0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030
0031 #include <linux/kernel.h>
0032 #include <linux/sched.h>
0033 #include <linux/slab.h>
0034 #include <linux/string.h>
0035 #include <linux/errno.h>
0036 #include <linux/audit.h>
0037 #include "security.h"
0038
0039 #include "policydb.h"
0040 #include "conditional.h"
0041 #include "mls.h"
0042 #include "services.h"
0043
0044 #ifdef DEBUG_HASHES
0045 static const char *symtab_name[SYM_NUM] = {
0046 "common prefixes",
0047 "classes",
0048 "roles",
0049 "types",
0050 "users",
0051 "bools",
0052 "levels",
0053 "categories",
0054 };
0055 #endif
0056
0057 struct policydb_compat_info {
0058 int version;
0059 int sym_num;
0060 int ocon_num;
0061 };
0062
0063
0064 static const struct policydb_compat_info policydb_compat[] = {
0065 {
0066 .version = POLICYDB_VERSION_BASE,
0067 .sym_num = SYM_NUM - 3,
0068 .ocon_num = OCON_NUM - 3,
0069 },
0070 {
0071 .version = POLICYDB_VERSION_BOOL,
0072 .sym_num = SYM_NUM - 2,
0073 .ocon_num = OCON_NUM - 3,
0074 },
0075 {
0076 .version = POLICYDB_VERSION_IPV6,
0077 .sym_num = SYM_NUM - 2,
0078 .ocon_num = OCON_NUM - 2,
0079 },
0080 {
0081 .version = POLICYDB_VERSION_NLCLASS,
0082 .sym_num = SYM_NUM - 2,
0083 .ocon_num = OCON_NUM - 2,
0084 },
0085 {
0086 .version = POLICYDB_VERSION_MLS,
0087 .sym_num = SYM_NUM,
0088 .ocon_num = OCON_NUM - 2,
0089 },
0090 {
0091 .version = POLICYDB_VERSION_AVTAB,
0092 .sym_num = SYM_NUM,
0093 .ocon_num = OCON_NUM - 2,
0094 },
0095 {
0096 .version = POLICYDB_VERSION_RANGETRANS,
0097 .sym_num = SYM_NUM,
0098 .ocon_num = OCON_NUM - 2,
0099 },
0100 {
0101 .version = POLICYDB_VERSION_POLCAP,
0102 .sym_num = SYM_NUM,
0103 .ocon_num = OCON_NUM - 2,
0104 },
0105 {
0106 .version = POLICYDB_VERSION_PERMISSIVE,
0107 .sym_num = SYM_NUM,
0108 .ocon_num = OCON_NUM - 2,
0109 },
0110 {
0111 .version = POLICYDB_VERSION_BOUNDARY,
0112 .sym_num = SYM_NUM,
0113 .ocon_num = OCON_NUM - 2,
0114 },
0115 {
0116 .version = POLICYDB_VERSION_FILENAME_TRANS,
0117 .sym_num = SYM_NUM,
0118 .ocon_num = OCON_NUM - 2,
0119 },
0120 {
0121 .version = POLICYDB_VERSION_ROLETRANS,
0122 .sym_num = SYM_NUM,
0123 .ocon_num = OCON_NUM - 2,
0124 },
0125 {
0126 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
0127 .sym_num = SYM_NUM,
0128 .ocon_num = OCON_NUM - 2,
0129 },
0130 {
0131 .version = POLICYDB_VERSION_DEFAULT_TYPE,
0132 .sym_num = SYM_NUM,
0133 .ocon_num = OCON_NUM - 2,
0134 },
0135 {
0136 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
0137 .sym_num = SYM_NUM,
0138 .ocon_num = OCON_NUM - 2,
0139 },
0140 {
0141 .version = POLICYDB_VERSION_XPERMS_IOCTL,
0142 .sym_num = SYM_NUM,
0143 .ocon_num = OCON_NUM - 2,
0144 },
0145 {
0146 .version = POLICYDB_VERSION_INFINIBAND,
0147 .sym_num = SYM_NUM,
0148 .ocon_num = OCON_NUM,
0149 },
0150 {
0151 .version = POLICYDB_VERSION_GLBLUB,
0152 .sym_num = SYM_NUM,
0153 .ocon_num = OCON_NUM,
0154 },
0155 {
0156 .version = POLICYDB_VERSION_COMP_FTRANS,
0157 .sym_num = SYM_NUM,
0158 .ocon_num = OCON_NUM,
0159 },
0160 };
0161
0162 static const struct policydb_compat_info *policydb_lookup_compat(int version)
0163 {
0164 int i;
0165
0166 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
0167 if (policydb_compat[i].version == version)
0168 return &policydb_compat[i];
0169 }
0170
0171 return NULL;
0172 }
0173
0174
0175
0176
0177
0178
0179
0180 static int perm_destroy(void *key, void *datum, void *p)
0181 {
0182 kfree(key);
0183 kfree(datum);
0184 return 0;
0185 }
0186
0187 static int common_destroy(void *key, void *datum, void *p)
0188 {
0189 struct common_datum *comdatum;
0190
0191 kfree(key);
0192 if (datum) {
0193 comdatum = datum;
0194 hashtab_map(&comdatum->permissions.table, perm_destroy, NULL);
0195 hashtab_destroy(&comdatum->permissions.table);
0196 }
0197 kfree(datum);
0198 return 0;
0199 }
0200
0201 static void constraint_expr_destroy(struct constraint_expr *expr)
0202 {
0203 if (expr) {
0204 ebitmap_destroy(&expr->names);
0205 if (expr->type_names) {
0206 ebitmap_destroy(&expr->type_names->types);
0207 ebitmap_destroy(&expr->type_names->negset);
0208 kfree(expr->type_names);
0209 }
0210 kfree(expr);
0211 }
0212 }
0213
0214 static int cls_destroy(void *key, void *datum, void *p)
0215 {
0216 struct class_datum *cladatum;
0217 struct constraint_node *constraint, *ctemp;
0218 struct constraint_expr *e, *etmp;
0219
0220 kfree(key);
0221 if (datum) {
0222 cladatum = datum;
0223 hashtab_map(&cladatum->permissions.table, perm_destroy, NULL);
0224 hashtab_destroy(&cladatum->permissions.table);
0225 constraint = cladatum->constraints;
0226 while (constraint) {
0227 e = constraint->expr;
0228 while (e) {
0229 etmp = e;
0230 e = e->next;
0231 constraint_expr_destroy(etmp);
0232 }
0233 ctemp = constraint;
0234 constraint = constraint->next;
0235 kfree(ctemp);
0236 }
0237
0238 constraint = cladatum->validatetrans;
0239 while (constraint) {
0240 e = constraint->expr;
0241 while (e) {
0242 etmp = e;
0243 e = e->next;
0244 constraint_expr_destroy(etmp);
0245 }
0246 ctemp = constraint;
0247 constraint = constraint->next;
0248 kfree(ctemp);
0249 }
0250 kfree(cladatum->comkey);
0251 }
0252 kfree(datum);
0253 return 0;
0254 }
0255
0256 static int role_destroy(void *key, void *datum, void *p)
0257 {
0258 struct role_datum *role;
0259
0260 kfree(key);
0261 if (datum) {
0262 role = datum;
0263 ebitmap_destroy(&role->dominates);
0264 ebitmap_destroy(&role->types);
0265 }
0266 kfree(datum);
0267 return 0;
0268 }
0269
0270 static int type_destroy(void *key, void *datum, void *p)
0271 {
0272 kfree(key);
0273 kfree(datum);
0274 return 0;
0275 }
0276
0277 static int user_destroy(void *key, void *datum, void *p)
0278 {
0279 struct user_datum *usrdatum;
0280
0281 kfree(key);
0282 if (datum) {
0283 usrdatum = datum;
0284 ebitmap_destroy(&usrdatum->roles);
0285 ebitmap_destroy(&usrdatum->range.level[0].cat);
0286 ebitmap_destroy(&usrdatum->range.level[1].cat);
0287 ebitmap_destroy(&usrdatum->dfltlevel.cat);
0288 }
0289 kfree(datum);
0290 return 0;
0291 }
0292
0293 static int sens_destroy(void *key, void *datum, void *p)
0294 {
0295 struct level_datum *levdatum;
0296
0297 kfree(key);
0298 if (datum) {
0299 levdatum = datum;
0300 if (levdatum->level)
0301 ebitmap_destroy(&levdatum->level->cat);
0302 kfree(levdatum->level);
0303 }
0304 kfree(datum);
0305 return 0;
0306 }
0307
0308 static int cat_destroy(void *key, void *datum, void *p)
0309 {
0310 kfree(key);
0311 kfree(datum);
0312 return 0;
0313 }
0314
0315 static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
0316 common_destroy,
0317 cls_destroy,
0318 role_destroy,
0319 type_destroy,
0320 user_destroy,
0321 cond_destroy_bool,
0322 sens_destroy,
0323 cat_destroy,
0324 };
0325
0326 static int filenametr_destroy(void *key, void *datum, void *p)
0327 {
0328 struct filename_trans_key *ft = key;
0329 struct filename_trans_datum *next, *d = datum;
0330
0331 kfree(ft->name);
0332 kfree(key);
0333 do {
0334 ebitmap_destroy(&d->stypes);
0335 next = d->next;
0336 kfree(d);
0337 d = next;
0338 } while (unlikely(d));
0339 cond_resched();
0340 return 0;
0341 }
0342
0343 static int range_tr_destroy(void *key, void *datum, void *p)
0344 {
0345 struct mls_range *rt = datum;
0346
0347 kfree(key);
0348 ebitmap_destroy(&rt->level[0].cat);
0349 ebitmap_destroy(&rt->level[1].cat);
0350 kfree(datum);
0351 cond_resched();
0352 return 0;
0353 }
0354
0355 static int role_tr_destroy(void *key, void *datum, void *p)
0356 {
0357 kfree(key);
0358 kfree(datum);
0359 return 0;
0360 }
0361
0362 static void ocontext_destroy(struct ocontext *c, int i)
0363 {
0364 if (!c)
0365 return;
0366
0367 context_destroy(&c->context[0]);
0368 context_destroy(&c->context[1]);
0369 if (i == OCON_ISID || i == OCON_FS ||
0370 i == OCON_NETIF || i == OCON_FSUSE)
0371 kfree(c->u.name);
0372 kfree(c);
0373 }
0374
0375
0376
0377
0378 static int roles_init(struct policydb *p)
0379 {
0380 char *key = NULL;
0381 int rc;
0382 struct role_datum *role;
0383
0384 role = kzalloc(sizeof(*role), GFP_KERNEL);
0385 if (!role)
0386 return -ENOMEM;
0387
0388 rc = -EINVAL;
0389 role->value = ++p->p_roles.nprim;
0390 if (role->value != OBJECT_R_VAL)
0391 goto out;
0392
0393 rc = -ENOMEM;
0394 key = kstrdup(OBJECT_R, GFP_KERNEL);
0395 if (!key)
0396 goto out;
0397
0398 rc = symtab_insert(&p->p_roles, key, role);
0399 if (rc)
0400 goto out;
0401
0402 return 0;
0403 out:
0404 kfree(key);
0405 kfree(role);
0406 return rc;
0407 }
0408
0409 static u32 filenametr_hash(const void *k)
0410 {
0411 const struct filename_trans_key *ft = k;
0412 unsigned long hash;
0413 unsigned int byte_num;
0414 unsigned char focus;
0415
0416 hash = ft->ttype ^ ft->tclass;
0417
0418 byte_num = 0;
0419 while ((focus = ft->name[byte_num++]))
0420 hash = partial_name_hash(focus, hash);
0421 return hash;
0422 }
0423
0424 static int filenametr_cmp(const void *k1, const void *k2)
0425 {
0426 const struct filename_trans_key *ft1 = k1;
0427 const struct filename_trans_key *ft2 = k2;
0428 int v;
0429
0430 v = ft1->ttype - ft2->ttype;
0431 if (v)
0432 return v;
0433
0434 v = ft1->tclass - ft2->tclass;
0435 if (v)
0436 return v;
0437
0438 return strcmp(ft1->name, ft2->name);
0439
0440 }
0441
0442 static const struct hashtab_key_params filenametr_key_params = {
0443 .hash = filenametr_hash,
0444 .cmp = filenametr_cmp,
0445 };
0446
0447 struct filename_trans_datum *policydb_filenametr_search(
0448 struct policydb *p, struct filename_trans_key *key)
0449 {
0450 return hashtab_search(&p->filename_trans, key, filenametr_key_params);
0451 }
0452
0453 static u32 rangetr_hash(const void *k)
0454 {
0455 const struct range_trans *key = k;
0456
0457 return key->source_type + (key->target_type << 3) +
0458 (key->target_class << 5);
0459 }
0460
0461 static int rangetr_cmp(const void *k1, const void *k2)
0462 {
0463 const struct range_trans *key1 = k1, *key2 = k2;
0464 int v;
0465
0466 v = key1->source_type - key2->source_type;
0467 if (v)
0468 return v;
0469
0470 v = key1->target_type - key2->target_type;
0471 if (v)
0472 return v;
0473
0474 v = key1->target_class - key2->target_class;
0475
0476 return v;
0477 }
0478
0479 static const struct hashtab_key_params rangetr_key_params = {
0480 .hash = rangetr_hash,
0481 .cmp = rangetr_cmp,
0482 };
0483
0484 struct mls_range *policydb_rangetr_search(struct policydb *p,
0485 struct range_trans *key)
0486 {
0487 return hashtab_search(&p->range_tr, key, rangetr_key_params);
0488 }
0489
0490 static u32 role_trans_hash(const void *k)
0491 {
0492 const struct role_trans_key *key = k;
0493
0494 return key->role + (key->type << 3) + (key->tclass << 5);
0495 }
0496
0497 static int role_trans_cmp(const void *k1, const void *k2)
0498 {
0499 const struct role_trans_key *key1 = k1, *key2 = k2;
0500 int v;
0501
0502 v = key1->role - key2->role;
0503 if (v)
0504 return v;
0505
0506 v = key1->type - key2->type;
0507 if (v)
0508 return v;
0509
0510 return key1->tclass - key2->tclass;
0511 }
0512
0513 static const struct hashtab_key_params roletr_key_params = {
0514 .hash = role_trans_hash,
0515 .cmp = role_trans_cmp,
0516 };
0517
0518 struct role_trans_datum *policydb_roletr_search(struct policydb *p,
0519 struct role_trans_key *key)
0520 {
0521 return hashtab_search(&p->role_tr, key, roletr_key_params);
0522 }
0523
0524
0525
0526
0527 static void policydb_init(struct policydb *p)
0528 {
0529 memset(p, 0, sizeof(*p));
0530
0531 avtab_init(&p->te_avtab);
0532 cond_policydb_init(p);
0533
0534 ebitmap_init(&p->filename_trans_ttypes);
0535 ebitmap_init(&p->policycaps);
0536 ebitmap_init(&p->permissive_map);
0537 }
0538
0539
0540
0541
0542
0543
0544
0545
0546
0547
0548
0549 static int common_index(void *key, void *datum, void *datap)
0550 {
0551 struct policydb *p;
0552 struct common_datum *comdatum;
0553
0554 comdatum = datum;
0555 p = datap;
0556 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
0557 return -EINVAL;
0558
0559 p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
0560
0561 return 0;
0562 }
0563
0564 static int class_index(void *key, void *datum, void *datap)
0565 {
0566 struct policydb *p;
0567 struct class_datum *cladatum;
0568
0569 cladatum = datum;
0570 p = datap;
0571 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
0572 return -EINVAL;
0573
0574 p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
0575 p->class_val_to_struct[cladatum->value - 1] = cladatum;
0576 return 0;
0577 }
0578
0579 static int role_index(void *key, void *datum, void *datap)
0580 {
0581 struct policydb *p;
0582 struct role_datum *role;
0583
0584 role = datum;
0585 p = datap;
0586 if (!role->value
0587 || role->value > p->p_roles.nprim
0588 || role->bounds > p->p_roles.nprim)
0589 return -EINVAL;
0590
0591 p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
0592 p->role_val_to_struct[role->value - 1] = role;
0593 return 0;
0594 }
0595
0596 static int type_index(void *key, void *datum, void *datap)
0597 {
0598 struct policydb *p;
0599 struct type_datum *typdatum;
0600
0601 typdatum = datum;
0602 p = datap;
0603
0604 if (typdatum->primary) {
0605 if (!typdatum->value
0606 || typdatum->value > p->p_types.nprim
0607 || typdatum->bounds > p->p_types.nprim)
0608 return -EINVAL;
0609 p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
0610 p->type_val_to_struct[typdatum->value - 1] = typdatum;
0611 }
0612
0613 return 0;
0614 }
0615
0616 static int user_index(void *key, void *datum, void *datap)
0617 {
0618 struct policydb *p;
0619 struct user_datum *usrdatum;
0620
0621 usrdatum = datum;
0622 p = datap;
0623 if (!usrdatum->value
0624 || usrdatum->value > p->p_users.nprim
0625 || usrdatum->bounds > p->p_users.nprim)
0626 return -EINVAL;
0627
0628 p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
0629 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
0630 return 0;
0631 }
0632
0633 static int sens_index(void *key, void *datum, void *datap)
0634 {
0635 struct policydb *p;
0636 struct level_datum *levdatum;
0637
0638 levdatum = datum;
0639 p = datap;
0640
0641 if (!levdatum->isalias) {
0642 if (!levdatum->level->sens ||
0643 levdatum->level->sens > p->p_levels.nprim)
0644 return -EINVAL;
0645
0646 p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
0647 }
0648
0649 return 0;
0650 }
0651
0652 static int cat_index(void *key, void *datum, void *datap)
0653 {
0654 struct policydb *p;
0655 struct cat_datum *catdatum;
0656
0657 catdatum = datum;
0658 p = datap;
0659
0660 if (!catdatum->isalias) {
0661 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
0662 return -EINVAL;
0663
0664 p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
0665 }
0666
0667 return 0;
0668 }
0669
0670 static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
0671 common_index,
0672 class_index,
0673 role_index,
0674 type_index,
0675 user_index,
0676 cond_index_bool,
0677 sens_index,
0678 cat_index,
0679 };
0680
0681 #ifdef DEBUG_HASHES
0682 static void hash_eval(struct hashtab *h, const char *hash_name)
0683 {
0684 struct hashtab_info info;
0685
0686 hashtab_stat(h, &info);
0687 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d\n",
0688 hash_name, h->nel, info.slots_used, h->size,
0689 info.max_chain_len);
0690 }
0691
0692 static void symtab_hash_eval(struct symtab *s)
0693 {
0694 int i;
0695
0696 for (i = 0; i < SYM_NUM; i++)
0697 hash_eval(&s[i].table, symtab_name[i]);
0698 }
0699
0700 #else
0701 static inline void hash_eval(struct hashtab *h, const char *hash_name)
0702 {
0703 }
0704 #endif
0705
0706
0707
0708
0709
0710
0711
0712 static int policydb_index(struct policydb *p)
0713 {
0714 int i, rc;
0715
0716 if (p->mls_enabled)
0717 pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
0718 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
0719 p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
0720 else
0721 pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n",
0722 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
0723 p->p_bools.nprim);
0724
0725 pr_debug("SELinux: %d classes, %d rules\n",
0726 p->p_classes.nprim, p->te_avtab.nel);
0727
0728 #ifdef DEBUG_HASHES
0729 avtab_hash_eval(&p->te_avtab, "rules");
0730 symtab_hash_eval(p->symtab);
0731 #endif
0732
0733 p->class_val_to_struct = kcalloc(p->p_classes.nprim,
0734 sizeof(*p->class_val_to_struct),
0735 GFP_KERNEL);
0736 if (!p->class_val_to_struct)
0737 return -ENOMEM;
0738
0739 p->role_val_to_struct = kcalloc(p->p_roles.nprim,
0740 sizeof(*p->role_val_to_struct),
0741 GFP_KERNEL);
0742 if (!p->role_val_to_struct)
0743 return -ENOMEM;
0744
0745 p->user_val_to_struct = kcalloc(p->p_users.nprim,
0746 sizeof(*p->user_val_to_struct),
0747 GFP_KERNEL);
0748 if (!p->user_val_to_struct)
0749 return -ENOMEM;
0750
0751 p->type_val_to_struct = kvcalloc(p->p_types.nprim,
0752 sizeof(*p->type_val_to_struct),
0753 GFP_KERNEL);
0754 if (!p->type_val_to_struct)
0755 return -ENOMEM;
0756
0757 rc = cond_init_bool_indexes(p);
0758 if (rc)
0759 goto out;
0760
0761 for (i = 0; i < SYM_NUM; i++) {
0762 p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
0763 sizeof(char *),
0764 GFP_KERNEL);
0765 if (!p->sym_val_to_name[i])
0766 return -ENOMEM;
0767
0768 rc = hashtab_map(&p->symtab[i].table, index_f[i], p);
0769 if (rc)
0770 goto out;
0771 }
0772 rc = 0;
0773 out:
0774 return rc;
0775 }
0776
0777
0778
0779
0780 void policydb_destroy(struct policydb *p)
0781 {
0782 struct ocontext *c, *ctmp;
0783 struct genfs *g, *gtmp;
0784 int i;
0785 struct role_allow *ra, *lra = NULL;
0786
0787 for (i = 0; i < SYM_NUM; i++) {
0788 cond_resched();
0789 hashtab_map(&p->symtab[i].table, destroy_f[i], NULL);
0790 hashtab_destroy(&p->symtab[i].table);
0791 }
0792
0793 for (i = 0; i < SYM_NUM; i++)
0794 kvfree(p->sym_val_to_name[i]);
0795
0796 kfree(p->class_val_to_struct);
0797 kfree(p->role_val_to_struct);
0798 kfree(p->user_val_to_struct);
0799 kvfree(p->type_val_to_struct);
0800
0801 avtab_destroy(&p->te_avtab);
0802
0803 for (i = 0; i < OCON_NUM; i++) {
0804 cond_resched();
0805 c = p->ocontexts[i];
0806 while (c) {
0807 ctmp = c;
0808 c = c->next;
0809 ocontext_destroy(ctmp, i);
0810 }
0811 p->ocontexts[i] = NULL;
0812 }
0813
0814 g = p->genfs;
0815 while (g) {
0816 cond_resched();
0817 kfree(g->fstype);
0818 c = g->head;
0819 while (c) {
0820 ctmp = c;
0821 c = c->next;
0822 ocontext_destroy(ctmp, OCON_FSUSE);
0823 }
0824 gtmp = g;
0825 g = g->next;
0826 kfree(gtmp);
0827 }
0828 p->genfs = NULL;
0829
0830 cond_policydb_destroy(p);
0831
0832 hashtab_map(&p->role_tr, role_tr_destroy, NULL);
0833 hashtab_destroy(&p->role_tr);
0834
0835 for (ra = p->role_allow; ra; ra = ra->next) {
0836 cond_resched();
0837 kfree(lra);
0838 lra = ra;
0839 }
0840 kfree(lra);
0841
0842 hashtab_map(&p->filename_trans, filenametr_destroy, NULL);
0843 hashtab_destroy(&p->filename_trans);
0844
0845 hashtab_map(&p->range_tr, range_tr_destroy, NULL);
0846 hashtab_destroy(&p->range_tr);
0847
0848 if (p->type_attr_map_array) {
0849 for (i = 0; i < p->p_types.nprim; i++)
0850 ebitmap_destroy(&p->type_attr_map_array[i]);
0851 kvfree(p->type_attr_map_array);
0852 }
0853
0854 ebitmap_destroy(&p->filename_trans_ttypes);
0855 ebitmap_destroy(&p->policycaps);
0856 ebitmap_destroy(&p->permissive_map);
0857 }
0858
0859
0860
0861
0862
0863 int policydb_load_isids(struct policydb *p, struct sidtab *s)
0864 {
0865 struct ocontext *head, *c;
0866 int rc;
0867
0868 rc = sidtab_init(s);
0869 if (rc) {
0870 pr_err("SELinux: out of memory on SID table init\n");
0871 return rc;
0872 }
0873
0874 head = p->ocontexts[OCON_ISID];
0875 for (c = head; c; c = c->next) {
0876 u32 sid = c->sid[0];
0877 const char *name = security_get_initial_sid_context(sid);
0878
0879 if (sid == SECSID_NULL) {
0880 pr_err("SELinux: SID 0 was assigned a context.\n");
0881 sidtab_destroy(s);
0882 return -EINVAL;
0883 }
0884
0885
0886 if (!name)
0887 continue;
0888
0889 rc = sidtab_set_initial(s, sid, &c->context[0]);
0890 if (rc) {
0891 pr_err("SELinux: unable to load initial SID %s.\n",
0892 name);
0893 sidtab_destroy(s);
0894 return rc;
0895 }
0896 }
0897 return 0;
0898 }
0899
0900 int policydb_class_isvalid(struct policydb *p, unsigned int class)
0901 {
0902 if (!class || class > p->p_classes.nprim)
0903 return 0;
0904 return 1;
0905 }
0906
0907 int policydb_role_isvalid(struct policydb *p, unsigned int role)
0908 {
0909 if (!role || role > p->p_roles.nprim)
0910 return 0;
0911 return 1;
0912 }
0913
0914 int policydb_type_isvalid(struct policydb *p, unsigned int type)
0915 {
0916 if (!type || type > p->p_types.nprim)
0917 return 0;
0918 return 1;
0919 }
0920
0921
0922
0923
0924
0925 int policydb_context_isvalid(struct policydb *p, struct context *c)
0926 {
0927 struct role_datum *role;
0928 struct user_datum *usrdatum;
0929
0930 if (!c->role || c->role > p->p_roles.nprim)
0931 return 0;
0932
0933 if (!c->user || c->user > p->p_users.nprim)
0934 return 0;
0935
0936 if (!c->type || c->type > p->p_types.nprim)
0937 return 0;
0938
0939 if (c->role != OBJECT_R_VAL) {
0940
0941
0942
0943 role = p->role_val_to_struct[c->role - 1];
0944 if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
0945
0946 return 0;
0947
0948
0949
0950
0951 usrdatum = p->user_val_to_struct[c->user - 1];
0952 if (!usrdatum)
0953 return 0;
0954
0955 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
0956
0957 return 0;
0958 }
0959
0960 if (!mls_context_isvalid(p, c))
0961 return 0;
0962
0963 return 1;
0964 }
0965
0966
0967
0968
0969
0970 static int mls_read_range_helper(struct mls_range *r, void *fp)
0971 {
0972 __le32 buf[2];
0973 u32 items;
0974 int rc;
0975
0976 rc = next_entry(buf, fp, sizeof(u32));
0977 if (rc)
0978 goto out;
0979
0980 rc = -EINVAL;
0981 items = le32_to_cpu(buf[0]);
0982 if (items > ARRAY_SIZE(buf)) {
0983 pr_err("SELinux: mls: range overflow\n");
0984 goto out;
0985 }
0986
0987 rc = next_entry(buf, fp, sizeof(u32) * items);
0988 if (rc) {
0989 pr_err("SELinux: mls: truncated range\n");
0990 goto out;
0991 }
0992
0993 r->level[0].sens = le32_to_cpu(buf[0]);
0994 if (items > 1)
0995 r->level[1].sens = le32_to_cpu(buf[1]);
0996 else
0997 r->level[1].sens = r->level[0].sens;
0998
0999 rc = ebitmap_read(&r->level[0].cat, fp);
1000 if (rc) {
1001 pr_err("SELinux: mls: error reading low categories\n");
1002 goto out;
1003 }
1004 if (items > 1) {
1005 rc = ebitmap_read(&r->level[1].cat, fp);
1006 if (rc) {
1007 pr_err("SELinux: mls: error reading high categories\n");
1008 goto bad_high;
1009 }
1010 } else {
1011 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1012 if (rc) {
1013 pr_err("SELinux: mls: out of memory\n");
1014 goto bad_high;
1015 }
1016 }
1017
1018 return 0;
1019 bad_high:
1020 ebitmap_destroy(&r->level[0].cat);
1021 out:
1022 return rc;
1023 }
1024
1025
1026
1027
1028
1029 static int context_read_and_validate(struct context *c,
1030 struct policydb *p,
1031 void *fp)
1032 {
1033 __le32 buf[3];
1034 int rc;
1035
1036 rc = next_entry(buf, fp, sizeof buf);
1037 if (rc) {
1038 pr_err("SELinux: context truncated\n");
1039 goto out;
1040 }
1041 c->user = le32_to_cpu(buf[0]);
1042 c->role = le32_to_cpu(buf[1]);
1043 c->type = le32_to_cpu(buf[2]);
1044 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1045 rc = mls_read_range_helper(&c->range, fp);
1046 if (rc) {
1047 pr_err("SELinux: error reading MLS range of context\n");
1048 goto out;
1049 }
1050 }
1051
1052 rc = -EINVAL;
1053 if (!policydb_context_isvalid(p, c)) {
1054 pr_err("SELinux: invalid security context\n");
1055 context_destroy(c);
1056 goto out;
1057 }
1058 rc = 0;
1059 out:
1060 return rc;
1061 }
1062
1063
1064
1065
1066
1067
1068
1069 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1070 {
1071 int rc;
1072 char *str;
1073
1074 if ((len == 0) || (len == (u32)-1))
1075 return -EINVAL;
1076
1077 str = kmalloc(len + 1, flags | __GFP_NOWARN);
1078 if (!str)
1079 return -ENOMEM;
1080
1081 rc = next_entry(str, fp, len);
1082 if (rc) {
1083 kfree(str);
1084 return rc;
1085 }
1086
1087 str[len] = '\0';
1088 *strp = str;
1089 return 0;
1090 }
1091
1092 static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1093 {
1094 char *key = NULL;
1095 struct perm_datum *perdatum;
1096 int rc;
1097 __le32 buf[2];
1098 u32 len;
1099
1100 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1101 if (!perdatum)
1102 return -ENOMEM;
1103
1104 rc = next_entry(buf, fp, sizeof buf);
1105 if (rc)
1106 goto bad;
1107
1108 len = le32_to_cpu(buf[0]);
1109 perdatum->value = le32_to_cpu(buf[1]);
1110
1111 rc = str_read(&key, GFP_KERNEL, fp, len);
1112 if (rc)
1113 goto bad;
1114
1115 rc = symtab_insert(s, key, perdatum);
1116 if (rc)
1117 goto bad;
1118
1119 return 0;
1120 bad:
1121 perm_destroy(key, perdatum, NULL);
1122 return rc;
1123 }
1124
1125 static int common_read(struct policydb *p, struct symtab *s, void *fp)
1126 {
1127 char *key = NULL;
1128 struct common_datum *comdatum;
1129 __le32 buf[4];
1130 u32 len, nel;
1131 int i, rc;
1132
1133 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1134 if (!comdatum)
1135 return -ENOMEM;
1136
1137 rc = next_entry(buf, fp, sizeof buf);
1138 if (rc)
1139 goto bad;
1140
1141 len = le32_to_cpu(buf[0]);
1142 comdatum->value = le32_to_cpu(buf[1]);
1143 nel = le32_to_cpu(buf[3]);
1144
1145 rc = symtab_init(&comdatum->permissions, nel);
1146 if (rc)
1147 goto bad;
1148 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1149
1150 rc = str_read(&key, GFP_KERNEL, fp, len);
1151 if (rc)
1152 goto bad;
1153
1154 for (i = 0; i < nel; i++) {
1155 rc = perm_read(p, &comdatum->permissions, fp);
1156 if (rc)
1157 goto bad;
1158 }
1159
1160 rc = symtab_insert(s, key, comdatum);
1161 if (rc)
1162 goto bad;
1163 return 0;
1164 bad:
1165 common_destroy(key, comdatum, NULL);
1166 return rc;
1167 }
1168
1169 static void type_set_init(struct type_set *t)
1170 {
1171 ebitmap_init(&t->types);
1172 ebitmap_init(&t->negset);
1173 }
1174
1175 static int type_set_read(struct type_set *t, void *fp)
1176 {
1177 __le32 buf[1];
1178 int rc;
1179
1180 if (ebitmap_read(&t->types, fp))
1181 return -EINVAL;
1182 if (ebitmap_read(&t->negset, fp))
1183 return -EINVAL;
1184
1185 rc = next_entry(buf, fp, sizeof(u32));
1186 if (rc < 0)
1187 return -EINVAL;
1188 t->flags = le32_to_cpu(buf[0]);
1189
1190 return 0;
1191 }
1192
1193
1194 static int read_cons_helper(struct policydb *p,
1195 struct constraint_node **nodep,
1196 int ncons, int allowxtarget, void *fp)
1197 {
1198 struct constraint_node *c, *lc;
1199 struct constraint_expr *e, *le;
1200 __le32 buf[3];
1201 u32 nexpr;
1202 int rc, i, j, depth;
1203
1204 lc = NULL;
1205 for (i = 0; i < ncons; i++) {
1206 c = kzalloc(sizeof(*c), GFP_KERNEL);
1207 if (!c)
1208 return -ENOMEM;
1209
1210 if (lc)
1211 lc->next = c;
1212 else
1213 *nodep = c;
1214
1215 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1216 if (rc)
1217 return rc;
1218 c->permissions = le32_to_cpu(buf[0]);
1219 nexpr = le32_to_cpu(buf[1]);
1220 le = NULL;
1221 depth = -1;
1222 for (j = 0; j < nexpr; j++) {
1223 e = kzalloc(sizeof(*e), GFP_KERNEL);
1224 if (!e)
1225 return -ENOMEM;
1226
1227 if (le)
1228 le->next = e;
1229 else
1230 c->expr = e;
1231
1232 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1233 if (rc)
1234 return rc;
1235 e->expr_type = le32_to_cpu(buf[0]);
1236 e->attr = le32_to_cpu(buf[1]);
1237 e->op = le32_to_cpu(buf[2]);
1238
1239 switch (e->expr_type) {
1240 case CEXPR_NOT:
1241 if (depth < 0)
1242 return -EINVAL;
1243 break;
1244 case CEXPR_AND:
1245 case CEXPR_OR:
1246 if (depth < 1)
1247 return -EINVAL;
1248 depth--;
1249 break;
1250 case CEXPR_ATTR:
1251 if (depth == (CEXPR_MAXDEPTH - 1))
1252 return -EINVAL;
1253 depth++;
1254 break;
1255 case CEXPR_NAMES:
1256 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1257 return -EINVAL;
1258 if (depth == (CEXPR_MAXDEPTH - 1))
1259 return -EINVAL;
1260 depth++;
1261 rc = ebitmap_read(&e->names, fp);
1262 if (rc)
1263 return rc;
1264 if (p->policyvers >=
1265 POLICYDB_VERSION_CONSTRAINT_NAMES) {
1266 e->type_names = kzalloc(sizeof
1267 (*e->type_names), GFP_KERNEL);
1268 if (!e->type_names)
1269 return -ENOMEM;
1270 type_set_init(e->type_names);
1271 rc = type_set_read(e->type_names, fp);
1272 if (rc)
1273 return rc;
1274 }
1275 break;
1276 default:
1277 return -EINVAL;
1278 }
1279 le = e;
1280 }
1281 if (depth != 0)
1282 return -EINVAL;
1283 lc = c;
1284 }
1285
1286 return 0;
1287 }
1288
1289 static int class_read(struct policydb *p, struct symtab *s, void *fp)
1290 {
1291 char *key = NULL;
1292 struct class_datum *cladatum;
1293 __le32 buf[6];
1294 u32 len, len2, ncons, nel;
1295 int i, rc;
1296
1297 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1298 if (!cladatum)
1299 return -ENOMEM;
1300
1301 rc = next_entry(buf, fp, sizeof(u32)*6);
1302 if (rc)
1303 goto bad;
1304
1305 len = le32_to_cpu(buf[0]);
1306 len2 = le32_to_cpu(buf[1]);
1307 cladatum->value = le32_to_cpu(buf[2]);
1308 nel = le32_to_cpu(buf[4]);
1309
1310 rc = symtab_init(&cladatum->permissions, nel);
1311 if (rc)
1312 goto bad;
1313 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1314
1315 ncons = le32_to_cpu(buf[5]);
1316
1317 rc = str_read(&key, GFP_KERNEL, fp, len);
1318 if (rc)
1319 goto bad;
1320
1321 if (len2) {
1322 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1323 if (rc)
1324 goto bad;
1325
1326 rc = -EINVAL;
1327 cladatum->comdatum = symtab_search(&p->p_commons,
1328 cladatum->comkey);
1329 if (!cladatum->comdatum) {
1330 pr_err("SELinux: unknown common %s\n",
1331 cladatum->comkey);
1332 goto bad;
1333 }
1334 }
1335 for (i = 0; i < nel; i++) {
1336 rc = perm_read(p, &cladatum->permissions, fp);
1337 if (rc)
1338 goto bad;
1339 }
1340
1341 rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1342 if (rc)
1343 goto bad;
1344
1345 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1346
1347 rc = next_entry(buf, fp, sizeof(u32));
1348 if (rc)
1349 goto bad;
1350 ncons = le32_to_cpu(buf[0]);
1351 rc = read_cons_helper(p, &cladatum->validatetrans,
1352 ncons, 1, fp);
1353 if (rc)
1354 goto bad;
1355 }
1356
1357 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1358 rc = next_entry(buf, fp, sizeof(u32) * 3);
1359 if (rc)
1360 goto bad;
1361
1362 cladatum->default_user = le32_to_cpu(buf[0]);
1363 cladatum->default_role = le32_to_cpu(buf[1]);
1364 cladatum->default_range = le32_to_cpu(buf[2]);
1365 }
1366
1367 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1368 rc = next_entry(buf, fp, sizeof(u32) * 1);
1369 if (rc)
1370 goto bad;
1371 cladatum->default_type = le32_to_cpu(buf[0]);
1372 }
1373
1374 rc = symtab_insert(s, key, cladatum);
1375 if (rc)
1376 goto bad;
1377
1378 return 0;
1379 bad:
1380 cls_destroy(key, cladatum, NULL);
1381 return rc;
1382 }
1383
1384 static int role_read(struct policydb *p, struct symtab *s, void *fp)
1385 {
1386 char *key = NULL;
1387 struct role_datum *role;
1388 int rc, to_read = 2;
1389 __le32 buf[3];
1390 u32 len;
1391
1392 role = kzalloc(sizeof(*role), GFP_KERNEL);
1393 if (!role)
1394 return -ENOMEM;
1395
1396 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1397 to_read = 3;
1398
1399 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1400 if (rc)
1401 goto bad;
1402
1403 len = le32_to_cpu(buf[0]);
1404 role->value = le32_to_cpu(buf[1]);
1405 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1406 role->bounds = le32_to_cpu(buf[2]);
1407
1408 rc = str_read(&key, GFP_KERNEL, fp, len);
1409 if (rc)
1410 goto bad;
1411
1412 rc = ebitmap_read(&role->dominates, fp);
1413 if (rc)
1414 goto bad;
1415
1416 rc = ebitmap_read(&role->types, fp);
1417 if (rc)
1418 goto bad;
1419
1420 if (strcmp(key, OBJECT_R) == 0) {
1421 rc = -EINVAL;
1422 if (role->value != OBJECT_R_VAL) {
1423 pr_err("SELinux: Role %s has wrong value %d\n",
1424 OBJECT_R, role->value);
1425 goto bad;
1426 }
1427 rc = 0;
1428 goto bad;
1429 }
1430
1431 rc = symtab_insert(s, key, role);
1432 if (rc)
1433 goto bad;
1434 return 0;
1435 bad:
1436 role_destroy(key, role, NULL);
1437 return rc;
1438 }
1439
1440 static int type_read(struct policydb *p, struct symtab *s, void *fp)
1441 {
1442 char *key = NULL;
1443 struct type_datum *typdatum;
1444 int rc, to_read = 3;
1445 __le32 buf[4];
1446 u32 len;
1447
1448 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1449 if (!typdatum)
1450 return -ENOMEM;
1451
1452 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1453 to_read = 4;
1454
1455 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1456 if (rc)
1457 goto bad;
1458
1459 len = le32_to_cpu(buf[0]);
1460 typdatum->value = le32_to_cpu(buf[1]);
1461 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1462 u32 prop = le32_to_cpu(buf[2]);
1463
1464 if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1465 typdatum->primary = 1;
1466 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1467 typdatum->attribute = 1;
1468
1469 typdatum->bounds = le32_to_cpu(buf[3]);
1470 } else {
1471 typdatum->primary = le32_to_cpu(buf[2]);
1472 }
1473
1474 rc = str_read(&key, GFP_KERNEL, fp, len);
1475 if (rc)
1476 goto bad;
1477
1478 rc = symtab_insert(s, key, typdatum);
1479 if (rc)
1480 goto bad;
1481 return 0;
1482 bad:
1483 type_destroy(key, typdatum, NULL);
1484 return rc;
1485 }
1486
1487
1488
1489
1490
1491
1492 static int mls_read_level(struct mls_level *lp, void *fp)
1493 {
1494 __le32 buf[1];
1495 int rc;
1496
1497 memset(lp, 0, sizeof(*lp));
1498
1499 rc = next_entry(buf, fp, sizeof buf);
1500 if (rc) {
1501 pr_err("SELinux: mls: truncated level\n");
1502 return rc;
1503 }
1504 lp->sens = le32_to_cpu(buf[0]);
1505
1506 rc = ebitmap_read(&lp->cat, fp);
1507 if (rc) {
1508 pr_err("SELinux: mls: error reading level categories\n");
1509 return rc;
1510 }
1511 return 0;
1512 }
1513
1514 static int user_read(struct policydb *p, struct symtab *s, void *fp)
1515 {
1516 char *key = NULL;
1517 struct user_datum *usrdatum;
1518 int rc, to_read = 2;
1519 __le32 buf[3];
1520 u32 len;
1521
1522 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1523 if (!usrdatum)
1524 return -ENOMEM;
1525
1526 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1527 to_read = 3;
1528
1529 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1530 if (rc)
1531 goto bad;
1532
1533 len = le32_to_cpu(buf[0]);
1534 usrdatum->value = le32_to_cpu(buf[1]);
1535 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1536 usrdatum->bounds = le32_to_cpu(buf[2]);
1537
1538 rc = str_read(&key, GFP_KERNEL, fp, len);
1539 if (rc)
1540 goto bad;
1541
1542 rc = ebitmap_read(&usrdatum->roles, fp);
1543 if (rc)
1544 goto bad;
1545
1546 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1547 rc = mls_read_range_helper(&usrdatum->range, fp);
1548 if (rc)
1549 goto bad;
1550 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1551 if (rc)
1552 goto bad;
1553 }
1554
1555 rc = symtab_insert(s, key, usrdatum);
1556 if (rc)
1557 goto bad;
1558 return 0;
1559 bad:
1560 user_destroy(key, usrdatum, NULL);
1561 return rc;
1562 }
1563
1564 static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1565 {
1566 char *key = NULL;
1567 struct level_datum *levdatum;
1568 int rc;
1569 __le32 buf[2];
1570 u32 len;
1571
1572 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1573 if (!levdatum)
1574 return -ENOMEM;
1575
1576 rc = next_entry(buf, fp, sizeof buf);
1577 if (rc)
1578 goto bad;
1579
1580 len = le32_to_cpu(buf[0]);
1581 levdatum->isalias = le32_to_cpu(buf[1]);
1582
1583 rc = str_read(&key, GFP_ATOMIC, fp, len);
1584 if (rc)
1585 goto bad;
1586
1587 rc = -ENOMEM;
1588 levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
1589 if (!levdatum->level)
1590 goto bad;
1591
1592 rc = mls_read_level(levdatum->level, fp);
1593 if (rc)
1594 goto bad;
1595
1596 rc = symtab_insert(s, key, levdatum);
1597 if (rc)
1598 goto bad;
1599 return 0;
1600 bad:
1601 sens_destroy(key, levdatum, NULL);
1602 return rc;
1603 }
1604
1605 static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1606 {
1607 char *key = NULL;
1608 struct cat_datum *catdatum;
1609 int rc;
1610 __le32 buf[3];
1611 u32 len;
1612
1613 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1614 if (!catdatum)
1615 return -ENOMEM;
1616
1617 rc = next_entry(buf, fp, sizeof buf);
1618 if (rc)
1619 goto bad;
1620
1621 len = le32_to_cpu(buf[0]);
1622 catdatum->value = le32_to_cpu(buf[1]);
1623 catdatum->isalias = le32_to_cpu(buf[2]);
1624
1625 rc = str_read(&key, GFP_ATOMIC, fp, len);
1626 if (rc)
1627 goto bad;
1628
1629 rc = symtab_insert(s, key, catdatum);
1630 if (rc)
1631 goto bad;
1632 return 0;
1633 bad:
1634 cat_destroy(key, catdatum, NULL);
1635 return rc;
1636 }
1637
1638 static int (*const read_f[SYM_NUM]) (struct policydb *p,
1639 struct symtab *s, void *fp) = {
1640 common_read,
1641 class_read,
1642 role_read,
1643 type_read,
1644 user_read,
1645 cond_read_bool,
1646 sens_read,
1647 cat_read,
1648 };
1649
1650 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1651 {
1652 struct user_datum *upper, *user;
1653 struct policydb *p = datap;
1654 int depth = 0;
1655
1656 upper = user = datum;
1657 while (upper->bounds) {
1658 struct ebitmap_node *node;
1659 unsigned long bit;
1660
1661 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1662 pr_err("SELinux: user %s: "
1663 "too deep or looped boundary",
1664 (char *) key);
1665 return -EINVAL;
1666 }
1667
1668 upper = p->user_val_to_struct[upper->bounds - 1];
1669 ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1670 if (ebitmap_get_bit(&upper->roles, bit))
1671 continue;
1672
1673 pr_err("SELinux: boundary violated policy: "
1674 "user=%s role=%s bounds=%s\n",
1675 sym_name(p, SYM_USERS, user->value - 1),
1676 sym_name(p, SYM_ROLES, bit),
1677 sym_name(p, SYM_USERS, upper->value - 1));
1678
1679 return -EINVAL;
1680 }
1681 }
1682
1683 return 0;
1684 }
1685
1686 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1687 {
1688 struct role_datum *upper, *role;
1689 struct policydb *p = datap;
1690 int depth = 0;
1691
1692 upper = role = datum;
1693 while (upper->bounds) {
1694 struct ebitmap_node *node;
1695 unsigned long bit;
1696
1697 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1698 pr_err("SELinux: role %s: "
1699 "too deep or looped bounds\n",
1700 (char *) key);
1701 return -EINVAL;
1702 }
1703
1704 upper = p->role_val_to_struct[upper->bounds - 1];
1705 ebitmap_for_each_positive_bit(&role->types, node, bit) {
1706 if (ebitmap_get_bit(&upper->types, bit))
1707 continue;
1708
1709 pr_err("SELinux: boundary violated policy: "
1710 "role=%s type=%s bounds=%s\n",
1711 sym_name(p, SYM_ROLES, role->value - 1),
1712 sym_name(p, SYM_TYPES, bit),
1713 sym_name(p, SYM_ROLES, upper->value - 1));
1714
1715 return -EINVAL;
1716 }
1717 }
1718
1719 return 0;
1720 }
1721
1722 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1723 {
1724 struct type_datum *upper;
1725 struct policydb *p = datap;
1726 int depth = 0;
1727
1728 upper = datum;
1729 while (upper->bounds) {
1730 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1731 pr_err("SELinux: type %s: "
1732 "too deep or looped boundary\n",
1733 (char *) key);
1734 return -EINVAL;
1735 }
1736
1737 upper = p->type_val_to_struct[upper->bounds - 1];
1738 BUG_ON(!upper);
1739
1740 if (upper->attribute) {
1741 pr_err("SELinux: type %s: "
1742 "bounded by attribute %s",
1743 (char *) key,
1744 sym_name(p, SYM_TYPES, upper->value - 1));
1745 return -EINVAL;
1746 }
1747 }
1748
1749 return 0;
1750 }
1751
1752 static int policydb_bounds_sanity_check(struct policydb *p)
1753 {
1754 int rc;
1755
1756 if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1757 return 0;
1758
1759 rc = hashtab_map(&p->p_users.table, user_bounds_sanity_check, p);
1760 if (rc)
1761 return rc;
1762
1763 rc = hashtab_map(&p->p_roles.table, role_bounds_sanity_check, p);
1764 if (rc)
1765 return rc;
1766
1767 rc = hashtab_map(&p->p_types.table, type_bounds_sanity_check, p);
1768 if (rc)
1769 return rc;
1770
1771 return 0;
1772 }
1773
1774 u16 string_to_security_class(struct policydb *p, const char *name)
1775 {
1776 struct class_datum *cladatum;
1777
1778 cladatum = symtab_search(&p->p_classes, name);
1779 if (!cladatum)
1780 return 0;
1781
1782 return cladatum->value;
1783 }
1784
1785 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1786 {
1787 struct class_datum *cladatum;
1788 struct perm_datum *perdatum = NULL;
1789 struct common_datum *comdatum;
1790
1791 if (!tclass || tclass > p->p_classes.nprim)
1792 return 0;
1793
1794 cladatum = p->class_val_to_struct[tclass-1];
1795 comdatum = cladatum->comdatum;
1796 if (comdatum)
1797 perdatum = symtab_search(&comdatum->permissions, name);
1798 if (!perdatum)
1799 perdatum = symtab_search(&cladatum->permissions, name);
1800 if (!perdatum)
1801 return 0;
1802
1803 return 1U << (perdatum->value-1);
1804 }
1805
1806 static int range_read(struct policydb *p, void *fp)
1807 {
1808 struct range_trans *rt = NULL;
1809 struct mls_range *r = NULL;
1810 int i, rc;
1811 __le32 buf[2];
1812 u32 nel;
1813
1814 if (p->policyvers < POLICYDB_VERSION_MLS)
1815 return 0;
1816
1817 rc = next_entry(buf, fp, sizeof(u32));
1818 if (rc)
1819 return rc;
1820
1821 nel = le32_to_cpu(buf[0]);
1822
1823 rc = hashtab_init(&p->range_tr, nel);
1824 if (rc)
1825 return rc;
1826
1827 for (i = 0; i < nel; i++) {
1828 rc = -ENOMEM;
1829 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1830 if (!rt)
1831 goto out;
1832
1833 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1834 if (rc)
1835 goto out;
1836
1837 rt->source_type = le32_to_cpu(buf[0]);
1838 rt->target_type = le32_to_cpu(buf[1]);
1839 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1840 rc = next_entry(buf, fp, sizeof(u32));
1841 if (rc)
1842 goto out;
1843 rt->target_class = le32_to_cpu(buf[0]);
1844 } else
1845 rt->target_class = p->process_class;
1846
1847 rc = -EINVAL;
1848 if (!policydb_type_isvalid(p, rt->source_type) ||
1849 !policydb_type_isvalid(p, rt->target_type) ||
1850 !policydb_class_isvalid(p, rt->target_class))
1851 goto out;
1852
1853 rc = -ENOMEM;
1854 r = kzalloc(sizeof(*r), GFP_KERNEL);
1855 if (!r)
1856 goto out;
1857
1858 rc = mls_read_range_helper(r, fp);
1859 if (rc)
1860 goto out;
1861
1862 rc = -EINVAL;
1863 if (!mls_range_isvalid(p, r)) {
1864 pr_warn("SELinux: rangetrans: invalid range\n");
1865 goto out;
1866 }
1867
1868 rc = hashtab_insert(&p->range_tr, rt, r, rangetr_key_params);
1869 if (rc)
1870 goto out;
1871
1872 rt = NULL;
1873 r = NULL;
1874 }
1875 hash_eval(&p->range_tr, "rangetr");
1876 rc = 0;
1877 out:
1878 kfree(rt);
1879 kfree(r);
1880 return rc;
1881 }
1882
1883 static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1884 {
1885 struct filename_trans_key key, *ft = NULL;
1886 struct filename_trans_datum *last, *datum = NULL;
1887 char *name = NULL;
1888 u32 len, stype, otype;
1889 __le32 buf[4];
1890 int rc;
1891
1892
1893 rc = next_entry(buf, fp, sizeof(u32));
1894 if (rc)
1895 return rc;
1896 len = le32_to_cpu(buf[0]);
1897
1898
1899 rc = str_read(&name, GFP_KERNEL, fp, len);
1900 if (rc)
1901 return rc;
1902
1903 rc = next_entry(buf, fp, sizeof(u32) * 4);
1904 if (rc)
1905 goto out;
1906
1907 stype = le32_to_cpu(buf[0]);
1908 key.ttype = le32_to_cpu(buf[1]);
1909 key.tclass = le32_to_cpu(buf[2]);
1910 key.name = name;
1911
1912 otype = le32_to_cpu(buf[3]);
1913
1914 last = NULL;
1915 datum = policydb_filenametr_search(p, &key);
1916 while (datum) {
1917 if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1918
1919 datum = NULL;
1920 goto out;
1921 }
1922 if (likely(datum->otype == otype))
1923 break;
1924 last = datum;
1925 datum = datum->next;
1926 }
1927 if (!datum) {
1928 rc = -ENOMEM;
1929 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
1930 if (!datum)
1931 goto out;
1932
1933 ebitmap_init(&datum->stypes);
1934 datum->otype = otype;
1935 datum->next = NULL;
1936
1937 if (unlikely(last)) {
1938 last->next = datum;
1939 } else {
1940 rc = -ENOMEM;
1941 ft = kmemdup(&key, sizeof(key), GFP_KERNEL);
1942 if (!ft)
1943 goto out;
1944
1945 rc = hashtab_insert(&p->filename_trans, ft, datum,
1946 filenametr_key_params);
1947 if (rc)
1948 goto out;
1949 name = NULL;
1950
1951 rc = ebitmap_set_bit(&p->filename_trans_ttypes,
1952 key.ttype, 1);
1953 if (rc)
1954 return rc;
1955 }
1956 }
1957 kfree(name);
1958 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
1959
1960 out:
1961 kfree(ft);
1962 kfree(name);
1963 kfree(datum);
1964 return rc;
1965 }
1966
1967 static int filename_trans_read_helper(struct policydb *p, void *fp)
1968 {
1969 struct filename_trans_key *ft = NULL;
1970 struct filename_trans_datum **dst, *datum, *first = NULL;
1971 char *name = NULL;
1972 u32 len, ttype, tclass, ndatum, i;
1973 __le32 buf[3];
1974 int rc;
1975
1976
1977 rc = next_entry(buf, fp, sizeof(u32));
1978 if (rc)
1979 return rc;
1980 len = le32_to_cpu(buf[0]);
1981
1982
1983 rc = str_read(&name, GFP_KERNEL, fp, len);
1984 if (rc)
1985 return rc;
1986
1987 rc = next_entry(buf, fp, sizeof(u32) * 3);
1988 if (rc)
1989 goto out;
1990
1991 ttype = le32_to_cpu(buf[0]);
1992 tclass = le32_to_cpu(buf[1]);
1993
1994 ndatum = le32_to_cpu(buf[2]);
1995 if (ndatum == 0) {
1996 pr_err("SELinux: Filename transition key with no datum\n");
1997 rc = -ENOENT;
1998 goto out;
1999 }
2000
2001 dst = &first;
2002 for (i = 0; i < ndatum; i++) {
2003 rc = -ENOMEM;
2004 datum = kmalloc(sizeof(*datum), GFP_KERNEL);
2005 if (!datum)
2006 goto out;
2007
2008 *dst = datum;
2009
2010
2011 rc = ebitmap_read(&datum->stypes, fp);
2012 if (rc)
2013 goto out;
2014
2015 rc = next_entry(buf, fp, sizeof(u32));
2016 if (rc)
2017 goto out;
2018
2019 datum->otype = le32_to_cpu(buf[0]);
2020 datum->next = NULL;
2021
2022 dst = &datum->next;
2023 }
2024
2025 rc = -ENOMEM;
2026 ft = kmalloc(sizeof(*ft), GFP_KERNEL);
2027 if (!ft)
2028 goto out;
2029
2030 ft->ttype = ttype;
2031 ft->tclass = tclass;
2032 ft->name = name;
2033
2034 rc = hashtab_insert(&p->filename_trans, ft, first,
2035 filenametr_key_params);
2036 if (rc == -EEXIST)
2037 pr_err("SELinux: Duplicate filename transition key\n");
2038 if (rc)
2039 goto out;
2040
2041 return ebitmap_set_bit(&p->filename_trans_ttypes, ttype, 1);
2042
2043 out:
2044 kfree(ft);
2045 kfree(name);
2046 while (first) {
2047 datum = first;
2048 first = first->next;
2049
2050 ebitmap_destroy(&datum->stypes);
2051 kfree(datum);
2052 }
2053 return rc;
2054 }
2055
2056 static int filename_trans_read(struct policydb *p, void *fp)
2057 {
2058 u32 nel;
2059 __le32 buf[1];
2060 int rc, i;
2061
2062 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2063 return 0;
2064
2065 rc = next_entry(buf, fp, sizeof(u32));
2066 if (rc)
2067 return rc;
2068 nel = le32_to_cpu(buf[0]);
2069
2070 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2071 p->compat_filename_trans_count = nel;
2072
2073 rc = hashtab_init(&p->filename_trans, (1 << 11));
2074 if (rc)
2075 return rc;
2076
2077 for (i = 0; i < nel; i++) {
2078 rc = filename_trans_read_helper_compat(p, fp);
2079 if (rc)
2080 return rc;
2081 }
2082 } else {
2083 rc = hashtab_init(&p->filename_trans, nel);
2084 if (rc)
2085 return rc;
2086
2087 for (i = 0; i < nel; i++) {
2088 rc = filename_trans_read_helper(p, fp);
2089 if (rc)
2090 return rc;
2091 }
2092 }
2093 hash_eval(&p->filename_trans, "filenametr");
2094 return 0;
2095 }
2096
2097 static int genfs_read(struct policydb *p, void *fp)
2098 {
2099 int i, j, rc;
2100 u32 nel, nel2, len, len2;
2101 __le32 buf[1];
2102 struct ocontext *l, *c;
2103 struct ocontext *newc = NULL;
2104 struct genfs *genfs_p, *genfs;
2105 struct genfs *newgenfs = NULL;
2106
2107 rc = next_entry(buf, fp, sizeof(u32));
2108 if (rc)
2109 return rc;
2110 nel = le32_to_cpu(buf[0]);
2111
2112 for (i = 0; i < nel; i++) {
2113 rc = next_entry(buf, fp, sizeof(u32));
2114 if (rc)
2115 goto out;
2116 len = le32_to_cpu(buf[0]);
2117
2118 rc = -ENOMEM;
2119 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2120 if (!newgenfs)
2121 goto out;
2122
2123 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2124 if (rc)
2125 goto out;
2126
2127 for (genfs_p = NULL, genfs = p->genfs; genfs;
2128 genfs_p = genfs, genfs = genfs->next) {
2129 rc = -EINVAL;
2130 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2131 pr_err("SELinux: dup genfs fstype %s\n",
2132 newgenfs->fstype);
2133 goto out;
2134 }
2135 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2136 break;
2137 }
2138 newgenfs->next = genfs;
2139 if (genfs_p)
2140 genfs_p->next = newgenfs;
2141 else
2142 p->genfs = newgenfs;
2143 genfs = newgenfs;
2144 newgenfs = NULL;
2145
2146 rc = next_entry(buf, fp, sizeof(u32));
2147 if (rc)
2148 goto out;
2149
2150 nel2 = le32_to_cpu(buf[0]);
2151 for (j = 0; j < nel2; j++) {
2152 rc = next_entry(buf, fp, sizeof(u32));
2153 if (rc)
2154 goto out;
2155 len = le32_to_cpu(buf[0]);
2156
2157 rc = -ENOMEM;
2158 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2159 if (!newc)
2160 goto out;
2161
2162 rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2163 if (rc)
2164 goto out;
2165
2166 rc = next_entry(buf, fp, sizeof(u32));
2167 if (rc)
2168 goto out;
2169
2170 newc->v.sclass = le32_to_cpu(buf[0]);
2171 rc = context_read_and_validate(&newc->context[0], p, fp);
2172 if (rc)
2173 goto out;
2174
2175 for (l = NULL, c = genfs->head; c;
2176 l = c, c = c->next) {
2177 rc = -EINVAL;
2178 if (!strcmp(newc->u.name, c->u.name) &&
2179 (!c->v.sclass || !newc->v.sclass ||
2180 newc->v.sclass == c->v.sclass)) {
2181 pr_err("SELinux: dup genfs entry (%s,%s)\n",
2182 genfs->fstype, c->u.name);
2183 goto out;
2184 }
2185 len = strlen(newc->u.name);
2186 len2 = strlen(c->u.name);
2187 if (len > len2)
2188 break;
2189 }
2190
2191 newc->next = c;
2192 if (l)
2193 l->next = newc;
2194 else
2195 genfs->head = newc;
2196 newc = NULL;
2197 }
2198 }
2199 rc = 0;
2200 out:
2201 if (newgenfs) {
2202 kfree(newgenfs->fstype);
2203 kfree(newgenfs);
2204 }
2205 ocontext_destroy(newc, OCON_FSUSE);
2206
2207 return rc;
2208 }
2209
2210 static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info,
2211 void *fp)
2212 {
2213 int i, j, rc;
2214 u32 nel, len;
2215 __be64 prefixbuf[1];
2216 __le32 buf[3];
2217 struct ocontext *l, *c;
2218 u32 nodebuf[8];
2219
2220 for (i = 0; i < info->ocon_num; i++) {
2221 rc = next_entry(buf, fp, sizeof(u32));
2222 if (rc)
2223 goto out;
2224 nel = le32_to_cpu(buf[0]);
2225
2226 l = NULL;
2227 for (j = 0; j < nel; j++) {
2228 rc = -ENOMEM;
2229 c = kzalloc(sizeof(*c), GFP_KERNEL);
2230 if (!c)
2231 goto out;
2232 if (l)
2233 l->next = c;
2234 else
2235 p->ocontexts[i] = c;
2236 l = c;
2237
2238 switch (i) {
2239 case OCON_ISID:
2240 rc = next_entry(buf, fp, sizeof(u32));
2241 if (rc)
2242 goto out;
2243
2244 c->sid[0] = le32_to_cpu(buf[0]);
2245 rc = context_read_and_validate(&c->context[0], p, fp);
2246 if (rc)
2247 goto out;
2248 break;
2249 case OCON_FS:
2250 case OCON_NETIF:
2251 rc = next_entry(buf, fp, sizeof(u32));
2252 if (rc)
2253 goto out;
2254 len = le32_to_cpu(buf[0]);
2255
2256 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2257 if (rc)
2258 goto out;
2259
2260 rc = context_read_and_validate(&c->context[0], p, fp);
2261 if (rc)
2262 goto out;
2263 rc = context_read_and_validate(&c->context[1], p, fp);
2264 if (rc)
2265 goto out;
2266 break;
2267 case OCON_PORT:
2268 rc = next_entry(buf, fp, sizeof(u32)*3);
2269 if (rc)
2270 goto out;
2271 c->u.port.protocol = le32_to_cpu(buf[0]);
2272 c->u.port.low_port = le32_to_cpu(buf[1]);
2273 c->u.port.high_port = le32_to_cpu(buf[2]);
2274 rc = context_read_and_validate(&c->context[0], p, fp);
2275 if (rc)
2276 goto out;
2277 break;
2278 case OCON_NODE:
2279 rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2280 if (rc)
2281 goto out;
2282 c->u.node.addr = nodebuf[0];
2283 c->u.node.mask = nodebuf[1];
2284 rc = context_read_and_validate(&c->context[0], p, fp);
2285 if (rc)
2286 goto out;
2287 break;
2288 case OCON_FSUSE:
2289 rc = next_entry(buf, fp, sizeof(u32)*2);
2290 if (rc)
2291 goto out;
2292
2293 rc = -EINVAL;
2294 c->v.behavior = le32_to_cpu(buf[0]);
2295
2296 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2297 goto out;
2298 if (c->v.behavior > SECURITY_FS_USE_MAX)
2299 goto out;
2300
2301 len = le32_to_cpu(buf[1]);
2302 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2303 if (rc)
2304 goto out;
2305
2306 rc = context_read_and_validate(&c->context[0], p, fp);
2307 if (rc)
2308 goto out;
2309 break;
2310 case OCON_NODE6: {
2311 int k;
2312
2313 rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2314 if (rc)
2315 goto out;
2316 for (k = 0; k < 4; k++)
2317 c->u.node6.addr[k] = nodebuf[k];
2318 for (k = 0; k < 4; k++)
2319 c->u.node6.mask[k] = nodebuf[k+4];
2320 rc = context_read_and_validate(&c->context[0], p, fp);
2321 if (rc)
2322 goto out;
2323 break;
2324 }
2325 case OCON_IBPKEY: {
2326 u32 pkey_lo, pkey_hi;
2327
2328 rc = next_entry(prefixbuf, fp, sizeof(u64));
2329 if (rc)
2330 goto out;
2331
2332
2333 c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2334
2335 rc = next_entry(buf, fp, sizeof(u32) * 2);
2336 if (rc)
2337 goto out;
2338
2339 pkey_lo = le32_to_cpu(buf[0]);
2340 pkey_hi = le32_to_cpu(buf[1]);
2341
2342 if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2343 rc = -EINVAL;
2344 goto out;
2345 }
2346
2347 c->u.ibpkey.low_pkey = pkey_lo;
2348 c->u.ibpkey.high_pkey = pkey_hi;
2349
2350 rc = context_read_and_validate(&c->context[0],
2351 p,
2352 fp);
2353 if (rc)
2354 goto out;
2355 break;
2356 }
2357 case OCON_IBENDPORT: {
2358 u32 port;
2359
2360 rc = next_entry(buf, fp, sizeof(u32) * 2);
2361 if (rc)
2362 goto out;
2363 len = le32_to_cpu(buf[0]);
2364
2365 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2366 if (rc)
2367 goto out;
2368
2369 port = le32_to_cpu(buf[1]);
2370 if (port > U8_MAX || port == 0) {
2371 rc = -EINVAL;
2372 goto out;
2373 }
2374
2375 c->u.ibendport.port = port;
2376
2377 rc = context_read_and_validate(&c->context[0],
2378 p,
2379 fp);
2380 if (rc)
2381 goto out;
2382 break;
2383 }
2384 }
2385 }
2386 }
2387 rc = 0;
2388 out:
2389 return rc;
2390 }
2391
2392
2393
2394
2395
2396 int policydb_read(struct policydb *p, void *fp)
2397 {
2398 struct role_allow *ra, *lra;
2399 struct role_trans_key *rtk = NULL;
2400 struct role_trans_datum *rtd = NULL;
2401 int i, j, rc;
2402 __le32 buf[4];
2403 u32 len, nprim, nel, perm;
2404
2405 char *policydb_str;
2406 const struct policydb_compat_info *info;
2407
2408 policydb_init(p);
2409
2410
2411 rc = next_entry(buf, fp, sizeof(u32) * 2);
2412 if (rc)
2413 goto bad;
2414
2415 rc = -EINVAL;
2416 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2417 pr_err("SELinux: policydb magic number 0x%x does "
2418 "not match expected magic number 0x%x\n",
2419 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2420 goto bad;
2421 }
2422
2423 rc = -EINVAL;
2424 len = le32_to_cpu(buf[1]);
2425 if (len != strlen(POLICYDB_STRING)) {
2426 pr_err("SELinux: policydb string length %d does not "
2427 "match expected length %zu\n",
2428 len, strlen(POLICYDB_STRING));
2429 goto bad;
2430 }
2431
2432 rc = -ENOMEM;
2433 policydb_str = kmalloc(len + 1, GFP_KERNEL);
2434 if (!policydb_str) {
2435 pr_err("SELinux: unable to allocate memory for policydb "
2436 "string of length %d\n", len);
2437 goto bad;
2438 }
2439
2440 rc = next_entry(policydb_str, fp, len);
2441 if (rc) {
2442 pr_err("SELinux: truncated policydb string identifier\n");
2443 kfree(policydb_str);
2444 goto bad;
2445 }
2446
2447 rc = -EINVAL;
2448 policydb_str[len] = '\0';
2449 if (strcmp(policydb_str, POLICYDB_STRING)) {
2450 pr_err("SELinux: policydb string %s does not match "
2451 "my string %s\n", policydb_str, POLICYDB_STRING);
2452 kfree(policydb_str);
2453 goto bad;
2454 }
2455
2456 kfree(policydb_str);
2457 policydb_str = NULL;
2458
2459
2460 rc = next_entry(buf, fp, sizeof(u32)*4);
2461 if (rc)
2462 goto bad;
2463
2464 rc = -EINVAL;
2465 p->policyvers = le32_to_cpu(buf[0]);
2466 if (p->policyvers < POLICYDB_VERSION_MIN ||
2467 p->policyvers > POLICYDB_VERSION_MAX) {
2468 pr_err("SELinux: policydb version %d does not match "
2469 "my version range %d-%d\n",
2470 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2471 goto bad;
2472 }
2473
2474 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2475 p->mls_enabled = 1;
2476
2477 rc = -EINVAL;
2478 if (p->policyvers < POLICYDB_VERSION_MLS) {
2479 pr_err("SELinux: security policydb version %d "
2480 "(MLS) not backwards compatible\n",
2481 p->policyvers);
2482 goto bad;
2483 }
2484 }
2485 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2486 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2487
2488 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2489 rc = ebitmap_read(&p->policycaps, fp);
2490 if (rc)
2491 goto bad;
2492 }
2493
2494 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2495 rc = ebitmap_read(&p->permissive_map, fp);
2496 if (rc)
2497 goto bad;
2498 }
2499
2500 rc = -EINVAL;
2501 info = policydb_lookup_compat(p->policyvers);
2502 if (!info) {
2503 pr_err("SELinux: unable to find policy compat info "
2504 "for version %d\n", p->policyvers);
2505 goto bad;
2506 }
2507
2508 rc = -EINVAL;
2509 if (le32_to_cpu(buf[2]) != info->sym_num ||
2510 le32_to_cpu(buf[3]) != info->ocon_num) {
2511 pr_err("SELinux: policydb table sizes (%d,%d) do "
2512 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2513 le32_to_cpu(buf[3]),
2514 info->sym_num, info->ocon_num);
2515 goto bad;
2516 }
2517
2518 for (i = 0; i < info->sym_num; i++) {
2519 rc = next_entry(buf, fp, sizeof(u32)*2);
2520 if (rc)
2521 goto bad;
2522 nprim = le32_to_cpu(buf[0]);
2523 nel = le32_to_cpu(buf[1]);
2524
2525 rc = symtab_init(&p->symtab[i], nel);
2526 if (rc)
2527 goto out;
2528
2529 if (i == SYM_ROLES) {
2530 rc = roles_init(p);
2531 if (rc)
2532 goto out;
2533 }
2534
2535 for (j = 0; j < nel; j++) {
2536 rc = read_f[i](p, &p->symtab[i], fp);
2537 if (rc)
2538 goto bad;
2539 }
2540
2541 p->symtab[i].nprim = nprim;
2542 }
2543
2544 rc = -EINVAL;
2545 p->process_class = string_to_security_class(p, "process");
2546 if (!p->process_class) {
2547 pr_err("SELinux: process class is required, not defined in policy\n");
2548 goto bad;
2549 }
2550
2551 rc = avtab_read(&p->te_avtab, fp, p);
2552 if (rc)
2553 goto bad;
2554
2555 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2556 rc = cond_read_list(p, fp);
2557 if (rc)
2558 goto bad;
2559 }
2560
2561 rc = next_entry(buf, fp, sizeof(u32));
2562 if (rc)
2563 goto bad;
2564 nel = le32_to_cpu(buf[0]);
2565
2566 rc = hashtab_init(&p->role_tr, nel);
2567 if (rc)
2568 goto bad;
2569 for (i = 0; i < nel; i++) {
2570 rc = -ENOMEM;
2571 rtk = kmalloc(sizeof(*rtk), GFP_KERNEL);
2572 if (!rtk)
2573 goto bad;
2574
2575 rc = -ENOMEM;
2576 rtd = kmalloc(sizeof(*rtd), GFP_KERNEL);
2577 if (!rtd)
2578 goto bad;
2579
2580 rc = next_entry(buf, fp, sizeof(u32)*3);
2581 if (rc)
2582 goto bad;
2583
2584 rtk->role = le32_to_cpu(buf[0]);
2585 rtk->type = le32_to_cpu(buf[1]);
2586 rtd->new_role = le32_to_cpu(buf[2]);
2587 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2588 rc = next_entry(buf, fp, sizeof(u32));
2589 if (rc)
2590 goto bad;
2591 rtk->tclass = le32_to_cpu(buf[0]);
2592 } else
2593 rtk->tclass = p->process_class;
2594
2595 rc = -EINVAL;
2596 if (!policydb_role_isvalid(p, rtk->role) ||
2597 !policydb_type_isvalid(p, rtk->type) ||
2598 !policydb_class_isvalid(p, rtk->tclass) ||
2599 !policydb_role_isvalid(p, rtd->new_role))
2600 goto bad;
2601
2602 rc = hashtab_insert(&p->role_tr, rtk, rtd, roletr_key_params);
2603 if (rc)
2604 goto bad;
2605
2606 rtk = NULL;
2607 rtd = NULL;
2608 }
2609
2610 rc = next_entry(buf, fp, sizeof(u32));
2611 if (rc)
2612 goto bad;
2613 nel = le32_to_cpu(buf[0]);
2614 lra = NULL;
2615 for (i = 0; i < nel; i++) {
2616 rc = -ENOMEM;
2617 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2618 if (!ra)
2619 goto bad;
2620 if (lra)
2621 lra->next = ra;
2622 else
2623 p->role_allow = ra;
2624 rc = next_entry(buf, fp, sizeof(u32)*2);
2625 if (rc)
2626 goto bad;
2627
2628 rc = -EINVAL;
2629 ra->role = le32_to_cpu(buf[0]);
2630 ra->new_role = le32_to_cpu(buf[1]);
2631 if (!policydb_role_isvalid(p, ra->role) ||
2632 !policydb_role_isvalid(p, ra->new_role))
2633 goto bad;
2634 lra = ra;
2635 }
2636
2637 rc = filename_trans_read(p, fp);
2638 if (rc)
2639 goto bad;
2640
2641 rc = policydb_index(p);
2642 if (rc)
2643 goto bad;
2644
2645 rc = -EINVAL;
2646 perm = string_to_av_perm(p, p->process_class, "transition");
2647 if (!perm) {
2648 pr_err("SELinux: process transition permission is required, not defined in policy\n");
2649 goto bad;
2650 }
2651 p->process_trans_perms = perm;
2652 perm = string_to_av_perm(p, p->process_class, "dyntransition");
2653 if (!perm) {
2654 pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2655 goto bad;
2656 }
2657 p->process_trans_perms |= perm;
2658
2659 rc = ocontext_read(p, info, fp);
2660 if (rc)
2661 goto bad;
2662
2663 rc = genfs_read(p, fp);
2664 if (rc)
2665 goto bad;
2666
2667 rc = range_read(p, fp);
2668 if (rc)
2669 goto bad;
2670
2671 rc = -ENOMEM;
2672 p->type_attr_map_array = kvcalloc(p->p_types.nprim,
2673 sizeof(*p->type_attr_map_array),
2674 GFP_KERNEL);
2675 if (!p->type_attr_map_array)
2676 goto bad;
2677
2678
2679 for (i = 0; i < p->p_types.nprim; i++)
2680 ebitmap_init(&p->type_attr_map_array[i]);
2681
2682 for (i = 0; i < p->p_types.nprim; i++) {
2683 struct ebitmap *e = &p->type_attr_map_array[i];
2684
2685 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2686 rc = ebitmap_read(e, fp);
2687 if (rc)
2688 goto bad;
2689 }
2690
2691 rc = ebitmap_set_bit(e, i, 1);
2692 if (rc)
2693 goto bad;
2694 }
2695
2696 rc = policydb_bounds_sanity_check(p);
2697 if (rc)
2698 goto bad;
2699
2700 rc = 0;
2701 out:
2702 return rc;
2703 bad:
2704 kfree(rtk);
2705 kfree(rtd);
2706 policydb_destroy(p);
2707 goto out;
2708 }
2709
2710
2711
2712
2713
2714 static int mls_write_level(struct mls_level *l, void *fp)
2715 {
2716 __le32 buf[1];
2717 int rc;
2718
2719 buf[0] = cpu_to_le32(l->sens);
2720 rc = put_entry(buf, sizeof(u32), 1, fp);
2721 if (rc)
2722 return rc;
2723
2724 rc = ebitmap_write(&l->cat, fp);
2725 if (rc)
2726 return rc;
2727
2728 return 0;
2729 }
2730
2731
2732
2733
2734
2735 static int mls_write_range_helper(struct mls_range *r, void *fp)
2736 {
2737 __le32 buf[3];
2738 size_t items;
2739 int rc, eq;
2740
2741 eq = mls_level_eq(&r->level[1], &r->level[0]);
2742
2743 if (eq)
2744 items = 2;
2745 else
2746 items = 3;
2747 buf[0] = cpu_to_le32(items-1);
2748 buf[1] = cpu_to_le32(r->level[0].sens);
2749 if (!eq)
2750 buf[2] = cpu_to_le32(r->level[1].sens);
2751
2752 BUG_ON(items > ARRAY_SIZE(buf));
2753
2754 rc = put_entry(buf, sizeof(u32), items, fp);
2755 if (rc)
2756 return rc;
2757
2758 rc = ebitmap_write(&r->level[0].cat, fp);
2759 if (rc)
2760 return rc;
2761 if (!eq) {
2762 rc = ebitmap_write(&r->level[1].cat, fp);
2763 if (rc)
2764 return rc;
2765 }
2766
2767 return 0;
2768 }
2769
2770 static int sens_write(void *vkey, void *datum, void *ptr)
2771 {
2772 char *key = vkey;
2773 struct level_datum *levdatum = datum;
2774 struct policy_data *pd = ptr;
2775 void *fp = pd->fp;
2776 __le32 buf[2];
2777 size_t len;
2778 int rc;
2779
2780 len = strlen(key);
2781 buf[0] = cpu_to_le32(len);
2782 buf[1] = cpu_to_le32(levdatum->isalias);
2783 rc = put_entry(buf, sizeof(u32), 2, fp);
2784 if (rc)
2785 return rc;
2786
2787 rc = put_entry(key, 1, len, fp);
2788 if (rc)
2789 return rc;
2790
2791 rc = mls_write_level(levdatum->level, fp);
2792 if (rc)
2793 return rc;
2794
2795 return 0;
2796 }
2797
2798 static int cat_write(void *vkey, void *datum, void *ptr)
2799 {
2800 char *key = vkey;
2801 struct cat_datum *catdatum = datum;
2802 struct policy_data *pd = ptr;
2803 void *fp = pd->fp;
2804 __le32 buf[3];
2805 size_t len;
2806 int rc;
2807
2808 len = strlen(key);
2809 buf[0] = cpu_to_le32(len);
2810 buf[1] = cpu_to_le32(catdatum->value);
2811 buf[2] = cpu_to_le32(catdatum->isalias);
2812 rc = put_entry(buf, sizeof(u32), 3, fp);
2813 if (rc)
2814 return rc;
2815
2816 rc = put_entry(key, 1, len, fp);
2817 if (rc)
2818 return rc;
2819
2820 return 0;
2821 }
2822
2823 static int role_trans_write_one(void *key, void *datum, void *ptr)
2824 {
2825 struct role_trans_key *rtk = key;
2826 struct role_trans_datum *rtd = datum;
2827 struct policy_data *pd = ptr;
2828 void *fp = pd->fp;
2829 struct policydb *p = pd->p;
2830 __le32 buf[3];
2831 int rc;
2832
2833 buf[0] = cpu_to_le32(rtk->role);
2834 buf[1] = cpu_to_le32(rtk->type);
2835 buf[2] = cpu_to_le32(rtd->new_role);
2836 rc = put_entry(buf, sizeof(u32), 3, fp);
2837 if (rc)
2838 return rc;
2839 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2840 buf[0] = cpu_to_le32(rtk->tclass);
2841 rc = put_entry(buf, sizeof(u32), 1, fp);
2842 if (rc)
2843 return rc;
2844 }
2845 return 0;
2846 }
2847
2848 static int role_trans_write(struct policydb *p, void *fp)
2849 {
2850 struct policy_data pd = { .p = p, .fp = fp };
2851 __le32 buf[1];
2852 int rc;
2853
2854 buf[0] = cpu_to_le32(p->role_tr.nel);
2855 rc = put_entry(buf, sizeof(u32), 1, fp);
2856 if (rc)
2857 return rc;
2858
2859 return hashtab_map(&p->role_tr, role_trans_write_one, &pd);
2860 }
2861
2862 static int role_allow_write(struct role_allow *r, void *fp)
2863 {
2864 struct role_allow *ra;
2865 __le32 buf[2];
2866 size_t nel;
2867 int rc;
2868
2869 nel = 0;
2870 for (ra = r; ra; ra = ra->next)
2871 nel++;
2872 buf[0] = cpu_to_le32(nel);
2873 rc = put_entry(buf, sizeof(u32), 1, fp);
2874 if (rc)
2875 return rc;
2876 for (ra = r; ra; ra = ra->next) {
2877 buf[0] = cpu_to_le32(ra->role);
2878 buf[1] = cpu_to_le32(ra->new_role);
2879 rc = put_entry(buf, sizeof(u32), 2, fp);
2880 if (rc)
2881 return rc;
2882 }
2883 return 0;
2884 }
2885
2886
2887
2888
2889
2890 static int context_write(struct policydb *p, struct context *c,
2891 void *fp)
2892 {
2893 int rc;
2894 __le32 buf[3];
2895
2896 buf[0] = cpu_to_le32(c->user);
2897 buf[1] = cpu_to_le32(c->role);
2898 buf[2] = cpu_to_le32(c->type);
2899
2900 rc = put_entry(buf, sizeof(u32), 3, fp);
2901 if (rc)
2902 return rc;
2903
2904 rc = mls_write_range_helper(&c->range, fp);
2905 if (rc)
2906 return rc;
2907
2908 return 0;
2909 }
2910
2911
2912
2913
2914
2915
2916
2917 static int perm_write(void *vkey, void *datum, void *fp)
2918 {
2919 char *key = vkey;
2920 struct perm_datum *perdatum = datum;
2921 __le32 buf[2];
2922 size_t len;
2923 int rc;
2924
2925 len = strlen(key);
2926 buf[0] = cpu_to_le32(len);
2927 buf[1] = cpu_to_le32(perdatum->value);
2928 rc = put_entry(buf, sizeof(u32), 2, fp);
2929 if (rc)
2930 return rc;
2931
2932 rc = put_entry(key, 1, len, fp);
2933 if (rc)
2934 return rc;
2935
2936 return 0;
2937 }
2938
2939 static int common_write(void *vkey, void *datum, void *ptr)
2940 {
2941 char *key = vkey;
2942 struct common_datum *comdatum = datum;
2943 struct policy_data *pd = ptr;
2944 void *fp = pd->fp;
2945 __le32 buf[4];
2946 size_t len;
2947 int rc;
2948
2949 len = strlen(key);
2950 buf[0] = cpu_to_le32(len);
2951 buf[1] = cpu_to_le32(comdatum->value);
2952 buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2953 buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2954 rc = put_entry(buf, sizeof(u32), 4, fp);
2955 if (rc)
2956 return rc;
2957
2958 rc = put_entry(key, 1, len, fp);
2959 if (rc)
2960 return rc;
2961
2962 rc = hashtab_map(&comdatum->permissions.table, perm_write, fp);
2963 if (rc)
2964 return rc;
2965
2966 return 0;
2967 }
2968
2969 static int type_set_write(struct type_set *t, void *fp)
2970 {
2971 int rc;
2972 __le32 buf[1];
2973
2974 if (ebitmap_write(&t->types, fp))
2975 return -EINVAL;
2976 if (ebitmap_write(&t->negset, fp))
2977 return -EINVAL;
2978
2979 buf[0] = cpu_to_le32(t->flags);
2980 rc = put_entry(buf, sizeof(u32), 1, fp);
2981 if (rc)
2982 return -EINVAL;
2983
2984 return 0;
2985 }
2986
2987 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2988 void *fp)
2989 {
2990 struct constraint_node *c;
2991 struct constraint_expr *e;
2992 __le32 buf[3];
2993 u32 nel;
2994 int rc;
2995
2996 for (c = node; c; c = c->next) {
2997 nel = 0;
2998 for (e = c->expr; e; e = e->next)
2999 nel++;
3000 buf[0] = cpu_to_le32(c->permissions);
3001 buf[1] = cpu_to_le32(nel);
3002 rc = put_entry(buf, sizeof(u32), 2, fp);
3003 if (rc)
3004 return rc;
3005 for (e = c->expr; e; e = e->next) {
3006 buf[0] = cpu_to_le32(e->expr_type);
3007 buf[1] = cpu_to_le32(e->attr);
3008 buf[2] = cpu_to_le32(e->op);
3009 rc = put_entry(buf, sizeof(u32), 3, fp);
3010 if (rc)
3011 return rc;
3012
3013 switch (e->expr_type) {
3014 case CEXPR_NAMES:
3015 rc = ebitmap_write(&e->names, fp);
3016 if (rc)
3017 return rc;
3018 if (p->policyvers >=
3019 POLICYDB_VERSION_CONSTRAINT_NAMES) {
3020 rc = type_set_write(e->type_names, fp);
3021 if (rc)
3022 return rc;
3023 }
3024 break;
3025 default:
3026 break;
3027 }
3028 }
3029 }
3030
3031 return 0;
3032 }
3033
3034 static int class_write(void *vkey, void *datum, void *ptr)
3035 {
3036 char *key = vkey;
3037 struct class_datum *cladatum = datum;
3038 struct policy_data *pd = ptr;
3039 void *fp = pd->fp;
3040 struct policydb *p = pd->p;
3041 struct constraint_node *c;
3042 __le32 buf[6];
3043 u32 ncons;
3044 size_t len, len2;
3045 int rc;
3046
3047 len = strlen(key);
3048 if (cladatum->comkey)
3049 len2 = strlen(cladatum->comkey);
3050 else
3051 len2 = 0;
3052
3053 ncons = 0;
3054 for (c = cladatum->constraints; c; c = c->next)
3055 ncons++;
3056
3057 buf[0] = cpu_to_le32(len);
3058 buf[1] = cpu_to_le32(len2);
3059 buf[2] = cpu_to_le32(cladatum->value);
3060 buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3061 buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3062 buf[5] = cpu_to_le32(ncons);
3063 rc = put_entry(buf, sizeof(u32), 6, fp);
3064 if (rc)
3065 return rc;
3066
3067 rc = put_entry(key, 1, len, fp);
3068 if (rc)
3069 return rc;
3070
3071 if (cladatum->comkey) {
3072 rc = put_entry(cladatum->comkey, 1, len2, fp);
3073 if (rc)
3074 return rc;
3075 }
3076
3077 rc = hashtab_map(&cladatum->permissions.table, perm_write, fp);
3078 if (rc)
3079 return rc;
3080
3081 rc = write_cons_helper(p, cladatum->constraints, fp);
3082 if (rc)
3083 return rc;
3084
3085
3086 ncons = 0;
3087 for (c = cladatum->validatetrans; c; c = c->next)
3088 ncons++;
3089
3090 buf[0] = cpu_to_le32(ncons);
3091 rc = put_entry(buf, sizeof(u32), 1, fp);
3092 if (rc)
3093 return rc;
3094
3095 rc = write_cons_helper(p, cladatum->validatetrans, fp);
3096 if (rc)
3097 return rc;
3098
3099 if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3100 buf[0] = cpu_to_le32(cladatum->default_user);
3101 buf[1] = cpu_to_le32(cladatum->default_role);
3102 buf[2] = cpu_to_le32(cladatum->default_range);
3103
3104 rc = put_entry(buf, sizeof(uint32_t), 3, fp);
3105 if (rc)
3106 return rc;
3107 }
3108
3109 if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3110 buf[0] = cpu_to_le32(cladatum->default_type);
3111 rc = put_entry(buf, sizeof(uint32_t), 1, fp);
3112 if (rc)
3113 return rc;
3114 }
3115
3116 return 0;
3117 }
3118
3119 static int role_write(void *vkey, void *datum, void *ptr)
3120 {
3121 char *key = vkey;
3122 struct role_datum *role = datum;
3123 struct policy_data *pd = ptr;
3124 void *fp = pd->fp;
3125 struct policydb *p = pd->p;
3126 __le32 buf[3];
3127 size_t items, len;
3128 int rc;
3129
3130 len = strlen(key);
3131 items = 0;
3132 buf[items++] = cpu_to_le32(len);
3133 buf[items++] = cpu_to_le32(role->value);
3134 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3135 buf[items++] = cpu_to_le32(role->bounds);
3136
3137 BUG_ON(items > ARRAY_SIZE(buf));
3138
3139 rc = put_entry(buf, sizeof(u32), items, fp);
3140 if (rc)
3141 return rc;
3142
3143 rc = put_entry(key, 1, len, fp);
3144 if (rc)
3145 return rc;
3146
3147 rc = ebitmap_write(&role->dominates, fp);
3148 if (rc)
3149 return rc;
3150
3151 rc = ebitmap_write(&role->types, fp);
3152 if (rc)
3153 return rc;
3154
3155 return 0;
3156 }
3157
3158 static int type_write(void *vkey, void *datum, void *ptr)
3159 {
3160 char *key = vkey;
3161 struct type_datum *typdatum = datum;
3162 struct policy_data *pd = ptr;
3163 struct policydb *p = pd->p;
3164 void *fp = pd->fp;
3165 __le32 buf[4];
3166 int rc;
3167 size_t items, len;
3168
3169 len = strlen(key);
3170 items = 0;
3171 buf[items++] = cpu_to_le32(len);
3172 buf[items++] = cpu_to_le32(typdatum->value);
3173 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3174 u32 properties = 0;
3175
3176 if (typdatum->primary)
3177 properties |= TYPEDATUM_PROPERTY_PRIMARY;
3178
3179 if (typdatum->attribute)
3180 properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3181
3182 buf[items++] = cpu_to_le32(properties);
3183 buf[items++] = cpu_to_le32(typdatum->bounds);
3184 } else {
3185 buf[items++] = cpu_to_le32(typdatum->primary);
3186 }
3187 BUG_ON(items > ARRAY_SIZE(buf));
3188 rc = put_entry(buf, sizeof(u32), items, fp);
3189 if (rc)
3190 return rc;
3191
3192 rc = put_entry(key, 1, len, fp);
3193 if (rc)
3194 return rc;
3195
3196 return 0;
3197 }
3198
3199 static int user_write(void *vkey, void *datum, void *ptr)
3200 {
3201 char *key = vkey;
3202 struct user_datum *usrdatum = datum;
3203 struct policy_data *pd = ptr;
3204 struct policydb *p = pd->p;
3205 void *fp = pd->fp;
3206 __le32 buf[3];
3207 size_t items, len;
3208 int rc;
3209
3210 len = strlen(key);
3211 items = 0;
3212 buf[items++] = cpu_to_le32(len);
3213 buf[items++] = cpu_to_le32(usrdatum->value);
3214 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3215 buf[items++] = cpu_to_le32(usrdatum->bounds);
3216 BUG_ON(items > ARRAY_SIZE(buf));
3217 rc = put_entry(buf, sizeof(u32), items, fp);
3218 if (rc)
3219 return rc;
3220
3221 rc = put_entry(key, 1, len, fp);
3222 if (rc)
3223 return rc;
3224
3225 rc = ebitmap_write(&usrdatum->roles, fp);
3226 if (rc)
3227 return rc;
3228
3229 rc = mls_write_range_helper(&usrdatum->range, fp);
3230 if (rc)
3231 return rc;
3232
3233 rc = mls_write_level(&usrdatum->dfltlevel, fp);
3234 if (rc)
3235 return rc;
3236
3237 return 0;
3238 }
3239
3240 static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
3241 common_write,
3242 class_write,
3243 role_write,
3244 type_write,
3245 user_write,
3246 cond_write_bool,
3247 sens_write,
3248 cat_write,
3249 };
3250
3251 static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info,
3252 void *fp)
3253 {
3254 unsigned int i, j, rc;
3255 size_t nel, len;
3256 __be64 prefixbuf[1];
3257 __le32 buf[3];
3258 u32 nodebuf[8];
3259 struct ocontext *c;
3260 for (i = 0; i < info->ocon_num; i++) {
3261 nel = 0;
3262 for (c = p->ocontexts[i]; c; c = c->next)
3263 nel++;
3264 buf[0] = cpu_to_le32(nel);
3265 rc = put_entry(buf, sizeof(u32), 1, fp);
3266 if (rc)
3267 return rc;
3268 for (c = p->ocontexts[i]; c; c = c->next) {
3269 switch (i) {
3270 case OCON_ISID:
3271 buf[0] = cpu_to_le32(c->sid[0]);
3272 rc = put_entry(buf, sizeof(u32), 1, fp);
3273 if (rc)
3274 return rc;
3275 rc = context_write(p, &c->context[0], fp);
3276 if (rc)
3277 return rc;
3278 break;
3279 case OCON_FS:
3280 case OCON_NETIF:
3281 len = strlen(c->u.name);
3282 buf[0] = cpu_to_le32(len);
3283 rc = put_entry(buf, sizeof(u32), 1, fp);
3284 if (rc)
3285 return rc;
3286 rc = put_entry(c->u.name, 1, len, fp);
3287 if (rc)
3288 return rc;
3289 rc = context_write(p, &c->context[0], fp);
3290 if (rc)
3291 return rc;
3292 rc = context_write(p, &c->context[1], fp);
3293 if (rc)
3294 return rc;
3295 break;
3296 case OCON_PORT:
3297 buf[0] = cpu_to_le32(c->u.port.protocol);
3298 buf[1] = cpu_to_le32(c->u.port.low_port);
3299 buf[2] = cpu_to_le32(c->u.port.high_port);
3300 rc = put_entry(buf, sizeof(u32), 3, fp);
3301 if (rc)
3302 return rc;
3303 rc = context_write(p, &c->context[0], fp);
3304 if (rc)
3305 return rc;
3306 break;
3307 case OCON_NODE:
3308 nodebuf[0] = c->u.node.addr;
3309 nodebuf[1] = c->u.node.mask;
3310 rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3311 if (rc)
3312 return rc;
3313 rc = context_write(p, &c->context[0], fp);
3314 if (rc)
3315 return rc;
3316 break;
3317 case OCON_FSUSE:
3318 buf[0] = cpu_to_le32(c->v.behavior);
3319 len = strlen(c->u.name);
3320 buf[1] = cpu_to_le32(len);
3321 rc = put_entry(buf, sizeof(u32), 2, fp);
3322 if (rc)
3323 return rc;
3324 rc = put_entry(c->u.name, 1, len, fp);
3325 if (rc)
3326 return rc;
3327 rc = context_write(p, &c->context[0], fp);
3328 if (rc)
3329 return rc;
3330 break;
3331 case OCON_NODE6:
3332 for (j = 0; j < 4; j++)
3333 nodebuf[j] = c->u.node6.addr[j];
3334 for (j = 0; j < 4; j++)
3335 nodebuf[j + 4] = c->u.node6.mask[j];
3336 rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3337 if (rc)
3338 return rc;
3339 rc = context_write(p, &c->context[0], fp);
3340 if (rc)
3341 return rc;
3342 break;
3343 case OCON_IBPKEY:
3344
3345 prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3346
3347 rc = put_entry(prefixbuf, sizeof(u64), 1, fp);
3348 if (rc)
3349 return rc;
3350
3351 buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3352 buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3353
3354 rc = put_entry(buf, sizeof(u32), 2, fp);
3355 if (rc)
3356 return rc;
3357 rc = context_write(p, &c->context[0], fp);
3358 if (rc)
3359 return rc;
3360 break;
3361 case OCON_IBENDPORT:
3362 len = strlen(c->u.ibendport.dev_name);
3363 buf[0] = cpu_to_le32(len);
3364 buf[1] = cpu_to_le32(c->u.ibendport.port);
3365 rc = put_entry(buf, sizeof(u32), 2, fp);
3366 if (rc)
3367 return rc;
3368 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3369 if (rc)
3370 return rc;
3371 rc = context_write(p, &c->context[0], fp);
3372 if (rc)
3373 return rc;
3374 break;
3375 }
3376 }
3377 }
3378 return 0;
3379 }
3380
3381 static int genfs_write(struct policydb *p, void *fp)
3382 {
3383 struct genfs *genfs;
3384 struct ocontext *c;
3385 size_t len;
3386 __le32 buf[1];
3387 int rc;
3388
3389 len = 0;
3390 for (genfs = p->genfs; genfs; genfs = genfs->next)
3391 len++;
3392 buf[0] = cpu_to_le32(len);
3393 rc = put_entry(buf, sizeof(u32), 1, fp);
3394 if (rc)
3395 return rc;
3396 for (genfs = p->genfs; genfs; genfs = genfs->next) {
3397 len = strlen(genfs->fstype);
3398 buf[0] = cpu_to_le32(len);
3399 rc = put_entry(buf, sizeof(u32), 1, fp);
3400 if (rc)
3401 return rc;
3402 rc = put_entry(genfs->fstype, 1, len, fp);
3403 if (rc)
3404 return rc;
3405 len = 0;
3406 for (c = genfs->head; c; c = c->next)
3407 len++;
3408 buf[0] = cpu_to_le32(len);
3409 rc = put_entry(buf, sizeof(u32), 1, fp);
3410 if (rc)
3411 return rc;
3412 for (c = genfs->head; c; c = c->next) {
3413 len = strlen(c->u.name);
3414 buf[0] = cpu_to_le32(len);
3415 rc = put_entry(buf, sizeof(u32), 1, fp);
3416 if (rc)
3417 return rc;
3418 rc = put_entry(c->u.name, 1, len, fp);
3419 if (rc)
3420 return rc;
3421 buf[0] = cpu_to_le32(c->v.sclass);
3422 rc = put_entry(buf, sizeof(u32), 1, fp);
3423 if (rc)
3424 return rc;
3425 rc = context_write(p, &c->context[0], fp);
3426 if (rc)
3427 return rc;
3428 }
3429 }
3430 return 0;
3431 }
3432
3433 static int range_write_helper(void *key, void *data, void *ptr)
3434 {
3435 __le32 buf[2];
3436 struct range_trans *rt = key;
3437 struct mls_range *r = data;
3438 struct policy_data *pd = ptr;
3439 void *fp = pd->fp;
3440 struct policydb *p = pd->p;
3441 int rc;
3442
3443 buf[0] = cpu_to_le32(rt->source_type);
3444 buf[1] = cpu_to_le32(rt->target_type);
3445 rc = put_entry(buf, sizeof(u32), 2, fp);
3446 if (rc)
3447 return rc;
3448 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3449 buf[0] = cpu_to_le32(rt->target_class);
3450 rc = put_entry(buf, sizeof(u32), 1, fp);
3451 if (rc)
3452 return rc;
3453 }
3454 rc = mls_write_range_helper(r, fp);
3455 if (rc)
3456 return rc;
3457
3458 return 0;
3459 }
3460
3461 static int range_write(struct policydb *p, void *fp)
3462 {
3463 __le32 buf[1];
3464 int rc;
3465 struct policy_data pd;
3466
3467 pd.p = p;
3468 pd.fp = fp;
3469
3470 buf[0] = cpu_to_le32(p->range_tr.nel);
3471 rc = put_entry(buf, sizeof(u32), 1, fp);
3472 if (rc)
3473 return rc;
3474
3475
3476 rc = hashtab_map(&p->range_tr, range_write_helper, &pd);
3477 if (rc)
3478 return rc;
3479
3480 return 0;
3481 }
3482
3483 static int filename_write_helper_compat(void *key, void *data, void *ptr)
3484 {
3485 struct filename_trans_key *ft = key;
3486 struct filename_trans_datum *datum = data;
3487 struct ebitmap_node *node;
3488 void *fp = ptr;
3489 __le32 buf[4];
3490 int rc;
3491 u32 bit, len = strlen(ft->name);
3492
3493 do {
3494 ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3495 buf[0] = cpu_to_le32(len);
3496 rc = put_entry(buf, sizeof(u32), 1, fp);
3497 if (rc)
3498 return rc;
3499
3500 rc = put_entry(ft->name, sizeof(char), len, fp);
3501 if (rc)
3502 return rc;
3503
3504 buf[0] = cpu_to_le32(bit + 1);
3505 buf[1] = cpu_to_le32(ft->ttype);
3506 buf[2] = cpu_to_le32(ft->tclass);
3507 buf[3] = cpu_to_le32(datum->otype);
3508
3509 rc = put_entry(buf, sizeof(u32), 4, fp);
3510 if (rc)
3511 return rc;
3512 }
3513
3514 datum = datum->next;
3515 } while (unlikely(datum));
3516
3517 return 0;
3518 }
3519
3520 static int filename_write_helper(void *key, void *data, void *ptr)
3521 {
3522 struct filename_trans_key *ft = key;
3523 struct filename_trans_datum *datum;
3524 void *fp = ptr;
3525 __le32 buf[3];
3526 int rc;
3527 u32 ndatum, len = strlen(ft->name);
3528
3529 buf[0] = cpu_to_le32(len);
3530 rc = put_entry(buf, sizeof(u32), 1, fp);
3531 if (rc)
3532 return rc;
3533
3534 rc = put_entry(ft->name, sizeof(char), len, fp);
3535 if (rc)
3536 return rc;
3537
3538 ndatum = 0;
3539 datum = data;
3540 do {
3541 ndatum++;
3542 datum = datum->next;
3543 } while (unlikely(datum));
3544
3545 buf[0] = cpu_to_le32(ft->ttype);
3546 buf[1] = cpu_to_le32(ft->tclass);
3547 buf[2] = cpu_to_le32(ndatum);
3548 rc = put_entry(buf, sizeof(u32), 3, fp);
3549 if (rc)
3550 return rc;
3551
3552 datum = data;
3553 do {
3554 rc = ebitmap_write(&datum->stypes, fp);
3555 if (rc)
3556 return rc;
3557
3558 buf[0] = cpu_to_le32(datum->otype);
3559 rc = put_entry(buf, sizeof(u32), 1, fp);
3560 if (rc)
3561 return rc;
3562
3563 datum = datum->next;
3564 } while (unlikely(datum));
3565
3566 return 0;
3567 }
3568
3569 static int filename_trans_write(struct policydb *p, void *fp)
3570 {
3571 __le32 buf[1];
3572 int rc;
3573
3574 if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3575 return 0;
3576
3577 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3578 buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3579 rc = put_entry(buf, sizeof(u32), 1, fp);
3580 if (rc)
3581 return rc;
3582
3583 rc = hashtab_map(&p->filename_trans,
3584 filename_write_helper_compat, fp);
3585 } else {
3586 buf[0] = cpu_to_le32(p->filename_trans.nel);
3587 rc = put_entry(buf, sizeof(u32), 1, fp);
3588 if (rc)
3589 return rc;
3590
3591 rc = hashtab_map(&p->filename_trans, filename_write_helper, fp);
3592 }
3593 return rc;
3594 }
3595
3596
3597
3598
3599
3600
3601 int policydb_write(struct policydb *p, void *fp)
3602 {
3603 unsigned int i, num_syms;
3604 int rc;
3605 __le32 buf[4];
3606 u32 config;
3607 size_t len;
3608 const struct policydb_compat_info *info;
3609
3610
3611
3612
3613
3614
3615
3616 if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3617 pr_err("SELinux: refusing to write policy version %d."
3618 " Because it is less than version %d\n", p->policyvers,
3619 POLICYDB_VERSION_AVTAB);
3620 return -EINVAL;
3621 }
3622
3623 config = 0;
3624 if (p->mls_enabled)
3625 config |= POLICYDB_CONFIG_MLS;
3626
3627 if (p->reject_unknown)
3628 config |= REJECT_UNKNOWN;
3629 if (p->allow_unknown)
3630 config |= ALLOW_UNKNOWN;
3631
3632
3633 buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3634 len = strlen(POLICYDB_STRING);
3635 buf[1] = cpu_to_le32(len);
3636 rc = put_entry(buf, sizeof(u32), 2, fp);
3637 if (rc)
3638 return rc;
3639 rc = put_entry(POLICYDB_STRING, 1, len, fp);
3640 if (rc)
3641 return rc;
3642
3643
3644 info = policydb_lookup_compat(p->policyvers);
3645 if (!info) {
3646 pr_err("SELinux: compatibility lookup failed for policy "
3647 "version %d", p->policyvers);
3648 return -EINVAL;
3649 }
3650
3651 buf[0] = cpu_to_le32(p->policyvers);
3652 buf[1] = cpu_to_le32(config);
3653 buf[2] = cpu_to_le32(info->sym_num);
3654 buf[3] = cpu_to_le32(info->ocon_num);
3655
3656 rc = put_entry(buf, sizeof(u32), 4, fp);
3657 if (rc)
3658 return rc;
3659
3660 if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3661 rc = ebitmap_write(&p->policycaps, fp);
3662 if (rc)
3663 return rc;
3664 }
3665
3666 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3667 rc = ebitmap_write(&p->permissive_map, fp);
3668 if (rc)
3669 return rc;
3670 }
3671
3672 num_syms = info->sym_num;
3673 for (i = 0; i < num_syms; i++) {
3674 struct policy_data pd;
3675
3676 pd.fp = fp;
3677 pd.p = p;
3678
3679 buf[0] = cpu_to_le32(p->symtab[i].nprim);
3680 buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3681
3682 rc = put_entry(buf, sizeof(u32), 2, fp);
3683 if (rc)
3684 return rc;
3685 rc = hashtab_map(&p->symtab[i].table, write_f[i], &pd);
3686 if (rc)
3687 return rc;
3688 }
3689
3690 rc = avtab_write(p, &p->te_avtab, fp);
3691 if (rc)
3692 return rc;
3693
3694 rc = cond_write_list(p, fp);
3695 if (rc)
3696 return rc;
3697
3698 rc = role_trans_write(p, fp);
3699 if (rc)
3700 return rc;
3701
3702 rc = role_allow_write(p->role_allow, fp);
3703 if (rc)
3704 return rc;
3705
3706 rc = filename_trans_write(p, fp);
3707 if (rc)
3708 return rc;
3709
3710 rc = ocontext_write(p, info, fp);
3711 if (rc)
3712 return rc;
3713
3714 rc = genfs_write(p, fp);
3715 if (rc)
3716 return rc;
3717
3718 rc = range_write(p, fp);
3719 if (rc)
3720 return rc;
3721
3722 for (i = 0; i < p->p_types.nprim; i++) {
3723 struct ebitmap *e = &p->type_attr_map_array[i];
3724
3725 rc = ebitmap_write(e, fp);
3726 if (rc)
3727 return rc;
3728 }
3729
3730 return 0;
3731 }
