1 2 /* Author : Stephen Smalley, <sds (at) tycho.nsa.gov> */ 3 4 /* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris (at) redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * Copyright (C) 2017 Mellanox Technologies Inc. 22 * 23 * This library is free software; you can redistribute it and/or 24 * modify it under the terms of the GNU Lesser General Public 25 * License as published by the Free Software Foundation; either 26 * version 2.1 of the License, or (at your option) any later version. 27 * 28 * This library is distributed in the hope that it will be useful, 29 * but WITHOUT ANY WARRANTY; without even the implied warranty of 30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 31 * Lesser General Public License for more details. 32 * 33 * You should have received a copy of the GNU Lesser General Public 34 * License along with this library; if not, write to the Free Software 35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 36 */ 37 38 /* FLASK */ 39 40 /* 41 * Implementation of the policy database. 42 */ 43 44 #include <assert.h> 45 #include <stdlib.h> 46 47 #include <sepol/policydb/policydb.h> 48 #include <sepol/policydb/expand.h> 49 #include <sepol/policydb/conditional.h> 50 #include <sepol/policydb/avrule_block.h> 51 #include <sepol/policydb/util.h> 52 #include <sepol/policydb/flask.h> 53 54 #include "kernel_to_common.h" 55 #include "private.h" 56 #include "debug.h" 57 #include "mls.h" 58 59 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 60 const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 61 62 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 63 static struct policydb_compat_info policydb_compat[] = { 64 { 65 .type = POLICY_KERN, 66 .version = POLICYDB_VERSION_BOUNDARY, 67 .sym_num = SYM_NUM, 68 .ocon_num = OCON_XEN_PCIDEVICE + 1, 69 .target_platform = SEPOL_TARGET_XEN, 70 }, 71 { 72 .type = POLICY_KERN, 73 .version = POLICYDB_VERSION_XEN_DEVICETREE, 74 .sym_num = SYM_NUM, 75 .ocon_num = OCON_XEN_DEVICETREE + 1, 76 .target_platform = SEPOL_TARGET_XEN, 77 }, 78 { 79 .type = POLICY_KERN, 80 .version = POLICYDB_VERSION_BASE, 81 .sym_num = SYM_NUM - 3, 82 .ocon_num = OCON_FSUSE + 1, 83 .target_platform = SEPOL_TARGET_SELINUX, 84 }, 85 { 86 .type = POLICY_KERN, 87 .version = POLICYDB_VERSION_BOOL, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_FSUSE + 1, 90 .target_platform = SEPOL_TARGET_SELINUX, 91 }, 92 { 93 .type = POLICY_KERN, 94 .version = POLICYDB_VERSION_IPV6, 95 .sym_num = SYM_NUM - 2, 96 .ocon_num = OCON_NODE6 + 1, 97 .target_platform = SEPOL_TARGET_SELINUX, 98 }, 99 { 100 .type = POLICY_KERN, 101 .version = POLICYDB_VERSION_NLCLASS, 102 .sym_num = SYM_NUM - 2, 103 .ocon_num = OCON_NODE6 + 1, 104 .target_platform = SEPOL_TARGET_SELINUX, 105 }, 106 { 107 .type = POLICY_KERN, 108 .version = POLICYDB_VERSION_MLS, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NODE6 + 1, 111 .target_platform = SEPOL_TARGET_SELINUX, 112 }, 113 { 114 .type = POLICY_KERN, 115 .version = POLICYDB_VERSION_AVTAB, 116 .sym_num = SYM_NUM, 117 .ocon_num = OCON_NODE6 + 1, 118 .target_platform = SEPOL_TARGET_SELINUX, 119 }, 120 { 121 .type = POLICY_KERN, 122 .version = POLICYDB_VERSION_RANGETRANS, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NODE6 + 1, 125 .target_platform = SEPOL_TARGET_SELINUX, 126 }, 127 { 128 .type = POLICY_KERN, 129 .version = POLICYDB_VERSION_POLCAP, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NODE6 + 1, 132 .target_platform = SEPOL_TARGET_SELINUX, 133 }, 134 { 135 .type = POLICY_KERN, 136 .version = POLICYDB_VERSION_PERMISSIVE, 137 .sym_num = SYM_NUM, 138 .ocon_num = OCON_NODE6 + 1, 139 .target_platform = SEPOL_TARGET_SELINUX, 140 }, 141 { 142 .type = POLICY_KERN, 143 .version = POLICYDB_VERSION_BOUNDARY, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NODE6 + 1, 146 .target_platform = SEPOL_TARGET_SELINUX, 147 }, 148 { 149 .type = POLICY_KERN, 150 .version = POLICYDB_VERSION_FILENAME_TRANS, 151 .sym_num = SYM_NUM, 152 .ocon_num = OCON_NODE6 + 1, 153 .target_platform = SEPOL_TARGET_SELINUX, 154 }, 155 { 156 .type = POLICY_KERN, 157 .version = POLICYDB_VERSION_ROLETRANS, 158 .sym_num = SYM_NUM, 159 .ocon_num = OCON_NODE6 + 1, 160 .target_platform = SEPOL_TARGET_SELINUX, 161 }, 162 { 163 .type = POLICY_KERN, 164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 165 .sym_num = SYM_NUM, 166 .ocon_num = OCON_NODE6 + 1, 167 .target_platform = SEPOL_TARGET_SELINUX, 168 }, 169 { 170 .type = POLICY_KERN, 171 .version = POLICYDB_VERSION_DEFAULT_TYPE, 172 .sym_num = SYM_NUM, 173 .ocon_num = OCON_NODE6 + 1, 174 .target_platform = SEPOL_TARGET_SELINUX, 175 }, 176 { 177 .type = POLICY_KERN, 178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 179 .sym_num = SYM_NUM, 180 .ocon_num = OCON_NODE6 + 1, 181 .target_platform = SEPOL_TARGET_SELINUX, 182 }, 183 { 184 .type = POLICY_KERN, 185 .version = POLICYDB_VERSION_XPERMS_IOCTL, 186 .sym_num = SYM_NUM, 187 .ocon_num = OCON_NODE6 + 1, 188 .target_platform = SEPOL_TARGET_SELINUX, 189 }, 190 { 191 .type = POLICY_KERN, 192 .version = POLICYDB_VERSION_INFINIBAND, 193 .sym_num = SYM_NUM, 194 .ocon_num = OCON_IBENDPORT + 1, 195 .target_platform = SEPOL_TARGET_SELINUX, 196 }, 197 { 198 .type = POLICY_BASE, 199 .version = MOD_POLICYDB_VERSION_BASE, 200 .sym_num = SYM_NUM, 201 .ocon_num = OCON_NODE6 + 1, 202 .target_platform = SEPOL_TARGET_SELINUX, 203 }, 204 { 205 .type = POLICY_BASE, 206 .version = MOD_POLICYDB_VERSION_MLS, 207 .sym_num = SYM_NUM, 208 .ocon_num = OCON_NODE6 + 1, 209 .target_platform = SEPOL_TARGET_SELINUX, 210 }, 211 { 212 .type = POLICY_BASE, 213 .version = MOD_POLICYDB_VERSION_MLS_USERS, 214 .sym_num = SYM_NUM, 215 .ocon_num = OCON_NODE6 + 1, 216 .target_platform = SEPOL_TARGET_SELINUX, 217 }, 218 { 219 .type = POLICY_BASE, 220 .version = MOD_POLICYDB_VERSION_POLCAP, 221 .sym_num = SYM_NUM, 222 .ocon_num = OCON_NODE6 + 1, 223 .target_platform = SEPOL_TARGET_SELINUX, 224 }, 225 { 226 .type = POLICY_BASE, 227 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 228 .sym_num = SYM_NUM, 229 .ocon_num = OCON_NODE6 + 1, 230 .target_platform = SEPOL_TARGET_SELINUX, 231 }, 232 { 233 .type = POLICY_BASE, 234 .version = MOD_POLICYDB_VERSION_BOUNDARY, 235 .sym_num = SYM_NUM, 236 .ocon_num = OCON_NODE6 + 1, 237 .target_platform = SEPOL_TARGET_SELINUX, 238 }, 239 { 240 .type = POLICY_BASE, 241 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 242 .sym_num = SYM_NUM, 243 .ocon_num = OCON_NODE6 + 1, 244 .target_platform = SEPOL_TARGET_SELINUX, 245 }, 246 { 247 .type = POLICY_BASE, 248 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 249 .sym_num = SYM_NUM, 250 .ocon_num = OCON_NODE6 + 1, 251 .target_platform = SEPOL_TARGET_SELINUX, 252 }, 253 { 254 .type = POLICY_BASE, 255 .version = MOD_POLICYDB_VERSION_ROLETRANS, 256 .sym_num = SYM_NUM, 257 .ocon_num = OCON_NODE6 + 1, 258 .target_platform = SEPOL_TARGET_SELINUX, 259 }, 260 { 261 .type = POLICY_BASE, 262 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 263 .sym_num = SYM_NUM, 264 .ocon_num = OCON_NODE6 + 1, 265 .target_platform = SEPOL_TARGET_SELINUX, 266 }, 267 { 268 .type = POLICY_BASE, 269 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 270 .sym_num = SYM_NUM, 271 .ocon_num = OCON_NODE6 + 1, 272 .target_platform = SEPOL_TARGET_SELINUX, 273 }, 274 { 275 .type = POLICY_BASE, 276 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 277 .sym_num = SYM_NUM, 278 .ocon_num = OCON_NODE6 + 1, 279 .target_platform = SEPOL_TARGET_SELINUX, 280 }, 281 { 282 .type = POLICY_BASE, 283 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 284 .sym_num = SYM_NUM, 285 .ocon_num = OCON_NODE6 + 1, 286 .target_platform = SEPOL_TARGET_SELINUX, 287 }, 288 { 289 .type = POLICY_BASE, 290 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 291 .sym_num = SYM_NUM, 292 .ocon_num = OCON_NODE6 + 1, 293 .target_platform = SEPOL_TARGET_SELINUX, 294 }, 295 { 296 .type = POLICY_BASE, 297 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL, 298 .sym_num = SYM_NUM, 299 .ocon_num = OCON_NODE6 + 1, 300 .target_platform = SEPOL_TARGET_SELINUX, 301 }, 302 { 303 .type = POLICY_BASE, 304 .version = MOD_POLICYDB_VERSION_INFINIBAND, 305 .sym_num = SYM_NUM, 306 .ocon_num = OCON_IBENDPORT + 1, 307 .target_platform = SEPOL_TARGET_SELINUX, 308 }, 309 { 310 .type = POLICY_MOD, 311 .version = MOD_POLICYDB_VERSION_BASE, 312 .sym_num = SYM_NUM, 313 .ocon_num = 0, 314 .target_platform = SEPOL_TARGET_SELINUX, 315 }, 316 { 317 .type = POLICY_MOD, 318 .version = MOD_POLICYDB_VERSION_MLS, 319 .sym_num = SYM_NUM, 320 .ocon_num = 0, 321 .target_platform = SEPOL_TARGET_SELINUX, 322 }, 323 { 324 .type = POLICY_MOD, 325 .version = MOD_POLICYDB_VERSION_MLS_USERS, 326 .sym_num = SYM_NUM, 327 .ocon_num = 0, 328 .target_platform = SEPOL_TARGET_SELINUX, 329 }, 330 { 331 .type = POLICY_MOD, 332 .version = MOD_POLICYDB_VERSION_POLCAP, 333 .sym_num = SYM_NUM, 334 .ocon_num = 0, 335 .target_platform = SEPOL_TARGET_SELINUX, 336 }, 337 { 338 .type = POLICY_MOD, 339 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 340 .sym_num = SYM_NUM, 341 .ocon_num = 0, 342 .target_platform = SEPOL_TARGET_SELINUX, 343 }, 344 { 345 .type = POLICY_MOD, 346 .version = MOD_POLICYDB_VERSION_BOUNDARY, 347 .sym_num = SYM_NUM, 348 .ocon_num = 0, 349 .target_platform = SEPOL_TARGET_SELINUX, 350 }, 351 { 352 .type = POLICY_MOD, 353 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 354 .sym_num = SYM_NUM, 355 .ocon_num = 0, 356 .target_platform = SEPOL_TARGET_SELINUX, 357 }, 358 { 359 .type = POLICY_MOD, 360 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 361 .sym_num = SYM_NUM, 362 .ocon_num = 0, 363 .target_platform = SEPOL_TARGET_SELINUX, 364 }, 365 { 366 .type = POLICY_MOD, 367 .version = MOD_POLICYDB_VERSION_ROLETRANS, 368 .sym_num = SYM_NUM, 369 .ocon_num = 0, 370 .target_platform = SEPOL_TARGET_SELINUX, 371 }, 372 { 373 .type = POLICY_MOD, 374 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 375 .sym_num = SYM_NUM, 376 .ocon_num = 0, 377 .target_platform = SEPOL_TARGET_SELINUX, 378 }, 379 { 380 .type = POLICY_MOD, 381 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 382 .sym_num = SYM_NUM, 383 .ocon_num = 0, 384 .target_platform = SEPOL_TARGET_SELINUX, 385 }, 386 { 387 .type = POLICY_MOD, 388 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 389 .sym_num = SYM_NUM, 390 .ocon_num = 0, 391 .target_platform = SEPOL_TARGET_SELINUX, 392 }, 393 { 394 .type = POLICY_MOD, 395 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 396 .sym_num = SYM_NUM, 397 .ocon_num = 0, 398 .target_platform = SEPOL_TARGET_SELINUX, 399 }, 400 { 401 .type = POLICY_MOD, 402 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 403 .sym_num = SYM_NUM, 404 .ocon_num = 0, 405 .target_platform = SEPOL_TARGET_SELINUX, 406 }, 407 { 408 .type = POLICY_MOD, 409 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL, 410 .sym_num = SYM_NUM, 411 .ocon_num = 0, 412 .target_platform = SEPOL_TARGET_SELINUX, 413 }, 414 { 415 .type = POLICY_MOD, 416 .version = MOD_POLICYDB_VERSION_INFINIBAND, 417 .sym_num = SYM_NUM, 418 .ocon_num = 0, 419 .target_platform = SEPOL_TARGET_SELINUX, 420 }, 421 }; 422 423 #if 0 424 static char *symtab_name[SYM_NUM] = { 425 "common prefixes", 426 "classes", 427 "roles", 428 "types", 429 "users", 430 "bools" mls_symtab_names cond_symtab_names 431 }; 432 #endif 433 434 static unsigned int symtab_sizes[SYM_NUM] = { 435 2, 436 32, 437 16, 438 512, 439 128, 440 16, 441 16, 442 16, 443 }; 444 445 struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 446 unsigned int type, 447 unsigned int target_platform) 448 { 449 unsigned int i; 450 struct policydb_compat_info *info = NULL; 451 452 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 453 if (policydb_compat[i].version == version && 454 policydb_compat[i].type == type && 455 policydb_compat[i].target_platform == target_platform) { 456 info = &policydb_compat[i]; 457 break; 458 } 459 } 460 return info; 461 } 462 463 void type_set_init(type_set_t * x) 464 { 465 memset(x, 0, sizeof(type_set_t)); 466 ebitmap_init(&x->types); 467 ebitmap_init(&x->negset); 468 } 469 470 void type_set_destroy(type_set_t * x) 471 { 472 if (x != NULL) { 473 ebitmap_destroy(&x->types); 474 ebitmap_destroy(&x->negset); 475 } 476 } 477 478 void role_set_init(role_set_t * x) 479 { 480 memset(x, 0, sizeof(role_set_t)); 481 ebitmap_init(&x->roles); 482 } 483 484 void role_set_destroy(role_set_t * x) 485 { 486 ebitmap_destroy(&x->roles); 487 } 488 489 void role_datum_init(role_datum_t * x) 490 { 491 memset(x, 0, sizeof(role_datum_t)); 492 ebitmap_init(&x->dominates); 493 type_set_init(&x->types); 494 ebitmap_init(&x->cache); 495 ebitmap_init(&x->roles); 496 } 497 498 void role_datum_destroy(role_datum_t * x) 499 { 500 if (x != NULL) { 501 ebitmap_destroy(&x->dominates); 502 type_set_destroy(&x->types); 503 ebitmap_destroy(&x->cache); 504 ebitmap_destroy(&x->roles); 505 } 506 } 507 508 void type_datum_init(type_datum_t * x) 509 { 510 memset(x, 0, sizeof(*x)); 511 ebitmap_init(&x->types); 512 } 513 514 void type_datum_destroy(type_datum_t * x) 515 { 516 if (x != NULL) { 517 ebitmap_destroy(&x->types); 518 } 519 } 520 521 void user_datum_init(user_datum_t * x) 522 { 523 memset(x, 0, sizeof(user_datum_t)); 524 role_set_init(&x->roles); 525 mls_semantic_range_init(&x->range); 526 mls_semantic_level_init(&x->dfltlevel); 527 ebitmap_init(&x->cache); 528 mls_range_init(&x->exp_range); 529 mls_level_init(&x->exp_dfltlevel); 530 } 531 532 void user_datum_destroy(user_datum_t * x) 533 { 534 if (x != NULL) { 535 role_set_destroy(&x->roles); 536 mls_semantic_range_destroy(&x->range); 537 mls_semantic_level_destroy(&x->dfltlevel); 538 ebitmap_destroy(&x->cache); 539 mls_range_destroy(&x->exp_range); 540 mls_level_destroy(&x->exp_dfltlevel); 541 } 542 } 543 544 void level_datum_init(level_datum_t * x) 545 { 546 memset(x, 0, sizeof(level_datum_t)); 547 } 548 549 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 550 { 551 /* the mls_level_t referenced by the level_datum is managed 552 * separately for now, so there is nothing to destroy */ 553 return; 554 } 555 556 void cat_datum_init(cat_datum_t * x) 557 { 558 memset(x, 0, sizeof(cat_datum_t)); 559 } 560 561 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 562 { 563 /* it's currently a simple struct - really nothing to destroy */ 564 return; 565 } 566 567 void class_perm_node_init(class_perm_node_t * x) 568 { 569 memset(x, 0, sizeof(class_perm_node_t)); 570 } 571 572 void avrule_init(avrule_t * x) 573 { 574 memset(x, 0, sizeof(avrule_t)); 575 type_set_init(&x->stypes); 576 type_set_init(&x->ttypes); 577 } 578 579 void avrule_destroy(avrule_t * x) 580 { 581 class_perm_node_t *cur, *next; 582 583 if (x == NULL) { 584 return; 585 } 586 type_set_destroy(&x->stypes); 587 type_set_destroy(&x->ttypes); 588 589 free(x->source_filename); 590 591 next = x->perms; 592 while (next) { 593 cur = next; 594 next = cur->next; 595 free(cur); 596 } 597 598 free(x->xperms); 599 } 600 601 void role_trans_rule_init(role_trans_rule_t * x) 602 { 603 memset(x, 0, sizeof(*x)); 604 role_set_init(&x->roles); 605 type_set_init(&x->types); 606 ebitmap_init(&x->classes); 607 } 608 609 void role_trans_rule_destroy(role_trans_rule_t * x) 610 { 611 if (x != NULL) { 612 role_set_destroy(&x->roles); 613 type_set_destroy(&x->types); 614 ebitmap_destroy(&x->classes); 615 } 616 } 617 618 void role_trans_rule_list_destroy(role_trans_rule_t * x) 619 { 620 while (x != NULL) { 621 role_trans_rule_t *next = x->next; 622 role_trans_rule_destroy(x); 623 free(x); 624 x = next; 625 } 626 } 627 628 void filename_trans_rule_init(filename_trans_rule_t * x) 629 { 630 memset(x, 0, sizeof(*x)); 631 type_set_init(&x->stypes); 632 type_set_init(&x->ttypes); 633 } 634 635 static void filename_trans_rule_destroy(filename_trans_rule_t * x) 636 { 637 if (!x) 638 return; 639 type_set_destroy(&x->stypes); 640 type_set_destroy(&x->ttypes); 641 free(x->name); 642 } 643 644 void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 645 { 646 filename_trans_rule_t *next; 647 while (x) { 648 next = x->next; 649 filename_trans_rule_destroy(x); 650 free(x); 651 x = next; 652 } 653 } 654 655 void role_allow_rule_init(role_allow_rule_t * x) 656 { 657 memset(x, 0, sizeof(role_allow_rule_t)); 658 role_set_init(&x->roles); 659 role_set_init(&x->new_roles); 660 } 661 662 void role_allow_rule_destroy(role_allow_rule_t * x) 663 { 664 role_set_destroy(&x->roles); 665 role_set_destroy(&x->new_roles); 666 } 667 668 void role_allow_rule_list_destroy(role_allow_rule_t * x) 669 { 670 while (x != NULL) { 671 role_allow_rule_t *next = x->next; 672 role_allow_rule_destroy(x); 673 free(x); 674 x = next; 675 } 676 } 677 678 void range_trans_rule_init(range_trans_rule_t * x) 679 { 680 type_set_init(&x->stypes); 681 type_set_init(&x->ttypes); 682 ebitmap_init(&x->tclasses); 683 mls_semantic_range_init(&x->trange); 684 x->next = NULL; 685 } 686 687 void range_trans_rule_destroy(range_trans_rule_t * x) 688 { 689 type_set_destroy(&x->stypes); 690 type_set_destroy(&x->ttypes); 691 ebitmap_destroy(&x->tclasses); 692 mls_semantic_range_destroy(&x->trange); 693 } 694 695 void range_trans_rule_list_destroy(range_trans_rule_t * x) 696 { 697 while (x != NULL) { 698 range_trans_rule_t *next = x->next; 699 range_trans_rule_destroy(x); 700 free(x); 701 x = next; 702 } 703 } 704 705 void avrule_list_destroy(avrule_t * x) 706 { 707 avrule_t *next, *cur; 708 709 if (!x) 710 return; 711 712 next = x; 713 while (next) { 714 cur = next; 715 next = next->next; 716 avrule_destroy(cur); 717 free(cur); 718 } 719 } 720 721 /* 722 * Initialize the role table by implicitly adding role 'object_r'. If 723 * the policy is a module, set object_r's scope to be SCOPE_REQ, 724 * otherwise set it to SCOPE_DECL. 725 */ 726 static int roles_init(policydb_t * p) 727 { 728 char *key = 0; 729 int rc; 730 role_datum_t *role; 731 732 role = calloc(1, sizeof(role_datum_t)); 733 if (!role) { 734 rc = -ENOMEM; 735 goto out; 736 } 737 key = malloc(strlen(OBJECT_R) + 1); 738 if (!key) { 739 rc = -ENOMEM; 740 goto out_free_role; 741 } 742 strcpy(key, OBJECT_R); 743 rc = symtab_insert(p, SYM_ROLES, key, role, 744 (p->policy_type == 745 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 746 &role->s.value); 747 if (rc) 748 goto out_free_key; 749 if (role->s.value != OBJECT_R_VAL) { 750 rc = -EINVAL; 751 goto out_free_role; 752 } 753 out: 754 return rc; 755 756 out_free_key: 757 free(key); 758 out_free_role: 759 free(role); 760 goto out; 761 } 762 763 static inline unsigned long 764 partial_name_hash(unsigned long c, unsigned long prevhash) 765 { 766 return (prevhash + (c << 4) + (c >> 4)) * 11; 767 } 768 769 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k) 770 { 771 const struct filename_trans *ft = (const struct filename_trans *)k; 772 unsigned long hash; 773 unsigned int byte_num; 774 unsigned char focus; 775 776 hash = ft->stype ^ ft->ttype ^ ft->tclass; 777 778 byte_num = 0; 779 while ((focus = ft->name[byte_num++])) 780 hash = partial_name_hash(focus, hash); 781 return hash & (h->size - 1); 782 } 783 784 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)), 785 const_hashtab_key_t k1, const_hashtab_key_t k2) 786 { 787 const struct filename_trans *ft1 = (const struct filename_trans *)k1; 788 const struct filename_trans *ft2 = (const struct filename_trans *)k2; 789 int v; 790 791 v = ft1->stype - ft2->stype; 792 if (v) 793 return v; 794 795 v = ft1->ttype - ft2->ttype; 796 if (v) 797 return v; 798 799 v = ft1->tclass - ft2->tclass; 800 if (v) 801 return v; 802 803 return strcmp(ft1->name, ft2->name); 804 805 } 806 807 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k) 808 { 809 const struct range_trans *key = (const struct range_trans *)k; 810 return (key->source_type + (key->target_type << 3) + 811 (key->target_class << 5)) & (h->size - 1); 812 } 813 814 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)), 815 const_hashtab_key_t k1, const_hashtab_key_t k2) 816 { 817 const struct range_trans *key1 = (const struct range_trans *)k1; 818 const struct range_trans *key2 = (const struct range_trans *)k2; 819 int v; 820 821 v = key1->source_type - key2->source_type; 822 if (v) 823 return v; 824 825 v = key1->target_type - key2->target_type; 826 if (v) 827 return v; 828 829 v = key1->target_class - key2->target_class; 830 831 return v; 832 } 833 834 /* 835 * Initialize a policy database structure. 836 */ 837 int policydb_init(policydb_t * p) 838 { 839 int i, rc; 840 841 memset(p, 0, sizeof(policydb_t)); 842 843 for (i = 0; i < SYM_NUM; i++) { 844 p->sym_val_to_name[i] = NULL; 845 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 846 if (rc) 847 goto err; 848 } 849 850 /* initialize the module stuff */ 851 for (i = 0; i < SYM_NUM; i++) { 852 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 853 goto err; 854 } 855 } 856 if ((p->global = avrule_block_create()) == NULL || 857 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 858 goto err; 859 } 860 p->decl_val_to_struct = NULL; 861 862 rc = avtab_init(&p->te_avtab); 863 if (rc) 864 goto err; 865 866 rc = roles_init(p); 867 if (rc) 868 goto err; 869 870 rc = cond_policydb_init(p); 871 if (rc) 872 goto err; 873 874 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 875 if (!p->filename_trans) { 876 rc = -ENOMEM; 877 goto err; 878 } 879 880 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 881 if (!p->range_tr) { 882 rc = -ENOMEM; 883 goto err; 884 } 885 886 ebitmap_init(&p->policycaps); 887 ebitmap_init(&p->permissive_map); 888 889 return 0; 890 err: 891 hashtab_destroy(p->filename_trans); 892 hashtab_destroy(p->range_tr); 893 for (i = 0; i < SYM_NUM; i++) { 894 hashtab_destroy(p->symtab[i].table); 895 hashtab_destroy(p->scope[i].table); 896 } 897 avrule_block_list_destroy(p->global); 898 return rc; 899 } 900 901 int policydb_role_cache(hashtab_key_t key 902 __attribute__ ((unused)), hashtab_datum_t datum, 903 void *arg) 904 { 905 policydb_t *p; 906 role_datum_t *role; 907 908 role = (role_datum_t *) datum; 909 p = (policydb_t *) arg; 910 911 ebitmap_destroy(&role->cache); 912 if (type_set_expand(&role->types, &role->cache, p, 1)) { 913 return -1; 914 } 915 916 return 0; 917 } 918 919 int policydb_user_cache(hashtab_key_t key 920 __attribute__ ((unused)), hashtab_datum_t datum, 921 void *arg) 922 { 923 policydb_t *p; 924 user_datum_t *user; 925 926 user = (user_datum_t *) datum; 927 p = (policydb_t *) arg; 928 929 ebitmap_destroy(&user->cache); 930 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 931 return -1; 932 } 933 934 /* we do not expand user's MLS info in kernel policies because the 935 * semantic representation is not present and we do not expand user's 936 * MLS info in module policies because all of the necessary mls 937 * information is not present */ 938 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 939 mls_range_destroy(&user->exp_range); 940 if (mls_semantic_range_expand(&user->range, 941 &user->exp_range, p, NULL)) { 942 return -1; 943 } 944 945 mls_level_destroy(&user->exp_dfltlevel); 946 if (mls_semantic_level_expand(&user->dfltlevel, 947 &user->exp_dfltlevel, p, NULL)) { 948 return -1; 949 } 950 } 951 952 return 0; 953 } 954 955 /* 956 * The following *_index functions are used to 957 * define the val_to_name and val_to_struct arrays 958 * in a policy database structure. The val_to_name 959 * arrays are used when converting security context 960 * structures into string representations. The 961 * val_to_struct arrays are used when the attributes 962 * of a class, role, or user are needed. 963 */ 964 965 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 966 { 967 policydb_t *p; 968 common_datum_t *comdatum; 969 970 comdatum = (common_datum_t *) datum; 971 p = (policydb_t *) datap; 972 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 973 return -EINVAL; 974 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL) 975 return -EINVAL; 976 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 977 978 return 0; 979 } 980 981 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 982 { 983 policydb_t *p; 984 class_datum_t *cladatum; 985 986 cladatum = (class_datum_t *) datum; 987 p = (policydb_t *) datap; 988 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 989 return -EINVAL; 990 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL) 991 return -EINVAL; 992 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 993 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 994 995 return 0; 996 } 997 998 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 999 { 1000 policydb_t *p; 1001 role_datum_t *role; 1002 1003 role = (role_datum_t *) datum; 1004 p = (policydb_t *) datap; 1005 if (!role->s.value || role->s.value > p->p_roles.nprim) 1006 return -EINVAL; 1007 if (p->p_role_val_to_name[role->s.value - 1] != NULL) 1008 return -EINVAL; 1009 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 1010 p->role_val_to_struct[role->s.value - 1] = role; 1011 1012 return 0; 1013 } 1014 1015 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1016 { 1017 policydb_t *p; 1018 type_datum_t *typdatum; 1019 1020 typdatum = (type_datum_t *) datum; 1021 p = (policydb_t *) datap; 1022 1023 if (typdatum->primary) { 1024 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 1025 return -EINVAL; 1026 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL) 1027 return -EINVAL; 1028 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 1029 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 1030 } 1031 1032 return 0; 1033 } 1034 1035 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1036 { 1037 policydb_t *p; 1038 user_datum_t *usrdatum; 1039 1040 usrdatum = (user_datum_t *) datum; 1041 p = (policydb_t *) datap; 1042 1043 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 1044 return -EINVAL; 1045 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL) 1046 return -EINVAL; 1047 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 1048 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 1049 1050 return 0; 1051 } 1052 1053 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1054 { 1055 policydb_t *p; 1056 level_datum_t *levdatum; 1057 1058 levdatum = (level_datum_t *) datum; 1059 p = (policydb_t *) datap; 1060 1061 if (!levdatum->isalias) { 1062 if (!levdatum->level->sens || 1063 levdatum->level->sens > p->p_levels.nprim) 1064 return -EINVAL; 1065 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL) 1066 return -EINVAL; 1067 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 1068 } 1069 1070 return 0; 1071 } 1072 1073 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1074 { 1075 policydb_t *p; 1076 cat_datum_t *catdatum; 1077 1078 catdatum = (cat_datum_t *) datum; 1079 p = (policydb_t *) datap; 1080 1081 if (!catdatum->isalias) { 1082 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 1083 return -EINVAL; 1084 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL) 1085 return -EINVAL; 1086 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 1087 } 1088 1089 return 0; 1090 } 1091 1092 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1093 void *datap) = { 1094 common_index, class_index, role_index, type_index, user_index, 1095 cond_index_bool, sens_index, cat_index,}; 1096 1097 /* 1098 * Define the common val_to_name array and the class 1099 * val_to_name and val_to_struct arrays in a policy 1100 * database structure. 1101 */ 1102 int policydb_index_classes(policydb_t * p) 1103 { 1104 free(p->p_common_val_to_name); 1105 p->p_common_val_to_name = (char **) 1106 calloc(p->p_commons.nprim, sizeof(char *)); 1107 if (!p->p_common_val_to_name) 1108 return -1; 1109 1110 if (hashtab_map(p->p_commons.table, common_index, p)) 1111 return -1; 1112 1113 free(p->class_val_to_struct); 1114 p->class_val_to_struct = (class_datum_t **) 1115 calloc(p->p_classes.nprim, sizeof(class_datum_t *)); 1116 if (!p->class_val_to_struct) 1117 return -1; 1118 1119 free(p->p_class_val_to_name); 1120 p->p_class_val_to_name = (char **) 1121 calloc(p->p_classes.nprim, sizeof(char *)); 1122 if (!p->p_class_val_to_name) 1123 return -1; 1124 1125 if (hashtab_map(p->p_classes.table, class_index, p)) 1126 return -1; 1127 1128 return 0; 1129 } 1130 1131 int policydb_index_bools(policydb_t * p) 1132 { 1133 1134 if (cond_init_bool_indexes(p) == -1) 1135 return -1; 1136 p->p_bool_val_to_name = (char **) 1137 calloc(p->p_bools.nprim, sizeof(char *)); 1138 if (!p->p_bool_val_to_name) 1139 return -1; 1140 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 1141 return -1; 1142 return 0; 1143 } 1144 1145 int policydb_index_decls(sepol_handle_t * handle, policydb_t * p) 1146 { 1147 avrule_block_t *curblock; 1148 avrule_decl_t *decl; 1149 unsigned int num_decls = 0; 1150 1151 free(p->decl_val_to_struct); 1152 1153 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1154 for (decl = curblock->branch_list; decl != NULL; 1155 decl = decl->next) { 1156 num_decls++; 1157 } 1158 } 1159 1160 p->decl_val_to_struct = 1161 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 1162 if (!p->decl_val_to_struct) { 1163 return -1; 1164 } 1165 1166 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1167 for (decl = curblock->branch_list; decl != NULL; 1168 decl = decl->next) { 1169 if (decl->decl_id < 1 || decl->decl_id > num_decls) { 1170 ERR(handle, "invalid decl ID %u", decl->decl_id); 1171 return -1; 1172 } 1173 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) { 1174 ERR(handle, "duplicated decl ID %u", decl->decl_id); 1175 return -1; 1176 } 1177 p->decl_val_to_struct[decl->decl_id - 1] = decl; 1178 } 1179 } 1180 1181 return 0; 1182 } 1183 1184 /* 1185 * Define the other val_to_name and val_to_struct arrays 1186 * in a policy database structure. 1187 */ 1188 int policydb_index_others(sepol_handle_t * handle, 1189 policydb_t * p, unsigned verbose) 1190 { 1191 int i; 1192 1193 if (verbose) { 1194 INFO(handle, 1195 "security: %d users, %d roles, %d types, %d bools", 1196 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 1197 p->p_bools.nprim); 1198 1199 if (p->mls) 1200 INFO(handle, "security: %d sens, %d cats", 1201 p->p_levels.nprim, p->p_cats.nprim); 1202 1203 INFO(handle, "security: %d classes, %d rules, %d cond rules", 1204 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 1205 } 1206 #if 0 1207 avtab_hash_eval(&p->te_avtab, "rules"); 1208 for (i = 0; i < SYM_NUM; i++) 1209 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 1210 #endif 1211 1212 free(p->role_val_to_struct); 1213 p->role_val_to_struct = (role_datum_t **) 1214 calloc(p->p_roles.nprim, sizeof(role_datum_t *)); 1215 if (!p->role_val_to_struct) 1216 return -1; 1217 1218 free(p->user_val_to_struct); 1219 p->user_val_to_struct = (user_datum_t **) 1220 calloc(p->p_users.nprim, sizeof(user_datum_t *)); 1221 if (!p->user_val_to_struct) 1222 return -1; 1223 1224 free(p->type_val_to_struct); 1225 p->type_val_to_struct = (type_datum_t **) 1226 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1227 if (!p->type_val_to_struct) 1228 return -1; 1229 1230 cond_init_bool_indexes(p); 1231 1232 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1233 free(p->sym_val_to_name[i]); 1234 p->sym_val_to_name[i] = NULL; 1235 if (p->symtab[i].nprim) { 1236 p->sym_val_to_name[i] = (char **) 1237 calloc(p->symtab[i].nprim, sizeof(char *)); 1238 if (!p->sym_val_to_name[i]) 1239 return -1; 1240 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1241 return -1; 1242 } 1243 } 1244 1245 /* This pre-expands the roles and users for context validity checking */ 1246 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1247 return -1; 1248 1249 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1250 return -1; 1251 1252 return 0; 1253 } 1254 1255 /* 1256 * The following *_destroy functions are used to 1257 * free any memory allocated for each kind of 1258 * symbol data in the policy database. 1259 */ 1260 1261 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1262 __attribute__ ((unused))) 1263 { 1264 if (key) 1265 free(key); 1266 free(datum); 1267 return 0; 1268 } 1269 1270 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1271 __attribute__ ((unused))) 1272 { 1273 common_datum_t *comdatum; 1274 1275 if (key) 1276 free(key); 1277 comdatum = (common_datum_t *) datum; 1278 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1279 hashtab_destroy(comdatum->permissions.table); 1280 free(datum); 1281 return 0; 1282 } 1283 1284 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1285 __attribute__ ((unused))) 1286 { 1287 class_datum_t *cladatum; 1288 constraint_node_t *constraint, *ctemp; 1289 constraint_expr_t *e, *etmp; 1290 1291 if (key) 1292 free(key); 1293 cladatum = (class_datum_t *) datum; 1294 if (cladatum == NULL) { 1295 return 0; 1296 } 1297 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1298 hashtab_destroy(cladatum->permissions.table); 1299 constraint = cladatum->constraints; 1300 while (constraint) { 1301 e = constraint->expr; 1302 while (e) { 1303 etmp = e; 1304 e = e->next; 1305 constraint_expr_destroy(etmp); 1306 } 1307 ctemp = constraint; 1308 constraint = constraint->next; 1309 free(ctemp); 1310 } 1311 1312 constraint = cladatum->validatetrans; 1313 while (constraint) { 1314 e = constraint->expr; 1315 while (e) { 1316 etmp = e; 1317 e = e->next; 1318 constraint_expr_destroy(etmp); 1319 } 1320 ctemp = constraint; 1321 constraint = constraint->next; 1322 free(ctemp); 1323 } 1324 1325 if (cladatum->comkey) 1326 free(cladatum->comkey); 1327 free(datum); 1328 return 0; 1329 } 1330 1331 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1332 __attribute__ ((unused))) 1333 { 1334 free(key); 1335 role_datum_destroy((role_datum_t *) datum); 1336 free(datum); 1337 return 0; 1338 } 1339 1340 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1341 __attribute__ ((unused))) 1342 { 1343 free(key); 1344 type_datum_destroy((type_datum_t *) datum); 1345 free(datum); 1346 return 0; 1347 } 1348 1349 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1350 __attribute__ ((unused))) 1351 { 1352 free(key); 1353 user_datum_destroy((user_datum_t *) datum); 1354 free(datum); 1355 return 0; 1356 } 1357 1358 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1359 __attribute__ ((unused))) 1360 { 1361 level_datum_t *levdatum; 1362 1363 if (key) 1364 free(key); 1365 levdatum = (level_datum_t *) datum; 1366 mls_level_destroy(levdatum->level); 1367 free(levdatum->level); 1368 level_datum_destroy(levdatum); 1369 free(levdatum); 1370 return 0; 1371 } 1372 1373 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1374 __attribute__ ((unused))) 1375 { 1376 if (key) 1377 free(key); 1378 cat_datum_destroy((cat_datum_t *) datum); 1379 free(datum); 1380 return 0; 1381 } 1382 1383 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1384 void *datap) = { 1385 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1386 cond_destroy_bool, sens_destroy, cat_destroy,}; 1387 1388 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum, 1389 void *p __attribute__ ((unused))) 1390 { 1391 struct filename_trans *ft = (struct filename_trans *)key; 1392 free(ft->name); 1393 free(key); 1394 free(datum); 1395 return 0; 1396 } 1397 1398 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum, 1399 void *p __attribute__ ((unused))) 1400 { 1401 struct mls_range *rt = (struct mls_range *)datum; 1402 free(key); 1403 ebitmap_destroy(&rt->level[0].cat); 1404 ebitmap_destroy(&rt->level[1].cat); 1405 free(datum); 1406 return 0; 1407 } 1408 1409 void ocontext_selinux_free(ocontext_t **ocontexts) 1410 { 1411 ocontext_t *c, *ctmp; 1412 int i; 1413 1414 for (i = 0; i < OCON_NUM; i++) { 1415 c = ocontexts[i]; 1416 while (c) { 1417 ctmp = c; 1418 c = c->next; 1419 context_destroy(&ctmp->context[0]); 1420 context_destroy(&ctmp->context[1]); 1421 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1422 || i == OCON_FSUSE) 1423 free(ctmp->u.name); 1424 else if (i == OCON_IBENDPORT) 1425 free(ctmp->u.ibendport.dev_name); 1426 free(ctmp); 1427 } 1428 } 1429 } 1430 1431 void ocontext_xen_free(ocontext_t **ocontexts) 1432 { 1433 ocontext_t *c, *ctmp; 1434 int i; 1435 1436 for (i = 0; i < OCON_NUM; i++) { 1437 c = ocontexts[i]; 1438 while (c) { 1439 ctmp = c; 1440 c = c->next; 1441 context_destroy(&ctmp->context[0]); 1442 context_destroy(&ctmp->context[1]); 1443 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE) 1444 free(ctmp->u.name); 1445 free(ctmp); 1446 } 1447 } 1448 } 1449 1450 /* 1451 * Free any memory allocated by a policy database structure. 1452 */ 1453 void policydb_destroy(policydb_t * p) 1454 { 1455 ocontext_t *c, *ctmp; 1456 genfs_t *g, *gtmp; 1457 unsigned int i; 1458 role_allow_t *ra, *lra = NULL; 1459 role_trans_t *tr, *ltr = NULL; 1460 1461 if (!p) 1462 return; 1463 1464 ebitmap_destroy(&p->policycaps); 1465 1466 ebitmap_destroy(&p->permissive_map); 1467 1468 symtabs_destroy(p->symtab); 1469 1470 for (i = 0; i < SYM_NUM; i++) { 1471 if (p->sym_val_to_name[i]) 1472 free(p->sym_val_to_name[i]); 1473 } 1474 1475 if (p->class_val_to_struct) 1476 free(p->class_val_to_struct); 1477 if (p->role_val_to_struct) 1478 free(p->role_val_to_struct); 1479 if (p->user_val_to_struct) 1480 free(p->user_val_to_struct); 1481 if (p->type_val_to_struct) 1482 free(p->type_val_to_struct); 1483 free(p->decl_val_to_struct); 1484 1485 for (i = 0; i < SYM_NUM; i++) { 1486 (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 1487 hashtab_destroy(p->scope[i].table); 1488 } 1489 avrule_block_list_destroy(p->global); 1490 free(p->name); 1491 free(p->version); 1492 1493 avtab_destroy(&p->te_avtab); 1494 1495 if (p->target_platform == SEPOL_TARGET_SELINUX) 1496 ocontext_selinux_free(p->ocontexts); 1497 else if (p->target_platform == SEPOL_TARGET_XEN) 1498 ocontext_xen_free(p->ocontexts); 1499 1500 g = p->genfs; 1501 while (g) { 1502 free(g->fstype); 1503 c = g->head; 1504 while (c) { 1505 ctmp = c; 1506 c = c->next; 1507 context_destroy(&ctmp->context[0]); 1508 free(ctmp->u.name); 1509 free(ctmp); 1510 } 1511 gtmp = g; 1512 g = g->next; 1513 free(gtmp); 1514 } 1515 cond_policydb_destroy(p); 1516 1517 for (tr = p->role_tr; tr; tr = tr->next) { 1518 if (ltr) 1519 free(ltr); 1520 ltr = tr; 1521 } 1522 if (ltr) 1523 free(ltr); 1524 1525 for (ra = p->role_allow; ra; ra = ra->next) { 1526 if (lra) 1527 free(lra); 1528 lra = ra; 1529 } 1530 if (lra) 1531 free(lra); 1532 1533 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 1534 hashtab_destroy(p->filename_trans); 1535 1536 hashtab_map(p->range_tr, range_tr_destroy, NULL); 1537 hashtab_destroy(p->range_tr); 1538 1539 if (p->type_attr_map) { 1540 for (i = 0; i < p->p_types.nprim; i++) { 1541 ebitmap_destroy(&p->type_attr_map[i]); 1542 } 1543 free(p->type_attr_map); 1544 } 1545 1546 if (p->attr_type_map) { 1547 for (i = 0; i < p->p_types.nprim; i++) { 1548 ebitmap_destroy(&p->attr_type_map[i]); 1549 } 1550 free(p->attr_type_map); 1551 } 1552 1553 return; 1554 } 1555 1556 void symtabs_destroy(symtab_t * symtab) 1557 { 1558 int i; 1559 for (i = 0; i < SYM_NUM; i++) { 1560 (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 1561 hashtab_destroy(symtab[i].table); 1562 } 1563 } 1564 1565 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1566 __attribute__ ((unused))) 1567 { 1568 scope_datum_t *cur = (scope_datum_t *) datum; 1569 free(key); 1570 if (cur != NULL) { 1571 free(cur->decl_ids); 1572 } 1573 free(cur); 1574 return 0; 1575 } 1576 1577 /* 1578 * Load the initial SIDs specified in a policy database 1579 * structure into a SID table. 1580 */ 1581 int policydb_load_isids(policydb_t * p, sidtab_t * s) 1582 { 1583 ocontext_t *head, *c; 1584 1585 if (sepol_sidtab_init(s)) { 1586 ERR(NULL, "out of memory on SID table init"); 1587 return -1; 1588 } 1589 1590 head = p->ocontexts[OCON_ISID]; 1591 for (c = head; c; c = c->next) { 1592 if (!c->context[0].user) { 1593 ERR(NULL, "SID %s was never defined", c->u.name); 1594 return -1; 1595 } 1596 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1597 ERR(NULL, "unable to load initial SID %s", c->u.name); 1598 return -1; 1599 } 1600 } 1601 1602 return 0; 1603 } 1604 1605 /* Declare a symbol for a certain avrule_block context. Insert it 1606 * into a symbol table for a policy. This function will handle 1607 * inserting the appropriate scope information in addition to 1608 * inserting the symbol into the hash table. 1609 * 1610 * arguments: 1611 * policydb_t *pol module policy to modify 1612 * uint32_t sym the symbole table for insertion (SYM_*) 1613 * hashtab_key_t key the key for the symbol - not cloned 1614 * hashtab_datum_t data the data for the symbol - not cloned 1615 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1616 * avrule_decl_id identifier for this symbol's encapsulating declaration 1617 * value (out) assigned value to the symbol (if value is not NULL) 1618 * 1619 * returns: 1620 * 0 success 1621 * 1 success, but symbol already existed as a requirement 1622 * (datum was not inserted and needs to be free()d) 1623 * -1 general error 1624 * -2 scope conflicted 1625 * -ENOMEM memory error 1626 * error codes from hashtab_insert 1627 */ 1628 int symtab_insert(policydb_t * pol, uint32_t sym, 1629 hashtab_key_t key, hashtab_datum_t datum, 1630 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1631 { 1632 int rc, retval = 0; 1633 unsigned int i; 1634 scope_datum_t *scope_datum; 1635 1636 /* check if the symbol is already there. multiple 1637 * declarations of non-roles/non-users are illegal, but 1638 * multiple requires are allowed. */ 1639 1640 /* FIX ME - the failures after the hashtab_insert will leave 1641 * the policy in a inconsistent state. */ 1642 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1643 if (rc == SEPOL_OK) { 1644 /* if no value is passed in the symbol is not primary 1645 * (i.e. aliases) */ 1646 if (value) 1647 *value = ++pol->symtab[sym].nprim; 1648 } else if (rc == SEPOL_EEXIST) { 1649 retval = 1; /* symbol not added -- need to free() later */ 1650 } else { 1651 return rc; 1652 } 1653 1654 /* get existing scope information; if there is not one then 1655 * create it */ 1656 scope_datum = 1657 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1658 if (scope_datum == NULL) { 1659 hashtab_key_t key2 = strdup((char *)key); 1660 if (!key2) 1661 return -ENOMEM; 1662 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1663 free(key2); 1664 return -ENOMEM; 1665 } 1666 scope_datum->scope = scope; 1667 scope_datum->decl_ids = NULL; 1668 scope_datum->decl_ids_len = 0; 1669 if ((rc = 1670 hashtab_insert(pol->scope[sym].table, key2, 1671 scope_datum)) != 0) { 1672 free(key2); 1673 free(scope_datum); 1674 return rc; 1675 } 1676 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1677 /* disallow multiple declarations for non-roles/users */ 1678 if (sym != SYM_ROLES && sym != SYM_USERS) { 1679 return -2; 1680 } 1681 /* Further confine that a role attribute can't have the same 1682 * name as another regular role, and a role attribute can't 1683 * be declared more than once. */ 1684 if (sym == SYM_ROLES) { 1685 role_datum_t *base_role; 1686 role_datum_t *cur_role = (role_datum_t *)datum; 1687 1688 base_role = (role_datum_t *) 1689 hashtab_search(pol->symtab[sym].table, 1690 key); 1691 assert(base_role != NULL); 1692 1693 if (!((base_role->flavor == ROLE_ROLE) && 1694 (cur_role->flavor == ROLE_ROLE))) { 1695 /* Only regular roles are allowed to have 1696 * multiple declarations. */ 1697 return -2; 1698 } 1699 } 1700 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1701 scope_datum->scope = SCOPE_DECL; 1702 } 1703 1704 /* search through the pre-existing list to avoid adding duplicates */ 1705 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1706 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1707 /* already there, so don't modify its scope */ 1708 return retval; 1709 } 1710 } 1711 1712 if (add_i_to_a(avrule_decl_id, 1713 &scope_datum->decl_ids_len, 1714 &scope_datum->decl_ids) == -1) { 1715 return -ENOMEM; 1716 } 1717 1718 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) { 1719 /* Need to keep the decl at the end of the list */ 1720 uint32_t len, tmp; 1721 len = scope_datum->decl_ids_len; 1722 if (len < 2) { 1723 /* This should be impossible here */ 1724 return -1; 1725 } 1726 tmp = scope_datum->decl_ids[len-2]; 1727 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1]; 1728 scope_datum->decl_ids[len-1] = tmp; 1729 } 1730 1731 return retval; 1732 } 1733 1734 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1735 { 1736 type_set_init(dst); 1737 1738 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1739 return -1; 1740 } 1741 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1742 return -1; 1743 } 1744 1745 dst->flags |= a->flags; 1746 dst->flags |= b->flags; 1747 1748 return 0; 1749 } 1750 1751 int type_set_cpy(type_set_t * dst, type_set_t * src) 1752 { 1753 type_set_init(dst); 1754 1755 dst->flags = src->flags; 1756 if (ebitmap_cpy(&dst->types, &src->types)) 1757 return -1; 1758 if (ebitmap_cpy(&dst->negset, &src->negset)) 1759 return -1; 1760 1761 return 0; 1762 } 1763 1764 int type_set_or_eq(type_set_t * dst, type_set_t * other) 1765 { 1766 int ret; 1767 type_set_t tmp; 1768 1769 if (type_set_or(&tmp, dst, other)) 1770 return -1; 1771 type_set_destroy(dst); 1772 ret = type_set_cpy(dst, &tmp); 1773 type_set_destroy(&tmp); 1774 1775 return ret; 1776 } 1777 1778 int role_set_get_role(role_set_t * x, uint32_t role) 1779 { 1780 if (x->flags & ROLE_STAR) 1781 return 1; 1782 1783 if (ebitmap_get_bit(&x->roles, role - 1)) { 1784 if (x->flags & ROLE_COMP) 1785 return 0; 1786 else 1787 return 1; 1788 } else { 1789 if (x->flags & ROLE_COMP) 1790 return 1; 1791 else 1792 return 0; 1793 } 1794 } 1795 1796 /***********************************************************************/ 1797 /* everything below is for policy reads */ 1798 1799 /* The following are read functions for module structures */ 1800 1801 static int role_set_read(role_set_t * r, struct policy_file *fp) 1802 { 1803 uint32_t buf[1]; 1804 int rc; 1805 1806 if (ebitmap_read(&r->roles, fp)) 1807 return -1; 1808 rc = next_entry(buf, fp, sizeof(uint32_t)); 1809 if (rc < 0) 1810 return -1; 1811 r->flags = le32_to_cpu(buf[0]); 1812 1813 return 0; 1814 } 1815 1816 static int type_set_read(type_set_t * t, struct policy_file *fp) 1817 { 1818 uint32_t buf[1]; 1819 int rc; 1820 1821 if (ebitmap_read(&t->types, fp)) 1822 return -1; 1823 if (ebitmap_read(&t->negset, fp)) 1824 return -1; 1825 1826 rc = next_entry(buf, fp, sizeof(uint32_t)); 1827 if (rc < 0) 1828 return -1; 1829 t->flags = le32_to_cpu(buf[0]); 1830 1831 return 0; 1832 } 1833 1834 /* 1835 * Read a MLS range structure from a policydb binary 1836 * representation file. 1837 */ 1838 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1839 { 1840 uint32_t buf[2], items; 1841 int rc; 1842 1843 rc = next_entry(buf, fp, sizeof(uint32_t)); 1844 if (rc < 0) 1845 goto out; 1846 1847 items = le32_to_cpu(buf[0]); 1848 if (items > ARRAY_SIZE(buf)) { 1849 ERR(fp->handle, "range overflow"); 1850 rc = -EINVAL; 1851 goto out; 1852 } 1853 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1854 if (rc < 0) { 1855 ERR(fp->handle, "truncated range"); 1856 goto out; 1857 } 1858 r->level[0].sens = le32_to_cpu(buf[0]); 1859 if (items > 1) 1860 r->level[1].sens = le32_to_cpu(buf[1]); 1861 else 1862 r->level[1].sens = r->level[0].sens; 1863 1864 rc = ebitmap_read(&r->level[0].cat, fp); 1865 if (rc) { 1866 ERR(fp->handle, "error reading low categories"); 1867 goto out; 1868 } 1869 if (items > 1) { 1870 rc = ebitmap_read(&r->level[1].cat, fp); 1871 if (rc) { 1872 ERR(fp->handle, "error reading high categories"); 1873 goto bad_high; 1874 } 1875 } else { 1876 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1877 if (rc) { 1878 ERR(fp->handle, "out of memory"); 1879 goto bad_high; 1880 } 1881 } 1882 1883 rc = 0; 1884 out: 1885 return rc; 1886 bad_high: 1887 ebitmap_destroy(&r->level[0].cat); 1888 goto out; 1889 } 1890 1891 /* 1892 * Read a semantic MLS level structure from a policydb binary 1893 * representation file. 1894 */ 1895 static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1896 struct policy_file *fp) 1897 { 1898 uint32_t buf[2], ncat; 1899 unsigned int i; 1900 mls_semantic_cat_t *cat; 1901 int rc; 1902 1903 mls_semantic_level_init(l); 1904 1905 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1906 if (rc < 0) { 1907 ERR(fp->handle, "truncated level"); 1908 goto bad; 1909 } 1910 l->sens = le32_to_cpu(buf[0]); 1911 1912 ncat = le32_to_cpu(buf[1]); 1913 for (i = 0; i < ncat; i++) { 1914 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1915 if (!cat) { 1916 ERR(fp->handle, "out of memory"); 1917 goto bad; 1918 } 1919 1920 mls_semantic_cat_init(cat); 1921 cat->next = l->cat; 1922 l->cat = cat; 1923 1924 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1925 if (rc < 0) { 1926 ERR(fp->handle, "error reading level categories"); 1927 goto bad; 1928 } 1929 cat->low = le32_to_cpu(buf[0]); 1930 cat->high = le32_to_cpu(buf[1]); 1931 } 1932 1933 return 0; 1934 1935 bad: 1936 return -EINVAL; 1937 } 1938 1939 /* 1940 * Read a semantic MLS range structure from a policydb binary 1941 * representation file. 1942 */ 1943 static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1944 struct policy_file *fp) 1945 { 1946 int rc; 1947 1948 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1949 if (rc) 1950 return rc; 1951 1952 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1953 1954 return rc; 1955 } 1956 1957 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1958 { 1959 unsigned int i; 1960 ebitmap_node_t *cnode; 1961 mls_semantic_cat_t *open_cat = NULL; 1962 1963 mls_semantic_level_init(sl); 1964 sl->sens = l->sens; 1965 ebitmap_for_each_bit(&l->cat, cnode, i) { 1966 if (ebitmap_node_get_bit(cnode, i)) { 1967 if (open_cat) 1968 continue; 1969 open_cat = (mls_semantic_cat_t *) 1970 malloc(sizeof(mls_semantic_cat_t)); 1971 if (!open_cat) 1972 return -1; 1973 1974 mls_semantic_cat_init(open_cat); 1975 open_cat->low = i + 1; 1976 open_cat->next = sl->cat; 1977 sl->cat = open_cat; 1978 } else { 1979 if (!open_cat) 1980 continue; 1981 open_cat->high = i; 1982 open_cat = NULL; 1983 } 1984 } 1985 if (open_cat) 1986 open_cat->high = i; 1987 1988 return 0; 1989 } 1990 1991 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1992 { 1993 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1994 return -1; 1995 1996 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1997 return -1; 1998 1999 return 0; 2000 } 2001 2002 /* 2003 * Read and validate a security context structure 2004 * from a policydb binary representation file. 2005 */ 2006 static int context_read_and_validate(context_struct_t * c, 2007 policydb_t * p, struct policy_file *fp) 2008 { 2009 uint32_t buf[3]; 2010 int rc; 2011 2012 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2013 if (rc < 0) { 2014 ERR(fp->handle, "context truncated"); 2015 return -1; 2016 } 2017 c->user = le32_to_cpu(buf[0]); 2018 c->role = le32_to_cpu(buf[1]); 2019 c->type = le32_to_cpu(buf[2]); 2020 if ((p->policy_type == POLICY_KERN 2021 && p->policyvers >= POLICYDB_VERSION_MLS) 2022 || (p->policy_type == POLICY_BASE 2023 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 2024 if (mls_read_range_helper(&c->range, fp)) { 2025 ERR(fp->handle, "error reading MLS range " 2026 "of context"); 2027 return -1; 2028 } 2029 } 2030 2031 if (!policydb_context_isvalid(p, c)) { 2032 ERR(fp->handle, "invalid security context"); 2033 context_destroy(c); 2034 return -1; 2035 } 2036 return 0; 2037 } 2038 2039 /* 2040 * The following *_read functions are used to 2041 * read the symbol data from a policy database 2042 * binary representation file. 2043 */ 2044 2045 static int perm_read(policydb_t * p 2046 __attribute__ ((unused)), hashtab_t h, 2047 struct policy_file *fp) 2048 { 2049 char *key = 0; 2050 perm_datum_t *perdatum; 2051 uint32_t buf[2]; 2052 size_t len; 2053 int rc; 2054 2055 perdatum = calloc(1, sizeof(perm_datum_t)); 2056 if (!perdatum) 2057 return -1; 2058 2059 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2060 if (rc < 0) 2061 goto bad; 2062 2063 len = le32_to_cpu(buf[0]); 2064 if(str_read(&key, fp, len)) 2065 goto bad; 2066 2067 perdatum->s.value = le32_to_cpu(buf[1]); 2068 2069 if (hashtab_insert(h, key, perdatum)) 2070 goto bad; 2071 2072 return 0; 2073 2074 bad: 2075 perm_destroy(key, perdatum, NULL); 2076 return -1; 2077 } 2078 2079 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2080 { 2081 char *key = 0; 2082 common_datum_t *comdatum; 2083 uint32_t buf[4]; 2084 size_t len, nel; 2085 unsigned int i; 2086 int rc; 2087 2088 comdatum = calloc(1, sizeof(common_datum_t)); 2089 if (!comdatum) 2090 return -1; 2091 2092 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2093 if (rc < 0) 2094 goto bad; 2095 2096 len = le32_to_cpu(buf[0]); 2097 if (zero_or_saturated(len)) 2098 goto bad; 2099 2100 comdatum->s.value = le32_to_cpu(buf[1]); 2101 2102 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 2103 goto bad; 2104 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 2105 nel = le32_to_cpu(buf[3]); 2106 2107 key = malloc(len + 1); 2108 if (!key) 2109 goto bad; 2110 rc = next_entry(key, fp, len); 2111 if (rc < 0) 2112 goto bad; 2113 key[len] = 0; 2114 2115 for (i = 0; i < nel; i++) { 2116 if (perm_read(p, comdatum->permissions.table, fp)) 2117 goto bad; 2118 } 2119 2120 if (hashtab_insert(h, key, comdatum)) 2121 goto bad; 2122 2123 return 0; 2124 2125 bad: 2126 common_destroy(key, comdatum, NULL); 2127 return -1; 2128 } 2129 2130 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 2131 unsigned int ncons, 2132 int allowxtarget, struct policy_file *fp) 2133 { 2134 constraint_node_t *c, *lc; 2135 constraint_expr_t *e, *le; 2136 uint32_t buf[3]; 2137 size_t nexpr; 2138 unsigned int i, j; 2139 int rc, depth; 2140 2141 lc = NULL; 2142 for (i = 0; i < ncons; i++) { 2143 c = calloc(1, sizeof(constraint_node_t)); 2144 if (!c) 2145 return -1; 2146 2147 if (lc) 2148 lc->next = c; 2149 else 2150 *nodep = c; 2151 2152 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2153 if (rc < 0) 2154 return -1; 2155 c->permissions = le32_to_cpu(buf[0]); 2156 nexpr = le32_to_cpu(buf[1]); 2157 le = NULL; 2158 depth = -1; 2159 for (j = 0; j < nexpr; j++) { 2160 e = malloc(sizeof(constraint_expr_t)); 2161 if (!e) 2162 return -1; 2163 if (constraint_expr_init(e) == -1) { 2164 free(e); 2165 return -1; 2166 } 2167 if (le) { 2168 le->next = e; 2169 } else { 2170 c->expr = e; 2171 } 2172 2173 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2174 if (rc < 0) 2175 return -1; 2176 e->expr_type = le32_to_cpu(buf[0]); 2177 e->attr = le32_to_cpu(buf[1]); 2178 e->op = le32_to_cpu(buf[2]); 2179 2180 switch (e->expr_type) { 2181 case CEXPR_NOT: 2182 if (depth < 0) 2183 return -1; 2184 break; 2185 case CEXPR_AND: 2186 case CEXPR_OR: 2187 if (depth < 1) 2188 return -1; 2189 depth--; 2190 break; 2191 case CEXPR_ATTR: 2192 if (depth == (CEXPR_MAXDEPTH - 1)) 2193 return -1; 2194 depth++; 2195 break; 2196 case CEXPR_NAMES: 2197 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 2198 return -1; 2199 if (depth == (CEXPR_MAXDEPTH - 1)) 2200 return -1; 2201 depth++; 2202 if (ebitmap_read(&e->names, fp)) 2203 return -1; 2204 if (p->policy_type != POLICY_KERN && 2205 type_set_read(e->type_names, fp)) 2206 return -1; 2207 else if (p->policy_type == POLICY_KERN && 2208 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 2209 type_set_read(e->type_names, fp)) 2210 return -1; 2211 break; 2212 default: 2213 return -1; 2214 } 2215 le = e; 2216 } 2217 if (depth != 0) 2218 return -1; 2219 lc = c; 2220 } 2221 2222 return 0; 2223 } 2224 2225 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2226 { 2227 char *key = 0; 2228 class_datum_t *cladatum; 2229 uint32_t buf[6]; 2230 size_t len, len2, ncons, nel; 2231 unsigned int i; 2232 int rc; 2233 2234 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2235 if (!cladatum) 2236 return -1; 2237 2238 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2239 if (rc < 0) 2240 goto bad; 2241 2242 len = le32_to_cpu(buf[0]); 2243 if (zero_or_saturated(len)) 2244 goto bad; 2245 len2 = le32_to_cpu(buf[1]); 2246 if (is_saturated(len2)) 2247 goto bad; 2248 cladatum->s.value = le32_to_cpu(buf[2]); 2249 2250 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2251 goto bad; 2252 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2253 nel = le32_to_cpu(buf[4]); 2254 2255 ncons = le32_to_cpu(buf[5]); 2256 2257 key = malloc(len + 1); 2258 if (!key) 2259 goto bad; 2260 rc = next_entry(key, fp, len); 2261 if (rc < 0) 2262 goto bad; 2263 key[len] = 0; 2264 2265 if (len2) { 2266 cladatum->comkey = malloc(len2 + 1); 2267 if (!cladatum->comkey) 2268 goto bad; 2269 rc = next_entry(cladatum->comkey, fp, len2); 2270 if (rc < 0) 2271 goto bad; 2272 cladatum->comkey[len2] = 0; 2273 2274 cladatum->comdatum = hashtab_search(p->p_commons.table, 2275 cladatum->comkey); 2276 if (!cladatum->comdatum) { 2277 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2278 goto bad; 2279 } 2280 } 2281 for (i = 0; i < nel; i++) { 2282 if (perm_read(p, cladatum->permissions.table, fp)) 2283 goto bad; 2284 } 2285 2286 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2287 goto bad; 2288 2289 if ((p->policy_type == POLICY_KERN 2290 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2291 || (p->policy_type == POLICY_BASE 2292 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2293 /* grab the validatetrans rules */ 2294 rc = next_entry(buf, fp, sizeof(uint32_t)); 2295 if (rc < 0) 2296 goto bad; 2297 ncons = le32_to_cpu(buf[0]); 2298 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2299 goto bad; 2300 } 2301 2302 if ((p->policy_type == POLICY_KERN && 2303 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 2304 (p->policy_type == POLICY_BASE && 2305 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 2306 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2307 if (rc < 0) 2308 goto bad; 2309 cladatum->default_user = le32_to_cpu(buf[0]); 2310 cladatum->default_role = le32_to_cpu(buf[1]); 2311 cladatum->default_range = le32_to_cpu(buf[2]); 2312 } 2313 2314 if ((p->policy_type == POLICY_KERN && 2315 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2316 (p->policy_type == POLICY_BASE && 2317 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2318 rc = next_entry(buf, fp, sizeof(uint32_t)); 2319 if (rc < 0) 2320 goto bad; 2321 cladatum->default_type = le32_to_cpu(buf[0]); 2322 } 2323 2324 if (hashtab_insert(h, key, cladatum)) 2325 goto bad; 2326 2327 return 0; 2328 2329 bad: 2330 class_destroy(key, cladatum, NULL); 2331 return -1; 2332 } 2333 2334 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2335 { 2336 char *key = 0; 2337 role_datum_t *role; 2338 uint32_t buf[3]; 2339 size_t len; 2340 int rc, to_read = 2; 2341 2342 role = calloc(1, sizeof(role_datum_t)); 2343 if (!role) 2344 return -1; 2345 2346 if (policydb_has_boundary_feature(p)) 2347 to_read = 3; 2348 2349 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2350 if (rc < 0) 2351 goto bad; 2352 2353 len = le32_to_cpu(buf[0]); 2354 if (zero_or_saturated(len)) 2355 goto bad; 2356 2357 role->s.value = le32_to_cpu(buf[1]); 2358 if (policydb_has_boundary_feature(p)) 2359 role->bounds = le32_to_cpu(buf[2]); 2360 2361 key = malloc(len + 1); 2362 if (!key) 2363 goto bad; 2364 rc = next_entry(key, fp, len); 2365 if (rc < 0) 2366 goto bad; 2367 key[len] = 0; 2368 2369 if (ebitmap_read(&role->dominates, fp)) 2370 goto bad; 2371 2372 if (p->policy_type == POLICY_KERN) { 2373 if (ebitmap_read(&role->types.types, fp)) 2374 goto bad; 2375 } else { 2376 if (type_set_read(&role->types, fp)) 2377 goto bad; 2378 } 2379 2380 if (p->policy_type != POLICY_KERN && 2381 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2382 rc = next_entry(buf, fp, sizeof(uint32_t)); 2383 if (rc < 0) 2384 goto bad; 2385 2386 role->flavor = le32_to_cpu(buf[0]); 2387 2388 if (ebitmap_read(&role->roles, fp)) 2389 goto bad; 2390 } 2391 2392 if (strcmp(key, OBJECT_R) == 0) { 2393 if (role->s.value != OBJECT_R_VAL) { 2394 ERR(fp->handle, "role %s has wrong value %d", 2395 OBJECT_R, role->s.value); 2396 role_destroy(key, role, NULL); 2397 return -1; 2398 } 2399 role_destroy(key, role, NULL); 2400 return 0; 2401 } 2402 2403 if (hashtab_insert(h, key, role)) 2404 goto bad; 2405 2406 return 0; 2407 2408 bad: 2409 role_destroy(key, role, NULL); 2410 return -1; 2411 } 2412 2413 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2414 { 2415 char *key = 0; 2416 type_datum_t *typdatum; 2417 uint32_t buf[5]; 2418 size_t len; 2419 int rc, to_read; 2420 int pos = 0; 2421 2422 typdatum = calloc(1, sizeof(type_datum_t)); 2423 if (!typdatum) 2424 return -1; 2425 2426 if (policydb_has_boundary_feature(p)) { 2427 if (p->policy_type != POLICY_KERN 2428 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2429 to_read = 5; 2430 else 2431 to_read = 4; 2432 } 2433 else if (p->policy_type == POLICY_KERN) 2434 to_read = 3; 2435 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2436 to_read = 5; 2437 else 2438 to_read = 4; 2439 2440 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2441 if (rc < 0) 2442 goto bad; 2443 2444 len = le32_to_cpu(buf[pos]); 2445 if (zero_or_saturated(len)) 2446 goto bad; 2447 2448 typdatum->s.value = le32_to_cpu(buf[++pos]); 2449 if (policydb_has_boundary_feature(p)) { 2450 uint32_t properties; 2451 2452 if (p->policy_type != POLICY_KERN 2453 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2454 typdatum->primary = le32_to_cpu(buf[++pos]); 2455 properties = le32_to_cpu(buf[++pos]); 2456 } 2457 else { 2458 properties = le32_to_cpu(buf[++pos]); 2459 2460 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2461 typdatum->primary = 1; 2462 } 2463 2464 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2465 typdatum->flavor = TYPE_ATTRIB; 2466 if (properties & TYPEDATUM_PROPERTY_ALIAS 2467 && p->policy_type != POLICY_KERN) 2468 typdatum->flavor = TYPE_ALIAS; 2469 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2470 && p->policy_type != POLICY_KERN) 2471 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2472 2473 typdatum->bounds = le32_to_cpu(buf[++pos]); 2474 } else { 2475 typdatum->primary = le32_to_cpu(buf[++pos]); 2476 if (p->policy_type != POLICY_KERN) { 2477 typdatum->flavor = le32_to_cpu(buf[++pos]); 2478 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2479 typdatum->flags = le32_to_cpu(buf[++pos]); 2480 } 2481 } 2482 2483 if (p->policy_type != POLICY_KERN) { 2484 if (ebitmap_read(&typdatum->types, fp)) 2485 goto bad; 2486 } 2487 2488 key = malloc(len + 1); 2489 if (!key) 2490 goto bad; 2491 rc = next_entry(key, fp, len); 2492 if (rc < 0) 2493 goto bad; 2494 key[len] = 0; 2495 2496 if (hashtab_insert(h, key, typdatum)) 2497 goto bad; 2498 2499 return 0; 2500 2501 bad: 2502 type_destroy(key, typdatum, NULL); 2503 return -1; 2504 } 2505 2506 int role_trans_read(policydb_t *p, struct policy_file *fp) 2507 { 2508 role_trans_t **t = &p->role_tr; 2509 unsigned int i; 2510 uint32_t buf[3], nel; 2511 role_trans_t *tr, *ltr; 2512 int rc; 2513 int new_roletr = (p->policy_type == POLICY_KERN && 2514 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2515 2516 rc = next_entry(buf, fp, sizeof(uint32_t)); 2517 if (rc < 0) 2518 return -1; 2519 nel = le32_to_cpu(buf[0]); 2520 ltr = NULL; 2521 for (i = 0; i < nel; i++) { 2522 tr = calloc(1, sizeof(struct role_trans)); 2523 if (!tr) { 2524 return -1; 2525 } 2526 if (ltr) { 2527 ltr->next = tr; 2528 } else { 2529 *t = tr; 2530 } 2531 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2532 if (rc < 0) 2533 return -1; 2534 tr->role = le32_to_cpu(buf[0]); 2535 tr->type = le32_to_cpu(buf[1]); 2536 tr->new_role = le32_to_cpu(buf[2]); 2537 if (new_roletr) { 2538 rc = next_entry(buf, fp, sizeof(uint32_t)); 2539 if (rc < 0) 2540 return -1; 2541 tr->tclass = le32_to_cpu(buf[0]); 2542 } else 2543 tr->tclass = SECCLASS_PROCESS; 2544 ltr = tr; 2545 } 2546 return 0; 2547 } 2548 2549 int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2550 { 2551 unsigned int i; 2552 uint32_t buf[2], nel; 2553 role_allow_t *ra, *lra; 2554 int rc; 2555 2556 rc = next_entry(buf, fp, sizeof(uint32_t)); 2557 if (rc < 0) 2558 return -1; 2559 nel = le32_to_cpu(buf[0]); 2560 lra = NULL; 2561 for (i = 0; i < nel; i++) { 2562 ra = calloc(1, sizeof(struct role_allow)); 2563 if (!ra) { 2564 return -1; 2565 } 2566 if (lra) { 2567 lra->next = ra; 2568 } else { 2569 *r = ra; 2570 } 2571 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2572 if (rc < 0) 2573 return -1; 2574 ra->role = le32_to_cpu(buf[0]); 2575 ra->new_role = le32_to_cpu(buf[1]); 2576 lra = ra; 2577 } 2578 return 0; 2579 } 2580 2581 int filename_trans_read(policydb_t *p, struct policy_file *fp) 2582 { 2583 unsigned int i; 2584 uint32_t buf[4], nel, len; 2585 filename_trans_t *ft; 2586 filename_trans_datum_t *otype; 2587 int rc; 2588 char *name; 2589 2590 rc = next_entry(buf, fp, sizeof(uint32_t)); 2591 if (rc < 0) 2592 return -1; 2593 nel = le32_to_cpu(buf[0]); 2594 2595 for (i = 0; i < nel; i++) { 2596 ft = NULL; 2597 otype = NULL; 2598 name = NULL; 2599 2600 ft = calloc(1, sizeof(*ft)); 2601 if (!ft) 2602 goto err; 2603 otype = calloc(1, sizeof(*otype)); 2604 if (!otype) 2605 goto err; 2606 rc = next_entry(buf, fp, sizeof(uint32_t)); 2607 if (rc < 0) 2608 goto err; 2609 len = le32_to_cpu(buf[0]); 2610 if (zero_or_saturated(len)) 2611 goto err; 2612 2613 name = calloc(len + 1, sizeof(*name)); 2614 if (!name) 2615 goto err; 2616 2617 ft->name = name; 2618 2619 rc = next_entry(name, fp, len); 2620 if (rc < 0) 2621 goto err; 2622 2623 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2624 if (rc < 0) 2625 goto err; 2626 2627 ft->stype = le32_to_cpu(buf[0]); 2628 ft->ttype = le32_to_cpu(buf[1]); 2629 ft->tclass = le32_to_cpu(buf[2]); 2630 otype->otype = le32_to_cpu(buf[3]); 2631 2632 rc = hashtab_insert(p->filename_trans, (hashtab_key_t) ft, 2633 otype); 2634 if (rc) { 2635 if (rc != SEPOL_EEXIST) 2636 goto err; 2637 /* 2638 * Some old policies were wrongly generated with 2639 * duplicate filename transition rules. For backward 2640 * compatibility, do not reject such policies, just 2641 * issue a warning and ignore the duplicate. 2642 */ 2643 WARN(fp->handle, 2644 "Duplicate name-based type_transition %s %s:%s \"%s\": %s, ignoring", 2645 p->p_type_val_to_name[ft->stype - 1], 2646 p->p_type_val_to_name[ft->ttype - 1], 2647 p->p_class_val_to_name[ft->tclass - 1], 2648 ft->name, 2649 p->p_type_val_to_name[otype->otype - 1]); 2650 free(ft); 2651 free(name); 2652 free(otype); 2653 /* continue, ignoring this one */ 2654 } 2655 } 2656 return 0; 2657 err: 2658 free(ft); 2659 free(otype); 2660 free(name); 2661 return -1; 2662 } 2663 2664 static int ocontext_read_xen(struct policydb_compat_info *info, 2665 policydb_t *p, struct policy_file *fp) 2666 { 2667 unsigned int i, j; 2668 size_t nel, len; 2669 ocontext_t *l, *c; 2670 uint32_t buf[8]; 2671 int rc; 2672 2673 for (i = 0; i < info->ocon_num; i++) { 2674 rc = next_entry(buf, fp, sizeof(uint32_t)); 2675 if (rc < 0) 2676 return -1; 2677 nel = le32_to_cpu(buf[0]); 2678 l = NULL; 2679 for (j = 0; j < nel; j++) { 2680 c = calloc(1, sizeof(ocontext_t)); 2681 if (!c) 2682 return -1; 2683 if (l) 2684 l->next = c; 2685 else 2686 p->ocontexts[i] = c; 2687 l = c; 2688 switch (i) { 2689 case OCON_XEN_ISID: 2690 rc = next_entry(buf, fp, sizeof(uint32_t)); 2691 if (rc < 0) 2692 return -1; 2693 c->sid[0] = le32_to_cpu(buf[0]); 2694 if (context_read_and_validate 2695 (&c->context[0], p, fp)) 2696 return -1; 2697 break; 2698 case OCON_XEN_PIRQ: 2699 rc = next_entry(buf, fp, sizeof(uint32_t)); 2700 if (rc < 0) 2701 return -1; 2702 c->u.pirq = le32_to_cpu(buf[0]); 2703 if (context_read_and_validate 2704 (&c->context[0], p, fp)) 2705 return -1; 2706 break; 2707 case OCON_XEN_IOPORT: 2708 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2709 if (rc < 0) 2710 return -1; 2711 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2712 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2713 if (context_read_and_validate 2714 (&c->context[0], p, fp)) 2715 return -1; 2716 break; 2717 case OCON_XEN_IOMEM: 2718 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) { 2719 uint64_t b64[2]; 2720 rc = next_entry(b64, fp, sizeof(uint64_t) * 2); 2721 if (rc < 0) 2722 return -1; 2723 c->u.iomem.low_iomem = le64_to_cpu(b64[0]); 2724 c->u.iomem.high_iomem = le64_to_cpu(b64[1]); 2725 } else { 2726 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2727 if (rc < 0) 2728 return -1; 2729 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2730 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2731 } 2732 if (context_read_and_validate 2733 (&c->context[0], p, fp)) 2734 return -1; 2735 break; 2736 case OCON_XEN_PCIDEVICE: 2737 rc = next_entry(buf, fp, sizeof(uint32_t)); 2738 if (rc < 0) 2739 return -1; 2740 c->u.device = le32_to_cpu(buf[0]); 2741 if (context_read_and_validate 2742 (&c->context[0], p, fp)) 2743 return -1; 2744 break; 2745 case OCON_XEN_DEVICETREE: 2746 rc = next_entry(buf, fp, sizeof(uint32_t)); 2747 if (rc < 0) 2748 return -1; 2749 len = le32_to_cpu(buf[0]); 2750 if (zero_or_saturated(len)) 2751 return -1; 2752 2753 c->u.name = malloc(len + 1); 2754 if (!c->u.name) 2755 return -1; 2756 rc = next_entry(c->u.name, fp, len); 2757 if (rc < 0) 2758 return -1; 2759 c->u.name[len] = 0; 2760 if (context_read_and_validate 2761 (&c->context[0], p, fp)) 2762 return -1; 2763 break; 2764 default: 2765 /* should never get here */ 2766 ERR(fp->handle, "Unknown Xen ocontext"); 2767 return -1; 2768 } 2769 } 2770 } 2771 return 0; 2772 } 2773 static int ocontext_read_selinux(struct policydb_compat_info *info, 2774 policydb_t * p, struct policy_file *fp) 2775 { 2776 unsigned int i, j; 2777 size_t nel, len; 2778 ocontext_t *l, *c; 2779 uint32_t buf[8]; 2780 int rc; 2781 2782 for (i = 0; i < info->ocon_num; i++) { 2783 rc = next_entry(buf, fp, sizeof(uint32_t)); 2784 if (rc < 0) 2785 return -1; 2786 nel = le32_to_cpu(buf[0]); 2787 l = NULL; 2788 for (j = 0; j < nel; j++) { 2789 c = calloc(1, sizeof(ocontext_t)); 2790 if (!c) { 2791 return -1; 2792 } 2793 if (l) { 2794 l->next = c; 2795 } else { 2796 p->ocontexts[i] = c; 2797 } 2798 l = c; 2799 switch (i) { 2800 case OCON_ISID: 2801 rc = next_entry(buf, fp, sizeof(uint32_t)); 2802 if (rc < 0) 2803 return -1; 2804 c->sid[0] = le32_to_cpu(buf[0]); 2805 if (context_read_and_validate 2806 (&c->context[0], p, fp)) 2807 return -1; 2808 break; 2809 case OCON_FS: 2810 case OCON_NETIF: 2811 rc = next_entry(buf, fp, sizeof(uint32_t)); 2812 if (rc < 0) 2813 return -1; 2814 len = le32_to_cpu(buf[0]); 2815 if (zero_or_saturated(len) || len > 63) 2816 return -1; 2817 c->u.name = malloc(len + 1); 2818 if (!c->u.name) 2819 return -1; 2820 rc = next_entry(c->u.name, fp, len); 2821 if (rc < 0) 2822 return -1; 2823 c->u.name[len] = 0; 2824 if (context_read_and_validate 2825 (&c->context[0], p, fp)) 2826 return -1; 2827 if (context_read_and_validate 2828 (&c->context[1], p, fp)) 2829 return -1; 2830 break; 2831 case OCON_IBPKEY: { 2832 uint32_t pkey_lo, pkey_hi; 2833 2834 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2835 if (rc < 0) 2836 return -1; 2837 2838 pkey_lo = le32_to_cpu(buf[2]); 2839 pkey_hi = le32_to_cpu(buf[3]); 2840 2841 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX) 2842 return -1; 2843 2844 c->u.ibpkey.low_pkey = pkey_lo; 2845 c->u.ibpkey.high_pkey = pkey_hi; 2846 2847 /* we want c->u.ibpkey.subnet_prefix in network 2848 * (big-endian) order, just memcpy it */ 2849 memcpy(&c->u.ibpkey.subnet_prefix, buf, 2850 sizeof(c->u.ibpkey.subnet_prefix)); 2851 2852 if (context_read_and_validate 2853 (&c->context[0], p, fp)) 2854 return -1; 2855 break; 2856 } 2857 case OCON_IBENDPORT: { 2858 uint32_t port; 2859 2860 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2861 if (rc < 0) 2862 return -1; 2863 len = le32_to_cpu(buf[0]); 2864 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) 2865 return -1; 2866 2867 port = le32_to_cpu(buf[1]); 2868 if (port > UINT8_MAX || port == 0) 2869 return -1; 2870 2871 c->u.ibendport.dev_name = malloc(len + 1); 2872 if (!c->u.ibendport.dev_name) 2873 return -1; 2874 rc = next_entry(c->u.ibendport.dev_name, fp, len); 2875 if (rc < 0) 2876 return -1; 2877 c->u.ibendport.dev_name[len] = 0; 2878 c->u.ibendport.port = port; 2879 if (context_read_and_validate 2880 (&c->context[0], p, fp)) 2881 return -1; 2882 break; 2883 } 2884 case OCON_PORT: 2885 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2886 if (rc < 0) 2887 return -1; 2888 c->u.port.protocol = le32_to_cpu(buf[0]); 2889 c->u.port.low_port = le32_to_cpu(buf[1]); 2890 c->u.port.high_port = le32_to_cpu(buf[2]); 2891 if (context_read_and_validate 2892 (&c->context[0], p, fp)) 2893 return -1; 2894 break; 2895 case OCON_NODE: 2896 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2897 if (rc < 0) 2898 return -1; 2899 c->u.node.addr = buf[0]; /* network order */ 2900 c->u.node.mask = buf[1]; /* network order */ 2901 if (context_read_and_validate 2902 (&c->context[0], p, fp)) 2903 return -1; 2904 break; 2905 case OCON_FSUSE: 2906 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2907 if (rc < 0) 2908 return -1; 2909 c->v.behavior = le32_to_cpu(buf[0]); 2910 len = le32_to_cpu(buf[1]); 2911 if (zero_or_saturated(len)) 2912 return -1; 2913 c->u.name = malloc(len + 1); 2914 if (!c->u.name) 2915 return -1; 2916 rc = next_entry(c->u.name, fp, len); 2917 if (rc < 0) 2918 return -1; 2919 c->u.name[len] = 0; 2920 if (context_read_and_validate 2921 (&c->context[0], p, fp)) 2922 return -1; 2923 break; 2924 case OCON_NODE6:{ 2925 int k; 2926 2927 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2928 if (rc < 0) 2929 return -1; 2930 for (k = 0; k < 4; k++) 2931 /* network order */ 2932 c->u.node6.addr[k] = buf[k]; 2933 for (k = 0; k < 4; k++) 2934 /* network order */ 2935 c->u.node6.mask[k] = buf[k + 4]; 2936 if (context_read_and_validate 2937 (&c->context[0], p, fp)) 2938 return -1; 2939 break; 2940 } 2941 default:{ 2942 ERR(fp->handle, "Unknown SELinux ocontext"); 2943 return -1; 2944 } 2945 } 2946 } 2947 } 2948 return 0; 2949 } 2950 2951 static int ocontext_read(struct policydb_compat_info *info, 2952 policydb_t *p, struct policy_file *fp) 2953 { 2954 int rc = -1; 2955 switch (p->target_platform) { 2956 case SEPOL_TARGET_SELINUX: 2957 rc = ocontext_read_selinux(info, p, fp); 2958 break; 2959 case SEPOL_TARGET_XEN: 2960 rc = ocontext_read_xen(info, p, fp); 2961 break; 2962 default: 2963 ERR(fp->handle, "Unknown target"); 2964 } 2965 return rc; 2966 } 2967 2968 static int genfs_read(policydb_t * p, struct policy_file *fp) 2969 { 2970 uint32_t buf[1]; 2971 size_t nel, nel2, len, len2; 2972 genfs_t *genfs_p, *newgenfs, *genfs; 2973 size_t i, j; 2974 ocontext_t *l, *c, *newc = NULL; 2975 int rc; 2976 2977 rc = next_entry(buf, fp, sizeof(uint32_t)); 2978 if (rc < 0) 2979 goto bad; 2980 nel = le32_to_cpu(buf[0]); 2981 genfs_p = NULL; 2982 for (i = 0; i < nel; i++) { 2983 rc = next_entry(buf, fp, sizeof(uint32_t)); 2984 if (rc < 0) 2985 goto bad; 2986 len = le32_to_cpu(buf[0]); 2987 if (zero_or_saturated(len)) 2988 goto bad; 2989 newgenfs = calloc(1, sizeof(genfs_t)); 2990 if (!newgenfs) 2991 goto bad; 2992 newgenfs->fstype = malloc(len + 1); 2993 if (!newgenfs->fstype) { 2994 free(newgenfs); 2995 goto bad; 2996 } 2997 rc = next_entry(newgenfs->fstype, fp, len); 2998 if (rc < 0) { 2999 free(newgenfs->fstype); 3000 free(newgenfs); 3001 goto bad; 3002 } 3003 newgenfs->fstype[len] = 0; 3004 for (genfs_p = NULL, genfs = p->genfs; genfs; 3005 genfs_p = genfs, genfs = genfs->next) { 3006 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 3007 ERR(fp->handle, "dup genfs fstype %s", 3008 newgenfs->fstype); 3009 free(newgenfs->fstype); 3010 free(newgenfs); 3011 goto bad; 3012 } 3013 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 3014 break; 3015 } 3016 newgenfs->next = genfs; 3017 if (genfs_p) 3018 genfs_p->next = newgenfs; 3019 else 3020 p->genfs = newgenfs; 3021 rc = next_entry(buf, fp, sizeof(uint32_t)); 3022 if (rc < 0) 3023 goto bad; 3024 nel2 = le32_to_cpu(buf[0]); 3025 for (j = 0; j < nel2; j++) { 3026 newc = calloc(1, sizeof(ocontext_t)); 3027 if (!newc) { 3028 goto bad; 3029 } 3030 rc = next_entry(buf, fp, sizeof(uint32_t)); 3031 if (rc < 0) 3032 goto bad; 3033 len = le32_to_cpu(buf[0]); 3034 if (zero_or_saturated(len)) 3035 goto bad; 3036 newc->u.name = malloc(len + 1); 3037 if (!newc->u.name) { 3038 goto bad; 3039 } 3040 rc = next_entry(newc->u.name, fp, len); 3041 if (rc < 0) 3042 goto bad; 3043 newc->u.name[len] = 0; 3044 rc = next_entry(buf, fp, sizeof(uint32_t)); 3045 if (rc < 0) 3046 goto bad; 3047 newc->v.sclass = le32_to_cpu(buf[0]); 3048 if (context_read_and_validate(&newc->context[0], p, fp)) 3049 goto bad; 3050 for (l = NULL, c = newgenfs->head; c; 3051 l = c, c = c->next) { 3052 if (!strcmp(newc->u.name, c->u.name) && 3053 (!c->v.sclass || !newc->v.sclass || 3054 newc->v.sclass == c->v.sclass)) { 3055 ERR(fp->handle, "dup genfs entry " 3056 "(%s,%s)", newgenfs->fstype, 3057 c->u.name); 3058 goto bad; 3059 } 3060 len = strlen(newc->u.name); 3061 len2 = strlen(c->u.name); 3062 if (len > len2) 3063 break; 3064 } 3065 newc->next = c; 3066 if (l) 3067 l->next = newc; 3068 else 3069 newgenfs->head = newc; 3070 /* clear newc after a new owner has the pointer */ 3071 newc = NULL; 3072 } 3073 } 3074 3075 return 0; 3076 3077 bad: 3078 if (newc) { 3079 context_destroy(&newc->context[0]); 3080 context_destroy(&newc->context[1]); 3081 free(newc->u.name); 3082 free(newc); 3083 } 3084 return -1; 3085 } 3086 3087 /* 3088 * Read a MLS level structure from a policydb binary 3089 * representation file. 3090 */ 3091 static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 3092 { 3093 uint32_t buf[1]; 3094 int rc; 3095 3096 mls_level_init(lp); 3097 3098 rc = next_entry(buf, fp, sizeof(uint32_t)); 3099 if (rc < 0) { 3100 ERR(fp->handle, "truncated level"); 3101 goto bad; 3102 } 3103 lp->sens = le32_to_cpu(buf[0]); 3104 3105 if (ebitmap_read(&lp->cat, fp)) { 3106 ERR(fp->handle, "error reading level categories"); 3107 goto bad; 3108 } 3109 return 0; 3110 3111 bad: 3112 return -EINVAL; 3113 } 3114 3115 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 3116 { 3117 char *key = 0; 3118 user_datum_t *usrdatum; 3119 uint32_t buf[3]; 3120 size_t len; 3121 int rc, to_read = 2; 3122 3123 usrdatum = calloc(1, sizeof(user_datum_t)); 3124 if (!usrdatum) 3125 return -1; 3126 3127 if (policydb_has_boundary_feature(p)) 3128 to_read = 3; 3129 3130 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 3131 if (rc < 0) 3132 goto bad; 3133 3134 len = le32_to_cpu(buf[0]); 3135 if (zero_or_saturated(len)) 3136 goto bad; 3137 3138 usrdatum->s.value = le32_to_cpu(buf[1]); 3139 if (policydb_has_boundary_feature(p)) 3140 usrdatum->bounds = le32_to_cpu(buf[2]); 3141 3142 key = malloc(len + 1); 3143 if (!key) 3144 goto bad; 3145 rc = next_entry(key, fp, len); 3146 if (rc < 0) 3147 goto bad; 3148 key[len] = 0; 3149 3150 if (p->policy_type == POLICY_KERN) { 3151 if (ebitmap_read(&usrdatum->roles.roles, fp)) 3152 goto bad; 3153 } else { 3154 if (role_set_read(&usrdatum->roles, fp)) 3155 goto bad; 3156 } 3157 3158 /* users were not allowed in mls modules before version 3159 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 3160 * required - the mls fields will be empty. user declarations in 3161 * non-mls modules will also have empty mls fields */ 3162 if ((p->policy_type == POLICY_KERN 3163 && p->policyvers >= POLICYDB_VERSION_MLS) 3164 || (p->policy_type == POLICY_MOD 3165 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3166 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 3167 || (p->policy_type == POLICY_BASE 3168 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3169 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 3170 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 3171 goto bad; 3172 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 3173 goto bad; 3174 if (p->policy_type != POLICY_KERN) { 3175 if (mls_range_to_semantic(&usrdatum->exp_range, 3176 &usrdatum->range)) 3177 goto bad; 3178 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 3179 &usrdatum->dfltlevel)) 3180 goto bad; 3181 } 3182 } else if ((p->policy_type == POLICY_MOD 3183 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 3184 || (p->policy_type == POLICY_BASE 3185 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 3186 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 3187 goto bad; 3188 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 3189 goto bad; 3190 } 3191 3192 if (hashtab_insert(h, key, usrdatum)) 3193 goto bad; 3194 3195 return 0; 3196 3197 bad: 3198 user_destroy(key, usrdatum, NULL); 3199 return -1; 3200 } 3201 3202 static int sens_read(policydb_t * p 3203 __attribute__ ((unused)), hashtab_t h, 3204 struct policy_file *fp) 3205 { 3206 char *key = 0; 3207 level_datum_t *levdatum; 3208 uint32_t buf[2], len; 3209 int rc; 3210 3211 levdatum = malloc(sizeof(level_datum_t)); 3212 if (!levdatum) 3213 return -1; 3214 level_datum_init(levdatum); 3215 3216 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3217 if (rc < 0) 3218 goto bad; 3219 3220 len = le32_to_cpu(buf[0]); 3221 if (zero_or_saturated(len)) 3222 goto bad; 3223 3224 levdatum->isalias = le32_to_cpu(buf[1]); 3225 3226 key = malloc(len + 1); 3227 if (!key) 3228 goto bad; 3229 rc = next_entry(key, fp, len); 3230 if (rc < 0) 3231 goto bad; 3232 key[len] = 0; 3233 3234 levdatum->level = malloc(sizeof(mls_level_t)); 3235 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 3236 goto bad; 3237 3238 if (hashtab_insert(h, key, levdatum)) 3239 goto bad; 3240 3241 return 0; 3242 3243 bad: 3244 sens_destroy(key, levdatum, NULL); 3245 return -1; 3246 } 3247 3248 static int cat_read(policydb_t * p 3249 __attribute__ ((unused)), hashtab_t h, 3250 struct policy_file *fp) 3251 { 3252 char *key = 0; 3253 cat_datum_t *catdatum; 3254 uint32_t buf[3], len; 3255 int rc; 3256 3257 catdatum = malloc(sizeof(cat_datum_t)); 3258 if (!catdatum) 3259 return -1; 3260 cat_datum_init(catdatum); 3261 3262 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 3263 if (rc < 0) 3264 goto bad; 3265 3266 len = le32_to_cpu(buf[0]); 3267 if(zero_or_saturated(len)) 3268 goto bad; 3269 3270 catdatum->s.value = le32_to_cpu(buf[1]); 3271 catdatum->isalias = le32_to_cpu(buf[2]); 3272 3273 key = malloc(len + 1); 3274 if (!key) 3275 goto bad; 3276 rc = next_entry(key, fp, len); 3277 if (rc < 0) 3278 goto bad; 3279 key[len] = 0; 3280 3281 if (hashtab_insert(h, key, catdatum)) 3282 goto bad; 3283 3284 return 0; 3285 3286 bad: 3287 cat_destroy(key, catdatum, NULL); 3288 return -1; 3289 } 3290 3291 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 3292 struct policy_file * fp) = { 3293 common_read, class_read, role_read, type_read, user_read, 3294 cond_read_bool, sens_read, cat_read,}; 3295 3296 /************** module reading functions below **************/ 3297 3298 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp) 3299 { 3300 unsigned int i; 3301 uint32_t buf[2], len; 3302 class_perm_node_t *cur, *tail = NULL; 3303 avrule_t *avrule; 3304 int rc; 3305 3306 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 3307 if (!avrule) 3308 return NULL; 3309 3310 avrule_init(avrule); 3311 3312 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3313 if (rc < 0) 3314 goto bad; 3315 3316 avrule->specified = le32_to_cpu(buf[0]); 3317 avrule->flags = le32_to_cpu(buf[1]); 3318 3319 if (type_set_read(&avrule->stypes, fp)) 3320 goto bad; 3321 3322 if (type_set_read(&avrule->ttypes, fp)) 3323 goto bad; 3324 3325 rc = next_entry(buf, fp, sizeof(uint32_t)); 3326 if (rc < 0) 3327 goto bad; 3328 len = le32_to_cpu(buf[0]); 3329 3330 for (i = 0; i < len; i++) { 3331 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 3332 if (!cur) 3333 goto bad; 3334 class_perm_node_init(cur); 3335 3336 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3337 if (rc < 0) { 3338 free(cur); 3339 goto bad; 3340 } 3341 3342 cur->tclass = le32_to_cpu(buf[0]); 3343 cur->data = le32_to_cpu(buf[1]); 3344 3345 if (!tail) { 3346 avrule->perms = cur; 3347 } else { 3348 tail->next = cur; 3349 } 3350 tail = cur; 3351 } 3352 3353 if (avrule->specified & AVRULE_XPERMS) { 3354 uint8_t buf8; 3355 size_t nel = ARRAY_SIZE(avrule->xperms->perms); 3356 uint32_t buf32[nel]; 3357 3358 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) { 3359 ERR(fp->handle, 3360 "module policy version %u does not support ioctl" 3361 " extended permissions rules and one was specified", 3362 p->policyvers); 3363 goto bad; 3364 } 3365 3366 if (p->target_platform != SEPOL_TARGET_SELINUX) { 3367 ERR(fp->handle, 3368 "Target platform %s does not support ioctl" 3369 " extended permissions rules and one was specified", 3370 policydb_target_strings[p->target_platform]); 3371 goto bad; 3372 } 3373 3374 avrule->xperms = calloc(1, sizeof(*avrule->xperms)); 3375 if (!avrule->xperms) 3376 goto bad; 3377 3378 rc = next_entry(&buf8, fp, sizeof(uint8_t)); 3379 if (rc < 0) { 3380 ERR(fp->handle, "truncated entry"); 3381 goto bad; 3382 } 3383 avrule->xperms->specified = buf8; 3384 rc = next_entry(&buf8, fp, sizeof(uint8_t)); 3385 if (rc < 0) { 3386 ERR(fp->handle, "truncated entry"); 3387 goto bad; 3388 } 3389 avrule->xperms->driver = buf8; 3390 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel); 3391 if (rc < 0) { 3392 ERR(fp->handle, "truncated entry"); 3393 goto bad; 3394 } 3395 for (i = 0; i < nel; i++) 3396 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]); 3397 } 3398 3399 return avrule; 3400 bad: 3401 if (avrule) { 3402 avrule_destroy(avrule); 3403 free(avrule); 3404 } 3405 return NULL; 3406 } 3407 3408 static int range_read(policydb_t * p, struct policy_file *fp) 3409 { 3410 uint32_t buf[2], nel; 3411 range_trans_t *rt = NULL; 3412 struct mls_range *r = NULL; 3413 range_trans_rule_t *rtr = NULL, *lrtr = NULL; 3414 unsigned int i; 3415 int new_rangetr = (p->policy_type == POLICY_KERN && 3416 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 3417 int rc; 3418 3419 rc = next_entry(buf, fp, sizeof(uint32_t)); 3420 if (rc < 0) 3421 return -1; 3422 nel = le32_to_cpu(buf[0]); 3423 for (i = 0; i < nel; i++) { 3424 rt = calloc(1, sizeof(range_trans_t)); 3425 if (!rt) 3426 return -1; 3427 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3428 if (rc < 0) 3429 goto err; 3430 rt->source_type = le32_to_cpu(buf[0]); 3431 rt->target_type = le32_to_cpu(buf[1]); 3432 if (new_rangetr) { 3433 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3434 if (rc < 0) 3435 goto err; 3436 rt->target_class = le32_to_cpu(buf[0]); 3437 } else 3438 rt->target_class = SECCLASS_PROCESS; 3439 r = calloc(1, sizeof(*r)); 3440 if (!r) 3441 goto err; 3442 if (mls_read_range_helper(r, fp)) 3443 goto err; 3444 3445 if (p->policy_type == POLICY_KERN) { 3446 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r); 3447 if (rc) 3448 goto err; 3449 rt = NULL; 3450 r = NULL; 3451 continue; 3452 } 3453 3454 /* Module policy: convert to range_trans_rule and discard. */ 3455 rtr = malloc(sizeof(range_trans_rule_t)); 3456 if (!rtr) 3457 goto err; 3458 range_trans_rule_init(rtr); 3459 3460 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3461 goto err; 3462 3463 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3464 goto err; 3465 3466 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3467 goto err; 3468 3469 if (mls_range_to_semantic(r, &rtr->trange)) 3470 goto err; 3471 3472 if (lrtr) 3473 lrtr->next = rtr; 3474 else 3475 p->global->enabled->range_tr_rules = rtr; 3476 3477 free(rt); 3478 rt = NULL; 3479 free(r); 3480 r = NULL; 3481 lrtr = rtr; 3482 } 3483 3484 return 0; 3485 err: 3486 free(rt); 3487 if (r) { 3488 mls_range_destroy(r); 3489 free(r); 3490 } 3491 if (rtr) { 3492 range_trans_rule_destroy(rtr); 3493 free(rtr); 3494 } 3495 return -1; 3496 } 3497 3498 int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3499 struct policy_file *fp) 3500 { 3501 unsigned int i; 3502 avrule_t *cur, *tail; 3503 uint32_t buf[1], len; 3504 int rc; 3505 3506 *avrules = tail = NULL; 3507 3508 rc = next_entry(buf, fp, sizeof(uint32_t)); 3509 if (rc < 0) { 3510 return -1; 3511 } 3512 len = le32_to_cpu(buf[0]); 3513 3514 for (i = 0; i < len; i++) { 3515 cur = avrule_read(p, fp); 3516 if (!cur) { 3517 return -1; 3518 } 3519 3520 if (!tail) { 3521 *avrules = cur; 3522 } else { 3523 tail->next = cur; 3524 } 3525 tail = cur; 3526 } 3527 3528 return 0; 3529 } 3530 3531 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3532 struct policy_file *fp) 3533 { 3534 uint32_t buf[1], nel; 3535 unsigned int i; 3536 role_trans_rule_t *tr, *ltr; 3537 int rc; 3538 3539 rc = next_entry(buf, fp, sizeof(uint32_t)); 3540 if (rc < 0) 3541 return -1; 3542 nel = le32_to_cpu(buf[0]); 3543 ltr = NULL; 3544 for (i = 0; i < nel; i++) { 3545 tr = malloc(sizeof(role_trans_rule_t)); 3546 if (!tr) { 3547 return -1; 3548 } 3549 role_trans_rule_init(tr); 3550 3551 if (ltr) { 3552 ltr->next = tr; 3553 } else { 3554 *r = tr; 3555 } 3556 3557 if (role_set_read(&tr->roles, fp)) 3558 return -1; 3559 3560 if (type_set_read(&tr->types, fp)) 3561 return -1; 3562 3563 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3564 if (ebitmap_read(&tr->classes, fp)) 3565 return -1; 3566 } else { 3567 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3568 return -1; 3569 } 3570 3571 rc = next_entry(buf, fp, sizeof(uint32_t)); 3572 if (rc < 0) 3573 return -1; 3574 tr->new_role = le32_to_cpu(buf[0]); 3575 ltr = tr; 3576 } 3577 3578 return 0; 3579 } 3580 3581 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3582 { 3583 unsigned int i; 3584 uint32_t buf[1], nel; 3585 role_allow_rule_t *ra, *lra; 3586 int rc; 3587 3588 rc = next_entry(buf, fp, sizeof(uint32_t)); 3589 if (rc < 0) 3590 return -1; 3591 nel = le32_to_cpu(buf[0]); 3592 lra = NULL; 3593 for (i = 0; i < nel; i++) { 3594 ra = malloc(sizeof(role_allow_rule_t)); 3595 if (!ra) { 3596 return -1; 3597 } 3598 role_allow_rule_init(ra); 3599 3600 if (lra) { 3601 lra->next = ra; 3602 } else { 3603 *r = ra; 3604 } 3605 3606 if (role_set_read(&ra->roles, fp)) 3607 return -1; 3608 3609 if (role_set_read(&ra->new_roles, fp)) 3610 return -1; 3611 3612 lra = ra; 3613 } 3614 return 0; 3615 } 3616 3617 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3618 { 3619 uint32_t buf[2], nel; 3620 unsigned int i, len; 3621 filename_trans_rule_t *ftr, *lftr; 3622 int rc; 3623 3624 rc = next_entry(buf, fp, sizeof(uint32_t)); 3625 if (rc < 0) 3626 return -1; 3627 nel = le32_to_cpu(buf[0]); 3628 lftr = NULL; 3629 for (i = 0; i < nel; i++) { 3630 ftr = malloc(sizeof(*ftr)); 3631 if (!ftr) 3632 return -1; 3633 3634 filename_trans_rule_init(ftr); 3635 3636 if (lftr) 3637 lftr->next = ftr; 3638 else 3639 *r = ftr; 3640 lftr = ftr; 3641 3642 rc = next_entry(buf, fp, sizeof(uint32_t)); 3643 if (rc < 0) 3644 return -1; 3645 3646 len = le32_to_cpu(buf[0]); 3647 if (zero_or_saturated(len)) 3648 return -1; 3649 3650 ftr->name = malloc(len + 1); 3651 if (!ftr->name) 3652 return -1; 3653 3654 rc = next_entry(ftr->name, fp, len); 3655 if (rc) 3656 return -1; 3657 ftr->name[len] = 0; 3658 3659 if (type_set_read(&ftr->stypes, fp)) 3660 return -1; 3661 3662 if (type_set_read(&ftr->ttypes, fp)) 3663 return -1; 3664 3665 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3666 if (rc < 0) 3667 return -1; 3668 ftr->tclass = le32_to_cpu(buf[0]); 3669 ftr->otype = le32_to_cpu(buf[1]); 3670 } 3671 3672 return 0; 3673 } 3674 3675 static int range_trans_rule_read(range_trans_rule_t ** r, 3676 struct policy_file *fp) 3677 { 3678 uint32_t buf[1], nel; 3679 unsigned int i; 3680 range_trans_rule_t *rt, *lrt = NULL; 3681 int rc; 3682 3683 rc = next_entry(buf, fp, sizeof(uint32_t)); 3684 if (rc < 0) 3685 return -1; 3686 nel = le32_to_cpu(buf[0]); 3687 for (i = 0; i < nel; i++) { 3688 rt = malloc(sizeof(range_trans_rule_t)); 3689 if (!rt) { 3690 return -1; 3691 } 3692 range_trans_rule_init(rt); 3693 3694 if (lrt) 3695 lrt->next = rt; 3696 else 3697 *r = rt; 3698 3699 if (type_set_read(&rt->stypes, fp)) 3700 return -1; 3701 3702 if (type_set_read(&rt->ttypes, fp)) 3703 return -1; 3704 3705 if (ebitmap_read(&rt->tclasses, fp)) 3706 return -1; 3707 3708 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3709 return -1; 3710 3711 lrt = rt; 3712 } 3713 3714 return 0; 3715 } 3716 3717 static int scope_index_read(scope_index_t * scope_index, 3718 unsigned int num_scope_syms, struct policy_file *fp) 3719 { 3720 unsigned int i; 3721 uint32_t buf[1]; 3722 int rc; 3723 3724 for (i = 0; i < num_scope_syms; i++) { 3725 if (ebitmap_read(scope_index->scope + i, fp) < 0) { 3726 return -1; 3727 } 3728 } 3729 rc = next_entry(buf, fp, sizeof(uint32_t)); 3730 if (rc < 0) 3731 return -1; 3732 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3733 if (scope_index->class_perms_len == 0) { 3734 scope_index->class_perms_map = NULL; 3735 return 0; 3736 } 3737 if ((scope_index->class_perms_map = 3738 calloc(scope_index->class_perms_len, 3739 sizeof(*scope_index->class_perms_map))) == NULL) { 3740 return -1; 3741 } 3742 for (i = 0; i < scope_index->class_perms_len; i++) { 3743 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) { 3744 return -1; 3745 } 3746 } 3747 return 0; 3748 } 3749 3750 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3751 unsigned int num_scope_syms, struct policy_file *fp) 3752 { 3753 uint32_t buf[2], nprim, nel; 3754 unsigned int i, j; 3755 int rc; 3756 3757 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3758 if (rc < 0) 3759 return -1; 3760 decl->decl_id = le32_to_cpu(buf[0]); 3761 decl->enabled = le32_to_cpu(buf[1]); 3762 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3763 avrule_read_list(p, &decl->avrules, fp) == -1 || 3764 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3765 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3766 return -1; 3767 } 3768 3769 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3770 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3771 return -1; 3772 3773 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3774 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3775 return -1; 3776 } 3777 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3778 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3779 return -1; 3780 } 3781 3782 for (i = 0; i < num_scope_syms; i++) { 3783 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3784 if (rc < 0) 3785 return -1; 3786 nprim = le32_to_cpu(buf[0]); 3787 nel = le32_to_cpu(buf[1]); 3788 for (j = 0; j < nel; j++) { 3789 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3790 return -1; 3791 } 3792 } 3793 decl->symtab[i].nprim = nprim; 3794 } 3795 return 0; 3796 } 3797 3798 static int avrule_block_read(policydb_t * p, 3799 avrule_block_t ** block, 3800 unsigned int num_scope_syms, 3801 struct policy_file *fp) 3802 { 3803 avrule_block_t *last_block = NULL, *curblock; 3804 uint32_t buf[1], num_blocks, nel; 3805 int rc; 3806 3807 assert(*block == NULL); 3808 3809 rc = next_entry(buf, fp, sizeof(uint32_t)); 3810 if (rc < 0) 3811 return -1; 3812 num_blocks = le32_to_cpu(buf[0]); 3813 nel = num_blocks; 3814 while (num_blocks > 0) { 3815 avrule_decl_t *last_decl = NULL, *curdecl; 3816 uint32_t num_decls; 3817 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3818 return -1; 3819 } 3820 rc = next_entry(buf, fp, sizeof(uint32_t)); 3821 if (rc < 0) { 3822 free(curblock); 3823 return -1; 3824 } 3825 /* if this is the first block its non-optional, else its optional */ 3826 if (num_blocks != nel) 3827 curblock->flags |= AVRULE_OPTIONAL; 3828 3829 num_decls = le32_to_cpu(buf[0]); 3830 while (num_decls > 0) { 3831 if ((curdecl = avrule_decl_create(0)) == NULL) { 3832 avrule_block_destroy(curblock); 3833 return -1; 3834 } 3835 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3836 -1) { 3837 avrule_decl_destroy(curdecl); 3838 avrule_block_destroy(curblock); 3839 return -1; 3840 } 3841 if (curdecl->enabled) { 3842 if (curblock->enabled != NULL) { 3843 /* probably a corrupt file */ 3844 avrule_decl_destroy(curdecl); 3845 avrule_block_destroy(curblock); 3846 return -1; 3847 } 3848 curblock->enabled = curdecl; 3849 } 3850 /* one must be careful to reconstruct the 3851 * decl chain in its correct order */ 3852 if (curblock->branch_list == NULL) { 3853 curblock->branch_list = curdecl; 3854 } else { 3855 assert(last_decl); 3856 last_decl->next = curdecl; 3857 } 3858 last_decl = curdecl; 3859 num_decls--; 3860 } 3861 3862 if (*block == NULL) { 3863 *block = curblock; 3864 } else { 3865 assert(last_block); 3866 last_block->next = curblock; 3867 } 3868 last_block = curblock; 3869 3870 num_blocks--; 3871 } 3872 3873 return 0; 3874 } 3875 3876 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3877 { 3878 scope_datum_t *scope = NULL; 3879 uint32_t buf[2]; 3880 char *key = NULL; 3881 size_t key_len; 3882 unsigned int i; 3883 hashtab_t h = p->scope[symnum].table; 3884 int rc; 3885 3886 rc = next_entry(buf, fp, sizeof(uint32_t)); 3887 if (rc < 0) 3888 goto cleanup; 3889 key_len = le32_to_cpu(buf[0]); 3890 if (zero_or_saturated(key_len)) 3891 goto cleanup; 3892 key = malloc(key_len + 1); 3893 if (!key) 3894 goto cleanup; 3895 rc = next_entry(key, fp, key_len); 3896 if (rc < 0) 3897 goto cleanup; 3898 key[key_len] = '\0'; 3899 3900 /* ensure that there already exists a symbol with this key */ 3901 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3902 goto cleanup; 3903 } 3904 3905 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3906 goto cleanup; 3907 } 3908 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3909 if (rc < 0) 3910 goto cleanup; 3911 scope->scope = le32_to_cpu(buf[0]); 3912 scope->decl_ids_len = le32_to_cpu(buf[1]); 3913 if (scope->decl_ids_len == 0) { 3914 ERR(fp->handle, "invalid scope with no declaration"); 3915 goto cleanup; 3916 } 3917 if ((scope->decl_ids = 3918 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3919 goto cleanup; 3920 } 3921 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3922 if (rc < 0) 3923 goto cleanup; 3924 for (i = 0; i < scope->decl_ids_len; i++) { 3925 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3926 } 3927 3928 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3929 /* object_r was already added to this table in roles_init() */ 3930 scope_destroy(key, scope, NULL); 3931 } else { 3932 if (hashtab_insert(h, key, scope)) { 3933 goto cleanup; 3934 } 3935 } 3936 3937 return 0; 3938 3939 cleanup: 3940 scope_destroy(key, scope, NULL); 3941 return -1; 3942 } 3943 3944 /* 3945 * Read the configuration data from a policy database binary 3946 * representation file into a policy database structure. 3947 */ 3948 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3949 { 3950 3951 unsigned int i, j, r_policyvers; 3952 uint32_t buf[5]; 3953 size_t len, nprim, nel; 3954 char *policydb_str; 3955 struct policydb_compat_info *info; 3956 unsigned int policy_type, bufindex; 3957 ebitmap_node_t *tnode; 3958 int rc; 3959 3960 /* Read the magic number and string length. */ 3961 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3962 if (rc < 0) 3963 return POLICYDB_ERROR; 3964 for (i = 0; i < 2; i++) 3965 buf[i] = le32_to_cpu(buf[i]); 3966 3967 if (buf[0] == POLICYDB_MAGIC) { 3968 policy_type = POLICY_KERN; 3969 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3970 policy_type = POLICY_MOD; 3971 } else { 3972 ERR(fp->handle, "policydb magic number %#08x does not " 3973 "match expected magic number %#08x or %#08x", 3974 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3975 return POLICYDB_ERROR; 3976 } 3977 3978 len = buf[1]; 3979 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) { 3980 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero"); 3981 return POLICYDB_ERROR; 3982 } 3983 3984 policydb_str = malloc(len + 1); 3985 if (!policydb_str) { 3986 ERR(fp->handle, "unable to allocate memory for policydb " 3987 "string of length %zu", len); 3988 return POLICYDB_ERROR; 3989 } 3990 rc = next_entry(policydb_str, fp, len); 3991 if (rc < 0) { 3992 ERR(fp->handle, "truncated policydb string identifier"); 3993 free(policydb_str); 3994 return POLICYDB_ERROR; 3995 } 3996 policydb_str[len] = 0; 3997 3998 if (policy_type == POLICY_KERN) { 3999 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 4000 if ((strcmp(policydb_str, policydb_target_strings[i]) 4001 == 0)) { 4002 policydb_set_target_platform(p, i); 4003 break; 4004 } 4005 } 4006 4007 if (i == POLICYDB_TARGET_SZ) { 4008 ERR(fp->handle, "cannot find a valid target for policy " 4009 "string %s", policydb_str); 4010 free(policydb_str); 4011 return POLICYDB_ERROR; 4012 } 4013 } else { 4014 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 4015 ERR(fp->handle, "invalid string identifier %s", 4016 policydb_str); 4017 free(policydb_str); 4018 return POLICYDB_ERROR; 4019 } 4020 } 4021 4022 /* Done with policydb_str. */ 4023 free(policydb_str); 4024 policydb_str = NULL; 4025 4026 /* Read the version, config, and table sizes (and policy type if it's a module). */ 4027 if (policy_type == POLICY_KERN) 4028 nel = 4; 4029 else 4030 nel = 5; 4031 4032 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 4033 if (rc < 0) 4034 return POLICYDB_ERROR; 4035 for (i = 0; i < nel; i++) 4036 buf[i] = le32_to_cpu(buf[i]); 4037 4038 bufindex = 0; 4039 4040 if (policy_type == POLICY_MOD) { 4041 /* We know it's a module but not whether it's a base 4042 module or regular binary policy module. buf[0] 4043 tells us which. */ 4044 policy_type = buf[bufindex]; 4045 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 4046 ERR(fp->handle, "unknown module type: %#08x", 4047 policy_type); 4048 return POLICYDB_ERROR; 4049 } 4050 bufindex++; 4051 } 4052 4053 r_policyvers = buf[bufindex]; 4054 if (policy_type == POLICY_KERN) { 4055 if (r_policyvers < POLICYDB_VERSION_MIN || 4056 r_policyvers > POLICYDB_VERSION_MAX) { 4057 ERR(fp->handle, "policydb version %d does not match " 4058 "my version range %d-%d", buf[bufindex], 4059 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 4060 return POLICYDB_ERROR; 4061 } 4062 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 4063 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 4064 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 4065 ERR(fp->handle, "policydb module version %d does " 4066 "not match my version range %d-%d", 4067 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 4068 MOD_POLICYDB_VERSION_MAX); 4069 return POLICYDB_ERROR; 4070 } 4071 } else { 4072 assert(0); 4073 } 4074 bufindex++; 4075 4076 /* Set the policy type and version from the read values. */ 4077 p->policy_type = policy_type; 4078 p->policyvers = r_policyvers; 4079 4080 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 4081 p->mls = 1; 4082 } else { 4083 p->mls = 0; 4084 } 4085 4086 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 4087 4088 bufindex++; 4089 4090 info = policydb_lookup_compat(r_policyvers, policy_type, 4091 p->target_platform); 4092 if (!info) { 4093 ERR(fp->handle, "unable to find policy compat info " 4094 "for version %d", r_policyvers); 4095 goto bad; 4096 } 4097 4098 if (buf[bufindex] != info->sym_num 4099 || buf[bufindex + 1] != info->ocon_num) { 4100 ERR(fp->handle, 4101 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 4102 buf[bufindex], buf[bufindex + 1], info->sym_num, 4103 info->ocon_num); 4104 goto bad; 4105 } 4106 4107 if (p->policy_type == POLICY_MOD) { 4108 /* Get the module name and version */ 4109 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4110 goto bad; 4111 } 4112 len = le32_to_cpu(buf[0]); 4113 if (zero_or_saturated(len)) 4114 goto bad; 4115 if ((p->name = malloc(len + 1)) == NULL) { 4116 goto bad; 4117 } 4118 if ((rc = next_entry(p->name, fp, len)) < 0) { 4119 goto bad; 4120 } 4121 p->name[len] = '\0'; 4122 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4123 goto bad; 4124 } 4125 len = le32_to_cpu(buf[0]); 4126 if (zero_or_saturated(len)) 4127 goto bad; 4128 if ((p->version = malloc(len + 1)) == NULL) { 4129 goto bad; 4130 } 4131 if ((rc = next_entry(p->version, fp, len)) < 0) { 4132 goto bad; 4133 } 4134 p->version[len] = '\0'; 4135 } 4136 4137 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 4138 p->policy_type == POLICY_KERN) || 4139 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 4140 p->policy_type == POLICY_BASE) || 4141 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 4142 p->policy_type == POLICY_MOD)) { 4143 if (ebitmap_read(&p->policycaps, fp)) 4144 goto bad; 4145 } 4146 4147 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 4148 p->policy_type == POLICY_KERN) { 4149 if (ebitmap_read(&p->permissive_map, fp)) 4150 goto bad; 4151 } 4152 4153 for (i = 0; i < info->sym_num; i++) { 4154 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 4155 if (rc < 0) 4156 goto bad; 4157 nprim = le32_to_cpu(buf[0]); 4158 nel = le32_to_cpu(buf[1]); 4159 if (nel && !nprim) { 4160 ERR(fp->handle, "unexpected items in symbol table with no symbol"); 4161 goto bad; 4162 } 4163 for (j = 0; j < nel; j++) { 4164 if (read_f[i] (p, p->symtab[i].table, fp)) 4165 goto bad; 4166 } 4167 4168 p->symtab[i].nprim = nprim; 4169 } 4170 4171 if (policy_type == POLICY_KERN) { 4172 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 4173 goto bad; 4174 if (r_policyvers >= POLICYDB_VERSION_BOOL) 4175 if (cond_read_list(p, &p->cond_list, fp)) 4176 goto bad; 4177 if (role_trans_read(p, fp)) 4178 goto bad; 4179 if (role_allow_read(&p->role_allow, fp)) 4180 goto bad; 4181 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 4182 filename_trans_read(p, fp)) 4183 goto bad; 4184 } else { 4185 /* first read the AV rule blocks, then the scope tables */ 4186 avrule_block_destroy(p->global); 4187 p->global = NULL; 4188 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 4189 goto bad; 4190 } 4191 if (p->global == NULL) { 4192 ERR(fp->handle, "no avrule block in policy"); 4193 goto bad; 4194 } 4195 for (i = 0; i < info->sym_num; i++) { 4196 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4197 goto bad; 4198 } 4199 nel = le32_to_cpu(buf[0]); 4200 for (j = 0; j < nel; j++) { 4201 if (scope_read(p, i, fp)) 4202 goto bad; 4203 } 4204 } 4205 4206 } 4207 4208 if (policydb_index_decls(fp->handle, p)) 4209 goto bad; 4210 4211 if (policydb_index_classes(p)) 4212 goto bad; 4213 4214 if (policydb_index_others(fp->handle, p, verbose)) 4215 goto bad; 4216 4217 if (ocontext_read(info, p, fp) == -1) { 4218 goto bad; 4219 } 4220 4221 if (genfs_read(p, fp) == -1) { 4222 goto bad; 4223 } 4224 4225 if ((p->policy_type == POLICY_KERN 4226 && p->policyvers >= POLICYDB_VERSION_MLS) 4227 || (p->policy_type == POLICY_BASE 4228 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 4229 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 4230 if (range_read(p, fp)) { 4231 goto bad; 4232 } 4233 } 4234 4235 if (policy_type == POLICY_KERN) { 4236 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 4237 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 4238 if (!p->type_attr_map || !p->attr_type_map) 4239 goto bad; 4240 for (i = 0; i < p->p_types.nprim; i++) { 4241 ebitmap_init(&p->type_attr_map[i]); 4242 ebitmap_init(&p->attr_type_map[i]); 4243 } 4244 for (i = 0; i < p->p_types.nprim; i++) { 4245 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 4246 if (ebitmap_read(&p->type_attr_map[i], fp)) 4247 goto bad; 4248 ebitmap_for_each_bit(&p->type_attr_map[i], 4249 tnode, j) { 4250 if (!ebitmap_node_get_bit(tnode, j) 4251 || i == j) 4252 continue; 4253 4254 if (j >= p->p_types.nprim) 4255 goto bad; 4256 4257 if (ebitmap_set_bit 4258 (&p->attr_type_map[j], i, 1)) 4259 goto bad; 4260 } 4261 } 4262 /* add the type itself as the degenerate case */ 4263 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 4264 goto bad; 4265 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) { 4266 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1)) 4267 goto bad; 4268 } 4269 } 4270 } 4271 4272 return POLICYDB_SUCCESS; 4273 bad: 4274 return POLICYDB_ERROR; 4275 } 4276 4277 int policydb_reindex_users(policydb_t * p) 4278 { 4279 unsigned int i = SYM_USERS; 4280 4281 if (p->user_val_to_struct) 4282 free(p->user_val_to_struct); 4283 if (p->sym_val_to_name[i]) 4284 free(p->sym_val_to_name[i]); 4285 4286 p->user_val_to_struct = (user_datum_t **) 4287 calloc(p->p_users.nprim, sizeof(user_datum_t *)); 4288 if (!p->user_val_to_struct) 4289 return -1; 4290 4291 p->sym_val_to_name[i] = (char **) 4292 calloc(p->symtab[i].nprim, sizeof(char *)); 4293 if (!p->sym_val_to_name[i]) 4294 return -1; 4295 4296 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 4297 return -1; 4298 4299 /* Expand user roles for context validity checking */ 4300 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 4301 return -1; 4302 4303 return 0; 4304 } 4305 4306 void policy_file_init(policy_file_t *pf) 4307 { 4308 memset(pf, 0, sizeof(policy_file_t)); 4309 } 4310 4311 int policydb_set_target_platform(policydb_t *p, int platform) 4312 { 4313 if (platform == SEPOL_TARGET_SELINUX) 4314 p->target_platform = SEPOL_TARGET_SELINUX; 4315 else if (platform == SEPOL_TARGET_XEN) 4316 p->target_platform = SEPOL_TARGET_XEN; 4317 else 4318 return -1; 4319 4320 return 0; 4321 } 4322 4323 int policydb_sort_ocontexts(policydb_t *p) 4324 { 4325 return sort_ocontexts(p); 4326 } 4327
