1 2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 3 4 /* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris (at) redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37 /* FLASK */ 38 39 /* 40 * Implementation of the policy database. 41 */ 42 43 #include <assert.h> 44 #include <stdlib.h> 45 46 #include <sepol/policydb/policydb.h> 47 #include <sepol/policydb/expand.h> 48 #include <sepol/policydb/conditional.h> 49 #include <sepol/policydb/avrule_block.h> 50 #include <sepol/policydb/util.h> 51 #include <sepol/policydb/flask.h> 52 53 #include "private.h" 54 #include "debug.h" 55 #include "mls.h" 56 57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58 char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 61 static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_FSUSE + 1, 74 .target_platform = SEPOL_TARGET_SELINUX, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BOOL, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_IPV6, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NODE6 + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_RANGETRANS, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_POLCAP, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_PERMISSIVE, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_BOUNDARY, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_FILENAME_TRANS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_ROLETRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_BASE, 155 .version = MOD_POLICYDB_VERSION_BASE, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_BASE, 162 .version = MOD_POLICYDB_VERSION_MLS, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_BASE, 169 .version = MOD_POLICYDB_VERSION_MLS_USERS, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_BASE, 176 .version = MOD_POLICYDB_VERSION_POLCAP, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_BASE, 183 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_BOUNDARY, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_ROLETRANS, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_BASE, 218 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 219 .sym_num = SYM_NUM, 220 .ocon_num = OCON_NODE6 + 1, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_BASE, 225 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 226 .sym_num = SYM_NUM, 227 .ocon_num = OCON_NODE6 + 1, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_MOD, 232 .version = MOD_POLICYDB_VERSION_BASE, 233 .sym_num = SYM_NUM, 234 .ocon_num = 0, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_MOD, 239 .version = MOD_POLICYDB_VERSION_MLS, 240 .sym_num = SYM_NUM, 241 .ocon_num = 0, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_MOD, 246 .version = MOD_POLICYDB_VERSION_MLS_USERS, 247 .sym_num = SYM_NUM, 248 .ocon_num = 0, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_MOD, 253 .version = MOD_POLICYDB_VERSION_POLCAP, 254 .sym_num = SYM_NUM, 255 .ocon_num = 0, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_MOD, 260 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 261 .sym_num = SYM_NUM, 262 .ocon_num = 0, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_MOD, 267 .version = MOD_POLICYDB_VERSION_BOUNDARY, 268 .sym_num = SYM_NUM, 269 .ocon_num = 0, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_MOD, 274 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 275 .sym_num = SYM_NUM, 276 .ocon_num = 0, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279 { 280 .type = POLICY_MOD, 281 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 282 .sym_num = SYM_NUM, 283 .ocon_num = 0, 284 .target_platform = SEPOL_TARGET_SELINUX, 285 }, 286 { 287 .type = POLICY_MOD, 288 .version = MOD_POLICYDB_VERSION_ROLETRANS, 289 .sym_num = SYM_NUM, 290 .ocon_num = 0, 291 .target_platform = SEPOL_TARGET_SELINUX, 292 }, 293 { 294 .type = POLICY_MOD, 295 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 296 .sym_num = SYM_NUM, 297 .ocon_num = 0, 298 .target_platform = SEPOL_TARGET_SELINUX, 299 }, 300 { 301 .type = POLICY_MOD, 302 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 303 .sym_num = SYM_NUM, 304 .ocon_num = 0, 305 .target_platform = SEPOL_TARGET_SELINUX, 306 }, 307 }; 308 309 #if 0 310 static char *symtab_name[SYM_NUM] = { 311 "common prefixes", 312 "classes", 313 "roles", 314 "types", 315 "users", 316 "bools" mls_symtab_names cond_symtab_names 317 }; 318 #endif 319 320 static unsigned int symtab_sizes[SYM_NUM] = { 321 2, 322 32, 323 16, 324 512, 325 128, 326 16, 327 16, 328 16, 329 }; 330 331 struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 332 unsigned int type, 333 unsigned int target_platform) 334 { 335 unsigned int i; 336 struct policydb_compat_info *info = NULL; 337 338 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 339 if (policydb_compat[i].version == version && 340 policydb_compat[i].type == type && 341 policydb_compat[i].target_platform == target_platform) { 342 info = &policydb_compat[i]; 343 break; 344 } 345 } 346 return info; 347 } 348 349 void type_set_init(type_set_t * x) 350 { 351 memset(x, 0, sizeof(type_set_t)); 352 ebitmap_init(&x->types); 353 ebitmap_init(&x->negset); 354 } 355 356 void type_set_destroy(type_set_t * x) 357 { 358 if (x != NULL) { 359 ebitmap_destroy(&x->types); 360 ebitmap_destroy(&x->negset); 361 } 362 } 363 364 void role_set_init(role_set_t * x) 365 { 366 memset(x, 0, sizeof(role_set_t)); 367 ebitmap_init(&x->roles); 368 } 369 370 void role_set_destroy(role_set_t * x) 371 { 372 ebitmap_destroy(&x->roles); 373 } 374 375 void role_datum_init(role_datum_t * x) 376 { 377 memset(x, 0, sizeof(role_datum_t)); 378 ebitmap_init(&x->dominates); 379 type_set_init(&x->types); 380 ebitmap_init(&x->cache); 381 ebitmap_init(&x->roles); 382 } 383 384 void role_datum_destroy(role_datum_t * x) 385 { 386 if (x != NULL) { 387 ebitmap_destroy(&x->dominates); 388 type_set_destroy(&x->types); 389 ebitmap_destroy(&x->cache); 390 ebitmap_destroy(&x->roles); 391 } 392 } 393 394 void type_datum_init(type_datum_t * x) 395 { 396 memset(x, 0, sizeof(*x)); 397 ebitmap_init(&x->types); 398 } 399 400 void type_datum_destroy(type_datum_t * x) 401 { 402 if (x != NULL) { 403 ebitmap_destroy(&x->types); 404 } 405 } 406 407 void user_datum_init(user_datum_t * x) 408 { 409 memset(x, 0, sizeof(user_datum_t)); 410 role_set_init(&x->roles); 411 mls_semantic_range_init(&x->range); 412 mls_semantic_level_init(&x->dfltlevel); 413 ebitmap_init(&x->cache); 414 mls_range_init(&x->exp_range); 415 mls_level_init(&x->exp_dfltlevel); 416 } 417 418 void user_datum_destroy(user_datum_t * x) 419 { 420 if (x != NULL) { 421 role_set_destroy(&x->roles); 422 mls_semantic_range_destroy(&x->range); 423 mls_semantic_level_destroy(&x->dfltlevel); 424 ebitmap_destroy(&x->cache); 425 mls_range_destroy(&x->exp_range); 426 mls_level_destroy(&x->exp_dfltlevel); 427 } 428 } 429 430 void level_datum_init(level_datum_t * x) 431 { 432 memset(x, 0, sizeof(level_datum_t)); 433 } 434 435 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 436 { 437 /* the mls_level_t referenced by the level_datum is managed 438 * separately for now, so there is nothing to destroy */ 439 return; 440 } 441 442 void cat_datum_init(cat_datum_t * x) 443 { 444 memset(x, 0, sizeof(cat_datum_t)); 445 } 446 447 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 448 { 449 /* it's currently a simple struct - really nothing to destroy */ 450 return; 451 } 452 453 void class_perm_node_init(class_perm_node_t * x) 454 { 455 memset(x, 0, sizeof(class_perm_node_t)); 456 } 457 458 void avrule_init(avrule_t * x) 459 { 460 memset(x, 0, sizeof(avrule_t)); 461 type_set_init(&x->stypes); 462 type_set_init(&x->ttypes); 463 } 464 465 void avrule_destroy(avrule_t * x) 466 { 467 class_perm_node_t *cur, *next; 468 469 if (x == NULL) { 470 return; 471 } 472 type_set_destroy(&x->stypes); 473 type_set_destroy(&x->ttypes); 474 475 next = x->perms; 476 while (next) { 477 cur = next; 478 next = cur->next; 479 free(cur); 480 } 481 } 482 483 void role_trans_rule_init(role_trans_rule_t * x) 484 { 485 memset(x, 0, sizeof(*x)); 486 role_set_init(&x->roles); 487 type_set_init(&x->types); 488 ebitmap_init(&x->classes); 489 } 490 491 void role_trans_rule_destroy(role_trans_rule_t * x) 492 { 493 if (x != NULL) { 494 role_set_destroy(&x->roles); 495 type_set_destroy(&x->types); 496 ebitmap_destroy(&x->classes); 497 } 498 } 499 500 void role_trans_rule_list_destroy(role_trans_rule_t * x) 501 { 502 while (x != NULL) { 503 role_trans_rule_t *next = x->next; 504 role_trans_rule_destroy(x); 505 free(x); 506 x = next; 507 } 508 } 509 510 void filename_trans_rule_init(filename_trans_rule_t * x) 511 { 512 memset(x, 0, sizeof(*x)); 513 type_set_init(&x->stypes); 514 type_set_init(&x->ttypes); 515 } 516 517 static void filename_trans_rule_destroy(filename_trans_rule_t * x) 518 { 519 if (!x) 520 return; 521 type_set_destroy(&x->stypes); 522 type_set_destroy(&x->ttypes); 523 free(x->name); 524 } 525 526 void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 527 { 528 filename_trans_rule_t *next; 529 while (x) { 530 next = x->next; 531 filename_trans_rule_destroy(x); 532 free(x); 533 x = next; 534 } 535 } 536 537 void role_allow_rule_init(role_allow_rule_t * x) 538 { 539 memset(x, 0, sizeof(role_allow_rule_t)); 540 role_set_init(&x->roles); 541 role_set_init(&x->new_roles); 542 } 543 544 void role_allow_rule_destroy(role_allow_rule_t * x) 545 { 546 role_set_destroy(&x->roles); 547 role_set_destroy(&x->new_roles); 548 } 549 550 void role_allow_rule_list_destroy(role_allow_rule_t * x) 551 { 552 while (x != NULL) { 553 role_allow_rule_t *next = x->next; 554 role_allow_rule_destroy(x); 555 free(x); 556 x = next; 557 } 558 } 559 560 void range_trans_rule_init(range_trans_rule_t * x) 561 { 562 type_set_init(&x->stypes); 563 type_set_init(&x->ttypes); 564 ebitmap_init(&x->tclasses); 565 mls_semantic_range_init(&x->trange); 566 x->next = NULL; 567 } 568 569 void range_trans_rule_destroy(range_trans_rule_t * x) 570 { 571 type_set_destroy(&x->stypes); 572 type_set_destroy(&x->ttypes); 573 ebitmap_destroy(&x->tclasses); 574 mls_semantic_range_destroy(&x->trange); 575 } 576 577 void range_trans_rule_list_destroy(range_trans_rule_t * x) 578 { 579 while (x != NULL) { 580 range_trans_rule_t *next = x->next; 581 range_trans_rule_destroy(x); 582 free(x); 583 x = next; 584 } 585 } 586 587 void avrule_list_destroy(avrule_t * x) 588 { 589 avrule_t *next, *cur; 590 591 if (!x) 592 return; 593 594 next = x; 595 while (next) { 596 cur = next; 597 next = next->next; 598 avrule_destroy(cur); 599 free(cur); 600 } 601 } 602 603 /* 604 * Initialize the role table by implicitly adding role 'object_r'. If 605 * the policy is a module, set object_r's scope to be SCOPE_REQ, 606 * otherwise set it to SCOPE_DECL. 607 */ 608 static int roles_init(policydb_t * p) 609 { 610 char *key = 0; 611 int rc; 612 role_datum_t *role; 613 614 role = calloc(1, sizeof(role_datum_t)); 615 if (!role) { 616 rc = -ENOMEM; 617 goto out; 618 } 619 key = malloc(strlen(OBJECT_R) + 1); 620 if (!key) { 621 rc = -ENOMEM; 622 goto out_free_role; 623 } 624 strcpy(key, OBJECT_R); 625 rc = symtab_insert(p, SYM_ROLES, key, role, 626 (p->policy_type == 627 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 628 &role->s.value); 629 if (rc) 630 goto out_free_key; 631 if (role->s.value != OBJECT_R_VAL) { 632 rc = -EINVAL; 633 goto out_free_role; 634 } 635 out: 636 return rc; 637 638 out_free_key: 639 free(key); 640 out_free_role: 641 free(role); 642 goto out; 643 } 644 645 /* 646 * Initialize a policy database structure. 647 */ 648 int policydb_init(policydb_t * p) 649 { 650 int i, rc; 651 652 memset(p, 0, sizeof(policydb_t)); 653 654 ebitmap_init(&p->policycaps); 655 656 ebitmap_init(&p->permissive_map); 657 658 for (i = 0; i < SYM_NUM; i++) { 659 p->sym_val_to_name[i] = NULL; 660 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 661 if (rc) 662 goto out_free_symtab; 663 } 664 665 /* initialize the module stuff */ 666 for (i = 0; i < SYM_NUM; i++) { 667 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 668 goto out_free_symtab; 669 } 670 } 671 if ((p->global = avrule_block_create()) == NULL || 672 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 673 goto out_free_symtab; 674 } 675 p->decl_val_to_struct = NULL; 676 677 rc = avtab_init(&p->te_avtab); 678 if (rc) 679 goto out_free_symtab; 680 681 rc = roles_init(p); 682 if (rc) 683 goto out_free_symtab; 684 685 rc = cond_policydb_init(p); 686 if (rc) 687 goto out_free_symtab; 688 out: 689 return rc; 690 691 out_free_symtab: 692 for (i = 0; i < SYM_NUM; i++) { 693 hashtab_destroy(p->symtab[i].table); 694 hashtab_destroy(p->scope[i].table); 695 } 696 avrule_block_list_destroy(p->global); 697 goto out; 698 } 699 700 int policydb_role_cache(hashtab_key_t key 701 __attribute__ ((unused)), hashtab_datum_t datum, 702 void *arg) 703 { 704 policydb_t *p; 705 role_datum_t *role; 706 707 role = (role_datum_t *) datum; 708 p = (policydb_t *) arg; 709 710 ebitmap_destroy(&role->cache); 711 if (type_set_expand(&role->types, &role->cache, p, 1)) { 712 return -1; 713 } 714 715 return 0; 716 } 717 718 int policydb_user_cache(hashtab_key_t key 719 __attribute__ ((unused)), hashtab_datum_t datum, 720 void *arg) 721 { 722 policydb_t *p; 723 user_datum_t *user; 724 725 user = (user_datum_t *) datum; 726 p = (policydb_t *) arg; 727 728 ebitmap_destroy(&user->cache); 729 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 730 return -1; 731 } 732 733 /* we do not expand user's MLS info in kernel policies because the 734 * semantic representation is not present and we do not expand user's 735 * MLS info in module policies because all of the necessary mls 736 * information is not present */ 737 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 738 mls_range_destroy(&user->exp_range); 739 if (mls_semantic_range_expand(&user->range, 740 &user->exp_range, p, NULL)) { 741 return -1; 742 } 743 744 mls_level_destroy(&user->exp_dfltlevel); 745 if (mls_semantic_level_expand(&user->dfltlevel, 746 &user->exp_dfltlevel, p, NULL)) { 747 return -1; 748 } 749 } 750 751 return 0; 752 } 753 754 /* 755 * The following *_index functions are used to 756 * define the val_to_name and val_to_struct arrays 757 * in a policy database structure. The val_to_name 758 * arrays are used when converting security context 759 * structures into string representations. The 760 * val_to_struct arrays are used when the attributes 761 * of a class, role, or user are needed. 762 */ 763 764 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 765 { 766 policydb_t *p; 767 common_datum_t *comdatum; 768 769 comdatum = (common_datum_t *) datum; 770 p = (policydb_t *) datap; 771 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 772 return -EINVAL; 773 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 774 775 return 0; 776 } 777 778 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 779 { 780 policydb_t *p; 781 class_datum_t *cladatum; 782 783 cladatum = (class_datum_t *) datum; 784 p = (policydb_t *) datap; 785 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 786 return -EINVAL; 787 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 788 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 789 790 return 0; 791 } 792 793 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 794 { 795 policydb_t *p; 796 role_datum_t *role; 797 798 role = (role_datum_t *) datum; 799 p = (policydb_t *) datap; 800 if (!role->s.value || role->s.value > p->p_roles.nprim) 801 return -EINVAL; 802 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 803 p->role_val_to_struct[role->s.value - 1] = role; 804 805 return 0; 806 } 807 808 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 809 { 810 policydb_t *p; 811 type_datum_t *typdatum; 812 813 typdatum = (type_datum_t *) datum; 814 p = (policydb_t *) datap; 815 816 if (typdatum->primary) { 817 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 818 return -EINVAL; 819 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 820 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 821 } 822 823 return 0; 824 } 825 826 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 827 { 828 policydb_t *p; 829 user_datum_t *usrdatum; 830 831 usrdatum = (user_datum_t *) datum; 832 p = (policydb_t *) datap; 833 834 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 835 return -EINVAL; 836 837 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 838 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 839 840 return 0; 841 } 842 843 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 844 { 845 policydb_t *p; 846 level_datum_t *levdatum; 847 848 levdatum = (level_datum_t *) datum; 849 p = (policydb_t *) datap; 850 851 if (!levdatum->isalias) { 852 if (!levdatum->level->sens || 853 levdatum->level->sens > p->p_levels.nprim) 854 return -EINVAL; 855 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 856 } 857 858 return 0; 859 } 860 861 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 862 { 863 policydb_t *p; 864 cat_datum_t *catdatum; 865 866 catdatum = (cat_datum_t *) datum; 867 p = (policydb_t *) datap; 868 869 if (!catdatum->isalias) { 870 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 871 return -EINVAL; 872 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 873 } 874 875 return 0; 876 } 877 878 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 879 void *datap) = { 880 common_index, class_index, role_index, type_index, user_index, 881 cond_index_bool, sens_index, cat_index,}; 882 883 /* 884 * Define the common val_to_name array and the class 885 * val_to_name and val_to_struct arrays in a policy 886 * database structure. 887 */ 888 int policydb_index_classes(policydb_t * p) 889 { 890 free(p->p_common_val_to_name); 891 p->p_common_val_to_name = (char **) 892 malloc(p->p_commons.nprim * sizeof(char *)); 893 if (!p->p_common_val_to_name) 894 return -1; 895 896 if (hashtab_map(p->p_commons.table, common_index, p)) 897 return -1; 898 899 free(p->class_val_to_struct); 900 p->class_val_to_struct = (class_datum_t **) 901 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 902 if (!p->class_val_to_struct) 903 return -1; 904 905 free(p->p_class_val_to_name); 906 p->p_class_val_to_name = (char **) 907 malloc(p->p_classes.nprim * sizeof(char *)); 908 if (!p->p_class_val_to_name) 909 return -1; 910 911 if (hashtab_map(p->p_classes.table, class_index, p)) 912 return -1; 913 914 return 0; 915 } 916 917 int policydb_index_bools(policydb_t * p) 918 { 919 920 if (cond_init_bool_indexes(p) == -1) 921 return -1; 922 p->p_bool_val_to_name = (char **) 923 malloc(p->p_bools.nprim * sizeof(char *)); 924 if (!p->p_bool_val_to_name) 925 return -1; 926 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 927 return -1; 928 return 0; 929 } 930 931 int policydb_index_decls(policydb_t * p) 932 { 933 avrule_block_t *curblock; 934 avrule_decl_t *decl; 935 int num_decls = 0; 936 937 free(p->decl_val_to_struct); 938 939 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 940 for (decl = curblock->branch_list; decl != NULL; 941 decl = decl->next) { 942 num_decls++; 943 } 944 } 945 946 p->decl_val_to_struct = 947 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 948 if (!p->decl_val_to_struct) { 949 return -1; 950 } 951 952 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 953 for (decl = curblock->branch_list; decl != NULL; 954 decl = decl->next) { 955 p->decl_val_to_struct[decl->decl_id - 1] = decl; 956 } 957 } 958 959 return 0; 960 } 961 962 /* 963 * Define the other val_to_name and val_to_struct arrays 964 * in a policy database structure. 965 */ 966 int policydb_index_others(sepol_handle_t * handle, 967 policydb_t * p, unsigned verbose) 968 { 969 int i; 970 971 if (verbose) { 972 INFO(handle, 973 "security: %d users, %d roles, %d types, %d bools", 974 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 975 p->p_bools.nprim); 976 977 if (p->mls) 978 INFO(handle, "security: %d sens, %d cats", 979 p->p_levels.nprim, p->p_cats.nprim); 980 981 INFO(handle, "security: %d classes, %d rules, %d cond rules", 982 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 983 } 984 #if 0 985 avtab_hash_eval(&p->te_avtab, "rules"); 986 for (i = 0; i < SYM_NUM; i++) 987 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 988 #endif 989 990 free(p->role_val_to_struct); 991 p->role_val_to_struct = (role_datum_t **) 992 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 993 if (!p->role_val_to_struct) 994 return -1; 995 996 free(p->user_val_to_struct); 997 p->user_val_to_struct = (user_datum_t **) 998 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 999 if (!p->user_val_to_struct) 1000 return -1; 1001 1002 free(p->type_val_to_struct); 1003 p->type_val_to_struct = (type_datum_t **) 1004 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1005 if (!p->type_val_to_struct) 1006 return -1; 1007 1008 cond_init_bool_indexes(p); 1009 1010 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1011 free(p->sym_val_to_name[i]); 1012 p->sym_val_to_name[i] = NULL; 1013 if (p->symtab[i].nprim) { 1014 p->sym_val_to_name[i] = (char **) 1015 calloc(p->symtab[i].nprim, sizeof(char *)); 1016 if (!p->sym_val_to_name[i]) 1017 return -1; 1018 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1019 return -1; 1020 } 1021 } 1022 1023 /* This pre-expands the roles and users for context validity checking */ 1024 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1025 return -1; 1026 1027 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1028 return -1; 1029 1030 return 0; 1031 } 1032 1033 /* 1034 * The following *_destroy functions are used to 1035 * free any memory allocated for each kind of 1036 * symbol data in the policy database. 1037 */ 1038 1039 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1040 __attribute__ ((unused))) 1041 { 1042 if (key) 1043 free(key); 1044 free(datum); 1045 return 0; 1046 } 1047 1048 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1049 __attribute__ ((unused))) 1050 { 1051 common_datum_t *comdatum; 1052 1053 if (key) 1054 free(key); 1055 comdatum = (common_datum_t *) datum; 1056 hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1057 hashtab_destroy(comdatum->permissions.table); 1058 free(datum); 1059 return 0; 1060 } 1061 1062 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1063 __attribute__ ((unused))) 1064 { 1065 class_datum_t *cladatum; 1066 constraint_node_t *constraint, *ctemp; 1067 constraint_expr_t *e, *etmp; 1068 1069 if (key) 1070 free(key); 1071 cladatum = (class_datum_t *) datum; 1072 if (cladatum == NULL) { 1073 return 0; 1074 } 1075 hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1076 hashtab_destroy(cladatum->permissions.table); 1077 constraint = cladatum->constraints; 1078 while (constraint) { 1079 e = constraint->expr; 1080 while (e) { 1081 etmp = e; 1082 e = e->next; 1083 constraint_expr_destroy(etmp); 1084 } 1085 ctemp = constraint; 1086 constraint = constraint->next; 1087 free(ctemp); 1088 } 1089 1090 constraint = cladatum->validatetrans; 1091 while (constraint) { 1092 e = constraint->expr; 1093 while (e) { 1094 etmp = e; 1095 e = e->next; 1096 constraint_expr_destroy(etmp); 1097 } 1098 ctemp = constraint; 1099 constraint = constraint->next; 1100 free(ctemp); 1101 } 1102 1103 if (cladatum->comkey) 1104 free(cladatum->comkey); 1105 free(datum); 1106 return 0; 1107 } 1108 1109 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1110 __attribute__ ((unused))) 1111 { 1112 free(key); 1113 role_datum_destroy((role_datum_t *) datum); 1114 free(datum); 1115 return 0; 1116 } 1117 1118 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1119 __attribute__ ((unused))) 1120 { 1121 free(key); 1122 type_datum_destroy((type_datum_t *) datum); 1123 free(datum); 1124 return 0; 1125 } 1126 1127 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1128 __attribute__ ((unused))) 1129 { 1130 free(key); 1131 user_datum_destroy((user_datum_t *) datum); 1132 free(datum); 1133 return 0; 1134 } 1135 1136 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1137 __attribute__ ((unused))) 1138 { 1139 level_datum_t *levdatum; 1140 1141 if (key) 1142 free(key); 1143 levdatum = (level_datum_t *) datum; 1144 mls_level_destroy(levdatum->level); 1145 free(levdatum->level); 1146 level_datum_destroy(levdatum); 1147 free(levdatum); 1148 return 0; 1149 } 1150 1151 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1152 __attribute__ ((unused))) 1153 { 1154 if (key) 1155 free(key); 1156 cat_datum_destroy((cat_datum_t *) datum); 1157 free(datum); 1158 return 0; 1159 } 1160 1161 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1162 void *datap) = { 1163 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1164 cond_destroy_bool, sens_destroy, cat_destroy,}; 1165 1166 void ocontext_selinux_free(ocontext_t **ocontexts) 1167 { 1168 ocontext_t *c, *ctmp; 1169 int i; 1170 1171 for (i = 0; i < OCON_NUM; i++) { 1172 c = ocontexts[i]; 1173 while (c) { 1174 ctmp = c; 1175 c = c->next; 1176 context_destroy(&ctmp->context[0]); 1177 context_destroy(&ctmp->context[1]); 1178 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1179 || i == OCON_FSUSE) 1180 free(ctmp->u.name); 1181 free(ctmp); 1182 } 1183 } 1184 } 1185 1186 void ocontext_xen_free(ocontext_t **ocontexts) 1187 { 1188 ocontext_t *c, *ctmp; 1189 int i; 1190 1191 for (i = 0; i < OCON_NUM; i++) { 1192 c = ocontexts[i]; 1193 while (c) { 1194 ctmp = c; 1195 c = c->next; 1196 context_destroy(&ctmp->context[0]); 1197 context_destroy(&ctmp->context[1]); 1198 if (i == OCON_ISID) 1199 free(ctmp->u.name); 1200 free(ctmp); 1201 } 1202 } 1203 } 1204 1205 /* 1206 * Free any memory allocated by a policy database structure. 1207 */ 1208 void policydb_destroy(policydb_t * p) 1209 { 1210 ocontext_t *c, *ctmp; 1211 genfs_t *g, *gtmp; 1212 unsigned int i; 1213 role_allow_t *ra, *lra = NULL; 1214 role_trans_t *tr, *ltr = NULL; 1215 range_trans_t *rt, *lrt = NULL; 1216 filename_trans_t *ft, *nft; 1217 1218 if (!p) 1219 return; 1220 1221 ebitmap_destroy(&p->policycaps); 1222 1223 ebitmap_destroy(&p->permissive_map); 1224 1225 symtabs_destroy(p->symtab); 1226 1227 for (i = 0; i < SYM_NUM; i++) { 1228 if (p->sym_val_to_name[i]) 1229 free(p->sym_val_to_name[i]); 1230 } 1231 1232 if (p->class_val_to_struct) 1233 free(p->class_val_to_struct); 1234 if (p->role_val_to_struct) 1235 free(p->role_val_to_struct); 1236 if (p->user_val_to_struct) 1237 free(p->user_val_to_struct); 1238 if (p->type_val_to_struct) 1239 free(p->type_val_to_struct); 1240 free(p->decl_val_to_struct); 1241 1242 for (i = 0; i < SYM_NUM; i++) { 1243 hashtab_map(p->scope[i].table, scope_destroy, 0); 1244 hashtab_destroy(p->scope[i].table); 1245 } 1246 avrule_block_list_destroy(p->global); 1247 free(p->name); 1248 free(p->version); 1249 1250 avtab_destroy(&p->te_avtab); 1251 1252 if (p->target_platform == SEPOL_TARGET_SELINUX) 1253 ocontext_selinux_free(p->ocontexts); 1254 else if (p->target_platform == SEPOL_TARGET_XEN) 1255 ocontext_xen_free(p->ocontexts); 1256 1257 g = p->genfs; 1258 while (g) { 1259 free(g->fstype); 1260 c = g->head; 1261 while (c) { 1262 ctmp = c; 1263 c = c->next; 1264 context_destroy(&ctmp->context[0]); 1265 free(ctmp->u.name); 1266 free(ctmp); 1267 } 1268 gtmp = g; 1269 g = g->next; 1270 free(gtmp); 1271 } 1272 cond_policydb_destroy(p); 1273 1274 for (tr = p->role_tr; tr; tr = tr->next) { 1275 if (ltr) 1276 free(ltr); 1277 ltr = tr; 1278 } 1279 if (ltr) 1280 free(ltr); 1281 1282 ft = p->filename_trans; 1283 while (ft) { 1284 nft = ft->next; 1285 free(ft->name); 1286 free(ft); 1287 ft = nft; 1288 } 1289 1290 for (ra = p->role_allow; ra; ra = ra->next) { 1291 if (lra) 1292 free(lra); 1293 lra = ra; 1294 } 1295 if (lra) 1296 free(lra); 1297 1298 for (rt = p->range_tr; rt; rt = rt->next) { 1299 if (lrt) { 1300 ebitmap_destroy(&lrt->target_range.level[0].cat); 1301 ebitmap_destroy(&lrt->target_range.level[1].cat); 1302 free(lrt); 1303 } 1304 lrt = rt; 1305 } 1306 if (lrt) { 1307 ebitmap_destroy(&lrt->target_range.level[0].cat); 1308 ebitmap_destroy(&lrt->target_range.level[1].cat); 1309 free(lrt); 1310 } 1311 1312 if (p->type_attr_map) { 1313 for (i = 0; i < p->p_types.nprim; i++) { 1314 ebitmap_destroy(&p->type_attr_map[i]); 1315 } 1316 free(p->type_attr_map); 1317 } 1318 1319 if (p->attr_type_map) { 1320 for (i = 0; i < p->p_types.nprim; i++) { 1321 ebitmap_destroy(&p->attr_type_map[i]); 1322 } 1323 free(p->attr_type_map); 1324 } 1325 1326 return; 1327 } 1328 1329 void symtabs_destroy(symtab_t * symtab) 1330 { 1331 int i; 1332 for (i = 0; i < SYM_NUM; i++) { 1333 hashtab_map(symtab[i].table, destroy_f[i], 0); 1334 hashtab_destroy(symtab[i].table); 1335 } 1336 } 1337 1338 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1339 __attribute__ ((unused))) 1340 { 1341 scope_datum_t *cur = (scope_datum_t *) datum; 1342 free(key); 1343 if (cur != NULL) { 1344 free(cur->decl_ids); 1345 } 1346 free(cur); 1347 return 0; 1348 } 1349 1350 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1351 { 1352 if (sym_num < 0 || sym_num >= SYM_NUM) { 1353 return NULL; 1354 } 1355 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1356 } 1357 1358 /* 1359 * Load the initial SIDs specified in a policy database 1360 * structure into a SID table. 1361 */ 1362 int policydb_load_isids(policydb_t * p, sidtab_t * s) 1363 { 1364 ocontext_t *head, *c; 1365 1366 if (sepol_sidtab_init(s)) { 1367 ERR(NULL, "out of memory on SID table init"); 1368 return -1; 1369 } 1370 1371 head = p->ocontexts[OCON_ISID]; 1372 for (c = head; c; c = c->next) { 1373 if (!c->context[0].user) { 1374 ERR(NULL, "SID %s was never defined", c->u.name); 1375 return -1; 1376 } 1377 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1378 ERR(NULL, "unable to load initial SID %s", c->u.name); 1379 return -1; 1380 } 1381 } 1382 1383 return 0; 1384 } 1385 1386 /* Declare a symbol for a certain avrule_block context. Insert it 1387 * into a symbol table for a policy. This function will handle 1388 * inserting the appropriate scope information in addition to 1389 * inserting the symbol into the hash table. 1390 * 1391 * arguments: 1392 * policydb_t *pol module policy to modify 1393 * uint32_t sym the symbole table for insertion (SYM_*) 1394 * hashtab_key_t key the key for the symbol - not cloned 1395 * hashtab_datum_t data the data for the symbol - not cloned 1396 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1397 * avrule_decl_id identifier for this symbol's encapsulating declaration 1398 * value (out) assigned value to the symbol (if value is not NULL) 1399 * 1400 * returns: 1401 * 0 success 1402 * 1 success, but symbol already existed as a requirement 1403 * (datum was not inserted and needs to be free()d) 1404 * -1 general error 1405 * -2 scope conflicted 1406 * -ENOMEM memory error 1407 * error codes from hashtab_insert 1408 */ 1409 int symtab_insert(policydb_t * pol, uint32_t sym, 1410 hashtab_key_t key, hashtab_datum_t datum, 1411 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1412 { 1413 int rc, retval = 0; 1414 unsigned int i; 1415 scope_datum_t *scope_datum; 1416 1417 /* check if the symbol is already there. multiple 1418 * declarations of non-roles/non-users are illegal, but 1419 * multiple requires are allowed. */ 1420 1421 /* FIX ME - the failures after the hashtab_insert will leave 1422 * the policy in a inconsistent state. */ 1423 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1424 if (rc == SEPOL_OK) { 1425 /* if no value is passed in the symbol is not primary 1426 * (i.e. aliases) */ 1427 if (value) 1428 *value = ++pol->symtab[sym].nprim; 1429 } else if (rc == SEPOL_EEXIST) { 1430 retval = 1; /* symbol not added -- need to free() later */ 1431 } else { 1432 return rc; 1433 } 1434 1435 /* get existing scope information; if there is not one then 1436 * create it */ 1437 scope_datum = 1438 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1439 if (scope_datum == NULL) { 1440 hashtab_key_t key2 = strdup((char *)key); 1441 if (!key2) 1442 return -ENOMEM; 1443 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1444 free(key2); 1445 return -ENOMEM; 1446 } 1447 scope_datum->scope = scope; 1448 scope_datum->decl_ids = NULL; 1449 scope_datum->decl_ids_len = 0; 1450 if ((rc = 1451 hashtab_insert(pol->scope[sym].table, key2, 1452 scope_datum)) != 0) { 1453 free(key2); 1454 free(scope_datum); 1455 return rc; 1456 } 1457 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1458 /* disallow multiple declarations for non-roles/users */ 1459 if (sym != SYM_ROLES && sym != SYM_USERS) { 1460 return -2; 1461 } 1462 /* Further confine that a role attribute can't have the same 1463 * name as another regular role, and a role attribute can't 1464 * be declared more than once. */ 1465 if (sym == SYM_ROLES) { 1466 role_datum_t *base_role; 1467 role_datum_t *cur_role = (role_datum_t *)datum; 1468 1469 base_role = (role_datum_t *) 1470 hashtab_search(pol->symtab[sym].table, 1471 key); 1472 assert(base_role != NULL); 1473 1474 if (!((base_role->flavor == ROLE_ROLE) && 1475 (cur_role->flavor == ROLE_ROLE))) { 1476 /* Only regular roles are allowed to have 1477 * multiple declarations. */ 1478 return -2; 1479 } 1480 } 1481 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1482 scope_datum->scope = SCOPE_DECL; 1483 } else if (scope_datum->scope != scope) { 1484 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1485 return -2; 1486 } 1487 1488 /* search through the pre-existing list to avoid adding duplicates */ 1489 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1490 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1491 /* already there, so don't modify its scope */ 1492 return retval; 1493 } 1494 } 1495 1496 if (add_i_to_a(avrule_decl_id, 1497 &scope_datum->decl_ids_len, 1498 &scope_datum->decl_ids) == -1) { 1499 return -ENOMEM; 1500 } 1501 1502 return retval; 1503 } 1504 1505 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1506 { 1507 type_set_init(dst); 1508 1509 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1510 return -1; 1511 } 1512 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1513 return -1; 1514 } 1515 1516 dst->flags |= a->flags; 1517 dst->flags |= b->flags; 1518 1519 return 0; 1520 } 1521 1522 int type_set_cpy(type_set_t * dst, type_set_t * src) 1523 { 1524 type_set_init(dst); 1525 1526 dst->flags = src->flags; 1527 if (ebitmap_cpy(&dst->types, &src->types)) 1528 return -1; 1529 if (ebitmap_cpy(&dst->negset, &src->negset)) 1530 return -1; 1531 1532 return 0; 1533 } 1534 1535 int type_set_or_eq(type_set_t * dst, type_set_t * other) 1536 { 1537 int ret; 1538 type_set_t tmp; 1539 1540 if (type_set_or(&tmp, dst, other)) 1541 return -1; 1542 type_set_destroy(dst); 1543 ret = type_set_cpy(dst, &tmp); 1544 type_set_destroy(&tmp); 1545 1546 return ret; 1547 } 1548 1549 int role_set_get_role(role_set_t * x, uint32_t role) 1550 { 1551 if (x->flags & ROLE_STAR) 1552 return 1; 1553 1554 if (ebitmap_get_bit(&x->roles, role - 1)) { 1555 if (x->flags & ROLE_COMP) 1556 return 0; 1557 else 1558 return 1; 1559 } else { 1560 if (x->flags & ROLE_COMP) 1561 return 1; 1562 else 1563 return 0; 1564 } 1565 } 1566 1567 /***********************************************************************/ 1568 /* everything below is for policy reads */ 1569 1570 /* The following are read functions for module structures */ 1571 1572 static int role_set_read(role_set_t * r, struct policy_file *fp) 1573 { 1574 uint32_t buf[1]; 1575 int rc; 1576 1577 if (ebitmap_read(&r->roles, fp)) 1578 return -1; 1579 rc = next_entry(buf, fp, sizeof(uint32_t)); 1580 if (rc < 0) 1581 return -1; 1582 r->flags = le32_to_cpu(buf[0]); 1583 1584 return 0; 1585 } 1586 1587 static int type_set_read(type_set_t * t, struct policy_file *fp) 1588 { 1589 uint32_t buf[1]; 1590 int rc; 1591 1592 if (ebitmap_read(&t->types, fp)) 1593 return -1; 1594 if (ebitmap_read(&t->negset, fp)) 1595 return -1; 1596 1597 rc = next_entry(buf, fp, sizeof(uint32_t)); 1598 if (rc < 0) 1599 return -1; 1600 t->flags = le32_to_cpu(buf[0]); 1601 1602 return 0; 1603 } 1604 1605 /* 1606 * Read a MLS range structure from a policydb binary 1607 * representation file. 1608 */ 1609 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1610 { 1611 uint32_t buf[2], items; 1612 int rc; 1613 1614 rc = next_entry(buf, fp, sizeof(uint32_t)); 1615 if (rc < 0) 1616 goto out; 1617 1618 items = le32_to_cpu(buf[0]); 1619 if (items > ARRAY_SIZE(buf)) { 1620 ERR(fp->handle, "range overflow"); 1621 rc = -EINVAL; 1622 goto out; 1623 } 1624 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1625 if (rc < 0) { 1626 ERR(fp->handle, "truncated range"); 1627 goto out; 1628 } 1629 r->level[0].sens = le32_to_cpu(buf[0]); 1630 if (items > 1) 1631 r->level[1].sens = le32_to_cpu(buf[1]); 1632 else 1633 r->level[1].sens = r->level[0].sens; 1634 1635 rc = ebitmap_read(&r->level[0].cat, fp); 1636 if (rc) { 1637 ERR(fp->handle, "error reading low categories"); 1638 goto out; 1639 } 1640 if (items > 1) { 1641 rc = ebitmap_read(&r->level[1].cat, fp); 1642 if (rc) { 1643 ERR(fp->handle, "error reading high categories"); 1644 goto bad_high; 1645 } 1646 } else { 1647 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1648 if (rc) { 1649 ERR(fp->handle, "out of memory"); 1650 goto bad_high; 1651 } 1652 } 1653 1654 rc = 0; 1655 out: 1656 return rc; 1657 bad_high: 1658 ebitmap_destroy(&r->level[0].cat); 1659 goto out; 1660 } 1661 1662 /* 1663 * Read a semantic MLS level structure from a policydb binary 1664 * representation file. 1665 */ 1666 static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1667 struct policy_file *fp) 1668 { 1669 uint32_t buf[2], ncat; 1670 unsigned int i; 1671 mls_semantic_cat_t *cat; 1672 int rc; 1673 1674 mls_semantic_level_init(l); 1675 1676 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1677 if (rc < 0) { 1678 ERR(fp->handle, "truncated level"); 1679 goto bad; 1680 } 1681 l->sens = le32_to_cpu(buf[0]); 1682 1683 ncat = le32_to_cpu(buf[1]); 1684 for (i = 0; i < ncat; i++) { 1685 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1686 if (!cat) { 1687 ERR(fp->handle, "out of memory"); 1688 goto bad; 1689 } 1690 1691 mls_semantic_cat_init(cat); 1692 cat->next = l->cat; 1693 l->cat = cat; 1694 1695 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1696 if (rc < 0) { 1697 ERR(fp->handle, "error reading level categories"); 1698 goto bad; 1699 } 1700 cat->low = le32_to_cpu(buf[0]); 1701 cat->high = le32_to_cpu(buf[1]); 1702 } 1703 1704 return 0; 1705 1706 bad: 1707 return -EINVAL; 1708 } 1709 1710 /* 1711 * Read a semantic MLS range structure from a policydb binary 1712 * representation file. 1713 */ 1714 static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1715 struct policy_file *fp) 1716 { 1717 int rc; 1718 1719 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1720 if (rc) 1721 return rc; 1722 1723 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1724 1725 return rc; 1726 } 1727 1728 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1729 { 1730 unsigned int i; 1731 ebitmap_node_t *cnode; 1732 mls_semantic_cat_t *open_cat = NULL; 1733 1734 mls_semantic_level_init(sl); 1735 sl->sens = l->sens; 1736 ebitmap_for_each_bit(&l->cat, cnode, i) { 1737 if (ebitmap_node_get_bit(cnode, i)) { 1738 if (open_cat) 1739 continue; 1740 open_cat = (mls_semantic_cat_t *) 1741 malloc(sizeof(mls_semantic_cat_t)); 1742 if (!open_cat) 1743 return -1; 1744 1745 mls_semantic_cat_init(open_cat); 1746 open_cat->low = i + 1; 1747 open_cat->next = sl->cat; 1748 sl->cat = open_cat; 1749 } else { 1750 if (!open_cat) 1751 continue; 1752 open_cat->high = i; 1753 open_cat = NULL; 1754 } 1755 } 1756 if (open_cat) 1757 open_cat->high = i; 1758 1759 return 0; 1760 } 1761 1762 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1763 { 1764 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1765 return -1; 1766 1767 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1768 return -1; 1769 1770 return 0; 1771 } 1772 1773 /* 1774 * Read and validate a security context structure 1775 * from a policydb binary representation file. 1776 */ 1777 static int context_read_and_validate(context_struct_t * c, 1778 policydb_t * p, struct policy_file *fp) 1779 { 1780 uint32_t buf[3]; 1781 int rc; 1782 1783 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1784 if (rc < 0) { 1785 ERR(fp->handle, "context truncated"); 1786 return -1; 1787 } 1788 c->user = le32_to_cpu(buf[0]); 1789 c->role = le32_to_cpu(buf[1]); 1790 c->type = le32_to_cpu(buf[2]); 1791 if ((p->policy_type == POLICY_KERN 1792 && p->policyvers >= POLICYDB_VERSION_MLS) 1793 || (p->policy_type == POLICY_BASE 1794 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1795 if (mls_read_range_helper(&c->range, fp)) { 1796 ERR(fp->handle, "error reading MLS range " 1797 "of context"); 1798 return -1; 1799 } 1800 } 1801 1802 if (!policydb_context_isvalid(p, c)) { 1803 ERR(fp->handle, "invalid security context"); 1804 context_destroy(c); 1805 return -1; 1806 } 1807 return 0; 1808 } 1809 1810 /* 1811 * The following *_read functions are used to 1812 * read the symbol data from a policy database 1813 * binary representation file. 1814 */ 1815 1816 static int perm_read(policydb_t * p 1817 __attribute__ ((unused)), hashtab_t h, 1818 struct policy_file *fp) 1819 { 1820 char *key = 0; 1821 perm_datum_t *perdatum; 1822 uint32_t buf[2]; 1823 size_t len; 1824 int rc; 1825 1826 perdatum = calloc(1, sizeof(perm_datum_t)); 1827 if (!perdatum) 1828 return -1; 1829 1830 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1831 if (rc < 0) 1832 goto bad; 1833 1834 len = le32_to_cpu(buf[0]); 1835 perdatum->s.value = le32_to_cpu(buf[1]); 1836 1837 key = malloc(len + 1); 1838 if (!key) 1839 goto bad; 1840 rc = next_entry(key, fp, len); 1841 if (rc < 0) 1842 goto bad; 1843 key[len] = 0; 1844 1845 if (hashtab_insert(h, key, perdatum)) 1846 goto bad; 1847 1848 return 0; 1849 1850 bad: 1851 perm_destroy(key, perdatum, NULL); 1852 return -1; 1853 } 1854 1855 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1856 { 1857 char *key = 0; 1858 common_datum_t *comdatum; 1859 uint32_t buf[4]; 1860 size_t len, nel; 1861 unsigned int i; 1862 int rc; 1863 1864 comdatum = calloc(1, sizeof(common_datum_t)); 1865 if (!comdatum) 1866 return -1; 1867 1868 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1869 if (rc < 0) 1870 goto bad; 1871 1872 len = le32_to_cpu(buf[0]); 1873 comdatum->s.value = le32_to_cpu(buf[1]); 1874 1875 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1876 goto bad; 1877 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1878 nel = le32_to_cpu(buf[3]); 1879 1880 key = malloc(len + 1); 1881 if (!key) 1882 goto bad; 1883 rc = next_entry(key, fp, len); 1884 if (rc < 0) 1885 goto bad; 1886 key[len] = 0; 1887 1888 for (i = 0; i < nel; i++) { 1889 if (perm_read(p, comdatum->permissions.table, fp)) 1890 goto bad; 1891 } 1892 1893 if (hashtab_insert(h, key, comdatum)) 1894 goto bad; 1895 1896 return 0; 1897 1898 bad: 1899 common_destroy(key, comdatum, NULL); 1900 return -1; 1901 } 1902 1903 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1904 unsigned int ncons, 1905 int allowxtarget, struct policy_file *fp) 1906 { 1907 constraint_node_t *c, *lc; 1908 constraint_expr_t *e, *le; 1909 uint32_t buf[3]; 1910 size_t nexpr; 1911 unsigned int i, j; 1912 int rc, depth; 1913 1914 lc = NULL; 1915 for (i = 0; i < ncons; i++) { 1916 c = calloc(1, sizeof(constraint_node_t)); 1917 if (!c) 1918 return -1; 1919 1920 if (lc) 1921 lc->next = c; 1922 else 1923 *nodep = c; 1924 1925 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 1926 if (rc < 0) 1927 return -1; 1928 c->permissions = le32_to_cpu(buf[0]); 1929 nexpr = le32_to_cpu(buf[1]); 1930 le = NULL; 1931 depth = -1; 1932 for (j = 0; j < nexpr; j++) { 1933 e = malloc(sizeof(constraint_expr_t)); 1934 if (!e) 1935 return -1; 1936 if (constraint_expr_init(e) == -1) { 1937 free(e); 1938 return -1; 1939 } 1940 if (le) { 1941 le->next = e; 1942 } else { 1943 c->expr = e; 1944 } 1945 1946 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 1947 if (rc < 0) 1948 return -1; 1949 e->expr_type = le32_to_cpu(buf[0]); 1950 e->attr = le32_to_cpu(buf[1]); 1951 e->op = le32_to_cpu(buf[2]); 1952 1953 switch (e->expr_type) { 1954 case CEXPR_NOT: 1955 if (depth < 0) 1956 return -1; 1957 break; 1958 case CEXPR_AND: 1959 case CEXPR_OR: 1960 if (depth < 1) 1961 return -1; 1962 depth--; 1963 break; 1964 case CEXPR_ATTR: 1965 if (depth == (CEXPR_MAXDEPTH - 1)) 1966 return -1; 1967 depth++; 1968 break; 1969 case CEXPR_NAMES: 1970 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1971 return -1; 1972 if (depth == (CEXPR_MAXDEPTH - 1)) 1973 return -1; 1974 depth++; 1975 if (ebitmap_read(&e->names, fp)) 1976 return -1; 1977 if (p->policy_type != POLICY_KERN && 1978 type_set_read(e->type_names, fp)) 1979 return -1; 1980 break; 1981 default: 1982 return -1; 1983 } 1984 le = e; 1985 } 1986 if (depth != 0) 1987 return -1; 1988 lc = c; 1989 } 1990 1991 return 0; 1992 } 1993 1994 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1995 { 1996 char *key = 0; 1997 class_datum_t *cladatum; 1998 uint32_t buf[6]; 1999 size_t len, len2, ncons, nel; 2000 unsigned int i; 2001 int rc; 2002 2003 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2004 if (!cladatum) 2005 return -1; 2006 2007 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2008 if (rc < 0) 2009 goto bad; 2010 2011 len = le32_to_cpu(buf[0]); 2012 len2 = le32_to_cpu(buf[1]); 2013 cladatum->s.value = le32_to_cpu(buf[2]); 2014 2015 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2016 goto bad; 2017 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2018 nel = le32_to_cpu(buf[4]); 2019 2020 ncons = le32_to_cpu(buf[5]); 2021 2022 key = malloc(len + 1); 2023 if (!key) 2024 goto bad; 2025 rc = next_entry(key, fp, len); 2026 if (rc < 0) 2027 goto bad; 2028 key[len] = 0; 2029 2030 if (len2) { 2031 cladatum->comkey = malloc(len2 + 1); 2032 if (!cladatum->comkey) 2033 goto bad; 2034 rc = next_entry(cladatum->comkey, fp, len2); 2035 if (rc < 0) 2036 goto bad; 2037 cladatum->comkey[len2] = 0; 2038 2039 cladatum->comdatum = hashtab_search(p->p_commons.table, 2040 cladatum->comkey); 2041 if (!cladatum->comdatum) { 2042 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2043 goto bad; 2044 } 2045 } 2046 for (i = 0; i < nel; i++) { 2047 if (perm_read(p, cladatum->permissions.table, fp)) 2048 goto bad; 2049 } 2050 2051 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2052 goto bad; 2053 2054 if ((p->policy_type == POLICY_KERN 2055 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2056 || (p->policy_type == POLICY_BASE 2057 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2058 /* grab the validatetrans rules */ 2059 rc = next_entry(buf, fp, sizeof(uint32_t)); 2060 if (rc < 0) 2061 goto bad; 2062 ncons = le32_to_cpu(buf[0]); 2063 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2064 goto bad; 2065 } 2066 2067 if (hashtab_insert(h, key, cladatum)) 2068 goto bad; 2069 2070 return 0; 2071 2072 bad: 2073 class_destroy(key, cladatum, NULL); 2074 return -1; 2075 } 2076 2077 static int role_read(policydb_t * p 2078 __attribute__ ((unused)), hashtab_t h, 2079 struct policy_file *fp) 2080 { 2081 char *key = 0; 2082 role_datum_t *role; 2083 uint32_t buf[3]; 2084 size_t len; 2085 int rc, to_read = 2; 2086 2087 role = calloc(1, sizeof(role_datum_t)); 2088 if (!role) 2089 return -1; 2090 2091 if (policydb_has_boundary_feature(p)) 2092 to_read = 3; 2093 2094 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2095 if (rc < 0) 2096 goto bad; 2097 2098 len = le32_to_cpu(buf[0]); 2099 role->s.value = le32_to_cpu(buf[1]); 2100 if (policydb_has_boundary_feature(p)) 2101 role->bounds = le32_to_cpu(buf[2]); 2102 2103 key = malloc(len + 1); 2104 if (!key) 2105 goto bad; 2106 rc = next_entry(key, fp, len); 2107 if (rc < 0) 2108 goto bad; 2109 key[len] = 0; 2110 2111 if (ebitmap_read(&role->dominates, fp)) 2112 goto bad; 2113 2114 if (p->policy_type == POLICY_KERN) { 2115 if (ebitmap_read(&role->types.types, fp)) 2116 goto bad; 2117 } else { 2118 if (type_set_read(&role->types, fp)) 2119 goto bad; 2120 } 2121 2122 if (p->policy_type != POLICY_KERN && 2123 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2124 rc = next_entry(buf, fp, sizeof(uint32_t)); 2125 if (rc < 0) 2126 goto bad; 2127 2128 role->flavor = le32_to_cpu(buf[0]); 2129 2130 if (ebitmap_read(&role->roles, fp)) 2131 goto bad; 2132 } 2133 2134 if (strcmp(key, OBJECT_R) == 0) { 2135 if (role->s.value != OBJECT_R_VAL) { 2136 ERR(fp->handle, "role %s has wrong value %d", 2137 OBJECT_R, role->s.value); 2138 role_destroy(key, role, NULL); 2139 return -1; 2140 } 2141 role_destroy(key, role, NULL); 2142 return 0; 2143 } 2144 2145 if (hashtab_insert(h, key, role)) 2146 goto bad; 2147 2148 return 0; 2149 2150 bad: 2151 role_destroy(key, role, NULL); 2152 return -1; 2153 } 2154 2155 static int type_read(policydb_t * p 2156 __attribute__ ((unused)), hashtab_t h, 2157 struct policy_file *fp) 2158 { 2159 char *key = 0; 2160 type_datum_t *typdatum; 2161 uint32_t buf[5]; 2162 size_t len; 2163 int rc, to_read; 2164 int pos = 0; 2165 2166 typdatum = calloc(1, sizeof(type_datum_t)); 2167 if (!typdatum) 2168 return -1; 2169 2170 if (policydb_has_boundary_feature(p)) { 2171 if (p->policy_type != POLICY_KERN 2172 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2173 to_read = 5; 2174 else 2175 to_read = 4; 2176 } 2177 else if (p->policy_type == POLICY_KERN) 2178 to_read = 3; 2179 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2180 to_read = 5; 2181 else 2182 to_read = 4; 2183 2184 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2185 if (rc < 0) 2186 goto bad; 2187 2188 len = le32_to_cpu(buf[pos]); 2189 typdatum->s.value = le32_to_cpu(buf[++pos]); 2190 if (policydb_has_boundary_feature(p)) { 2191 uint32_t properties; 2192 2193 if (p->policy_type != POLICY_KERN 2194 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2195 typdatum->primary = le32_to_cpu(buf[++pos]); 2196 properties = le32_to_cpu(buf[++pos]); 2197 } 2198 else { 2199 properties = le32_to_cpu(buf[++pos]); 2200 2201 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2202 typdatum->primary = 1; 2203 } 2204 2205 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2206 typdatum->flavor = TYPE_ATTRIB; 2207 if (properties & TYPEDATUM_PROPERTY_ALIAS 2208 && p->policy_type != POLICY_KERN) 2209 typdatum->flavor = TYPE_ALIAS; 2210 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2211 && p->policy_type != POLICY_KERN) 2212 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2213 2214 typdatum->bounds = le32_to_cpu(buf[++pos]); 2215 } else { 2216 typdatum->primary = le32_to_cpu(buf[++pos]); 2217 if (p->policy_type != POLICY_KERN) { 2218 typdatum->flavor = le32_to_cpu(buf[++pos]); 2219 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2220 typdatum->flags = le32_to_cpu(buf[++pos]); 2221 } 2222 } 2223 2224 if (p->policy_type != POLICY_KERN) { 2225 if (ebitmap_read(&typdatum->types, fp)) 2226 goto bad; 2227 } 2228 2229 key = malloc(len + 1); 2230 if (!key) 2231 goto bad; 2232 rc = next_entry(key, fp, len); 2233 if (rc < 0) 2234 goto bad; 2235 key[len] = 0; 2236 2237 if (hashtab_insert(h, key, typdatum)) 2238 goto bad; 2239 2240 return 0; 2241 2242 bad: 2243 type_destroy(key, typdatum, NULL); 2244 return -1; 2245 } 2246 2247 int role_trans_read(policydb_t *p, struct policy_file *fp) 2248 { 2249 role_trans_t **t = &p->role_tr; 2250 unsigned int i; 2251 uint32_t buf[3], nel; 2252 role_trans_t *tr, *ltr; 2253 int rc; 2254 int new_roletr = (p->policy_type == POLICY_KERN && 2255 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2256 2257 rc = next_entry(buf, fp, sizeof(uint32_t)); 2258 if (rc < 0) 2259 return -1; 2260 nel = le32_to_cpu(buf[0]); 2261 ltr = NULL; 2262 for (i = 0; i < nel; i++) { 2263 tr = calloc(1, sizeof(struct role_trans)); 2264 if (!tr) { 2265 return -1; 2266 } 2267 if (ltr) { 2268 ltr->next = tr; 2269 } else { 2270 *t = tr; 2271 } 2272 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2273 if (rc < 0) 2274 return -1; 2275 tr->role = le32_to_cpu(buf[0]); 2276 tr->type = le32_to_cpu(buf[1]); 2277 tr->new_role = le32_to_cpu(buf[2]); 2278 if (new_roletr) { 2279 rc = next_entry(buf, fp, sizeof(uint32_t)); 2280 if (rc < 0) 2281 return -1; 2282 tr->tclass = le32_to_cpu(buf[0]); 2283 } else 2284 tr->tclass = SECCLASS_PROCESS; 2285 ltr = tr; 2286 } 2287 return 0; 2288 } 2289 2290 int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2291 { 2292 unsigned int i; 2293 uint32_t buf[2], nel; 2294 role_allow_t *ra, *lra; 2295 int rc; 2296 2297 rc = next_entry(buf, fp, sizeof(uint32_t)); 2298 if (rc < 0) 2299 return -1; 2300 nel = le32_to_cpu(buf[0]); 2301 lra = NULL; 2302 for (i = 0; i < nel; i++) { 2303 ra = calloc(1, sizeof(struct role_allow)); 2304 if (!ra) { 2305 return -1; 2306 } 2307 if (lra) { 2308 lra->next = ra; 2309 } else { 2310 *r = ra; 2311 } 2312 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2313 if (rc < 0) 2314 return -1; 2315 ra->role = le32_to_cpu(buf[0]); 2316 ra->new_role = le32_to_cpu(buf[1]); 2317 lra = ra; 2318 } 2319 return 0; 2320 } 2321 2322 int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2323 { 2324 unsigned int i; 2325 uint32_t buf[4], nel, len; 2326 filename_trans_t *ft, *lft; 2327 int rc; 2328 char *name; 2329 2330 rc = next_entry(buf, fp, sizeof(uint32_t)); 2331 if (rc < 0) 2332 return -1; 2333 nel = le32_to_cpu(buf[0]); 2334 2335 lft = NULL; 2336 for (i = 0; i < nel; i++) { 2337 ft = calloc(1, sizeof(struct filename_trans)); 2338 if (!ft) 2339 return -1; 2340 if (lft) 2341 lft->next = ft; 2342 else 2343 *t = ft; 2344 lft = ft; 2345 rc = next_entry(buf, fp, sizeof(uint32_t)); 2346 if (rc < 0) 2347 return -1; 2348 len = le32_to_cpu(buf[0]); 2349 2350 name = calloc(len, sizeof(*name)); 2351 if (!name) 2352 return -1; 2353 2354 ft->name = name; 2355 2356 rc = next_entry(name, fp, len); 2357 if (rc < 0) 2358 return -1; 2359 2360 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2361 if (rc < 0) 2362 return -1; 2363 2364 ft->stype = le32_to_cpu(buf[0]); 2365 ft->ttype = le32_to_cpu(buf[1]); 2366 ft->tclass = le32_to_cpu(buf[2]); 2367 ft->otype = le32_to_cpu(buf[3]); 2368 } 2369 return 0; 2370 } 2371 2372 static int ocontext_read_xen(struct policydb_compat_info *info, 2373 policydb_t *p, struct policy_file *fp) 2374 { 2375 unsigned int i, j; 2376 size_t nel; 2377 ocontext_t *l, *c; 2378 uint32_t buf[8]; 2379 int rc; 2380 2381 for (i = 0; i < info->ocon_num; i++) { 2382 rc = next_entry(buf, fp, sizeof(uint32_t)); 2383 if (rc < 0) 2384 return -1; 2385 nel = le32_to_cpu(buf[0]); 2386 l = NULL; 2387 for (j = 0; j < nel; j++) { 2388 c = calloc(1, sizeof(ocontext_t)); 2389 if (!c) 2390 return -1; 2391 if (l) 2392 l->next = c; 2393 else 2394 p->ocontexts[i] = c; 2395 l = c; 2396 switch (i) { 2397 case OCON_XEN_ISID: 2398 rc = next_entry(buf, fp, sizeof(uint32_t)); 2399 if (rc < 0) 2400 return -1; 2401 c->sid[0] = le32_to_cpu(buf[0]); 2402 if (context_read_and_validate 2403 (&c->context[0], p, fp)) 2404 return -1; 2405 break; 2406 case OCON_XEN_PIRQ: 2407 rc = next_entry(buf, fp, sizeof(uint32_t)); 2408 if (rc < 0) 2409 return -1; 2410 c->u.pirq = le32_to_cpu(buf[0]); 2411 if (context_read_and_validate 2412 (&c->context[0], p, fp)) 2413 return -1; 2414 break; 2415 case OCON_XEN_IOPORT: 2416 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2417 if (rc < 0) 2418 return -1; 2419 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2420 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2421 if (context_read_and_validate 2422 (&c->context[0], p, fp)) 2423 return -1; 2424 break; 2425 case OCON_XEN_IOMEM: 2426 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2427 if (rc < 0) 2428 return -1; 2429 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2430 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2431 if (context_read_and_validate 2432 (&c->context[0], p, fp)) 2433 return -1; 2434 break; 2435 case OCON_XEN_PCIDEVICE: 2436 rc = next_entry(buf, fp, sizeof(uint32_t)); 2437 if (rc < 0) 2438 return -1; 2439 c->u.device = le32_to_cpu(buf[0]); 2440 if (context_read_and_validate 2441 (&c->context[0], p, fp)) 2442 return -1; 2443 break; 2444 default: 2445 /* should never get here */ 2446 ERR(fp->handle, "Unknown Xen ocontext"); 2447 return -1; 2448 } 2449 } 2450 } 2451 return 0; 2452 } 2453 static int ocontext_read_selinux(struct policydb_compat_info *info, 2454 policydb_t * p, struct policy_file *fp) 2455 { 2456 unsigned int i, j; 2457 size_t nel, len; 2458 ocontext_t *l, *c; 2459 uint32_t buf[8]; 2460 int rc; 2461 2462 for (i = 0; i < info->ocon_num; i++) { 2463 rc = next_entry(buf, fp, sizeof(uint32_t)); 2464 if (rc < 0) 2465 return -1; 2466 nel = le32_to_cpu(buf[0]); 2467 l = NULL; 2468 for (j = 0; j < nel; j++) { 2469 c = calloc(1, sizeof(ocontext_t)); 2470 if (!c) { 2471 return -1; 2472 } 2473 if (l) { 2474 l->next = c; 2475 } else { 2476 p->ocontexts[i] = c; 2477 } 2478 l = c; 2479 switch (i) { 2480 case OCON_ISID: 2481 rc = next_entry(buf, fp, sizeof(uint32_t)); 2482 if (rc < 0) 2483 return -1; 2484 c->sid[0] = le32_to_cpu(buf[0]); 2485 if (context_read_and_validate 2486 (&c->context[0], p, fp)) 2487 return -1; 2488 break; 2489 case OCON_FS: 2490 case OCON_NETIF: 2491 rc = next_entry(buf, fp, sizeof(uint32_t)); 2492 if (rc < 0) 2493 return -1; 2494 len = le32_to_cpu(buf[0]); 2495 c->u.name = malloc(len + 1); 2496 if (!c->u.name) 2497 return -1; 2498 rc = next_entry(c->u.name, fp, len); 2499 if (rc < 0) 2500 return -1; 2501 c->u.name[len] = 0; 2502 if (context_read_and_validate 2503 (&c->context[0], p, fp)) 2504 return -1; 2505 if (context_read_and_validate 2506 (&c->context[1], p, fp)) 2507 return -1; 2508 break; 2509 case OCON_PORT: 2510 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2511 if (rc < 0) 2512 return -1; 2513 c->u.port.protocol = le32_to_cpu(buf[0]); 2514 c->u.port.low_port = le32_to_cpu(buf[1]); 2515 c->u.port.high_port = le32_to_cpu(buf[2]); 2516 if (context_read_and_validate 2517 (&c->context[0], p, fp)) 2518 return -1; 2519 break; 2520 case OCON_NODE: 2521 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2522 if (rc < 0) 2523 return -1; 2524 c->u.node.addr = buf[0]; /* network order */ 2525 c->u.node.mask = buf[1]; /* network order */ 2526 if (context_read_and_validate 2527 (&c->context[0], p, fp)) 2528 return -1; 2529 break; 2530 case OCON_FSUSE: 2531 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2532 if (rc < 0) 2533 return -1; 2534 c->v.behavior = le32_to_cpu(buf[0]); 2535 len = le32_to_cpu(buf[1]); 2536 c->u.name = malloc(len + 1); 2537 if (!c->u.name) 2538 return -1; 2539 rc = next_entry(c->u.name, fp, len); 2540 if (rc < 0) 2541 return -1; 2542 c->u.name[len] = 0; 2543 if (context_read_and_validate 2544 (&c->context[0], p, fp)) 2545 return -1; 2546 break; 2547 case OCON_NODE6:{ 2548 int k; 2549 2550 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2551 if (rc < 0) 2552 return -1; 2553 for (k = 0; k < 4; k++) 2554 /* network order */ 2555 c->u.node6.addr[k] = buf[k]; 2556 for (k = 0; k < 4; k++) 2557 /* network order */ 2558 c->u.node6.mask[k] = buf[k + 4]; 2559 if (context_read_and_validate 2560 (&c->context[0], p, fp)) 2561 return -1; 2562 break; 2563 } 2564 default:{ 2565 ERR(fp->handle, "Unknown SELinux ocontext"); 2566 return -1; 2567 } 2568 } 2569 } 2570 } 2571 return 0; 2572 } 2573 2574 static int ocontext_read(struct policydb_compat_info *info, 2575 policydb_t *p, struct policy_file *fp) 2576 { 2577 int rc = -1; 2578 switch (p->target_platform) { 2579 case SEPOL_TARGET_SELINUX: 2580 rc = ocontext_read_selinux(info, p, fp); 2581 break; 2582 case SEPOL_TARGET_XEN: 2583 rc = ocontext_read_xen(info, p, fp); 2584 break; 2585 default: 2586 ERR(fp->handle, "Unknown target"); 2587 } 2588 return rc; 2589 } 2590 2591 static int genfs_read(policydb_t * p, struct policy_file *fp) 2592 { 2593 uint32_t buf[1]; 2594 size_t nel, nel2, len, len2; 2595 genfs_t *genfs_p, *newgenfs, *genfs; 2596 unsigned int i, j; 2597 ocontext_t *l, *c, *newc = NULL; 2598 int rc; 2599 2600 rc = next_entry(buf, fp, sizeof(uint32_t)); 2601 if (rc < 0) 2602 goto bad; 2603 nel = le32_to_cpu(buf[0]); 2604 genfs_p = NULL; 2605 for (i = 0; i < nel; i++) { 2606 rc = next_entry(buf, fp, sizeof(uint32_t)); 2607 if (rc < 0) 2608 goto bad; 2609 len = le32_to_cpu(buf[0]); 2610 newgenfs = calloc(1, sizeof(genfs_t)); 2611 if (!newgenfs) 2612 goto bad; 2613 newgenfs->fstype = malloc(len + 1); 2614 if (!newgenfs->fstype) { 2615 free(newgenfs); 2616 goto bad; 2617 } 2618 rc = next_entry(newgenfs->fstype, fp, len); 2619 if (rc < 0) { 2620 free(newgenfs->fstype); 2621 free(newgenfs); 2622 goto bad; 2623 } 2624 newgenfs->fstype[len] = 0; 2625 for (genfs_p = NULL, genfs = p->genfs; genfs; 2626 genfs_p = genfs, genfs = genfs->next) { 2627 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2628 ERR(fp->handle, "dup genfs fstype %s", 2629 newgenfs->fstype); 2630 free(newgenfs->fstype); 2631 free(newgenfs); 2632 goto bad; 2633 } 2634 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2635 break; 2636 } 2637 newgenfs->next = genfs; 2638 if (genfs_p) 2639 genfs_p->next = newgenfs; 2640 else 2641 p->genfs = newgenfs; 2642 rc = next_entry(buf, fp, sizeof(uint32_t)); 2643 if (rc < 0) 2644 goto bad; 2645 nel2 = le32_to_cpu(buf[0]); 2646 for (j = 0; j < nel2; j++) { 2647 newc = calloc(1, sizeof(ocontext_t)); 2648 if (!newc) { 2649 goto bad; 2650 } 2651 rc = next_entry(buf, fp, sizeof(uint32_t)); 2652 if (rc < 0) 2653 goto bad; 2654 len = le32_to_cpu(buf[0]); 2655 newc->u.name = malloc(len + 1); 2656 if (!newc->u.name) { 2657 goto bad; 2658 } 2659 rc = next_entry(newc->u.name, fp, len); 2660 if (rc < 0) 2661 goto bad; 2662 newc->u.name[len] = 0; 2663 rc = next_entry(buf, fp, sizeof(uint32_t)); 2664 if (rc < 0) 2665 goto bad; 2666 newc->v.sclass = le32_to_cpu(buf[0]); 2667 if (context_read_and_validate(&newc->context[0], p, fp)) 2668 goto bad; 2669 for (l = NULL, c = newgenfs->head; c; 2670 l = c, c = c->next) { 2671 if (!strcmp(newc->u.name, c->u.name) && 2672 (!c->v.sclass || !newc->v.sclass || 2673 newc->v.sclass == c->v.sclass)) { 2674 ERR(fp->handle, "dup genfs entry " 2675 "(%s,%s)", newgenfs->fstype, 2676 c->u.name); 2677 goto bad; 2678 } 2679 len = strlen(newc->u.name); 2680 len2 = strlen(c->u.name); 2681 if (len > len2) 2682 break; 2683 } 2684 newc->next = c; 2685 if (l) 2686 l->next = newc; 2687 else 2688 newgenfs->head = newc; 2689 } 2690 } 2691 2692 return 0; 2693 2694 bad: 2695 if (newc) { 2696 context_destroy(&newc->context[0]); 2697 context_destroy(&newc->context[1]); 2698 free(newc->u.name); 2699 free(newc); 2700 } 2701 return -1; 2702 } 2703 2704 /* 2705 * Read a MLS level structure from a policydb binary 2706 * representation file. 2707 */ 2708 static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2709 { 2710 uint32_t buf[1]; 2711 int rc; 2712 2713 mls_level_init(lp); 2714 2715 rc = next_entry(buf, fp, sizeof(uint32_t)); 2716 if (rc < 0) { 2717 ERR(fp->handle, "truncated level"); 2718 goto bad; 2719 } 2720 lp->sens = le32_to_cpu(buf[0]); 2721 2722 if (ebitmap_read(&lp->cat, fp)) { 2723 ERR(fp->handle, "error reading level categories"); 2724 goto bad; 2725 } 2726 return 0; 2727 2728 bad: 2729 return -EINVAL; 2730 } 2731 2732 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2733 { 2734 char *key = 0; 2735 user_datum_t *usrdatum; 2736 uint32_t buf[3]; 2737 size_t len; 2738 int rc, to_read = 2; 2739 2740 usrdatum = calloc(1, sizeof(user_datum_t)); 2741 if (!usrdatum) 2742 return -1; 2743 2744 if (policydb_has_boundary_feature(p)) 2745 to_read = 3; 2746 2747 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2748 if (rc < 0) 2749 goto bad; 2750 2751 len = le32_to_cpu(buf[0]); 2752 usrdatum->s.value = le32_to_cpu(buf[1]); 2753 if (policydb_has_boundary_feature(p)) 2754 usrdatum->bounds = le32_to_cpu(buf[2]); 2755 2756 key = malloc(len + 1); 2757 if (!key) 2758 goto bad; 2759 rc = next_entry(key, fp, len); 2760 if (rc < 0) 2761 goto bad; 2762 key[len] = 0; 2763 2764 if (p->policy_type == POLICY_KERN) { 2765 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2766 goto bad; 2767 } else { 2768 if (role_set_read(&usrdatum->roles, fp)) 2769 goto bad; 2770 } 2771 2772 /* users were not allowed in mls modules before version 2773 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2774 * required - the mls fields will be empty. user declarations in 2775 * non-mls modules will also have empty mls fields */ 2776 if ((p->policy_type == POLICY_KERN 2777 && p->policyvers >= POLICYDB_VERSION_MLS) 2778 || (p->policy_type == POLICY_MOD 2779 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2780 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2781 || (p->policy_type == POLICY_BASE 2782 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2783 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2784 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2785 goto bad; 2786 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2787 goto bad; 2788 if (p->policy_type != POLICY_KERN) { 2789 if (mls_range_to_semantic(&usrdatum->exp_range, 2790 &usrdatum->range)) 2791 goto bad; 2792 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2793 &usrdatum->dfltlevel)) 2794 goto bad; 2795 } 2796 } else if ((p->policy_type == POLICY_MOD 2797 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2798 || (p->policy_type == POLICY_BASE 2799 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2800 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2801 goto bad; 2802 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2803 goto bad; 2804 } 2805 2806 if (hashtab_insert(h, key, usrdatum)) 2807 goto bad; 2808 2809 return 0; 2810 2811 bad: 2812 user_destroy(key, usrdatum, NULL); 2813 return -1; 2814 } 2815 2816 static int sens_read(policydb_t * p 2817 __attribute__ ((unused)), hashtab_t h, 2818 struct policy_file *fp) 2819 { 2820 char *key = 0; 2821 level_datum_t *levdatum; 2822 uint32_t buf[2], len; 2823 int rc; 2824 2825 levdatum = malloc(sizeof(level_datum_t)); 2826 if (!levdatum) 2827 return -1; 2828 level_datum_init(levdatum); 2829 2830 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2831 if (rc < 0) 2832 goto bad; 2833 2834 len = le32_to_cpu(buf[0]); 2835 levdatum->isalias = le32_to_cpu(buf[1]); 2836 2837 key = malloc(len + 1); 2838 if (!key) 2839 goto bad; 2840 rc = next_entry(key, fp, len); 2841 if (rc < 0) 2842 goto bad; 2843 key[len] = 0; 2844 2845 levdatum->level = malloc(sizeof(mls_level_t)); 2846 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2847 goto bad; 2848 2849 if (hashtab_insert(h, key, levdatum)) 2850 goto bad; 2851 2852 return 0; 2853 2854 bad: 2855 sens_destroy(key, levdatum, NULL); 2856 return -1; 2857 } 2858 2859 static int cat_read(policydb_t * p 2860 __attribute__ ((unused)), hashtab_t h, 2861 struct policy_file *fp) 2862 { 2863 char *key = 0; 2864 cat_datum_t *catdatum; 2865 uint32_t buf[3], len; 2866 int rc; 2867 2868 catdatum = malloc(sizeof(cat_datum_t)); 2869 if (!catdatum) 2870 return -1; 2871 cat_datum_init(catdatum); 2872 2873 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2874 if (rc < 0) 2875 goto bad; 2876 2877 len = le32_to_cpu(buf[0]); 2878 catdatum->s.value = le32_to_cpu(buf[1]); 2879 catdatum->isalias = le32_to_cpu(buf[2]); 2880 2881 key = malloc(len + 1); 2882 if (!key) 2883 goto bad; 2884 rc = next_entry(key, fp, len); 2885 if (rc < 0) 2886 goto bad; 2887 key[len] = 0; 2888 2889 if (hashtab_insert(h, key, catdatum)) 2890 goto bad; 2891 2892 return 0; 2893 2894 bad: 2895 cat_destroy(key, catdatum, NULL); 2896 return -1; 2897 } 2898 2899 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 2900 struct policy_file * fp) = { 2901 common_read, class_read, role_read, type_read, user_read, 2902 cond_read_bool, sens_read, cat_read,}; 2903 2904 /************** module reading functions below **************/ 2905 2906 static avrule_t *avrule_read(policydb_t * p 2907 __attribute__ ((unused)), struct policy_file *fp) 2908 { 2909 unsigned int i; 2910 uint32_t buf[2], len; 2911 class_perm_node_t *cur, *tail = NULL; 2912 avrule_t *avrule; 2913 int rc; 2914 2915 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 2916 if (!avrule) 2917 return NULL; 2918 2919 avrule_init(avrule); 2920 2921 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2922 if (rc < 0) 2923 goto bad; 2924 2925 (avrule)->specified = le32_to_cpu(buf[0]); 2926 (avrule)->flags = le32_to_cpu(buf[1]); 2927 2928 if (type_set_read(&avrule->stypes, fp)) 2929 goto bad; 2930 2931 if (type_set_read(&avrule->ttypes, fp)) 2932 goto bad; 2933 2934 rc = next_entry(buf, fp, sizeof(uint32_t)); 2935 if (rc < 0) 2936 goto bad; 2937 len = le32_to_cpu(buf[0]); 2938 2939 for (i = 0; i < len; i++) { 2940 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 2941 if (!cur) 2942 goto bad; 2943 class_perm_node_init(cur); 2944 2945 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2946 if (rc < 0) { 2947 free(cur); 2948 goto bad; 2949 } 2950 2951 cur->class = le32_to_cpu(buf[0]); 2952 cur->data = le32_to_cpu(buf[1]); 2953 2954 if (!tail) { 2955 avrule->perms = cur; 2956 } else { 2957 tail->next = cur; 2958 } 2959 tail = cur; 2960 } 2961 2962 return avrule; 2963 bad: 2964 if (avrule) { 2965 avrule_destroy(avrule); 2966 free(avrule); 2967 } 2968 return NULL; 2969 } 2970 2971 static int range_read(policydb_t * p, struct policy_file *fp) 2972 { 2973 uint32_t buf[2], nel; 2974 range_trans_t *rt, *lrt; 2975 range_trans_rule_t *rtr, *lrtr = NULL; 2976 unsigned int i; 2977 int new_rangetr = (p->policy_type == POLICY_KERN && 2978 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 2979 int rc; 2980 2981 rc = next_entry(buf, fp, sizeof(uint32_t)); 2982 if (rc < 0) 2983 return -1; 2984 nel = le32_to_cpu(buf[0]); 2985 lrt = NULL; 2986 for (i = 0; i < nel; i++) { 2987 rt = calloc(1, sizeof(range_trans_t)); 2988 if (!rt) 2989 return -1; 2990 if (lrt) 2991 lrt->next = rt; 2992 else 2993 p->range_tr = rt; 2994 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2995 if (rc < 0) 2996 return -1; 2997 rt->source_type = le32_to_cpu(buf[0]); 2998 rt->target_type = le32_to_cpu(buf[1]); 2999 if (new_rangetr) { 3000 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3001 if (rc < 0) 3002 return -1; 3003 rt->target_class = le32_to_cpu(buf[0]); 3004 } else 3005 rt->target_class = SECCLASS_PROCESS; 3006 if (mls_read_range_helper(&rt->target_range, fp)) 3007 return -1; 3008 lrt = rt; 3009 } 3010 3011 /* if this is a kernel policy, we are done - otherwise we need to 3012 * convert these structs to range_trans_rule_ts */ 3013 if (p->policy_type == POLICY_KERN) 3014 return 0; 3015 3016 /* create range_trans_rules_ts that correspond to the range_trans_ts 3017 * that were just read in from an older policy */ 3018 for (rt = p->range_tr; rt; rt = rt->next) { 3019 rtr = malloc(sizeof(range_trans_rule_t)); 3020 if (!rtr) { 3021 return -1; 3022 } 3023 range_trans_rule_init(rtr); 3024 3025 if (lrtr) 3026 lrtr->next = rtr; 3027 else 3028 p->global->enabled->range_tr_rules = rtr; 3029 3030 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3031 return -1; 3032 3033 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3034 return -1; 3035 3036 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3037 return -1; 3038 3039 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 3040 return -1; 3041 3042 lrtr = rtr; 3043 } 3044 3045 /* now destroy the range_trans_ts */ 3046 lrt = NULL; 3047 for (rt = p->range_tr; rt; rt = rt->next) { 3048 if (lrt) { 3049 ebitmap_destroy(&lrt->target_range.level[0].cat); 3050 ebitmap_destroy(&lrt->target_range.level[1].cat); 3051 free(lrt); 3052 } 3053 lrt = rt; 3054 } 3055 if (lrt) { 3056 ebitmap_destroy(&lrt->target_range.level[0].cat); 3057 ebitmap_destroy(&lrt->target_range.level[1].cat); 3058 free(lrt); 3059 } 3060 p->range_tr = NULL; 3061 3062 return 0; 3063 } 3064 3065 int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3066 struct policy_file *fp) 3067 { 3068 unsigned int i; 3069 avrule_t *cur, *tail; 3070 uint32_t buf[1], len; 3071 int rc; 3072 3073 *avrules = tail = NULL; 3074 3075 rc = next_entry(buf, fp, sizeof(uint32_t)); 3076 if (rc < 0) { 3077 return -1; 3078 } 3079 len = le32_to_cpu(buf[0]); 3080 3081 for (i = 0; i < len; i++) { 3082 cur = avrule_read(p, fp); 3083 if (!cur) { 3084 return -1; 3085 } 3086 3087 if (!tail) { 3088 *avrules = cur; 3089 } else { 3090 tail->next = cur; 3091 } 3092 tail = cur; 3093 } 3094 3095 return 0; 3096 } 3097 3098 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3099 struct policy_file *fp) 3100 { 3101 uint32_t buf[1], nel; 3102 unsigned int i; 3103 role_trans_rule_t *tr, *ltr; 3104 int rc; 3105 3106 rc = next_entry(buf, fp, sizeof(uint32_t)); 3107 if (rc < 0) 3108 return -1; 3109 nel = le32_to_cpu(buf[0]); 3110 ltr = NULL; 3111 for (i = 0; i < nel; i++) { 3112 tr = malloc(sizeof(role_trans_rule_t)); 3113 if (!tr) { 3114 return -1; 3115 } 3116 role_trans_rule_init(tr); 3117 3118 if (ltr) { 3119 ltr->next = tr; 3120 } else { 3121 *r = tr; 3122 } 3123 3124 if (role_set_read(&tr->roles, fp)) 3125 return -1; 3126 3127 if (type_set_read(&tr->types, fp)) 3128 return -1; 3129 3130 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3131 if (ebitmap_read(&tr->classes, fp)) 3132 return -1; 3133 } else { 3134 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3135 return -1; 3136 } 3137 3138 rc = next_entry(buf, fp, sizeof(uint32_t)); 3139 if (rc < 0) 3140 return -1; 3141 tr->new_role = le32_to_cpu(buf[0]); 3142 ltr = tr; 3143 } 3144 3145 return 0; 3146 } 3147 3148 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3149 { 3150 unsigned int i; 3151 uint32_t buf[1], nel; 3152 role_allow_rule_t *ra, *lra; 3153 int rc; 3154 3155 rc = next_entry(buf, fp, sizeof(uint32_t)); 3156 if (rc < 0) 3157 return -1; 3158 nel = le32_to_cpu(buf[0]); 3159 lra = NULL; 3160 for (i = 0; i < nel; i++) { 3161 ra = malloc(sizeof(role_allow_rule_t)); 3162 if (!ra) { 3163 return -1; 3164 } 3165 role_allow_rule_init(ra); 3166 3167 if (lra) { 3168 lra->next = ra; 3169 } else { 3170 *r = ra; 3171 } 3172 3173 if (role_set_read(&ra->roles, fp)) 3174 return -1; 3175 3176 if (role_set_read(&ra->new_roles, fp)) 3177 return -1; 3178 3179 lra = ra; 3180 } 3181 return 0; 3182 } 3183 3184 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3185 { 3186 uint32_t buf[2], nel; 3187 unsigned int i, len; 3188 filename_trans_rule_t *ftr, *lftr; 3189 int rc; 3190 3191 rc = next_entry(buf, fp, sizeof(uint32_t)); 3192 if (rc < 0) 3193 return -1; 3194 nel = le32_to_cpu(buf[0]); 3195 lftr = NULL; 3196 for (i = 0; i < nel; i++) { 3197 ftr = malloc(sizeof(*ftr)); 3198 if (!ftr) 3199 return -1; 3200 3201 filename_trans_rule_init(ftr); 3202 3203 if (lftr) 3204 lftr->next = ftr; 3205 else 3206 *r = ftr; 3207 lftr = ftr; 3208 3209 rc = next_entry(buf, fp, sizeof(uint32_t)); 3210 if (rc < 0) 3211 return -1; 3212 3213 len = le32_to_cpu(buf[0]); 3214 3215 ftr->name = malloc(len + 1); 3216 if (!ftr->name) 3217 return -1; 3218 3219 rc = next_entry(ftr->name, fp, len); 3220 if (rc) 3221 return -1; 3222 ftr->name[len] = 0; 3223 3224 if (type_set_read(&ftr->stypes, fp)) 3225 return -1; 3226 3227 if (type_set_read(&ftr->ttypes, fp)) 3228 return -1; 3229 3230 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3231 if (rc < 0) 3232 return -1; 3233 ftr->tclass = le32_to_cpu(buf[0]); 3234 ftr->otype = le32_to_cpu(buf[1]); 3235 } 3236 3237 return 0; 3238 } 3239 3240 static int range_trans_rule_read(range_trans_rule_t ** r, 3241 struct policy_file *fp) 3242 { 3243 uint32_t buf[1], nel; 3244 unsigned int i; 3245 range_trans_rule_t *rt, *lrt = NULL; 3246 int rc; 3247 3248 rc = next_entry(buf, fp, sizeof(uint32_t)); 3249 if (rc < 0) 3250 return -1; 3251 nel = le32_to_cpu(buf[0]); 3252 for (i = 0; i < nel; i++) { 3253 rt = malloc(sizeof(range_trans_rule_t)); 3254 if (!rt) { 3255 return -1; 3256 } 3257 range_trans_rule_init(rt); 3258 3259 if (lrt) 3260 lrt->next = rt; 3261 else 3262 *r = rt; 3263 3264 if (type_set_read(&rt->stypes, fp)) 3265 return -1; 3266 3267 if (type_set_read(&rt->ttypes, fp)) 3268 return -1; 3269 3270 if (ebitmap_read(&rt->tclasses, fp)) 3271 return -1; 3272 3273 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3274 return -1; 3275 3276 lrt = rt; 3277 } 3278 3279 return 0; 3280 } 3281 3282 static int scope_index_read(scope_index_t * scope_index, 3283 unsigned int num_scope_syms, struct policy_file *fp) 3284 { 3285 unsigned int i; 3286 uint32_t buf[1]; 3287 int rc; 3288 3289 for (i = 0; i < num_scope_syms; i++) { 3290 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3291 return -1; 3292 } 3293 } 3294 rc = next_entry(buf, fp, sizeof(uint32_t)); 3295 if (rc < 0) 3296 return -1; 3297 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3298 if (scope_index->class_perms_len == 0) { 3299 scope_index->class_perms_map = NULL; 3300 return 0; 3301 } 3302 if ((scope_index->class_perms_map = 3303 calloc(scope_index->class_perms_len, 3304 sizeof(*scope_index->class_perms_map))) == NULL) { 3305 return -1; 3306 } 3307 for (i = 0; i < scope_index->class_perms_len; i++) { 3308 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3309 return -1; 3310 } 3311 } 3312 return 0; 3313 } 3314 3315 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3316 unsigned int num_scope_syms, struct policy_file *fp) 3317 { 3318 uint32_t buf[2], nprim, nel; 3319 unsigned int i, j; 3320 int rc; 3321 3322 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3323 if (rc < 0) 3324 return -1; 3325 decl->decl_id = le32_to_cpu(buf[0]); 3326 decl->enabled = le32_to_cpu(buf[1]); 3327 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3328 avrule_read_list(p, &decl->avrules, fp) == -1 || 3329 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3330 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3331 return -1; 3332 } 3333 3334 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3335 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3336 return -1; 3337 3338 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3339 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3340 return -1; 3341 } 3342 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3343 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3344 return -1; 3345 } 3346 3347 for (i = 0; i < num_scope_syms; i++) { 3348 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3349 if (rc < 0) 3350 return -1; 3351 nprim = le32_to_cpu(buf[0]); 3352 nel = le32_to_cpu(buf[1]); 3353 for (j = 0; j < nel; j++) { 3354 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3355 return -1; 3356 } 3357 } 3358 decl->symtab[i].nprim = nprim; 3359 } 3360 return 0; 3361 } 3362 3363 static int avrule_block_read(policydb_t * p, 3364 avrule_block_t ** block, 3365 unsigned int num_scope_syms, 3366 struct policy_file *fp) 3367 { 3368 avrule_block_t *last_block = NULL, *curblock; 3369 uint32_t buf[1], num_blocks, nel; 3370 int rc; 3371 3372 rc = next_entry(buf, fp, sizeof(uint32_t)); 3373 if (rc < 0) 3374 return -1; 3375 num_blocks = le32_to_cpu(buf[0]); 3376 nel = num_blocks; 3377 while (num_blocks > 0) { 3378 avrule_decl_t *last_decl = NULL, *curdecl; 3379 uint32_t num_decls; 3380 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3381 return -1; 3382 } 3383 rc = next_entry(buf, fp, sizeof(uint32_t)); 3384 if (rc < 0) { 3385 free(curblock); 3386 return -1; 3387 } 3388 /* if this is the first block its non-optional, else its optional */ 3389 if (num_blocks != nel) 3390 curblock->flags |= AVRULE_OPTIONAL; 3391 3392 num_decls = le32_to_cpu(buf[0]); 3393 while (num_decls > 0) { 3394 if ((curdecl = avrule_decl_create(0)) == NULL) { 3395 avrule_block_destroy(curblock); 3396 return -1; 3397 } 3398 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3399 -1) { 3400 avrule_decl_destroy(curdecl); 3401 avrule_block_destroy(curblock); 3402 return -1; 3403 } 3404 if (curdecl->enabled) { 3405 if (curblock->enabled != NULL) { 3406 /* probably a corrupt file */ 3407 avrule_decl_destroy(curdecl); 3408 avrule_block_destroy(curblock); 3409 return -1; 3410 } 3411 curblock->enabled = curdecl; 3412 } 3413 /* one must be careful to reconstruct the 3414 * decl chain in its correct order */ 3415 if (curblock->branch_list == NULL) { 3416 curblock->branch_list = curdecl; 3417 } else { 3418 last_decl->next = curdecl; 3419 } 3420 last_decl = curdecl; 3421 num_decls--; 3422 } 3423 3424 if (*block == NULL) { 3425 *block = curblock; 3426 } else { 3427 last_block->next = curblock; 3428 } 3429 last_block = curblock; 3430 3431 num_blocks--; 3432 } 3433 3434 return 0; 3435 } 3436 3437 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3438 { 3439 scope_datum_t *scope = NULL; 3440 uint32_t buf[2]; 3441 char *key = NULL; 3442 size_t key_len; 3443 unsigned int i; 3444 hashtab_t h = p->scope[symnum].table; 3445 int rc; 3446 3447 rc = next_entry(buf, fp, sizeof(uint32_t)); 3448 if (rc < 0) 3449 goto cleanup; 3450 key_len = le32_to_cpu(buf[0]); 3451 key = malloc(key_len + 1); 3452 if (!key) 3453 goto cleanup; 3454 rc = next_entry(key, fp, key_len); 3455 if (rc < 0) 3456 goto cleanup; 3457 key[key_len] = '\0'; 3458 3459 /* ensure that there already exists a symbol with this key */ 3460 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3461 goto cleanup; 3462 } 3463 3464 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3465 goto cleanup; 3466 } 3467 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3468 if (rc < 0) 3469 goto cleanup; 3470 scope->scope = le32_to_cpu(buf[0]); 3471 scope->decl_ids_len = le32_to_cpu(buf[1]); 3472 assert(scope->decl_ids_len > 0); 3473 if ((scope->decl_ids = 3474 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3475 goto cleanup; 3476 } 3477 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3478 if (rc < 0) 3479 goto cleanup; 3480 for (i = 0; i < scope->decl_ids_len; i++) { 3481 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3482 } 3483 3484 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3485 /* object_r was already added to this table in roles_init() */ 3486 scope_destroy(key, scope, NULL); 3487 } else { 3488 if (hashtab_insert(h, key, scope)) { 3489 goto cleanup; 3490 } 3491 } 3492 3493 return 0; 3494 3495 cleanup: 3496 scope_destroy(key, scope, NULL); 3497 return -1; 3498 } 3499 3500 /* 3501 * Read the configuration data from a policy database binary 3502 * representation file into a policy database structure. 3503 */ 3504 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3505 { 3506 3507 unsigned int i, j, r_policyvers; 3508 uint32_t buf[5]; 3509 size_t len, nprim, nel; 3510 char *policydb_str; 3511 struct policydb_compat_info *info; 3512 unsigned int policy_type, bufindex; 3513 ebitmap_node_t *tnode; 3514 int rc; 3515 3516 /* Read the magic number and string length. */ 3517 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3518 if (rc < 0) 3519 return POLICYDB_ERROR; 3520 for (i = 0; i < 2; i++) 3521 buf[i] = le32_to_cpu(buf[i]); 3522 3523 if (buf[0] == POLICYDB_MAGIC) { 3524 policy_type = POLICY_KERN; 3525 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3526 policy_type = POLICY_MOD; 3527 } else { 3528 ERR(fp->handle, "policydb magic number %#08x does not " 3529 "match expected magic number %#08x or %#08x", 3530 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3531 return POLICYDB_ERROR; 3532 } 3533 3534 len = buf[1]; 3535 if (len > POLICYDB_STRING_MAX_LENGTH) { 3536 ERR(fp->handle, "policydb string length too long "); 3537 return POLICYDB_ERROR; 3538 } 3539 3540 policydb_str = malloc(len + 1); 3541 if (!policydb_str) { 3542 ERR(fp->handle, "unable to allocate memory for policydb " 3543 "string of length %zu", len); 3544 return POLICYDB_ERROR; 3545 } 3546 rc = next_entry(policydb_str, fp, len); 3547 if (rc < 0) { 3548 ERR(fp->handle, "truncated policydb string identifier"); 3549 free(policydb_str); 3550 return POLICYDB_ERROR; 3551 } 3552 policydb_str[len] = 0; 3553 3554 if (policy_type == POLICY_KERN) { 3555 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3556 if ((strcmp(policydb_str, policydb_target_strings[i]) 3557 == 0)) { 3558 policydb_set_target_platform(p, i); 3559 break; 3560 } 3561 } 3562 3563 if (i == POLICYDB_TARGET_SZ) { 3564 ERR(fp->handle, "cannot find a valid target for policy " 3565 "string %s", policydb_str); 3566 free(policydb_str); 3567 return POLICYDB_ERROR; 3568 } 3569 } else { 3570 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3571 ERR(fp->handle, "invalid string identifier %s", 3572 policydb_str); 3573 free(policydb_str); 3574 return POLICYDB_ERROR; 3575 } 3576 } 3577 3578 /* Done with policydb_str. */ 3579 free(policydb_str); 3580 policydb_str = NULL; 3581 3582 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3583 if (policy_type == POLICY_KERN) 3584 nel = 4; 3585 else 3586 nel = 5; 3587 3588 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3589 if (rc < 0) 3590 return POLICYDB_ERROR; 3591 for (i = 0; i < nel; i++) 3592 buf[i] = le32_to_cpu(buf[i]); 3593 3594 bufindex = 0; 3595 3596 if (policy_type == POLICY_MOD) { 3597 /* We know it's a module but not whether it's a base 3598 module or regular binary policy module. buf[0] 3599 tells us which. */ 3600 policy_type = buf[bufindex]; 3601 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3602 ERR(fp->handle, "unknown module type: %#08x", 3603 policy_type); 3604 return POLICYDB_ERROR; 3605 } 3606 bufindex++; 3607 } 3608 3609 r_policyvers = buf[bufindex]; 3610 if (policy_type == POLICY_KERN) { 3611 if (r_policyvers < POLICYDB_VERSION_MIN || 3612 r_policyvers > POLICYDB_VERSION_MAX) { 3613 ERR(fp->handle, "policydb version %d does not match " 3614 "my version range %d-%d", buf[bufindex], 3615 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3616 return POLICYDB_ERROR; 3617 } 3618 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3619 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3620 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3621 ERR(fp->handle, "policydb module version %d does " 3622 "not match my version range %d-%d", 3623 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3624 MOD_POLICYDB_VERSION_MAX); 3625 return POLICYDB_ERROR; 3626 } 3627 } else { 3628 assert(0); 3629 } 3630 bufindex++; 3631 3632 /* Set the policy type and version from the read values. */ 3633 p->policy_type = policy_type; 3634 p->policyvers = r_policyvers; 3635 3636 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3637 p->mls = 1; 3638 } else { 3639 p->mls = 0; 3640 } 3641 3642 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3643 3644 bufindex++; 3645 3646 info = policydb_lookup_compat(r_policyvers, policy_type, 3647 p->target_platform); 3648 if (!info) { 3649 ERR(fp->handle, "unable to find policy compat info " 3650 "for version %d", r_policyvers); 3651 goto bad; 3652 } 3653 3654 if (buf[bufindex] != info->sym_num 3655 || buf[bufindex + 1] != info->ocon_num) { 3656 ERR(fp->handle, 3657 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3658 buf[bufindex], buf[bufindex + 1], info->sym_num, 3659 info->ocon_num); 3660 goto bad; 3661 } 3662 3663 if (p->policy_type == POLICY_MOD) { 3664 /* Get the module name and version */ 3665 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3666 goto bad; 3667 } 3668 len = le32_to_cpu(buf[0]); 3669 if ((p->name = malloc(len + 1)) == NULL) { 3670 goto bad; 3671 } 3672 if ((rc = next_entry(p->name, fp, len)) < 0) { 3673 goto bad; 3674 } 3675 p->name[len] = '\0'; 3676 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3677 goto bad; 3678 } 3679 len = le32_to_cpu(buf[0]); 3680 if ((p->version = malloc(len + 1)) == NULL) { 3681 goto bad; 3682 } 3683 if ((rc = next_entry(p->version, fp, len)) < 0) { 3684 goto bad; 3685 } 3686 p->version[len] = '\0'; 3687 } 3688 3689 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3690 p->policy_type == POLICY_KERN) || 3691 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3692 p->policy_type == POLICY_BASE) || 3693 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3694 p->policy_type == POLICY_MOD)) { 3695 if (ebitmap_read(&p->policycaps, fp)) 3696 goto bad; 3697 } 3698 3699 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3700 p->policy_type == POLICY_KERN) { 3701 if (ebitmap_read(&p->permissive_map, fp)) 3702 goto bad; 3703 } 3704 3705 for (i = 0; i < info->sym_num; i++) { 3706 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3707 if (rc < 0) 3708 goto bad; 3709 nprim = le32_to_cpu(buf[0]); 3710 nel = le32_to_cpu(buf[1]); 3711 for (j = 0; j < nel; j++) { 3712 if (read_f[i] (p, p->symtab[i].table, fp)) 3713 goto bad; 3714 } 3715 3716 p->symtab[i].nprim = nprim; 3717 } 3718 3719 if (policy_type == POLICY_KERN) { 3720 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3721 goto bad; 3722 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3723 if (cond_read_list(p, &p->cond_list, fp)) 3724 goto bad; 3725 if (role_trans_read(p, fp)) 3726 goto bad; 3727 if (role_allow_read(&p->role_allow, fp)) 3728 goto bad; 3729 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3730 filename_trans_read(&p->filename_trans, fp)) 3731 goto bad; 3732 } else { 3733 /* first read the AV rule blocks, then the scope tables */ 3734 avrule_block_destroy(p->global); 3735 p->global = NULL; 3736 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3737 goto bad; 3738 } 3739 for (i = 0; i < info->sym_num; i++) { 3740 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3741 goto bad; 3742 } 3743 nel = le32_to_cpu(buf[0]); 3744 for (j = 0; j < nel; j++) { 3745 if (scope_read(p, i, fp)) 3746 goto bad; 3747 } 3748 } 3749 3750 } 3751 3752 if (policydb_index_decls(p)) 3753 goto bad; 3754 3755 if (policydb_index_classes(p)) 3756 goto bad; 3757 3758 if (policydb_index_others(fp->handle, p, verbose)) 3759 goto bad; 3760 3761 if (ocontext_read(info, p, fp) == -1) { 3762 goto bad; 3763 } 3764 3765 if (genfs_read(p, fp) == -1) { 3766 goto bad; 3767 } 3768 3769 if ((p->policy_type == POLICY_KERN 3770 && p->policyvers >= POLICYDB_VERSION_MLS) 3771 || (p->policy_type == POLICY_BASE 3772 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3773 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3774 if (range_read(p, fp)) { 3775 goto bad; 3776 } 3777 } 3778 3779 if (policy_type == POLICY_KERN) { 3780 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3781 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3782 if (!p->type_attr_map || !p->attr_type_map) 3783 goto bad; 3784 for (i = 0; i < p->p_types.nprim; i++) { 3785 ebitmap_init(&p->type_attr_map[i]); 3786 ebitmap_init(&p->attr_type_map[i]); 3787 } 3788 for (i = 0; i < p->p_types.nprim; i++) { 3789 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3790 if (ebitmap_read(&p->type_attr_map[i], fp)) 3791 goto bad; 3792 ebitmap_for_each_bit(&p->type_attr_map[i], 3793 tnode, j) { 3794 if (!ebitmap_node_get_bit(tnode, j) 3795 || i == j) 3796 continue; 3797 if (ebitmap_set_bit 3798 (&p->attr_type_map[j], i, 1)) 3799 goto bad; 3800 } 3801 } 3802 /* add the type itself as the degenerate case */ 3803 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3804 goto bad; 3805 } 3806 } 3807 3808 return POLICYDB_SUCCESS; 3809 bad: 3810 return POLICYDB_ERROR; 3811 } 3812 3813 int policydb_reindex_users(policydb_t * p) 3814 { 3815 unsigned int i = SYM_USERS; 3816 3817 if (p->user_val_to_struct) 3818 free(p->user_val_to_struct); 3819 if (p->sym_val_to_name[i]) 3820 free(p->sym_val_to_name[i]); 3821 3822 p->user_val_to_struct = (user_datum_t **) 3823 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3824 if (!p->user_val_to_struct) 3825 return -1; 3826 3827 p->sym_val_to_name[i] = (char **) 3828 malloc(p->symtab[i].nprim * sizeof(char *)); 3829 if (!p->sym_val_to_name[i]) 3830 return -1; 3831 3832 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3833 return -1; 3834 3835 /* Expand user roles for context validity checking */ 3836 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3837 return -1; 3838 3839 return 0; 3840 } 3841 3842 void policy_file_init(policy_file_t *pf) 3843 { 3844 memset(pf, 0, sizeof(policy_file_t)); 3845 } 3846 3847 int policydb_set_target_platform(policydb_t *p, int platform) 3848 { 3849 if (platform == SEPOL_TARGET_SELINUX) 3850 p->target_platform = SEPOL_TARGET_SELINUX; 3851 else if (platform == SEPOL_TARGET_XEN) 3852 p->target_platform = SEPOL_TARGET_XEN; 3853 else 3854 return -1; 3855 3856 return 0; 3857 } 3858 3859
