 3727 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { 3728 rc = ebitmap_write(&p->permissive_map, fp); 3729 if (rc) 3730 return rc; 3731 } 3732 3733 num_syms = info->sym_num; 3734 for (i = 0; i < num_syms; i++) { 3735 struct policy_data pd; 3736 3737 pd.fp = fp; 3738 pd.p = p; 3739 3740 buf[0] = cpu_to_le32(p->symtab[i].nprim); 3741 buf[1] = cpu_to_le32(p->symtab[i].table.nel); 3742 3743 rc = put_entry(buf, sizeof(u32), 2, fp); 3744 if (rc) 3745 return rc; 3746 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd); 3747 if (rc) 3748 return rc; 3749 } 3750 3751 rc = avtab_write(p, &p->te_avtab, fp); 3752 if (rc) 3753 return rc; 3754 3755 rc = cond_write_list(p, fp); 3756 if (rc) 3757 return rc; 3758 3759 rc = role_trans_write(p, fp); 3760 if (rc) 3761 return rc; 3762 3763 rc = role_allow_write(p->role_allow, fp); 3764 if (rc) 3765 return rc; 3766 3767 rc = filename_trans_write(p, fp); 3768 if (rc) 3769 return rc; 3770 3771 rc = ocontext_write(p, info, fp); 3772 if (rc) 3773 return rc; 3774 3775 rc = genfs_write(p, fp); 3776 if (rc) 3777 return rc; 3778 3779 rc = range_write(p, fp); 3780 if (rc) 3781 return rc; 3782 3783 for (i = 0; i < p->p_types.nprim; i++) { 3784 struct ebitmap *e = &p->type_attr_map_array[i]; 3785 3786 rc = ebitmap_write(e, fp); 3787 if (rc) 3788 return rc; 3789 } 3790 3791 return 0; 3792 } 3793