1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Implementation of the policy database. |
4 | * |
5 | * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> |
6 | */ |
7 | |
8 | /* |
9 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> |
10 | * |
11 | * Support for enhanced MLS infrastructure. |
12 | * |
13 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
14 | * |
15 | * Added conditional policy language extensions |
16 | * |
17 | * Updated: Hewlett-Packard <paul@paul-moore.com> |
18 | * |
19 | * Added support for the policy capability bitmap |
20 | * |
21 | * Update: Mellanox Techonologies |
22 | * |
23 | * Added Infiniband support |
24 | * |
25 | * Copyright (C) 2016 Mellanox Techonologies |
26 | * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. |
27 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
28 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
29 | */ |
30 | |
31 | #include <linux/kernel.h> |
32 | #include <linux/sched.h> |
33 | #include <linux/slab.h> |
34 | #include <linux/string.h> |
35 | #include <linux/errno.h> |
36 | #include <linux/audit.h> |
37 | #include "security.h" |
38 | |
39 | #include "policydb.h" |
40 | #include "conditional.h" |
41 | #include "mls.h" |
42 | #include "services.h" |
43 | |
44 | #ifdef CONFIG_SECURITY_SELINUX_DEBUG |
45 | static const char *const symtab_name[SYM_NUM] = { |
46 | "common prefixes" , |
47 | "classes" , |
48 | "roles" , |
49 | "types" , |
50 | "users" , |
51 | "bools" , |
52 | "levels" , |
53 | "categories" , |
54 | }; |
55 | #endif |
56 | |
57 | struct policydb_compat_info { |
58 | unsigned int version; |
59 | unsigned int sym_num; |
60 | unsigned int ocon_num; |
61 | }; |
62 | |
63 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ |
64 | static const struct policydb_compat_info policydb_compat[] = { |
65 | { |
66 | .version = POLICYDB_VERSION_BASE, |
67 | .sym_num = SYM_NUM - 3, |
68 | .ocon_num = OCON_NUM - 3, |
69 | }, |
70 | { |
71 | .version = POLICYDB_VERSION_BOOL, |
72 | .sym_num = SYM_NUM - 2, |
73 | .ocon_num = OCON_NUM - 3, |
74 | }, |
75 | { |
76 | .version = POLICYDB_VERSION_IPV6, |
77 | .sym_num = SYM_NUM - 2, |
78 | .ocon_num = OCON_NUM - 2, |
79 | }, |
80 | { |
81 | .version = POLICYDB_VERSION_NLCLASS, |
82 | .sym_num = SYM_NUM - 2, |
83 | .ocon_num = OCON_NUM - 2, |
84 | }, |
85 | { |
86 | .version = POLICYDB_VERSION_MLS, |
87 | .sym_num = SYM_NUM, |
88 | .ocon_num = OCON_NUM - 2, |
89 | }, |
90 | { |
91 | .version = POLICYDB_VERSION_AVTAB, |
92 | .sym_num = SYM_NUM, |
93 | .ocon_num = OCON_NUM - 2, |
94 | }, |
95 | { |
96 | .version = POLICYDB_VERSION_RANGETRANS, |
97 | .sym_num = SYM_NUM, |
98 | .ocon_num = OCON_NUM - 2, |
99 | }, |
100 | { |
101 | .version = POLICYDB_VERSION_POLCAP, |
102 | .sym_num = SYM_NUM, |
103 | .ocon_num = OCON_NUM - 2, |
104 | }, |
105 | { |
106 | .version = POLICYDB_VERSION_PERMISSIVE, |
107 | .sym_num = SYM_NUM, |
108 | .ocon_num = OCON_NUM - 2, |
109 | }, |
110 | { |
111 | .version = POLICYDB_VERSION_BOUNDARY, |
112 | .sym_num = SYM_NUM, |
113 | .ocon_num = OCON_NUM - 2, |
114 | }, |
115 | { |
116 | .version = POLICYDB_VERSION_FILENAME_TRANS, |
117 | .sym_num = SYM_NUM, |
118 | .ocon_num = OCON_NUM - 2, |
119 | }, |
120 | { |
121 | .version = POLICYDB_VERSION_ROLETRANS, |
122 | .sym_num = SYM_NUM, |
123 | .ocon_num = OCON_NUM - 2, |
124 | }, |
125 | { |
126 | .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, |
127 | .sym_num = SYM_NUM, |
128 | .ocon_num = OCON_NUM - 2, |
129 | }, |
130 | { |
131 | .version = POLICYDB_VERSION_DEFAULT_TYPE, |
132 | .sym_num = SYM_NUM, |
133 | .ocon_num = OCON_NUM - 2, |
134 | }, |
135 | { |
136 | .version = POLICYDB_VERSION_CONSTRAINT_NAMES, |
137 | .sym_num = SYM_NUM, |
138 | .ocon_num = OCON_NUM - 2, |
139 | }, |
140 | { |
141 | .version = POLICYDB_VERSION_XPERMS_IOCTL, |
142 | .sym_num = SYM_NUM, |
143 | .ocon_num = OCON_NUM - 2, |
144 | }, |
145 | { |
146 | .version = POLICYDB_VERSION_INFINIBAND, |
147 | .sym_num = SYM_NUM, |
148 | .ocon_num = OCON_NUM, |
149 | }, |
150 | { |
151 | .version = POLICYDB_VERSION_GLBLUB, |
152 | .sym_num = SYM_NUM, |
153 | .ocon_num = OCON_NUM, |
154 | }, |
155 | { |
156 | .version = POLICYDB_VERSION_COMP_FTRANS, |
157 | .sym_num = SYM_NUM, |
158 | .ocon_num = OCON_NUM, |
159 | }, |
160 | }; |
161 | |
162 | static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version) |
163 | { |
164 | unsigned int i; |
165 | |
166 | for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { |
167 | if (policydb_compat[i].version == version) |
168 | return &policydb_compat[i]; |
169 | } |
170 | |
171 | return NULL; |
172 | } |
173 | |
174 | /* |
175 | * The following *_destroy functions are used to |
176 | * free any memory allocated for each kind of |
177 | * symbol data in the policy database. |
178 | */ |
179 | |
180 | static int perm_destroy(void *key, void *datum, void *p) |
181 | { |
182 | kfree(objp: key); |
183 | kfree(objp: datum); |
184 | return 0; |
185 | } |
186 | |
187 | static int common_destroy(void *key, void *datum, void *p) |
188 | { |
189 | struct common_datum *comdatum; |
190 | |
191 | kfree(objp: key); |
192 | if (datum) { |
193 | comdatum = datum; |
194 | hashtab_map(h: &comdatum->permissions.table, apply: perm_destroy, NULL); |
195 | hashtab_destroy(h: &comdatum->permissions.table); |
196 | } |
197 | kfree(objp: datum); |
198 | return 0; |
199 | } |
200 | |
201 | static void constraint_expr_destroy(struct constraint_expr *expr) |
202 | { |
203 | if (expr) { |
204 | ebitmap_destroy(e: &expr->names); |
205 | if (expr->type_names) { |
206 | ebitmap_destroy(e: &expr->type_names->types); |
207 | ebitmap_destroy(e: &expr->type_names->negset); |
208 | kfree(objp: expr->type_names); |
209 | } |
210 | kfree(objp: expr); |
211 | } |
212 | } |
213 | |
214 | static int cls_destroy(void *key, void *datum, void *p) |
215 | { |
216 | struct class_datum *cladatum; |
217 | struct constraint_node *constraint, *ctemp; |
218 | struct constraint_expr *e, *etmp; |
219 | |
220 | kfree(objp: key); |
221 | if (datum) { |
222 | cladatum = datum; |
223 | hashtab_map(h: &cladatum->permissions.table, apply: perm_destroy, NULL); |
224 | hashtab_destroy(h: &cladatum->permissions.table); |
225 | constraint = cladatum->constraints; |
226 | while (constraint) { |
227 | e = constraint->expr; |
228 | while (e) { |
229 | etmp = e; |
230 | e = e->next; |
231 | constraint_expr_destroy(expr: etmp); |
232 | } |
233 | ctemp = constraint; |
234 | constraint = constraint->next; |
235 | kfree(objp: ctemp); |
236 | } |
237 | |
238 | constraint = cladatum->validatetrans; |
239 | while (constraint) { |
240 | e = constraint->expr; |
241 | while (e) { |
242 | etmp = e; |
243 | e = e->next; |
244 | constraint_expr_destroy(expr: etmp); |
245 | } |
246 | ctemp = constraint; |
247 | constraint = constraint->next; |
248 | kfree(objp: ctemp); |
249 | } |
250 | kfree(objp: cladatum->comkey); |
251 | } |
252 | kfree(objp: datum); |
253 | return 0; |
254 | } |
255 | |
256 | static int role_destroy(void *key, void *datum, void *p) |
257 | { |
258 | struct role_datum *role; |
259 | |
260 | kfree(objp: key); |
261 | if (datum) { |
262 | role = datum; |
263 | ebitmap_destroy(e: &role->dominates); |
264 | ebitmap_destroy(e: &role->types); |
265 | } |
266 | kfree(objp: datum); |
267 | return 0; |
268 | } |
269 | |
270 | static int type_destroy(void *key, void *datum, void *p) |
271 | { |
272 | kfree(objp: key); |
273 | kfree(objp: datum); |
274 | return 0; |
275 | } |
276 | |
277 | static int user_destroy(void *key, void *datum, void *p) |
278 | { |
279 | struct user_datum *usrdatum; |
280 | |
281 | kfree(objp: key); |
282 | if (datum) { |
283 | usrdatum = datum; |
284 | ebitmap_destroy(e: &usrdatum->roles); |
285 | ebitmap_destroy(e: &usrdatum->range.level[0].cat); |
286 | ebitmap_destroy(e: &usrdatum->range.level[1].cat); |
287 | ebitmap_destroy(e: &usrdatum->dfltlevel.cat); |
288 | } |
289 | kfree(objp: datum); |
290 | return 0; |
291 | } |
292 | |
293 | static int sens_destroy(void *key, void *datum, void *p) |
294 | { |
295 | struct level_datum *levdatum; |
296 | |
297 | kfree(objp: key); |
298 | if (datum) { |
299 | levdatum = datum; |
300 | if (levdatum->level) |
301 | ebitmap_destroy(e: &levdatum->level->cat); |
302 | kfree(objp: levdatum->level); |
303 | } |
304 | kfree(objp: datum); |
305 | return 0; |
306 | } |
307 | |
308 | static int cat_destroy(void *key, void *datum, void *p) |
309 | { |
310 | kfree(objp: key); |
311 | kfree(objp: datum); |
312 | return 0; |
313 | } |
314 | |
315 | static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
316 | common_destroy, |
317 | cls_destroy, |
318 | role_destroy, |
319 | type_destroy, |
320 | user_destroy, |
321 | cond_destroy_bool, |
322 | sens_destroy, |
323 | cat_destroy, |
324 | }; |
325 | |
326 | static int filenametr_destroy(void *key, void *datum, void *p) |
327 | { |
328 | struct filename_trans_key *ft = key; |
329 | struct filename_trans_datum *next, *d = datum; |
330 | |
331 | kfree(objp: ft->name); |
332 | kfree(objp: key); |
333 | do { |
334 | ebitmap_destroy(e: &d->stypes); |
335 | next = d->next; |
336 | kfree(objp: d); |
337 | d = next; |
338 | } while (unlikely(d)); |
339 | cond_resched(); |
340 | return 0; |
341 | } |
342 | |
343 | static int range_tr_destroy(void *key, void *datum, void *p) |
344 | { |
345 | struct mls_range *rt = datum; |
346 | |
347 | kfree(objp: key); |
348 | ebitmap_destroy(e: &rt->level[0].cat); |
349 | ebitmap_destroy(e: &rt->level[1].cat); |
350 | kfree(objp: datum); |
351 | cond_resched(); |
352 | return 0; |
353 | } |
354 | |
355 | static int role_tr_destroy(void *key, void *datum, void *p) |
356 | { |
357 | kfree(objp: key); |
358 | kfree(objp: datum); |
359 | return 0; |
360 | } |
361 | |
362 | static void ocontext_destroy(struct ocontext *c, unsigned int i) |
363 | { |
364 | if (!c) |
365 | return; |
366 | |
367 | context_destroy(c: &c->context[0]); |
368 | context_destroy(c: &c->context[1]); |
369 | if (i == OCON_ISID || i == OCON_FS || |
370 | i == OCON_NETIF || i == OCON_FSUSE) |
371 | kfree(objp: c->u.name); |
372 | kfree(objp: c); |
373 | } |
374 | |
375 | /* |
376 | * Initialize the role table. |
377 | */ |
378 | static int roles_init(struct policydb *p) |
379 | { |
380 | char *key = NULL; |
381 | int rc; |
382 | struct role_datum *role; |
383 | |
384 | role = kzalloc(size: sizeof(*role), GFP_KERNEL); |
385 | if (!role) |
386 | return -ENOMEM; |
387 | |
388 | rc = -EINVAL; |
389 | role->value = ++p->p_roles.nprim; |
390 | if (role->value != OBJECT_R_VAL) |
391 | goto out; |
392 | |
393 | rc = -ENOMEM; |
394 | key = kstrdup(OBJECT_R, GFP_KERNEL); |
395 | if (!key) |
396 | goto out; |
397 | |
398 | rc = symtab_insert(s: &p->p_roles, name: key, datum: role); |
399 | if (rc) |
400 | goto out; |
401 | |
402 | return 0; |
403 | out: |
404 | kfree(objp: key); |
405 | kfree(objp: role); |
406 | return rc; |
407 | } |
408 | |
409 | static u32 filenametr_hash(const void *k) |
410 | { |
411 | const struct filename_trans_key *ft = k; |
412 | unsigned long hash; |
413 | unsigned int byte_num; |
414 | unsigned char focus; |
415 | |
416 | hash = ft->ttype ^ ft->tclass; |
417 | |
418 | byte_num = 0; |
419 | while ((focus = ft->name[byte_num++])) |
420 | hash = partial_name_hash(c: focus, prevhash: hash); |
421 | return hash; |
422 | } |
423 | |
424 | static int filenametr_cmp(const void *k1, const void *k2) |
425 | { |
426 | const struct filename_trans_key *ft1 = k1; |
427 | const struct filename_trans_key *ft2 = k2; |
428 | int v; |
429 | |
430 | v = ft1->ttype - ft2->ttype; |
431 | if (v) |
432 | return v; |
433 | |
434 | v = ft1->tclass - ft2->tclass; |
435 | if (v) |
436 | return v; |
437 | |
438 | return strcmp(ft1->name, ft2->name); |
439 | |
440 | } |
441 | |
442 | static const struct hashtab_key_params filenametr_key_params = { |
443 | .hash = filenametr_hash, |
444 | .cmp = filenametr_cmp, |
445 | }; |
446 | |
447 | struct filename_trans_datum *policydb_filenametr_search( |
448 | struct policydb *p, struct filename_trans_key *key) |
449 | { |
450 | return hashtab_search(h: &p->filename_trans, key, key_params: filenametr_key_params); |
451 | } |
452 | |
453 | static u32 rangetr_hash(const void *k) |
454 | { |
455 | const struct range_trans *key = k; |
456 | |
457 | return key->source_type + (key->target_type << 3) + |
458 | (key->target_class << 5); |
459 | } |
460 | |
461 | static int rangetr_cmp(const void *k1, const void *k2) |
462 | { |
463 | const struct range_trans *key1 = k1, *key2 = k2; |
464 | int v; |
465 | |
466 | v = key1->source_type - key2->source_type; |
467 | if (v) |
468 | return v; |
469 | |
470 | v = key1->target_type - key2->target_type; |
471 | if (v) |
472 | return v; |
473 | |
474 | v = key1->target_class - key2->target_class; |
475 | |
476 | return v; |
477 | } |
478 | |
479 | static const struct hashtab_key_params rangetr_key_params = { |
480 | .hash = rangetr_hash, |
481 | .cmp = rangetr_cmp, |
482 | }; |
483 | |
484 | struct mls_range *policydb_rangetr_search(struct policydb *p, |
485 | struct range_trans *key) |
486 | { |
487 | return hashtab_search(h: &p->range_tr, key, key_params: rangetr_key_params); |
488 | } |
489 | |
490 | static u32 role_trans_hash(const void *k) |
491 | { |
492 | const struct role_trans_key *key = k; |
493 | |
494 | return jhash_3words(a: key->role, b: key->type, c: (u32)key->tclass << 16 | key->tclass, initval: 0); |
495 | } |
496 | |
497 | static int role_trans_cmp(const void *k1, const void *k2) |
498 | { |
499 | const struct role_trans_key *key1 = k1, *key2 = k2; |
500 | int v; |
501 | |
502 | v = key1->role - key2->role; |
503 | if (v) |
504 | return v; |
505 | |
506 | v = key1->type - key2->type; |
507 | if (v) |
508 | return v; |
509 | |
510 | return key1->tclass - key2->tclass; |
511 | } |
512 | |
513 | static const struct hashtab_key_params roletr_key_params = { |
514 | .hash = role_trans_hash, |
515 | .cmp = role_trans_cmp, |
516 | }; |
517 | |
518 | struct role_trans_datum *policydb_roletr_search(struct policydb *p, |
519 | struct role_trans_key *key) |
520 | { |
521 | return hashtab_search(h: &p->role_tr, key, key_params: roletr_key_params); |
522 | } |
523 | |
524 | /* |
525 | * Initialize a policy database structure. |
526 | */ |
527 | static void policydb_init(struct policydb *p) |
528 | { |
529 | memset(p, 0, sizeof(*p)); |
530 | |
531 | avtab_init(h: &p->te_avtab); |
532 | cond_policydb_init(p); |
533 | |
534 | ebitmap_init(e: &p->filename_trans_ttypes); |
535 | ebitmap_init(e: &p->policycaps); |
536 | ebitmap_init(e: &p->permissive_map); |
537 | } |
538 | |
539 | /* |
540 | * The following *_index functions are used to |
541 | * define the val_to_name and val_to_struct arrays |
542 | * in a policy database structure. The val_to_name |
543 | * arrays are used when converting security context |
544 | * structures into string representations. The |
545 | * val_to_struct arrays are used when the attributes |
546 | * of a class, role, or user are needed. |
547 | */ |
548 | |
549 | static int common_index(void *key, void *datum, void *datap) |
550 | { |
551 | struct policydb *p; |
552 | struct common_datum *comdatum; |
553 | |
554 | comdatum = datum; |
555 | p = datap; |
556 | if (!comdatum->value || comdatum->value > p->p_commons.nprim) |
557 | return -EINVAL; |
558 | |
559 | p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key; |
560 | |
561 | return 0; |
562 | } |
563 | |
564 | static int class_index(void *key, void *datum, void *datap) |
565 | { |
566 | struct policydb *p; |
567 | struct class_datum *cladatum; |
568 | |
569 | cladatum = datum; |
570 | p = datap; |
571 | if (!cladatum->value || cladatum->value > p->p_classes.nprim) |
572 | return -EINVAL; |
573 | |
574 | p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key; |
575 | p->class_val_to_struct[cladatum->value - 1] = cladatum; |
576 | return 0; |
577 | } |
578 | |
579 | static int role_index(void *key, void *datum, void *datap) |
580 | { |
581 | struct policydb *p; |
582 | struct role_datum *role; |
583 | |
584 | role = datum; |
585 | p = datap; |
586 | if (!role->value |
587 | || role->value > p->p_roles.nprim |
588 | || role->bounds > p->p_roles.nprim) |
589 | return -EINVAL; |
590 | |
591 | p->sym_val_to_name[SYM_ROLES][role->value - 1] = key; |
592 | p->role_val_to_struct[role->value - 1] = role; |
593 | return 0; |
594 | } |
595 | |
596 | static int type_index(void *key, void *datum, void *datap) |
597 | { |
598 | struct policydb *p; |
599 | struct type_datum *typdatum; |
600 | |
601 | typdatum = datum; |
602 | p = datap; |
603 | |
604 | if (typdatum->primary) { |
605 | if (!typdatum->value |
606 | || typdatum->value > p->p_types.nprim |
607 | || typdatum->bounds > p->p_types.nprim) |
608 | return -EINVAL; |
609 | p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key; |
610 | p->type_val_to_struct[typdatum->value - 1] = typdatum; |
611 | } |
612 | |
613 | return 0; |
614 | } |
615 | |
616 | static int user_index(void *key, void *datum, void *datap) |
617 | { |
618 | struct policydb *p; |
619 | struct user_datum *usrdatum; |
620 | |
621 | usrdatum = datum; |
622 | p = datap; |
623 | if (!usrdatum->value |
624 | || usrdatum->value > p->p_users.nprim |
625 | || usrdatum->bounds > p->p_users.nprim) |
626 | return -EINVAL; |
627 | |
628 | p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key; |
629 | p->user_val_to_struct[usrdatum->value - 1] = usrdatum; |
630 | return 0; |
631 | } |
632 | |
633 | static int sens_index(void *key, void *datum, void *datap) |
634 | { |
635 | struct policydb *p; |
636 | struct level_datum *levdatum; |
637 | |
638 | levdatum = datum; |
639 | p = datap; |
640 | |
641 | if (!levdatum->isalias) { |
642 | if (!levdatum->level->sens || |
643 | levdatum->level->sens > p->p_levels.nprim) |
644 | return -EINVAL; |
645 | |
646 | p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key; |
647 | } |
648 | |
649 | return 0; |
650 | } |
651 | |
652 | static int cat_index(void *key, void *datum, void *datap) |
653 | { |
654 | struct policydb *p; |
655 | struct cat_datum *catdatum; |
656 | |
657 | catdatum = datum; |
658 | p = datap; |
659 | |
660 | if (!catdatum->isalias) { |
661 | if (!catdatum->value || catdatum->value > p->p_cats.nprim) |
662 | return -EINVAL; |
663 | |
664 | p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key; |
665 | } |
666 | |
667 | return 0; |
668 | } |
669 | |
670 | static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
671 | common_index, |
672 | class_index, |
673 | role_index, |
674 | type_index, |
675 | user_index, |
676 | cond_index_bool, |
677 | sens_index, |
678 | cat_index, |
679 | }; |
680 | |
681 | #ifdef CONFIG_SECURITY_SELINUX_DEBUG |
682 | static void hash_eval(struct hashtab *h, const char *hash_name) |
683 | { |
684 | struct hashtab_info info; |
685 | |
686 | hashtab_stat(h, info: &info); |
687 | pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n" , |
688 | hash_name, h->nel, info.slots_used, h->size, |
689 | info.max_chain_len, info.chain2_len_sum); |
690 | } |
691 | |
692 | static void symtab_hash_eval(struct symtab *s) |
693 | { |
694 | int i; |
695 | |
696 | for (i = 0; i < SYM_NUM; i++) |
697 | hash_eval(h: &s[i].table, hash_name: symtab_name[i]); |
698 | } |
699 | |
700 | #else |
701 | static inline void hash_eval(struct hashtab *h, const char *hash_name) |
702 | { |
703 | } |
704 | static inline void symtab_hash_eval(struct symtab *s) |
705 | { |
706 | } |
707 | #endif /* CONFIG_SECURITY_SELINUX_DEBUG */ |
708 | |
709 | /* |
710 | * Define the other val_to_name and val_to_struct arrays |
711 | * in a policy database structure. |
712 | * |
713 | * Caller must clean up on failure. |
714 | */ |
715 | static int policydb_index(struct policydb *p) |
716 | { |
717 | int i, rc; |
718 | |
719 | if (p->mls_enabled) |
720 | pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n" , |
721 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, |
722 | p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim); |
723 | else |
724 | pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n" , |
725 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, |
726 | p->p_bools.nprim); |
727 | |
728 | pr_debug("SELinux: %d classes, %d rules\n" , |
729 | p->p_classes.nprim, p->te_avtab.nel); |
730 | |
731 | avtab_hash_eval(h: &p->te_avtab, tag: "rules" ); |
732 | symtab_hash_eval(s: p->symtab); |
733 | |
734 | p->class_val_to_struct = kcalloc(n: p->p_classes.nprim, |
735 | size: sizeof(*p->class_val_to_struct), |
736 | GFP_KERNEL); |
737 | if (!p->class_val_to_struct) |
738 | return -ENOMEM; |
739 | |
740 | p->role_val_to_struct = kcalloc(n: p->p_roles.nprim, |
741 | size: sizeof(*p->role_val_to_struct), |
742 | GFP_KERNEL); |
743 | if (!p->role_val_to_struct) |
744 | return -ENOMEM; |
745 | |
746 | p->user_val_to_struct = kcalloc(n: p->p_users.nprim, |
747 | size: sizeof(*p->user_val_to_struct), |
748 | GFP_KERNEL); |
749 | if (!p->user_val_to_struct) |
750 | return -ENOMEM; |
751 | |
752 | p->type_val_to_struct = kvcalloc(n: p->p_types.nprim, |
753 | size: sizeof(*p->type_val_to_struct), |
754 | GFP_KERNEL); |
755 | if (!p->type_val_to_struct) |
756 | return -ENOMEM; |
757 | |
758 | rc = cond_init_bool_indexes(p); |
759 | if (rc) |
760 | goto out; |
761 | |
762 | for (i = 0; i < SYM_NUM; i++) { |
763 | p->sym_val_to_name[i] = kvcalloc(n: p->symtab[i].nprim, |
764 | size: sizeof(char *), |
765 | GFP_KERNEL); |
766 | if (!p->sym_val_to_name[i]) |
767 | return -ENOMEM; |
768 | |
769 | rc = hashtab_map(h: &p->symtab[i].table, apply: index_f[i], args: p); |
770 | if (rc) |
771 | goto out; |
772 | } |
773 | rc = 0; |
774 | out: |
775 | return rc; |
776 | } |
777 | |
778 | /* |
779 | * Free any memory allocated by a policy database structure. |
780 | */ |
781 | void policydb_destroy(struct policydb *p) |
782 | { |
783 | struct ocontext *c, *ctmp; |
784 | struct genfs *g, *gtmp; |
785 | u32 i; |
786 | struct role_allow *ra, *lra = NULL; |
787 | |
788 | for (i = 0; i < SYM_NUM; i++) { |
789 | cond_resched(); |
790 | hashtab_map(h: &p->symtab[i].table, apply: destroy_f[i], NULL); |
791 | hashtab_destroy(h: &p->symtab[i].table); |
792 | } |
793 | |
794 | for (i = 0; i < SYM_NUM; i++) |
795 | kvfree(addr: p->sym_val_to_name[i]); |
796 | |
797 | kfree(objp: p->class_val_to_struct); |
798 | kfree(objp: p->role_val_to_struct); |
799 | kfree(objp: p->user_val_to_struct); |
800 | kvfree(addr: p->type_val_to_struct); |
801 | |
802 | avtab_destroy(h: &p->te_avtab); |
803 | |
804 | for (i = 0; i < OCON_NUM; i++) { |
805 | cond_resched(); |
806 | c = p->ocontexts[i]; |
807 | while (c) { |
808 | ctmp = c; |
809 | c = c->next; |
810 | ocontext_destroy(c: ctmp, i); |
811 | } |
812 | p->ocontexts[i] = NULL; |
813 | } |
814 | |
815 | g = p->genfs; |
816 | while (g) { |
817 | cond_resched(); |
818 | kfree(objp: g->fstype); |
819 | c = g->head; |
820 | while (c) { |
821 | ctmp = c; |
822 | c = c->next; |
823 | ocontext_destroy(c: ctmp, OCON_FSUSE); |
824 | } |
825 | gtmp = g; |
826 | g = g->next; |
827 | kfree(objp: gtmp); |
828 | } |
829 | p->genfs = NULL; |
830 | |
831 | cond_policydb_destroy(p); |
832 | |
833 | hashtab_map(h: &p->role_tr, apply: role_tr_destroy, NULL); |
834 | hashtab_destroy(h: &p->role_tr); |
835 | |
836 | for (ra = p->role_allow; ra; ra = ra->next) { |
837 | cond_resched(); |
838 | kfree(objp: lra); |
839 | lra = ra; |
840 | } |
841 | kfree(objp: lra); |
842 | |
843 | hashtab_map(h: &p->filename_trans, apply: filenametr_destroy, NULL); |
844 | hashtab_destroy(h: &p->filename_trans); |
845 | |
846 | hashtab_map(h: &p->range_tr, apply: range_tr_destroy, NULL); |
847 | hashtab_destroy(h: &p->range_tr); |
848 | |
849 | if (p->type_attr_map_array) { |
850 | for (i = 0; i < p->p_types.nprim; i++) |
851 | ebitmap_destroy(e: &p->type_attr_map_array[i]); |
852 | kvfree(addr: p->type_attr_map_array); |
853 | } |
854 | |
855 | ebitmap_destroy(e: &p->filename_trans_ttypes); |
856 | ebitmap_destroy(e: &p->policycaps); |
857 | ebitmap_destroy(e: &p->permissive_map); |
858 | } |
859 | |
860 | /* |
861 | * Load the initial SIDs specified in a policy database |
862 | * structure into a SID table. |
863 | */ |
864 | int policydb_load_isids(struct policydb *p, struct sidtab *s) |
865 | { |
866 | struct ocontext *head, *c; |
867 | int rc; |
868 | |
869 | rc = sidtab_init(s); |
870 | if (rc) { |
871 | pr_err("SELinux: out of memory on SID table init\n" ); |
872 | return rc; |
873 | } |
874 | |
875 | head = p->ocontexts[OCON_ISID]; |
876 | for (c = head; c; c = c->next) { |
877 | u32 sid = c->sid[0]; |
878 | const char *name = security_get_initial_sid_context(sid); |
879 | |
880 | if (sid == SECSID_NULL) { |
881 | pr_err("SELinux: SID 0 was assigned a context.\n" ); |
882 | sidtab_destroy(s); |
883 | return -EINVAL; |
884 | } |
885 | |
886 | /* Ignore initial SIDs unused by this kernel. */ |
887 | if (!name) |
888 | continue; |
889 | |
890 | rc = sidtab_set_initial(s, sid, context: &c->context[0]); |
891 | if (rc) { |
892 | pr_err("SELinux: unable to load initial SID %s.\n" , |
893 | name); |
894 | sidtab_destroy(s); |
895 | return rc; |
896 | } |
897 | } |
898 | return 0; |
899 | } |
900 | |
901 | int policydb_class_isvalid(struct policydb *p, unsigned int class) |
902 | { |
903 | if (!class || class > p->p_classes.nprim) |
904 | return 0; |
905 | return 1; |
906 | } |
907 | |
908 | int policydb_role_isvalid(struct policydb *p, unsigned int role) |
909 | { |
910 | if (!role || role > p->p_roles.nprim) |
911 | return 0; |
912 | return 1; |
913 | } |
914 | |
915 | int policydb_type_isvalid(struct policydb *p, unsigned int type) |
916 | { |
917 | if (!type || type > p->p_types.nprim) |
918 | return 0; |
919 | return 1; |
920 | } |
921 | |
922 | /* |
923 | * Return 1 if the fields in the security context |
924 | * structure `c' are valid. Return 0 otherwise. |
925 | */ |
926 | int policydb_context_isvalid(struct policydb *p, struct context *c) |
927 | { |
928 | struct role_datum *role; |
929 | struct user_datum *usrdatum; |
930 | |
931 | if (!c->role || c->role > p->p_roles.nprim) |
932 | return 0; |
933 | |
934 | if (!c->user || c->user > p->p_users.nprim) |
935 | return 0; |
936 | |
937 | if (!c->type || c->type > p->p_types.nprim) |
938 | return 0; |
939 | |
940 | if (c->role != OBJECT_R_VAL) { |
941 | /* |
942 | * Role must be authorized for the type. |
943 | */ |
944 | role = p->role_val_to_struct[c->role - 1]; |
945 | if (!role || !ebitmap_get_bit(e: &role->types, bit: c->type - 1)) |
946 | /* role may not be associated with type */ |
947 | return 0; |
948 | |
949 | /* |
950 | * User must be authorized for the role. |
951 | */ |
952 | usrdatum = p->user_val_to_struct[c->user - 1]; |
953 | if (!usrdatum) |
954 | return 0; |
955 | |
956 | if (!ebitmap_get_bit(e: &usrdatum->roles, bit: c->role - 1)) |
957 | /* user may not be associated with role */ |
958 | return 0; |
959 | } |
960 | |
961 | if (!mls_context_isvalid(p, c)) |
962 | return 0; |
963 | |
964 | return 1; |
965 | } |
966 | |
967 | /* |
968 | * Read a MLS range structure from a policydb binary |
969 | * representation file. |
970 | */ |
971 | static int mls_read_range_helper(struct mls_range *r, void *fp) |
972 | { |
973 | __le32 buf[2]; |
974 | u32 items; |
975 | int rc; |
976 | |
977 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
978 | if (rc) |
979 | goto out; |
980 | |
981 | rc = -EINVAL; |
982 | items = le32_to_cpu(buf[0]); |
983 | if (items > ARRAY_SIZE(buf)) { |
984 | pr_err("SELinux: mls: range overflow\n" ); |
985 | goto out; |
986 | } |
987 | |
988 | rc = next_entry(buf, fp, bytes: sizeof(u32) * items); |
989 | if (rc) { |
990 | pr_err("SELinux: mls: truncated range\n" ); |
991 | goto out; |
992 | } |
993 | |
994 | r->level[0].sens = le32_to_cpu(buf[0]); |
995 | if (items > 1) |
996 | r->level[1].sens = le32_to_cpu(buf[1]); |
997 | else |
998 | r->level[1].sens = r->level[0].sens; |
999 | |
1000 | rc = ebitmap_read(e: &r->level[0].cat, fp); |
1001 | if (rc) { |
1002 | pr_err("SELinux: mls: error reading low categories\n" ); |
1003 | goto out; |
1004 | } |
1005 | if (items > 1) { |
1006 | rc = ebitmap_read(e: &r->level[1].cat, fp); |
1007 | if (rc) { |
1008 | pr_err("SELinux: mls: error reading high categories\n" ); |
1009 | goto bad_high; |
1010 | } |
1011 | } else { |
1012 | rc = ebitmap_cpy(dst: &r->level[1].cat, src: &r->level[0].cat); |
1013 | if (rc) { |
1014 | pr_err("SELinux: mls: out of memory\n" ); |
1015 | goto bad_high; |
1016 | } |
1017 | } |
1018 | |
1019 | return 0; |
1020 | bad_high: |
1021 | ebitmap_destroy(e: &r->level[0].cat); |
1022 | out: |
1023 | return rc; |
1024 | } |
1025 | |
1026 | /* |
1027 | * Read and validate a security context structure |
1028 | * from a policydb binary representation file. |
1029 | */ |
1030 | static int context_read_and_validate(struct context *c, |
1031 | struct policydb *p, |
1032 | void *fp) |
1033 | { |
1034 | __le32 buf[3]; |
1035 | int rc; |
1036 | |
1037 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1038 | if (rc) { |
1039 | pr_err("SELinux: context truncated\n" ); |
1040 | goto out; |
1041 | } |
1042 | c->user = le32_to_cpu(buf[0]); |
1043 | c->role = le32_to_cpu(buf[1]); |
1044 | c->type = le32_to_cpu(buf[2]); |
1045 | if (p->policyvers >= POLICYDB_VERSION_MLS) { |
1046 | rc = mls_read_range_helper(r: &c->range, fp); |
1047 | if (rc) { |
1048 | pr_err("SELinux: error reading MLS range of context\n" ); |
1049 | goto out; |
1050 | } |
1051 | } |
1052 | |
1053 | rc = -EINVAL; |
1054 | if (!policydb_context_isvalid(p, c)) { |
1055 | pr_err("SELinux: invalid security context\n" ); |
1056 | context_destroy(c); |
1057 | goto out; |
1058 | } |
1059 | rc = 0; |
1060 | out: |
1061 | return rc; |
1062 | } |
1063 | |
1064 | /* |
1065 | * The following *_read functions are used to |
1066 | * read the symbol data from a policy database |
1067 | * binary representation file. |
1068 | */ |
1069 | |
1070 | static int str_read(char **strp, gfp_t flags, void *fp, u32 len) |
1071 | { |
1072 | int rc; |
1073 | char *str; |
1074 | |
1075 | if ((len == 0) || (len == (u32)-1)) |
1076 | return -EINVAL; |
1077 | |
1078 | str = kmalloc(size: len + 1, flags: flags | __GFP_NOWARN); |
1079 | if (!str) |
1080 | return -ENOMEM; |
1081 | |
1082 | rc = next_entry(buf: str, fp, bytes: len); |
1083 | if (rc) { |
1084 | kfree(objp: str); |
1085 | return rc; |
1086 | } |
1087 | |
1088 | str[len] = '\0'; |
1089 | *strp = str; |
1090 | return 0; |
1091 | } |
1092 | |
1093 | static int perm_read(struct policydb *p, struct symtab *s, void *fp) |
1094 | { |
1095 | char *key = NULL; |
1096 | struct perm_datum *perdatum; |
1097 | int rc; |
1098 | __le32 buf[2]; |
1099 | u32 len; |
1100 | |
1101 | perdatum = kzalloc(size: sizeof(*perdatum), GFP_KERNEL); |
1102 | if (!perdatum) |
1103 | return -ENOMEM; |
1104 | |
1105 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1106 | if (rc) |
1107 | goto bad; |
1108 | |
1109 | len = le32_to_cpu(buf[0]); |
1110 | perdatum->value = le32_to_cpu(buf[1]); |
1111 | |
1112 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1113 | if (rc) |
1114 | goto bad; |
1115 | |
1116 | rc = symtab_insert(s, name: key, datum: perdatum); |
1117 | if (rc) |
1118 | goto bad; |
1119 | |
1120 | return 0; |
1121 | bad: |
1122 | perm_destroy(key, datum: perdatum, NULL); |
1123 | return rc; |
1124 | } |
1125 | |
1126 | static int common_read(struct policydb *p, struct symtab *s, void *fp) |
1127 | { |
1128 | char *key = NULL; |
1129 | struct common_datum *comdatum; |
1130 | __le32 buf[4]; |
1131 | u32 i, len, nel; |
1132 | int rc; |
1133 | |
1134 | comdatum = kzalloc(size: sizeof(*comdatum), GFP_KERNEL); |
1135 | if (!comdatum) |
1136 | return -ENOMEM; |
1137 | |
1138 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1139 | if (rc) |
1140 | goto bad; |
1141 | |
1142 | len = le32_to_cpu(buf[0]); |
1143 | comdatum->value = le32_to_cpu(buf[1]); |
1144 | nel = le32_to_cpu(buf[3]); |
1145 | |
1146 | rc = symtab_init(s: &comdatum->permissions, size: nel); |
1147 | if (rc) |
1148 | goto bad; |
1149 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); |
1150 | |
1151 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1152 | if (rc) |
1153 | goto bad; |
1154 | |
1155 | for (i = 0; i < nel; i++) { |
1156 | rc = perm_read(p, s: &comdatum->permissions, fp); |
1157 | if (rc) |
1158 | goto bad; |
1159 | } |
1160 | |
1161 | rc = symtab_insert(s, name: key, datum: comdatum); |
1162 | if (rc) |
1163 | goto bad; |
1164 | return 0; |
1165 | bad: |
1166 | common_destroy(key, datum: comdatum, NULL); |
1167 | return rc; |
1168 | } |
1169 | |
1170 | static void type_set_init(struct type_set *t) |
1171 | { |
1172 | ebitmap_init(e: &t->types); |
1173 | ebitmap_init(e: &t->negset); |
1174 | } |
1175 | |
1176 | static int type_set_read(struct type_set *t, void *fp) |
1177 | { |
1178 | __le32 buf[1]; |
1179 | int rc; |
1180 | |
1181 | if (ebitmap_read(e: &t->types, fp)) |
1182 | return -EINVAL; |
1183 | if (ebitmap_read(e: &t->negset, fp)) |
1184 | return -EINVAL; |
1185 | |
1186 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1187 | if (rc < 0) |
1188 | return -EINVAL; |
1189 | t->flags = le32_to_cpu(buf[0]); |
1190 | |
1191 | return 0; |
1192 | } |
1193 | |
1194 | |
1195 | static int read_cons_helper(struct policydb *p, |
1196 | struct constraint_node **nodep, |
1197 | u32 ncons, int allowxtarget, void *fp) |
1198 | { |
1199 | struct constraint_node *c, *lc; |
1200 | struct constraint_expr *e, *le; |
1201 | __le32 buf[3]; |
1202 | u32 i, j, nexpr; |
1203 | int rc, depth; |
1204 | |
1205 | lc = NULL; |
1206 | for (i = 0; i < ncons; i++) { |
1207 | c = kzalloc(size: sizeof(*c), GFP_KERNEL); |
1208 | if (!c) |
1209 | return -ENOMEM; |
1210 | |
1211 | if (lc) |
1212 | lc->next = c; |
1213 | else |
1214 | *nodep = c; |
1215 | |
1216 | rc = next_entry(buf, fp, bytes: (sizeof(u32) * 2)); |
1217 | if (rc) |
1218 | return rc; |
1219 | c->permissions = le32_to_cpu(buf[0]); |
1220 | nexpr = le32_to_cpu(buf[1]); |
1221 | le = NULL; |
1222 | depth = -1; |
1223 | for (j = 0; j < nexpr; j++) { |
1224 | e = kzalloc(size: sizeof(*e), GFP_KERNEL); |
1225 | if (!e) |
1226 | return -ENOMEM; |
1227 | |
1228 | if (le) |
1229 | le->next = e; |
1230 | else |
1231 | c->expr = e; |
1232 | |
1233 | rc = next_entry(buf, fp, bytes: (sizeof(u32) * 3)); |
1234 | if (rc) |
1235 | return rc; |
1236 | e->expr_type = le32_to_cpu(buf[0]); |
1237 | e->attr = le32_to_cpu(buf[1]); |
1238 | e->op = le32_to_cpu(buf[2]); |
1239 | |
1240 | switch (e->expr_type) { |
1241 | case CEXPR_NOT: |
1242 | if (depth < 0) |
1243 | return -EINVAL; |
1244 | break; |
1245 | case CEXPR_AND: |
1246 | case CEXPR_OR: |
1247 | if (depth < 1) |
1248 | return -EINVAL; |
1249 | depth--; |
1250 | break; |
1251 | case CEXPR_ATTR: |
1252 | if (depth == (CEXPR_MAXDEPTH - 1)) |
1253 | return -EINVAL; |
1254 | depth++; |
1255 | break; |
1256 | case CEXPR_NAMES: |
1257 | if (!allowxtarget && (e->attr & CEXPR_XTARGET)) |
1258 | return -EINVAL; |
1259 | if (depth == (CEXPR_MAXDEPTH - 1)) |
1260 | return -EINVAL; |
1261 | depth++; |
1262 | rc = ebitmap_read(e: &e->names, fp); |
1263 | if (rc) |
1264 | return rc; |
1265 | if (p->policyvers >= |
1266 | POLICYDB_VERSION_CONSTRAINT_NAMES) { |
1267 | e->type_names = kzalloc(size: sizeof |
1268 | (*e->type_names), GFP_KERNEL); |
1269 | if (!e->type_names) |
1270 | return -ENOMEM; |
1271 | type_set_init(t: e->type_names); |
1272 | rc = type_set_read(t: e->type_names, fp); |
1273 | if (rc) |
1274 | return rc; |
1275 | } |
1276 | break; |
1277 | default: |
1278 | return -EINVAL; |
1279 | } |
1280 | le = e; |
1281 | } |
1282 | if (depth != 0) |
1283 | return -EINVAL; |
1284 | lc = c; |
1285 | } |
1286 | |
1287 | return 0; |
1288 | } |
1289 | |
1290 | static int class_read(struct policydb *p, struct symtab *s, void *fp) |
1291 | { |
1292 | char *key = NULL; |
1293 | struct class_datum *cladatum; |
1294 | __le32 buf[6]; |
1295 | u32 i, len, len2, ncons, nel; |
1296 | int rc; |
1297 | |
1298 | cladatum = kzalloc(size: sizeof(*cladatum), GFP_KERNEL); |
1299 | if (!cladatum) |
1300 | return -ENOMEM; |
1301 | |
1302 | rc = next_entry(buf, fp, bytes: sizeof(u32)*6); |
1303 | if (rc) |
1304 | goto bad; |
1305 | |
1306 | len = le32_to_cpu(buf[0]); |
1307 | len2 = le32_to_cpu(buf[1]); |
1308 | cladatum->value = le32_to_cpu(buf[2]); |
1309 | nel = le32_to_cpu(buf[4]); |
1310 | |
1311 | rc = symtab_init(s: &cladatum->permissions, size: nel); |
1312 | if (rc) |
1313 | goto bad; |
1314 | cladatum->permissions.nprim = le32_to_cpu(buf[3]); |
1315 | |
1316 | ncons = le32_to_cpu(buf[5]); |
1317 | |
1318 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1319 | if (rc) |
1320 | goto bad; |
1321 | |
1322 | if (len2) { |
1323 | rc = str_read(strp: &cladatum->comkey, GFP_KERNEL, fp, len: len2); |
1324 | if (rc) |
1325 | goto bad; |
1326 | |
1327 | rc = -EINVAL; |
1328 | cladatum->comdatum = symtab_search(s: &p->p_commons, |
1329 | name: cladatum->comkey); |
1330 | if (!cladatum->comdatum) { |
1331 | pr_err("SELinux: unknown common %s\n" , |
1332 | cladatum->comkey); |
1333 | goto bad; |
1334 | } |
1335 | } |
1336 | for (i = 0; i < nel; i++) { |
1337 | rc = perm_read(p, s: &cladatum->permissions, fp); |
1338 | if (rc) |
1339 | goto bad; |
1340 | } |
1341 | |
1342 | rc = read_cons_helper(p, nodep: &cladatum->constraints, ncons, allowxtarget: 0, fp); |
1343 | if (rc) |
1344 | goto bad; |
1345 | |
1346 | if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { |
1347 | /* grab the validatetrans rules */ |
1348 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1349 | if (rc) |
1350 | goto bad; |
1351 | ncons = le32_to_cpu(buf[0]); |
1352 | rc = read_cons_helper(p, nodep: &cladatum->validatetrans, |
1353 | ncons, allowxtarget: 1, fp); |
1354 | if (rc) |
1355 | goto bad; |
1356 | } |
1357 | |
1358 | if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { |
1359 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 3); |
1360 | if (rc) |
1361 | goto bad; |
1362 | |
1363 | cladatum->default_user = le32_to_cpu(buf[0]); |
1364 | cladatum->default_role = le32_to_cpu(buf[1]); |
1365 | cladatum->default_range = le32_to_cpu(buf[2]); |
1366 | } |
1367 | |
1368 | if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { |
1369 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 1); |
1370 | if (rc) |
1371 | goto bad; |
1372 | cladatum->default_type = le32_to_cpu(buf[0]); |
1373 | } |
1374 | |
1375 | rc = symtab_insert(s, name: key, datum: cladatum); |
1376 | if (rc) |
1377 | goto bad; |
1378 | |
1379 | return 0; |
1380 | bad: |
1381 | cls_destroy(key, datum: cladatum, NULL); |
1382 | return rc; |
1383 | } |
1384 | |
1385 | static int role_read(struct policydb *p, struct symtab *s, void *fp) |
1386 | { |
1387 | char *key = NULL; |
1388 | struct role_datum *role; |
1389 | int rc; |
1390 | unsigned int to_read = 2; |
1391 | __le32 buf[3]; |
1392 | u32 len; |
1393 | |
1394 | role = kzalloc(size: sizeof(*role), GFP_KERNEL); |
1395 | if (!role) |
1396 | return -ENOMEM; |
1397 | |
1398 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
1399 | to_read = 3; |
1400 | |
1401 | rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read); |
1402 | if (rc) |
1403 | goto bad; |
1404 | |
1405 | len = le32_to_cpu(buf[0]); |
1406 | role->value = le32_to_cpu(buf[1]); |
1407 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
1408 | role->bounds = le32_to_cpu(buf[2]); |
1409 | |
1410 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1411 | if (rc) |
1412 | goto bad; |
1413 | |
1414 | rc = ebitmap_read(e: &role->dominates, fp); |
1415 | if (rc) |
1416 | goto bad; |
1417 | |
1418 | rc = ebitmap_read(e: &role->types, fp); |
1419 | if (rc) |
1420 | goto bad; |
1421 | |
1422 | if (strcmp(key, OBJECT_R) == 0) { |
1423 | rc = -EINVAL; |
1424 | if (role->value != OBJECT_R_VAL) { |
1425 | pr_err("SELinux: Role %s has wrong value %d\n" , |
1426 | OBJECT_R, role->value); |
1427 | goto bad; |
1428 | } |
1429 | rc = 0; |
1430 | goto bad; |
1431 | } |
1432 | |
1433 | rc = symtab_insert(s, name: key, datum: role); |
1434 | if (rc) |
1435 | goto bad; |
1436 | return 0; |
1437 | bad: |
1438 | role_destroy(key, datum: role, NULL); |
1439 | return rc; |
1440 | } |
1441 | |
1442 | static int type_read(struct policydb *p, struct symtab *s, void *fp) |
1443 | { |
1444 | char *key = NULL; |
1445 | struct type_datum *typdatum; |
1446 | int rc; |
1447 | unsigned int to_read = 3; |
1448 | __le32 buf[4]; |
1449 | u32 len; |
1450 | |
1451 | typdatum = kzalloc(size: sizeof(*typdatum), GFP_KERNEL); |
1452 | if (!typdatum) |
1453 | return -ENOMEM; |
1454 | |
1455 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
1456 | to_read = 4; |
1457 | |
1458 | rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read); |
1459 | if (rc) |
1460 | goto bad; |
1461 | |
1462 | len = le32_to_cpu(buf[0]); |
1463 | typdatum->value = le32_to_cpu(buf[1]); |
1464 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { |
1465 | u32 prop = le32_to_cpu(buf[2]); |
1466 | |
1467 | if (prop & TYPEDATUM_PROPERTY_PRIMARY) |
1468 | typdatum->primary = 1; |
1469 | if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE) |
1470 | typdatum->attribute = 1; |
1471 | |
1472 | typdatum->bounds = le32_to_cpu(buf[3]); |
1473 | } else { |
1474 | typdatum->primary = le32_to_cpu(buf[2]); |
1475 | } |
1476 | |
1477 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1478 | if (rc) |
1479 | goto bad; |
1480 | |
1481 | rc = symtab_insert(s, name: key, datum: typdatum); |
1482 | if (rc) |
1483 | goto bad; |
1484 | return 0; |
1485 | bad: |
1486 | type_destroy(key, datum: typdatum, NULL); |
1487 | return rc; |
1488 | } |
1489 | |
1490 | |
1491 | /* |
1492 | * Read a MLS level structure from a policydb binary |
1493 | * representation file. |
1494 | */ |
1495 | static int mls_read_level(struct mls_level *lp, void *fp) |
1496 | { |
1497 | __le32 buf[1]; |
1498 | int rc; |
1499 | |
1500 | memset(lp, 0, sizeof(*lp)); |
1501 | |
1502 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1503 | if (rc) { |
1504 | pr_err("SELinux: mls: truncated level\n" ); |
1505 | return rc; |
1506 | } |
1507 | lp->sens = le32_to_cpu(buf[0]); |
1508 | |
1509 | rc = ebitmap_read(e: &lp->cat, fp); |
1510 | if (rc) { |
1511 | pr_err("SELinux: mls: error reading level categories\n" ); |
1512 | return rc; |
1513 | } |
1514 | return 0; |
1515 | } |
1516 | |
1517 | static int user_read(struct policydb *p, struct symtab *s, void *fp) |
1518 | { |
1519 | char *key = NULL; |
1520 | struct user_datum *usrdatum; |
1521 | int rc; |
1522 | unsigned int to_read = 2; |
1523 | __le32 buf[3]; |
1524 | u32 len; |
1525 | |
1526 | usrdatum = kzalloc(size: sizeof(*usrdatum), GFP_KERNEL); |
1527 | if (!usrdatum) |
1528 | return -ENOMEM; |
1529 | |
1530 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
1531 | to_read = 3; |
1532 | |
1533 | rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read); |
1534 | if (rc) |
1535 | goto bad; |
1536 | |
1537 | len = le32_to_cpu(buf[0]); |
1538 | usrdatum->value = le32_to_cpu(buf[1]); |
1539 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
1540 | usrdatum->bounds = le32_to_cpu(buf[2]); |
1541 | |
1542 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1543 | if (rc) |
1544 | goto bad; |
1545 | |
1546 | rc = ebitmap_read(e: &usrdatum->roles, fp); |
1547 | if (rc) |
1548 | goto bad; |
1549 | |
1550 | if (p->policyvers >= POLICYDB_VERSION_MLS) { |
1551 | rc = mls_read_range_helper(r: &usrdatum->range, fp); |
1552 | if (rc) |
1553 | goto bad; |
1554 | rc = mls_read_level(lp: &usrdatum->dfltlevel, fp); |
1555 | if (rc) |
1556 | goto bad; |
1557 | } |
1558 | |
1559 | rc = symtab_insert(s, name: key, datum: usrdatum); |
1560 | if (rc) |
1561 | goto bad; |
1562 | return 0; |
1563 | bad: |
1564 | user_destroy(key, datum: usrdatum, NULL); |
1565 | return rc; |
1566 | } |
1567 | |
1568 | static int sens_read(struct policydb *p, struct symtab *s, void *fp) |
1569 | { |
1570 | char *key = NULL; |
1571 | struct level_datum *levdatum; |
1572 | int rc; |
1573 | __le32 buf[2]; |
1574 | u32 len; |
1575 | |
1576 | levdatum = kzalloc(size: sizeof(*levdatum), GFP_KERNEL); |
1577 | if (!levdatum) |
1578 | return -ENOMEM; |
1579 | |
1580 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1581 | if (rc) |
1582 | goto bad; |
1583 | |
1584 | len = le32_to_cpu(buf[0]); |
1585 | levdatum->isalias = le32_to_cpu(buf[1]); |
1586 | |
1587 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1588 | if (rc) |
1589 | goto bad; |
1590 | |
1591 | rc = -ENOMEM; |
1592 | levdatum->level = kmalloc(size: sizeof(*levdatum->level), GFP_KERNEL); |
1593 | if (!levdatum->level) |
1594 | goto bad; |
1595 | |
1596 | rc = mls_read_level(lp: levdatum->level, fp); |
1597 | if (rc) |
1598 | goto bad; |
1599 | |
1600 | rc = symtab_insert(s, name: key, datum: levdatum); |
1601 | if (rc) |
1602 | goto bad; |
1603 | return 0; |
1604 | bad: |
1605 | sens_destroy(key, datum: levdatum, NULL); |
1606 | return rc; |
1607 | } |
1608 | |
1609 | static int cat_read(struct policydb *p, struct symtab *s, void *fp) |
1610 | { |
1611 | char *key = NULL; |
1612 | struct cat_datum *catdatum; |
1613 | int rc; |
1614 | __le32 buf[3]; |
1615 | u32 len; |
1616 | |
1617 | catdatum = kzalloc(size: sizeof(*catdatum), GFP_KERNEL); |
1618 | if (!catdatum) |
1619 | return -ENOMEM; |
1620 | |
1621 | rc = next_entry(buf, fp, bytes: sizeof buf); |
1622 | if (rc) |
1623 | goto bad; |
1624 | |
1625 | len = le32_to_cpu(buf[0]); |
1626 | catdatum->value = le32_to_cpu(buf[1]); |
1627 | catdatum->isalias = le32_to_cpu(buf[2]); |
1628 | |
1629 | rc = str_read(strp: &key, GFP_KERNEL, fp, len); |
1630 | if (rc) |
1631 | goto bad; |
1632 | |
1633 | rc = symtab_insert(s, name: key, datum: catdatum); |
1634 | if (rc) |
1635 | goto bad; |
1636 | return 0; |
1637 | bad: |
1638 | cat_destroy(key, datum: catdatum, NULL); |
1639 | return rc; |
1640 | } |
1641 | |
1642 | static int (*const read_f[SYM_NUM]) (struct policydb *p, |
1643 | struct symtab *s, void *fp) = { |
1644 | common_read, |
1645 | class_read, |
1646 | role_read, |
1647 | type_read, |
1648 | user_read, |
1649 | cond_read_bool, |
1650 | sens_read, |
1651 | cat_read, |
1652 | }; |
1653 | |
1654 | static int user_bounds_sanity_check(void *key, void *datum, void *datap) |
1655 | { |
1656 | struct user_datum *upper, *user; |
1657 | struct policydb *p = datap; |
1658 | int depth = 0; |
1659 | |
1660 | upper = user = datum; |
1661 | while (upper->bounds) { |
1662 | struct ebitmap_node *node; |
1663 | u32 bit; |
1664 | |
1665 | if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { |
1666 | pr_err("SELinux: user %s: " |
1667 | "too deep or looped boundary\n" , |
1668 | (char *) key); |
1669 | return -EINVAL; |
1670 | } |
1671 | |
1672 | upper = p->user_val_to_struct[upper->bounds - 1]; |
1673 | ebitmap_for_each_positive_bit(&user->roles, node, bit) { |
1674 | if (ebitmap_get_bit(e: &upper->roles, bit)) |
1675 | continue; |
1676 | |
1677 | pr_err("SELinux: boundary violated policy: " |
1678 | "user=%s role=%s bounds=%s\n" , |
1679 | sym_name(p, SYM_USERS, user->value - 1), |
1680 | sym_name(p, SYM_ROLES, bit), |
1681 | sym_name(p, SYM_USERS, upper->value - 1)); |
1682 | |
1683 | return -EINVAL; |
1684 | } |
1685 | } |
1686 | |
1687 | return 0; |
1688 | } |
1689 | |
1690 | static int role_bounds_sanity_check(void *key, void *datum, void *datap) |
1691 | { |
1692 | struct role_datum *upper, *role; |
1693 | struct policydb *p = datap; |
1694 | int depth = 0; |
1695 | |
1696 | upper = role = datum; |
1697 | while (upper->bounds) { |
1698 | struct ebitmap_node *node; |
1699 | u32 bit; |
1700 | |
1701 | if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { |
1702 | pr_err("SELinux: role %s: " |
1703 | "too deep or looped bounds\n" , |
1704 | (char *) key); |
1705 | return -EINVAL; |
1706 | } |
1707 | |
1708 | upper = p->role_val_to_struct[upper->bounds - 1]; |
1709 | ebitmap_for_each_positive_bit(&role->types, node, bit) { |
1710 | if (ebitmap_get_bit(e: &upper->types, bit)) |
1711 | continue; |
1712 | |
1713 | pr_err("SELinux: boundary violated policy: " |
1714 | "role=%s type=%s bounds=%s\n" , |
1715 | sym_name(p, SYM_ROLES, role->value - 1), |
1716 | sym_name(p, SYM_TYPES, bit), |
1717 | sym_name(p, SYM_ROLES, upper->value - 1)); |
1718 | |
1719 | return -EINVAL; |
1720 | } |
1721 | } |
1722 | |
1723 | return 0; |
1724 | } |
1725 | |
1726 | static int type_bounds_sanity_check(void *key, void *datum, void *datap) |
1727 | { |
1728 | struct type_datum *upper; |
1729 | struct policydb *p = datap; |
1730 | int depth = 0; |
1731 | |
1732 | upper = datum; |
1733 | while (upper->bounds) { |
1734 | if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { |
1735 | pr_err("SELinux: type %s: " |
1736 | "too deep or looped boundary\n" , |
1737 | (char *) key); |
1738 | return -EINVAL; |
1739 | } |
1740 | |
1741 | upper = p->type_val_to_struct[upper->bounds - 1]; |
1742 | BUG_ON(!upper); |
1743 | |
1744 | if (upper->attribute) { |
1745 | pr_err("SELinux: type %s: " |
1746 | "bounded by attribute %s\n" , |
1747 | (char *) key, |
1748 | sym_name(p, SYM_TYPES, upper->value - 1)); |
1749 | return -EINVAL; |
1750 | } |
1751 | } |
1752 | |
1753 | return 0; |
1754 | } |
1755 | |
1756 | static int policydb_bounds_sanity_check(struct policydb *p) |
1757 | { |
1758 | int rc; |
1759 | |
1760 | if (p->policyvers < POLICYDB_VERSION_BOUNDARY) |
1761 | return 0; |
1762 | |
1763 | rc = hashtab_map(h: &p->p_users.table, apply: user_bounds_sanity_check, args: p); |
1764 | if (rc) |
1765 | return rc; |
1766 | |
1767 | rc = hashtab_map(h: &p->p_roles.table, apply: role_bounds_sanity_check, args: p); |
1768 | if (rc) |
1769 | return rc; |
1770 | |
1771 | rc = hashtab_map(h: &p->p_types.table, apply: type_bounds_sanity_check, args: p); |
1772 | if (rc) |
1773 | return rc; |
1774 | |
1775 | return 0; |
1776 | } |
1777 | |
1778 | u16 string_to_security_class(struct policydb *p, const char *name) |
1779 | { |
1780 | struct class_datum *cladatum; |
1781 | |
1782 | cladatum = symtab_search(s: &p->p_classes, name); |
1783 | if (!cladatum) |
1784 | return 0; |
1785 | |
1786 | return cladatum->value; |
1787 | } |
1788 | |
1789 | u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name) |
1790 | { |
1791 | struct class_datum *cladatum; |
1792 | struct perm_datum *perdatum = NULL; |
1793 | struct common_datum *comdatum; |
1794 | |
1795 | if (!tclass || tclass > p->p_classes.nprim) |
1796 | return 0; |
1797 | |
1798 | cladatum = p->class_val_to_struct[tclass-1]; |
1799 | comdatum = cladatum->comdatum; |
1800 | if (comdatum) |
1801 | perdatum = symtab_search(s: &comdatum->permissions, name); |
1802 | if (!perdatum) |
1803 | perdatum = symtab_search(s: &cladatum->permissions, name); |
1804 | if (!perdatum) |
1805 | return 0; |
1806 | |
1807 | return 1U << (perdatum->value-1); |
1808 | } |
1809 | |
1810 | static int range_read(struct policydb *p, void *fp) |
1811 | { |
1812 | struct range_trans *rt = NULL; |
1813 | struct mls_range *r = NULL; |
1814 | int rc; |
1815 | __le32 buf[2]; |
1816 | u32 i, nel; |
1817 | |
1818 | if (p->policyvers < POLICYDB_VERSION_MLS) |
1819 | return 0; |
1820 | |
1821 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1822 | if (rc) |
1823 | return rc; |
1824 | |
1825 | nel = le32_to_cpu(buf[0]); |
1826 | |
1827 | rc = hashtab_init(h: &p->range_tr, nel_hint: nel); |
1828 | if (rc) |
1829 | return rc; |
1830 | |
1831 | for (i = 0; i < nel; i++) { |
1832 | rc = -ENOMEM; |
1833 | rt = kzalloc(size: sizeof(*rt), GFP_KERNEL); |
1834 | if (!rt) |
1835 | goto out; |
1836 | |
1837 | rc = next_entry(buf, fp, bytes: (sizeof(u32) * 2)); |
1838 | if (rc) |
1839 | goto out; |
1840 | |
1841 | rt->source_type = le32_to_cpu(buf[0]); |
1842 | rt->target_type = le32_to_cpu(buf[1]); |
1843 | if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { |
1844 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1845 | if (rc) |
1846 | goto out; |
1847 | rt->target_class = le32_to_cpu(buf[0]); |
1848 | } else |
1849 | rt->target_class = p->process_class; |
1850 | |
1851 | rc = -EINVAL; |
1852 | if (!policydb_type_isvalid(p, type: rt->source_type) || |
1853 | !policydb_type_isvalid(p, type: rt->target_type) || |
1854 | !policydb_class_isvalid(p, class: rt->target_class)) |
1855 | goto out; |
1856 | |
1857 | rc = -ENOMEM; |
1858 | r = kzalloc(size: sizeof(*r), GFP_KERNEL); |
1859 | if (!r) |
1860 | goto out; |
1861 | |
1862 | rc = mls_read_range_helper(r, fp); |
1863 | if (rc) |
1864 | goto out; |
1865 | |
1866 | rc = -EINVAL; |
1867 | if (!mls_range_isvalid(p, r)) { |
1868 | pr_warn("SELinux: rangetrans: invalid range\n" ); |
1869 | goto out; |
1870 | } |
1871 | |
1872 | rc = hashtab_insert(h: &p->range_tr, key: rt, datum: r, key_params: rangetr_key_params); |
1873 | if (rc) |
1874 | goto out; |
1875 | |
1876 | rt = NULL; |
1877 | r = NULL; |
1878 | } |
1879 | hash_eval(h: &p->range_tr, hash_name: "rangetr" ); |
1880 | rc = 0; |
1881 | out: |
1882 | kfree(objp: rt); |
1883 | kfree(objp: r); |
1884 | return rc; |
1885 | } |
1886 | |
1887 | static int filename_trans_read_helper_compat(struct policydb *p, void *fp) |
1888 | { |
1889 | struct filename_trans_key key, *ft = NULL; |
1890 | struct filename_trans_datum *last, *datum = NULL; |
1891 | char *name = NULL; |
1892 | u32 len, stype, otype; |
1893 | __le32 buf[4]; |
1894 | int rc; |
1895 | |
1896 | /* length of the path component string */ |
1897 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1898 | if (rc) |
1899 | return rc; |
1900 | len = le32_to_cpu(buf[0]); |
1901 | |
1902 | /* path component string */ |
1903 | rc = str_read(strp: &name, GFP_KERNEL, fp, len); |
1904 | if (rc) |
1905 | return rc; |
1906 | |
1907 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 4); |
1908 | if (rc) |
1909 | goto out; |
1910 | |
1911 | stype = le32_to_cpu(buf[0]); |
1912 | key.ttype = le32_to_cpu(buf[1]); |
1913 | key.tclass = le32_to_cpu(buf[2]); |
1914 | key.name = name; |
1915 | |
1916 | otype = le32_to_cpu(buf[3]); |
1917 | |
1918 | last = NULL; |
1919 | datum = policydb_filenametr_search(p, key: &key); |
1920 | while (datum) { |
1921 | if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) { |
1922 | /* conflicting/duplicate rules are ignored */ |
1923 | datum = NULL; |
1924 | goto out; |
1925 | } |
1926 | if (likely(datum->otype == otype)) |
1927 | break; |
1928 | last = datum; |
1929 | datum = datum->next; |
1930 | } |
1931 | if (!datum) { |
1932 | rc = -ENOMEM; |
1933 | datum = kmalloc(size: sizeof(*datum), GFP_KERNEL); |
1934 | if (!datum) |
1935 | goto out; |
1936 | |
1937 | ebitmap_init(e: &datum->stypes); |
1938 | datum->otype = otype; |
1939 | datum->next = NULL; |
1940 | |
1941 | if (unlikely(last)) { |
1942 | last->next = datum; |
1943 | } else { |
1944 | rc = -ENOMEM; |
1945 | ft = kmemdup(p: &key, size: sizeof(key), GFP_KERNEL); |
1946 | if (!ft) |
1947 | goto out; |
1948 | |
1949 | rc = hashtab_insert(h: &p->filename_trans, key: ft, datum, |
1950 | key_params: filenametr_key_params); |
1951 | if (rc) |
1952 | goto out; |
1953 | name = NULL; |
1954 | |
1955 | rc = ebitmap_set_bit(e: &p->filename_trans_ttypes, |
1956 | bit: key.ttype, value: 1); |
1957 | if (rc) |
1958 | return rc; |
1959 | } |
1960 | } |
1961 | kfree(objp: name); |
1962 | return ebitmap_set_bit(e: &datum->stypes, bit: stype - 1, value: 1); |
1963 | |
1964 | out: |
1965 | kfree(objp: ft); |
1966 | kfree(objp: name); |
1967 | kfree(objp: datum); |
1968 | return rc; |
1969 | } |
1970 | |
1971 | static int filename_trans_read_helper(struct policydb *p, void *fp) |
1972 | { |
1973 | struct filename_trans_key *ft = NULL; |
1974 | struct filename_trans_datum **dst, *datum, *first = NULL; |
1975 | char *name = NULL; |
1976 | u32 len, ttype, tclass, ndatum, i; |
1977 | __le32 buf[3]; |
1978 | int rc; |
1979 | |
1980 | /* length of the path component string */ |
1981 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
1982 | if (rc) |
1983 | return rc; |
1984 | len = le32_to_cpu(buf[0]); |
1985 | |
1986 | /* path component string */ |
1987 | rc = str_read(strp: &name, GFP_KERNEL, fp, len); |
1988 | if (rc) |
1989 | return rc; |
1990 | |
1991 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 3); |
1992 | if (rc) |
1993 | goto out; |
1994 | |
1995 | ttype = le32_to_cpu(buf[0]); |
1996 | tclass = le32_to_cpu(buf[1]); |
1997 | |
1998 | ndatum = le32_to_cpu(buf[2]); |
1999 | if (ndatum == 0) { |
2000 | pr_err("SELinux: Filename transition key with no datum\n" ); |
2001 | rc = -ENOENT; |
2002 | goto out; |
2003 | } |
2004 | |
2005 | dst = &first; |
2006 | for (i = 0; i < ndatum; i++) { |
2007 | rc = -ENOMEM; |
2008 | datum = kmalloc(size: sizeof(*datum), GFP_KERNEL); |
2009 | if (!datum) |
2010 | goto out; |
2011 | |
2012 | datum->next = NULL; |
2013 | *dst = datum; |
2014 | |
2015 | /* ebitmap_read() will at least init the bitmap */ |
2016 | rc = ebitmap_read(e: &datum->stypes, fp); |
2017 | if (rc) |
2018 | goto out; |
2019 | |
2020 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2021 | if (rc) |
2022 | goto out; |
2023 | |
2024 | datum->otype = le32_to_cpu(buf[0]); |
2025 | |
2026 | dst = &datum->next; |
2027 | } |
2028 | |
2029 | rc = -ENOMEM; |
2030 | ft = kmalloc(size: sizeof(*ft), GFP_KERNEL); |
2031 | if (!ft) |
2032 | goto out; |
2033 | |
2034 | ft->ttype = ttype; |
2035 | ft->tclass = tclass; |
2036 | ft->name = name; |
2037 | |
2038 | rc = hashtab_insert(h: &p->filename_trans, key: ft, datum: first, |
2039 | key_params: filenametr_key_params); |
2040 | if (rc == -EEXIST) |
2041 | pr_err("SELinux: Duplicate filename transition key\n" ); |
2042 | if (rc) |
2043 | goto out; |
2044 | |
2045 | return ebitmap_set_bit(e: &p->filename_trans_ttypes, bit: ttype, value: 1); |
2046 | |
2047 | out: |
2048 | kfree(objp: ft); |
2049 | kfree(objp: name); |
2050 | while (first) { |
2051 | datum = first; |
2052 | first = first->next; |
2053 | |
2054 | ebitmap_destroy(e: &datum->stypes); |
2055 | kfree(objp: datum); |
2056 | } |
2057 | return rc; |
2058 | } |
2059 | |
2060 | static int filename_trans_read(struct policydb *p, void *fp) |
2061 | { |
2062 | u32 nel, i; |
2063 | __le32 buf[1]; |
2064 | int rc; |
2065 | |
2066 | if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) |
2067 | return 0; |
2068 | |
2069 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2070 | if (rc) |
2071 | return rc; |
2072 | nel = le32_to_cpu(buf[0]); |
2073 | |
2074 | if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { |
2075 | p->compat_filename_trans_count = nel; |
2076 | |
2077 | rc = hashtab_init(h: &p->filename_trans, nel_hint: (1 << 11)); |
2078 | if (rc) |
2079 | return rc; |
2080 | |
2081 | for (i = 0; i < nel; i++) { |
2082 | rc = filename_trans_read_helper_compat(p, fp); |
2083 | if (rc) |
2084 | return rc; |
2085 | } |
2086 | } else { |
2087 | rc = hashtab_init(h: &p->filename_trans, nel_hint: nel); |
2088 | if (rc) |
2089 | return rc; |
2090 | |
2091 | for (i = 0; i < nel; i++) { |
2092 | rc = filename_trans_read_helper(p, fp); |
2093 | if (rc) |
2094 | return rc; |
2095 | } |
2096 | } |
2097 | hash_eval(h: &p->filename_trans, hash_name: "filenametr" ); |
2098 | return 0; |
2099 | } |
2100 | |
2101 | static int genfs_read(struct policydb *p, void *fp) |
2102 | { |
2103 | int rc; |
2104 | u32 i, j, nel, nel2, len, len2; |
2105 | __le32 buf[1]; |
2106 | struct ocontext *l, *c; |
2107 | struct ocontext *newc = NULL; |
2108 | struct genfs *genfs_p, *genfs; |
2109 | struct genfs *newgenfs = NULL; |
2110 | |
2111 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2112 | if (rc) |
2113 | return rc; |
2114 | nel = le32_to_cpu(buf[0]); |
2115 | |
2116 | for (i = 0; i < nel; i++) { |
2117 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2118 | if (rc) |
2119 | goto out; |
2120 | len = le32_to_cpu(buf[0]); |
2121 | |
2122 | rc = -ENOMEM; |
2123 | newgenfs = kzalloc(size: sizeof(*newgenfs), GFP_KERNEL); |
2124 | if (!newgenfs) |
2125 | goto out; |
2126 | |
2127 | rc = str_read(strp: &newgenfs->fstype, GFP_KERNEL, fp, len); |
2128 | if (rc) |
2129 | goto out; |
2130 | |
2131 | for (genfs_p = NULL, genfs = p->genfs; genfs; |
2132 | genfs_p = genfs, genfs = genfs->next) { |
2133 | rc = -EINVAL; |
2134 | if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { |
2135 | pr_err("SELinux: dup genfs fstype %s\n" , |
2136 | newgenfs->fstype); |
2137 | goto out; |
2138 | } |
2139 | if (strcmp(newgenfs->fstype, genfs->fstype) < 0) |
2140 | break; |
2141 | } |
2142 | newgenfs->next = genfs; |
2143 | if (genfs_p) |
2144 | genfs_p->next = newgenfs; |
2145 | else |
2146 | p->genfs = newgenfs; |
2147 | genfs = newgenfs; |
2148 | newgenfs = NULL; |
2149 | |
2150 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2151 | if (rc) |
2152 | goto out; |
2153 | |
2154 | nel2 = le32_to_cpu(buf[0]); |
2155 | for (j = 0; j < nel2; j++) { |
2156 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2157 | if (rc) |
2158 | goto out; |
2159 | len = le32_to_cpu(buf[0]); |
2160 | |
2161 | rc = -ENOMEM; |
2162 | newc = kzalloc(size: sizeof(*newc), GFP_KERNEL); |
2163 | if (!newc) |
2164 | goto out; |
2165 | |
2166 | rc = str_read(strp: &newc->u.name, GFP_KERNEL, fp, len); |
2167 | if (rc) |
2168 | goto out; |
2169 | |
2170 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2171 | if (rc) |
2172 | goto out; |
2173 | |
2174 | newc->v.sclass = le32_to_cpu(buf[0]); |
2175 | rc = context_read_and_validate(c: &newc->context[0], p, fp); |
2176 | if (rc) |
2177 | goto out; |
2178 | |
2179 | for (l = NULL, c = genfs->head; c; |
2180 | l = c, c = c->next) { |
2181 | rc = -EINVAL; |
2182 | if (!strcmp(newc->u.name, c->u.name) && |
2183 | (!c->v.sclass || !newc->v.sclass || |
2184 | newc->v.sclass == c->v.sclass)) { |
2185 | pr_err("SELinux: dup genfs entry (%s,%s)\n" , |
2186 | genfs->fstype, c->u.name); |
2187 | goto out; |
2188 | } |
2189 | len = strlen(newc->u.name); |
2190 | len2 = strlen(c->u.name); |
2191 | if (len > len2) |
2192 | break; |
2193 | } |
2194 | |
2195 | newc->next = c; |
2196 | if (l) |
2197 | l->next = newc; |
2198 | else |
2199 | genfs->head = newc; |
2200 | newc = NULL; |
2201 | } |
2202 | } |
2203 | rc = 0; |
2204 | out: |
2205 | if (newgenfs) { |
2206 | kfree(objp: newgenfs->fstype); |
2207 | kfree(objp: newgenfs); |
2208 | } |
2209 | ocontext_destroy(c: newc, OCON_FSUSE); |
2210 | |
2211 | return rc; |
2212 | } |
2213 | |
2214 | static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, |
2215 | void *fp) |
2216 | { |
2217 | int rc; |
2218 | unsigned int i; |
2219 | u32 j, nel, len; |
2220 | __be64 prefixbuf[1]; |
2221 | __le32 buf[3]; |
2222 | struct ocontext *l, *c; |
2223 | u32 nodebuf[8]; |
2224 | |
2225 | for (i = 0; i < info->ocon_num; i++) { |
2226 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2227 | if (rc) |
2228 | goto out; |
2229 | nel = le32_to_cpu(buf[0]); |
2230 | |
2231 | l = NULL; |
2232 | for (j = 0; j < nel; j++) { |
2233 | rc = -ENOMEM; |
2234 | c = kzalloc(size: sizeof(*c), GFP_KERNEL); |
2235 | if (!c) |
2236 | goto out; |
2237 | if (l) |
2238 | l->next = c; |
2239 | else |
2240 | p->ocontexts[i] = c; |
2241 | l = c; |
2242 | |
2243 | switch (i) { |
2244 | case OCON_ISID: |
2245 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2246 | if (rc) |
2247 | goto out; |
2248 | |
2249 | c->sid[0] = le32_to_cpu(buf[0]); |
2250 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2251 | if (rc) |
2252 | goto out; |
2253 | break; |
2254 | case OCON_FS: |
2255 | case OCON_NETIF: |
2256 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2257 | if (rc) |
2258 | goto out; |
2259 | len = le32_to_cpu(buf[0]); |
2260 | |
2261 | rc = str_read(strp: &c->u.name, GFP_KERNEL, fp, len); |
2262 | if (rc) |
2263 | goto out; |
2264 | |
2265 | if (i == OCON_FS) |
2266 | pr_warn("SELinux: void and deprecated fs ocon %s\n" , |
2267 | c->u.name); |
2268 | |
2269 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2270 | if (rc) |
2271 | goto out; |
2272 | rc = context_read_and_validate(c: &c->context[1], p, fp); |
2273 | if (rc) |
2274 | goto out; |
2275 | break; |
2276 | case OCON_PORT: |
2277 | rc = next_entry(buf, fp, bytes: sizeof(u32)*3); |
2278 | if (rc) |
2279 | goto out; |
2280 | c->u.port.protocol = le32_to_cpu(buf[0]); |
2281 | c->u.port.low_port = le32_to_cpu(buf[1]); |
2282 | c->u.port.high_port = le32_to_cpu(buf[2]); |
2283 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2284 | if (rc) |
2285 | goto out; |
2286 | break; |
2287 | case OCON_NODE: |
2288 | rc = next_entry(buf: nodebuf, fp, bytes: sizeof(u32) * 2); |
2289 | if (rc) |
2290 | goto out; |
2291 | c->u.node.addr = nodebuf[0]; /* network order */ |
2292 | c->u.node.mask = nodebuf[1]; /* network order */ |
2293 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2294 | if (rc) |
2295 | goto out; |
2296 | break; |
2297 | case OCON_FSUSE: |
2298 | rc = next_entry(buf, fp, bytes: sizeof(u32)*2); |
2299 | if (rc) |
2300 | goto out; |
2301 | |
2302 | rc = -EINVAL; |
2303 | c->v.behavior = le32_to_cpu(buf[0]); |
2304 | /* Determined at runtime, not in policy DB. */ |
2305 | if (c->v.behavior == SECURITY_FS_USE_MNTPOINT) |
2306 | goto out; |
2307 | if (c->v.behavior > SECURITY_FS_USE_MAX) |
2308 | goto out; |
2309 | |
2310 | len = le32_to_cpu(buf[1]); |
2311 | rc = str_read(strp: &c->u.name, GFP_KERNEL, fp, len); |
2312 | if (rc) |
2313 | goto out; |
2314 | |
2315 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2316 | if (rc) |
2317 | goto out; |
2318 | break; |
2319 | case OCON_NODE6: { |
2320 | int k; |
2321 | |
2322 | rc = next_entry(buf: nodebuf, fp, bytes: sizeof(u32) * 8); |
2323 | if (rc) |
2324 | goto out; |
2325 | for (k = 0; k < 4; k++) |
2326 | c->u.node6.addr[k] = nodebuf[k]; |
2327 | for (k = 0; k < 4; k++) |
2328 | c->u.node6.mask[k] = nodebuf[k+4]; |
2329 | rc = context_read_and_validate(c: &c->context[0], p, fp); |
2330 | if (rc) |
2331 | goto out; |
2332 | break; |
2333 | } |
2334 | case OCON_IBPKEY: { |
2335 | u32 pkey_lo, pkey_hi; |
2336 | |
2337 | rc = next_entry(buf: prefixbuf, fp, bytes: sizeof(u64)); |
2338 | if (rc) |
2339 | goto out; |
2340 | |
2341 | /* we need to have subnet_prefix in CPU order */ |
2342 | c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); |
2343 | |
2344 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 2); |
2345 | if (rc) |
2346 | goto out; |
2347 | |
2348 | pkey_lo = le32_to_cpu(buf[0]); |
2349 | pkey_hi = le32_to_cpu(buf[1]); |
2350 | |
2351 | if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { |
2352 | rc = -EINVAL; |
2353 | goto out; |
2354 | } |
2355 | |
2356 | c->u.ibpkey.low_pkey = pkey_lo; |
2357 | c->u.ibpkey.high_pkey = pkey_hi; |
2358 | |
2359 | rc = context_read_and_validate(c: &c->context[0], |
2360 | p, |
2361 | fp); |
2362 | if (rc) |
2363 | goto out; |
2364 | break; |
2365 | } |
2366 | case OCON_IBENDPORT: { |
2367 | u32 port; |
2368 | |
2369 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 2); |
2370 | if (rc) |
2371 | goto out; |
2372 | len = le32_to_cpu(buf[0]); |
2373 | |
2374 | rc = str_read(strp: &c->u.ibendport.dev_name, GFP_KERNEL, fp, len); |
2375 | if (rc) |
2376 | goto out; |
2377 | |
2378 | port = le32_to_cpu(buf[1]); |
2379 | if (port > U8_MAX || port == 0) { |
2380 | rc = -EINVAL; |
2381 | goto out; |
2382 | } |
2383 | |
2384 | c->u.ibendport.port = port; |
2385 | |
2386 | rc = context_read_and_validate(c: &c->context[0], |
2387 | p, |
2388 | fp); |
2389 | if (rc) |
2390 | goto out; |
2391 | break; |
2392 | } /* end case */ |
2393 | } /* end switch */ |
2394 | } |
2395 | } |
2396 | rc = 0; |
2397 | out: |
2398 | return rc; |
2399 | } |
2400 | |
2401 | /* |
2402 | * Read the configuration data from a policy database binary |
2403 | * representation file into a policy database structure. |
2404 | */ |
2405 | int policydb_read(struct policydb *p, void *fp) |
2406 | { |
2407 | struct role_allow *ra, *lra; |
2408 | struct role_trans_key *rtk = NULL; |
2409 | struct role_trans_datum *rtd = NULL; |
2410 | int rc; |
2411 | __le32 buf[4]; |
2412 | u32 i, j, len, nprim, nel, perm; |
2413 | |
2414 | char *policydb_str; |
2415 | const struct policydb_compat_info *info; |
2416 | |
2417 | policydb_init(p); |
2418 | |
2419 | /* Read the magic number and string length. */ |
2420 | rc = next_entry(buf, fp, bytes: sizeof(u32) * 2); |
2421 | if (rc) |
2422 | goto bad; |
2423 | |
2424 | rc = -EINVAL; |
2425 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
2426 | pr_err("SELinux: policydb magic number 0x%x does " |
2427 | "not match expected magic number 0x%x\n" , |
2428 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
2429 | goto bad; |
2430 | } |
2431 | |
2432 | rc = -EINVAL; |
2433 | len = le32_to_cpu(buf[1]); |
2434 | if (len != strlen(POLICYDB_STRING)) { |
2435 | pr_err("SELinux: policydb string length %d does not " |
2436 | "match expected length %zu\n" , |
2437 | len, strlen(POLICYDB_STRING)); |
2438 | goto bad; |
2439 | } |
2440 | |
2441 | rc = -ENOMEM; |
2442 | policydb_str = kmalloc(size: len + 1, GFP_KERNEL); |
2443 | if (!policydb_str) { |
2444 | pr_err("SELinux: unable to allocate memory for policydb " |
2445 | "string of length %d\n" , len); |
2446 | goto bad; |
2447 | } |
2448 | |
2449 | rc = next_entry(buf: policydb_str, fp, bytes: len); |
2450 | if (rc) { |
2451 | pr_err("SELinux: truncated policydb string identifier\n" ); |
2452 | kfree(objp: policydb_str); |
2453 | goto bad; |
2454 | } |
2455 | |
2456 | rc = -EINVAL; |
2457 | policydb_str[len] = '\0'; |
2458 | if (strcmp(policydb_str, POLICYDB_STRING)) { |
2459 | pr_err("SELinux: policydb string %s does not match " |
2460 | "my string %s\n" , policydb_str, POLICYDB_STRING); |
2461 | kfree(objp: policydb_str); |
2462 | goto bad; |
2463 | } |
2464 | /* Done with policydb_str. */ |
2465 | kfree(objp: policydb_str); |
2466 | policydb_str = NULL; |
2467 | |
2468 | /* Read the version and table sizes. */ |
2469 | rc = next_entry(buf, fp, bytes: sizeof(u32)*4); |
2470 | if (rc) |
2471 | goto bad; |
2472 | |
2473 | rc = -EINVAL; |
2474 | p->policyvers = le32_to_cpu(buf[0]); |
2475 | if (p->policyvers < POLICYDB_VERSION_MIN || |
2476 | p->policyvers > POLICYDB_VERSION_MAX) { |
2477 | pr_err("SELinux: policydb version %d does not match " |
2478 | "my version range %d-%d\n" , |
2479 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
2480 | goto bad; |
2481 | } |
2482 | |
2483 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
2484 | p->mls_enabled = 1; |
2485 | |
2486 | rc = -EINVAL; |
2487 | if (p->policyvers < POLICYDB_VERSION_MLS) { |
2488 | pr_err("SELinux: security policydb version %d " |
2489 | "(MLS) not backwards compatible\n" , |
2490 | p->policyvers); |
2491 | goto bad; |
2492 | } |
2493 | } |
2494 | p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); |
2495 | p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); |
2496 | |
2497 | if (p->policyvers >= POLICYDB_VERSION_POLCAP) { |
2498 | rc = ebitmap_read(e: &p->policycaps, fp); |
2499 | if (rc) |
2500 | goto bad; |
2501 | } |
2502 | |
2503 | if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { |
2504 | rc = ebitmap_read(e: &p->permissive_map, fp); |
2505 | if (rc) |
2506 | goto bad; |
2507 | } |
2508 | |
2509 | rc = -EINVAL; |
2510 | info = policydb_lookup_compat(version: p->policyvers); |
2511 | if (!info) { |
2512 | pr_err("SELinux: unable to find policy compat info " |
2513 | "for version %d\n" , p->policyvers); |
2514 | goto bad; |
2515 | } |
2516 | |
2517 | rc = -EINVAL; |
2518 | if (le32_to_cpu(buf[2]) != info->sym_num || |
2519 | le32_to_cpu(buf[3]) != info->ocon_num) { |
2520 | pr_err("SELinux: policydb table sizes (%d,%d) do " |
2521 | "not match mine (%d,%d)\n" , le32_to_cpu(buf[2]), |
2522 | le32_to_cpu(buf[3]), |
2523 | info->sym_num, info->ocon_num); |
2524 | goto bad; |
2525 | } |
2526 | |
2527 | for (i = 0; i < info->sym_num; i++) { |
2528 | rc = next_entry(buf, fp, bytes: sizeof(u32)*2); |
2529 | if (rc) |
2530 | goto bad; |
2531 | nprim = le32_to_cpu(buf[0]); |
2532 | nel = le32_to_cpu(buf[1]); |
2533 | |
2534 | rc = symtab_init(s: &p->symtab[i], size: nel); |
2535 | if (rc) |
2536 | goto out; |
2537 | |
2538 | if (i == SYM_ROLES) { |
2539 | rc = roles_init(p); |
2540 | if (rc) |
2541 | goto out; |
2542 | } |
2543 | |
2544 | for (j = 0; j < nel; j++) { |
2545 | rc = read_f[i](p, &p->symtab[i], fp); |
2546 | if (rc) |
2547 | goto bad; |
2548 | } |
2549 | |
2550 | p->symtab[i].nprim = nprim; |
2551 | } |
2552 | |
2553 | rc = -EINVAL; |
2554 | p->process_class = string_to_security_class(p, name: "process" ); |
2555 | if (!p->process_class) { |
2556 | pr_err("SELinux: process class is required, not defined in policy\n" ); |
2557 | goto bad; |
2558 | } |
2559 | |
2560 | rc = avtab_read(a: &p->te_avtab, fp, pol: p); |
2561 | if (rc) |
2562 | goto bad; |
2563 | |
2564 | if (p->policyvers >= POLICYDB_VERSION_BOOL) { |
2565 | rc = cond_read_list(p, fp); |
2566 | if (rc) |
2567 | goto bad; |
2568 | } |
2569 | |
2570 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2571 | if (rc) |
2572 | goto bad; |
2573 | nel = le32_to_cpu(buf[0]); |
2574 | |
2575 | rc = hashtab_init(h: &p->role_tr, nel_hint: nel); |
2576 | if (rc) |
2577 | goto bad; |
2578 | for (i = 0; i < nel; i++) { |
2579 | rc = -ENOMEM; |
2580 | rtk = kmalloc(size: sizeof(*rtk), GFP_KERNEL); |
2581 | if (!rtk) |
2582 | goto bad; |
2583 | |
2584 | rc = -ENOMEM; |
2585 | rtd = kmalloc(size: sizeof(*rtd), GFP_KERNEL); |
2586 | if (!rtd) |
2587 | goto bad; |
2588 | |
2589 | rc = next_entry(buf, fp, bytes: sizeof(u32)*3); |
2590 | if (rc) |
2591 | goto bad; |
2592 | |
2593 | rtk->role = le32_to_cpu(buf[0]); |
2594 | rtk->type = le32_to_cpu(buf[1]); |
2595 | rtd->new_role = le32_to_cpu(buf[2]); |
2596 | if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { |
2597 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2598 | if (rc) |
2599 | goto bad; |
2600 | rtk->tclass = le32_to_cpu(buf[0]); |
2601 | } else |
2602 | rtk->tclass = p->process_class; |
2603 | |
2604 | rc = -EINVAL; |
2605 | if (!policydb_role_isvalid(p, role: rtk->role) || |
2606 | !policydb_type_isvalid(p, type: rtk->type) || |
2607 | !policydb_class_isvalid(p, class: rtk->tclass) || |
2608 | !policydb_role_isvalid(p, role: rtd->new_role)) |
2609 | goto bad; |
2610 | |
2611 | rc = hashtab_insert(h: &p->role_tr, key: rtk, datum: rtd, key_params: roletr_key_params); |
2612 | if (rc) |
2613 | goto bad; |
2614 | |
2615 | rtk = NULL; |
2616 | rtd = NULL; |
2617 | } |
2618 | |
2619 | rc = next_entry(buf, fp, bytes: sizeof(u32)); |
2620 | if (rc) |
2621 | goto bad; |
2622 | nel = le32_to_cpu(buf[0]); |
2623 | lra = NULL; |
2624 | for (i = 0; i < nel; i++) { |
2625 | rc = -ENOMEM; |
2626 | ra = kzalloc(size: sizeof(*ra), GFP_KERNEL); |
2627 | if (!ra) |
2628 | goto bad; |
2629 | if (lra) |
2630 | lra->next = ra; |
2631 | else |
2632 | p->role_allow = ra; |
2633 | rc = next_entry(buf, fp, bytes: sizeof(u32)*2); |
2634 | if (rc) |
2635 | goto bad; |
2636 | |
2637 | rc = -EINVAL; |
2638 | ra->role = le32_to_cpu(buf[0]); |
2639 | ra->new_role = le32_to_cpu(buf[1]); |
2640 | if (!policydb_role_isvalid(p, role: ra->role) || |
2641 | !policydb_role_isvalid(p, role: ra->new_role)) |
2642 | goto bad; |
2643 | lra = ra; |
2644 | } |
2645 | |
2646 | rc = filename_trans_read(p, fp); |
2647 | if (rc) |
2648 | goto bad; |
2649 | |
2650 | rc = policydb_index(p); |
2651 | if (rc) |
2652 | goto bad; |
2653 | |
2654 | rc = -EINVAL; |
2655 | perm = string_to_av_perm(p, tclass: p->process_class, name: "transition" ); |
2656 | if (!perm) { |
2657 | pr_err("SELinux: process transition permission is required, not defined in policy\n" ); |
2658 | goto bad; |
2659 | } |
2660 | p->process_trans_perms = perm; |
2661 | perm = string_to_av_perm(p, tclass: p->process_class, name: "dyntransition" ); |
2662 | if (!perm) { |
2663 | pr_err("SELinux: process dyntransition permission is required, not defined in policy\n" ); |
2664 | goto bad; |
2665 | } |
2666 | p->process_trans_perms |= perm; |
2667 | |
2668 | rc = ocontext_read(p, info, fp); |
2669 | if (rc) |
2670 | goto bad; |
2671 | |
2672 | rc = genfs_read(p, fp); |
2673 | if (rc) |
2674 | goto bad; |
2675 | |
2676 | rc = range_read(p, fp); |
2677 | if (rc) |
2678 | goto bad; |
2679 | |
2680 | rc = -ENOMEM; |
2681 | p->type_attr_map_array = kvcalloc(n: p->p_types.nprim, |
2682 | size: sizeof(*p->type_attr_map_array), |
2683 | GFP_KERNEL); |
2684 | if (!p->type_attr_map_array) |
2685 | goto bad; |
2686 | |
2687 | /* just in case ebitmap_init() becomes more than just a memset(0): */ |
2688 | for (i = 0; i < p->p_types.nprim; i++) |
2689 | ebitmap_init(e: &p->type_attr_map_array[i]); |
2690 | |
2691 | for (i = 0; i < p->p_types.nprim; i++) { |
2692 | struct ebitmap *e = &p->type_attr_map_array[i]; |
2693 | |
2694 | if (p->policyvers >= POLICYDB_VERSION_AVTAB) { |
2695 | rc = ebitmap_read(e, fp); |
2696 | if (rc) |
2697 | goto bad; |
2698 | } |
2699 | /* add the type itself as the degenerate case */ |
2700 | rc = ebitmap_set_bit(e, bit: i, value: 1); |
2701 | if (rc) |
2702 | goto bad; |
2703 | } |
2704 | |
2705 | rc = policydb_bounds_sanity_check(p); |
2706 | if (rc) |
2707 | goto bad; |
2708 | |
2709 | rc = 0; |
2710 | out: |
2711 | return rc; |
2712 | bad: |
2713 | kfree(objp: rtk); |
2714 | kfree(objp: rtd); |
2715 | policydb_destroy(p); |
2716 | goto out; |
2717 | } |
2718 | |
2719 | /* |
2720 | * Write a MLS level structure to a policydb binary |
2721 | * representation file. |
2722 | */ |
2723 | static int mls_write_level(struct mls_level *l, void *fp) |
2724 | { |
2725 | __le32 buf[1]; |
2726 | int rc; |
2727 | |
2728 | buf[0] = cpu_to_le32(l->sens); |
2729 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
2730 | if (rc) |
2731 | return rc; |
2732 | |
2733 | rc = ebitmap_write(e: &l->cat, fp); |
2734 | if (rc) |
2735 | return rc; |
2736 | |
2737 | return 0; |
2738 | } |
2739 | |
2740 | /* |
2741 | * Write a MLS range structure to a policydb binary |
2742 | * representation file. |
2743 | */ |
2744 | static int mls_write_range_helper(struct mls_range *r, void *fp) |
2745 | { |
2746 | __le32 buf[3]; |
2747 | size_t items; |
2748 | int rc, eq; |
2749 | |
2750 | eq = mls_level_eq(l1: &r->level[1], l2: &r->level[0]); |
2751 | |
2752 | if (eq) |
2753 | items = 2; |
2754 | else |
2755 | items = 3; |
2756 | buf[0] = cpu_to_le32(items-1); |
2757 | buf[1] = cpu_to_le32(r->level[0].sens); |
2758 | if (!eq) |
2759 | buf[2] = cpu_to_le32(r->level[1].sens); |
2760 | |
2761 | BUG_ON(items > ARRAY_SIZE(buf)); |
2762 | |
2763 | rc = put_entry(buf, bytes: sizeof(u32), num: items, fp); |
2764 | if (rc) |
2765 | return rc; |
2766 | |
2767 | rc = ebitmap_write(e: &r->level[0].cat, fp); |
2768 | if (rc) |
2769 | return rc; |
2770 | if (!eq) { |
2771 | rc = ebitmap_write(e: &r->level[1].cat, fp); |
2772 | if (rc) |
2773 | return rc; |
2774 | } |
2775 | |
2776 | return 0; |
2777 | } |
2778 | |
2779 | static int sens_write(void *vkey, void *datum, void *ptr) |
2780 | { |
2781 | char *key = vkey; |
2782 | struct level_datum *levdatum = datum; |
2783 | struct policy_data *pd = ptr; |
2784 | void *fp = pd->fp; |
2785 | __le32 buf[2]; |
2786 | size_t len; |
2787 | int rc; |
2788 | |
2789 | len = strlen(key); |
2790 | buf[0] = cpu_to_le32(len); |
2791 | buf[1] = cpu_to_le32(levdatum->isalias); |
2792 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
2793 | if (rc) |
2794 | return rc; |
2795 | |
2796 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
2797 | if (rc) |
2798 | return rc; |
2799 | |
2800 | rc = mls_write_level(l: levdatum->level, fp); |
2801 | if (rc) |
2802 | return rc; |
2803 | |
2804 | return 0; |
2805 | } |
2806 | |
2807 | static int cat_write(void *vkey, void *datum, void *ptr) |
2808 | { |
2809 | char *key = vkey; |
2810 | struct cat_datum *catdatum = datum; |
2811 | struct policy_data *pd = ptr; |
2812 | void *fp = pd->fp; |
2813 | __le32 buf[3]; |
2814 | size_t len; |
2815 | int rc; |
2816 | |
2817 | len = strlen(key); |
2818 | buf[0] = cpu_to_le32(len); |
2819 | buf[1] = cpu_to_le32(catdatum->value); |
2820 | buf[2] = cpu_to_le32(catdatum->isalias); |
2821 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
2822 | if (rc) |
2823 | return rc; |
2824 | |
2825 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
2826 | if (rc) |
2827 | return rc; |
2828 | |
2829 | return 0; |
2830 | } |
2831 | |
2832 | static int role_trans_write_one(void *key, void *datum, void *ptr) |
2833 | { |
2834 | struct role_trans_key *rtk = key; |
2835 | struct role_trans_datum *rtd = datum; |
2836 | struct policy_data *pd = ptr; |
2837 | void *fp = pd->fp; |
2838 | struct policydb *p = pd->p; |
2839 | __le32 buf[3]; |
2840 | int rc; |
2841 | |
2842 | buf[0] = cpu_to_le32(rtk->role); |
2843 | buf[1] = cpu_to_le32(rtk->type); |
2844 | buf[2] = cpu_to_le32(rtd->new_role); |
2845 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
2846 | if (rc) |
2847 | return rc; |
2848 | if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) { |
2849 | buf[0] = cpu_to_le32(rtk->tclass); |
2850 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
2851 | if (rc) |
2852 | return rc; |
2853 | } |
2854 | return 0; |
2855 | } |
2856 | |
2857 | static int role_trans_write(struct policydb *p, void *fp) |
2858 | { |
2859 | struct policy_data pd = { .p = p, .fp = fp }; |
2860 | __le32 buf[1]; |
2861 | int rc; |
2862 | |
2863 | buf[0] = cpu_to_le32(p->role_tr.nel); |
2864 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
2865 | if (rc) |
2866 | return rc; |
2867 | |
2868 | return hashtab_map(h: &p->role_tr, apply: role_trans_write_one, args: &pd); |
2869 | } |
2870 | |
2871 | static int role_allow_write(struct role_allow *r, void *fp) |
2872 | { |
2873 | struct role_allow *ra; |
2874 | __le32 buf[2]; |
2875 | size_t nel; |
2876 | int rc; |
2877 | |
2878 | nel = 0; |
2879 | for (ra = r; ra; ra = ra->next) |
2880 | nel++; |
2881 | buf[0] = cpu_to_le32(nel); |
2882 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
2883 | if (rc) |
2884 | return rc; |
2885 | for (ra = r; ra; ra = ra->next) { |
2886 | buf[0] = cpu_to_le32(ra->role); |
2887 | buf[1] = cpu_to_le32(ra->new_role); |
2888 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
2889 | if (rc) |
2890 | return rc; |
2891 | } |
2892 | return 0; |
2893 | } |
2894 | |
2895 | /* |
2896 | * Write a security context structure |
2897 | * to a policydb binary representation file. |
2898 | */ |
2899 | static int context_write(struct policydb *p, struct context *c, |
2900 | void *fp) |
2901 | { |
2902 | int rc; |
2903 | __le32 buf[3]; |
2904 | |
2905 | buf[0] = cpu_to_le32(c->user); |
2906 | buf[1] = cpu_to_le32(c->role); |
2907 | buf[2] = cpu_to_le32(c->type); |
2908 | |
2909 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
2910 | if (rc) |
2911 | return rc; |
2912 | |
2913 | rc = mls_write_range_helper(r: &c->range, fp); |
2914 | if (rc) |
2915 | return rc; |
2916 | |
2917 | return 0; |
2918 | } |
2919 | |
2920 | /* |
2921 | * The following *_write functions are used to |
2922 | * write the symbol data to a policy database |
2923 | * binary representation file. |
2924 | */ |
2925 | |
2926 | static int perm_write(void *vkey, void *datum, void *fp) |
2927 | { |
2928 | char *key = vkey; |
2929 | struct perm_datum *perdatum = datum; |
2930 | __le32 buf[2]; |
2931 | size_t len; |
2932 | int rc; |
2933 | |
2934 | len = strlen(key); |
2935 | buf[0] = cpu_to_le32(len); |
2936 | buf[1] = cpu_to_le32(perdatum->value); |
2937 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
2938 | if (rc) |
2939 | return rc; |
2940 | |
2941 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
2942 | if (rc) |
2943 | return rc; |
2944 | |
2945 | return 0; |
2946 | } |
2947 | |
2948 | static int common_write(void *vkey, void *datum, void *ptr) |
2949 | { |
2950 | char *key = vkey; |
2951 | struct common_datum *comdatum = datum; |
2952 | struct policy_data *pd = ptr; |
2953 | void *fp = pd->fp; |
2954 | __le32 buf[4]; |
2955 | size_t len; |
2956 | int rc; |
2957 | |
2958 | len = strlen(key); |
2959 | buf[0] = cpu_to_le32(len); |
2960 | buf[1] = cpu_to_le32(comdatum->value); |
2961 | buf[2] = cpu_to_le32(comdatum->permissions.nprim); |
2962 | buf[3] = cpu_to_le32(comdatum->permissions.table.nel); |
2963 | rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp); |
2964 | if (rc) |
2965 | return rc; |
2966 | |
2967 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
2968 | if (rc) |
2969 | return rc; |
2970 | |
2971 | rc = hashtab_map(h: &comdatum->permissions.table, apply: perm_write, args: fp); |
2972 | if (rc) |
2973 | return rc; |
2974 | |
2975 | return 0; |
2976 | } |
2977 | |
2978 | static int type_set_write(struct type_set *t, void *fp) |
2979 | { |
2980 | int rc; |
2981 | __le32 buf[1]; |
2982 | |
2983 | if (ebitmap_write(e: &t->types, fp)) |
2984 | return -EINVAL; |
2985 | if (ebitmap_write(e: &t->negset, fp)) |
2986 | return -EINVAL; |
2987 | |
2988 | buf[0] = cpu_to_le32(t->flags); |
2989 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
2990 | if (rc) |
2991 | return -EINVAL; |
2992 | |
2993 | return 0; |
2994 | } |
2995 | |
2996 | static int write_cons_helper(struct policydb *p, struct constraint_node *node, |
2997 | void *fp) |
2998 | { |
2999 | struct constraint_node *c; |
3000 | struct constraint_expr *e; |
3001 | __le32 buf[3]; |
3002 | u32 nel; |
3003 | int rc; |
3004 | |
3005 | for (c = node; c; c = c->next) { |
3006 | nel = 0; |
3007 | for (e = c->expr; e; e = e->next) |
3008 | nel++; |
3009 | buf[0] = cpu_to_le32(c->permissions); |
3010 | buf[1] = cpu_to_le32(nel); |
3011 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3012 | if (rc) |
3013 | return rc; |
3014 | for (e = c->expr; e; e = e->next) { |
3015 | buf[0] = cpu_to_le32(e->expr_type); |
3016 | buf[1] = cpu_to_le32(e->attr); |
3017 | buf[2] = cpu_to_le32(e->op); |
3018 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
3019 | if (rc) |
3020 | return rc; |
3021 | |
3022 | switch (e->expr_type) { |
3023 | case CEXPR_NAMES: |
3024 | rc = ebitmap_write(e: &e->names, fp); |
3025 | if (rc) |
3026 | return rc; |
3027 | if (p->policyvers >= |
3028 | POLICYDB_VERSION_CONSTRAINT_NAMES) { |
3029 | rc = type_set_write(t: e->type_names, fp); |
3030 | if (rc) |
3031 | return rc; |
3032 | } |
3033 | break; |
3034 | default: |
3035 | break; |
3036 | } |
3037 | } |
3038 | } |
3039 | |
3040 | return 0; |
3041 | } |
3042 | |
3043 | static int class_write(void *vkey, void *datum, void *ptr) |
3044 | { |
3045 | char *key = vkey; |
3046 | struct class_datum *cladatum = datum; |
3047 | struct policy_data *pd = ptr; |
3048 | void *fp = pd->fp; |
3049 | struct policydb *p = pd->p; |
3050 | struct constraint_node *c; |
3051 | __le32 buf[6]; |
3052 | u32 ncons; |
3053 | size_t len, len2; |
3054 | int rc; |
3055 | |
3056 | len = strlen(key); |
3057 | if (cladatum->comkey) |
3058 | len2 = strlen(cladatum->comkey); |
3059 | else |
3060 | len2 = 0; |
3061 | |
3062 | ncons = 0; |
3063 | for (c = cladatum->constraints; c; c = c->next) |
3064 | ncons++; |
3065 | |
3066 | buf[0] = cpu_to_le32(len); |
3067 | buf[1] = cpu_to_le32(len2); |
3068 | buf[2] = cpu_to_le32(cladatum->value); |
3069 | buf[3] = cpu_to_le32(cladatum->permissions.nprim); |
3070 | buf[4] = cpu_to_le32(cladatum->permissions.table.nel); |
3071 | buf[5] = cpu_to_le32(ncons); |
3072 | rc = put_entry(buf, bytes: sizeof(u32), num: 6, fp); |
3073 | if (rc) |
3074 | return rc; |
3075 | |
3076 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
3077 | if (rc) |
3078 | return rc; |
3079 | |
3080 | if (cladatum->comkey) { |
3081 | rc = put_entry(buf: cladatum->comkey, bytes: 1, num: len2, fp); |
3082 | if (rc) |
3083 | return rc; |
3084 | } |
3085 | |
3086 | rc = hashtab_map(h: &cladatum->permissions.table, apply: perm_write, args: fp); |
3087 | if (rc) |
3088 | return rc; |
3089 | |
3090 | rc = write_cons_helper(p, node: cladatum->constraints, fp); |
3091 | if (rc) |
3092 | return rc; |
3093 | |
3094 | /* write out the validatetrans rule */ |
3095 | ncons = 0; |
3096 | for (c = cladatum->validatetrans; c; c = c->next) |
3097 | ncons++; |
3098 | |
3099 | buf[0] = cpu_to_le32(ncons); |
3100 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3101 | if (rc) |
3102 | return rc; |
3103 | |
3104 | rc = write_cons_helper(p, node: cladatum->validatetrans, fp); |
3105 | if (rc) |
3106 | return rc; |
3107 | |
3108 | if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) { |
3109 | buf[0] = cpu_to_le32(cladatum->default_user); |
3110 | buf[1] = cpu_to_le32(cladatum->default_role); |
3111 | buf[2] = cpu_to_le32(cladatum->default_range); |
3112 | |
3113 | rc = put_entry(buf, bytes: sizeof(uint32_t), num: 3, fp); |
3114 | if (rc) |
3115 | return rc; |
3116 | } |
3117 | |
3118 | if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) { |
3119 | buf[0] = cpu_to_le32(cladatum->default_type); |
3120 | rc = put_entry(buf, bytes: sizeof(uint32_t), num: 1, fp); |
3121 | if (rc) |
3122 | return rc; |
3123 | } |
3124 | |
3125 | return 0; |
3126 | } |
3127 | |
3128 | static int role_write(void *vkey, void *datum, void *ptr) |
3129 | { |
3130 | char *key = vkey; |
3131 | struct role_datum *role = datum; |
3132 | struct policy_data *pd = ptr; |
3133 | void *fp = pd->fp; |
3134 | struct policydb *p = pd->p; |
3135 | __le32 buf[3]; |
3136 | size_t items, len; |
3137 | int rc; |
3138 | |
3139 | len = strlen(key); |
3140 | items = 0; |
3141 | buf[items++] = cpu_to_le32(len); |
3142 | buf[items++] = cpu_to_le32(role->value); |
3143 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
3144 | buf[items++] = cpu_to_le32(role->bounds); |
3145 | |
3146 | BUG_ON(items > ARRAY_SIZE(buf)); |
3147 | |
3148 | rc = put_entry(buf, bytes: sizeof(u32), num: items, fp); |
3149 | if (rc) |
3150 | return rc; |
3151 | |
3152 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
3153 | if (rc) |
3154 | return rc; |
3155 | |
3156 | rc = ebitmap_write(e: &role->dominates, fp); |
3157 | if (rc) |
3158 | return rc; |
3159 | |
3160 | rc = ebitmap_write(e: &role->types, fp); |
3161 | if (rc) |
3162 | return rc; |
3163 | |
3164 | return 0; |
3165 | } |
3166 | |
3167 | static int type_write(void *vkey, void *datum, void *ptr) |
3168 | { |
3169 | char *key = vkey; |
3170 | struct type_datum *typdatum = datum; |
3171 | struct policy_data *pd = ptr; |
3172 | struct policydb *p = pd->p; |
3173 | void *fp = pd->fp; |
3174 | __le32 buf[4]; |
3175 | int rc; |
3176 | size_t items, len; |
3177 | |
3178 | len = strlen(key); |
3179 | items = 0; |
3180 | buf[items++] = cpu_to_le32(len); |
3181 | buf[items++] = cpu_to_le32(typdatum->value); |
3182 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) { |
3183 | u32 properties = 0; |
3184 | |
3185 | if (typdatum->primary) |
3186 | properties |= TYPEDATUM_PROPERTY_PRIMARY; |
3187 | |
3188 | if (typdatum->attribute) |
3189 | properties |= TYPEDATUM_PROPERTY_ATTRIBUTE; |
3190 | |
3191 | buf[items++] = cpu_to_le32(properties); |
3192 | buf[items++] = cpu_to_le32(typdatum->bounds); |
3193 | } else { |
3194 | buf[items++] = cpu_to_le32(typdatum->primary); |
3195 | } |
3196 | BUG_ON(items > ARRAY_SIZE(buf)); |
3197 | rc = put_entry(buf, bytes: sizeof(u32), num: items, fp); |
3198 | if (rc) |
3199 | return rc; |
3200 | |
3201 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
3202 | if (rc) |
3203 | return rc; |
3204 | |
3205 | return 0; |
3206 | } |
3207 | |
3208 | static int user_write(void *vkey, void *datum, void *ptr) |
3209 | { |
3210 | char *key = vkey; |
3211 | struct user_datum *usrdatum = datum; |
3212 | struct policy_data *pd = ptr; |
3213 | struct policydb *p = pd->p; |
3214 | void *fp = pd->fp; |
3215 | __le32 buf[3]; |
3216 | size_t items, len; |
3217 | int rc; |
3218 | |
3219 | len = strlen(key); |
3220 | items = 0; |
3221 | buf[items++] = cpu_to_le32(len); |
3222 | buf[items++] = cpu_to_le32(usrdatum->value); |
3223 | if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) |
3224 | buf[items++] = cpu_to_le32(usrdatum->bounds); |
3225 | BUG_ON(items > ARRAY_SIZE(buf)); |
3226 | rc = put_entry(buf, bytes: sizeof(u32), num: items, fp); |
3227 | if (rc) |
3228 | return rc; |
3229 | |
3230 | rc = put_entry(buf: key, bytes: 1, num: len, fp); |
3231 | if (rc) |
3232 | return rc; |
3233 | |
3234 | rc = ebitmap_write(e: &usrdatum->roles, fp); |
3235 | if (rc) |
3236 | return rc; |
3237 | |
3238 | rc = mls_write_range_helper(r: &usrdatum->range, fp); |
3239 | if (rc) |
3240 | return rc; |
3241 | |
3242 | rc = mls_write_level(l: &usrdatum->dfltlevel, fp); |
3243 | if (rc) |
3244 | return rc; |
3245 | |
3246 | return 0; |
3247 | } |
3248 | |
3249 | static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { |
3250 | common_write, |
3251 | class_write, |
3252 | role_write, |
3253 | type_write, |
3254 | user_write, |
3255 | cond_write_bool, |
3256 | sens_write, |
3257 | cat_write, |
3258 | }; |
3259 | |
3260 | static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, |
3261 | void *fp) |
3262 | { |
3263 | unsigned int i, j; |
3264 | int rc; |
3265 | size_t nel, len; |
3266 | __be64 prefixbuf[1]; |
3267 | __le32 buf[3]; |
3268 | u32 nodebuf[8]; |
3269 | struct ocontext *c; |
3270 | for (i = 0; i < info->ocon_num; i++) { |
3271 | nel = 0; |
3272 | for (c = p->ocontexts[i]; c; c = c->next) |
3273 | nel++; |
3274 | buf[0] = cpu_to_le32(nel); |
3275 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3276 | if (rc) |
3277 | return rc; |
3278 | for (c = p->ocontexts[i]; c; c = c->next) { |
3279 | switch (i) { |
3280 | case OCON_ISID: |
3281 | buf[0] = cpu_to_le32(c->sid[0]); |
3282 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3283 | if (rc) |
3284 | return rc; |
3285 | rc = context_write(p, c: &c->context[0], fp); |
3286 | if (rc) |
3287 | return rc; |
3288 | break; |
3289 | case OCON_FS: |
3290 | case OCON_NETIF: |
3291 | len = strlen(c->u.name); |
3292 | buf[0] = cpu_to_le32(len); |
3293 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3294 | if (rc) |
3295 | return rc; |
3296 | rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp); |
3297 | if (rc) |
3298 | return rc; |
3299 | rc = context_write(p, c: &c->context[0], fp); |
3300 | if (rc) |
3301 | return rc; |
3302 | rc = context_write(p, c: &c->context[1], fp); |
3303 | if (rc) |
3304 | return rc; |
3305 | break; |
3306 | case OCON_PORT: |
3307 | buf[0] = cpu_to_le32(c->u.port.protocol); |
3308 | buf[1] = cpu_to_le32(c->u.port.low_port); |
3309 | buf[2] = cpu_to_le32(c->u.port.high_port); |
3310 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
3311 | if (rc) |
3312 | return rc; |
3313 | rc = context_write(p, c: &c->context[0], fp); |
3314 | if (rc) |
3315 | return rc; |
3316 | break; |
3317 | case OCON_NODE: |
3318 | nodebuf[0] = c->u.node.addr; /* network order */ |
3319 | nodebuf[1] = c->u.node.mask; /* network order */ |
3320 | rc = put_entry(buf: nodebuf, bytes: sizeof(u32), num: 2, fp); |
3321 | if (rc) |
3322 | return rc; |
3323 | rc = context_write(p, c: &c->context[0], fp); |
3324 | if (rc) |
3325 | return rc; |
3326 | break; |
3327 | case OCON_FSUSE: |
3328 | buf[0] = cpu_to_le32(c->v.behavior); |
3329 | len = strlen(c->u.name); |
3330 | buf[1] = cpu_to_le32(len); |
3331 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3332 | if (rc) |
3333 | return rc; |
3334 | rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp); |
3335 | if (rc) |
3336 | return rc; |
3337 | rc = context_write(p, c: &c->context[0], fp); |
3338 | if (rc) |
3339 | return rc; |
3340 | break; |
3341 | case OCON_NODE6: |
3342 | for (j = 0; j < 4; j++) |
3343 | nodebuf[j] = c->u.node6.addr[j]; /* network order */ |
3344 | for (j = 0; j < 4; j++) |
3345 | nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ |
3346 | rc = put_entry(buf: nodebuf, bytes: sizeof(u32), num: 8, fp); |
3347 | if (rc) |
3348 | return rc; |
3349 | rc = context_write(p, c: &c->context[0], fp); |
3350 | if (rc) |
3351 | return rc; |
3352 | break; |
3353 | case OCON_IBPKEY: |
3354 | /* subnet_prefix is in CPU order */ |
3355 | prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); |
3356 | |
3357 | rc = put_entry(buf: prefixbuf, bytes: sizeof(u64), num: 1, fp); |
3358 | if (rc) |
3359 | return rc; |
3360 | |
3361 | buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); |
3362 | buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); |
3363 | |
3364 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3365 | if (rc) |
3366 | return rc; |
3367 | rc = context_write(p, c: &c->context[0], fp); |
3368 | if (rc) |
3369 | return rc; |
3370 | break; |
3371 | case OCON_IBENDPORT: |
3372 | len = strlen(c->u.ibendport.dev_name); |
3373 | buf[0] = cpu_to_le32(len); |
3374 | buf[1] = cpu_to_le32(c->u.ibendport.port); |
3375 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3376 | if (rc) |
3377 | return rc; |
3378 | rc = put_entry(buf: c->u.ibendport.dev_name, bytes: 1, num: len, fp); |
3379 | if (rc) |
3380 | return rc; |
3381 | rc = context_write(p, c: &c->context[0], fp); |
3382 | if (rc) |
3383 | return rc; |
3384 | break; |
3385 | } |
3386 | } |
3387 | } |
3388 | return 0; |
3389 | } |
3390 | |
3391 | static int genfs_write(struct policydb *p, void *fp) |
3392 | { |
3393 | struct genfs *genfs; |
3394 | struct ocontext *c; |
3395 | size_t len; |
3396 | __le32 buf[1]; |
3397 | int rc; |
3398 | |
3399 | len = 0; |
3400 | for (genfs = p->genfs; genfs; genfs = genfs->next) |
3401 | len++; |
3402 | buf[0] = cpu_to_le32(len); |
3403 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3404 | if (rc) |
3405 | return rc; |
3406 | for (genfs = p->genfs; genfs; genfs = genfs->next) { |
3407 | len = strlen(genfs->fstype); |
3408 | buf[0] = cpu_to_le32(len); |
3409 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3410 | if (rc) |
3411 | return rc; |
3412 | rc = put_entry(buf: genfs->fstype, bytes: 1, num: len, fp); |
3413 | if (rc) |
3414 | return rc; |
3415 | len = 0; |
3416 | for (c = genfs->head; c; c = c->next) |
3417 | len++; |
3418 | buf[0] = cpu_to_le32(len); |
3419 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3420 | if (rc) |
3421 | return rc; |
3422 | for (c = genfs->head; c; c = c->next) { |
3423 | len = strlen(c->u.name); |
3424 | buf[0] = cpu_to_le32(len); |
3425 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3426 | if (rc) |
3427 | return rc; |
3428 | rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp); |
3429 | if (rc) |
3430 | return rc; |
3431 | buf[0] = cpu_to_le32(c->v.sclass); |
3432 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3433 | if (rc) |
3434 | return rc; |
3435 | rc = context_write(p, c: &c->context[0], fp); |
3436 | if (rc) |
3437 | return rc; |
3438 | } |
3439 | } |
3440 | return 0; |
3441 | } |
3442 | |
3443 | static int range_write_helper(void *key, void *data, void *ptr) |
3444 | { |
3445 | __le32 buf[2]; |
3446 | struct range_trans *rt = key; |
3447 | struct mls_range *r = data; |
3448 | struct policy_data *pd = ptr; |
3449 | void *fp = pd->fp; |
3450 | struct policydb *p = pd->p; |
3451 | int rc; |
3452 | |
3453 | buf[0] = cpu_to_le32(rt->source_type); |
3454 | buf[1] = cpu_to_le32(rt->target_type); |
3455 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3456 | if (rc) |
3457 | return rc; |
3458 | if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) { |
3459 | buf[0] = cpu_to_le32(rt->target_class); |
3460 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3461 | if (rc) |
3462 | return rc; |
3463 | } |
3464 | rc = mls_write_range_helper(r, fp); |
3465 | if (rc) |
3466 | return rc; |
3467 | |
3468 | return 0; |
3469 | } |
3470 | |
3471 | static int range_write(struct policydb *p, void *fp) |
3472 | { |
3473 | __le32 buf[1]; |
3474 | int rc; |
3475 | struct policy_data pd; |
3476 | |
3477 | pd.p = p; |
3478 | pd.fp = fp; |
3479 | |
3480 | buf[0] = cpu_to_le32(p->range_tr.nel); |
3481 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3482 | if (rc) |
3483 | return rc; |
3484 | |
3485 | /* actually write all of the entries */ |
3486 | rc = hashtab_map(h: &p->range_tr, apply: range_write_helper, args: &pd); |
3487 | if (rc) |
3488 | return rc; |
3489 | |
3490 | return 0; |
3491 | } |
3492 | |
3493 | static int filename_write_helper_compat(void *key, void *data, void *ptr) |
3494 | { |
3495 | struct filename_trans_key *ft = key; |
3496 | struct filename_trans_datum *datum = data; |
3497 | struct ebitmap_node *node; |
3498 | void *fp = ptr; |
3499 | __le32 buf[4]; |
3500 | int rc; |
3501 | u32 bit, len = strlen(ft->name); |
3502 | |
3503 | do { |
3504 | ebitmap_for_each_positive_bit(&datum->stypes, node, bit) { |
3505 | buf[0] = cpu_to_le32(len); |
3506 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3507 | if (rc) |
3508 | return rc; |
3509 | |
3510 | rc = put_entry(buf: ft->name, bytes: sizeof(char), num: len, fp); |
3511 | if (rc) |
3512 | return rc; |
3513 | |
3514 | buf[0] = cpu_to_le32(bit + 1); |
3515 | buf[1] = cpu_to_le32(ft->ttype); |
3516 | buf[2] = cpu_to_le32(ft->tclass); |
3517 | buf[3] = cpu_to_le32(datum->otype); |
3518 | |
3519 | rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp); |
3520 | if (rc) |
3521 | return rc; |
3522 | } |
3523 | |
3524 | datum = datum->next; |
3525 | } while (unlikely(datum)); |
3526 | |
3527 | return 0; |
3528 | } |
3529 | |
3530 | static int filename_write_helper(void *key, void *data, void *ptr) |
3531 | { |
3532 | struct filename_trans_key *ft = key; |
3533 | struct filename_trans_datum *datum; |
3534 | void *fp = ptr; |
3535 | __le32 buf[3]; |
3536 | int rc; |
3537 | u32 ndatum, len = strlen(ft->name); |
3538 | |
3539 | buf[0] = cpu_to_le32(len); |
3540 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3541 | if (rc) |
3542 | return rc; |
3543 | |
3544 | rc = put_entry(buf: ft->name, bytes: sizeof(char), num: len, fp); |
3545 | if (rc) |
3546 | return rc; |
3547 | |
3548 | ndatum = 0; |
3549 | datum = data; |
3550 | do { |
3551 | ndatum++; |
3552 | datum = datum->next; |
3553 | } while (unlikely(datum)); |
3554 | |
3555 | buf[0] = cpu_to_le32(ft->ttype); |
3556 | buf[1] = cpu_to_le32(ft->tclass); |
3557 | buf[2] = cpu_to_le32(ndatum); |
3558 | rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp); |
3559 | if (rc) |
3560 | return rc; |
3561 | |
3562 | datum = data; |
3563 | do { |
3564 | rc = ebitmap_write(e: &datum->stypes, fp); |
3565 | if (rc) |
3566 | return rc; |
3567 | |
3568 | buf[0] = cpu_to_le32(datum->otype); |
3569 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3570 | if (rc) |
3571 | return rc; |
3572 | |
3573 | datum = datum->next; |
3574 | } while (unlikely(datum)); |
3575 | |
3576 | return 0; |
3577 | } |
3578 | |
3579 | static int filename_trans_write(struct policydb *p, void *fp) |
3580 | { |
3581 | __le32 buf[1]; |
3582 | int rc; |
3583 | |
3584 | if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) |
3585 | return 0; |
3586 | |
3587 | if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { |
3588 | buf[0] = cpu_to_le32(p->compat_filename_trans_count); |
3589 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3590 | if (rc) |
3591 | return rc; |
3592 | |
3593 | rc = hashtab_map(h: &p->filename_trans, |
3594 | apply: filename_write_helper_compat, args: fp); |
3595 | } else { |
3596 | buf[0] = cpu_to_le32(p->filename_trans.nel); |
3597 | rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp); |
3598 | if (rc) |
3599 | return rc; |
3600 | |
3601 | rc = hashtab_map(h: &p->filename_trans, apply: filename_write_helper, args: fp); |
3602 | } |
3603 | return rc; |
3604 | } |
3605 | |
3606 | /* |
3607 | * Write the configuration data in a policy database |
3608 | * structure to a policy database binary representation |
3609 | * file. |
3610 | */ |
3611 | int policydb_write(struct policydb *p, void *fp) |
3612 | { |
3613 | unsigned int num_syms; |
3614 | int rc; |
3615 | __le32 buf[4]; |
3616 | u32 config, i; |
3617 | size_t len; |
3618 | const struct policydb_compat_info *info; |
3619 | |
3620 | /* |
3621 | * refuse to write policy older than compressed avtab |
3622 | * to simplify the writer. There are other tests dropped |
3623 | * since we assume this throughout the writer code. Be |
3624 | * careful if you ever try to remove this restriction |
3625 | */ |
3626 | if (p->policyvers < POLICYDB_VERSION_AVTAB) { |
3627 | pr_err("SELinux: refusing to write policy version %d." |
3628 | " Because it is less than version %d\n" , p->policyvers, |
3629 | POLICYDB_VERSION_AVTAB); |
3630 | return -EINVAL; |
3631 | } |
3632 | |
3633 | config = 0; |
3634 | if (p->mls_enabled) |
3635 | config |= POLICYDB_CONFIG_MLS; |
3636 | |
3637 | if (p->reject_unknown) |
3638 | config |= REJECT_UNKNOWN; |
3639 | if (p->allow_unknown) |
3640 | config |= ALLOW_UNKNOWN; |
3641 | |
3642 | /* Write the magic number and string identifiers. */ |
3643 | buf[0] = cpu_to_le32(POLICYDB_MAGIC); |
3644 | len = strlen(POLICYDB_STRING); |
3645 | buf[1] = cpu_to_le32(len); |
3646 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3647 | if (rc) |
3648 | return rc; |
3649 | rc = put_entry(POLICYDB_STRING, bytes: 1, num: len, fp); |
3650 | if (rc) |
3651 | return rc; |
3652 | |
3653 | /* Write the version, config, and table sizes. */ |
3654 | info = policydb_lookup_compat(version: p->policyvers); |
3655 | if (!info) { |
3656 | pr_err("SELinux: compatibility lookup failed for policy " |
3657 | "version %d\n" , p->policyvers); |
3658 | return -EINVAL; |
3659 | } |
3660 | |
3661 | buf[0] = cpu_to_le32(p->policyvers); |
3662 | buf[1] = cpu_to_le32(config); |
3663 | buf[2] = cpu_to_le32(info->sym_num); |
3664 | buf[3] = cpu_to_le32(info->ocon_num); |
3665 | |
3666 | rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp); |
3667 | if (rc) |
3668 | return rc; |
3669 | |
3670 | if (p->policyvers >= POLICYDB_VERSION_POLCAP) { |
3671 | rc = ebitmap_write(e: &p->policycaps, fp); |
3672 | if (rc) |
3673 | return rc; |
3674 | } |
3675 | |
3676 | if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) { |
3677 | rc = ebitmap_write(e: &p->permissive_map, fp); |
3678 | if (rc) |
3679 | return rc; |
3680 | } |
3681 | |
3682 | num_syms = info->sym_num; |
3683 | for (i = 0; i < num_syms; i++) { |
3684 | struct policy_data pd; |
3685 | |
3686 | pd.fp = fp; |
3687 | pd.p = p; |
3688 | |
3689 | buf[0] = cpu_to_le32(p->symtab[i].nprim); |
3690 | buf[1] = cpu_to_le32(p->symtab[i].table.nel); |
3691 | |
3692 | rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp); |
3693 | if (rc) |
3694 | return rc; |
3695 | rc = hashtab_map(h: &p->symtab[i].table, apply: write_f[i], args: &pd); |
3696 | if (rc) |
3697 | return rc; |
3698 | } |
3699 | |
3700 | rc = avtab_write(p, a: &p->te_avtab, fp); |
3701 | if (rc) |
3702 | return rc; |
3703 | |
3704 | rc = cond_write_list(p, fp); |
3705 | if (rc) |
3706 | return rc; |
3707 | |
3708 | rc = role_trans_write(p, fp); |
3709 | if (rc) |
3710 | return rc; |
3711 | |
3712 | rc = role_allow_write(r: p->role_allow, fp); |
3713 | if (rc) |
3714 | return rc; |
3715 | |
3716 | rc = filename_trans_write(p, fp); |
3717 | if (rc) |
3718 | return rc; |
3719 | |
3720 | rc = ocontext_write(p, info, fp); |
3721 | if (rc) |
3722 | return rc; |
3723 | |
3724 | rc = genfs_write(p, fp); |
3725 | if (rc) |
3726 | return rc; |
3727 | |
3728 | rc = range_write(p, fp); |
3729 | if (rc) |
3730 | return rc; |
3731 | |
3732 | for (i = 0; i < p->p_types.nprim; i++) { |
3733 | struct ebitmap *e = &p->type_attr_map_array[i]; |
3734 | |
3735 | rc = ebitmap_write(e, fp); |
3736 | if (rc) |
3737 | return rc; |
3738 | } |
3739 | |
3740 | return 0; |
3741 | } |
3742 | |