1/*
2 * Implementation of the access vector table type.
3 *
4 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
5 */
6
7/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
8 *
9 * Added conditional policy language extensions
10 *
11 * Copyright (C) 2003 Tresys Technology, LLC
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation, version 2.
15 *
16 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
17 * Tuned number of hash slots for avtab to reduce memory usage
18 */
19
20#include <linux/bitops.h>
21#include <linux/kernel.h>
22#include <linux/slab.h>
23#include <linux/errno.h>
24#include "avtab.h"
25#include "policydb.h"
26
27static struct kmem_cache *avtab_node_cachep __ro_after_init;
28static struct kmem_cache *avtab_xperms_cachep __ro_after_init;
29
30/* Based on MurmurHash3, written by Austin Appleby and placed in the
31 * public domain.
32 */
33static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask)
34{
35 static const u32 c1 = 0xcc9e2d51;
36 static const u32 c2 = 0x1b873593;
37 static const u32 r1 = 15;
38 static const u32 r2 = 13;
39 static const u32 m = 5;
40 static const u32 n = 0xe6546b64;
41
42 u32 hash = 0;
43
44#define mix(input) do { \
45 u32 v = input; \
46 v *= c1; \
47 v = (v << r1) | (v >> (32 - r1)); \
48 v *= c2; \
49 hash ^= v; \
50 hash = (hash << r2) | (hash >> (32 - r2)); \
51 hash = hash * m + n; \
52 } while (0)
53
54 mix(keyp->target_class);
55 mix(keyp->target_type);
56 mix(keyp->source_type);
57
58#undef mix
59
60 hash ^= hash >> 16;
61 hash *= 0x85ebca6b;
62 hash ^= hash >> 13;
63 hash *= 0xc2b2ae35;
64 hash ^= hash >> 16;
65
66 return hash & mask;
67}
68
69static struct avtab_node*
70avtab_insert_node(struct avtab *h, struct avtab_node **dst,
71 const struct avtab_key *key, const struct avtab_datum *datum)
72{
73 struct avtab_node *newnode;
74 struct avtab_extended_perms *xperms;
75 newnode = kmem_cache_zalloc(k: avtab_node_cachep, GFP_KERNEL);
76 if (newnode == NULL)
77 return NULL;
78 newnode->key = *key;
79
80 if (key->specified & AVTAB_XPERMS) {
81 xperms = kmem_cache_zalloc(k: avtab_xperms_cachep, GFP_KERNEL);
82 if (xperms == NULL) {
83 kmem_cache_free(s: avtab_node_cachep, objp: newnode);
84 return NULL;
85 }
86 *xperms = *(datum->u.xperms);
87 newnode->datum.u.xperms = xperms;
88 } else {
89 newnode->datum.u.data = datum->u.data;
90 }
91
92 newnode->next = *dst;
93 *dst = newnode;
94
95 h->nel++;
96 return newnode;
97}
98
99static int avtab_insert(struct avtab *h, const struct avtab_key *key,
100 const struct avtab_datum *datum)
101{
102 u32 hvalue;
103 struct avtab_node *prev, *cur, *newnode;
104 u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
105
106 if (!h || !h->nslot || h->nel == U32_MAX)
107 return -EINVAL;
108
109 hvalue = avtab_hash(keyp: key, mask: h->mask);
110 for (prev = NULL, cur = h->htable[hvalue];
111 cur;
112 prev = cur, cur = cur->next) {
113 if (key->source_type == cur->key.source_type &&
114 key->target_type == cur->key.target_type &&
115 key->target_class == cur->key.target_class &&
116 (specified & cur->key.specified)) {
117 /* extended perms may not be unique */
118 if (specified & AVTAB_XPERMS)
119 break;
120 return -EEXIST;
121 }
122 if (key->source_type < cur->key.source_type)
123 break;
124 if (key->source_type == cur->key.source_type &&
125 key->target_type < cur->key.target_type)
126 break;
127 if (key->source_type == cur->key.source_type &&
128 key->target_type == cur->key.target_type &&
129 key->target_class < cur->key.target_class)
130 break;
131 }
132
133 newnode = avtab_insert_node(h, dst: prev ? &prev->next : &h->htable[hvalue],
134 key, datum);
135 if (!newnode)
136 return -ENOMEM;
137
138 return 0;
139}
140
141/* Unlike avtab_insert(), this function allow multiple insertions of the same
142 * key/specified mask into the table, as needed by the conditional avtab.
143 * It also returns a pointer to the node inserted.
144 */
145struct avtab_node *avtab_insert_nonunique(struct avtab *h,
146 const struct avtab_key *key,
147 const struct avtab_datum *datum)
148{
149 u32 hvalue;
150 struct avtab_node *prev, *cur;
151 u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
152
153 if (!h || !h->nslot || h->nel == U32_MAX)
154 return NULL;
155 hvalue = avtab_hash(keyp: key, mask: h->mask);
156 for (prev = NULL, cur = h->htable[hvalue];
157 cur;
158 prev = cur, cur = cur->next) {
159 if (key->source_type == cur->key.source_type &&
160 key->target_type == cur->key.target_type &&
161 key->target_class == cur->key.target_class &&
162 (specified & cur->key.specified))
163 break;
164 if (key->source_type < cur->key.source_type)
165 break;
166 if (key->source_type == cur->key.source_type &&
167 key->target_type < cur->key.target_type)
168 break;
169 if (key->source_type == cur->key.source_type &&
170 key->target_type == cur->key.target_type &&
171 key->target_class < cur->key.target_class)
172 break;
173 }
174 return avtab_insert_node(h, dst: prev ? &prev->next : &h->htable[hvalue],
175 key, datum);
176}
177
178/* This search function returns a node pointer, and can be used in
179 * conjunction with avtab_search_next_node()
180 */
181struct avtab_node *avtab_search_node(struct avtab *h,
182 const struct avtab_key *key)
183{
184 u32 hvalue;
185 struct avtab_node *cur;
186 u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
187
188 if (!h || !h->nslot)
189 return NULL;
190
191 hvalue = avtab_hash(keyp: key, mask: h->mask);
192 for (cur = h->htable[hvalue]; cur;
193 cur = cur->next) {
194 if (key->source_type == cur->key.source_type &&
195 key->target_type == cur->key.target_type &&
196 key->target_class == cur->key.target_class &&
197 (specified & cur->key.specified))
198 return cur;
199
200 if (key->source_type < cur->key.source_type)
201 break;
202 if (key->source_type == cur->key.source_type &&
203 key->target_type < cur->key.target_type)
204 break;
205 if (key->source_type == cur->key.source_type &&
206 key->target_type == cur->key.target_type &&
207 key->target_class < cur->key.target_class)
208 break;
209 }
210 return NULL;
211}
212
213struct avtab_node*
214avtab_search_node_next(struct avtab_node *node, u16 specified)
215{
216 struct avtab_node *cur;
217
218 if (!node)
219 return NULL;
220
221 specified &= ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
222 for (cur = node->next; cur; cur = cur->next) {
223 if (node->key.source_type == cur->key.source_type &&
224 node->key.target_type == cur->key.target_type &&
225 node->key.target_class == cur->key.target_class &&
226 (specified & cur->key.specified))
227 return cur;
228
229 if (node->key.source_type < cur->key.source_type)
230 break;
231 if (node->key.source_type == cur->key.source_type &&
232 node->key.target_type < cur->key.target_type)
233 break;
234 if (node->key.source_type == cur->key.source_type &&
235 node->key.target_type == cur->key.target_type &&
236 node->key.target_class < cur->key.target_class)
237 break;
238 }
239 return NULL;
240}
241
242void avtab_destroy(struct avtab *h)
243{
244 u32 i;
245 struct avtab_node *cur, *temp;
246
247 if (!h)
248 return;
249
250 for (i = 0; i < h->nslot; i++) {
251 cur = h->htable[i];
252 while (cur) {
253 temp = cur;
254 cur = cur->next;
255 if (temp->key.specified & AVTAB_XPERMS)
256 kmem_cache_free(s: avtab_xperms_cachep,
257 objp: temp->datum.u.xperms);
258 kmem_cache_free(s: avtab_node_cachep, objp: temp);
259 }
260 }
261 kvfree(addr: h->htable);
262 h->htable = NULL;
263 h->nel = 0;
264 h->nslot = 0;
265 h->mask = 0;
266}
267
268void avtab_init(struct avtab *h)
269{
270 h->htable = NULL;
271 h->nel = 0;
272 h->nslot = 0;
273 h->mask = 0;
274}
275
276static int avtab_alloc_common(struct avtab *h, u32 nslot)
277{
278 if (!nslot)
279 return 0;
280
281 h->htable = kvcalloc(n: nslot, size: sizeof(void *), GFP_KERNEL);
282 if (!h->htable)
283 return -ENOMEM;
284
285 h->nslot = nslot;
286 h->mask = nslot - 1;
287 return 0;
288}
289
290int avtab_alloc(struct avtab *h, u32 nrules)
291{
292 int rc;
293 u32 nslot = 0;
294
295 if (nrules != 0) {
296 nslot = nrules > 3 ? rounddown_pow_of_two(nrules / 2) : 2;
297 if (nslot > MAX_AVTAB_HASH_BUCKETS)
298 nslot = MAX_AVTAB_HASH_BUCKETS;
299
300 rc = avtab_alloc_common(h, nslot);
301 if (rc)
302 return rc;
303 }
304
305 pr_debug("SELinux: %d avtab hash slots, %d rules.\n", nslot, nrules);
306 return 0;
307}
308
309int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
310{
311 return avtab_alloc_common(h: new, nslot: orig->nslot);
312}
313
314#ifdef CONFIG_SECURITY_SELINUX_DEBUG
315void avtab_hash_eval(struct avtab *h, const char *tag)
316{
317 u32 i, chain_len, slots_used, max_chain_len;
318 unsigned long long chain2_len_sum;
319 struct avtab_node *cur;
320
321 slots_used = 0;
322 max_chain_len = 0;
323 chain2_len_sum = 0;
324 for (i = 0; i < h->nslot; i++) {
325 cur = h->htable[i];
326 if (cur) {
327 slots_used++;
328 chain_len = 0;
329 while (cur) {
330 chain_len++;
331 cur = cur->next;
332 }
333
334 if (chain_len > max_chain_len)
335 max_chain_len = chain_len;
336 chain2_len_sum += (unsigned long long)chain_len * chain_len;
337 }
338 }
339
340 pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
341 "longest chain length %d, sum of chain length^2 %llu\n",
342 tag, h->nel, slots_used, h->nslot, max_chain_len,
343 chain2_len_sum);
344}
345#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
346
347static const uint16_t spec_order[] = {
348 AVTAB_ALLOWED,
349 AVTAB_AUDITDENY,
350 AVTAB_AUDITALLOW,
351 AVTAB_TRANSITION,
352 AVTAB_CHANGE,
353 AVTAB_MEMBER,
354 AVTAB_XPERMS_ALLOWED,
355 AVTAB_XPERMS_AUDITALLOW,
356 AVTAB_XPERMS_DONTAUDIT
357};
358
359int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
360 int (*insertf)(struct avtab *a, const struct avtab_key *k,
361 const struct avtab_datum *d, void *p),
362 void *p)
363{
364 __le16 buf16[4];
365 u16 enabled;
366 u32 items, items2, val, i;
367 struct avtab_key key;
368 struct avtab_datum datum;
369 struct avtab_extended_perms xperms;
370 __le32 buf32[ARRAY_SIZE(xperms.perms.p)];
371 int rc;
372 unsigned int set, vers = pol->policyvers;
373
374 memset(&key, 0, sizeof(struct avtab_key));
375 memset(&datum, 0, sizeof(struct avtab_datum));
376
377 if (vers < POLICYDB_VERSION_AVTAB) {
378 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32));
379 if (rc) {
380 pr_err("SELinux: avtab: truncated entry\n");
381 return rc;
382 }
383 items2 = le32_to_cpu(buf32[0]);
384 if (items2 > ARRAY_SIZE(buf32)) {
385 pr_err("SELinux: avtab: entry overflow\n");
386 return -EINVAL;
387
388 }
389 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32)*items2);
390 if (rc) {
391 pr_err("SELinux: avtab: truncated entry\n");
392 return rc;
393 }
394 items = 0;
395
396 val = le32_to_cpu(buf32[items++]);
397 key.source_type = (u16)val;
398 if (key.source_type != val) {
399 pr_err("SELinux: avtab: truncated source type\n");
400 return -EINVAL;
401 }
402 val = le32_to_cpu(buf32[items++]);
403 key.target_type = (u16)val;
404 if (key.target_type != val) {
405 pr_err("SELinux: avtab: truncated target type\n");
406 return -EINVAL;
407 }
408 val = le32_to_cpu(buf32[items++]);
409 key.target_class = (u16)val;
410 if (key.target_class != val) {
411 pr_err("SELinux: avtab: truncated target class\n");
412 return -EINVAL;
413 }
414
415 val = le32_to_cpu(buf32[items++]);
416 enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
417
418 if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
419 pr_err("SELinux: avtab: null entry\n");
420 return -EINVAL;
421 }
422 if ((val & AVTAB_AV) &&
423 (val & AVTAB_TYPE)) {
424 pr_err("SELinux: avtab: entry has both access vectors and types\n");
425 return -EINVAL;
426 }
427 if (val & AVTAB_XPERMS) {
428 pr_err("SELinux: avtab: entry has extended permissions\n");
429 return -EINVAL;
430 }
431
432 for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
433 if (val & spec_order[i]) {
434 key.specified = spec_order[i] | enabled;
435 datum.u.data = le32_to_cpu(buf32[items++]);
436 rc = insertf(a, &key, &datum, p);
437 if (rc)
438 return rc;
439 }
440 }
441
442 if (items != items2) {
443 pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
444 items2, items);
445 return -EINVAL;
446 }
447 return 0;
448 }
449
450 rc = next_entry(buf: buf16, fp, bytes: sizeof(u16)*4);
451 if (rc) {
452 pr_err("SELinux: avtab: truncated entry\n");
453 return rc;
454 }
455
456 items = 0;
457 key.source_type = le16_to_cpu(buf16[items++]);
458 key.target_type = le16_to_cpu(buf16[items++]);
459 key.target_class = le16_to_cpu(buf16[items++]);
460 key.specified = le16_to_cpu(buf16[items++]);
461
462 if (!policydb_type_isvalid(p: pol, type: key.source_type) ||
463 !policydb_type_isvalid(p: pol, type: key.target_type) ||
464 !policydb_class_isvalid(p: pol, class: key.target_class)) {
465 pr_err("SELinux: avtab: invalid type or class\n");
466 return -EINVAL;
467 }
468
469 set = hweight16(key.specified & (AVTAB_XPERMS | AVTAB_TYPE | AVTAB_AV));
470 if (!set || set > 1) {
471 pr_err("SELinux: avtab: more than one specifier\n");
472 return -EINVAL;
473 }
474
475 if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
476 (key.specified & AVTAB_XPERMS)) {
477 pr_err("SELinux: avtab: policy version %u does not "
478 "support extended permissions rules and one "
479 "was specified\n", vers);
480 return -EINVAL;
481 } else if (key.specified & AVTAB_XPERMS) {
482 memset(&xperms, 0, sizeof(struct avtab_extended_perms));
483 rc = next_entry(buf: &xperms.specified, fp, bytes: sizeof(u8));
484 if (rc) {
485 pr_err("SELinux: avtab: truncated entry\n");
486 return rc;
487 }
488 rc = next_entry(buf: &xperms.driver, fp, bytes: sizeof(u8));
489 if (rc) {
490 pr_err("SELinux: avtab: truncated entry\n");
491 return rc;
492 }
493 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
494 if (rc) {
495 pr_err("SELinux: avtab: truncated entry\n");
496 return rc;
497 }
498 for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
499 xperms.perms.p[i] = le32_to_cpu(buf32[i]);
500 datum.u.xperms = &xperms;
501 } else {
502 rc = next_entry(buf: buf32, fp, bytes: sizeof(u32));
503 if (rc) {
504 pr_err("SELinux: avtab: truncated entry\n");
505 return rc;
506 }
507 datum.u.data = le32_to_cpu(*buf32);
508 }
509 if ((key.specified & AVTAB_TYPE) &&
510 !policydb_type_isvalid(p: pol, type: datum.u.data)) {
511 pr_err("SELinux: avtab: invalid type\n");
512 return -EINVAL;
513 }
514 return insertf(a, &key, &datum, p);
515}
516
517static int avtab_insertf(struct avtab *a, const struct avtab_key *k,
518 const struct avtab_datum *d, void *p)
519{
520 return avtab_insert(h: a, key: k, datum: d);
521}
522
523int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
524{
525 int rc;
526 __le32 buf[1];
527 u32 nel, i;
528
529
530 rc = next_entry(buf, fp, bytes: sizeof(u32));
531 if (rc < 0) {
532 pr_err("SELinux: avtab: truncated table\n");
533 goto bad;
534 }
535 nel = le32_to_cpu(buf[0]);
536 if (!nel) {
537 pr_err("SELinux: avtab: table is empty\n");
538 rc = -EINVAL;
539 goto bad;
540 }
541
542 rc = avtab_alloc(h: a, nrules: nel);
543 if (rc)
544 goto bad;
545
546 for (i = 0; i < nel; i++) {
547 rc = avtab_read_item(a, fp, pol, insertf: avtab_insertf, NULL);
548 if (rc) {
549 if (rc == -ENOMEM)
550 pr_err("SELinux: avtab: out of memory\n");
551 else if (rc == -EEXIST)
552 pr_err("SELinux: avtab: duplicate entry\n");
553
554 goto bad;
555 }
556 }
557
558 rc = 0;
559out:
560 return rc;
561
562bad:
563 avtab_destroy(h: a);
564 goto out;
565}
566
567int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp)
568{
569 __le16 buf16[4];
570 __le32 buf32[ARRAY_SIZE(cur->datum.u.xperms->perms.p)];
571 int rc;
572 unsigned int i;
573
574 buf16[0] = cpu_to_le16(cur->key.source_type);
575 buf16[1] = cpu_to_le16(cur->key.target_type);
576 buf16[2] = cpu_to_le16(cur->key.target_class);
577 buf16[3] = cpu_to_le16(cur->key.specified);
578 rc = put_entry(buf: buf16, bytes: sizeof(u16), num: 4, fp);
579 if (rc)
580 return rc;
581
582 if (cur->key.specified & AVTAB_XPERMS) {
583 rc = put_entry(buf: &cur->datum.u.xperms->specified, bytes: sizeof(u8), num: 1, fp);
584 if (rc)
585 return rc;
586 rc = put_entry(buf: &cur->datum.u.xperms->driver, bytes: sizeof(u8), num: 1, fp);
587 if (rc)
588 return rc;
589 for (i = 0; i < ARRAY_SIZE(cur->datum.u.xperms->perms.p); i++)
590 buf32[i] = cpu_to_le32(cur->datum.u.xperms->perms.p[i]);
591 rc = put_entry(buf: buf32, bytes: sizeof(u32),
592 ARRAY_SIZE(cur->datum.u.xperms->perms.p), fp);
593 } else {
594 buf32[0] = cpu_to_le32(cur->datum.u.data);
595 rc = put_entry(buf: buf32, bytes: sizeof(u32), num: 1, fp);
596 }
597 if (rc)
598 return rc;
599 return 0;
600}
601
602int avtab_write(struct policydb *p, struct avtab *a, void *fp)
603{
604 u32 i;
605 int rc = 0;
606 struct avtab_node *cur;
607 __le32 buf[1];
608
609 buf[0] = cpu_to_le32(a->nel);
610 rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
611 if (rc)
612 return rc;
613
614 for (i = 0; i < a->nslot; i++) {
615 for (cur = a->htable[i]; cur;
616 cur = cur->next) {
617 rc = avtab_write_item(p, cur, fp);
618 if (rc)
619 return rc;
620 }
621 }
622
623 return rc;
624}
625
626void __init avtab_cache_init(void)
627{
628 avtab_node_cachep = kmem_cache_create(name: "avtab_node",
629 size: sizeof(struct avtab_node),
630 align: 0, SLAB_PANIC, NULL);
631 avtab_xperms_cachep = kmem_cache_create(name: "avtab_extended_perms",
632 size: sizeof(struct avtab_extended_perms),
633 align: 0, SLAB_PANIC, NULL);
634}
635

source code of linux/security/selinux/ss/avtab.c