1 /* 2 * Implementation of the policy database. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 */ 6 7 /* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * 14 * Added conditional policy language extensions 15 * 16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 18 * This program is free software; you can redistribute it and/or modify 19 * it under the terms of the GNU General Public License as published by 20 * the Free Software Foundation, version 2. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/slab.h> 25 #include <linux/string.h> 26 #include <linux/errno.h> 27 #include "security.h" 28 29 #include "policydb.h" 30 #include "conditional.h" 31 #include "mls.h" 32 33 #define _DEBUG_HASHES 34 35 #ifdef DEBUG_HASHES 36 static char *symtab_name[SYM_NUM] = { 37 "common prefixes", 38 "classes", 39 "roles", 40 "types", 41 "users", 42 "bools", 43 "levels", 44 "categories", 45 }; 46 #endif 47 48 int selinux_mls_enabled = 0; 49 50 static unsigned int symtab_sizes[SYM_NUM] = { 51 2, 52 32, 53 16, 54 512, 55 128, 56 16, 57 16, 58 16, 59 }; 60 61 struct policydb_compat_info { 62 int version; 63 int sym_num; 64 int ocon_num; 65 }; 66 67 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 68 static struct policydb_compat_info policydb_compat[] = { 69 { 70 .version = POLICYDB_VERSION_BASE, 71 .sym_num = SYM_NUM - 3, 72 .ocon_num = OCON_NUM - 1, 73 }, 74 { 75 .version = POLICYDB_VERSION_BOOL, 76 .sym_num = SYM_NUM - 2, 77 .ocon_num = OCON_NUM - 1, 78 }, 79 { 80 .version = POLICYDB_VERSION_IPV6, 81 .sym_num = SYM_NUM - 2, 82 .ocon_num = OCON_NUM, 83 }, 84 { 85 .version = POLICYDB_VERSION_NLCLASS, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NUM, 88 }, 89 { 90 .version = POLICYDB_VERSION_MLS, 91 .sym_num = SYM_NUM, 92 .ocon_num = OCON_NUM, 93 }, 94 }; 95 96 static struct policydb_compat_info *policydb_lookup_compat(int version) 97 { 98 int i; 99 struct policydb_compat_info *info = NULL; 100 101 for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) { 102 if (policydb_compat[i].version == version) { 103 info = &policydb_compat[i]; 104 break; 105 } 106 } 107 return info; 108 } 109 110 /* 111 * Initialize the role table. 112 */ 113 static int roles_init(struct policydb *p) 114 { 115 char *key = NULL; 116 int rc; 117 struct role_datum *role; 118 119 role = kmalloc(sizeof(*role), GFP_KERNEL); 120 if (!role) { 121 rc = -ENOMEM; 122 goto out; 123 } 124 memset(role, 0, sizeof(*role)); 125 role->value = ++p->p_roles.nprim; 126 if (role->value != OBJECT_R_VAL) { 127 rc = -EINVAL; 128 goto out_free_role; 129 } 130 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); 131 if (!key) { 132 rc = -ENOMEM; 133 goto out_free_role; 134 } 135 strcpy(key, OBJECT_R); 136 rc = hashtab_insert(p->p_roles.table, key, role); 137 if (rc) 138 goto out_free_key; 139 out: 140 return rc; 141 142 out_free_key: 143 kfree(key); 144 out_free_role: 145 kfree(role); 146 goto out; 147 } 148 149 /* 150 * Initialize a policy database structure. 151 */ 152 static int policydb_init(struct policydb *p) 153 { 154 int i, rc; 155 156 memset(p, 0, sizeof(*p)); 157 158 for (i = 0; i < SYM_NUM; i++) { 159 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 160 if (rc) 161 goto out_free_symtab; 162 } 163 164 rc = avtab_init(&p->te_avtab); 165 if (rc) 166 goto out_free_symtab; 167 168 rc = roles_init(p); 169 if (rc) 170 goto out_free_avtab; 171 172 rc = cond_policydb_init(p); 173 if (rc) 174 goto out_free_avtab; 175 176 out: 177 return rc; 178 179 out_free_avtab: 180 avtab_destroy(&p->te_avtab); 181 182 out_free_symtab: 183 for (i = 0; i < SYM_NUM; i++) 184 hashtab_destroy(p->symtab[i].table); 185 goto out; 186 } 187 188 /* 189 * The following *_index functions are used to 190 * define the val_to_name and val_to_struct arrays 191 * in a policy database structure. The val_to_name 192 * arrays are used when converting security context 193 * structures into string representations. The 194 * val_to_struct arrays are used when the attributes 195 * of a class, role, or user are needed. 196 */ 197 198 static int common_index(void *key, void *datum, void *datap) 199 { 200 struct policydb *p; 201 struct common_datum *comdatum; 202 203 comdatum = datum; 204 p = datap; 205 if (!comdatum->value || comdatum->value > p->p_commons.nprim) 206 return -EINVAL; 207 p->p_common_val_to_name[comdatum->value - 1] = key; 208 return 0; 209 } 210 211 static int class_index(void *key, void *datum, void *datap) 212 { 213 struct policydb *p; 214 struct class_datum *cladatum; 215 216 cladatum = datum; 217 p = datap; 218 if (!cladatum->value || cladatum->value > p->p_classes.nprim) 219 return -EINVAL; 220 p->p_class_val_to_name[cladatum->value - 1] = key; 221 p->class_val_to_struct[cladatum->value - 1] = cladatum; 222 return 0; 223 } 224 225 static int role_index(void *key, void *datum, void *datap) 226 { 227 struct policydb *p; 228 struct role_datum *role; 229 230 role = datum; 231 p = datap; 232 if (!role->value || role->value > p->p_roles.nprim) 233 return -EINVAL; 234 p->p_role_val_to_name[role->value - 1] = key; 235 p->role_val_to_struct[role->value - 1] = role; 236 return 0; 237 } 238 239 static int type_index(void *key, void *datum, void *datap) 240 { 241 struct policydb *p; 242 struct type_datum *typdatum; 243 244 typdatum = datum; 245 p = datap; 246 247 if (typdatum->primary) { 248 if (!typdatum->value || typdatum->value > p->p_types.nprim) 249 return -EINVAL; 250 p->p_type_val_to_name[typdatum->value - 1] = key; 251 } 252 253 return 0; 254 } 255 256 static int user_index(void *key, void *datum, void *datap) 257 { 258 struct policydb *p; 259 struct user_datum *usrdatum; 260 261 usrdatum = datum; 262 p = datap; 263 if (!usrdatum->value || usrdatum->value > p->p_users.nprim) 264 return -EINVAL; 265 p->p_user_val_to_name[usrdatum->value - 1] = key; 266 p->user_val_to_struct[usrdatum->value - 1] = usrdatum; 267 return 0; 268 } 269 270 static int sens_index(void *key, void *datum, void *datap) 271 { 272 struct policydb *p; 273 struct level_datum *levdatum; 274 275 levdatum = datum; 276 p = datap; 277 278 if (!levdatum->isalias) { 279 if (!levdatum->level->sens || 280 levdatum->level->sens > p->p_levels.nprim) 281 return -EINVAL; 282 p->p_sens_val_to_name[levdatum->level->sens - 1] = key; 283 } 284 285 return 0; 286 } 287 288 static int cat_index(void *key, void *datum, void *datap) 289 { 290 struct policydb *p; 291 struct cat_datum *catdatum; 292 293 catdatum = datum; 294 p = datap; 295 296 if (!catdatum->isalias) { 297 if (!catdatum->value || catdatum->value > p->p_cats.nprim) 298 return -EINVAL; 299 p->p_cat_val_to_name[catdatum->value - 1] = key; 300 } 301 302 return 0; 303 } 304 305 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = 306 { 307 common_index, 308 class_index, 309 role_index, 310 type_index, 311 user_index, 312 cond_index_bool, 313 sens_index, 314 cat_index, 315 }; 316 317 /* 318 * Define the common val_to_name array and the class 319 * val_to_name and val_to_struct arrays in a policy 320 * database structure. 321 * 322 * Caller must clean up upon failure. 323 */ 324 static int policydb_index_classes(struct policydb *p) 325 { 326 int rc; 327 328 p->p_common_val_to_name = 329 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); 330 if (!p->p_common_val_to_name) { 331 rc = -ENOMEM; 332 goto out; 333 } 334 335 rc = hashtab_map(p->p_commons.table, common_index, p); 336 if (rc) 337 goto out; 338 339 p->class_val_to_struct = 340 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); 341 if (!p->class_val_to_struct) { 342 rc = -ENOMEM; 343 goto out; 344 } 345 346 p->p_class_val_to_name = 347 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); 348 if (!p->p_class_val_to_name) { 349 rc = -ENOMEM; 350 goto out; 351 } 352 353 rc = hashtab_map(p->p_classes.table, class_index, p); 354 out: 355 return rc; 356 } 357 358 #ifdef DEBUG_HASHES 359 static void symtab_hash_eval(struct symtab *s) 360 { 361 int i; 362 363 for (i = 0; i < SYM_NUM; i++) { 364 struct hashtab *h = s[i].table; 365 struct hashtab_info info; 366 367 hashtab_stat(h, &info); 368 printk(KERN_INFO "%s: %d entries and %d/%d buckets used, " 369 "longest chain length %d\n", symtab_name[i], h->nel, 370 info.slots_used, h->size, info.max_chain_len); 371 } 372 } 373 #endif 374 375 /* 376 * Define the other val_to_name and val_to_struct arrays 377 * in a policy database structure. 378 * 379 * Caller must clean up on failure. 380 */ 381 static int policydb_index_others(struct policydb *p) 382 { 383 int i, rc = 0; 384 385 printk(KERN_INFO "security: %d users, %d roles, %d types, %d bools", 386 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 387 if (selinux_mls_enabled) 388 printk(", %d sens, %d cats", p->p_levels.nprim, 389 p->p_cats.nprim); 390 printk("\n"); 391 392 printk(KERN_INFO "security: %d classes, %d rules\n", 393 p->p_classes.nprim, p->te_avtab.nel); 394 395 #ifdef DEBUG_HASHES 396 avtab_hash_eval(&p->te_avtab, "rules"); 397 symtab_hash_eval(p->symtab); 398 #endif 399 400 p->role_val_to_struct = 401 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), 402 GFP_KERNEL); 403 if (!p->role_val_to_struct) { 404 rc = -ENOMEM; 405 goto out; 406 } 407 408 p->user_val_to_struct = 409 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), 410 GFP_KERNEL); 411 if (!p->user_val_to_struct) { 412 rc = -ENOMEM; 413 goto out; 414 } 415 416 if (cond_init_bool_indexes(p)) { 417 rc = -ENOMEM; 418 goto out; 419 } 420 421 for (i = SYM_ROLES; i < SYM_NUM; i++) { 422 p->sym_val_to_name[i] = 423 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); 424 if (!p->sym_val_to_name[i]) { 425 rc = -ENOMEM; 426 goto out; 427 } 428 rc = hashtab_map(p->symtab[i].table, index_f[i], p); 429 if (rc) 430 goto out; 431 } 432 433 out: 434 return rc; 435 } 436 437 /* 438 * The following *_destroy functions are used to 439 * free any memory allocated for each kind of 440 * symbol data in the policy database. 441 */ 442 443 static int perm_destroy(void *key, void *datum, void *p) 444 { 445 kfree(key); 446 kfree(datum); 447 return 0; 448 } 449 450 static int common_destroy(void *key, void *datum, void *p) 451 { 452 struct common_datum *comdatum; 453 454 kfree(key); 455 comdatum = datum; 456 hashtab_map(comdatum->permissions.table, perm_destroy, NULL); 457 hashtab_destroy(comdatum->permissions.table); 458 kfree(datum); 459 return 0; 460 } 461 462 static int class_destroy(void *key, void *datum, void *p) 463 { 464 struct class_datum *cladatum; 465 struct constraint_node *constraint, *ctemp; 466 struct constraint_expr *e, *etmp; 467 468 kfree(key); 469 cladatum = datum; 470 hashtab_map(cladatum->permissions.table, perm_destroy, NULL); 471 hashtab_destroy(cladatum->permissions.table); 472 constraint = cladatum->constraints; 473 while (constraint) { 474 e = constraint->expr; 475 while (e) { 476 ebitmap_destroy(&e->names); 477 etmp = e; 478 e = e->next; 479 kfree(etmp); 480 } 481 ctemp = constraint; 482 constraint = constraint->next; 483 kfree(ctemp); 484 } 485 486 constraint = cladatum->validatetrans; 487 while (constraint) { 488 e = constraint->expr; 489 while (e) { 490 ebitmap_destroy(&e->names); 491 etmp = e; 492 e = e->next; 493 kfree(etmp); 494 } 495 ctemp = constraint; 496 constraint = constraint->next; 497 kfree(ctemp); 498 } 499 500 kfree(cladatum->comkey); 501 kfree(datum); 502 return 0; 503 } 504 505 static int role_destroy(void *key, void *datum, void *p) 506 { 507 struct role_datum *role; 508 509 kfree(key); 510 role = datum; 511 ebitmap_destroy(&role->dominates); 512 ebitmap_destroy(&role->types); 513 kfree(datum); 514 return 0; 515 } 516 517 static int type_destroy(void *key, void *datum, void *p) 518 { 519 kfree(key); 520 kfree(datum); 521 return 0; 522 } 523 524 static int user_destroy(void *key, void *datum, void *p) 525 { 526 struct user_datum *usrdatum; 527 528 kfree(key); 529 usrdatum = datum; 530 ebitmap_destroy(&usrdatum->roles); 531 ebitmap_destroy(&usrdatum->range.level[0].cat); 532 ebitmap_destroy(&usrdatum->range.level[1].cat); 533 ebitmap_destroy(&usrdatum->dfltlevel.cat); 534 kfree(datum); 535 return 0; 536 } 537 538 static int sens_destroy(void *key, void *datum, void *p) 539 { 540 struct level_datum *levdatum; 541 542 kfree(key); 543 levdatum = datum; 544 ebitmap_destroy(&levdatum->level->cat); 545 kfree(levdatum->level); 546 kfree(datum); 547 return 0; 548 } 549 550 static int cat_destroy(void *key, void *datum, void *p) 551 { 552 kfree(key); 553 kfree(datum); 554 return 0; 555 } 556 557 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = 558 { 559 common_destroy, 560 class_destroy, 561 role_destroy, 562 type_destroy, 563 user_destroy, 564 cond_destroy_bool, 565 sens_destroy, 566 cat_destroy, 567 }; 568 569 static void ocontext_destroy(struct ocontext *c, int i) 570 { 571 context_destroy(&c->context[0]); 572 context_destroy(&c->context[1]); 573 if (i == OCON_ISID || i == OCON_FS || 574 i == OCON_NETIF || i == OCON_FSUSE) 575 kfree(c->u.name); 576 kfree(c); 577 } 578 579 /* 580 * Free any memory allocated by a policy database structure. 581 */ 582 void policydb_destroy(struct policydb *p) 583 { 584 struct ocontext *c, *ctmp; 585 struct genfs *g, *gtmp; 586 int i; 587 588 for (i = 0; i < SYM_NUM; i++) { 589 hashtab_map(p->symtab[i].table, destroy_f[i], NULL); 590 hashtab_destroy(p->symtab[i].table); 591 } 592 593 for (i = 0; i < SYM_NUM; i++) 594 kfree(p->sym_val_to_name[i]); 595 596 kfree(p->class_val_to_struct); 597 kfree(p->role_val_to_struct); 598 kfree(p->user_val_to_struct); 599 600 avtab_destroy(&p->te_avtab); 601 602 for (i = 0; i < OCON_NUM; i++) { 603 c = p->ocontexts[i]; 604 while (c) { 605 ctmp = c; 606 c = c->next; 607 ocontext_destroy(ctmp,i); 608 } 609 } 610 611 g = p->genfs; 612 while (g) { 613 kfree(g->fstype); 614 c = g->head; 615 while (c) { 616 ctmp = c; 617 c = c->next; 618 ocontext_destroy(ctmp,OCON_FSUSE); 619 } 620 gtmp = g; 621 g = g->next; 622 kfree(gtmp); 623 } 624 625 cond_policydb_destroy(p); 626 627 return; 628 } 629 630 /* 631 * Load the initial SIDs specified in a policy database 632 * structure into a SID table. 633 */ 634 int policydb_load_isids(struct policydb *p, struct sidtab *s) 635 { 636 struct ocontext *head, *c; 637 int rc; 638 639 rc = sidtab_init(s); 640 if (rc) { 641 printk(KERN_ERR "security: out of memory on SID table init\n"); 642 goto out; 643 } 644 645 head = p->ocontexts[OCON_ISID]; 646 for (c = head; c; c = c->next) { 647 if (!c->context[0].user) { 648 printk(KERN_ERR "security: SID %s was never " 649 "defined.\n", c->u.name); 650 rc = -EINVAL; 651 goto out; 652 } 653 if (sidtab_insert(s, c->sid[0], &c->context[0])) { 654 printk(KERN_ERR "security: unable to load initial " 655 "SID %s.\n", c->u.name); 656 rc = -EINVAL; 657 goto out; 658 } 659 } 660 out: 661 return rc; 662 } 663 664 /* 665 * Return 1 if the fields in the security context 666 * structure `c' are valid. Return 0 otherwise. 667 */ 668 int policydb_context_isvalid(struct policydb *p, struct context *c) 669 { 670 struct role_datum *role; 671 struct user_datum *usrdatum; 672 673 if (!c->role || c->role > p->p_roles.nprim) 674 return 0; 675 676 if (!c->user || c->user > p->p_users.nprim) 677 return 0; 678 679 if (!c->type || c->type > p->p_types.nprim) 680 return 0; 681 682 if (c->role != OBJECT_R_VAL) { 683 /* 684 * Role must be authorized for the type. 685 */ 686 role = p->role_val_to_struct[c->role - 1]; 687 if (!ebitmap_get_bit(&role->types, 688 c->type - 1)) 689 /* role may not be associated with type */ 690 return 0; 691 692 /* 693 * User must be authorized for the role. 694 */ 695 usrdatum = p->user_val_to_struct[c->user - 1]; 696 if (!usrdatum) 697 return 0; 698 699 if (!ebitmap_get_bit(&usrdatum->roles, 700 c->role - 1)) 701 /* user may not be associated with role */ 702 return 0; 703 } 704 705 if (!mls_context_isvalid(p, c)) 706 return 0; 707 708 return 1; 709 } 710 711 /* 712 * Read a MLS range structure from a policydb binary 713 * representation file. 714 */ 715 static int mls_read_range_helper(struct mls_range *r, void *fp) 716 { 717 u32 buf[2], items; 718 int rc; 719 720 rc = next_entry(buf, fp, sizeof(u32)); 721 if (rc < 0) 722 goto out; 723 724 items = le32_to_cpu(buf[0]); 725 if (items > ARRAY_SIZE(buf)) { 726 printk(KERN_ERR "security: mls: range overflow\n"); 727 rc = -EINVAL; 728 goto out; 729 } 730 rc = next_entry(buf, fp, sizeof(u32) * items); 731 if (rc < 0) { 732 printk(KERN_ERR "security: mls: truncated range\n"); 733 goto out; 734 } 735 r->level[0].sens = le32_to_cpu(buf[0]); 736 if (items > 1) 737 r->level[1].sens = le32_to_cpu(buf[1]); 738 else 739 r->level[1].sens = r->level[0].sens; 740 741 rc = ebitmap_read(&r->level[0].cat, fp); 742 if (rc) { 743 printk(KERN_ERR "security: mls: error reading low " 744 "categories\n"); 745 goto out; 746 } 747 if (items > 1) { 748 rc = ebitmap_read(&r->level[1].cat, fp); 749 if (rc) { 750 printk(KERN_ERR "security: mls: error reading high " 751 "categories\n"); 752 goto bad_high; 753 } 754 } else { 755 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 756 if (rc) { 757 printk(KERN_ERR "security: mls: out of memory\n"); 758 goto bad_high; 759 } 760 } 761 762 rc = 0; 763 out: 764 return rc; 765 bad_high: 766 ebitmap_destroy(&r->level[0].cat); 767 goto out; 768 } 769 770 /* 771 * Read and validate a security context structure 772 * from a policydb binary representation file. 773 */ 774 static int context_read_and_validate(struct context *c, 775 struct policydb *p, 776 void *fp) 777 { 778 u32 buf[3]; 779 int rc; 780 781 rc = next_entry(buf, fp, sizeof buf); 782 if (rc < 0) { 783 printk(KERN_ERR "security: context truncated\n"); 784 goto out; 785 } 786 c->user = le32_to_cpu(buf[0]); 787 c->role = le32_to_cpu(buf[1]); 788 c->type = le32_to_cpu(buf[2]); 789 if (p->policyvers >= POLICYDB_VERSION_MLS) { 790 if (mls_read_range_helper(&c->range, fp)) { 791 printk(KERN_ERR "security: error reading MLS range of " 792 "context\n"); 793 rc = -EINVAL; 794 goto out; 795 } 796 } 797 798 if (!policydb_context_isvalid(p, c)) { 799 printk(KERN_ERR "security: invalid security context\n"); 800 context_destroy(c); 801 rc = -EINVAL; 802 } 803 out: 804 return rc; 805 } 806 807 /* 808 * The following *_read functions are used to 809 * read the symbol data from a policy database 810 * binary representation file. 811 */ 812 813 static int perm_read(struct policydb *p, struct hashtab *h, void *fp) 814 { 815 char *key = NULL; 816 struct perm_datum *perdatum; 817 int rc; 818 u32 buf[2], len; 819 820 perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); 821 if (!perdatum) { 822 rc = -ENOMEM; 823 goto out; 824 } 825 memset(perdatum, 0, sizeof(*perdatum)); 826 827 rc = next_entry(buf, fp, sizeof buf); 828 if (rc < 0) 829 goto bad; 830 831 len = le32_to_cpu(buf[0]); 832 perdatum->value = le32_to_cpu(buf[1]); 833 834 key = kmalloc(len + 1,GFP_KERNEL); 835 if (!key) { 836 rc = -ENOMEM; 837 goto bad; 838 } 839 rc = next_entry(key, fp, len); 840 if (rc < 0) 841 goto bad; 842 key[len] = 0; 843 844 rc = hashtab_insert(h, key, perdatum); 845 if (rc) 846 goto bad; 847 out: 848 return rc; 849 bad: 850 perm_destroy(key, perdatum, NULL); 851 goto out; 852 } 853 854 static int common_read(struct policydb *p, struct hashtab *h, void *fp) 855 { 856 char *key = NULL; 857 struct common_datum *comdatum; 858 u32 buf[4], len, nel; 859 int i, rc; 860 861 comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); 862 if (!comdatum) { 863 rc = -ENOMEM; 864 goto out; 865 } 866 memset(comdatum, 0, sizeof(*comdatum)); 867 868 rc = next_entry(buf, fp, sizeof buf); 869 if (rc < 0) 870 goto bad; 871 872 len = le32_to_cpu(buf[0]); 873 comdatum->value = le32_to_cpu(buf[1]); 874 875 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); 876 if (rc) 877 goto bad; 878 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 879 nel = le32_to_cpu(buf[3]); 880 881 key = kmalloc(len + 1,GFP_KERNEL); 882 if (!key) { 883 rc = -ENOMEM; 884 goto bad; 885 } 886 rc = next_entry(key, fp, len); 887 if (rc < 0) 888 goto bad; 889 key[len] = 0; 890 891 for (i = 0; i < nel; i++) { 892 rc = perm_read(p, comdatum->permissions.table, fp); 893 if (rc) 894 goto bad; 895 } 896 897 rc = hashtab_insert(h, key, comdatum); 898 if (rc) 899 goto bad; 900 out: 901 return rc; 902 bad: 903 common_destroy(key, comdatum, NULL); 904 goto out; 905 } 906 907 static int read_cons_helper(struct constraint_node **nodep, int ncons, 908 int allowxtarget, void *fp) 909 { 910 struct constraint_node *c, *lc; 911 struct constraint_expr *e, *le; 912 u32 buf[3], nexpr; 913 int rc, i, j, depth; 914 915 lc = NULL; 916 for (i = 0; i < ncons; i++) { 917 c = kmalloc(sizeof(*c), GFP_KERNEL); 918 if (!c) 919 return -ENOMEM; 920 memset(c, 0, sizeof(*c)); 921 922 if (lc) { 923 lc->next = c; 924 } else { 925 *nodep = c; 926 } 927 928 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 929 if (rc < 0) 930 return rc; 931 c->permissions = le32_to_cpu(buf[0]); 932 nexpr = le32_to_cpu(buf[1]); 933 le = NULL; 934 depth = -1; 935 for (j = 0; j < nexpr; j++) { 936 e = kmalloc(sizeof(*e), GFP_KERNEL); 937 if (!e) 938 return -ENOMEM; 939 memset(e, 0, sizeof(*e)); 940 941 if (le) { 942 le->next = e; 943 } else { 944 c->expr = e; 945 } 946 947 rc = next_entry(buf, fp, (sizeof(u32) * 3)); 948 if (rc < 0) 949 return rc; 950 e->expr_type = le32_to_cpu(buf[0]); 951 e->attr = le32_to_cpu(buf[1]); 952 e->op = le32_to_cpu(buf[2]); 953 954 switch (e->expr_type) { 955 case CEXPR_NOT: 956 if (depth < 0) 957 return -EINVAL; 958 break; 959 case CEXPR_AND: 960 case CEXPR_OR: 961 if (depth < 1) 962 return -EINVAL; 963 depth--; 964 break; 965 case CEXPR_ATTR: 966 if (depth == (CEXPR_MAXDEPTH - 1)) 967 return -EINVAL; 968 depth++; 969 break; 970 case CEXPR_NAMES: 971 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 972 return -EINVAL; 973 if (depth == (CEXPR_MAXDEPTH - 1)) 974 return -EINVAL; 975 depth++; 976 if (ebitmap_read(&e->names, fp)) 977 return -EINVAL; 978 break; 979 default: 980 return -EINVAL; 981 } 982 le = e; 983 } 984 if (depth != 0) 985 return -EINVAL; 986 lc = c; 987 } 988 989 return 0; 990 } 991 992 static int class_read(struct policydb *p, struct hashtab *h, void *fp) 993 { 994 char *key = NULL; 995 struct class_datum *cladatum; 996 u32 buf[6], len, len2, ncons, nel; 997 int i, rc; 998 999 cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); 1000 if (!cladatum) { 1001 rc = -ENOMEM; 1002 goto out; 1003 } 1004 memset(cladatum, 0, sizeof(*cladatum)); 1005 1006 rc = next_entry(buf, fp, sizeof(u32)*6); 1007 if (rc < 0) 1008 goto bad; 1009 1010 len = le32_to_cpu(buf[0]); 1011 len2 = le32_to_cpu(buf[1]); 1012 cladatum->value = le32_to_cpu(buf[2]); 1013 1014 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); 1015 if (rc) 1016 goto bad; 1017 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1018 nel = le32_to_cpu(buf[4]); 1019 1020 ncons = le32_to_cpu(buf[5]); 1021 1022 key = kmalloc(len + 1,GFP_KERNEL); 1023 if (!key) { 1024 rc = -ENOMEM; 1025 goto bad; 1026 } 1027 rc = next_entry(key, fp, len); 1028 if (rc < 0) 1029 goto bad; 1030 key[len] = 0; 1031 1032 if (len2) { 1033 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); 1034 if (!cladatum->comkey) { 1035 rc = -ENOMEM; 1036 goto bad; 1037 } 1038 rc = next_entry(cladatum->comkey, fp, len2); 1039 if (rc < 0) 1040 goto bad; 1041 cladatum->comkey[len2] = 0; 1042 1043 cladatum->comdatum = hashtab_search(p->p_commons.table, 1044 cladatum->comkey); 1045 if (!cladatum->comdatum) { 1046 printk(KERN_ERR "security: unknown common %s\n", 1047 cladatum->comkey); 1048 rc = -EINVAL; 1049 goto bad; 1050 } 1051 } 1052 for (i = 0; i < nel; i++) { 1053 rc = perm_read(p, cladatum->permissions.table, fp); 1054 if (rc) 1055 goto bad; 1056 } 1057 1058 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); 1059 if (rc) 1060 goto bad; 1061 1062 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { 1063 /* grab the validatetrans rules */ 1064 rc = next_entry(buf, fp, sizeof(u32)); 1065 if (rc < 0) 1066 goto bad; 1067 ncons = le32_to_cpu(buf[0]); 1068 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); 1069 if (rc) 1070 goto bad; 1071 } 1072 1073 rc = hashtab_insert(h, key, cladatum); 1074 if (rc) 1075 goto bad; 1076 1077 rc = 0; 1078 out: 1079 return rc; 1080 bad: 1081 class_destroy(key, cladatum, NULL); 1082 goto out; 1083 } 1084 1085 static int role_read(struct policydb *p, struct hashtab *h, void *fp) 1086 { 1087 char *key = NULL; 1088 struct role_datum *role; 1089 int rc; 1090 u32 buf[2], len; 1091 1092 role = kmalloc(sizeof(*role), GFP_KERNEL); 1093 if (!role) { 1094 rc = -ENOMEM; 1095 goto out; 1096 } 1097 memset(role, 0, sizeof(*role)); 1098 1099 rc = next_entry(buf, fp, sizeof buf); 1100 if (rc < 0) 1101 goto bad; 1102 1103 len = le32_to_cpu(buf[0]); 1104 role->value = le32_to_cpu(buf[1]); 1105 1106 key = kmalloc(len + 1,GFP_KERNEL); 1107 if (!key) { 1108 rc = -ENOMEM; 1109 goto bad; 1110 } 1111 rc = next_entry(key, fp, len); 1112 if (rc < 0) 1113 goto bad; 1114 key[len] = 0; 1115 1116 rc = ebitmap_read(&role->dominates, fp); 1117 if (rc) 1118 goto bad; 1119 1120 rc = ebitmap_read(&role->types, fp); 1121 if (rc) 1122 goto bad; 1123 1124 if (strcmp(key, OBJECT_R) == 0) { 1125 if (role->value != OBJECT_R_VAL) { 1126 printk(KERN_ERR "Role %s has wrong value %d\n", 1127 OBJECT_R, role->value); 1128 rc = -EINVAL; 1129 goto bad; 1130 } 1131 rc = 0; 1132 goto bad; 1133 } 1134 1135 rc = hashtab_insert(h, key, role); 1136 if (rc) 1137 goto bad; 1138 out: 1139 return rc; 1140 bad: 1141 role_destroy(key, role, NULL); 1142 goto out; 1143 } 1144 1145 static int type_read(struct policydb *p, struct hashtab *h, void *fp) 1146 { 1147 char *key = NULL; 1148 struct type_datum *typdatum; 1149 int rc; 1150 u32 buf[3], len; 1151 1152 typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); 1153 if (!typdatum) { 1154 rc = -ENOMEM; 1155 return rc; 1156 } 1157 memset(typdatum, 0, sizeof(*typdatum)); 1158 1159 rc = next_entry(buf, fp, sizeof buf); 1160 if (rc < 0) 1161 goto bad; 1162 1163 len = le32_to_cpu(buf[0]); 1164 typdatum->value = le32_to_cpu(buf[1]); 1165 typdatum->primary = le32_to_cpu(buf[2]); 1166 1167 key = kmalloc(len + 1,GFP_KERNEL); 1168 if (!key) { 1169 rc = -ENOMEM; 1170 goto bad; 1171 } 1172 rc = next_entry(key, fp, len); 1173 if (rc < 0) 1174 goto bad; 1175 key[len] = 0; 1176 1177 rc = hashtab_insert(h, key, typdatum); 1178 if (rc) 1179 goto bad; 1180 out: 1181 return rc; 1182 bad: 1183 type_destroy(key, typdatum, NULL); 1184 goto out; 1185 } 1186 1187 1188 /* 1189 * Read a MLS level structure from a policydb binary 1190 * representation file. 1191 */ 1192 static int mls_read_level(struct mls_level *lp, void *fp) 1193 { 1194 u32 buf[1]; 1195 int rc; 1196 1197 memset(lp, 0, sizeof(*lp)); 1198 1199 rc = next_entry(buf, fp, sizeof buf); 1200 if (rc < 0) { 1201 printk(KERN_ERR "security: mls: truncated level\n"); 1202 goto bad; 1203 } 1204 lp->sens = le32_to_cpu(buf[0]); 1205 1206 if (ebitmap_read(&lp->cat, fp)) { 1207 printk(KERN_ERR "security: mls: error reading level " 1208 "categories\n"); 1209 goto bad; 1210 } 1211 return 0; 1212 1213 bad: 1214 return -EINVAL; 1215 } 1216 1217 static int user_read(struct policydb *p, struct hashtab *h, void *fp) 1218 { 1219 char *key = NULL; 1220 struct user_datum *usrdatum; 1221 int rc; 1222 u32 buf[2], len; 1223 1224 usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); 1225 if (!usrdatum) { 1226 rc = -ENOMEM; 1227 goto out; 1228 } 1229 memset(usrdatum, 0, sizeof(*usrdatum)); 1230 1231 rc = next_entry(buf, fp, sizeof buf); 1232 if (rc < 0) 1233 goto bad; 1234 1235 len = le32_to_cpu(buf[0]); 1236 usrdatum->value = le32_to_cpu(buf[1]); 1237 1238 key = kmalloc(len + 1,GFP_KERNEL); 1239 if (!key) { 1240 rc = -ENOMEM; 1241 goto bad; 1242 } 1243 rc = next_entry(key, fp, len); 1244 if (rc < 0) 1245 goto bad; 1246 key[len] = 0; 1247 1248 rc = ebitmap_read(&usrdatum->roles, fp); 1249 if (rc) 1250 goto bad; 1251 1252 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1253 rc = mls_read_range_helper(&usrdatum->range, fp); 1254 if (rc) 1255 goto bad; 1256 rc = mls_read_level(&usrdatum->dfltlevel, fp); 1257 if (rc) 1258 goto bad; 1259 } 1260 1261 rc = hashtab_insert(h, key, usrdatum); 1262 if (rc) 1263 goto bad; 1264 out: 1265 return rc; 1266 bad: 1267 user_destroy(key, usrdatum, NULL); 1268 goto out; 1269 } 1270 1271 static int sens_read(struct policydb *p, struct hashtab *h, void *fp) 1272 { 1273 char *key = NULL; 1274 struct level_datum *levdatum; 1275 int rc; 1276 u32 buf[2], len; 1277 1278 levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); 1279 if (!levdatum) { 1280 rc = -ENOMEM; 1281 goto out; 1282 } 1283 memset(levdatum, 0, sizeof(*levdatum)); 1284 1285 rc = next_entry(buf, fp, sizeof buf); 1286 if (rc < 0) 1287 goto bad; 1288 1289 len = le32_to_cpu(buf[0]); 1290 levdatum->isalias = le32_to_cpu(buf[1]); 1291 1292 key = kmalloc(len + 1,GFP_ATOMIC); 1293 if (!key) { 1294 rc = -ENOMEM; 1295 goto bad; 1296 } 1297 rc = next_entry(key, fp, len); 1298 if (rc < 0) 1299 goto bad; 1300 key[len] = 0; 1301 1302 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); 1303 if (!levdatum->level) { 1304 rc = -ENOMEM; 1305 goto bad; 1306 } 1307 if (mls_read_level(levdatum->level, fp)) { 1308 rc = -EINVAL; 1309 goto bad; 1310 } 1311 1312 rc = hashtab_insert(h, key, levdatum); 1313 if (rc) 1314 goto bad; 1315 out: 1316 return rc; 1317 bad: 1318 sens_destroy(key, levdatum, NULL); 1319 goto out; 1320 } 1321 1322 static int cat_read(struct policydb *p, struct hashtab *h, void *fp) 1323 { 1324 char *key = NULL; 1325 struct cat_datum *catdatum; 1326 int rc; 1327 u32 buf[3], len; 1328 1329 catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); 1330 if (!catdatum) { 1331 rc = -ENOMEM; 1332 goto out; 1333 } 1334 memset(catdatum, 0, sizeof(*catdatum)); 1335 1336 rc = next_entry(buf, fp, sizeof buf); 1337 if (rc < 0) 1338 goto bad; 1339 1340 len = le32_to_cpu(buf[0]); 1341 catdatum->value = le32_to_cpu(buf[1]); 1342 catdatum->isalias = le32_to_cpu(buf[2]); 1343 1344 key = kmalloc(len + 1,GFP_ATOMIC); 1345 if (!key) { 1346 rc = -ENOMEM; 1347 goto bad; 1348 } 1349 rc = next_entry(key, fp, len); 1350 if (rc < 0) 1351 goto bad; 1352 key[len] = 0; 1353 1354 rc = hashtab_insert(h, key, catdatum); 1355 if (rc) 1356 goto bad; 1357 out: 1358 return rc; 1359 1360 bad: 1361 cat_destroy(key, catdatum, NULL); 1362 goto out; 1363 } 1364 1365 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = 1366 { 1367 common_read, 1368 class_read, 1369 role_read, 1370 type_read, 1371 user_read, 1372 cond_read_bool, 1373 sens_read, 1374 cat_read, 1375 }; 1376 1377 extern int ss_initialized; 1378 1379 /* 1380 * Read the configuration data from a policy database binary 1381 * representation file into a policy database structure. 1382 */ 1383 int policydb_read(struct policydb *p, void *fp) 1384 { 1385 struct role_allow *ra, *lra; 1386 struct role_trans *tr, *ltr; 1387 struct ocontext *l, *c, *newc; 1388 struct genfs *genfs_p, *genfs, *newgenfs; 1389 int i, j, rc; 1390 u32 buf[8], len, len2, config, nprim, nel, nel2; 1391 char *policydb_str; 1392 struct policydb_compat_info *info; 1393 struct range_trans *rt, *lrt; 1394 1395 config = 0; 1396 1397 rc = policydb_init(p); 1398 if (rc) 1399 goto out; 1400 1401 /* Read the magic number and string length. */ 1402 rc = next_entry(buf, fp, sizeof(u32)* 2); 1403 if (rc < 0) 1404 goto bad; 1405 1406 for (i = 0; i < 2; i++) 1407 buf[i] = le32_to_cpu(buf[i]); 1408 1409 if (buf[0] != POLICYDB_MAGIC) { 1410 printk(KERN_ERR "security: policydb magic number 0x%x does " 1411 "not match expected magic number 0x%x\n", 1412 buf[0], POLICYDB_MAGIC); 1413 goto bad; 1414 } 1415 1416 len = buf[1]; 1417 if (len != strlen(POLICYDB_STRING)) { 1418 printk(KERN_ERR "security: policydb string length %d does not " 1419 "match expected length %Zu\n", 1420 len, strlen(POLICYDB_STRING)); 1421 goto bad; 1422 } 1423 policydb_str = kmalloc(len + 1,GFP_KERNEL); 1424 if (!policydb_str) { 1425 printk(KERN_ERR "security: unable to allocate memory for policydb " 1426 "string of length %d\n", len); 1427 rc = -ENOMEM; 1428 goto bad; 1429 } 1430 rc = next_entry(policydb_str, fp, len); 1431 if (rc < 0) { 1432 printk(KERN_ERR "security: truncated policydb string identifier\n"); 1433 kfree(policydb_str); 1434 goto bad; 1435 } 1436 policydb_str[len] = 0; 1437 if (strcmp(policydb_str, POLICYDB_STRING)) { 1438 printk(KERN_ERR "security: policydb string %s does not match " 1439 "my string %s\n", policydb_str, POLICYDB_STRING); 1440 kfree(policydb_str); 1441 goto bad; 1442 } 1443 /* Done with policydb_str. */ 1444 kfree(policydb_str); 1445 policydb_str = NULL; 1446 1447 /* Read the version, config, and table sizes. */ 1448 rc = next_entry(buf, fp, sizeof(u32)*4); 1449 if (rc < 0) 1450 goto bad; 1451 for (i = 0; i < 4; i++) 1452 buf[i] = le32_to_cpu(buf[i]); 1453 1454 p->policyvers = buf[0]; 1455 if (p->policyvers < POLICYDB_VERSION_MIN || 1456 p->policyvers > POLICYDB_VERSION_MAX) { 1457 printk(KERN_ERR "security: policydb version %d does not match " 1458 "my version range %d-%d\n", 1459 buf[0], POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 1460 goto bad; 1461 } 1462 1463 if ((buf[1] & POLICYDB_CONFIG_MLS)) { 1464 if (ss_initialized && !selinux_mls_enabled) { 1465 printk(KERN_ERR "Cannot switch between non-MLS and MLS " 1466 "policies\n"); 1467 goto bad; 1468 } 1469 selinux_mls_enabled = 1; 1470 config |= POLICYDB_CONFIG_MLS; 1471 1472 if (p->policyvers < POLICYDB_VERSION_MLS) { 1473 printk(KERN_ERR "security policydb version %d (MLS) " 1474 "not backwards compatible\n", p->policyvers); 1475 goto bad; 1476 } 1477 } else { 1478 if (ss_initialized && selinux_mls_enabled) { 1479 printk(KERN_ERR "Cannot switch between MLS and non-MLS " 1480 "policies\n"); 1481 goto bad; 1482 } 1483 } 1484 1485 info = policydb_lookup_compat(p->policyvers); 1486 if (!info) { 1487 printk(KERN_ERR "security: unable to find policy compat info " 1488 "for version %d\n", p->policyvers); 1489 goto bad; 1490 } 1491 1492 if (buf[2] != info->sym_num || buf[3] != info->ocon_num) { 1493 printk(KERN_ERR "security: policydb table sizes (%d,%d) do " 1494 "not match mine (%d,%d)\n", buf[2], buf[3], 1495 info->sym_num, info->ocon_num); 1496 goto bad; 1497 } 1498 1499 for (i = 0; i < info->sym_num; i++) { 1500 rc = next_entry(buf, fp, sizeof(u32)*2); 1501 if (rc < 0) 1502 goto bad; 1503 nprim = le32_to_cpu(buf[0]); 1504 nel = le32_to_cpu(buf[1]); 1505 for (j = 0; j < nel; j++) { 1506 rc = read_f[i](p, p->symtab[i].table, fp); 1507 if (rc) 1508 goto bad; 1509 } 1510 1511 p->symtab[i].nprim = nprim; 1512 } 1513 1514 rc = avtab_read(&p->te_avtab, fp, config); 1515 if (rc) 1516 goto bad; 1517 1518 if (p->policyvers >= POLICYDB_VERSION_BOOL) { 1519 rc = cond_read_list(p, fp); 1520 if (rc) 1521 goto bad; 1522 } 1523 1524 rc = next_entry(buf, fp, sizeof(u32)); 1525 if (rc < 0) 1526 goto bad; 1527 nel = le32_to_cpu(buf[0]); 1528 ltr = NULL; 1529 for (i = 0; i < nel; i++) { 1530 tr = kmalloc(sizeof(*tr), GFP_KERNEL); 1531 if (!tr) { 1532 rc = -ENOMEM; 1533 goto bad; 1534 } 1535 memset(tr, 0, sizeof(*tr)); 1536 if (ltr) { 1537 ltr->next = tr; 1538 } else { 1539 p->role_tr = tr; 1540 } 1541 rc = next_entry(buf, fp, sizeof(u32)*3); 1542 if (rc < 0) 1543 goto bad; 1544 tr->role = le32_to_cpu(buf[0]); 1545 tr->type = le32_to_cpu(buf[1]); 1546 tr->new_role = le32_to_cpu(buf[2]); 1547 ltr = tr; 1548 } 1549 1550 rc = next_entry(buf, fp, sizeof(u32)); 1551 if (rc < 0) 1552 goto bad; 1553 nel = le32_to_cpu(buf[0]); 1554 lra = NULL; 1555 for (i = 0; i < nel; i++) { 1556 ra = kmalloc(sizeof(*ra), GFP_KERNEL); 1557 if (!ra) { 1558 rc = -ENOMEM; 1559 goto bad; 1560 } 1561 memset(ra, 0, sizeof(*ra)); 1562 if (lra) { 1563 lra->next = ra; 1564 } else { 1565 p->role_allow = ra; 1566 } 1567 rc = next_entry(buf, fp, sizeof(u32)*2); 1568 if (rc < 0) 1569 goto bad; 1570 ra->role = le32_to_cpu(buf[0]); 1571 ra->new_role = le32_to_cpu(buf[1]); 1572 lra = ra; 1573 } 1574 1575 rc = policydb_index_classes(p); 1576 if (rc) 1577 goto bad; 1578 1579 rc = policydb_index_others(p); 1580 if (rc) 1581 goto bad; 1582 1583 for (i = 0; i < info->ocon_num; i++) { 1584 rc = next_entry(buf, fp, sizeof(u32)); 1585 if (rc < 0) 1586 goto bad; 1587 nel = le32_to_cpu(buf[0]); 1588 l = NULL; 1589 for (j = 0; j < nel; j++) { 1590 c = kmalloc(sizeof(*c), GFP_KERNEL); 1591 if (!c) { 1592 rc = -ENOMEM; 1593 goto bad; 1594 } 1595 memset(c, 0, sizeof(*c)); 1596 if (l) { 1597 l->next = c; 1598 } else { 1599 p->ocontexts[i] = c; 1600 } 1601 l = c; 1602 rc = -EINVAL; 1603 switch (i) { 1604 case OCON_ISID: 1605 rc = next_entry(buf, fp, sizeof(u32)); 1606 if (rc < 0) 1607 goto bad; 1608 c->sid[0] = le32_to_cpu(buf[0]); 1609 rc = context_read_and_validate(&c->context[0], p, fp); 1610 if (rc) 1611 goto bad; 1612 break; 1613 case OCON_FS: 1614 case OCON_NETIF: 1615 rc = next_entry(buf, fp, sizeof(u32)); 1616 if (rc < 0) 1617 goto bad; 1618 len = le32_to_cpu(buf[0]); 1619 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1620 if (!c->u.name) { 1621 rc = -ENOMEM; 1622 goto bad; 1623 } 1624 rc = next_entry(c->u.name, fp, len); 1625 if (rc < 0) 1626 goto bad; 1627 c->u.name[len] = 0; 1628 rc = context_read_and_validate(&c->context[0], p, fp); 1629 if (rc) 1630 goto bad; 1631 rc = context_read_and_validate(&c->context[1], p, fp); 1632 if (rc) 1633 goto bad; 1634 break; 1635 case OCON_PORT: 1636 rc = next_entry(buf, fp, sizeof(u32)*3); 1637 if (rc < 0) 1638 goto bad; 1639 c->u.port.protocol = le32_to_cpu(buf[0]); 1640 c->u.port.low_port = le32_to_cpu(buf[1]); 1641 c->u.port.high_port = le32_to_cpu(buf[2]); 1642 rc = context_read_and_validate(&c->context[0], p, fp); 1643 if (rc) 1644 goto bad; 1645 break; 1646 case OCON_NODE: 1647 rc = next_entry(buf, fp, sizeof(u32)* 2); 1648 if (rc < 0) 1649 goto bad; 1650 c->u.node.addr = le32_to_cpu(buf[0]); 1651 c->u.node.mask = le32_to_cpu(buf[1]); 1652 rc = context_read_and_validate(&c->context[0], p, fp); 1653 if (rc) 1654 goto bad; 1655 break; 1656 case OCON_FSUSE: 1657 rc = next_entry(buf, fp, sizeof(u32)*2); 1658 if (rc < 0) 1659 goto bad; 1660 c->v.behavior = le32_to_cpu(buf[0]); 1661 if (c->v.behavior > SECURITY_FS_USE_NONE) 1662 goto bad; 1663 len = le32_to_cpu(buf[1]); 1664 c->u.name = kmalloc(len + 1,GFP_KERNEL); 1665 if (!c->u.name) { 1666 rc = -ENOMEM; 1667 goto bad; 1668 } 1669 rc = next_entry(c->u.name, fp, len); 1670 if (rc < 0) 1671 goto bad; 1672 c->u.name[len] = 0; 1673 rc = context_read_and_validate(&c->context[0], p, fp); 1674 if (rc) 1675 goto bad; 1676 break; 1677 case OCON_NODE6: { 1678 int k; 1679 1680 rc = next_entry(buf, fp, sizeof(u32) * 8); 1681 if (rc < 0) 1682 goto bad; 1683 for (k = 0; k < 4; k++) 1684 c->u.node6.addr[k] = le32_to_cpu(buf[k]); 1685 for (k = 0; k < 4; k++) 1686 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); 1687 if (context_read_and_validate(&c->context[0], p, fp)) 1688 goto bad; 1689 break; 1690 } 1691 } 1692 } 1693 } 1694 1695 rc = next_entry(buf, fp, sizeof(u32)); 1696 if (rc < 0) 1697 goto bad; 1698 nel = le32_to_cpu(buf[0]); 1699 genfs_p = NULL; 1700 rc = -EINVAL; 1701 for (i = 0; i < nel; i++) { 1702 rc = next_entry(buf, fp, sizeof(u32)); 1703 if (rc < 0) 1704 goto bad; 1705 len = le32_to_cpu(buf[0]); 1706 newgenfs = kmalloc(sizeof(*newgenfs), GFP_KERNEL); 1707 if (!newgenfs) { 1708 rc = -ENOMEM; 1709 goto bad; 1710 } 1711 memset(newgenfs, 0, sizeof(*newgenfs)); 1712 1713 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1714 if (!newgenfs->fstype) { 1715 rc = -ENOMEM; 1716 kfree(newgenfs); 1717 goto bad; 1718 } 1719 rc = next_entry(newgenfs->fstype, fp, len); 1720 if (rc < 0) { 1721 kfree(newgenfs->fstype); 1722 kfree(newgenfs); 1723 goto bad; 1724 } 1725 newgenfs->fstype[len] = 0; 1726 for (genfs_p = NULL, genfs = p->genfs; genfs; 1727 genfs_p = genfs, genfs = genfs->next) { 1728 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 1729 printk(KERN_ERR "security: dup genfs " 1730 "fstype %s\n", newgenfs->fstype); 1731 kfree(newgenfs->fstype); 1732 kfree(newgenfs); 1733 goto bad; 1734 } 1735 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 1736 break; 1737 } 1738 newgenfs->next = genfs; 1739 if (genfs_p) 1740 genfs_p->next = newgenfs; 1741 else 1742 p->genfs = newgenfs; 1743 rc = next_entry(buf, fp, sizeof(u32)); 1744 if (rc < 0) 1745 goto bad; 1746 nel2 = le32_to_cpu(buf[0]); 1747 for (j = 0; j < nel2; j++) { 1748 rc = next_entry(buf, fp, sizeof(u32)); 1749 if (rc < 0) 1750 goto bad; 1751 len = le32_to_cpu(buf[0]); 1752 1753 newc = kmalloc(sizeof(*newc), GFP_KERNEL); 1754 if (!newc) { 1755 rc = -ENOMEM; 1756 goto bad; 1757 } 1758 memset(newc, 0, sizeof(*newc)); 1759 1760 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1761 if (!newc->u.name) { 1762 rc = -ENOMEM; 1763 goto bad_newc; 1764 } 1765 rc = next_entry(newc->u.name, fp, len); 1766 if (rc < 0) 1767 goto bad_newc; 1768 newc->u.name[len] = 0; 1769 rc = next_entry(buf, fp, sizeof(u32)); 1770 if (rc < 0) 1771 goto bad_newc; 1772 newc->v.sclass = le32_to_cpu(buf[0]); 1773 if (context_read_and_validate(&newc->context[0], p, fp)) 1774 goto bad_newc; 1775 for (l = NULL, c = newgenfs->head; c; 1776 l = c, c = c->next) { 1777 if (!strcmp(newc->u.name, c->u.name) && 1778 (!c->v.sclass || !newc->v.sclass || 1779 newc->v.sclass == c->v.sclass)) { 1780 printk(KERN_ERR "security: dup genfs " 1781 "entry (%s,%s)\n", 1782 newgenfs->fstype, c->u.name); 1783 goto bad_newc; 1784 } 1785 len = strlen(newc->u.name); 1786 len2 = strlen(c->u.name); 1787 if (len > len2) 1788 break; 1789 } 1790 1791 newc->next = c; 1792 if (l) 1793 l->next = newc; 1794 else 1795 newgenfs->head = newc; 1796 } 1797 } 1798 1799 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1800 rc = next_entry(buf, fp, sizeof(u32)); 1801 if (rc < 0) 1802 goto bad; 1803 nel = le32_to_cpu(buf[0]); 1804 lrt = NULL; 1805 for (i = 0; i < nel; i++) { 1806 rt = kmalloc(sizeof(*rt), GFP_KERNEL); 1807 if (!rt) { 1808 rc = -ENOMEM; 1809 goto bad; 1810 } 1811 memset(rt, 0, sizeof(*rt)); 1812 if (lrt) 1813 lrt->next = rt; 1814 else 1815 p->range_tr = rt; 1816 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1817 if (rc < 0) 1818 goto bad; 1819 rt->dom = le32_to_cpu(buf[0]); 1820 rt->type = le32_to_cpu(buf[1]); 1821 rc = mls_read_range_helper(&rt->range, fp); 1822 if (rc) 1823 goto bad; 1824 lrt = rt; 1825 } 1826 } 1827 1828 rc = 0; 1829 out: 1830 return rc; 1831 bad_newc: 1832 ocontext_destroy(newc,OCON_FSUSE); 1833 bad: 1834 if (!rc) 1835 rc = -EINVAL; 1836 policydb_destroy(p); 1837 goto out; 1838 } 1839