projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SELinux: seperate range transition rules to a seperate function
[deliverable/linux.git] / security / selinux / ss / policydb.c
1 /*
2 * Implementation of the policy database.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6
7 /*
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 *
10 * Support for enhanced MLS infrastructure.
11 *
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13 *
14 * Added conditional policy language extensions
15 *
16 * Updated: Hewlett-Packard <paul.moore@hp.com>
17 *
18 * Added support for the policy capability bitmap
19 *
20 * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
21 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
22 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
23 * This program is free software; you can redistribute it and/or modify
24 * it under the terms of the GNU General Public License as published by
25 * the Free Software Foundation, version 2.
26 */
27
28 #include <linux/kernel.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <linux/errno.h>
33 #include <linux/audit.h>
34 #include "security.h"
35
36 #include "policydb.h"
37 #include "conditional.h"
38 #include "mls.h"
39
40 #define _DEBUG_HASHES
41
42 #ifdef DEBUG_HASHES
43 static const char *symtab_name[SYM_NUM] = {
44 "common prefixes",
45 "classes",
46 "roles",
47 "types",
48 "users",
49 "bools",
50 "levels",
51 "categories",
52 };
53 #endif
54
55 static unsigned int symtab_sizes[SYM_NUM] = {
56 2,
57 32,
58 16,
59 512,
60 128,
61 16,
62 16,
63 16,
64 };
65
66 struct policydb_compat_info {
67 int version;
68 int sym_num;
69 int ocon_num;
70 };
71
72 /* These need to be updated if SYM_NUM or OCON_NUM changes */
73 static struct policydb_compat_info policydb_compat[] = {
74 {
75 .version = POLICYDB_VERSION_BASE,
76 .sym_num = SYM_NUM - 3,
77 .ocon_num = OCON_NUM - 1,
78 },
79 {
80 .version = POLICYDB_VERSION_BOOL,
81 .sym_num = SYM_NUM - 2,
82 .ocon_num = OCON_NUM - 1,
83 },
84 {
85 .version = POLICYDB_VERSION_IPV6,
86 .sym_num = SYM_NUM - 2,
87 .ocon_num = OCON_NUM,
88 },
89 {
90 .version = POLICYDB_VERSION_NLCLASS,
91 .sym_num = SYM_NUM - 2,
92 .ocon_num = OCON_NUM,
93 },
94 {
95 .version = POLICYDB_VERSION_MLS,
96 .sym_num = SYM_NUM,
97 .ocon_num = OCON_NUM,
98 },
99 {
100 .version = POLICYDB_VERSION_AVTAB,
101 .sym_num = SYM_NUM,
102 .ocon_num = OCON_NUM,
103 },
104 {
105 .version = POLICYDB_VERSION_RANGETRANS,
106 .sym_num = SYM_NUM,
107 .ocon_num = OCON_NUM,
108 },
109 {
110 .version = POLICYDB_VERSION_POLCAP,
111 .sym_num = SYM_NUM,
112 .ocon_num = OCON_NUM,
113 },
114 {
115 .version = POLICYDB_VERSION_PERMISSIVE,
116 .sym_num = SYM_NUM,
117 .ocon_num = OCON_NUM,
118 },
119 {
120 .version = POLICYDB_VERSION_BOUNDARY,
121 .sym_num = SYM_NUM,
122 .ocon_num = OCON_NUM,
123 },
124 };
125
126 static struct policydb_compat_info *policydb_lookup_compat(int version)
127 {
128 int i;
129 struct policydb_compat_info *info = NULL;
130
131 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
132 if (policydb_compat[i].version == version) {
133 info = &policydb_compat[i];
134 break;
135 }
136 }
137 return info;
138 }
139
140 /*
141 * Initialize the role table.
142 */
143 static int roles_init(struct policydb *p)
144 {
145 char *key = NULL;
146 int rc;
147 struct role_datum *role;
148
149 role = kzalloc(sizeof(*role), GFP_KERNEL);
150 if (!role) {
151 rc = -ENOMEM;
152 goto out;
153 }
154 role->value = ++p->p_roles.nprim;
155 if (role->value != OBJECT_R_VAL) {
156 rc = -EINVAL;
157 goto out_free_role;
158 }
159 key = kstrdup(OBJECT_R, GFP_KERNEL);
160 if (!key) {
161 rc = -ENOMEM;
162 goto out_free_role;
163 }
164 rc = hashtab_insert(p->p_roles.table, key, role);
165 if (rc)
166 goto out_free_key;
167 out:
168 return rc;
169
170 out_free_key:
171 kfree(key);
172 out_free_role:
173 kfree(role);
174 goto out;
175 }
176
177 static u32 rangetr_hash(struct hashtab *h, const void *k)
178 {
179 const struct range_trans *key = k;
180 return (key->source_type + (key->target_type << 3) +
181 (key->target_class << 5)) & (h->size - 1);
182 }
183
184 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
185 {
186 const struct range_trans *key1 = k1, *key2 = k2;
187 return (key1->source_type != key2->source_type ||
188 key1->target_type != key2->target_type ||
189 key1->target_class != key2->target_class);
190 }
191
192 /*
193 * Initialize a policy database structure.
194 */
195 static int policydb_init(struct policydb *p)
196 {
197 int i, rc;
198
199 memset(p, 0, sizeof(*p));
200
201 for (i = 0; i < SYM_NUM; i++) {
202 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
203 if (rc)
204 goto out_free_symtab;
205 }
206
207 rc = avtab_init(&p->te_avtab);
208 if (rc)
209 goto out_free_symtab;
210
211 rc = roles_init(p);
212 if (rc)
213 goto out_free_symtab;
214
215 rc = cond_policydb_init(p);
216 if (rc)
217 goto out_free_symtab;
218
219 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
220 if (!p->range_tr)
221 goto out_free_symtab;
222
223 ebitmap_init(&p->policycaps);
224 ebitmap_init(&p->permissive_map);
225
226 out:
227 return rc;
228
229 out_free_symtab:
230 for (i = 0; i < SYM_NUM; i++)
231 hashtab_destroy(p->symtab[i].table);
232 goto out;
233 }
234
235 /*
236 * The following *_index functions are used to
237 * define the val_to_name and val_to_struct arrays
238 * in a policy database structure. The val_to_name
239 * arrays are used when converting security context
240 * structures into string representations. The
241 * val_to_struct arrays are used when the attributes
242 * of a class, role, or user are needed.
243 */
244
245 static int common_index(void *key, void *datum, void *datap)
246 {
247 struct policydb *p;
248 struct common_datum *comdatum;
249
250 comdatum = datum;
251 p = datap;
252 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
253 return -EINVAL;
254 p->p_common_val_to_name[comdatum->value - 1] = key;
255 return 0;
256 }
257
258 static int class_index(void *key, void *datum, void *datap)
259 {
260 struct policydb *p;
261 struct class_datum *cladatum;
262
263 cladatum = datum;
264 p = datap;
265 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
266 return -EINVAL;
267 p->p_class_val_to_name[cladatum->value - 1] = key;
268 p->class_val_to_struct[cladatum->value - 1] = cladatum;
269 return 0;
270 }
271
272 static int role_index(void *key, void *datum, void *datap)
273 {
274 struct policydb *p;
275 struct role_datum *role;
276
277 role = datum;
278 p = datap;
279 if (!role->value
280 || role->value > p->p_roles.nprim
281 || role->bounds > p->p_roles.nprim)
282 return -EINVAL;
283 p->p_role_val_to_name[role->value - 1] = key;
284 p->role_val_to_struct[role->value - 1] = role;
285 return 0;
286 }
287
288 static int type_index(void *key, void *datum, void *datap)
289 {
290 struct policydb *p;
291 struct type_datum *typdatum;
292
293 typdatum = datum;
294 p = datap;
295
296 if (typdatum->primary) {
297 if (!typdatum->value
298 || typdatum->value > p->p_types.nprim
299 || typdatum->bounds > p->p_types.nprim)
300 return -EINVAL;
301 p->p_type_val_to_name[typdatum->value - 1] = key;
302 p->type_val_to_struct[typdatum->value - 1] = typdatum;
303 }
304
305 return 0;
306 }
307
308 static int user_index(void *key, void *datum, void *datap)
309 {
310 struct policydb *p;
311 struct user_datum *usrdatum;
312
313 usrdatum = datum;
314 p = datap;
315 if (!usrdatum->value
316 || usrdatum->value > p->p_users.nprim
317 || usrdatum->bounds > p->p_users.nprim)
318 return -EINVAL;
319 p->p_user_val_to_name[usrdatum->value - 1] = key;
320 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
321 return 0;
322 }
323
324 static int sens_index(void *key, void *datum, void *datap)
325 {
326 struct policydb *p;
327 struct level_datum *levdatum;
328
329 levdatum = datum;
330 p = datap;
331
332 if (!levdatum->isalias) {
333 if (!levdatum->level->sens ||
334 levdatum->level->sens > p->p_levels.nprim)
335 return -EINVAL;
336 p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
337 }
338
339 return 0;
340 }
341
342 static int cat_index(void *key, void *datum, void *datap)
343 {
344 struct policydb *p;
345 struct cat_datum *catdatum;
346
347 catdatum = datum;
348 p = datap;
349
350 if (!catdatum->isalias) {
351 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
352 return -EINVAL;
353 p->p_cat_val_to_name[catdatum->value - 1] = key;
354 }
355
356 return 0;
357 }
358
359 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
360 {
361 common_index,
362 class_index,
363 role_index,
364 type_index,
365 user_index,
366 cond_index_bool,
367 sens_index,
368 cat_index,
369 };
370
371 /*
372 * Define the common val_to_name array and the class
373 * val_to_name and val_to_struct arrays in a policy
374 * database structure.
375 *
376 * Caller must clean up upon failure.
377 */
378 static int policydb_index_classes(struct policydb *p)
379 {
380 int rc;
381
382 p->p_common_val_to_name =
383 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
384 if (!p->p_common_val_to_name) {
385 rc = -ENOMEM;
386 goto out;
387 }
388
389 rc = hashtab_map(p->p_commons.table, common_index, p);
390 if (rc)
391 goto out;
392
393 p->class_val_to_struct =
394 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
395 if (!p->class_val_to_struct) {
396 rc = -ENOMEM;
397 goto out;
398 }
399
400 p->p_class_val_to_name =
401 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
402 if (!p->p_class_val_to_name) {
403 rc = -ENOMEM;
404 goto out;
405 }
406
407 rc = hashtab_map(p->p_classes.table, class_index, p);
408 out:
409 return rc;
410 }
411
412 #ifdef DEBUG_HASHES
413 static void symtab_hash_eval(struct symtab *s)
414 {
415 int i;
416
417 for (i = 0; i < SYM_NUM; i++) {
418 struct hashtab *h = s[i].table;
419 struct hashtab_info info;
420
421 hashtab_stat(h, &info);
422 printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
423 "longest chain length %d\n", symtab_name[i], h->nel,
424 info.slots_used, h->size, info.max_chain_len);
425 }
426 }
427
428 static void rangetr_hash_eval(struct hashtab *h)
429 {
430 struct hashtab_info info;
431
432 hashtab_stat(h, &info);
433 printk(KERN_DEBUG "SELinux: rangetr: %d entries and %d/%d buckets used, "
434 "longest chain length %d\n", h->nel,
435 info.slots_used, h->size, info.max_chain_len);
436 }
437 #else
438 static inline void rangetr_hash_eval(struct hashtab *h)
439 {
440 }
441 #endif
442
443 /*
444 * Define the other val_to_name and val_to_struct arrays
445 * in a policy database structure.
446 *
447 * Caller must clean up on failure.
448 */
449 static int policydb_index_others(struct policydb *p)
450 {
451 int i, rc = 0;
452
453 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
454 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
455 if (p->mls_enabled)
456 printk(", %d sens, %d cats", p->p_levels.nprim,
457 p->p_cats.nprim);
458 printk("\n");
459
460 printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
461 p->p_classes.nprim, p->te_avtab.nel);
462
463 #ifdef DEBUG_HASHES
464 avtab_hash_eval(&p->te_avtab, "rules");
465 symtab_hash_eval(p->symtab);
466 #endif
467
468 p->role_val_to_struct =
469 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
470 GFP_KERNEL);
471 if (!p->role_val_to_struct) {
472 rc = -ENOMEM;
473 goto out;
474 }
475
476 p->user_val_to_struct =
477 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
478 GFP_KERNEL);
479 if (!p->user_val_to_struct) {
480 rc = -ENOMEM;
481 goto out;
482 }
483
484 p->type_val_to_struct =
485 kmalloc(p->p_types.nprim * sizeof(*(p->type_val_to_struct)),
486 GFP_KERNEL);
487 if (!p->type_val_to_struct) {
488 rc = -ENOMEM;
489 goto out;
490 }
491
492 if (cond_init_bool_indexes(p)) {
493 rc = -ENOMEM;
494 goto out;
495 }
496
497 for (i = SYM_ROLES; i < SYM_NUM; i++) {
498 p->sym_val_to_name[i] =
499 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
500 if (!p->sym_val_to_name[i]) {
501 rc = -ENOMEM;
502 goto out;
503 }
504 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
505 if (rc)
506 goto out;
507 }
508
509 out:
510 return rc;
511 }
512
513 /*
514 * The following *_destroy functions are used to
515 * free any memory allocated for each kind of
516 * symbol data in the policy database.
517 */
518
519 static int perm_destroy(void *key, void *datum, void *p)
520 {
521 kfree(key);
522 kfree(datum);
523 return 0;
524 }
525
526 static int common_destroy(void *key, void *datum, void *p)
527 {
528 struct common_datum *comdatum;
529
530 kfree(key);
531 comdatum = datum;
532 hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
533 hashtab_destroy(comdatum->permissions.table);
534 kfree(datum);
535 return 0;
536 }
537
538 static int cls_destroy(void *key, void *datum, void *p)
539 {
540 struct class_datum *cladatum;
541 struct constraint_node *constraint, *ctemp;
542 struct constraint_expr *e, *etmp;
543
544 kfree(key);
545 cladatum = datum;
546 hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
547 hashtab_destroy(cladatum->permissions.table);
548 constraint = cladatum->constraints;
549 while (constraint) {
550 e = constraint->expr;
551 while (e) {
552 ebitmap_destroy(&e->names);
553 etmp = e;
554 e = e->next;
555 kfree(etmp);
556 }
557 ctemp = constraint;
558 constraint = constraint->next;
559 kfree(ctemp);
560 }
561
562 constraint = cladatum->validatetrans;
563 while (constraint) {
564 e = constraint->expr;
565 while (e) {
566 ebitmap_destroy(&e->names);
567 etmp = e;
568 e = e->next;
569 kfree(etmp);
570 }
571 ctemp = constraint;
572 constraint = constraint->next;
573 kfree(ctemp);
574 }
575
576 kfree(cladatum->comkey);
577 kfree(datum);
578 return 0;
579 }
580
581 static int role_destroy(void *key, void *datum, void *p)
582 {
583 struct role_datum *role;
584
585 kfree(key);
586 role = datum;
587 ebitmap_destroy(&role->dominates);
588 ebitmap_destroy(&role->types);
589 kfree(datum);
590 return 0;
591 }
592
593 static int type_destroy(void *key, void *datum, void *p)
594 {
595 kfree(key);
596 kfree(datum);
597 return 0;
598 }
599
600 static int user_destroy(void *key, void *datum, void *p)
601 {
602 struct user_datum *usrdatum;
603
604 kfree(key);
605 usrdatum = datum;
606 ebitmap_destroy(&usrdatum->roles);
607 ebitmap_destroy(&usrdatum->range.level[0].cat);
608 ebitmap_destroy(&usrdatum->range.level[1].cat);
609 ebitmap_destroy(&usrdatum->dfltlevel.cat);
610 kfree(datum);
611 return 0;
612 }
613
614 static int sens_destroy(void *key, void *datum, void *p)
615 {
616 struct level_datum *levdatum;
617
618 kfree(key);
619 levdatum = datum;
620 ebitmap_destroy(&levdatum->level->cat);
621 kfree(levdatum->level);
622 kfree(datum);
623 return 0;
624 }
625
626 static int cat_destroy(void *key, void *datum, void *p)
627 {
628 kfree(key);
629 kfree(datum);
630 return 0;
631 }
632
633 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
634 {
635 common_destroy,
636 cls_destroy,
637 role_destroy,
638 type_destroy,
639 user_destroy,
640 cond_destroy_bool,
641 sens_destroy,
642 cat_destroy,
643 };
644
645 static int range_tr_destroy(void *key, void *datum, void *p)
646 {
647 struct mls_range *rt = datum;
648 kfree(key);
649 ebitmap_destroy(&rt->level[0].cat);
650 ebitmap_destroy(&rt->level[1].cat);
651 kfree(datum);
652 cond_resched();
653 return 0;
654 }
655
656 static void ocontext_destroy(struct ocontext *c, int i)
657 {
658 context_destroy(&c->context[0]);
659 context_destroy(&c->context[1]);
660 if (i == OCON_ISID || i == OCON_FS ||
661 i == OCON_NETIF || i == OCON_FSUSE)
662 kfree(c->u.name);
663 kfree(c);
664 }
665
666 /*
667 * Free any memory allocated by a policy database structure.
668 */
669 void policydb_destroy(struct policydb *p)
670 {
671 struct ocontext *c, *ctmp;
672 struct genfs *g, *gtmp;
673 int i;
674 struct role_allow *ra, *lra = NULL;
675 struct role_trans *tr, *ltr = NULL;
676
677 for (i = 0; i < SYM_NUM; i++) {
678 cond_resched();
679 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
680 hashtab_destroy(p->symtab[i].table);
681 }
682
683 for (i = 0; i < SYM_NUM; i++)
684 kfree(p->sym_val_to_name[i]);
685
686 kfree(p->class_val_to_struct);
687 kfree(p->role_val_to_struct);
688 kfree(p->user_val_to_struct);
689 kfree(p->type_val_to_struct);
690
691 avtab_destroy(&p->te_avtab);
692
693 for (i = 0; i < OCON_NUM; i++) {
694 cond_resched();
695 c = p->ocontexts[i];
696 while (c) {
697 ctmp = c;
698 c = c->next;
699 ocontext_destroy(ctmp, i);
700 }
701 p->ocontexts[i] = NULL;
702 }
703
704 g = p->genfs;
705 while (g) {
706 cond_resched();
707 kfree(g->fstype);
708 c = g->head;
709 while (c) {
710 ctmp = c;
711 c = c->next;
712 ocontext_destroy(ctmp, OCON_FSUSE);
713 }
714 gtmp = g;
715 g = g->next;
716 kfree(gtmp);
717 }
718 p->genfs = NULL;
719
720 cond_policydb_destroy(p);
721
722 for (tr = p->role_tr; tr; tr = tr->next) {
723 cond_resched();
724 kfree(ltr);
725 ltr = tr;
726 }
727 kfree(ltr);
728
729 for (ra = p->role_allow; ra; ra = ra->next) {
730 cond_resched();
731 kfree(lra);
732 lra = ra;
733 }
734 kfree(lra);
735
736 hashtab_map(p->range_tr, range_tr_destroy, NULL);
737 hashtab_destroy(p->range_tr);
738
739 if (p->type_attr_map) {
740 for (i = 0; i < p->p_types.nprim; i++)
741 ebitmap_destroy(&p->type_attr_map[i]);
742 }
743 kfree(p->type_attr_map);
744 ebitmap_destroy(&p->policycaps);
745 ebitmap_destroy(&p->permissive_map);
746
747 return;
748 }
749
750 /*
751 * Load the initial SIDs specified in a policy database
752 * structure into a SID table.
753 */
754 int policydb_load_isids(struct policydb *p, struct sidtab *s)
755 {
756 struct ocontext *head, *c;
757 int rc;
758
759 rc = sidtab_init(s);
760 if (rc) {
761 printk(KERN_ERR "SELinux: out of memory on SID table init\n");
762 goto out;
763 }
764
765 head = p->ocontexts[OCON_ISID];
766 for (c = head; c; c = c->next) {
767 if (!c->context[0].user) {
768 printk(KERN_ERR "SELinux: SID %s was never "
769 "defined.\n", c->u.name);
770 rc = -EINVAL;
771 goto out;
772 }
773 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
774 printk(KERN_ERR "SELinux: unable to load initial "
775 "SID %s.\n", c->u.name);
776 rc = -EINVAL;
777 goto out;
778 }
779 }
780 out:
781 return rc;
782 }
783
784 int policydb_class_isvalid(struct policydb *p, unsigned int class)
785 {
786 if (!class || class > p->p_classes.nprim)
787 return 0;
788 return 1;
789 }
790
791 int policydb_role_isvalid(struct policydb *p, unsigned int role)
792 {
793 if (!role || role > p->p_roles.nprim)
794 return 0;
795 return 1;
796 }
797
798 int policydb_type_isvalid(struct policydb *p, unsigned int type)
799 {
800 if (!type || type > p->p_types.nprim)
801 return 0;
802 return 1;
803 }
804
805 /*
806 * Return 1 if the fields in the security context
807 * structure `c' are valid. Return 0 otherwise.
808 */
809 int policydb_context_isvalid(struct policydb *p, struct context *c)
810 {
811 struct role_datum *role;
812 struct user_datum *usrdatum;
813
814 if (!c->role || c->role > p->p_roles.nprim)
815 return 0;
816
817 if (!c->user || c->user > p->p_users.nprim)
818 return 0;
819
820 if (!c->type || c->type > p->p_types.nprim)
821 return 0;
822
823 if (c->role != OBJECT_R_VAL) {
824 /*
825 * Role must be authorized for the type.
826 */
827 role = p->role_val_to_struct[c->role - 1];
828 if (!ebitmap_get_bit(&role->types,
829 c->type - 1))
830 /* role may not be associated with type */
831 return 0;
832
833 /*
834 * User must be authorized for the role.
835 */
836 usrdatum = p->user_val_to_struct[c->user - 1];
837 if (!usrdatum)
838 return 0;
839
840 if (!ebitmap_get_bit(&usrdatum->roles,
841 c->role - 1))
842 /* user may not be associated with role */
843 return 0;
844 }
845
846 if (!mls_context_isvalid(p, c))
847 return 0;
848
849 return 1;
850 }
851
852 /*
853 * Read a MLS range structure from a policydb binary
854 * representation file.
855 */
856 static int mls_read_range_helper(struct mls_range *r, void *fp)
857 {
858 __le32 buf[2];
859 u32 items;
860 int rc;
861
862 rc = next_entry(buf, fp, sizeof(u32));
863 if (rc < 0)
864 goto out;
865
866 items = le32_to_cpu(buf[0]);
867 if (items > ARRAY_SIZE(buf)) {
868 printk(KERN_ERR "SELinux: mls: range overflow\n");
869 rc = -EINVAL;
870 goto out;
871 }
872 rc = next_entry(buf, fp, sizeof(u32) * items);
873 if (rc < 0) {
874 printk(KERN_ERR "SELinux: mls: truncated range\n");
875 goto out;
876 }
877 r->level[0].sens = le32_to_cpu(buf[0]);
878 if (items > 1)
879 r->level[1].sens = le32_to_cpu(buf[1]);
880 else
881 r->level[1].sens = r->level[0].sens;
882
883 rc = ebitmap_read(&r->level[0].cat, fp);
884 if (rc) {
885 printk(KERN_ERR "SELinux: mls: error reading low "
886 "categories\n");
887 goto out;
888 }
889 if (items > 1) {
890 rc = ebitmap_read(&r->level[1].cat, fp);
891 if (rc) {
892 printk(KERN_ERR "SELinux: mls: error reading high "
893 "categories\n");
894 goto bad_high;
895 }
896 } else {
897 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
898 if (rc) {
899 printk(KERN_ERR "SELinux: mls: out of memory\n");
900 goto bad_high;
901 }
902 }
903
904 rc = 0;
905 out:
906 return rc;
907 bad_high:
908 ebitmap_destroy(&r->level[0].cat);
909 goto out;
910 }
911
912 /*
913 * Read and validate a security context structure
914 * from a policydb binary representation file.
915 */
916 static int context_read_and_validate(struct context *c,
917 struct policydb *p,
918 void *fp)
919 {
920 __le32 buf[3];
921 int rc;
922
923 rc = next_entry(buf, fp, sizeof buf);
924 if (rc < 0) {
925 printk(KERN_ERR "SELinux: context truncated\n");
926 goto out;
927 }
928 c->user = le32_to_cpu(buf[0]);
929 c->role = le32_to_cpu(buf[1]);
930 c->type = le32_to_cpu(buf[2]);
931 if (p->policyvers >= POLICYDB_VERSION_MLS) {
932 if (mls_read_range_helper(&c->range, fp)) {
933 printk(KERN_ERR "SELinux: error reading MLS range of "
934 "context\n");
935 rc = -EINVAL;
936 goto out;
937 }
938 }
939
940 if (!policydb_context_isvalid(p, c)) {
941 printk(KERN_ERR "SELinux: invalid security context\n");
942 context_destroy(c);
943 rc = -EINVAL;
944 }
945 out:
946 return rc;
947 }
948
949 /*
950 * The following *_read functions are used to
951 * read the symbol data from a policy database
952 * binary representation file.
953 */
954
955 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
956 {
957 char *key = NULL;
958 struct perm_datum *perdatum;
959 int rc;
960 __le32 buf[2];
961 u32 len;
962
963 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
964 if (!perdatum) {
965 rc = -ENOMEM;
966 goto out;
967 }
968
969 rc = next_entry(buf, fp, sizeof buf);
970 if (rc < 0)
971 goto bad;
972
973 len = le32_to_cpu(buf[0]);
974 perdatum->value = le32_to_cpu(buf[1]);
975
976 key = kmalloc(len + 1, GFP_KERNEL);
977 if (!key) {
978 rc = -ENOMEM;
979 goto bad;
980 }
981 rc = next_entry(key, fp, len);
982 if (rc < 0)
983 goto bad;
984 key[len] = '\0';
985
986 rc = hashtab_insert(h, key, perdatum);
987 if (rc)
988 goto bad;
989 out:
990 return rc;
991 bad:
992 perm_destroy(key, perdatum, NULL);
993 goto out;
994 }
995
996 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
997 {
998 char *key = NULL;
999 struct common_datum *comdatum;
1000 __le32 buf[4];
1001 u32 len, nel;
1002 int i, rc;
1003
1004 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1005 if (!comdatum) {
1006 rc = -ENOMEM;
1007 goto out;
1008 }
1009
1010 rc = next_entry(buf, fp, sizeof buf);
1011 if (rc < 0)
1012 goto bad;
1013
1014 len = le32_to_cpu(buf[0]);
1015 comdatum->value = le32_to_cpu(buf[1]);
1016
1017 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
1018 if (rc)
1019 goto bad;
1020 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1021 nel = le32_to_cpu(buf[3]);
1022
1023 key = kmalloc(len + 1, GFP_KERNEL);
1024 if (!key) {
1025 rc = -ENOMEM;
1026 goto bad;
1027 }
1028 rc = next_entry(key, fp, len);
1029 if (rc < 0)
1030 goto bad;
1031 key[len] = '\0';
1032
1033 for (i = 0; i < nel; i++) {
1034 rc = perm_read(p, comdatum->permissions.table, fp);
1035 if (rc)
1036 goto bad;
1037 }
1038
1039 rc = hashtab_insert(h, key, comdatum);
1040 if (rc)
1041 goto bad;
1042 out:
1043 return rc;
1044 bad:
1045 common_destroy(key, comdatum, NULL);
1046 goto out;
1047 }
1048
1049 static int read_cons_helper(struct constraint_node **nodep, int ncons,
1050 int allowxtarget, void *fp)
1051 {
1052 struct constraint_node *c, *lc;
1053 struct constraint_expr *e, *le;
1054 __le32 buf[3];
1055 u32 nexpr;
1056 int rc, i, j, depth;
1057
1058 lc = NULL;
1059 for (i = 0; i < ncons; i++) {
1060 c = kzalloc(sizeof(*c), GFP_KERNEL);
1061 if (!c)
1062 return -ENOMEM;
1063
1064 if (lc)
1065 lc->next = c;
1066 else
1067 *nodep = c;
1068
1069 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1070 if (rc < 0)
1071 return rc;
1072 c->permissions = le32_to_cpu(buf[0]);
1073 nexpr = le32_to_cpu(buf[1]);
1074 le = NULL;
1075 depth = -1;
1076 for (j = 0; j < nexpr; j++) {
1077 e = kzalloc(sizeof(*e), GFP_KERNEL);
1078 if (!e)
1079 return -ENOMEM;
1080
1081 if (le)
1082 le->next = e;
1083 else
1084 c->expr = e;
1085
1086 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1087 if (rc < 0)
1088 return rc;
1089 e->expr_type = le32_to_cpu(buf[0]);
1090 e->attr = le32_to_cpu(buf[1]);
1091 e->op = le32_to_cpu(buf[2]);
1092
1093 switch (e->expr_type) {
1094 case CEXPR_NOT:
1095 if (depth < 0)
1096 return -EINVAL;
1097 break;
1098 case CEXPR_AND:
1099 case CEXPR_OR:
1100 if (depth < 1)
1101 return -EINVAL;
1102 depth--;
1103 break;
1104 case CEXPR_ATTR:
1105 if (depth == (CEXPR_MAXDEPTH - 1))
1106 return -EINVAL;
1107 depth++;
1108 break;
1109 case CEXPR_NAMES:
1110 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1111 return -EINVAL;
1112 if (depth == (CEXPR_MAXDEPTH - 1))
1113 return -EINVAL;
1114 depth++;
1115 if (ebitmap_read(&e->names, fp))
1116 return -EINVAL;
1117 break;
1118 default:
1119 return -EINVAL;
1120 }
1121 le = e;
1122 }
1123 if (depth != 0)
1124 return -EINVAL;
1125 lc = c;
1126 }
1127
1128 return 0;
1129 }
1130
1131 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1132 {
1133 char *key = NULL;
1134 struct class_datum *cladatum;
1135 __le32 buf[6];
1136 u32 len, len2, ncons, nel;
1137 int i, rc;
1138
1139 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1140 if (!cladatum) {
1141 rc = -ENOMEM;
1142 goto out;
1143 }
1144
1145 rc = next_entry(buf, fp, sizeof(u32)*6);
1146 if (rc < 0)
1147 goto bad;
1148
1149 len = le32_to_cpu(buf[0]);
1150 len2 = le32_to_cpu(buf[1]);
1151 cladatum->value = le32_to_cpu(buf[2]);
1152
1153 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1154 if (rc)
1155 goto bad;
1156 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1157 nel = le32_to_cpu(buf[4]);
1158
1159 ncons = le32_to_cpu(buf[5]);
1160
1161 key = kmalloc(len + 1, GFP_KERNEL);
1162 if (!key) {
1163 rc = -ENOMEM;
1164 goto bad;
1165 }
1166 rc = next_entry(key, fp, len);
1167 if (rc < 0)
1168 goto bad;
1169 key[len] = '\0';
1170
1171 if (len2) {
1172 cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
1173 if (!cladatum->comkey) {
1174 rc = -ENOMEM;
1175 goto bad;
1176 }
1177 rc = next_entry(cladatum->comkey, fp, len2);
1178 if (rc < 0)
1179 goto bad;
1180 cladatum->comkey[len2] = '\0';
1181
1182 cladatum->comdatum = hashtab_search(p->p_commons.table,
1183 cladatum->comkey);
1184 if (!cladatum->comdatum) {
1185 printk(KERN_ERR "SELinux: unknown common %s\n",
1186 cladatum->comkey);
1187 rc = -EINVAL;
1188 goto bad;
1189 }
1190 }
1191 for (i = 0; i < nel; i++) {
1192 rc = perm_read(p, cladatum->permissions.table, fp);
1193 if (rc)
1194 goto bad;
1195 }
1196
1197 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1198 if (rc)
1199 goto bad;
1200
1201 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1202 /* grab the validatetrans rules */
1203 rc = next_entry(buf, fp, sizeof(u32));
1204 if (rc < 0)
1205 goto bad;
1206 ncons = le32_to_cpu(buf[0]);
1207 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1208 if (rc)
1209 goto bad;
1210 }
1211
1212 rc = hashtab_insert(h, key, cladatum);
1213 if (rc)
1214 goto bad;
1215
1216 rc = 0;
1217 out:
1218 return rc;
1219 bad:
1220 cls_destroy(key, cladatum, NULL);
1221 goto out;
1222 }
1223
1224 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1225 {
1226 char *key = NULL;
1227 struct role_datum *role;
1228 int rc, to_read = 2;
1229 __le32 buf[3];
1230 u32 len;
1231
1232 role = kzalloc(sizeof(*role), GFP_KERNEL);
1233 if (!role) {
1234 rc = -ENOMEM;
1235 goto out;
1236 }
1237
1238 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1239 to_read = 3;
1240
1241 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1242 if (rc < 0)
1243 goto bad;
1244
1245 len = le32_to_cpu(buf[0]);
1246 role->value = le32_to_cpu(buf[1]);
1247 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1248 role->bounds = le32_to_cpu(buf[2]);
1249
1250 key = kmalloc(len + 1, GFP_KERNEL);
1251 if (!key) {
1252 rc = -ENOMEM;
1253 goto bad;
1254 }
1255 rc = next_entry(key, fp, len);
1256 if (rc < 0)
1257 goto bad;
1258 key[len] = '\0';
1259
1260 rc = ebitmap_read(&role->dominates, fp);
1261 if (rc)
1262 goto bad;
1263
1264 rc = ebitmap_read(&role->types, fp);
1265 if (rc)
1266 goto bad;
1267
1268 if (strcmp(key, OBJECT_R) == 0) {
1269 if (role->value != OBJECT_R_VAL) {
1270 printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
1271 OBJECT_R, role->value);
1272 rc = -EINVAL;
1273 goto bad;
1274 }
1275 rc = 0;
1276 goto bad;
1277 }
1278
1279 rc = hashtab_insert(h, key, role);
1280 if (rc)
1281 goto bad;
1282 out:
1283 return rc;
1284 bad:
1285 role_destroy(key, role, NULL);
1286 goto out;
1287 }
1288
1289 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1290 {
1291 char *key = NULL;
1292 struct type_datum *typdatum;
1293 int rc, to_read = 3;
1294 __le32 buf[4];
1295 u32 len;
1296
1297 typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1298 if (!typdatum) {
1299 rc = -ENOMEM;
1300 return rc;
1301 }
1302
1303 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1304 to_read = 4;
1305
1306 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1307 if (rc < 0)
1308 goto bad;
1309
1310 len = le32_to_cpu(buf[0]);
1311 typdatum->value = le32_to_cpu(buf[1]);
1312 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1313 u32 prop = le32_to_cpu(buf[2]);
1314
1315 if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1316 typdatum->primary = 1;
1317 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1318 typdatum->attribute = 1;
1319
1320 typdatum->bounds = le32_to_cpu(buf[3]);
1321 } else {
1322 typdatum->primary = le32_to_cpu(buf[2]);
1323 }
1324
1325 key = kmalloc(len + 1, GFP_KERNEL);
1326 if (!key) {
1327 rc = -ENOMEM;
1328 goto bad;
1329 }
1330 rc = next_entry(key, fp, len);
1331 if (rc < 0)
1332 goto bad;
1333 key[len] = '\0';
1334
1335 rc = hashtab_insert(h, key, typdatum);
1336 if (rc)
1337 goto bad;
1338 out:
1339 return rc;
1340 bad:
1341 type_destroy(key, typdatum, NULL);
1342 goto out;
1343 }
1344
1345
1346 /*
1347 * Read a MLS level structure from a policydb binary
1348 * representation file.
1349 */
1350 static int mls_read_level(struct mls_level *lp, void *fp)
1351 {
1352 __le32 buf[1];
1353 int rc;
1354
1355 memset(lp, 0, sizeof(*lp));
1356
1357 rc = next_entry(buf, fp, sizeof buf);
1358 if (rc < 0) {
1359 printk(KERN_ERR "SELinux: mls: truncated level\n");
1360 goto bad;
1361 }
1362 lp->sens = le32_to_cpu(buf[0]);
1363
1364 if (ebitmap_read(&lp->cat, fp)) {
1365 printk(KERN_ERR "SELinux: mls: error reading level "
1366 "categories\n");
1367 goto bad;
1368 }
1369
1370 return 0;
1371
1372 bad:
1373 return -EINVAL;
1374 }
1375
1376 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1377 {
1378 char *key = NULL;
1379 struct user_datum *usrdatum;
1380 int rc, to_read = 2;
1381 __le32 buf[3];
1382 u32 len;
1383
1384 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1385 if (!usrdatum) {
1386 rc = -ENOMEM;
1387 goto out;
1388 }
1389
1390 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1391 to_read = 3;
1392
1393 rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1394 if (rc < 0)
1395 goto bad;
1396
1397 len = le32_to_cpu(buf[0]);
1398 usrdatum->value = le32_to_cpu(buf[1]);
1399 if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1400 usrdatum->bounds = le32_to_cpu(buf[2]);
1401
1402 key = kmalloc(len + 1, GFP_KERNEL);
1403 if (!key) {
1404 rc = -ENOMEM;
1405 goto bad;
1406 }
1407 rc = next_entry(key, fp, len);
1408 if (rc < 0)
1409 goto bad;
1410 key[len] = '\0';
1411
1412 rc = ebitmap_read(&usrdatum->roles, fp);
1413 if (rc)
1414 goto bad;
1415
1416 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1417 rc = mls_read_range_helper(&usrdatum->range, fp);
1418 if (rc)
1419 goto bad;
1420 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1421 if (rc)
1422 goto bad;
1423 }
1424
1425 rc = hashtab_insert(h, key, usrdatum);
1426 if (rc)
1427 goto bad;
1428 out:
1429 return rc;
1430 bad:
1431 user_destroy(key, usrdatum, NULL);
1432 goto out;
1433 }
1434
1435 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1436 {
1437 char *key = NULL;
1438 struct level_datum *levdatum;
1439 int rc;
1440 __le32 buf[2];
1441 u32 len;
1442
1443 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1444 if (!levdatum) {
1445 rc = -ENOMEM;
1446 goto out;
1447 }
1448
1449 rc = next_entry(buf, fp, sizeof buf);
1450 if (rc < 0)
1451 goto bad;
1452
1453 len = le32_to_cpu(buf[0]);
1454 levdatum->isalias = le32_to_cpu(buf[1]);
1455
1456 key = kmalloc(len + 1, GFP_ATOMIC);
1457 if (!key) {
1458 rc = -ENOMEM;
1459 goto bad;
1460 }
1461 rc = next_entry(key, fp, len);
1462 if (rc < 0)
1463 goto bad;
1464 key[len] = '\0';
1465
1466 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1467 if (!levdatum->level) {
1468 rc = -ENOMEM;
1469 goto bad;
1470 }
1471 if (mls_read_level(levdatum->level, fp)) {
1472 rc = -EINVAL;
1473 goto bad;
1474 }
1475
1476 rc = hashtab_insert(h, key, levdatum);
1477 if (rc)
1478 goto bad;
1479 out:
1480 return rc;
1481 bad:
1482 sens_destroy(key, levdatum, NULL);
1483 goto out;
1484 }
1485
1486 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1487 {
1488 char *key = NULL;
1489 struct cat_datum *catdatum;
1490 int rc;
1491 __le32 buf[3];
1492 u32 len;
1493
1494 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1495 if (!catdatum) {
1496 rc = -ENOMEM;
1497 goto out;
1498 }
1499
1500 rc = next_entry(buf, fp, sizeof buf);
1501 if (rc < 0)
1502 goto bad;
1503
1504 len = le32_to_cpu(buf[0]);
1505 catdatum->value = le32_to_cpu(buf[1]);
1506 catdatum->isalias = le32_to_cpu(buf[2]);
1507
1508 key = kmalloc(len + 1, GFP_ATOMIC);
1509 if (!key) {
1510 rc = -ENOMEM;
1511 goto bad;
1512 }
1513 rc = next_entry(key, fp, len);
1514 if (rc < 0)
1515 goto bad;
1516 key[len] = '\0';
1517
1518 rc = hashtab_insert(h, key, catdatum);
1519 if (rc)
1520 goto bad;
1521 out:
1522 return rc;
1523
1524 bad:
1525 cat_destroy(key, catdatum, NULL);
1526 goto out;
1527 }
1528
1529 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1530 {
1531 common_read,
1532 class_read,
1533 role_read,
1534 type_read,
1535 user_read,
1536 cond_read_bool,
1537 sens_read,
1538 cat_read,
1539 };
1540
1541 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1542 {
1543 struct user_datum *upper, *user;
1544 struct policydb *p = datap;
1545 int depth = 0;
1546
1547 upper = user = datum;
1548 while (upper->bounds) {
1549 struct ebitmap_node *node;
1550 unsigned long bit;
1551
1552 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1553 printk(KERN_ERR "SELinux: user %s: "
1554 "too deep or looped boundary",
1555 (char *) key);
1556 return -EINVAL;
1557 }
1558
1559 upper = p->user_val_to_struct[upper->bounds - 1];
1560 ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1561 if (ebitmap_get_bit(&upper->roles, bit))
1562 continue;
1563
1564 printk(KERN_ERR
1565 "SELinux: boundary violated policy: "
1566 "user=%s role=%s bounds=%s\n",
1567 p->p_user_val_to_name[user->value - 1],
1568 p->p_role_val_to_name[bit],
1569 p->p_user_val_to_name[upper->value - 1]);
1570
1571 return -EINVAL;
1572 }
1573 }
1574
1575 return 0;
1576 }
1577
1578 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1579 {
1580 struct role_datum *upper, *role;
1581 struct policydb *p = datap;
1582 int depth = 0;
1583
1584 upper = role = datum;
1585 while (upper->bounds) {
1586 struct ebitmap_node *node;
1587 unsigned long bit;
1588
1589 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1590 printk(KERN_ERR "SELinux: role %s: "
1591 "too deep or looped bounds\n",
1592 (char *) key);
1593 return -EINVAL;
1594 }
1595
1596 upper = p->role_val_to_struct[upper->bounds - 1];
1597 ebitmap_for_each_positive_bit(&role->types, node, bit) {
1598 if (ebitmap_get_bit(&upper->types, bit))
1599 continue;
1600
1601 printk(KERN_ERR
1602 "SELinux: boundary violated policy: "
1603 "role=%s type=%s bounds=%s\n",
1604 p->p_role_val_to_name[role->value - 1],
1605 p->p_type_val_to_name[bit],
1606 p->p_role_val_to_name[upper->value - 1]);
1607
1608 return -EINVAL;
1609 }
1610 }
1611
1612 return 0;
1613 }
1614
1615 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1616 {
1617 struct type_datum *upper, *type;
1618 struct policydb *p = datap;
1619 int depth = 0;
1620
1621 upper = type = datum;
1622 while (upper->bounds) {
1623 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1624 printk(KERN_ERR "SELinux: type %s: "
1625 "too deep or looped boundary\n",
1626 (char *) key);
1627 return -EINVAL;
1628 }
1629
1630 upper = p->type_val_to_struct[upper->bounds - 1];
1631 if (upper->attribute) {
1632 printk(KERN_ERR "SELinux: type %s: "
1633 "bounded by attribute %s",
1634 (char *) key,
1635 p->p_type_val_to_name[upper->value - 1]);
1636 return -EINVAL;
1637 }
1638 }
1639
1640 return 0;
1641 }
1642
1643 static int policydb_bounds_sanity_check(struct policydb *p)
1644 {
1645 int rc;
1646
1647 if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1648 return 0;
1649
1650 rc = hashtab_map(p->p_users.table,
1651 user_bounds_sanity_check, p);
1652 if (rc)
1653 return rc;
1654
1655 rc = hashtab_map(p->p_roles.table,
1656 role_bounds_sanity_check, p);
1657 if (rc)
1658 return rc;
1659
1660 rc = hashtab_map(p->p_types.table,
1661 type_bounds_sanity_check, p);
1662 if (rc)
1663 return rc;
1664
1665 return 0;
1666 }
1667
1668 extern int ss_initialized;
1669
1670 u16 string_to_security_class(struct policydb *p, const char *name)
1671 {
1672 struct class_datum *cladatum;
1673
1674 cladatum = hashtab_search(p->p_classes.table, name);
1675 if (!cladatum)
1676 return 0;
1677
1678 return cladatum->value;
1679 }
1680
1681 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1682 {
1683 struct class_datum *cladatum;
1684 struct perm_datum *perdatum = NULL;
1685 struct common_datum *comdatum;
1686
1687 if (!tclass || tclass > p->p_classes.nprim)
1688 return 0;
1689
1690 cladatum = p->class_val_to_struct[tclass-1];
1691 comdatum = cladatum->comdatum;
1692 if (comdatum)
1693 perdatum = hashtab_search(comdatum->permissions.table,
1694 name);
1695 if (!perdatum)
1696 perdatum = hashtab_search(cladatum->permissions.table,
1697 name);
1698 if (!perdatum)
1699 return 0;
1700
1701 return 1U << (perdatum->value-1);
1702 }
1703
1704 static int range_read(struct policydb *p, void *fp)
1705 {
1706 struct range_trans *rt = NULL;
1707 struct mls_range *r = NULL;
1708 int i, rc;
1709 __le32 buf[2];
1710 u32 nel;
1711
1712 if (p->policyvers < POLICYDB_VERSION_MLS)
1713 return 0;
1714
1715 rc = next_entry(buf, fp, sizeof(u32));
1716 if (rc)
1717 goto out;
1718
1719 nel = le32_to_cpu(buf[0]);
1720 for (i = 0; i < nel; i++) {
1721 rc = -ENOMEM;
1722 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1723 if (!rt)
1724 goto out;
1725
1726 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1727 if (rc)
1728 goto out;
1729
1730 rt->source_type = le32_to_cpu(buf[0]);
1731 rt->target_type = le32_to_cpu(buf[1]);
1732 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1733 rc = next_entry(buf, fp, sizeof(u32));
1734 if (rc)
1735 goto out;
1736 rt->target_class = le32_to_cpu(buf[0]);
1737 } else
1738 rt->target_class = p->process_class;
1739
1740 rc = -EINVAL;
1741 if (!policydb_type_isvalid(p, rt->source_type) ||
1742 !policydb_type_isvalid(p, rt->target_type) ||
1743 !policydb_class_isvalid(p, rt->target_class))
1744 goto out;
1745
1746 rc = -ENOMEM;
1747 r = kzalloc(sizeof(*r), GFP_KERNEL);
1748 if (!r)
1749 goto out;
1750
1751 rc = mls_read_range_helper(r, fp);
1752 if (rc)
1753 goto out;
1754
1755 rc = -EINVAL;
1756 if (!mls_range_isvalid(p, r)) {
1757 printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
1758 goto out;
1759 }
1760
1761 rc = hashtab_insert(p->range_tr, rt, r);
1762 if (rc)
1763 goto out;
1764
1765 rt = NULL;
1766 r = NULL;
1767 }
1768 rangetr_hash_eval(p->range_tr);
1769 rc = 0;
1770 out:
1771 kfree(rt);
1772 kfree(r);
1773 return rc;
1774 }
1775
1776 /*
1777 * Read the configuration data from a policy database binary
1778 * representation file into a policy database structure.
1779 */
1780 int policydb_read(struct policydb *p, void *fp)
1781 {
1782 struct role_allow *ra, *lra;
1783 struct role_trans *tr, *ltr;
1784 struct ocontext *l, *c, *newc;
1785 struct genfs *genfs_p, *genfs, *newgenfs;
1786 int i, j, rc;
1787 __le32 buf[4];
1788 u32 nodebuf[8];
1789 u32 len, len2, nprim, nel, nel2;
1790 char *policydb_str;
1791 struct policydb_compat_info *info;
1792
1793 rc = policydb_init(p);
1794 if (rc)
1795 goto out;
1796
1797 /* Read the magic number and string length. */
1798 rc = next_entry(buf, fp, sizeof(u32) * 2);
1799 if (rc < 0)
1800 goto bad;
1801
1802 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1803 printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
1804 "not match expected magic number 0x%x\n",
1805 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1806 goto bad;
1807 }
1808
1809 len = le32_to_cpu(buf[1]);
1810 if (len != strlen(POLICYDB_STRING)) {
1811 printk(KERN_ERR "SELinux: policydb string length %d does not "
1812 "match expected length %Zu\n",
1813 len, strlen(POLICYDB_STRING));
1814 goto bad;
1815 }
1816 policydb_str = kmalloc(len + 1, GFP_KERNEL);
1817 if (!policydb_str) {
1818 printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
1819 "string of length %d\n", len);
1820 rc = -ENOMEM;
1821 goto bad;
1822 }
1823 rc = next_entry(policydb_str, fp, len);
1824 if (rc < 0) {
1825 printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
1826 kfree(policydb_str);
1827 goto bad;
1828 }
1829 policydb_str[len] = '\0';
1830 if (strcmp(policydb_str, POLICYDB_STRING)) {
1831 printk(KERN_ERR "SELinux: policydb string %s does not match "
1832 "my string %s\n", policydb_str, POLICYDB_STRING);
1833 kfree(policydb_str);
1834 goto bad;
1835 }
1836 /* Done with policydb_str. */
1837 kfree(policydb_str);
1838 policydb_str = NULL;
1839
1840 /* Read the version and table sizes. */
1841 rc = next_entry(buf, fp, sizeof(u32)*4);
1842 if (rc < 0)
1843 goto bad;
1844
1845 p->policyvers = le32_to_cpu(buf[0]);
1846 if (p->policyvers < POLICYDB_VERSION_MIN ||
1847 p->policyvers > POLICYDB_VERSION_MAX) {
1848 printk(KERN_ERR "SELinux: policydb version %d does not match "
1849 "my version range %d-%d\n",
1850 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1851 goto bad;
1852 }
1853
1854 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1855 p->mls_enabled = 1;
1856
1857 if (p->policyvers < POLICYDB_VERSION_MLS) {
1858 printk(KERN_ERR "SELinux: security policydb version %d "
1859 "(MLS) not backwards compatible\n",
1860 p->policyvers);
1861 goto bad;
1862 }
1863 }
1864 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
1865 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
1866
1867 if (p->policyvers >= POLICYDB_VERSION_POLCAP &&
1868 ebitmap_read(&p->policycaps, fp) != 0)
1869 goto bad;
1870
1871 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
1872 ebitmap_read(&p->permissive_map, fp) != 0)
1873 goto bad;
1874
1875 info = policydb_lookup_compat(p->policyvers);
1876 if (!info) {
1877 printk(KERN_ERR "SELinux: unable to find policy compat info "
1878 "for version %d\n", p->policyvers);
1879 goto bad;
1880 }
1881
1882 if (le32_to_cpu(buf[2]) != info->sym_num ||
1883 le32_to_cpu(buf[3]) != info->ocon_num) {
1884 printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
1885 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1886 le32_to_cpu(buf[3]),
1887 info->sym_num, info->ocon_num);
1888 goto bad;
1889 }
1890
1891 for (i = 0; i < info->sym_num; i++) {
1892 rc = next_entry(buf, fp, sizeof(u32)*2);
1893 if (rc < 0)
1894 goto bad;
1895 nprim = le32_to_cpu(buf[0]);
1896 nel = le32_to_cpu(buf[1]);
1897 for (j = 0; j < nel; j++) {
1898 rc = read_f[i](p, p->symtab[i].table, fp);
1899 if (rc)
1900 goto bad;
1901 }
1902
1903 p->symtab[i].nprim = nprim;
1904 }
1905
1906 rc = avtab_read(&p->te_avtab, fp, p);
1907 if (rc)
1908 goto bad;
1909
1910 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1911 rc = cond_read_list(p, fp);
1912 if (rc)
1913 goto bad;
1914 }
1915
1916 rc = next_entry(buf, fp, sizeof(u32));
1917 if (rc < 0)
1918 goto bad;
1919 nel = le32_to_cpu(buf[0]);
1920 ltr = NULL;
1921 for (i = 0; i < nel; i++) {
1922 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1923 if (!tr) {
1924 rc = -ENOMEM;
1925 goto bad;
1926 }
1927 if (ltr)
1928 ltr->next = tr;
1929 else
1930 p->role_tr = tr;
1931 rc = next_entry(buf, fp, sizeof(u32)*3);
1932 if (rc < 0)
1933 goto bad;
1934 tr->role = le32_to_cpu(buf[0]);
1935 tr->type = le32_to_cpu(buf[1]);
1936 tr->new_role = le32_to_cpu(buf[2]);
1937 if (!policydb_role_isvalid(p, tr->role) ||
1938 !policydb_type_isvalid(p, tr->type) ||
1939 !policydb_role_isvalid(p, tr->new_role)) {
1940 rc = -EINVAL;
1941 goto bad;
1942 }
1943 ltr = tr;
1944 }
1945
1946 rc = next_entry(buf, fp, sizeof(u32));
1947 if (rc < 0)
1948 goto bad;
1949 nel = le32_to_cpu(buf[0]);
1950 lra = NULL;
1951 for (i = 0; i < nel; i++) {
1952 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1953 if (!ra) {
1954 rc = -ENOMEM;
1955 goto bad;
1956 }
1957 if (lra)
1958 lra->next = ra;
1959 else
1960 p->role_allow = ra;
1961 rc = next_entry(buf, fp, sizeof(u32)*2);
1962 if (rc < 0)
1963 goto bad;
1964 ra->role = le32_to_cpu(buf[0]);
1965 ra->new_role = le32_to_cpu(buf[1]);
1966 if (!policydb_role_isvalid(p, ra->role) ||
1967 !policydb_role_isvalid(p, ra->new_role)) {
1968 rc = -EINVAL;
1969 goto bad;
1970 }
1971 lra = ra;
1972 }
1973
1974 rc = policydb_index_classes(p);
1975 if (rc)
1976 goto bad;
1977
1978 rc = policydb_index_others(p);
1979 if (rc)
1980 goto bad;
1981
1982 p->process_class = string_to_security_class(p, "process");
1983 if (!p->process_class)
1984 goto bad;
1985 p->process_trans_perms = string_to_av_perm(p, p->process_class,
1986 "transition");
1987 p->process_trans_perms |= string_to_av_perm(p, p->process_class,
1988 "dyntransition");
1989 if (!p->process_trans_perms)
1990 goto bad;
1991
1992 for (i = 0; i < info->ocon_num; i++) {
1993 rc = next_entry(buf, fp, sizeof(u32));
1994 if (rc < 0)
1995 goto bad;
1996 nel = le32_to_cpu(buf[0]);
1997 l = NULL;
1998 for (j = 0; j < nel; j++) {
1999 c = kzalloc(sizeof(*c), GFP_KERNEL);
2000 if (!c) {
2001 rc = -ENOMEM;
2002 goto bad;
2003 }
2004 if (l)
2005 l->next = c;
2006 else
2007 p->ocontexts[i] = c;
2008 l = c;
2009 rc = -EINVAL;
2010 switch (i) {
2011 case OCON_ISID:
2012 rc = next_entry(buf, fp, sizeof(u32));
2013 if (rc < 0)
2014 goto bad;
2015 c->sid[0] = le32_to_cpu(buf[0]);
2016 rc = context_read_and_validate(&c->context[0], p, fp);
2017 if (rc)
2018 goto bad;
2019 break;
2020 case OCON_FS:
2021 case OCON_NETIF:
2022 rc = next_entry(buf, fp, sizeof(u32));
2023 if (rc < 0)
2024 goto bad;
2025 len = le32_to_cpu(buf[0]);
2026 c->u.name = kmalloc(len + 1, GFP_KERNEL);
2027 if (!c->u.name) {
2028 rc = -ENOMEM;
2029 goto bad;
2030 }
2031 rc = next_entry(c->u.name, fp, len);
2032 if (rc < 0)
2033 goto bad;
2034 c->u.name[len] = 0;
2035 rc = context_read_and_validate(&c->context[0], p, fp);
2036 if (rc)
2037 goto bad;
2038 rc = context_read_and_validate(&c->context[1], p, fp);
2039 if (rc)
2040 goto bad;
2041 break;
2042 case OCON_PORT:
2043 rc = next_entry(buf, fp, sizeof(u32)*3);
2044 if (rc < 0)
2045 goto bad;
2046 c->u.port.protocol = le32_to_cpu(buf[0]);
2047 c->u.port.low_port = le32_to_cpu(buf[1]);
2048 c->u.port.high_port = le32_to_cpu(buf[2]);
2049 rc = context_read_and_validate(&c->context[0], p, fp);
2050 if (rc)
2051 goto bad;
2052 break;
2053 case OCON_NODE:
2054 rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2055 if (rc < 0)
2056 goto bad;
2057 c->u.node.addr = nodebuf[0]; /* network order */
2058 c->u.node.mask = nodebuf[1]; /* network order */
2059 rc = context_read_and_validate(&c->context[0], p, fp);
2060 if (rc)
2061 goto bad;
2062 break;
2063 case OCON_FSUSE:
2064 rc = next_entry(buf, fp, sizeof(u32)*2);
2065 if (rc < 0)
2066 goto bad;
2067 c->v.behavior = le32_to_cpu(buf[0]);
2068 if (c->v.behavior > SECURITY_FS_USE_NONE)
2069 goto bad;
2070 len = le32_to_cpu(buf[1]);
2071 c->u.name = kmalloc(len + 1, GFP_KERNEL);
2072 if (!c->u.name) {
2073 rc = -ENOMEM;
2074 goto bad;
2075 }
2076 rc = next_entry(c->u.name, fp, len);
2077 if (rc < 0)
2078 goto bad;
2079 c->u.name[len] = 0;
2080 rc = context_read_and_validate(&c->context[0], p, fp);
2081 if (rc)
2082 goto bad;
2083 break;
2084 case OCON_NODE6: {
2085 int k;
2086
2087 rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2088 if (rc < 0)
2089 goto bad;
2090 for (k = 0; k < 4; k++)
2091 c->u.node6.addr[k] = nodebuf[k];
2092 for (k = 0; k < 4; k++)
2093 c->u.node6.mask[k] = nodebuf[k+4];
2094 if (context_read_and_validate(&c->context[0], p, fp))
2095 goto bad;
2096 break;
2097 }
2098 }
2099 }
2100 }
2101
2102 rc = next_entry(buf, fp, sizeof(u32));
2103 if (rc < 0)
2104 goto bad;
2105 nel = le32_to_cpu(buf[0]);
2106 genfs_p = NULL;
2107 rc = -EINVAL;
2108 for (i = 0; i < nel; i++) {
2109 rc = next_entry(buf, fp, sizeof(u32));
2110 if (rc < 0)
2111 goto bad;
2112 len = le32_to_cpu(buf[0]);
2113 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2114 if (!newgenfs) {
2115 rc = -ENOMEM;
2116 goto bad;
2117 }
2118
2119 newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
2120 if (!newgenfs->fstype) {
2121 rc = -ENOMEM;
2122 kfree(newgenfs);
2123 goto bad;
2124 }
2125 rc = next_entry(newgenfs->fstype, fp, len);
2126 if (rc < 0) {
2127 kfree(newgenfs->fstype);
2128 kfree(newgenfs);
2129 goto bad;
2130 }
2131 newgenfs->fstype[len] = 0;
2132 for (genfs_p = NULL, genfs = p->genfs; genfs;
2133 genfs_p = genfs, genfs = genfs->next) {
2134 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2135 printk(KERN_ERR "SELinux: dup genfs "
2136 "fstype %s\n", newgenfs->fstype);
2137 kfree(newgenfs->fstype);
2138 kfree(newgenfs);
2139 goto bad;
2140 }
2141 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2142 break;
2143 }
2144 newgenfs->next = genfs;
2145 if (genfs_p)
2146 genfs_p->next = newgenfs;
2147 else
2148 p->genfs = newgenfs;
2149 rc = next_entry(buf, fp, sizeof(u32));
2150 if (rc < 0)
2151 goto bad;
2152 nel2 = le32_to_cpu(buf[0]);
2153 for (j = 0; j < nel2; j++) {
2154 rc = next_entry(buf, fp, sizeof(u32));
2155 if (rc < 0)
2156 goto bad;
2157 len = le32_to_cpu(buf[0]);
2158
2159 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2160 if (!newc) {
2161 rc = -ENOMEM;
2162 goto bad;
2163 }
2164
2165 newc->u.name = kmalloc(len + 1, GFP_KERNEL);
2166 if (!newc->u.name) {
2167 rc = -ENOMEM;
2168 goto bad_newc;
2169 }
2170 rc = next_entry(newc->u.name, fp, len);
2171 if (rc < 0)
2172 goto bad_newc;
2173 newc->u.name[len] = 0;
2174 rc = next_entry(buf, fp, sizeof(u32));
2175 if (rc < 0)
2176 goto bad_newc;
2177 newc->v.sclass = le32_to_cpu(buf[0]);
2178 if (context_read_and_validate(&newc->context[0], p, fp))
2179 goto bad_newc;
2180 for (l = NULL, c = newgenfs->head; c;
2181 l = c, c = c->next) {
2182 if (!strcmp(newc->u.name, c->u.name) &&
2183 (!c->v.sclass || !newc->v.sclass ||
2184 newc->v.sclass == c->v.sclass)) {
2185 printk(KERN_ERR "SELinux: dup genfs "
2186 "entry (%s,%s)\n",
2187 newgenfs->fstype, c->u.name);
2188 goto bad_newc;
2189 }
2190 len = strlen(newc->u.name);
2191 len2 = strlen(c->u.name);
2192 if (len > len2)
2193 break;
2194 }
2195
2196 newc->next = c;
2197 if (l)
2198 l->next = newc;
2199 else
2200 newgenfs->head = newc;
2201 }
2202 }
2203
2204 rc = range_read(p, fp);
2205 if (rc)
2206 goto bad;
2207
2208 p->type_attr_map = kmalloc(p->p_types.nprim * sizeof(struct ebitmap), GFP_KERNEL);
2209 if (!p->type_attr_map)
2210 goto bad;
2211
2212 for (i = 0; i < p->p_types.nprim; i++) {
2213 ebitmap_init(&p->type_attr_map[i]);
2214 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2215 if (ebitmap_read(&p->type_attr_map[i], fp))
2216 goto bad;
2217 }
2218 /* add the type itself as the degenerate case */
2219 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
2220 goto bad;
2221 }
2222
2223 rc = policydb_bounds_sanity_check(p);
2224 if (rc)
2225 goto bad;
2226
2227 rc = 0;
2228 out:
2229 return rc;
2230 bad_newc:
2231 ocontext_destroy(newc, OCON_FSUSE);
2232 bad:
2233 if (!rc)
2234 rc = -EINVAL;
2235 policydb_destroy(p);
2236 goto out;
2237 }
Linux kernel - Deliverables
This page took 0.085679 seconds and 5 git commands to generate.