1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Implementation of the policy database.
4	*
5	* Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
6	*/
7
8	/*
9	* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10	*
11	* Support for enhanced MLS infrastructure.
12	*
13	* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14	*
15	* Added conditional policy language extensions
16	*
17	* Updated: Hewlett-Packard <paul@paul-moore.com>
18	*
19	* Added support for the policy capability bitmap
20	*
21	* Update: Mellanox Techonologies
22	*
23	* Added Infiniband support
24	*
25	* Copyright (C) 2016 Mellanox Techonologies
26	* Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
27	* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
28	* Copyright (C) 2003 - 2004 Tresys Technology, LLC
29	*/
30
31	#include <linux/kernel.h>
32	#include <linux/sched.h>
33	#include <linux/slab.h>
34	#include <linux/string.h>
35	#include <linux/errno.h>
36	#include <linux/audit.h>
37	#include "security.h"
38
39	#include "policydb.h"
40	#include "conditional.h"
41	#include "mls.h"
42	#include "services.h"
43
44	#ifdef CONFIG_SECURITY_SELINUX_DEBUG
45	static const char *const symtab_name[SYM_NUM] = {
46	"common prefixes",
47	"classes",
48	"roles",
49	"types",
50	"users",
51	"bools",
52	"levels",
53	"categories",
54	};
55	#endif
56
57	struct policydb_compat_info {
58	unsigned int version;
59	unsigned int sym_num;
60	unsigned int ocon_num;
61	};
62
63	/* These need to be updated if SYM_NUM or OCON_NUM changes */
64	static const struct policydb_compat_info policydb_compat[] = {
65	{
66	.version = POLICYDB_VERSION_BASE,
67	.sym_num = SYM_NUM - 3,
68	.ocon_num = OCON_NUM - 3,
69	},
70	{
71	.version = POLICYDB_VERSION_BOOL,
72	.sym_num = SYM_NUM - 2,
73	.ocon_num = OCON_NUM - 3,
74	},
75	{
76	.version = POLICYDB_VERSION_IPV6,
77	.sym_num = SYM_NUM - 2,
78	.ocon_num = OCON_NUM - 2,
79	},
80	{
81	.version = POLICYDB_VERSION_NLCLASS,
82	.sym_num = SYM_NUM - 2,
83	.ocon_num = OCON_NUM - 2,
84	},
85	{
86	.version = POLICYDB_VERSION_MLS,
87	.sym_num = SYM_NUM,
88	.ocon_num = OCON_NUM - 2,
89	},
90	{
91	.version = POLICYDB_VERSION_AVTAB,
92	.sym_num = SYM_NUM,
93	.ocon_num = OCON_NUM - 2,
94	},
95	{
96	.version = POLICYDB_VERSION_RANGETRANS,
97	.sym_num = SYM_NUM,
98	.ocon_num = OCON_NUM - 2,
99	},
100	{
101	.version = POLICYDB_VERSION_POLCAP,
102	.sym_num = SYM_NUM,
103	.ocon_num = OCON_NUM - 2,
104	},
105	{
106	.version = POLICYDB_VERSION_PERMISSIVE,
107	.sym_num = SYM_NUM,
108	.ocon_num = OCON_NUM - 2,
109	},
110	{
111	.version = POLICYDB_VERSION_BOUNDARY,
112	.sym_num = SYM_NUM,
113	.ocon_num = OCON_NUM - 2,
114	},
115	{
116	.version = POLICYDB_VERSION_FILENAME_TRANS,
117	.sym_num = SYM_NUM,
118	.ocon_num = OCON_NUM - 2,
119	},
120	{
121	.version = POLICYDB_VERSION_ROLETRANS,
122	.sym_num = SYM_NUM,
123	.ocon_num = OCON_NUM - 2,
124	},
125	{
126	.version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
127	.sym_num = SYM_NUM,
128	.ocon_num = OCON_NUM - 2,
129	},
130	{
131	.version = POLICYDB_VERSION_DEFAULT_TYPE,
132	.sym_num = SYM_NUM,
133	.ocon_num = OCON_NUM - 2,
134	},
135	{
136	.version = POLICYDB_VERSION_CONSTRAINT_NAMES,
137	.sym_num = SYM_NUM,
138	.ocon_num = OCON_NUM - 2,
139	},
140	{
141	.version = POLICYDB_VERSION_XPERMS_IOCTL,
142	.sym_num = SYM_NUM,
143	.ocon_num = OCON_NUM - 2,
144	},
145	{
146	.version = POLICYDB_VERSION_INFINIBAND,
147	.sym_num = SYM_NUM,
148	.ocon_num = OCON_NUM,
149	},
150	{
151	.version = POLICYDB_VERSION_GLBLUB,
152	.sym_num = SYM_NUM,
153	.ocon_num = OCON_NUM,
154	},
155	{
156	.version = POLICYDB_VERSION_COMP_FTRANS,
157	.sym_num = SYM_NUM,
158	.ocon_num = OCON_NUM,
159	},
160	};
161
162	static const struct policydb_compat_info *policydb_lookup_compat(unsigned int version)
163	{
164	unsigned int i;
165
166	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
167	if (policydb_compat[i].version == version)
168	return &policydb_compat[i];
169	}
170
171	return NULL;
172	}
173
174	/*
175	* The following *_destroy functions are used to
176	* free any memory allocated for each kind of
177	* symbol data in the policy database.
178	*/
179
180	static int perm_destroy(void *key, void *datum, void *p)
181	{
182	kfree(objp: key);
183	kfree(objp: datum);
184	return 0;
185	}
186
187	static int common_destroy(void *key, void *datum, void *p)
188	{
189	struct common_datum *comdatum;
190
191	kfree(objp: key);
192	if (datum) {
193	comdatum = datum;
194	hashtab_map(h: &comdatum->permissions.table, apply: perm_destroy, NULL);
195	hashtab_destroy(h: &comdatum->permissions.table);
196	}
197	kfree(objp: datum);
198	return 0;
199	}
200
201	static void constraint_expr_destroy(struct constraint_expr *expr)
202	{
203	if (expr) {
204	ebitmap_destroy(e: &expr->names);
205	if (expr->type_names) {
206	ebitmap_destroy(e: &expr->type_names->types);
207	ebitmap_destroy(e: &expr->type_names->negset);
208	kfree(objp: expr->type_names);
209	}
210	kfree(objp: expr);
211	}
212	}
213
214	static int cls_destroy(void *key, void *datum, void *p)
215	{
216	struct class_datum *cladatum;
217	struct constraint_node *constraint, *ctemp;
218	struct constraint_expr *e, *etmp;
219
220	kfree(objp: key);
221	if (datum) {
222	cladatum = datum;
223	hashtab_map(h: &cladatum->permissions.table, apply: perm_destroy, NULL);
224	hashtab_destroy(h: &cladatum->permissions.table);
225	constraint = cladatum->constraints;
226	while (constraint) {
227	e = constraint->expr;
228	while (e) {
229	etmp = e;
230	e = e->next;
231	constraint_expr_destroy(expr: etmp);
232	}
233	ctemp = constraint;
234	constraint = constraint->next;
235	kfree(objp: ctemp);
236	}
237
238	constraint = cladatum->validatetrans;
239	while (constraint) {
240	e = constraint->expr;
241	while (e) {
242	etmp = e;
243	e = e->next;
244	constraint_expr_destroy(expr: etmp);
245	}
246	ctemp = constraint;
247	constraint = constraint->next;
248	kfree(objp: ctemp);
249	}
250	kfree(objp: cladatum->comkey);
251	}
252	kfree(objp: datum);
253	return 0;
254	}
255
256	static int role_destroy(void *key, void *datum, void *p)
257	{
258	struct role_datum *role;
259
260	kfree(objp: key);
261	if (datum) {
262	role = datum;
263	ebitmap_destroy(e: &role->dominates);
264	ebitmap_destroy(e: &role->types);
265	}
266	kfree(objp: datum);
267	return 0;
268	}
269
270	static int type_destroy(void *key, void *datum, void *p)
271	{
272	kfree(objp: key);
273	kfree(objp: datum);
274	return 0;
275	}
276
277	static int user_destroy(void *key, void *datum, void *p)
278	{
279	struct user_datum *usrdatum;
280
281	kfree(objp: key);
282	if (datum) {
283	usrdatum = datum;
284	ebitmap_destroy(e: &usrdatum->roles);
285	ebitmap_destroy(e: &usrdatum->range.level[0].cat);
286	ebitmap_destroy(e: &usrdatum->range.level[1].cat);
287	ebitmap_destroy(e: &usrdatum->dfltlevel.cat);
288	}
289	kfree(objp: datum);
290	return 0;
291	}
292
293	static int sens_destroy(void *key, void *datum, void *p)
294	{
295	struct level_datum *levdatum;
296
297	kfree(objp: key);
298	if (datum) {
299	levdatum = datum;
300	if (levdatum->level)
301	ebitmap_destroy(e: &levdatum->level->cat);
302	kfree(objp: levdatum->level);
303	}
304	kfree(objp: datum);
305	return 0;
306	}
307
308	static int cat_destroy(void *key, void *datum, void *p)
309	{
310	kfree(objp: key);
311	kfree(objp: datum);
312	return 0;
313	}
314
315	static int (*const destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
316	common_destroy,
317	cls_destroy,
318	role_destroy,
319	type_destroy,
320	user_destroy,
321	cond_destroy_bool,
322	sens_destroy,
323	cat_destroy,
324	};
325
326	static int filenametr_destroy(void *key, void *datum, void *p)
327	{
328	struct filename_trans_key *ft = key;
329	struct filename_trans_datum *next, *d = datum;
330
331	kfree(objp: ft->name);
332	kfree(objp: key);
333	do {
334	ebitmap_destroy(e: &d->stypes);
335	next = d->next;
336	kfree(objp: d);
337	d = next;
338	} while (unlikely(d));
339	cond_resched();
340	return 0;
341	}
342
343	static int range_tr_destroy(void *key, void *datum, void *p)
344	{
345	struct mls_range *rt = datum;
346
347	kfree(objp: key);
348	ebitmap_destroy(e: &rt->level[0].cat);
349	ebitmap_destroy(e: &rt->level[1].cat);
350	kfree(objp: datum);
351	cond_resched();
352	return 0;
353	}
354
355	static int role_tr_destroy(void *key, void *datum, void *p)
356	{
357	kfree(objp: key);
358	kfree(objp: datum);
359	return 0;
360	}
361
362	static void ocontext_destroy(struct ocontext *c, unsigned int i)
363	{
364	if (!c)
365	return;
366
367	context_destroy(c: &c->context[0]);
368	context_destroy(c: &c->context[1]);
369	if (i == OCON_ISID || i == OCON_FS ||
370	i == OCON_NETIF || i == OCON_FSUSE)
371	kfree(objp: c->u.name);
372	kfree(objp: c);
373	}
374
375	/*
376	* Initialize the role table.
377	*/
378	static int roles_init(struct policydb *p)
379	{
380	char *key = NULL;
381	int rc;
382	struct role_datum *role;
383
384	role = kzalloc(size: sizeof(*role), GFP_KERNEL);
385	if (!role)
386	return -ENOMEM;
387
388	rc = -EINVAL;
389	role->value = ++p->p_roles.nprim;
390	if (role->value != OBJECT_R_VAL)
391	goto out;
392
393	rc = -ENOMEM;
394	key = kstrdup(OBJECT_R, GFP_KERNEL);
395	if (!key)
396	goto out;
397
398	rc = symtab_insert(s: &p->p_roles, name: key, datum: role);
399	if (rc)
400	goto out;
401
402	return 0;
403	out:
404	kfree(objp: key);
405	kfree(objp: role);
406	return rc;
407	}
408
409	static u32 filenametr_hash(const void *k)
410	{
411	const struct filename_trans_key *ft = k;
412	unsigned long hash;
413	unsigned int byte_num;
414	unsigned char focus;
415
416	hash = ft->ttype ^ ft->tclass;
417
418	byte_num = 0;
419	while ((focus = ft->name[byte_num++]))
420	hash = partial_name_hash(c: focus, prevhash: hash);
421	return hash;
422	}
423
424	static int filenametr_cmp(const void *k1, const void *k2)
425	{
426	const struct filename_trans_key *ft1 = k1;
427	const struct filename_trans_key *ft2 = k2;
428	int v;
429
430	v = ft1->ttype - ft2->ttype;
431	if (v)
432	return v;
433
434	v = ft1->tclass - ft2->tclass;
435	if (v)
436	return v;
437
438	return strcmp(ft1->name, ft2->name);
439
440	}
441
442	static const struct hashtab_key_params filenametr_key_params = {
443	.hash = filenametr_hash,
444	.cmp = filenametr_cmp,
445	};
446
447	struct filename_trans_datum *policydb_filenametr_search(
448	struct policydb *p, struct filename_trans_key *key)
449	{
450	return hashtab_search(h: &p->filename_trans, key, key_params: filenametr_key_params);
451	}
452
453	static u32 rangetr_hash(const void *k)
454	{
455	const struct range_trans *key = k;
456
457	return key->source_type + (key->target_type << 3) +
458	(key->target_class << 5);
459	}
460
461	static int rangetr_cmp(const void *k1, const void *k2)
462	{
463	const struct range_trans *key1 = k1, *key2 = k2;
464	int v;
465
466	v = key1->source_type - key2->source_type;
467	if (v)
468	return v;
469
470	v = key1->target_type - key2->target_type;
471	if (v)
472	return v;
473
474	v = key1->target_class - key2->target_class;
475
476	return v;
477	}
478
479	static const struct hashtab_key_params rangetr_key_params = {
480	.hash = rangetr_hash,
481	.cmp = rangetr_cmp,
482	};
483
484	struct mls_range *policydb_rangetr_search(struct policydb *p,
485	struct range_trans *key)
486	{
487	return hashtab_search(h: &p->range_tr, key, key_params: rangetr_key_params);
488	}
489
490	static u32 role_trans_hash(const void *k)
491	{
492	const struct role_trans_key *key = k;
493
494	return jhash_3words(a: key->role, b: key->type, c: (u32)key->tclass << 16 | key->tclass, initval: 0);
495	}
496
497	static int role_trans_cmp(const void *k1, const void *k2)
498	{
499	const struct role_trans_key *key1 = k1, *key2 = k2;
500	int v;
501
502	v = key1->role - key2->role;
503	if (v)
504	return v;
505
506	v = key1->type - key2->type;
507	if (v)
508	return v;
509
510	return key1->tclass - key2->tclass;
511	}
512
513	static const struct hashtab_key_params roletr_key_params = {
514	.hash = role_trans_hash,
515	.cmp = role_trans_cmp,
516	};
517
518	struct role_trans_datum *policydb_roletr_search(struct policydb *p,
519	struct role_trans_key *key)
520	{
521	return hashtab_search(h: &p->role_tr, key, key_params: roletr_key_params);
522	}
523
524	/*
525	* Initialize a policy database structure.
526	*/
527	static void policydb_init(struct policydb *p)
528	{
529	memset(p, 0, sizeof(*p));
530
531	avtab_init(h: &p->te_avtab);
532	cond_policydb_init(p);
533
534	ebitmap_init(e: &p->filename_trans_ttypes);
535	ebitmap_init(e: &p->policycaps);
536	ebitmap_init(e: &p->permissive_map);
537	}
538
539	/*
540	* The following *_index functions are used to
541	* define the val_to_name and val_to_struct arrays
542	* in a policy database structure. The val_to_name
543	* arrays are used when converting security context
544	* structures into string representations. The
545	* val_to_struct arrays are used when the attributes
546	* of a class, role, or user are needed.
547	*/
548
549	static int common_index(void *key, void *datum, void *datap)
550	{
551	struct policydb *p;
552	struct common_datum *comdatum;
553
554	comdatum = datum;
555	p = datap;
556	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
557	return -EINVAL;
558
559	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
560
561	return 0;
562	}
563
564	static int class_index(void *key, void *datum, void *datap)
565	{
566	struct policydb *p;
567	struct class_datum *cladatum;
568
569	cladatum = datum;
570	p = datap;
571	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
572	return -EINVAL;
573
574	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
575	p->class_val_to_struct[cladatum->value - 1] = cladatum;
576	return 0;
577	}
578
579	static int role_index(void *key, void *datum, void *datap)
580	{
581	struct policydb *p;
582	struct role_datum *role;
583
584	role = datum;
585	p = datap;
586	if (!role->value
587	|| role->value > p->p_roles.nprim
588	|| role->bounds > p->p_roles.nprim)
589	return -EINVAL;
590
591	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
592	p->role_val_to_struct[role->value - 1] = role;
593	return 0;
594	}
595
596	static int type_index(void *key, void *datum, void *datap)
597	{
598	struct policydb *p;
599	struct type_datum *typdatum;
600
601	typdatum = datum;
602	p = datap;
603
604	if (typdatum->primary) {
605	if (!typdatum->value
606	|| typdatum->value > p->p_types.nprim
607	|| typdatum->bounds > p->p_types.nprim)
608	return -EINVAL;
609	p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
610	p->type_val_to_struct[typdatum->value - 1] = typdatum;
611	}
612
613	return 0;
614	}
615
616	static int user_index(void *key, void *datum, void *datap)
617	{
618	struct policydb *p;
619	struct user_datum *usrdatum;
620
621	usrdatum = datum;
622	p = datap;
623	if (!usrdatum->value
624	|| usrdatum->value > p->p_users.nprim
625	|| usrdatum->bounds > p->p_users.nprim)
626	return -EINVAL;
627
628	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
629	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
630	return 0;
631	}
632
633	static int sens_index(void *key, void *datum, void *datap)
634	{
635	struct policydb *p;
636	struct level_datum *levdatum;
637
638	levdatum = datum;
639	p = datap;
640
641	if (!levdatum->isalias) {
642	if (!levdatum->level->sens ||
643	levdatum->level->sens > p->p_levels.nprim)
644	return -EINVAL;
645
646	p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
647	}
648
649	return 0;
650	}
651
652	static int cat_index(void *key, void *datum, void *datap)
653	{
654	struct policydb *p;
655	struct cat_datum *catdatum;
656
657	catdatum = datum;
658	p = datap;
659
660	if (!catdatum->isalias) {
661	if (!catdatum->value || catdatum->value > p->p_cats.nprim)
662	return -EINVAL;
663
664	p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
665	}
666
667	return 0;
668	}
669
670	static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
671	common_index,
672	class_index,
673	role_index,
674	type_index,
675	user_index,
676	cond_index_bool,
677	sens_index,
678	cat_index,
679	};
680
681	#ifdef CONFIG_SECURITY_SELINUX_DEBUG
682	static void hash_eval(struct hashtab *h, const char *hash_name)
683	{
684	struct hashtab_info info;
685
686	hashtab_stat(h, info: &info);
687	pr_debug("SELinux: %s: %d entries and %d/%d buckets used, longest chain length %d, sum of chain length^2 %llu\n",
688	hash_name, h->nel, info.slots_used, h->size,
689	info.max_chain_len, info.chain2_len_sum);
690	}
691
692	static void symtab_hash_eval(struct symtab *s)
693	{
694	int i;
695
696	for (i = 0; i < SYM_NUM; i++)
697	hash_eval(h: &s[i].table, hash_name: symtab_name[i]);
698	}
699
700	#else
701	static inline void hash_eval(struct hashtab *h, const char *hash_name)
702	{
703	}
704	static inline void symtab_hash_eval(struct symtab *s)
705	{
706	}
707	#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
708
709	/*
710	* Define the other val_to_name and val_to_struct arrays
711	* in a policy database structure.
712	*
713	* Caller must clean up on failure.
714	*/
715	static int policydb_index(struct policydb *p)
716	{
717	int i, rc;
718
719	if (p->mls_enabled)
720	pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats\n",
721	p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
722	p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
723	else
724	pr_debug("SELinux: %d users, %d roles, %d types, %d bools\n",
725	p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
726	p->p_bools.nprim);
727
728	pr_debug("SELinux: %d classes, %d rules\n",
729	p->p_classes.nprim, p->te_avtab.nel);
730
731	avtab_hash_eval(h: &p->te_avtab, tag: "rules");
732	symtab_hash_eval(s: p->symtab);
733
734	p->class_val_to_struct = kcalloc(n: p->p_classes.nprim,
735	size: sizeof(*p->class_val_to_struct),
736	GFP_KERNEL);
737	if (!p->class_val_to_struct)
738	return -ENOMEM;
739
740	p->role_val_to_struct = kcalloc(n: p->p_roles.nprim,
741	size: sizeof(*p->role_val_to_struct),
742	GFP_KERNEL);
743	if (!p->role_val_to_struct)
744	return -ENOMEM;
745
746	p->user_val_to_struct = kcalloc(n: p->p_users.nprim,
747	size: sizeof(*p->user_val_to_struct),
748	GFP_KERNEL);
749	if (!p->user_val_to_struct)
750	return -ENOMEM;
751
752	p->type_val_to_struct = kvcalloc(n: p->p_types.nprim,
753	size: sizeof(*p->type_val_to_struct),
754	GFP_KERNEL);
755	if (!p->type_val_to_struct)
756	return -ENOMEM;
757
758	rc = cond_init_bool_indexes(p);
759	if (rc)
760	goto out;
761
762	for (i = 0; i < SYM_NUM; i++) {
763	p->sym_val_to_name[i] = kvcalloc(n: p->symtab[i].nprim,
764	size: sizeof(char *),
765	GFP_KERNEL);
766	if (!p->sym_val_to_name[i])
767	return -ENOMEM;
768
769	rc = hashtab_map(h: &p->symtab[i].table, apply: index_f[i], args: p);
770	if (rc)
771	goto out;
772	}
773	rc = 0;
774	out:
775	return rc;
776	}
777
778	/*
779	* Free any memory allocated by a policy database structure.
780	*/
781	void policydb_destroy(struct policydb *p)
782	{
783	struct ocontext *c, *ctmp;
784	struct genfs *g, *gtmp;
785	u32 i;
786	struct role_allow *ra, *lra = NULL;
787
788	for (i = 0; i < SYM_NUM; i++) {
789	cond_resched();
790	hashtab_map(h: &p->symtab[i].table, apply: destroy_f[i], NULL);
791	hashtab_destroy(h: &p->symtab[i].table);
792	}
793
794	for (i = 0; i < SYM_NUM; i++)
795	kvfree(addr: p->sym_val_to_name[i]);
796
797	kfree(objp: p->class_val_to_struct);
798	kfree(objp: p->role_val_to_struct);
799	kfree(objp: p->user_val_to_struct);
800	kvfree(addr: p->type_val_to_struct);
801
802	avtab_destroy(h: &p->te_avtab);
803
804	for (i = 0; i < OCON_NUM; i++) {
805	cond_resched();
806	c = p->ocontexts[i];
807	while (c) {
808	ctmp = c;
809	c = c->next;
810	ocontext_destroy(c: ctmp, i);
811	}
812	p->ocontexts[i] = NULL;
813	}
814
815	g = p->genfs;
816	while (g) {
817	cond_resched();
818	kfree(objp: g->fstype);
819	c = g->head;
820	while (c) {
821	ctmp = c;
822	c = c->next;
823	ocontext_destroy(c: ctmp, OCON_FSUSE);
824	}
825	gtmp = g;
826	g = g->next;
827	kfree(objp: gtmp);
828	}
829	p->genfs = NULL;
830
831	cond_policydb_destroy(p);
832
833	hashtab_map(h: &p->role_tr, apply: role_tr_destroy, NULL);
834	hashtab_destroy(h: &p->role_tr);
835
836	for (ra = p->role_allow; ra; ra = ra->next) {
837	cond_resched();
838	kfree(objp: lra);
839	lra = ra;
840	}
841	kfree(objp: lra);
842
843	hashtab_map(h: &p->filename_trans, apply: filenametr_destroy, NULL);
844	hashtab_destroy(h: &p->filename_trans);
845
846	hashtab_map(h: &p->range_tr, apply: range_tr_destroy, NULL);
847	hashtab_destroy(h: &p->range_tr);
848
849	if (p->type_attr_map_array) {
850	for (i = 0; i < p->p_types.nprim; i++)
851	ebitmap_destroy(e: &p->type_attr_map_array[i]);
852	kvfree(addr: p->type_attr_map_array);
853	}
854
855	ebitmap_destroy(e: &p->filename_trans_ttypes);
856	ebitmap_destroy(e: &p->policycaps);
857	ebitmap_destroy(e: &p->permissive_map);
858	}
859
860	/*
861	* Load the initial SIDs specified in a policy database
862	* structure into a SID table.
863	*/
864	int policydb_load_isids(struct policydb *p, struct sidtab *s)
865	{
866	struct ocontext *head, *c;
867	int rc;
868
869	rc = sidtab_init(s);
870	if (rc) {
871	pr_err("SELinux: out of memory on SID table init\n");
872	return rc;
873	}
874
875	head = p->ocontexts[OCON_ISID];
876	for (c = head; c; c = c->next) {
877	u32 sid = c->sid[0];
878	const char *name = security_get_initial_sid_context(sid);
879
880	if (sid == SECSID_NULL) {
881	pr_err("SELinux: SID 0 was assigned a context.\n");
882	sidtab_destroy(s);
883	return -EINVAL;
884	}
885
886	/* Ignore initial SIDs unused by this kernel. */
887	if (!name)
888	continue;
889
890	rc = sidtab_set_initial(s, sid, context: &c->context[0]);
891	if (rc) {
892	pr_err("SELinux: unable to load initial SID %s.\n",
893	name);
894	sidtab_destroy(s);
895	return rc;
896	}
897	}
898	return 0;
899	}
900
901	int policydb_class_isvalid(struct policydb *p, unsigned int class)
902	{
903	if (!class || class > p->p_classes.nprim)
904	return 0;
905	return 1;
906	}
907
908	int policydb_role_isvalid(struct policydb *p, unsigned int role)
909	{
910	if (!role || role > p->p_roles.nprim)
911	return 0;
912	return 1;
913	}
914
915	int policydb_type_isvalid(struct policydb *p, unsigned int type)
916	{
917	if (!type || type > p->p_types.nprim)
918	return 0;
919	return 1;
920	}
921
922	/*
923	* Return 1 if the fields in the security context
924	* structure `c' are valid. Return 0 otherwise.
925	*/
926	int policydb_context_isvalid(struct policydb *p, struct context *c)
927	{
928	struct role_datum *role;
929	struct user_datum *usrdatum;
930
931	if (!c->role || c->role > p->p_roles.nprim)
932	return 0;
933
934	if (!c->user || c->user > p->p_users.nprim)
935	return 0;
936
937	if (!c->type || c->type > p->p_types.nprim)
938	return 0;
939
940	if (c->role != OBJECT_R_VAL) {
941	/*
942	* Role must be authorized for the type.
943	*/
944	role = p->role_val_to_struct[c->role - 1];
945	if (!role || !ebitmap_get_bit(e: &role->types, bit: c->type - 1))
946	/* role may not be associated with type */
947	return 0;
948
949	/*
950	* User must be authorized for the role.
951	*/
952	usrdatum = p->user_val_to_struct[c->user - 1];
953	if (!usrdatum)
954	return 0;
955
956	if (!ebitmap_get_bit(e: &usrdatum->roles, bit: c->role - 1))
957	/* user may not be associated with role */
958	return 0;
959	}
960
961	if (!mls_context_isvalid(p, c))
962	return 0;
963
964	return 1;
965	}
966
967	/*
968	* Read a MLS range structure from a policydb binary
969	* representation file.
970	*/
971	static int mls_read_range_helper(struct mls_range *r, void *fp)
972	{
973	__le32 buf[2];
974	u32 items;
975	int rc;
976
977	rc = next_entry(buf, fp, bytes: sizeof(u32));
978	if (rc)
979	goto out;
980
981	rc = -EINVAL;
982	items = le32_to_cpu(buf[0]);
983	if (items > ARRAY_SIZE(buf)) {
984	pr_err("SELinux: mls: range overflow\n");
985	goto out;
986	}
987
988	rc = next_entry(buf, fp, bytes: sizeof(u32) * items);
989	if (rc) {
990	pr_err("SELinux: mls: truncated range\n");
991	goto out;
992	}
993
994	r->level[0].sens = le32_to_cpu(buf[0]);
995	if (items > 1)
996	r->level[1].sens = le32_to_cpu(buf[1]);
997	else
998	r->level[1].sens = r->level[0].sens;
999
1000	rc = ebitmap_read(e: &r->level[0].cat, fp);
1001	if (rc) {
1002	pr_err("SELinux: mls: error reading low categories\n");
1003	goto out;
1004	}
1005	if (items > 1) {
1006	rc = ebitmap_read(e: &r->level[1].cat, fp);
1007	if (rc) {
1008	pr_err("SELinux: mls: error reading high categories\n");
1009	goto bad_high;
1010	}
1011	} else {
1012	rc = ebitmap_cpy(dst: &r->level[1].cat, src: &r->level[0].cat);
1013	if (rc) {
1014	pr_err("SELinux: mls: out of memory\n");
1015	goto bad_high;
1016	}
1017	}
1018
1019	return 0;
1020	bad_high:
1021	ebitmap_destroy(e: &r->level[0].cat);
1022	out:
1023	return rc;
1024	}
1025
1026	/*
1027	* Read and validate a security context structure
1028	* from a policydb binary representation file.
1029	*/
1030	static int context_read_and_validate(struct context *c,
1031	struct policydb *p,
1032	void *fp)
1033	{
1034	__le32 buf[3];
1035	int rc;
1036
1037	rc = next_entry(buf, fp, bytes: sizeof buf);
1038	if (rc) {
1039	pr_err("SELinux: context truncated\n");
1040	goto out;
1041	}
1042	c->user = le32_to_cpu(buf[0]);
1043	c->role = le32_to_cpu(buf[1]);
1044	c->type = le32_to_cpu(buf[2]);
1045	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1046	rc = mls_read_range_helper(r: &c->range, fp);
1047	if (rc) {
1048	pr_err("SELinux: error reading MLS range of context\n");
1049	goto out;
1050	}
1051	}
1052
1053	rc = -EINVAL;
1054	if (!policydb_context_isvalid(p, c)) {
1055	pr_err("SELinux: invalid security context\n");
1056	context_destroy(c);
1057	goto out;
1058	}
1059	rc = 0;
1060	out:
1061	return rc;
1062	}
1063
1064	/*
1065	* The following *_read functions are used to
1066	* read the symbol data from a policy database
1067	* binary representation file.
1068	*/
1069
1070	static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1071	{
1072	int rc;
1073	char *str;
1074
1075	if ((len == 0) || (len == (u32)-1))
1076	return -EINVAL;
1077
1078	str = kmalloc(size: len + 1, flags: flags | __GFP_NOWARN);
1079	if (!str)
1080	return -ENOMEM;
1081
1082	rc = next_entry(buf: str, fp, bytes: len);
1083	if (rc) {
1084	kfree(objp: str);
1085	return rc;
1086	}
1087
1088	str[len] = '\0';
1089	*strp = str;
1090	return 0;
1091	}
1092
1093	static int perm_read(struct policydb *p, struct symtab *s, void *fp)
1094	{
1095	char *key = NULL;
1096	struct perm_datum *perdatum;
1097	int rc;
1098	__le32 buf[2];
1099	u32 len;
1100
1101	perdatum = kzalloc(size: sizeof(*perdatum), GFP_KERNEL);
1102	if (!perdatum)
1103	return -ENOMEM;
1104
1105	rc = next_entry(buf, fp, bytes: sizeof buf);
1106	if (rc)
1107	goto bad;
1108
1109	len = le32_to_cpu(buf[0]);
1110	perdatum->value = le32_to_cpu(buf[1]);
1111
1112	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1113	if (rc)
1114	goto bad;
1115
1116	rc = symtab_insert(s, name: key, datum: perdatum);
1117	if (rc)
1118	goto bad;
1119
1120	return 0;
1121	bad:
1122	perm_destroy(key, datum: perdatum, NULL);
1123	return rc;
1124	}
1125
1126	static int common_read(struct policydb *p, struct symtab *s, void *fp)
1127	{
1128	char *key = NULL;
1129	struct common_datum *comdatum;
1130	__le32 buf[4];
1131	u32 i, len, nel;
1132	int rc;
1133
1134	comdatum = kzalloc(size: sizeof(*comdatum), GFP_KERNEL);
1135	if (!comdatum)
1136	return -ENOMEM;
1137
1138	rc = next_entry(buf, fp, bytes: sizeof buf);
1139	if (rc)
1140	goto bad;
1141
1142	len = le32_to_cpu(buf[0]);
1143	comdatum->value = le32_to_cpu(buf[1]);
1144	nel = le32_to_cpu(buf[3]);
1145
1146	rc = symtab_init(s: &comdatum->permissions, size: nel);
1147	if (rc)
1148	goto bad;
1149	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1150
1151	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1152	if (rc)
1153	goto bad;
1154
1155	for (i = 0; i < nel; i++) {
1156	rc = perm_read(p, s: &comdatum->permissions, fp);
1157	if (rc)
1158	goto bad;
1159	}
1160
1161	rc = symtab_insert(s, name: key, datum: comdatum);
1162	if (rc)
1163	goto bad;
1164	return 0;
1165	bad:
1166	common_destroy(key, datum: comdatum, NULL);
1167	return rc;
1168	}
1169
1170	static void type_set_init(struct type_set *t)
1171	{
1172	ebitmap_init(e: &t->types);
1173	ebitmap_init(e: &t->negset);
1174	}
1175
1176	static int type_set_read(struct type_set *t, void *fp)
1177	{
1178	__le32 buf[1];
1179	int rc;
1180
1181	if (ebitmap_read(e: &t->types, fp))
1182	return -EINVAL;
1183	if (ebitmap_read(e: &t->negset, fp))
1184	return -EINVAL;
1185
1186	rc = next_entry(buf, fp, bytes: sizeof(u32));
1187	if (rc < 0)
1188	return -EINVAL;
1189	t->flags = le32_to_cpu(buf[0]);
1190
1191	return 0;
1192	}
1193
1194
1195	static int read_cons_helper(struct policydb *p,
1196	struct constraint_node **nodep,
1197	u32 ncons, int allowxtarget, void *fp)
1198	{
1199	struct constraint_node *c, *lc;
1200	struct constraint_expr *e, *le;
1201	__le32 buf[3];
1202	u32 i, j, nexpr;
1203	int rc, depth;
1204
1205	lc = NULL;
1206	for (i = 0; i < ncons; i++) {
1207	c = kzalloc(size: sizeof(*c), GFP_KERNEL);
1208	if (!c)
1209	return -ENOMEM;
1210
1211	if (lc)
1212	lc->next = c;
1213	else
1214	*nodep = c;
1215
1216	rc = next_entry(buf, fp, bytes: (sizeof(u32) * 2));
1217	if (rc)
1218	return rc;
1219	c->permissions = le32_to_cpu(buf[0]);
1220	nexpr = le32_to_cpu(buf[1]);
1221	le = NULL;
1222	depth = -1;
1223	for (j = 0; j < nexpr; j++) {
1224	e = kzalloc(size: sizeof(*e), GFP_KERNEL);
1225	if (!e)
1226	return -ENOMEM;
1227
1228	if (le)
1229	le->next = e;
1230	else
1231	c->expr = e;
1232
1233	rc = next_entry(buf, fp, bytes: (sizeof(u32) * 3));
1234	if (rc)
1235	return rc;
1236	e->expr_type = le32_to_cpu(buf[0]);
1237	e->attr = le32_to_cpu(buf[1]);
1238	e->op = le32_to_cpu(buf[2]);
1239
1240	switch (e->expr_type) {
1241	case CEXPR_NOT:
1242	if (depth < 0)
1243	return -EINVAL;
1244	break;
1245	case CEXPR_AND:
1246	case CEXPR_OR:
1247	if (depth < 1)
1248	return -EINVAL;
1249	depth--;
1250	break;
1251	case CEXPR_ATTR:
1252	if (depth == (CEXPR_MAXDEPTH - 1))
1253	return -EINVAL;
1254	depth++;
1255	break;
1256	case CEXPR_NAMES:
1257	if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1258	return -EINVAL;
1259	if (depth == (CEXPR_MAXDEPTH - 1))
1260	return -EINVAL;
1261	depth++;
1262	rc = ebitmap_read(e: &e->names, fp);
1263	if (rc)
1264	return rc;
1265	if (p->policyvers >=
1266	POLICYDB_VERSION_CONSTRAINT_NAMES) {
1267	e->type_names = kzalloc(size: sizeof
1268	(*e->type_names), GFP_KERNEL);
1269	if (!e->type_names)
1270	return -ENOMEM;
1271	type_set_init(t: e->type_names);
1272	rc = type_set_read(t: e->type_names, fp);
1273	if (rc)
1274	return rc;
1275	}
1276	break;
1277	default:
1278	return -EINVAL;
1279	}
1280	le = e;
1281	}
1282	if (depth != 0)
1283	return -EINVAL;
1284	lc = c;
1285	}
1286
1287	return 0;
1288	}
1289
1290	static int class_read(struct policydb *p, struct symtab *s, void *fp)
1291	{
1292	char *key = NULL;
1293	struct class_datum *cladatum;
1294	__le32 buf[6];
1295	u32 i, len, len2, ncons, nel;
1296	int rc;
1297
1298	cladatum = kzalloc(size: sizeof(*cladatum), GFP_KERNEL);
1299	if (!cladatum)
1300	return -ENOMEM;
1301
1302	rc = next_entry(buf, fp, bytes: sizeof(u32)*6);
1303	if (rc)
1304	goto bad;
1305
1306	len = le32_to_cpu(buf[0]);
1307	len2 = le32_to_cpu(buf[1]);
1308	cladatum->value = le32_to_cpu(buf[2]);
1309	nel = le32_to_cpu(buf[4]);
1310
1311	rc = symtab_init(s: &cladatum->permissions, size: nel);
1312	if (rc)
1313	goto bad;
1314	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1315
1316	ncons = le32_to_cpu(buf[5]);
1317
1318	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1319	if (rc)
1320	goto bad;
1321
1322	if (len2) {
1323	rc = str_read(strp: &cladatum->comkey, GFP_KERNEL, fp, len: len2);
1324	if (rc)
1325	goto bad;
1326
1327	rc = -EINVAL;
1328	cladatum->comdatum = symtab_search(s: &p->p_commons,
1329	name: cladatum->comkey);
1330	if (!cladatum->comdatum) {
1331	pr_err("SELinux: unknown common %s\n",
1332	cladatum->comkey);
1333	goto bad;
1334	}
1335	}
1336	for (i = 0; i < nel; i++) {
1337	rc = perm_read(p, s: &cladatum->permissions, fp);
1338	if (rc)
1339	goto bad;
1340	}
1341
1342	rc = read_cons_helper(p, nodep: &cladatum->constraints, ncons, allowxtarget: 0, fp);
1343	if (rc)
1344	goto bad;
1345
1346	if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1347	/* grab the validatetrans rules */
1348	rc = next_entry(buf, fp, bytes: sizeof(u32));
1349	if (rc)
1350	goto bad;
1351	ncons = le32_to_cpu(buf[0]);
1352	rc = read_cons_helper(p, nodep: &cladatum->validatetrans,
1353	ncons, allowxtarget: 1, fp);
1354	if (rc)
1355	goto bad;
1356	}
1357
1358	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1359	rc = next_entry(buf, fp, bytes: sizeof(u32) * 3);
1360	if (rc)
1361	goto bad;
1362
1363	cladatum->default_user = le32_to_cpu(buf[0]);
1364	cladatum->default_role = le32_to_cpu(buf[1]);
1365	cladatum->default_range = le32_to_cpu(buf[2]);
1366	}
1367
1368	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1369	rc = next_entry(buf, fp, bytes: sizeof(u32) * 1);
1370	if (rc)
1371	goto bad;
1372	cladatum->default_type = le32_to_cpu(buf[0]);
1373	}
1374
1375	rc = symtab_insert(s, name: key, datum: cladatum);
1376	if (rc)
1377	goto bad;
1378
1379	return 0;
1380	bad:
1381	cls_destroy(key, datum: cladatum, NULL);
1382	return rc;
1383	}
1384
1385	static int role_read(struct policydb *p, struct symtab *s, void *fp)
1386	{
1387	char *key = NULL;
1388	struct role_datum *role;
1389	int rc;
1390	unsigned int to_read = 2;
1391	__le32 buf[3];
1392	u32 len;
1393
1394	role = kzalloc(size: sizeof(*role), GFP_KERNEL);
1395	if (!role)
1396	return -ENOMEM;
1397
1398	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1399	to_read = 3;
1400
1401	rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read);
1402	if (rc)
1403	goto bad;
1404
1405	len = le32_to_cpu(buf[0]);
1406	role->value = le32_to_cpu(buf[1]);
1407	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1408	role->bounds = le32_to_cpu(buf[2]);
1409
1410	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1411	if (rc)
1412	goto bad;
1413
1414	rc = ebitmap_read(e: &role->dominates, fp);
1415	if (rc)
1416	goto bad;
1417
1418	rc = ebitmap_read(e: &role->types, fp);
1419	if (rc)
1420	goto bad;
1421
1422	if (strcmp(key, OBJECT_R) == 0) {
1423	rc = -EINVAL;
1424	if (role->value != OBJECT_R_VAL) {
1425	pr_err("SELinux: Role %s has wrong value %d\n",
1426	OBJECT_R, role->value);
1427	goto bad;
1428	}
1429	rc = 0;
1430	goto bad;
1431	}
1432
1433	rc = symtab_insert(s, name: key, datum: role);
1434	if (rc)
1435	goto bad;
1436	return 0;
1437	bad:
1438	role_destroy(key, datum: role, NULL);
1439	return rc;
1440	}
1441
1442	static int type_read(struct policydb *p, struct symtab *s, void *fp)
1443	{
1444	char *key = NULL;
1445	struct type_datum *typdatum;
1446	int rc;
1447	unsigned int to_read = 3;
1448	__le32 buf[4];
1449	u32 len;
1450
1451	typdatum = kzalloc(size: sizeof(*typdatum), GFP_KERNEL);
1452	if (!typdatum)
1453	return -ENOMEM;
1454
1455	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1456	to_read = 4;
1457
1458	rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read);
1459	if (rc)
1460	goto bad;
1461
1462	len = le32_to_cpu(buf[0]);
1463	typdatum->value = le32_to_cpu(buf[1]);
1464	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1465	u32 prop = le32_to_cpu(buf[2]);
1466
1467	if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1468	typdatum->primary = 1;
1469	if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1470	typdatum->attribute = 1;
1471
1472	typdatum->bounds = le32_to_cpu(buf[3]);
1473	} else {
1474	typdatum->primary = le32_to_cpu(buf[2]);
1475	}
1476
1477	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1478	if (rc)
1479	goto bad;
1480
1481	rc = symtab_insert(s, name: key, datum: typdatum);
1482	if (rc)
1483	goto bad;
1484	return 0;
1485	bad:
1486	type_destroy(key, datum: typdatum, NULL);
1487	return rc;
1488	}
1489
1490
1491	/*
1492	* Read a MLS level structure from a policydb binary
1493	* representation file.
1494	*/
1495	static int mls_read_level(struct mls_level *lp, void *fp)
1496	{
1497	__le32 buf[1];
1498	int rc;
1499
1500	memset(lp, 0, sizeof(*lp));
1501
1502	rc = next_entry(buf, fp, bytes: sizeof buf);
1503	if (rc) {
1504	pr_err("SELinux: mls: truncated level\n");
1505	return rc;
1506	}
1507	lp->sens = le32_to_cpu(buf[0]);
1508
1509	rc = ebitmap_read(e: &lp->cat, fp);
1510	if (rc) {
1511	pr_err("SELinux: mls: error reading level categories\n");
1512	return rc;
1513	}
1514	return 0;
1515	}
1516
1517	static int user_read(struct policydb *p, struct symtab *s, void *fp)
1518	{
1519	char *key = NULL;
1520	struct user_datum *usrdatum;
1521	int rc;
1522	unsigned int to_read = 2;
1523	__le32 buf[3];
1524	u32 len;
1525
1526	usrdatum = kzalloc(size: sizeof(*usrdatum), GFP_KERNEL);
1527	if (!usrdatum)
1528	return -ENOMEM;
1529
1530	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1531	to_read = 3;
1532
1533	rc = next_entry(buf, fp, bytes: sizeof(buf[0]) * to_read);
1534	if (rc)
1535	goto bad;
1536
1537	len = le32_to_cpu(buf[0]);
1538	usrdatum->value = le32_to_cpu(buf[1]);
1539	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1540	usrdatum->bounds = le32_to_cpu(buf[2]);
1541
1542	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1543	if (rc)
1544	goto bad;
1545
1546	rc = ebitmap_read(e: &usrdatum->roles, fp);
1547	if (rc)
1548	goto bad;
1549
1550	if (p->policyvers >= POLICYDB_VERSION_MLS) {
1551	rc = mls_read_range_helper(r: &usrdatum->range, fp);
1552	if (rc)
1553	goto bad;
1554	rc = mls_read_level(lp: &usrdatum->dfltlevel, fp);
1555	if (rc)
1556	goto bad;
1557	}
1558
1559	rc = symtab_insert(s, name: key, datum: usrdatum);
1560	if (rc)
1561	goto bad;
1562	return 0;
1563	bad:
1564	user_destroy(key, datum: usrdatum, NULL);
1565	return rc;
1566	}
1567
1568	static int sens_read(struct policydb *p, struct symtab *s, void *fp)
1569	{
1570	char *key = NULL;
1571	struct level_datum *levdatum;
1572	int rc;
1573	__le32 buf[2];
1574	u32 len;
1575
1576	levdatum = kzalloc(size: sizeof(*levdatum), GFP_KERNEL);
1577	if (!levdatum)
1578	return -ENOMEM;
1579
1580	rc = next_entry(buf, fp, bytes: sizeof buf);
1581	if (rc)
1582	goto bad;
1583
1584	len = le32_to_cpu(buf[0]);
1585	levdatum->isalias = le32_to_cpu(buf[1]);
1586
1587	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1588	if (rc)
1589	goto bad;
1590
1591	rc = -ENOMEM;
1592	levdatum->level = kmalloc(size: sizeof(*levdatum->level), GFP_KERNEL);
1593	if (!levdatum->level)
1594	goto bad;
1595
1596	rc = mls_read_level(lp: levdatum->level, fp);
1597	if (rc)
1598	goto bad;
1599
1600	rc = symtab_insert(s, name: key, datum: levdatum);
1601	if (rc)
1602	goto bad;
1603	return 0;
1604	bad:
1605	sens_destroy(key, datum: levdatum, NULL);
1606	return rc;
1607	}
1608
1609	static int cat_read(struct policydb *p, struct symtab *s, void *fp)
1610	{
1611	char *key = NULL;
1612	struct cat_datum *catdatum;
1613	int rc;
1614	__le32 buf[3];
1615	u32 len;
1616
1617	catdatum = kzalloc(size: sizeof(*catdatum), GFP_KERNEL);
1618	if (!catdatum)
1619	return -ENOMEM;
1620
1621	rc = next_entry(buf, fp, bytes: sizeof buf);
1622	if (rc)
1623	goto bad;
1624
1625	len = le32_to_cpu(buf[0]);
1626	catdatum->value = le32_to_cpu(buf[1]);
1627	catdatum->isalias = le32_to_cpu(buf[2]);
1628
1629	rc = str_read(strp: &key, GFP_KERNEL, fp, len);
1630	if (rc)
1631	goto bad;
1632
1633	rc = symtab_insert(s, name: key, datum: catdatum);
1634	if (rc)
1635	goto bad;
1636	return 0;
1637	bad:
1638	cat_destroy(key, datum: catdatum, NULL);
1639	return rc;
1640	}
1641
1642	static int (*const read_f[SYM_NUM]) (struct policydb *p,
1643	struct symtab *s, void *fp) = {
1644	common_read,
1645	class_read,
1646	role_read,
1647	type_read,
1648	user_read,
1649	cond_read_bool,
1650	sens_read,
1651	cat_read,
1652	};
1653
1654	static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1655	{
1656	struct user_datum *upper, *user;
1657	struct policydb *p = datap;
1658	int depth = 0;
1659
1660	upper = user = datum;
1661	while (upper->bounds) {
1662	struct ebitmap_node *node;
1663	u32 bit;
1664
1665	if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1666	pr_err("SELinux: user %s: "
1667	"too deep or looped boundary\n",
1668	(char *) key);
1669	return -EINVAL;
1670	}
1671
1672	upper = p->user_val_to_struct[upper->bounds - 1];
1673	ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1674	if (ebitmap_get_bit(e: &upper->roles, bit))
1675	continue;
1676
1677	pr_err("SELinux: boundary violated policy: "
1678	"user=%s role=%s bounds=%s\n",
1679	sym_name(p, SYM_USERS, user->value - 1),
1680	sym_name(p, SYM_ROLES, bit),
1681	sym_name(p, SYM_USERS, upper->value - 1));
1682
1683	return -EINVAL;
1684	}
1685	}
1686
1687	return 0;
1688	}
1689
1690	static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1691	{
1692	struct role_datum *upper, *role;
1693	struct policydb *p = datap;
1694	int depth = 0;
1695
1696	upper = role = datum;
1697	while (upper->bounds) {
1698	struct ebitmap_node *node;
1699	u32 bit;
1700
1701	if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1702	pr_err("SELinux: role %s: "
1703	"too deep or looped bounds\n",
1704	(char *) key);
1705	return -EINVAL;
1706	}
1707
1708	upper = p->role_val_to_struct[upper->bounds - 1];
1709	ebitmap_for_each_positive_bit(&role->types, node, bit) {
1710	if (ebitmap_get_bit(e: &upper->types, bit))
1711	continue;
1712
1713	pr_err("SELinux: boundary violated policy: "
1714	"role=%s type=%s bounds=%s\n",
1715	sym_name(p, SYM_ROLES, role->value - 1),
1716	sym_name(p, SYM_TYPES, bit),
1717	sym_name(p, SYM_ROLES, upper->value - 1));
1718
1719	return -EINVAL;
1720	}
1721	}
1722
1723	return 0;
1724	}
1725
1726	static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1727	{
1728	struct type_datum *upper;
1729	struct policydb *p = datap;
1730	int depth = 0;
1731
1732	upper = datum;
1733	while (upper->bounds) {
1734	if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1735	pr_err("SELinux: type %s: "
1736	"too deep or looped boundary\n",
1737	(char *) key);
1738	return -EINVAL;
1739	}
1740
1741	upper = p->type_val_to_struct[upper->bounds - 1];
1742	BUG_ON(!upper);
1743
1744	if (upper->attribute) {
1745	pr_err("SELinux: type %s: "
1746	"bounded by attribute %s\n",
1747	(char *) key,
1748	sym_name(p, SYM_TYPES, upper->value - 1));
1749	return -EINVAL;
1750	}
1751	}
1752
1753	return 0;
1754	}
1755
1756	static int policydb_bounds_sanity_check(struct policydb *p)
1757	{
1758	int rc;
1759
1760	if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1761	return 0;
1762
1763	rc = hashtab_map(h: &p->p_users.table, apply: user_bounds_sanity_check, args: p);
1764	if (rc)
1765	return rc;
1766
1767	rc = hashtab_map(h: &p->p_roles.table, apply: role_bounds_sanity_check, args: p);
1768	if (rc)
1769	return rc;
1770
1771	rc = hashtab_map(h: &p->p_types.table, apply: type_bounds_sanity_check, args: p);
1772	if (rc)
1773	return rc;
1774
1775	return 0;
1776	}
1777
1778	u16 string_to_security_class(struct policydb *p, const char *name)
1779	{
1780	struct class_datum *cladatum;
1781
1782	cladatum = symtab_search(s: &p->p_classes, name);
1783	if (!cladatum)
1784	return 0;
1785
1786	return cladatum->value;
1787	}
1788
1789	u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1790	{
1791	struct class_datum *cladatum;
1792	struct perm_datum *perdatum = NULL;
1793	struct common_datum *comdatum;
1794
1795	if (!tclass || tclass > p->p_classes.nprim)
1796	return 0;
1797
1798	cladatum = p->class_val_to_struct[tclass-1];
1799	comdatum = cladatum->comdatum;
1800	if (comdatum)
1801	perdatum = symtab_search(s: &comdatum->permissions, name);
1802	if (!perdatum)
1803	perdatum = symtab_search(s: &cladatum->permissions, name);
1804	if (!perdatum)
1805	return 0;
1806
1807	return 1U << (perdatum->value-1);
1808	}
1809
1810	static int range_read(struct policydb *p, void *fp)
1811	{
1812	struct range_trans *rt = NULL;
1813	struct mls_range *r = NULL;
1814	int rc;
1815	__le32 buf[2];
1816	u32 i, nel;
1817
1818	if (p->policyvers < POLICYDB_VERSION_MLS)
1819	return 0;
1820
1821	rc = next_entry(buf, fp, bytes: sizeof(u32));
1822	if (rc)
1823	return rc;
1824
1825	nel = le32_to_cpu(buf[0]);
1826
1827	rc = hashtab_init(h: &p->range_tr, nel_hint: nel);
1828	if (rc)
1829	return rc;
1830
1831	for (i = 0; i < nel; i++) {
1832	rc = -ENOMEM;
1833	rt = kzalloc(size: sizeof(*rt), GFP_KERNEL);
1834	if (!rt)
1835	goto out;
1836
1837	rc = next_entry(buf, fp, bytes: (sizeof(u32) * 2));
1838	if (rc)
1839	goto out;
1840
1841	rt->source_type = le32_to_cpu(buf[0]);
1842	rt->target_type = le32_to_cpu(buf[1]);
1843	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1844	rc = next_entry(buf, fp, bytes: sizeof(u32));
1845	if (rc)
1846	goto out;
1847	rt->target_class = le32_to_cpu(buf[0]);
1848	} else
1849	rt->target_class = p->process_class;
1850
1851	rc = -EINVAL;
1852	if (!policydb_type_isvalid(p, type: rt->source_type) ||
1853	!policydb_type_isvalid(p, type: rt->target_type) ||
1854	!policydb_class_isvalid(p, class: rt->target_class))
1855	goto out;
1856
1857	rc = -ENOMEM;
1858	r = kzalloc(size: sizeof(*r), GFP_KERNEL);
1859	if (!r)
1860	goto out;
1861
1862	rc = mls_read_range_helper(r, fp);
1863	if (rc)
1864	goto out;
1865
1866	rc = -EINVAL;
1867	if (!mls_range_isvalid(p, r)) {
1868	pr_warn("SELinux: rangetrans: invalid range\n");
1869	goto out;
1870	}
1871
1872	rc = hashtab_insert(h: &p->range_tr, key: rt, datum: r, key_params: rangetr_key_params);
1873	if (rc)
1874	goto out;
1875
1876	rt = NULL;
1877	r = NULL;
1878	}
1879	hash_eval(h: &p->range_tr, hash_name: "rangetr");
1880	rc = 0;
1881	out:
1882	kfree(objp: rt);
1883	kfree(objp: r);
1884	return rc;
1885	}
1886
1887	static int filename_trans_read_helper_compat(struct policydb *p, void *fp)
1888	{
1889	struct filename_trans_key key, *ft = NULL;
1890	struct filename_trans_datum *last, *datum = NULL;
1891	char *name = NULL;
1892	u32 len, stype, otype;
1893	__le32 buf[4];
1894	int rc;
1895
1896	/* length of the path component string */
1897	rc = next_entry(buf, fp, bytes: sizeof(u32));
1898	if (rc)
1899	return rc;
1900	len = le32_to_cpu(buf[0]);
1901
1902	/* path component string */
1903	rc = str_read(strp: &name, GFP_KERNEL, fp, len);
1904	if (rc)
1905	return rc;
1906
1907	rc = next_entry(buf, fp, bytes: sizeof(u32) * 4);
1908	if (rc)
1909	goto out;
1910
1911	stype = le32_to_cpu(buf[0]);
1912	key.ttype = le32_to_cpu(buf[1]);
1913	key.tclass = le32_to_cpu(buf[2]);
1914	key.name = name;
1915
1916	otype = le32_to_cpu(buf[3]);
1917
1918	last = NULL;
1919	datum = policydb_filenametr_search(p, key: &key);
1920	while (datum) {
1921	if (unlikely(ebitmap_get_bit(&datum->stypes, stype - 1))) {
1922	/* conflicting/duplicate rules are ignored */
1923	datum = NULL;
1924	goto out;
1925	}
1926	if (likely(datum->otype == otype))
1927	break;
1928	last = datum;
1929	datum = datum->next;
1930	}
1931	if (!datum) {
1932	rc = -ENOMEM;
1933	datum = kmalloc(size: sizeof(*datum), GFP_KERNEL);
1934	if (!datum)
1935	goto out;
1936
1937	ebitmap_init(e: &datum->stypes);
1938	datum->otype = otype;
1939	datum->next = NULL;
1940
1941	if (unlikely(last)) {
1942	last->next = datum;
1943	} else {
1944	rc = -ENOMEM;
1945	ft = kmemdup(p: &key, size: sizeof(key), GFP_KERNEL);
1946	if (!ft)
1947	goto out;
1948
1949	rc = hashtab_insert(h: &p->filename_trans, key: ft, datum,
1950	key_params: filenametr_key_params);
1951	if (rc)
1952	goto out;
1953	name = NULL;
1954
1955	rc = ebitmap_set_bit(e: &p->filename_trans_ttypes,
1956	bit: key.ttype, value: 1);
1957	if (rc)
1958	return rc;
1959	}
1960	}
1961	kfree(objp: name);
1962	return ebitmap_set_bit(e: &datum->stypes, bit: stype - 1, value: 1);
1963
1964	out:
1965	kfree(objp: ft);
1966	kfree(objp: name);
1967	kfree(objp: datum);
1968	return rc;
1969	}
1970
1971	static int filename_trans_read_helper(struct policydb *p, void *fp)
1972	{
1973	struct filename_trans_key *ft = NULL;
1974	struct filename_trans_datum **dst, *datum, *first = NULL;
1975	char *name = NULL;
1976	u32 len, ttype, tclass, ndatum, i;
1977	__le32 buf[3];
1978	int rc;
1979
1980	/* length of the path component string */
1981	rc = next_entry(buf, fp, bytes: sizeof(u32));
1982	if (rc)
1983	return rc;
1984	len = le32_to_cpu(buf[0]);
1985
1986	/* path component string */
1987	rc = str_read(strp: &name, GFP_KERNEL, fp, len);
1988	if (rc)
1989	return rc;
1990
1991	rc = next_entry(buf, fp, bytes: sizeof(u32) * 3);
1992	if (rc)
1993	goto out;
1994
1995	ttype = le32_to_cpu(buf[0]);
1996	tclass = le32_to_cpu(buf[1]);
1997
1998	ndatum = le32_to_cpu(buf[2]);
1999	if (ndatum == 0) {
2000	pr_err("SELinux: Filename transition key with no datum\n");
2001	rc = -ENOENT;
2002	goto out;
2003	}
2004
2005	dst = &first;
2006	for (i = 0; i < ndatum; i++) {
2007	rc = -ENOMEM;
2008	datum = kmalloc(size: sizeof(*datum), GFP_KERNEL);
2009	if (!datum)
2010	goto out;
2011
2012	datum->next = NULL;
2013	*dst = datum;
2014
2015	/* ebitmap_read() will at least init the bitmap */
2016	rc = ebitmap_read(e: &datum->stypes, fp);
2017	if (rc)
2018	goto out;
2019
2020	rc = next_entry(buf, fp, bytes: sizeof(u32));
2021	if (rc)
2022	goto out;
2023
2024	datum->otype = le32_to_cpu(buf[0]);
2025
2026	dst = &datum->next;
2027	}
2028
2029	rc = -ENOMEM;
2030	ft = kmalloc(size: sizeof(*ft), GFP_KERNEL);
2031	if (!ft)
2032	goto out;
2033
2034	ft->ttype = ttype;
2035	ft->tclass = tclass;
2036	ft->name = name;
2037
2038	rc = hashtab_insert(h: &p->filename_trans, key: ft, datum: first,
2039	key_params: filenametr_key_params);
2040	if (rc == -EEXIST)
2041	pr_err("SELinux: Duplicate filename transition key\n");
2042	if (rc)
2043	goto out;
2044
2045	return ebitmap_set_bit(e: &p->filename_trans_ttypes, bit: ttype, value: 1);
2046
2047	out:
2048	kfree(objp: ft);
2049	kfree(objp: name);
2050	while (first) {
2051	datum = first;
2052	first = first->next;
2053
2054	ebitmap_destroy(e: &datum->stypes);
2055	kfree(objp: datum);
2056	}
2057	return rc;
2058	}
2059
2060	static int filename_trans_read(struct policydb *p, void *fp)
2061	{
2062	u32 nel, i;
2063	__le32 buf[1];
2064	int rc;
2065
2066	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
2067	return 0;
2068
2069	rc = next_entry(buf, fp, bytes: sizeof(u32));
2070	if (rc)
2071	return rc;
2072	nel = le32_to_cpu(buf[0]);
2073
2074	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2075	p->compat_filename_trans_count = nel;
2076
2077	rc = hashtab_init(h: &p->filename_trans, nel_hint: (1 << 11));
2078	if (rc)
2079	return rc;
2080
2081	for (i = 0; i < nel; i++) {
2082	rc = filename_trans_read_helper_compat(p, fp);
2083	if (rc)
2084	return rc;
2085	}
2086	} else {
2087	rc = hashtab_init(h: &p->filename_trans, nel_hint: nel);
2088	if (rc)
2089	return rc;
2090
2091	for (i = 0; i < nel; i++) {
2092	rc = filename_trans_read_helper(p, fp);
2093	if (rc)
2094	return rc;
2095	}
2096	}
2097	hash_eval(h: &p->filename_trans, hash_name: "filenametr");
2098	return 0;
2099	}
2100
2101	static int genfs_read(struct policydb *p, void *fp)
2102	{
2103	int rc;
2104	u32 i, j, nel, nel2, len, len2;
2105	__le32 buf[1];
2106	struct ocontext *l, *c;
2107	struct ocontext *newc = NULL;
2108	struct genfs *genfs_p, *genfs;
2109	struct genfs *newgenfs = NULL;
2110
2111	rc = next_entry(buf, fp, bytes: sizeof(u32));
2112	if (rc)
2113	return rc;
2114	nel = le32_to_cpu(buf[0]);
2115
2116	for (i = 0; i < nel; i++) {
2117	rc = next_entry(buf, fp, bytes: sizeof(u32));
2118	if (rc)
2119	goto out;
2120	len = le32_to_cpu(buf[0]);
2121
2122	rc = -ENOMEM;
2123	newgenfs = kzalloc(size: sizeof(*newgenfs), GFP_KERNEL);
2124	if (!newgenfs)
2125	goto out;
2126
2127	rc = str_read(strp: &newgenfs->fstype, GFP_KERNEL, fp, len);
2128	if (rc)
2129	goto out;
2130
2131	for (genfs_p = NULL, genfs = p->genfs; genfs;
2132	genfs_p = genfs, genfs = genfs->next) {
2133	rc = -EINVAL;
2134	if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2135	pr_err("SELinux: dup genfs fstype %s\n",
2136	newgenfs->fstype);
2137	goto out;
2138	}
2139	if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2140	break;
2141	}
2142	newgenfs->next = genfs;
2143	if (genfs_p)
2144	genfs_p->next = newgenfs;
2145	else
2146	p->genfs = newgenfs;
2147	genfs = newgenfs;
2148	newgenfs = NULL;
2149
2150	rc = next_entry(buf, fp, bytes: sizeof(u32));
2151	if (rc)
2152	goto out;
2153
2154	nel2 = le32_to_cpu(buf[0]);
2155	for (j = 0; j < nel2; j++) {
2156	rc = next_entry(buf, fp, bytes: sizeof(u32));
2157	if (rc)
2158	goto out;
2159	len = le32_to_cpu(buf[0]);
2160
2161	rc = -ENOMEM;
2162	newc = kzalloc(size: sizeof(*newc), GFP_KERNEL);
2163	if (!newc)
2164	goto out;
2165
2166	rc = str_read(strp: &newc->u.name, GFP_KERNEL, fp, len);
2167	if (rc)
2168	goto out;
2169
2170	rc = next_entry(buf, fp, bytes: sizeof(u32));
2171	if (rc)
2172	goto out;
2173
2174	newc->v.sclass = le32_to_cpu(buf[0]);
2175	rc = context_read_and_validate(c: &newc->context[0], p, fp);
2176	if (rc)
2177	goto out;
2178
2179	for (l = NULL, c = genfs->head; c;
2180	l = c, c = c->next) {
2181	rc = -EINVAL;
2182	if (!strcmp(newc->u.name, c->u.name) &&
2183	(!c->v.sclass || !newc->v.sclass ||
2184	newc->v.sclass == c->v.sclass)) {
2185	pr_err("SELinux: dup genfs entry (%s,%s)\n",
2186	genfs->fstype, c->u.name);
2187	goto out;
2188	}
2189	len = strlen(newc->u.name);
2190	len2 = strlen(c->u.name);
2191	if (len > len2)
2192	break;
2193	}
2194
2195	newc->next = c;
2196	if (l)
2197	l->next = newc;
2198	else
2199	genfs->head = newc;
2200	newc = NULL;
2201	}
2202	}
2203	rc = 0;
2204	out:
2205	if (newgenfs) {
2206	kfree(objp: newgenfs->fstype);
2207	kfree(objp: newgenfs);
2208	}
2209	ocontext_destroy(c: newc, OCON_FSUSE);
2210
2211	return rc;
2212	}
2213
2214	static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info,
2215	void *fp)
2216	{
2217	int rc;
2218	unsigned int i;
2219	u32 j, nel, len;
2220	__be64 prefixbuf[1];
2221	__le32 buf[3];
2222	struct ocontext *l, *c;
2223	u32 nodebuf[8];
2224
2225	for (i = 0; i < info->ocon_num; i++) {
2226	rc = next_entry(buf, fp, bytes: sizeof(u32));
2227	if (rc)
2228	goto out;
2229	nel = le32_to_cpu(buf[0]);
2230
2231	l = NULL;
2232	for (j = 0; j < nel; j++) {
2233	rc = -ENOMEM;
2234	c = kzalloc(size: sizeof(*c), GFP_KERNEL);
2235	if (!c)
2236	goto out;
2237	if (l)
2238	l->next = c;
2239	else
2240	p->ocontexts[i] = c;
2241	l = c;
2242
2243	switch (i) {
2244	case OCON_ISID:
2245	rc = next_entry(buf, fp, bytes: sizeof(u32));
2246	if (rc)
2247	goto out;
2248
2249	c->sid[0] = le32_to_cpu(buf[0]);
2250	rc = context_read_and_validate(c: &c->context[0], p, fp);
2251	if (rc)
2252	goto out;
2253	break;
2254	case OCON_FS:
2255	case OCON_NETIF:
2256	rc = next_entry(buf, fp, bytes: sizeof(u32));
2257	if (rc)
2258	goto out;
2259	len = le32_to_cpu(buf[0]);
2260
2261	rc = str_read(strp: &c->u.name, GFP_KERNEL, fp, len);
2262	if (rc)
2263	goto out;
2264
2265	if (i == OCON_FS)
2266	pr_warn("SELinux: void and deprecated fs ocon %s\n",
2267	c->u.name);
2268
2269	rc = context_read_and_validate(c: &c->context[0], p, fp);
2270	if (rc)
2271	goto out;
2272	rc = context_read_and_validate(c: &c->context[1], p, fp);
2273	if (rc)
2274	goto out;
2275	break;
2276	case OCON_PORT:
2277	rc = next_entry(buf, fp, bytes: sizeof(u32)*3);
2278	if (rc)
2279	goto out;
2280	c->u.port.protocol = le32_to_cpu(buf[0]);
2281	c->u.port.low_port = le32_to_cpu(buf[1]);
2282	c->u.port.high_port = le32_to_cpu(buf[2]);
2283	rc = context_read_and_validate(c: &c->context[0], p, fp);
2284	if (rc)
2285	goto out;
2286	break;
2287	case OCON_NODE:
2288	rc = next_entry(buf: nodebuf, fp, bytes: sizeof(u32) * 2);
2289	if (rc)
2290	goto out;
2291	c->u.node.addr = nodebuf[0]; /* network order */
2292	c->u.node.mask = nodebuf[1]; /* network order */
2293	rc = context_read_and_validate(c: &c->context[0], p, fp);
2294	if (rc)
2295	goto out;
2296	break;
2297	case OCON_FSUSE:
2298	rc = next_entry(buf, fp, bytes: sizeof(u32)*2);
2299	if (rc)
2300	goto out;
2301
2302	rc = -EINVAL;
2303	c->v.behavior = le32_to_cpu(buf[0]);
2304	/* Determined at runtime, not in policy DB. */
2305	if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2306	goto out;
2307	if (c->v.behavior > SECURITY_FS_USE_MAX)
2308	goto out;
2309
2310	len = le32_to_cpu(buf[1]);
2311	rc = str_read(strp: &c->u.name, GFP_KERNEL, fp, len);
2312	if (rc)
2313	goto out;
2314
2315	rc = context_read_and_validate(c: &c->context[0], p, fp);
2316	if (rc)
2317	goto out;
2318	break;
2319	case OCON_NODE6: {
2320	int k;
2321
2322	rc = next_entry(buf: nodebuf, fp, bytes: sizeof(u32) * 8);
2323	if (rc)
2324	goto out;
2325	for (k = 0; k < 4; k++)
2326	c->u.node6.addr[k] = nodebuf[k];
2327	for (k = 0; k < 4; k++)
2328	c->u.node6.mask[k] = nodebuf[k+4];
2329	rc = context_read_and_validate(c: &c->context[0], p, fp);
2330	if (rc)
2331	goto out;
2332	break;
2333	}
2334	case OCON_IBPKEY: {
2335	u32 pkey_lo, pkey_hi;
2336
2337	rc = next_entry(buf: prefixbuf, fp, bytes: sizeof(u64));
2338	if (rc)
2339	goto out;
2340
2341	/* we need to have subnet_prefix in CPU order */
2342	c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]);
2343
2344	rc = next_entry(buf, fp, bytes: sizeof(u32) * 2);
2345	if (rc)
2346	goto out;
2347
2348	pkey_lo = le32_to_cpu(buf[0]);
2349	pkey_hi = le32_to_cpu(buf[1]);
2350
2351	if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) {
2352	rc = -EINVAL;
2353	goto out;
2354	}
2355
2356	c->u.ibpkey.low_pkey = pkey_lo;
2357	c->u.ibpkey.high_pkey = pkey_hi;
2358
2359	rc = context_read_and_validate(c: &c->context[0],
2360	p,
2361	fp);
2362	if (rc)
2363	goto out;
2364	break;
2365	}
2366	case OCON_IBENDPORT: {
2367	u32 port;
2368
2369	rc = next_entry(buf, fp, bytes: sizeof(u32) * 2);
2370	if (rc)
2371	goto out;
2372	len = le32_to_cpu(buf[0]);
2373
2374	rc = str_read(strp: &c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2375	if (rc)
2376	goto out;
2377
2378	port = le32_to_cpu(buf[1]);
2379	if (port > U8_MAX || port == 0) {
2380	rc = -EINVAL;
2381	goto out;
2382	}
2383
2384	c->u.ibendport.port = port;
2385
2386	rc = context_read_and_validate(c: &c->context[0],
2387	p,
2388	fp);
2389	if (rc)
2390	goto out;
2391	break;
2392	} /* end case */
2393	} /* end switch */
2394	}
2395	}
2396	rc = 0;
2397	out:
2398	return rc;
2399	}
2400
2401	/*
2402	* Read the configuration data from a policy database binary
2403	* representation file into a policy database structure.
2404	*/
2405	int policydb_read(struct policydb *p, void *fp)
2406	{
2407	struct role_allow *ra, *lra;
2408	struct role_trans_key *rtk = NULL;
2409	struct role_trans_datum *rtd = NULL;
2410	int rc;
2411	__le32 buf[4];
2412	u32 i, j, len, nprim, nel, perm;
2413
2414	char *policydb_str;
2415	const struct policydb_compat_info *info;
2416
2417	policydb_init(p);
2418
2419	/* Read the magic number and string length. */
2420	rc = next_entry(buf, fp, bytes: sizeof(u32) * 2);
2421	if (rc)
2422	goto bad;
2423
2424	rc = -EINVAL;
2425	if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2426	pr_err("SELinux: policydb magic number 0x%x does "
2427	"not match expected magic number 0x%x\n",
2428	le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2429	goto bad;
2430	}
2431
2432	rc = -EINVAL;
2433	len = le32_to_cpu(buf[1]);
2434	if (len != strlen(POLICYDB_STRING)) {
2435	pr_err("SELinux: policydb string length %d does not "
2436	"match expected length %zu\n",
2437	len, strlen(POLICYDB_STRING));
2438	goto bad;
2439	}
2440
2441	rc = -ENOMEM;
2442	policydb_str = kmalloc(size: len + 1, GFP_KERNEL);
2443	if (!policydb_str) {
2444	pr_err("SELinux: unable to allocate memory for policydb "
2445	"string of length %d\n", len);
2446	goto bad;
2447	}
2448
2449	rc = next_entry(buf: policydb_str, fp, bytes: len);
2450	if (rc) {
2451	pr_err("SELinux: truncated policydb string identifier\n");
2452	kfree(objp: policydb_str);
2453	goto bad;
2454	}
2455
2456	rc = -EINVAL;
2457	policydb_str[len] = '\0';
2458	if (strcmp(policydb_str, POLICYDB_STRING)) {
2459	pr_err("SELinux: policydb string %s does not match "
2460	"my string %s\n", policydb_str, POLICYDB_STRING);
2461	kfree(objp: policydb_str);
2462	goto bad;
2463	}
2464	/* Done with policydb_str. */
2465	kfree(objp: policydb_str);
2466	policydb_str = NULL;
2467
2468	/* Read the version and table sizes. */
2469	rc = next_entry(buf, fp, bytes: sizeof(u32)*4);
2470	if (rc)
2471	goto bad;
2472
2473	rc = -EINVAL;
2474	p->policyvers = le32_to_cpu(buf[0]);
2475	if (p->policyvers < POLICYDB_VERSION_MIN ||
2476	p->policyvers > POLICYDB_VERSION_MAX) {
2477	pr_err("SELinux: policydb version %d does not match "
2478	"my version range %d-%d\n",
2479	le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2480	goto bad;
2481	}
2482
2483	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2484	p->mls_enabled = 1;
2485
2486	rc = -EINVAL;
2487	if (p->policyvers < POLICYDB_VERSION_MLS) {
2488	pr_err("SELinux: security policydb version %d "
2489	"(MLS) not backwards compatible\n",
2490	p->policyvers);
2491	goto bad;
2492	}
2493	}
2494	p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2495	p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2496
2497	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2498	rc = ebitmap_read(e: &p->policycaps, fp);
2499	if (rc)
2500	goto bad;
2501	}
2502
2503	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2504	rc = ebitmap_read(e: &p->permissive_map, fp);
2505	if (rc)
2506	goto bad;
2507	}
2508
2509	rc = -EINVAL;
2510	info = policydb_lookup_compat(version: p->policyvers);
2511	if (!info) {
2512	pr_err("SELinux: unable to find policy compat info "
2513	"for version %d\n", p->policyvers);
2514	goto bad;
2515	}
2516
2517	rc = -EINVAL;
2518	if (le32_to_cpu(buf[2]) != info->sym_num ||
2519	le32_to_cpu(buf[3]) != info->ocon_num) {
2520	pr_err("SELinux: policydb table sizes (%d,%d) do "
2521	"not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2522	le32_to_cpu(buf[3]),
2523	info->sym_num, info->ocon_num);
2524	goto bad;
2525	}
2526
2527	for (i = 0; i < info->sym_num; i++) {
2528	rc = next_entry(buf, fp, bytes: sizeof(u32)*2);
2529	if (rc)
2530	goto bad;
2531	nprim = le32_to_cpu(buf[0]);
2532	nel = le32_to_cpu(buf[1]);
2533
2534	rc = symtab_init(s: &p->symtab[i], size: nel);
2535	if (rc)
2536	goto out;
2537
2538	if (i == SYM_ROLES) {
2539	rc = roles_init(p);
2540	if (rc)
2541	goto out;
2542	}
2543
2544	for (j = 0; j < nel; j++) {
2545	rc = read_f[i](p, &p->symtab[i], fp);
2546	if (rc)
2547	goto bad;
2548	}
2549
2550	p->symtab[i].nprim = nprim;
2551	}
2552
2553	rc = -EINVAL;
2554	p->process_class = string_to_security_class(p, name: "process");
2555	if (!p->process_class) {
2556	pr_err("SELinux: process class is required, not defined in policy\n");
2557	goto bad;
2558	}
2559
2560	rc = avtab_read(a: &p->te_avtab, fp, pol: p);
2561	if (rc)
2562	goto bad;
2563
2564	if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2565	rc = cond_read_list(p, fp);
2566	if (rc)
2567	goto bad;
2568	}
2569
2570	rc = next_entry(buf, fp, bytes: sizeof(u32));
2571	if (rc)
2572	goto bad;
2573	nel = le32_to_cpu(buf[0]);
2574
2575	rc = hashtab_init(h: &p->role_tr, nel_hint: nel);
2576	if (rc)
2577	goto bad;
2578	for (i = 0; i < nel; i++) {
2579	rc = -ENOMEM;
2580	rtk = kmalloc(size: sizeof(*rtk), GFP_KERNEL);
2581	if (!rtk)
2582	goto bad;
2583
2584	rc = -ENOMEM;
2585	rtd = kmalloc(size: sizeof(*rtd), GFP_KERNEL);
2586	if (!rtd)
2587	goto bad;
2588
2589	rc = next_entry(buf, fp, bytes: sizeof(u32)*3);
2590	if (rc)
2591	goto bad;
2592
2593	rtk->role = le32_to_cpu(buf[0]);
2594	rtk->type = le32_to_cpu(buf[1]);
2595	rtd->new_role = le32_to_cpu(buf[2]);
2596	if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2597	rc = next_entry(buf, fp, bytes: sizeof(u32));
2598	if (rc)
2599	goto bad;
2600	rtk->tclass = le32_to_cpu(buf[0]);
2601	} else
2602	rtk->tclass = p->process_class;
2603
2604	rc = -EINVAL;
2605	if (!policydb_role_isvalid(p, role: rtk->role) ||
2606	!policydb_type_isvalid(p, type: rtk->type) ||
2607	!policydb_class_isvalid(p, class: rtk->tclass) ||
2608	!policydb_role_isvalid(p, role: rtd->new_role))
2609	goto bad;
2610
2611	rc = hashtab_insert(h: &p->role_tr, key: rtk, datum: rtd, key_params: roletr_key_params);
2612	if (rc)
2613	goto bad;
2614
2615	rtk = NULL;
2616	rtd = NULL;
2617	}
2618
2619	rc = next_entry(buf, fp, bytes: sizeof(u32));
2620	if (rc)
2621	goto bad;
2622	nel = le32_to_cpu(buf[0]);
2623	lra = NULL;
2624	for (i = 0; i < nel; i++) {
2625	rc = -ENOMEM;
2626	ra = kzalloc(size: sizeof(*ra), GFP_KERNEL);
2627	if (!ra)
2628	goto bad;
2629	if (lra)
2630	lra->next = ra;
2631	else
2632	p->role_allow = ra;
2633	rc = next_entry(buf, fp, bytes: sizeof(u32)*2);
2634	if (rc)
2635	goto bad;
2636
2637	rc = -EINVAL;
2638	ra->role = le32_to_cpu(buf[0]);
2639	ra->new_role = le32_to_cpu(buf[1]);
2640	if (!policydb_role_isvalid(p, role: ra->role) ||
2641	!policydb_role_isvalid(p, role: ra->new_role))
2642	goto bad;
2643	lra = ra;
2644	}
2645
2646	rc = filename_trans_read(p, fp);
2647	if (rc)
2648	goto bad;
2649
2650	rc = policydb_index(p);
2651	if (rc)
2652	goto bad;
2653
2654	rc = -EINVAL;
2655	perm = string_to_av_perm(p, tclass: p->process_class, name: "transition");
2656	if (!perm) {
2657	pr_err("SELinux: process transition permission is required, not defined in policy\n");
2658	goto bad;
2659	}
2660	p->process_trans_perms = perm;
2661	perm = string_to_av_perm(p, tclass: p->process_class, name: "dyntransition");
2662	if (!perm) {
2663	pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
2664	goto bad;
2665	}
2666	p->process_trans_perms |= perm;
2667
2668	rc = ocontext_read(p, info, fp);
2669	if (rc)
2670	goto bad;
2671
2672	rc = genfs_read(p, fp);
2673	if (rc)
2674	goto bad;
2675
2676	rc = range_read(p, fp);
2677	if (rc)
2678	goto bad;
2679
2680	rc = -ENOMEM;
2681	p->type_attr_map_array = kvcalloc(n: p->p_types.nprim,
2682	size: sizeof(*p->type_attr_map_array),
2683	GFP_KERNEL);
2684	if (!p->type_attr_map_array)
2685	goto bad;
2686
2687	/* just in case ebitmap_init() becomes more than just a memset(0): */
2688	for (i = 0; i < p->p_types.nprim; i++)
2689	ebitmap_init(e: &p->type_attr_map_array[i]);
2690
2691	for (i = 0; i < p->p_types.nprim; i++) {
2692	struct ebitmap *e = &p->type_attr_map_array[i];
2693
2694	if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2695	rc = ebitmap_read(e, fp);
2696	if (rc)
2697	goto bad;
2698	}
2699	/* add the type itself as the degenerate case */
2700	rc = ebitmap_set_bit(e, bit: i, value: 1);
2701	if (rc)
2702	goto bad;
2703	}
2704
2705	rc = policydb_bounds_sanity_check(p);
2706	if (rc)
2707	goto bad;
2708
2709	rc = 0;
2710	out:
2711	return rc;
2712	bad:
2713	kfree(objp: rtk);
2714	kfree(objp: rtd);
2715	policydb_destroy(p);
2716	goto out;
2717	}
2718
2719	/*
2720	* Write a MLS level structure to a policydb binary
2721	* representation file.
2722	*/
2723	static int mls_write_level(struct mls_level *l, void *fp)
2724	{
2725	__le32 buf[1];
2726	int rc;
2727
2728	buf[0] = cpu_to_le32(l->sens);
2729	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
2730	if (rc)
2731	return rc;
2732
2733	rc = ebitmap_write(e: &l->cat, fp);
2734	if (rc)
2735	return rc;
2736
2737	return 0;
2738	}
2739
2740	/*
2741	* Write a MLS range structure to a policydb binary
2742	* representation file.
2743	*/
2744	static int mls_write_range_helper(struct mls_range *r, void *fp)
2745	{
2746	__le32 buf[3];
2747	size_t items;
2748	int rc, eq;
2749
2750	eq = mls_level_eq(l1: &r->level[1], l2: &r->level[0]);
2751
2752	if (eq)
2753	items = 2;
2754	else
2755	items = 3;
2756	buf[0] = cpu_to_le32(items-1);
2757	buf[1] = cpu_to_le32(r->level[0].sens);
2758	if (!eq)
2759	buf[2] = cpu_to_le32(r->level[1].sens);
2760
2761	BUG_ON(items > ARRAY_SIZE(buf));
2762
2763	rc = put_entry(buf, bytes: sizeof(u32), num: items, fp);
2764	if (rc)
2765	return rc;
2766
2767	rc = ebitmap_write(e: &r->level[0].cat, fp);
2768	if (rc)
2769	return rc;
2770	if (!eq) {
2771	rc = ebitmap_write(e: &r->level[1].cat, fp);
2772	if (rc)
2773	return rc;
2774	}
2775
2776	return 0;
2777	}
2778
2779	static int sens_write(void *vkey, void *datum, void *ptr)
2780	{
2781	char *key = vkey;
2782	struct level_datum *levdatum = datum;
2783	struct policy_data *pd = ptr;
2784	void *fp = pd->fp;
2785	__le32 buf[2];
2786	size_t len;
2787	int rc;
2788
2789	len = strlen(key);
2790	buf[0] = cpu_to_le32(len);
2791	buf[1] = cpu_to_le32(levdatum->isalias);
2792	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
2793	if (rc)
2794	return rc;
2795
2796	rc = put_entry(buf: key, bytes: 1, num: len, fp);
2797	if (rc)
2798	return rc;
2799
2800	rc = mls_write_level(l: levdatum->level, fp);
2801	if (rc)
2802	return rc;
2803
2804	return 0;
2805	}
2806
2807	static int cat_write(void *vkey, void *datum, void *ptr)
2808	{
2809	char *key = vkey;
2810	struct cat_datum *catdatum = datum;
2811	struct policy_data *pd = ptr;
2812	void *fp = pd->fp;
2813	__le32 buf[3];
2814	size_t len;
2815	int rc;
2816
2817	len = strlen(key);
2818	buf[0] = cpu_to_le32(len);
2819	buf[1] = cpu_to_le32(catdatum->value);
2820	buf[2] = cpu_to_le32(catdatum->isalias);
2821	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
2822	if (rc)
2823	return rc;
2824
2825	rc = put_entry(buf: key, bytes: 1, num: len, fp);
2826	if (rc)
2827	return rc;
2828
2829	return 0;
2830	}
2831
2832	static int role_trans_write_one(void *key, void *datum, void *ptr)
2833	{
2834	struct role_trans_key *rtk = key;
2835	struct role_trans_datum *rtd = datum;
2836	struct policy_data *pd = ptr;
2837	void *fp = pd->fp;
2838	struct policydb *p = pd->p;
2839	__le32 buf[3];
2840	int rc;
2841
2842	buf[0] = cpu_to_le32(rtk->role);
2843	buf[1] = cpu_to_le32(rtk->type);
2844	buf[2] = cpu_to_le32(rtd->new_role);
2845	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
2846	if (rc)
2847	return rc;
2848	if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2849	buf[0] = cpu_to_le32(rtk->tclass);
2850	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
2851	if (rc)
2852	return rc;
2853	}
2854	return 0;
2855	}
2856
2857	static int role_trans_write(struct policydb *p, void *fp)
2858	{
2859	struct policy_data pd = { .p = p, .fp = fp };
2860	__le32 buf[1];
2861	int rc;
2862
2863	buf[0] = cpu_to_le32(p->role_tr.nel);
2864	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
2865	if (rc)
2866	return rc;
2867
2868	return hashtab_map(h: &p->role_tr, apply: role_trans_write_one, args: &pd);
2869	}
2870
2871	static int role_allow_write(struct role_allow *r, void *fp)
2872	{
2873	struct role_allow *ra;
2874	__le32 buf[2];
2875	size_t nel;
2876	int rc;
2877
2878	nel = 0;
2879	for (ra = r; ra; ra = ra->next)
2880	nel++;
2881	buf[0] = cpu_to_le32(nel);
2882	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
2883	if (rc)
2884	return rc;
2885	for (ra = r; ra; ra = ra->next) {
2886	buf[0] = cpu_to_le32(ra->role);
2887	buf[1] = cpu_to_le32(ra->new_role);
2888	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
2889	if (rc)
2890	return rc;
2891	}
2892	return 0;
2893	}
2894
2895	/*
2896	* Write a security context structure
2897	* to a policydb binary representation file.
2898	*/
2899	static int context_write(struct policydb *p, struct context *c,
2900	void *fp)
2901	{
2902	int rc;
2903	__le32 buf[3];
2904
2905	buf[0] = cpu_to_le32(c->user);
2906	buf[1] = cpu_to_le32(c->role);
2907	buf[2] = cpu_to_le32(c->type);
2908
2909	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
2910	if (rc)
2911	return rc;
2912
2913	rc = mls_write_range_helper(r: &c->range, fp);
2914	if (rc)
2915	return rc;
2916
2917	return 0;
2918	}
2919
2920	/*
2921	* The following *_write functions are used to
2922	* write the symbol data to a policy database
2923	* binary representation file.
2924	*/
2925
2926	static int perm_write(void *vkey, void *datum, void *fp)
2927	{
2928	char *key = vkey;
2929	struct perm_datum *perdatum = datum;
2930	__le32 buf[2];
2931	size_t len;
2932	int rc;
2933
2934	len = strlen(key);
2935	buf[0] = cpu_to_le32(len);
2936	buf[1] = cpu_to_le32(perdatum->value);
2937	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
2938	if (rc)
2939	return rc;
2940
2941	rc = put_entry(buf: key, bytes: 1, num: len, fp);
2942	if (rc)
2943	return rc;
2944
2945	return 0;
2946	}
2947
2948	static int common_write(void *vkey, void *datum, void *ptr)
2949	{
2950	char *key = vkey;
2951	struct common_datum *comdatum = datum;
2952	struct policy_data *pd = ptr;
2953	void *fp = pd->fp;
2954	__le32 buf[4];
2955	size_t len;
2956	int rc;
2957
2958	len = strlen(key);
2959	buf[0] = cpu_to_le32(len);
2960	buf[1] = cpu_to_le32(comdatum->value);
2961	buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2962	buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
2963	rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp);
2964	if (rc)
2965	return rc;
2966
2967	rc = put_entry(buf: key, bytes: 1, num: len, fp);
2968	if (rc)
2969	return rc;
2970
2971	rc = hashtab_map(h: &comdatum->permissions.table, apply: perm_write, args: fp);
2972	if (rc)
2973	return rc;
2974
2975	return 0;
2976	}
2977
2978	static int type_set_write(struct type_set *t, void *fp)
2979	{
2980	int rc;
2981	__le32 buf[1];
2982
2983	if (ebitmap_write(e: &t->types, fp))
2984	return -EINVAL;
2985	if (ebitmap_write(e: &t->negset, fp))
2986	return -EINVAL;
2987
2988	buf[0] = cpu_to_le32(t->flags);
2989	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
2990	if (rc)
2991	return -EINVAL;
2992
2993	return 0;
2994	}
2995
2996	static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2997	void *fp)
2998	{
2999	struct constraint_node *c;
3000	struct constraint_expr *e;
3001	__le32 buf[3];
3002	u32 nel;
3003	int rc;
3004
3005	for (c = node; c; c = c->next) {
3006	nel = 0;
3007	for (e = c->expr; e; e = e->next)
3008	nel++;
3009	buf[0] = cpu_to_le32(c->permissions);
3010	buf[1] = cpu_to_le32(nel);
3011	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3012	if (rc)
3013	return rc;
3014	for (e = c->expr; e; e = e->next) {
3015	buf[0] = cpu_to_le32(e->expr_type);
3016	buf[1] = cpu_to_le32(e->attr);
3017	buf[2] = cpu_to_le32(e->op);
3018	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
3019	if (rc)
3020	return rc;
3021
3022	switch (e->expr_type) {
3023	case CEXPR_NAMES:
3024	rc = ebitmap_write(e: &e->names, fp);
3025	if (rc)
3026	return rc;
3027	if (p->policyvers >=
3028	POLICYDB_VERSION_CONSTRAINT_NAMES) {
3029	rc = type_set_write(t: e->type_names, fp);
3030	if (rc)
3031	return rc;
3032	}
3033	break;
3034	default:
3035	break;
3036	}
3037	}
3038	}
3039
3040	return 0;
3041	}
3042
3043	static int class_write(void *vkey, void *datum, void *ptr)
3044	{
3045	char *key = vkey;
3046	struct class_datum *cladatum = datum;
3047	struct policy_data *pd = ptr;
3048	void *fp = pd->fp;
3049	struct policydb *p = pd->p;
3050	struct constraint_node *c;
3051	__le32 buf[6];
3052	u32 ncons;
3053	size_t len, len2;
3054	int rc;
3055
3056	len = strlen(key);
3057	if (cladatum->comkey)
3058	len2 = strlen(cladatum->comkey);
3059	else
3060	len2 = 0;
3061
3062	ncons = 0;
3063	for (c = cladatum->constraints; c; c = c->next)
3064	ncons++;
3065
3066	buf[0] = cpu_to_le32(len);
3067	buf[1] = cpu_to_le32(len2);
3068	buf[2] = cpu_to_le32(cladatum->value);
3069	buf[3] = cpu_to_le32(cladatum->permissions.nprim);
3070	buf[4] = cpu_to_le32(cladatum->permissions.table.nel);
3071	buf[5] = cpu_to_le32(ncons);
3072	rc = put_entry(buf, bytes: sizeof(u32), num: 6, fp);
3073	if (rc)
3074	return rc;
3075
3076	rc = put_entry(buf: key, bytes: 1, num: len, fp);
3077	if (rc)
3078	return rc;
3079
3080	if (cladatum->comkey) {
3081	rc = put_entry(buf: cladatum->comkey, bytes: 1, num: len2, fp);
3082	if (rc)
3083	return rc;
3084	}
3085
3086	rc = hashtab_map(h: &cladatum->permissions.table, apply: perm_write, args: fp);
3087	if (rc)
3088	return rc;
3089
3090	rc = write_cons_helper(p, node: cladatum->constraints, fp);
3091	if (rc)
3092	return rc;
3093
3094	/* write out the validatetrans rule */
3095	ncons = 0;
3096	for (c = cladatum->validatetrans; c; c = c->next)
3097	ncons++;
3098
3099	buf[0] = cpu_to_le32(ncons);
3100	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3101	if (rc)
3102	return rc;
3103
3104	rc = write_cons_helper(p, node: cladatum->validatetrans, fp);
3105	if (rc)
3106	return rc;
3107
3108	if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
3109	buf[0] = cpu_to_le32(cladatum->default_user);
3110	buf[1] = cpu_to_le32(cladatum->default_role);
3111	buf[2] = cpu_to_le32(cladatum->default_range);
3112
3113	rc = put_entry(buf, bytes: sizeof(uint32_t), num: 3, fp);
3114	if (rc)
3115	return rc;
3116	}
3117
3118	if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
3119	buf[0] = cpu_to_le32(cladatum->default_type);
3120	rc = put_entry(buf, bytes: sizeof(uint32_t), num: 1, fp);
3121	if (rc)
3122	return rc;
3123	}
3124
3125	return 0;
3126	}
3127
3128	static int role_write(void *vkey, void *datum, void *ptr)
3129	{
3130	char *key = vkey;
3131	struct role_datum *role = datum;
3132	struct policy_data *pd = ptr;
3133	void *fp = pd->fp;
3134	struct policydb *p = pd->p;
3135	__le32 buf[3];
3136	size_t items, len;
3137	int rc;
3138
3139	len = strlen(key);
3140	items = 0;
3141	buf[items++] = cpu_to_le32(len);
3142	buf[items++] = cpu_to_le32(role->value);
3143	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3144	buf[items++] = cpu_to_le32(role->bounds);
3145
3146	BUG_ON(items > ARRAY_SIZE(buf));
3147
3148	rc = put_entry(buf, bytes: sizeof(u32), num: items, fp);
3149	if (rc)
3150	return rc;
3151
3152	rc = put_entry(buf: key, bytes: 1, num: len, fp);
3153	if (rc)
3154	return rc;
3155
3156	rc = ebitmap_write(e: &role->dominates, fp);
3157	if (rc)
3158	return rc;
3159
3160	rc = ebitmap_write(e: &role->types, fp);
3161	if (rc)
3162	return rc;
3163
3164	return 0;
3165	}
3166
3167	static int type_write(void *vkey, void *datum, void *ptr)
3168	{
3169	char *key = vkey;
3170	struct type_datum *typdatum = datum;
3171	struct policy_data *pd = ptr;
3172	struct policydb *p = pd->p;
3173	void *fp = pd->fp;
3174	__le32 buf[4];
3175	int rc;
3176	size_t items, len;
3177
3178	len = strlen(key);
3179	items = 0;
3180	buf[items++] = cpu_to_le32(len);
3181	buf[items++] = cpu_to_le32(typdatum->value);
3182	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3183	u32 properties = 0;
3184
3185	if (typdatum->primary)
3186	properties |= TYPEDATUM_PROPERTY_PRIMARY;
3187
3188	if (typdatum->attribute)
3189	properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3190
3191	buf[items++] = cpu_to_le32(properties);
3192	buf[items++] = cpu_to_le32(typdatum->bounds);
3193	} else {
3194	buf[items++] = cpu_to_le32(typdatum->primary);
3195	}
3196	BUG_ON(items > ARRAY_SIZE(buf));
3197	rc = put_entry(buf, bytes: sizeof(u32), num: items, fp);
3198	if (rc)
3199	return rc;
3200
3201	rc = put_entry(buf: key, bytes: 1, num: len, fp);
3202	if (rc)
3203	return rc;
3204
3205	return 0;
3206	}
3207
3208	static int user_write(void *vkey, void *datum, void *ptr)
3209	{
3210	char *key = vkey;
3211	struct user_datum *usrdatum = datum;
3212	struct policy_data *pd = ptr;
3213	struct policydb *p = pd->p;
3214	void *fp = pd->fp;
3215	__le32 buf[3];
3216	size_t items, len;
3217	int rc;
3218
3219	len = strlen(key);
3220	items = 0;
3221	buf[items++] = cpu_to_le32(len);
3222	buf[items++] = cpu_to_le32(usrdatum->value);
3223	if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3224	buf[items++] = cpu_to_le32(usrdatum->bounds);
3225	BUG_ON(items > ARRAY_SIZE(buf));
3226	rc = put_entry(buf, bytes: sizeof(u32), num: items, fp);
3227	if (rc)
3228	return rc;
3229
3230	rc = put_entry(buf: key, bytes: 1, num: len, fp);
3231	if (rc)
3232	return rc;
3233
3234	rc = ebitmap_write(e: &usrdatum->roles, fp);
3235	if (rc)
3236	return rc;
3237
3238	rc = mls_write_range_helper(r: &usrdatum->range, fp);
3239	if (rc)
3240	return rc;
3241
3242	rc = mls_write_level(l: &usrdatum->dfltlevel, fp);
3243	if (rc)
3244	return rc;
3245
3246	return 0;
3247	}
3248
3249	static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
3250	common_write,
3251	class_write,
3252	role_write,
3253	type_write,
3254	user_write,
3255	cond_write_bool,
3256	sens_write,
3257	cat_write,
3258	};
3259
3260	static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info,
3261	void *fp)
3262	{
3263	unsigned int i, j;
3264	int rc;
3265	size_t nel, len;
3266	__be64 prefixbuf[1];
3267	__le32 buf[3];
3268	u32 nodebuf[8];
3269	struct ocontext *c;
3270	for (i = 0; i < info->ocon_num; i++) {
3271	nel = 0;
3272	for (c = p->ocontexts[i]; c; c = c->next)
3273	nel++;
3274	buf[0] = cpu_to_le32(nel);
3275	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3276	if (rc)
3277	return rc;
3278	for (c = p->ocontexts[i]; c; c = c->next) {
3279	switch (i) {
3280	case OCON_ISID:
3281	buf[0] = cpu_to_le32(c->sid[0]);
3282	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3283	if (rc)
3284	return rc;
3285	rc = context_write(p, c: &c->context[0], fp);
3286	if (rc)
3287	return rc;
3288	break;
3289	case OCON_FS:
3290	case OCON_NETIF:
3291	len = strlen(c->u.name);
3292	buf[0] = cpu_to_le32(len);
3293	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3294	if (rc)
3295	return rc;
3296	rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp);
3297	if (rc)
3298	return rc;
3299	rc = context_write(p, c: &c->context[0], fp);
3300	if (rc)
3301	return rc;
3302	rc = context_write(p, c: &c->context[1], fp);
3303	if (rc)
3304	return rc;
3305	break;
3306	case OCON_PORT:
3307	buf[0] = cpu_to_le32(c->u.port.protocol);
3308	buf[1] = cpu_to_le32(c->u.port.low_port);
3309	buf[2] = cpu_to_le32(c->u.port.high_port);
3310	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
3311	if (rc)
3312	return rc;
3313	rc = context_write(p, c: &c->context[0], fp);
3314	if (rc)
3315	return rc;
3316	break;
3317	case OCON_NODE:
3318	nodebuf[0] = c->u.node.addr; /* network order */
3319	nodebuf[1] = c->u.node.mask; /* network order */
3320	rc = put_entry(buf: nodebuf, bytes: sizeof(u32), num: 2, fp);
3321	if (rc)
3322	return rc;
3323	rc = context_write(p, c: &c->context[0], fp);
3324	if (rc)
3325	return rc;
3326	break;
3327	case OCON_FSUSE:
3328	buf[0] = cpu_to_le32(c->v.behavior);
3329	len = strlen(c->u.name);
3330	buf[1] = cpu_to_le32(len);
3331	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3332	if (rc)
3333	return rc;
3334	rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp);
3335	if (rc)
3336	return rc;
3337	rc = context_write(p, c: &c->context[0], fp);
3338	if (rc)
3339	return rc;
3340	break;
3341	case OCON_NODE6:
3342	for (j = 0; j < 4; j++)
3343	nodebuf[j] = c->u.node6.addr[j]; /* network order */
3344	for (j = 0; j < 4; j++)
3345	nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3346	rc = put_entry(buf: nodebuf, bytes: sizeof(u32), num: 8, fp);
3347	if (rc)
3348	return rc;
3349	rc = context_write(p, c: &c->context[0], fp);
3350	if (rc)
3351	return rc;
3352	break;
3353	case OCON_IBPKEY:
3354	/* subnet_prefix is in CPU order */
3355	prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3356
3357	rc = put_entry(buf: prefixbuf, bytes: sizeof(u64), num: 1, fp);
3358	if (rc)
3359	return rc;
3360
3361	buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey);
3362	buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey);
3363
3364	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3365	if (rc)
3366	return rc;
3367	rc = context_write(p, c: &c->context[0], fp);
3368	if (rc)
3369	return rc;
3370	break;
3371	case OCON_IBENDPORT:
3372	len = strlen(c->u.ibendport.dev_name);
3373	buf[0] = cpu_to_le32(len);
3374	buf[1] = cpu_to_le32(c->u.ibendport.port);
3375	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3376	if (rc)
3377	return rc;
3378	rc = put_entry(buf: c->u.ibendport.dev_name, bytes: 1, num: len, fp);
3379	if (rc)
3380	return rc;
3381	rc = context_write(p, c: &c->context[0], fp);
3382	if (rc)
3383	return rc;
3384	break;
3385	}
3386	}
3387	}
3388	return 0;
3389	}
3390
3391	static int genfs_write(struct policydb *p, void *fp)
3392	{
3393	struct genfs *genfs;
3394	struct ocontext *c;
3395	size_t len;
3396	__le32 buf[1];
3397	int rc;
3398
3399	len = 0;
3400	for (genfs = p->genfs; genfs; genfs = genfs->next)
3401	len++;
3402	buf[0] = cpu_to_le32(len);
3403	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3404	if (rc)
3405	return rc;
3406	for (genfs = p->genfs; genfs; genfs = genfs->next) {
3407	len = strlen(genfs->fstype);
3408	buf[0] = cpu_to_le32(len);
3409	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3410	if (rc)
3411	return rc;
3412	rc = put_entry(buf: genfs->fstype, bytes: 1, num: len, fp);
3413	if (rc)
3414	return rc;
3415	len = 0;
3416	for (c = genfs->head; c; c = c->next)
3417	len++;
3418	buf[0] = cpu_to_le32(len);
3419	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3420	if (rc)
3421	return rc;
3422	for (c = genfs->head; c; c = c->next) {
3423	len = strlen(c->u.name);
3424	buf[0] = cpu_to_le32(len);
3425	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3426	if (rc)
3427	return rc;
3428	rc = put_entry(buf: c->u.name, bytes: 1, num: len, fp);
3429	if (rc)
3430	return rc;
3431	buf[0] = cpu_to_le32(c->v.sclass);
3432	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3433	if (rc)
3434	return rc;
3435	rc = context_write(p, c: &c->context[0], fp);
3436	if (rc)
3437	return rc;
3438	}
3439	}
3440	return 0;
3441	}
3442
3443	static int range_write_helper(void *key, void *data, void *ptr)
3444	{
3445	__le32 buf[2];
3446	struct range_trans *rt = key;
3447	struct mls_range *r = data;
3448	struct policy_data *pd = ptr;
3449	void *fp = pd->fp;
3450	struct policydb *p = pd->p;
3451	int rc;
3452
3453	buf[0] = cpu_to_le32(rt->source_type);
3454	buf[1] = cpu_to_le32(rt->target_type);
3455	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3456	if (rc)
3457	return rc;
3458	if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3459	buf[0] = cpu_to_le32(rt->target_class);
3460	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3461	if (rc)
3462	return rc;
3463	}
3464	rc = mls_write_range_helper(r, fp);
3465	if (rc)
3466	return rc;
3467
3468	return 0;
3469	}
3470
3471	static int range_write(struct policydb *p, void *fp)
3472	{
3473	__le32 buf[1];
3474	int rc;
3475	struct policy_data pd;
3476
3477	pd.p = p;
3478	pd.fp = fp;
3479
3480	buf[0] = cpu_to_le32(p->range_tr.nel);
3481	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3482	if (rc)
3483	return rc;
3484
3485	/* actually write all of the entries */
3486	rc = hashtab_map(h: &p->range_tr, apply: range_write_helper, args: &pd);
3487	if (rc)
3488	return rc;
3489
3490	return 0;
3491	}
3492
3493	static int filename_write_helper_compat(void *key, void *data, void *ptr)
3494	{
3495	struct filename_trans_key *ft = key;
3496	struct filename_trans_datum *datum = data;
3497	struct ebitmap_node *node;
3498	void *fp = ptr;
3499	__le32 buf[4];
3500	int rc;
3501	u32 bit, len = strlen(ft->name);
3502
3503	do {
3504	ebitmap_for_each_positive_bit(&datum->stypes, node, bit) {
3505	buf[0] = cpu_to_le32(len);
3506	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3507	if (rc)
3508	return rc;
3509
3510	rc = put_entry(buf: ft->name, bytes: sizeof(char), num: len, fp);
3511	if (rc)
3512	return rc;
3513
3514	buf[0] = cpu_to_le32(bit + 1);
3515	buf[1] = cpu_to_le32(ft->ttype);
3516	buf[2] = cpu_to_le32(ft->tclass);
3517	buf[3] = cpu_to_le32(datum->otype);
3518
3519	rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp);
3520	if (rc)
3521	return rc;
3522	}
3523
3524	datum = datum->next;
3525	} while (unlikely(datum));
3526
3527	return 0;
3528	}
3529
3530	static int filename_write_helper(void *key, void *data, void *ptr)
3531	{
3532	struct filename_trans_key *ft = key;
3533	struct filename_trans_datum *datum;
3534	void *fp = ptr;
3535	__le32 buf[3];
3536	int rc;
3537	u32 ndatum, len = strlen(ft->name);
3538
3539	buf[0] = cpu_to_le32(len);
3540	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3541	if (rc)
3542	return rc;
3543
3544	rc = put_entry(buf: ft->name, bytes: sizeof(char), num: len, fp);
3545	if (rc)
3546	return rc;
3547
3548	ndatum = 0;
3549	datum = data;
3550	do {
3551	ndatum++;
3552	datum = datum->next;
3553	} while (unlikely(datum));
3554
3555	buf[0] = cpu_to_le32(ft->ttype);
3556	buf[1] = cpu_to_le32(ft->tclass);
3557	buf[2] = cpu_to_le32(ndatum);
3558	rc = put_entry(buf, bytes: sizeof(u32), num: 3, fp);
3559	if (rc)
3560	return rc;
3561
3562	datum = data;
3563	do {
3564	rc = ebitmap_write(e: &datum->stypes, fp);
3565	if (rc)
3566	return rc;
3567
3568	buf[0] = cpu_to_le32(datum->otype);
3569	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3570	if (rc)
3571	return rc;
3572
3573	datum = datum->next;
3574	} while (unlikely(datum));
3575
3576	return 0;
3577	}
3578
3579	static int filename_trans_write(struct policydb *p, void *fp)
3580	{
3581	__le32 buf[1];
3582	int rc;
3583
3584	if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3585	return 0;
3586
3587	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
3588	buf[0] = cpu_to_le32(p->compat_filename_trans_count);
3589	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3590	if (rc)
3591	return rc;
3592
3593	rc = hashtab_map(h: &p->filename_trans,
3594	apply: filename_write_helper_compat, args: fp);
3595	} else {
3596	buf[0] = cpu_to_le32(p->filename_trans.nel);
3597	rc = put_entry(buf, bytes: sizeof(u32), num: 1, fp);
3598	if (rc)
3599	return rc;
3600
3601	rc = hashtab_map(h: &p->filename_trans, apply: filename_write_helper, args: fp);
3602	}
3603	return rc;
3604	}
3605
3606	/*
3607	* Write the configuration data in a policy database
3608	* structure to a policy database binary representation
3609	* file.
3610	*/
3611	int policydb_write(struct policydb *p, void *fp)
3612	{
3613	unsigned int num_syms;
3614	int rc;
3615	__le32 buf[4];
3616	u32 config, i;
3617	size_t len;
3618	const struct policydb_compat_info *info;
3619
3620	/*
3621	* refuse to write policy older than compressed avtab
3622	* to simplify the writer. There are other tests dropped
3623	* since we assume this throughout the writer code. Be
3624	* careful if you ever try to remove this restriction
3625	*/
3626	if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3627	pr_err("SELinux: refusing to write policy version %d."
3628	" Because it is less than version %d\n", p->policyvers,
3629	POLICYDB_VERSION_AVTAB);
3630	return -EINVAL;
3631	}
3632
3633	config = 0;
3634	if (p->mls_enabled)
3635	config |= POLICYDB_CONFIG_MLS;
3636
3637	if (p->reject_unknown)
3638	config |= REJECT_UNKNOWN;
3639	if (p->allow_unknown)
3640	config |= ALLOW_UNKNOWN;
3641
3642	/* Write the magic number and string identifiers. */
3643	buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3644	len = strlen(POLICYDB_STRING);
3645	buf[1] = cpu_to_le32(len);
3646	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3647	if (rc)
3648	return rc;
3649	rc = put_entry(POLICYDB_STRING, bytes: 1, num: len, fp);
3650	if (rc)
3651	return rc;
3652
3653	/* Write the version, config, and table sizes. */
3654	info = policydb_lookup_compat(version: p->policyvers);
3655	if (!info) {
3656	pr_err("SELinux: compatibility lookup failed for policy "
3657	"version %d\n", p->policyvers);
3658	return -EINVAL;
3659	}
3660
3661	buf[0] = cpu_to_le32(p->policyvers);
3662	buf[1] = cpu_to_le32(config);
3663	buf[2] = cpu_to_le32(info->sym_num);
3664	buf[3] = cpu_to_le32(info->ocon_num);
3665
3666	rc = put_entry(buf, bytes: sizeof(u32), num: 4, fp);
3667	if (rc)
3668	return rc;
3669
3670	if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3671	rc = ebitmap_write(e: &p->policycaps, fp);
3672	if (rc)
3673	return rc;
3674	}
3675
3676	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3677	rc = ebitmap_write(e: &p->permissive_map, fp);
3678	if (rc)
3679	return rc;
3680	}
3681
3682	num_syms = info->sym_num;
3683	for (i = 0; i < num_syms; i++) {
3684	struct policy_data pd;
3685
3686	pd.fp = fp;
3687	pd.p = p;
3688
3689	buf[0] = cpu_to_le32(p->symtab[i].nprim);
3690	buf[1] = cpu_to_le32(p->symtab[i].table.nel);
3691
3692	rc = put_entry(buf, bytes: sizeof(u32), num: 2, fp);
3693	if (rc)
3694	return rc;
3695	rc = hashtab_map(h: &p->symtab[i].table, apply: write_f[i], args: &pd);
3696	if (rc)
3697	return rc;
3698	}
3699
3700	rc = avtab_write(p, a: &p->te_avtab, fp);
3701	if (rc)
3702	return rc;
3703
3704	rc = cond_write_list(p, fp);
3705	if (rc)
3706	return rc;
3707
3708	rc = role_trans_write(p, fp);
3709	if (rc)
3710	return rc;
3711
3712	rc = role_allow_write(r: p->role_allow, fp);
3713	if (rc)
3714	return rc;
3715
3716	rc = filename_trans_write(p, fp);
3717	if (rc)
3718	return rc;
3719
3720	rc = ocontext_write(p, info, fp);
3721	if (rc)
3722	return rc;
3723
3724	rc = genfs_write(p, fp);
3725	if (rc)
3726	return rc;
3727
3728	rc = range_write(p, fp);
3729	if (rc)
3730	return rc;
3731
3732	for (i = 0; i < p->p_types.nprim; i++) {
3733	struct ebitmap *e = &p->type_attr_map_array[i];
3734
3735	rc = ebitmap_write(e, fp);
3736	if (rc)
3737	return rc;
3738	}
3739
3740	return 0;
3741	}
3742