1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * A policy database (policydb) specifies the |
4 | * configuration data for the security policy. |
5 | * |
6 | * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> |
7 | */ |
8 | |
9 | /* |
10 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> |
11 | * |
12 | * Support for enhanced MLS infrastructure. |
13 | * |
14 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
15 | * |
16 | * Added conditional policy language extensions |
17 | * |
18 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
19 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
20 | */ |
21 | |
22 | #ifndef _SS_POLICYDB_H_ |
23 | #define _SS_POLICYDB_H_ |
24 | |
25 | #include "symtab.h" |
26 | #include "avtab.h" |
27 | #include "sidtab.h" |
28 | #include "ebitmap.h" |
29 | #include "mls_types.h" |
30 | #include "context.h" |
31 | #include "constraint.h" |
32 | |
33 | /* |
34 | * A datum type is defined for each kind of symbol |
35 | * in the configuration data: individual permissions, |
36 | * common prefixes for access vectors, classes, |
37 | * users, roles, types, sensitivities, categories, etc. |
38 | */ |
39 | |
40 | /* Permission attributes */ |
41 | struct perm_datum { |
42 | u32 value; /* permission bit + 1 */ |
43 | }; |
44 | |
45 | /* Attributes of a common prefix for access vectors */ |
46 | struct common_datum { |
47 | u32 value; /* internal common value */ |
48 | struct symtab permissions; /* common permissions */ |
49 | }; |
50 | |
51 | /* Class attributes */ |
52 | struct class_datum { |
53 | u32 value; /* class value */ |
54 | char *comkey; /* common name */ |
55 | struct common_datum *comdatum; /* common datum */ |
56 | struct symtab permissions; /* class-specific permission symbol table */ |
57 | struct constraint_node *constraints; /* constraints on class permissions */ |
58 | struct constraint_node *validatetrans; /* special transition rules */ |
59 | /* Options how a new object user, role, and type should be decided */ |
60 | #define DEFAULT_SOURCE 1 |
61 | #define DEFAULT_TARGET 2 |
62 | char default_user; |
63 | char default_role; |
64 | char default_type; |
65 | /* Options how a new object range should be decided */ |
66 | #define DEFAULT_SOURCE_LOW 1 |
67 | #define DEFAULT_SOURCE_HIGH 2 |
68 | #define DEFAULT_SOURCE_LOW_HIGH 3 |
69 | #define DEFAULT_TARGET_LOW 4 |
70 | #define DEFAULT_TARGET_HIGH 5 |
71 | #define DEFAULT_TARGET_LOW_HIGH 6 |
72 | #define DEFAULT_GLBLUB 7 |
73 | char default_range; |
74 | }; |
75 | |
76 | /* Role attributes */ |
77 | struct role_datum { |
78 | u32 value; /* internal role value */ |
79 | u32 bounds; /* boundary of role */ |
80 | struct ebitmap dominates; /* set of roles dominated by this role */ |
81 | struct ebitmap types; /* set of authorized types for role */ |
82 | }; |
83 | |
84 | struct role_trans_key { |
85 | u32 role; /* current role */ |
86 | u32 type; /* program executable type, or new object type */ |
87 | u32 tclass; /* process class, or new object class */ |
88 | }; |
89 | |
90 | struct role_trans_datum { |
91 | u32 new_role; /* new role */ |
92 | }; |
93 | |
94 | struct filename_trans_key { |
95 | u32 ttype; /* parent dir context */ |
96 | u16 tclass; /* class of new object */ |
97 | const char *name; /* last path component */ |
98 | }; |
99 | |
100 | struct filename_trans_datum { |
101 | struct ebitmap stypes; /* bitmap of source types for this otype */ |
102 | u32 otype; /* resulting type of new object */ |
103 | struct filename_trans_datum *next; /* record for next otype*/ |
104 | }; |
105 | |
106 | struct role_allow { |
107 | u32 role; /* current role */ |
108 | u32 new_role; /* new role */ |
109 | struct role_allow *next; |
110 | }; |
111 | |
112 | /* Type attributes */ |
113 | struct type_datum { |
114 | u32 value; /* internal type value */ |
115 | u32 bounds; /* boundary of type */ |
116 | unsigned char primary; /* primary name? */ |
117 | unsigned char attribute;/* attribute ?*/ |
118 | }; |
119 | |
120 | /* User attributes */ |
121 | struct user_datum { |
122 | u32 value; /* internal user value */ |
123 | u32 bounds; /* bounds of user */ |
124 | struct ebitmap roles; /* set of authorized roles for user */ |
125 | struct mls_range range; /* MLS range (min - max) for user */ |
126 | struct mls_level dfltlevel; /* default login MLS level for user */ |
127 | }; |
128 | |
129 | |
130 | /* Sensitivity attributes */ |
131 | struct level_datum { |
132 | struct mls_level *level; /* sensitivity and associated categories */ |
133 | unsigned char isalias; /* is this sensitivity an alias for another? */ |
134 | }; |
135 | |
136 | /* Category attributes */ |
137 | struct cat_datum { |
138 | u32 value; /* internal category bit + 1 */ |
139 | unsigned char isalias; /* is this category an alias for another? */ |
140 | }; |
141 | |
142 | struct range_trans { |
143 | u32 source_type; |
144 | u32 target_type; |
145 | u32 target_class; |
146 | }; |
147 | |
148 | /* Boolean data type */ |
149 | struct cond_bool_datum { |
150 | __u32 value; /* internal type value */ |
151 | int state; |
152 | }; |
153 | |
154 | struct cond_node; |
155 | |
156 | /* |
157 | * type set preserves data needed to determine constraint info from |
158 | * policy source. This is not used by the kernel policy but allows |
159 | * utilities such as audit2allow to determine constraint denials. |
160 | */ |
161 | struct type_set { |
162 | struct ebitmap types; |
163 | struct ebitmap negset; |
164 | u32 flags; |
165 | }; |
166 | |
167 | /* |
168 | * The configuration data includes security contexts for |
169 | * initial SIDs, unlabeled file systems, TCP and UDP port numbers, |
170 | * network interfaces, and nodes. This structure stores the |
171 | * relevant data for one such entry. Entries of the same kind |
172 | * (e.g. all initial SIDs) are linked together into a list. |
173 | */ |
174 | struct ocontext { |
175 | union { |
176 | char *name; /* name of initial SID, fs, netif, fstype, path */ |
177 | struct { |
178 | u8 protocol; |
179 | u16 low_port; |
180 | u16 high_port; |
181 | } port; /* TCP or UDP port information */ |
182 | struct { |
183 | u32 addr; |
184 | u32 mask; |
185 | } node; /* node information */ |
186 | struct { |
187 | u32 addr[4]; |
188 | u32 mask[4]; |
189 | } node6; /* IPv6 node information */ |
190 | struct { |
191 | u64 subnet_prefix; |
192 | u16 low_pkey; |
193 | u16 high_pkey; |
194 | } ibpkey; |
195 | struct { |
196 | char *dev_name; |
197 | u8 port; |
198 | } ibendport; |
199 | } u; |
200 | union { |
201 | u32 sclass; /* security class for genfs */ |
202 | u32 behavior; /* labeling behavior for fs_use */ |
203 | } v; |
204 | struct context context[2]; /* security context(s) */ |
205 | u32 sid[2]; /* SID(s) */ |
206 | struct ocontext *next; |
207 | }; |
208 | |
209 | struct genfs { |
210 | char *fstype; |
211 | struct ocontext *head; |
212 | struct genfs *next; |
213 | }; |
214 | |
215 | /* symbol table array indices */ |
216 | #define SYM_COMMONS 0 |
217 | #define SYM_CLASSES 1 |
218 | #define SYM_ROLES 2 |
219 | #define SYM_TYPES 3 |
220 | #define SYM_USERS 4 |
221 | #define SYM_BOOLS 5 |
222 | #define SYM_LEVELS 6 |
223 | #define SYM_CATS 7 |
224 | #define SYM_NUM 8 |
225 | |
226 | /* object context array indices */ |
227 | #define OCON_ISID 0 /* initial SIDs */ |
228 | #define OCON_FS 1 /* unlabeled file systems (deprecated) */ |
229 | #define OCON_PORT 2 /* TCP and UDP port numbers */ |
230 | #define OCON_NETIF 3 /* network interfaces */ |
231 | #define OCON_NODE 4 /* nodes */ |
232 | #define OCON_FSUSE 5 /* fs_use */ |
233 | #define OCON_NODE6 6 /* IPv6 nodes */ |
234 | #define OCON_IBPKEY 7 /* Infiniband PKeys */ |
235 | #define OCON_IBENDPORT 8 /* Infiniband end ports */ |
236 | #define OCON_NUM 9 |
237 | |
238 | /* The policy database */ |
239 | struct policydb { |
240 | int mls_enabled; |
241 | |
242 | /* symbol tables */ |
243 | struct symtab symtab[SYM_NUM]; |
244 | #define p_commons symtab[SYM_COMMONS] |
245 | #define p_classes symtab[SYM_CLASSES] |
246 | #define p_roles symtab[SYM_ROLES] |
247 | #define p_types symtab[SYM_TYPES] |
248 | #define p_users symtab[SYM_USERS] |
249 | #define p_bools symtab[SYM_BOOLS] |
250 | #define p_levels symtab[SYM_LEVELS] |
251 | #define p_cats symtab[SYM_CATS] |
252 | |
253 | /* symbol names indexed by (value - 1) */ |
254 | char **sym_val_to_name[SYM_NUM]; |
255 | |
256 | /* class, role, and user attributes indexed by (value - 1) */ |
257 | struct class_datum **class_val_to_struct; |
258 | struct role_datum **role_val_to_struct; |
259 | struct user_datum **user_val_to_struct; |
260 | struct type_datum **type_val_to_struct; |
261 | |
262 | /* type enforcement access vectors and transitions */ |
263 | struct avtab te_avtab; |
264 | |
265 | /* role transitions */ |
266 | struct hashtab role_tr; |
267 | |
268 | /* file transitions with the last path component */ |
269 | /* quickly exclude lookups when parent ttype has no rules */ |
270 | struct ebitmap filename_trans_ttypes; |
271 | /* actual set of filename_trans rules */ |
272 | struct hashtab filename_trans; |
273 | /* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */ |
274 | u32 compat_filename_trans_count; |
275 | |
276 | /* bools indexed by (value - 1) */ |
277 | struct cond_bool_datum **bool_val_to_struct; |
278 | /* type enforcement conditional access vectors and transitions */ |
279 | struct avtab te_cond_avtab; |
280 | /* array indexing te_cond_avtab by conditional */ |
281 | struct cond_node *cond_list; |
282 | u32 cond_list_len; |
283 | |
284 | /* role allows */ |
285 | struct role_allow *role_allow; |
286 | |
287 | /* security contexts of initial SIDs, unlabeled file systems, |
288 | TCP or UDP port numbers, network interfaces and nodes */ |
289 | struct ocontext *ocontexts[OCON_NUM]; |
290 | |
291 | /* security contexts for files in filesystems that cannot support |
292 | a persistent label mapping or use another |
293 | fixed labeling behavior. */ |
294 | struct genfs *genfs; |
295 | |
296 | /* range transitions table (range_trans_key -> mls_range) */ |
297 | struct hashtab range_tr; |
298 | |
299 | /* type -> attribute reverse mapping */ |
300 | struct ebitmap *type_attr_map_array; |
301 | |
302 | struct ebitmap policycaps; |
303 | |
304 | struct ebitmap permissive_map; |
305 | |
306 | /* length of this policy when it was loaded */ |
307 | size_t len; |
308 | |
309 | unsigned int policyvers; |
310 | |
311 | unsigned int reject_unknown : 1; |
312 | unsigned int allow_unknown : 1; |
313 | |
314 | u16 process_class; |
315 | u32 process_trans_perms; |
316 | } __randomize_layout; |
317 | |
318 | extern void policydb_destroy(struct policydb *p); |
319 | extern int policydb_load_isids(struct policydb *p, struct sidtab *s); |
320 | extern int policydb_context_isvalid(struct policydb *p, struct context *c); |
321 | extern int policydb_class_isvalid(struct policydb *p, unsigned int class); |
322 | extern int policydb_type_isvalid(struct policydb *p, unsigned int type); |
323 | extern int policydb_role_isvalid(struct policydb *p, unsigned int role); |
324 | extern int policydb_read(struct policydb *p, void *fp); |
325 | extern int policydb_write(struct policydb *p, void *fp); |
326 | |
327 | extern struct filename_trans_datum *policydb_filenametr_search( |
328 | struct policydb *p, struct filename_trans_key *key); |
329 | |
330 | extern struct mls_range *policydb_rangetr_search( |
331 | struct policydb *p, struct range_trans *key); |
332 | |
333 | extern struct role_trans_datum *policydb_roletr_search( |
334 | struct policydb *p, struct role_trans_key *key); |
335 | |
336 | #define POLICYDB_CONFIG_MLS 1 |
337 | |
338 | /* the config flags related to unknown classes/perms are bits 2 and 3 */ |
339 | #define REJECT_UNKNOWN 0x00000002 |
340 | #define ALLOW_UNKNOWN 0x00000004 |
341 | |
342 | #define OBJECT_R "object_r" |
343 | #define OBJECT_R_VAL 1 |
344 | |
345 | #define POLICYDB_MAGIC SELINUX_MAGIC |
346 | #define POLICYDB_STRING "SE Linux" |
347 | |
348 | struct policy_file { |
349 | char *data; |
350 | size_t len; |
351 | }; |
352 | |
353 | struct policy_data { |
354 | struct policydb *p; |
355 | void *fp; |
356 | }; |
357 | |
358 | static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) |
359 | { |
360 | if (bytes > fp->len) |
361 | return -EINVAL; |
362 | |
363 | memcpy(buf, fp->data, bytes); |
364 | fp->data += bytes; |
365 | fp->len -= bytes; |
366 | return 0; |
367 | } |
368 | |
369 | static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp) |
370 | { |
371 | size_t len; |
372 | |
373 | if (unlikely(check_mul_overflow(bytes, num, &len))) |
374 | return -EINVAL; |
375 | |
376 | if (len > fp->len) |
377 | return -EINVAL; |
378 | memcpy(fp->data, buf, len); |
379 | fp->data += len; |
380 | fp->len -= len; |
381 | |
382 | return 0; |
383 | } |
384 | |
385 | static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr) |
386 | { |
387 | return p->sym_val_to_name[sym_num][element_nr]; |
388 | } |
389 | |
390 | extern u16 string_to_security_class(struct policydb *p, const char *name); |
391 | extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); |
392 | |
393 | #endif /* _SS_POLICYDB_H_ */ |
394 | |
395 | |