1 2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 3 4 /* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris (at) redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37 /* FLASK */ 38 39 /* 40 * Implementation of the policy database. 41 */ 42 43 #include <assert.h> 44 #include <stdlib.h> 45 46 #include <sepol/policydb/policydb.h> 47 #include <sepol/policydb/expand.h> 48 #include <sepol/policydb/conditional.h> 49 #include <sepol/policydb/avrule_block.h> 50 #include <sepol/policydb/util.h> 51 #include <sepol/policydb/flask.h> 52 53 #include "private.h" 54 #include "debug.h" 55 #include "mls.h" 56 57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58 char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 61 static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_FSUSE + 1, 74 .target_platform = SEPOL_TARGET_SELINUX, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BOOL, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_IPV6, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NODE6 + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_RANGETRANS, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_POLCAP, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_PERMISSIVE, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_BOUNDARY, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_FILENAME_TRANS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_ROLETRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_KERN, 155 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_KERN, 162 .version = POLICYDB_VERSION_DEFAULT_TYPE, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_KERN, 169 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_BASE, 176 .version = MOD_POLICYDB_VERSION_BASE, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_BASE, 183 .version = MOD_POLICYDB_VERSION_MLS, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_MLS_USERS, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_POLCAP, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_BOUNDARY, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_BASE, 218 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 219 .sym_num = SYM_NUM, 220 .ocon_num = OCON_NODE6 + 1, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_BASE, 225 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 226 .sym_num = SYM_NUM, 227 .ocon_num = OCON_NODE6 + 1, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_BASE, 232 .version = MOD_POLICYDB_VERSION_ROLETRANS, 233 .sym_num = SYM_NUM, 234 .ocon_num = OCON_NODE6 + 1, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_BASE, 239 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 240 .sym_num = SYM_NUM, 241 .ocon_num = OCON_NODE6 + 1, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_BASE, 246 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 247 .sym_num = SYM_NUM, 248 .ocon_num = OCON_NODE6 + 1, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_BASE, 253 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 254 .sym_num = SYM_NUM, 255 .ocon_num = OCON_NODE6 + 1, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_BASE, 260 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 261 .sym_num = SYM_NUM, 262 .ocon_num = OCON_NODE6 + 1, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_BASE, 267 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 268 .sym_num = SYM_NUM, 269 .ocon_num = OCON_NODE6 + 1, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_MOD, 274 .version = MOD_POLICYDB_VERSION_BASE, 275 .sym_num = SYM_NUM, 276 .ocon_num = 0, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279 { 280 .type = POLICY_MOD, 281 .version = MOD_POLICYDB_VERSION_MLS, 282 .sym_num = SYM_NUM, 283 .ocon_num = 0, 284 .target_platform = SEPOL_TARGET_SELINUX, 285 }, 286 { 287 .type = POLICY_MOD, 288 .version = MOD_POLICYDB_VERSION_MLS_USERS, 289 .sym_num = SYM_NUM, 290 .ocon_num = 0, 291 .target_platform = SEPOL_TARGET_SELINUX, 292 }, 293 { 294 .type = POLICY_MOD, 295 .version = MOD_POLICYDB_VERSION_POLCAP, 296 .sym_num = SYM_NUM, 297 .ocon_num = 0, 298 .target_platform = SEPOL_TARGET_SELINUX, 299 }, 300 { 301 .type = POLICY_MOD, 302 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 303 .sym_num = SYM_NUM, 304 .ocon_num = 0, 305 .target_platform = SEPOL_TARGET_SELINUX, 306 }, 307 { 308 .type = POLICY_MOD, 309 .version = MOD_POLICYDB_VERSION_BOUNDARY, 310 .sym_num = SYM_NUM, 311 .ocon_num = 0, 312 .target_platform = SEPOL_TARGET_SELINUX, 313 }, 314 { 315 .type = POLICY_MOD, 316 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 317 .sym_num = SYM_NUM, 318 .ocon_num = 0, 319 .target_platform = SEPOL_TARGET_SELINUX, 320 }, 321 { 322 .type = POLICY_MOD, 323 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 324 .sym_num = SYM_NUM, 325 .ocon_num = 0, 326 .target_platform = SEPOL_TARGET_SELINUX, 327 }, 328 { 329 .type = POLICY_MOD, 330 .version = MOD_POLICYDB_VERSION_ROLETRANS, 331 .sym_num = SYM_NUM, 332 .ocon_num = 0, 333 .target_platform = SEPOL_TARGET_SELINUX, 334 }, 335 { 336 .type = POLICY_MOD, 337 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 338 .sym_num = SYM_NUM, 339 .ocon_num = 0, 340 .target_platform = SEPOL_TARGET_SELINUX, 341 }, 342 { 343 .type = POLICY_MOD, 344 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 345 .sym_num = SYM_NUM, 346 .ocon_num = 0, 347 .target_platform = SEPOL_TARGET_SELINUX, 348 }, 349 { 350 .type = POLICY_MOD, 351 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 352 .sym_num = SYM_NUM, 353 .ocon_num = 0, 354 .target_platform = SEPOL_TARGET_SELINUX, 355 }, 356 { 357 .type = POLICY_MOD, 358 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 359 .sym_num = SYM_NUM, 360 .ocon_num = 0, 361 .target_platform = SEPOL_TARGET_SELINUX, 362 }, 363 { 364 .type = POLICY_MOD, 365 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 366 .sym_num = SYM_NUM, 367 .ocon_num = 0, 368 .target_platform = SEPOL_TARGET_SELINUX, 369 }, 370 }; 371 372 #if 0 373 static char *symtab_name[SYM_NUM] = { 374 "common prefixes", 375 "classes", 376 "roles", 377 "types", 378 "users", 379 "bools" mls_symtab_names cond_symtab_names 380 }; 381 #endif 382 383 static unsigned int symtab_sizes[SYM_NUM] = { 384 2, 385 32, 386 16, 387 512, 388 128, 389 16, 390 16, 391 16, 392 }; 393 394 struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 395 unsigned int type, 396 unsigned int target_platform) 397 { 398 unsigned int i; 399 struct policydb_compat_info *info = NULL; 400 401 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 402 if (policydb_compat[i].version == version && 403 policydb_compat[i].type == type && 404 policydb_compat[i].target_platform == target_platform) { 405 info = &policydb_compat[i]; 406 break; 407 } 408 } 409 return info; 410 } 411 412 void type_set_init(type_set_t * x) 413 { 414 memset(x, 0, sizeof(type_set_t)); 415 ebitmap_init(&x->types); 416 ebitmap_init(&x->negset); 417 } 418 419 void type_set_destroy(type_set_t * x) 420 { 421 if (x != NULL) { 422 ebitmap_destroy(&x->types); 423 ebitmap_destroy(&x->negset); 424 } 425 } 426 427 void role_set_init(role_set_t * x) 428 { 429 memset(x, 0, sizeof(role_set_t)); 430 ebitmap_init(&x->roles); 431 } 432 433 void role_set_destroy(role_set_t * x) 434 { 435 ebitmap_destroy(&x->roles); 436 } 437 438 void role_datum_init(role_datum_t * x) 439 { 440 memset(x, 0, sizeof(role_datum_t)); 441 ebitmap_init(&x->dominates); 442 type_set_init(&x->types); 443 ebitmap_init(&x->cache); 444 ebitmap_init(&x->roles); 445 } 446 447 void role_datum_destroy(role_datum_t * x) 448 { 449 if (x != NULL) { 450 ebitmap_destroy(&x->dominates); 451 type_set_destroy(&x->types); 452 ebitmap_destroy(&x->cache); 453 ebitmap_destroy(&x->roles); 454 } 455 } 456 457 void type_datum_init(type_datum_t * x) 458 { 459 memset(x, 0, sizeof(*x)); 460 ebitmap_init(&x->types); 461 } 462 463 void type_datum_destroy(type_datum_t * x) 464 { 465 if (x != NULL) { 466 ebitmap_destroy(&x->types); 467 } 468 } 469 470 void user_datum_init(user_datum_t * x) 471 { 472 memset(x, 0, sizeof(user_datum_t)); 473 role_set_init(&x->roles); 474 mls_semantic_range_init(&x->range); 475 mls_semantic_level_init(&x->dfltlevel); 476 ebitmap_init(&x->cache); 477 mls_range_init(&x->exp_range); 478 mls_level_init(&x->exp_dfltlevel); 479 } 480 481 void user_datum_destroy(user_datum_t * x) 482 { 483 if (x != NULL) { 484 role_set_destroy(&x->roles); 485 mls_semantic_range_destroy(&x->range); 486 mls_semantic_level_destroy(&x->dfltlevel); 487 ebitmap_destroy(&x->cache); 488 mls_range_destroy(&x->exp_range); 489 mls_level_destroy(&x->exp_dfltlevel); 490 } 491 } 492 493 void level_datum_init(level_datum_t * x) 494 { 495 memset(x, 0, sizeof(level_datum_t)); 496 } 497 498 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 499 { 500 /* the mls_level_t referenced by the level_datum is managed 501 * separately for now, so there is nothing to destroy */ 502 return; 503 } 504 505 void cat_datum_init(cat_datum_t * x) 506 { 507 memset(x, 0, sizeof(cat_datum_t)); 508 } 509 510 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 511 { 512 /* it's currently a simple struct - really nothing to destroy */ 513 return; 514 } 515 516 void class_perm_node_init(class_perm_node_t * x) 517 { 518 memset(x, 0, sizeof(class_perm_node_t)); 519 } 520 521 void avrule_init(avrule_t * x) 522 { 523 memset(x, 0, sizeof(avrule_t)); 524 type_set_init(&x->stypes); 525 type_set_init(&x->ttypes); 526 } 527 528 void avrule_destroy(avrule_t * x) 529 { 530 class_perm_node_t *cur, *next; 531 532 if (x == NULL) { 533 return; 534 } 535 type_set_destroy(&x->stypes); 536 type_set_destroy(&x->ttypes); 537 538 next = x->perms; 539 while (next) { 540 cur = next; 541 next = cur->next; 542 free(cur); 543 } 544 } 545 546 void role_trans_rule_init(role_trans_rule_t * x) 547 { 548 memset(x, 0, sizeof(*x)); 549 role_set_init(&x->roles); 550 type_set_init(&x->types); 551 ebitmap_init(&x->classes); 552 } 553 554 void role_trans_rule_destroy(role_trans_rule_t * x) 555 { 556 if (x != NULL) { 557 role_set_destroy(&x->roles); 558 type_set_destroy(&x->types); 559 ebitmap_destroy(&x->classes); 560 } 561 } 562 563 void role_trans_rule_list_destroy(role_trans_rule_t * x) 564 { 565 while (x != NULL) { 566 role_trans_rule_t *next = x->next; 567 role_trans_rule_destroy(x); 568 free(x); 569 x = next; 570 } 571 } 572 573 void filename_trans_rule_init(filename_trans_rule_t * x) 574 { 575 memset(x, 0, sizeof(*x)); 576 type_set_init(&x->stypes); 577 type_set_init(&x->ttypes); 578 } 579 580 static void filename_trans_rule_destroy(filename_trans_rule_t * x) 581 { 582 if (!x) 583 return; 584 type_set_destroy(&x->stypes); 585 type_set_destroy(&x->ttypes); 586 free(x->name); 587 } 588 589 void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 590 { 591 filename_trans_rule_t *next; 592 while (x) { 593 next = x->next; 594 filename_trans_rule_destroy(x); 595 free(x); 596 x = next; 597 } 598 } 599 600 void role_allow_rule_init(role_allow_rule_t * x) 601 { 602 memset(x, 0, sizeof(role_allow_rule_t)); 603 role_set_init(&x->roles); 604 role_set_init(&x->new_roles); 605 } 606 607 void role_allow_rule_destroy(role_allow_rule_t * x) 608 { 609 role_set_destroy(&x->roles); 610 role_set_destroy(&x->new_roles); 611 } 612 613 void role_allow_rule_list_destroy(role_allow_rule_t * x) 614 { 615 while (x != NULL) { 616 role_allow_rule_t *next = x->next; 617 role_allow_rule_destroy(x); 618 free(x); 619 x = next; 620 } 621 } 622 623 void range_trans_rule_init(range_trans_rule_t * x) 624 { 625 type_set_init(&x->stypes); 626 type_set_init(&x->ttypes); 627 ebitmap_init(&x->tclasses); 628 mls_semantic_range_init(&x->trange); 629 x->next = NULL; 630 } 631 632 void range_trans_rule_destroy(range_trans_rule_t * x) 633 { 634 type_set_destroy(&x->stypes); 635 type_set_destroy(&x->ttypes); 636 ebitmap_destroy(&x->tclasses); 637 mls_semantic_range_destroy(&x->trange); 638 } 639 640 void range_trans_rule_list_destroy(range_trans_rule_t * x) 641 { 642 while (x != NULL) { 643 range_trans_rule_t *next = x->next; 644 range_trans_rule_destroy(x); 645 free(x); 646 x = next; 647 } 648 } 649 650 void avrule_list_destroy(avrule_t * x) 651 { 652 avrule_t *next, *cur; 653 654 if (!x) 655 return; 656 657 next = x; 658 while (next) { 659 cur = next; 660 next = next->next; 661 avrule_destroy(cur); 662 free(cur); 663 } 664 } 665 666 /* 667 * Initialize the role table by implicitly adding role 'object_r'. If 668 * the policy is a module, set object_r's scope to be SCOPE_REQ, 669 * otherwise set it to SCOPE_DECL. 670 */ 671 static int roles_init(policydb_t * p) 672 { 673 char *key = 0; 674 int rc; 675 role_datum_t *role; 676 677 role = calloc(1, sizeof(role_datum_t)); 678 if (!role) { 679 rc = -ENOMEM; 680 goto out; 681 } 682 key = malloc(strlen(OBJECT_R) + 1); 683 if (!key) { 684 rc = -ENOMEM; 685 goto out_free_role; 686 } 687 strcpy(key, OBJECT_R); 688 rc = symtab_insert(p, SYM_ROLES, key, role, 689 (p->policy_type == 690 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 691 &role->s.value); 692 if (rc) 693 goto out_free_key; 694 if (role->s.value != OBJECT_R_VAL) { 695 rc = -EINVAL; 696 goto out_free_role; 697 } 698 out: 699 return rc; 700 701 out_free_key: 702 free(key); 703 out_free_role: 704 free(role); 705 goto out; 706 } 707 708 /* 709 * Initialize a policy database structure. 710 */ 711 int policydb_init(policydb_t * p) 712 { 713 int i, rc; 714 715 memset(p, 0, sizeof(policydb_t)); 716 717 ebitmap_init(&p->policycaps); 718 719 ebitmap_init(&p->permissive_map); 720 721 for (i = 0; i < SYM_NUM; i++) { 722 p->sym_val_to_name[i] = NULL; 723 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 724 if (rc) 725 goto out_free_symtab; 726 } 727 728 /* initialize the module stuff */ 729 for (i = 0; i < SYM_NUM; i++) { 730 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 731 goto out_free_symtab; 732 } 733 } 734 if ((p->global = avrule_block_create()) == NULL || 735 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 736 goto out_free_symtab; 737 } 738 p->decl_val_to_struct = NULL; 739 740 rc = avtab_init(&p->te_avtab); 741 if (rc) 742 goto out_free_symtab; 743 744 rc = roles_init(p); 745 if (rc) 746 goto out_free_symtab; 747 748 rc = cond_policydb_init(p); 749 if (rc) 750 goto out_free_symtab; 751 out: 752 return rc; 753 754 out_free_symtab: 755 for (i = 0; i < SYM_NUM; i++) { 756 hashtab_destroy(p->symtab[i].table); 757 hashtab_destroy(p->scope[i].table); 758 } 759 avrule_block_list_destroy(p->global); 760 goto out; 761 } 762 763 int policydb_role_cache(hashtab_key_t key 764 __attribute__ ((unused)), hashtab_datum_t datum, 765 void *arg) 766 { 767 policydb_t *p; 768 role_datum_t *role; 769 770 role = (role_datum_t *) datum; 771 p = (policydb_t *) arg; 772 773 ebitmap_destroy(&role->cache); 774 if (type_set_expand(&role->types, &role->cache, p, 1)) { 775 return -1; 776 } 777 778 return 0; 779 } 780 781 int policydb_user_cache(hashtab_key_t key 782 __attribute__ ((unused)), hashtab_datum_t datum, 783 void *arg) 784 { 785 policydb_t *p; 786 user_datum_t *user; 787 788 user = (user_datum_t *) datum; 789 p = (policydb_t *) arg; 790 791 ebitmap_destroy(&user->cache); 792 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 793 return -1; 794 } 795 796 /* we do not expand user's MLS info in kernel policies because the 797 * semantic representation is not present and we do not expand user's 798 * MLS info in module policies because all of the necessary mls 799 * information is not present */ 800 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 801 mls_range_destroy(&user->exp_range); 802 if (mls_semantic_range_expand(&user->range, 803 &user->exp_range, p, NULL)) { 804 return -1; 805 } 806 807 mls_level_destroy(&user->exp_dfltlevel); 808 if (mls_semantic_level_expand(&user->dfltlevel, 809 &user->exp_dfltlevel, p, NULL)) { 810 return -1; 811 } 812 } 813 814 return 0; 815 } 816 817 /* 818 * The following *_index functions are used to 819 * define the val_to_name and val_to_struct arrays 820 * in a policy database structure. The val_to_name 821 * arrays are used when converting security context 822 * structures into string representations. The 823 * val_to_struct arrays are used when the attributes 824 * of a class, role, or user are needed. 825 */ 826 827 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 828 { 829 policydb_t *p; 830 common_datum_t *comdatum; 831 832 comdatum = (common_datum_t *) datum; 833 p = (policydb_t *) datap; 834 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 835 return -EINVAL; 836 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 837 838 return 0; 839 } 840 841 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 842 { 843 policydb_t *p; 844 class_datum_t *cladatum; 845 846 cladatum = (class_datum_t *) datum; 847 p = (policydb_t *) datap; 848 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 849 return -EINVAL; 850 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 851 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 852 853 return 0; 854 } 855 856 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 857 { 858 policydb_t *p; 859 role_datum_t *role; 860 861 role = (role_datum_t *) datum; 862 p = (policydb_t *) datap; 863 if (!role->s.value || role->s.value > p->p_roles.nprim) 864 return -EINVAL; 865 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 866 p->role_val_to_struct[role->s.value - 1] = role; 867 868 return 0; 869 } 870 871 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 872 { 873 policydb_t *p; 874 type_datum_t *typdatum; 875 876 typdatum = (type_datum_t *) datum; 877 p = (policydb_t *) datap; 878 879 if (typdatum->primary) { 880 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 881 return -EINVAL; 882 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 883 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 884 } 885 886 return 0; 887 } 888 889 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 890 { 891 policydb_t *p; 892 user_datum_t *usrdatum; 893 894 usrdatum = (user_datum_t *) datum; 895 p = (policydb_t *) datap; 896 897 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 898 return -EINVAL; 899 900 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 901 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 902 903 return 0; 904 } 905 906 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 907 { 908 policydb_t *p; 909 level_datum_t *levdatum; 910 911 levdatum = (level_datum_t *) datum; 912 p = (policydb_t *) datap; 913 914 if (!levdatum->isalias) { 915 if (!levdatum->level->sens || 916 levdatum->level->sens > p->p_levels.nprim) 917 return -EINVAL; 918 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 919 } 920 921 return 0; 922 } 923 924 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 925 { 926 policydb_t *p; 927 cat_datum_t *catdatum; 928 929 catdatum = (cat_datum_t *) datum; 930 p = (policydb_t *) datap; 931 932 if (!catdatum->isalias) { 933 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 934 return -EINVAL; 935 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 936 } 937 938 return 0; 939 } 940 941 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 942 void *datap) = { 943 common_index, class_index, role_index, type_index, user_index, 944 cond_index_bool, sens_index, cat_index,}; 945 946 /* 947 * Define the common val_to_name array and the class 948 * val_to_name and val_to_struct arrays in a policy 949 * database structure. 950 */ 951 int policydb_index_classes(policydb_t * p) 952 { 953 free(p->p_common_val_to_name); 954 p->p_common_val_to_name = (char **) 955 malloc(p->p_commons.nprim * sizeof(char *)); 956 if (!p->p_common_val_to_name) 957 return -1; 958 959 if (hashtab_map(p->p_commons.table, common_index, p)) 960 return -1; 961 962 free(p->class_val_to_struct); 963 p->class_val_to_struct = (class_datum_t **) 964 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 965 if (!p->class_val_to_struct) 966 return -1; 967 968 free(p->p_class_val_to_name); 969 p->p_class_val_to_name = (char **) 970 malloc(p->p_classes.nprim * sizeof(char *)); 971 if (!p->p_class_val_to_name) 972 return -1; 973 974 if (hashtab_map(p->p_classes.table, class_index, p)) 975 return -1; 976 977 return 0; 978 } 979 980 int policydb_index_bools(policydb_t * p) 981 { 982 983 if (cond_init_bool_indexes(p) == -1) 984 return -1; 985 p->p_bool_val_to_name = (char **) 986 malloc(p->p_bools.nprim * sizeof(char *)); 987 if (!p->p_bool_val_to_name) 988 return -1; 989 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 990 return -1; 991 return 0; 992 } 993 994 int policydb_index_decls(policydb_t * p) 995 { 996 avrule_block_t *curblock; 997 avrule_decl_t *decl; 998 int num_decls = 0; 999 1000 free(p->decl_val_to_struct); 1001 1002 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1003 for (decl = curblock->branch_list; decl != NULL; 1004 decl = decl->next) { 1005 num_decls++; 1006 } 1007 } 1008 1009 p->decl_val_to_struct = 1010 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 1011 if (!p->decl_val_to_struct) { 1012 return -1; 1013 } 1014 1015 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1016 for (decl = curblock->branch_list; decl != NULL; 1017 decl = decl->next) { 1018 p->decl_val_to_struct[decl->decl_id - 1] = decl; 1019 } 1020 } 1021 1022 return 0; 1023 } 1024 1025 /* 1026 * Define the other val_to_name and val_to_struct arrays 1027 * in a policy database structure. 1028 */ 1029 int policydb_index_others(sepol_handle_t * handle, 1030 policydb_t * p, unsigned verbose) 1031 { 1032 int i; 1033 1034 if (verbose) { 1035 INFO(handle, 1036 "security: %d users, %d roles, %d types, %d bools", 1037 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 1038 p->p_bools.nprim); 1039 1040 if (p->mls) 1041 INFO(handle, "security: %d sens, %d cats", 1042 p->p_levels.nprim, p->p_cats.nprim); 1043 1044 INFO(handle, "security: %d classes, %d rules, %d cond rules", 1045 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 1046 } 1047 #if 0 1048 avtab_hash_eval(&p->te_avtab, "rules"); 1049 for (i = 0; i < SYM_NUM; i++) 1050 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 1051 #endif 1052 1053 free(p->role_val_to_struct); 1054 p->role_val_to_struct = (role_datum_t **) 1055 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 1056 if (!p->role_val_to_struct) 1057 return -1; 1058 1059 free(p->user_val_to_struct); 1060 p->user_val_to_struct = (user_datum_t **) 1061 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 1062 if (!p->user_val_to_struct) 1063 return -1; 1064 1065 free(p->type_val_to_struct); 1066 p->type_val_to_struct = (type_datum_t **) 1067 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1068 if (!p->type_val_to_struct) 1069 return -1; 1070 1071 cond_init_bool_indexes(p); 1072 1073 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1074 free(p->sym_val_to_name[i]); 1075 p->sym_val_to_name[i] = NULL; 1076 if (p->symtab[i].nprim) { 1077 p->sym_val_to_name[i] = (char **) 1078 calloc(p->symtab[i].nprim, sizeof(char *)); 1079 if (!p->sym_val_to_name[i]) 1080 return -1; 1081 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1082 return -1; 1083 } 1084 } 1085 1086 /* This pre-expands the roles and users for context validity checking */ 1087 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1088 return -1; 1089 1090 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1091 return -1; 1092 1093 return 0; 1094 } 1095 1096 /* 1097 * The following *_destroy functions are used to 1098 * free any memory allocated for each kind of 1099 * symbol data in the policy database. 1100 */ 1101 1102 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1103 __attribute__ ((unused))) 1104 { 1105 if (key) 1106 free(key); 1107 free(datum); 1108 return 0; 1109 } 1110 1111 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1112 __attribute__ ((unused))) 1113 { 1114 common_datum_t *comdatum; 1115 1116 if (key) 1117 free(key); 1118 comdatum = (common_datum_t *) datum; 1119 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1120 hashtab_destroy(comdatum->permissions.table); 1121 free(datum); 1122 return 0; 1123 } 1124 1125 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1126 __attribute__ ((unused))) 1127 { 1128 class_datum_t *cladatum; 1129 constraint_node_t *constraint, *ctemp; 1130 constraint_expr_t *e, *etmp; 1131 1132 if (key) 1133 free(key); 1134 cladatum = (class_datum_t *) datum; 1135 if (cladatum == NULL) { 1136 return 0; 1137 } 1138 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1139 hashtab_destroy(cladatum->permissions.table); 1140 constraint = cladatum->constraints; 1141 while (constraint) { 1142 e = constraint->expr; 1143 while (e) { 1144 etmp = e; 1145 e = e->next; 1146 constraint_expr_destroy(etmp); 1147 } 1148 ctemp = constraint; 1149 constraint = constraint->next; 1150 free(ctemp); 1151 } 1152 1153 constraint = cladatum->validatetrans; 1154 while (constraint) { 1155 e = constraint->expr; 1156 while (e) { 1157 etmp = e; 1158 e = e->next; 1159 constraint_expr_destroy(etmp); 1160 } 1161 ctemp = constraint; 1162 constraint = constraint->next; 1163 free(ctemp); 1164 } 1165 1166 if (cladatum->comkey) 1167 free(cladatum->comkey); 1168 free(datum); 1169 return 0; 1170 } 1171 1172 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1173 __attribute__ ((unused))) 1174 { 1175 free(key); 1176 role_datum_destroy((role_datum_t *) datum); 1177 free(datum); 1178 return 0; 1179 } 1180 1181 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1182 __attribute__ ((unused))) 1183 { 1184 free(key); 1185 type_datum_destroy((type_datum_t *) datum); 1186 free(datum); 1187 return 0; 1188 } 1189 1190 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1191 __attribute__ ((unused))) 1192 { 1193 free(key); 1194 user_datum_destroy((user_datum_t *) datum); 1195 free(datum); 1196 return 0; 1197 } 1198 1199 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1200 __attribute__ ((unused))) 1201 { 1202 level_datum_t *levdatum; 1203 1204 if (key) 1205 free(key); 1206 levdatum = (level_datum_t *) datum; 1207 mls_level_destroy(levdatum->level); 1208 free(levdatum->level); 1209 level_datum_destroy(levdatum); 1210 free(levdatum); 1211 return 0; 1212 } 1213 1214 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1215 __attribute__ ((unused))) 1216 { 1217 if (key) 1218 free(key); 1219 cat_datum_destroy((cat_datum_t *) datum); 1220 free(datum); 1221 return 0; 1222 } 1223 1224 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1225 void *datap) = { 1226 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1227 cond_destroy_bool, sens_destroy, cat_destroy,}; 1228 1229 void ocontext_selinux_free(ocontext_t **ocontexts) 1230 { 1231 ocontext_t *c, *ctmp; 1232 int i; 1233 1234 for (i = 0; i < OCON_NUM; i++) { 1235 c = ocontexts[i]; 1236 while (c) { 1237 ctmp = c; 1238 c = c->next; 1239 context_destroy(&ctmp->context[0]); 1240 context_destroy(&ctmp->context[1]); 1241 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1242 || i == OCON_FSUSE) 1243 free(ctmp->u.name); 1244 free(ctmp); 1245 } 1246 } 1247 } 1248 1249 void ocontext_xen_free(ocontext_t **ocontexts) 1250 { 1251 ocontext_t *c, *ctmp; 1252 int i; 1253 1254 for (i = 0; i < OCON_NUM; i++) { 1255 c = ocontexts[i]; 1256 while (c) { 1257 ctmp = c; 1258 c = c->next; 1259 context_destroy(&ctmp->context[0]); 1260 context_destroy(&ctmp->context[1]); 1261 if (i == OCON_ISID) 1262 free(ctmp->u.name); 1263 free(ctmp); 1264 } 1265 } 1266 } 1267 1268 /* 1269 * Free any memory allocated by a policy database structure. 1270 */ 1271 void policydb_destroy(policydb_t * p) 1272 { 1273 ocontext_t *c, *ctmp; 1274 genfs_t *g, *gtmp; 1275 unsigned int i; 1276 role_allow_t *ra, *lra = NULL; 1277 role_trans_t *tr, *ltr = NULL; 1278 range_trans_t *rt, *lrt = NULL; 1279 filename_trans_t *ft, *nft; 1280 1281 if (!p) 1282 return; 1283 1284 ebitmap_destroy(&p->policycaps); 1285 1286 ebitmap_destroy(&p->permissive_map); 1287 1288 symtabs_destroy(p->symtab); 1289 1290 for (i = 0; i < SYM_NUM; i++) { 1291 if (p->sym_val_to_name[i]) 1292 free(p->sym_val_to_name[i]); 1293 } 1294 1295 if (p->class_val_to_struct) 1296 free(p->class_val_to_struct); 1297 if (p->role_val_to_struct) 1298 free(p->role_val_to_struct); 1299 if (p->user_val_to_struct) 1300 free(p->user_val_to_struct); 1301 if (p->type_val_to_struct) 1302 free(p->type_val_to_struct); 1303 free(p->decl_val_to_struct); 1304 1305 for (i = 0; i < SYM_NUM; i++) { 1306 (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 1307 hashtab_destroy(p->scope[i].table); 1308 } 1309 avrule_block_list_destroy(p->global); 1310 free(p->name); 1311 free(p->version); 1312 1313 avtab_destroy(&p->te_avtab); 1314 1315 if (p->target_platform == SEPOL_TARGET_SELINUX) 1316 ocontext_selinux_free(p->ocontexts); 1317 else if (p->target_platform == SEPOL_TARGET_XEN) 1318 ocontext_xen_free(p->ocontexts); 1319 1320 g = p->genfs; 1321 while (g) { 1322 free(g->fstype); 1323 c = g->head; 1324 while (c) { 1325 ctmp = c; 1326 c = c->next; 1327 context_destroy(&ctmp->context[0]); 1328 free(ctmp->u.name); 1329 free(ctmp); 1330 } 1331 gtmp = g; 1332 g = g->next; 1333 free(gtmp); 1334 } 1335 cond_policydb_destroy(p); 1336 1337 for (tr = p->role_tr; tr; tr = tr->next) { 1338 if (ltr) 1339 free(ltr); 1340 ltr = tr; 1341 } 1342 if (ltr) 1343 free(ltr); 1344 1345 ft = p->filename_trans; 1346 while (ft) { 1347 nft = ft->next; 1348 free(ft->name); 1349 free(ft); 1350 ft = nft; 1351 } 1352 1353 for (ra = p->role_allow; ra; ra = ra->next) { 1354 if (lra) 1355 free(lra); 1356 lra = ra; 1357 } 1358 if (lra) 1359 free(lra); 1360 1361 for (rt = p->range_tr; rt; rt = rt->next) { 1362 if (lrt) { 1363 ebitmap_destroy(&lrt->target_range.level[0].cat); 1364 ebitmap_destroy(&lrt->target_range.level[1].cat); 1365 free(lrt); 1366 } 1367 lrt = rt; 1368 } 1369 if (lrt) { 1370 ebitmap_destroy(&lrt->target_range.level[0].cat); 1371 ebitmap_destroy(&lrt->target_range.level[1].cat); 1372 free(lrt); 1373 } 1374 1375 if (p->type_attr_map) { 1376 for (i = 0; i < p->p_types.nprim; i++) { 1377 ebitmap_destroy(&p->type_attr_map[i]); 1378 } 1379 free(p->type_attr_map); 1380 } 1381 1382 if (p->attr_type_map) { 1383 for (i = 0; i < p->p_types.nprim; i++) { 1384 ebitmap_destroy(&p->attr_type_map[i]); 1385 } 1386 free(p->attr_type_map); 1387 } 1388 1389 return; 1390 } 1391 1392 void symtabs_destroy(symtab_t * symtab) 1393 { 1394 int i; 1395 for (i = 0; i < SYM_NUM; i++) { 1396 (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 1397 hashtab_destroy(symtab[i].table); 1398 } 1399 } 1400 1401 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1402 __attribute__ ((unused))) 1403 { 1404 scope_datum_t *cur = (scope_datum_t *) datum; 1405 free(key); 1406 if (cur != NULL) { 1407 free(cur->decl_ids); 1408 } 1409 free(cur); 1410 return 0; 1411 } 1412 1413 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1414 { 1415 if (sym_num < 0 || sym_num >= SYM_NUM) { 1416 return NULL; 1417 } 1418 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1419 } 1420 1421 /* 1422 * Load the initial SIDs specified in a policy database 1423 * structure into a SID table. 1424 */ 1425 int policydb_load_isids(policydb_t * p, sidtab_t * s) 1426 { 1427 ocontext_t *head, *c; 1428 1429 if (sepol_sidtab_init(s)) { 1430 ERR(NULL, "out of memory on SID table init"); 1431 return -1; 1432 } 1433 1434 head = p->ocontexts[OCON_ISID]; 1435 for (c = head; c; c = c->next) { 1436 if (!c->context[0].user) { 1437 ERR(NULL, "SID %s was never defined", c->u.name); 1438 return -1; 1439 } 1440 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1441 ERR(NULL, "unable to load initial SID %s", c->u.name); 1442 return -1; 1443 } 1444 } 1445 1446 return 0; 1447 } 1448 1449 /* Declare a symbol for a certain avrule_block context. Insert it 1450 * into a symbol table for a policy. This function will handle 1451 * inserting the appropriate scope information in addition to 1452 * inserting the symbol into the hash table. 1453 * 1454 * arguments: 1455 * policydb_t *pol module policy to modify 1456 * uint32_t sym the symbole table for insertion (SYM_*) 1457 * hashtab_key_t key the key for the symbol - not cloned 1458 * hashtab_datum_t data the data for the symbol - not cloned 1459 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1460 * avrule_decl_id identifier for this symbol's encapsulating declaration 1461 * value (out) assigned value to the symbol (if value is not NULL) 1462 * 1463 * returns: 1464 * 0 success 1465 * 1 success, but symbol already existed as a requirement 1466 * (datum was not inserted and needs to be free()d) 1467 * -1 general error 1468 * -2 scope conflicted 1469 * -ENOMEM memory error 1470 * error codes from hashtab_insert 1471 */ 1472 int symtab_insert(policydb_t * pol, uint32_t sym, 1473 hashtab_key_t key, hashtab_datum_t datum, 1474 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1475 { 1476 int rc, retval = 0; 1477 unsigned int i; 1478 scope_datum_t *scope_datum; 1479 1480 /* check if the symbol is already there. multiple 1481 * declarations of non-roles/non-users are illegal, but 1482 * multiple requires are allowed. */ 1483 1484 /* FIX ME - the failures after the hashtab_insert will leave 1485 * the policy in a inconsistent state. */ 1486 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1487 if (rc == SEPOL_OK) { 1488 /* if no value is passed in the symbol is not primary 1489 * (i.e. aliases) */ 1490 if (value) 1491 *value = ++pol->symtab[sym].nprim; 1492 } else if (rc == SEPOL_EEXIST) { 1493 retval = 1; /* symbol not added -- need to free() later */ 1494 } else { 1495 return rc; 1496 } 1497 1498 /* get existing scope information; if there is not one then 1499 * create it */ 1500 scope_datum = 1501 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1502 if (scope_datum == NULL) { 1503 hashtab_key_t key2 = strdup((char *)key); 1504 if (!key2) 1505 return -ENOMEM; 1506 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1507 free(key2); 1508 return -ENOMEM; 1509 } 1510 scope_datum->scope = scope; 1511 scope_datum->decl_ids = NULL; 1512 scope_datum->decl_ids_len = 0; 1513 if ((rc = 1514 hashtab_insert(pol->scope[sym].table, key2, 1515 scope_datum)) != 0) { 1516 free(key2); 1517 free(scope_datum); 1518 return rc; 1519 } 1520 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1521 /* disallow multiple declarations for non-roles/users */ 1522 if (sym != SYM_ROLES && sym != SYM_USERS) { 1523 return -2; 1524 } 1525 /* Further confine that a role attribute can't have the same 1526 * name as another regular role, and a role attribute can't 1527 * be declared more than once. */ 1528 if (sym == SYM_ROLES) { 1529 role_datum_t *base_role; 1530 role_datum_t *cur_role = (role_datum_t *)datum; 1531 1532 base_role = (role_datum_t *) 1533 hashtab_search(pol->symtab[sym].table, 1534 key); 1535 assert(base_role != NULL); 1536 1537 if (!((base_role->flavor == ROLE_ROLE) && 1538 (cur_role->flavor == ROLE_ROLE))) { 1539 /* Only regular roles are allowed to have 1540 * multiple declarations. */ 1541 return -2; 1542 } 1543 } 1544 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1545 scope_datum->scope = SCOPE_DECL; 1546 } else if (scope_datum->scope != scope) { 1547 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1548 return -2; 1549 } 1550 1551 /* search through the pre-existing list to avoid adding duplicates */ 1552 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1553 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1554 /* already there, so don't modify its scope */ 1555 return retval; 1556 } 1557 } 1558 1559 if (add_i_to_a(avrule_decl_id, 1560 &scope_datum->decl_ids_len, 1561 &scope_datum->decl_ids) == -1) { 1562 return -ENOMEM; 1563 } 1564 1565 return retval; 1566 } 1567 1568 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1569 { 1570 type_set_init(dst); 1571 1572 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1573 return -1; 1574 } 1575 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1576 return -1; 1577 } 1578 1579 dst->flags |= a->flags; 1580 dst->flags |= b->flags; 1581 1582 return 0; 1583 } 1584 1585 int type_set_cpy(type_set_t * dst, type_set_t * src) 1586 { 1587 type_set_init(dst); 1588 1589 dst->flags = src->flags; 1590 if (ebitmap_cpy(&dst->types, &src->types)) 1591 return -1; 1592 if (ebitmap_cpy(&dst->negset, &src->negset)) 1593 return -1; 1594 1595 return 0; 1596 } 1597 1598 int type_set_or_eq(type_set_t * dst, type_set_t * other) 1599 { 1600 int ret; 1601 type_set_t tmp; 1602 1603 if (type_set_or(&tmp, dst, other)) 1604 return -1; 1605 type_set_destroy(dst); 1606 ret = type_set_cpy(dst, &tmp); 1607 type_set_destroy(&tmp); 1608 1609 return ret; 1610 } 1611 1612 int role_set_get_role(role_set_t * x, uint32_t role) 1613 { 1614 if (x->flags & ROLE_STAR) 1615 return 1; 1616 1617 if (ebitmap_get_bit(&x->roles, role - 1)) { 1618 if (x->flags & ROLE_COMP) 1619 return 0; 1620 else 1621 return 1; 1622 } else { 1623 if (x->flags & ROLE_COMP) 1624 return 1; 1625 else 1626 return 0; 1627 } 1628 } 1629 1630 /***********************************************************************/ 1631 /* everything below is for policy reads */ 1632 1633 /* The following are read functions for module structures */ 1634 1635 static int role_set_read(role_set_t * r, struct policy_file *fp) 1636 { 1637 uint32_t buf[1]; 1638 int rc; 1639 1640 if (ebitmap_read(&r->roles, fp)) 1641 return -1; 1642 rc = next_entry(buf, fp, sizeof(uint32_t)); 1643 if (rc < 0) 1644 return -1; 1645 r->flags = le32_to_cpu(buf[0]); 1646 1647 return 0; 1648 } 1649 1650 static int type_set_read(type_set_t * t, struct policy_file *fp) 1651 { 1652 uint32_t buf[1]; 1653 int rc; 1654 1655 if (ebitmap_read(&t->types, fp)) 1656 return -1; 1657 if (ebitmap_read(&t->negset, fp)) 1658 return -1; 1659 1660 rc = next_entry(buf, fp, sizeof(uint32_t)); 1661 if (rc < 0) 1662 return -1; 1663 t->flags = le32_to_cpu(buf[0]); 1664 1665 return 0; 1666 } 1667 1668 /* 1669 * Read a MLS range structure from a policydb binary 1670 * representation file. 1671 */ 1672 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1673 { 1674 uint32_t buf[2], items; 1675 int rc; 1676 1677 rc = next_entry(buf, fp, sizeof(uint32_t)); 1678 if (rc < 0) 1679 goto out; 1680 1681 items = le32_to_cpu(buf[0]); 1682 if (items > ARRAY_SIZE(buf)) { 1683 ERR(fp->handle, "range overflow"); 1684 rc = -EINVAL; 1685 goto out; 1686 } 1687 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1688 if (rc < 0) { 1689 ERR(fp->handle, "truncated range"); 1690 goto out; 1691 } 1692 r->level[0].sens = le32_to_cpu(buf[0]); 1693 if (items > 1) 1694 r->level[1].sens = le32_to_cpu(buf[1]); 1695 else 1696 r->level[1].sens = r->level[0].sens; 1697 1698 rc = ebitmap_read(&r->level[0].cat, fp); 1699 if (rc) { 1700 ERR(fp->handle, "error reading low categories"); 1701 goto out; 1702 } 1703 if (items > 1) { 1704 rc = ebitmap_read(&r->level[1].cat, fp); 1705 if (rc) { 1706 ERR(fp->handle, "error reading high categories"); 1707 goto bad_high; 1708 } 1709 } else { 1710 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1711 if (rc) { 1712 ERR(fp->handle, "out of memory"); 1713 goto bad_high; 1714 } 1715 } 1716 1717 rc = 0; 1718 out: 1719 return rc; 1720 bad_high: 1721 ebitmap_destroy(&r->level[0].cat); 1722 goto out; 1723 } 1724 1725 /* 1726 * Read a semantic MLS level structure from a policydb binary 1727 * representation file. 1728 */ 1729 static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1730 struct policy_file *fp) 1731 { 1732 uint32_t buf[2], ncat; 1733 unsigned int i; 1734 mls_semantic_cat_t *cat; 1735 int rc; 1736 1737 mls_semantic_level_init(l); 1738 1739 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1740 if (rc < 0) { 1741 ERR(fp->handle, "truncated level"); 1742 goto bad; 1743 } 1744 l->sens = le32_to_cpu(buf[0]); 1745 1746 ncat = le32_to_cpu(buf[1]); 1747 for (i = 0; i < ncat; i++) { 1748 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1749 if (!cat) { 1750 ERR(fp->handle, "out of memory"); 1751 goto bad; 1752 } 1753 1754 mls_semantic_cat_init(cat); 1755 cat->next = l->cat; 1756 l->cat = cat; 1757 1758 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1759 if (rc < 0) { 1760 ERR(fp->handle, "error reading level categories"); 1761 goto bad; 1762 } 1763 cat->low = le32_to_cpu(buf[0]); 1764 cat->high = le32_to_cpu(buf[1]); 1765 } 1766 1767 return 0; 1768 1769 bad: 1770 return -EINVAL; 1771 } 1772 1773 /* 1774 * Read a semantic MLS range structure from a policydb binary 1775 * representation file. 1776 */ 1777 static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1778 struct policy_file *fp) 1779 { 1780 int rc; 1781 1782 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1783 if (rc) 1784 return rc; 1785 1786 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1787 1788 return rc; 1789 } 1790 1791 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1792 { 1793 unsigned int i; 1794 ebitmap_node_t *cnode; 1795 mls_semantic_cat_t *open_cat = NULL; 1796 1797 mls_semantic_level_init(sl); 1798 sl->sens = l->sens; 1799 ebitmap_for_each_bit(&l->cat, cnode, i) { 1800 if (ebitmap_node_get_bit(cnode, i)) { 1801 if (open_cat) 1802 continue; 1803 open_cat = (mls_semantic_cat_t *) 1804 malloc(sizeof(mls_semantic_cat_t)); 1805 if (!open_cat) 1806 return -1; 1807 1808 mls_semantic_cat_init(open_cat); 1809 open_cat->low = i + 1; 1810 open_cat->next = sl->cat; 1811 sl->cat = open_cat; 1812 } else { 1813 if (!open_cat) 1814 continue; 1815 open_cat->high = i; 1816 open_cat = NULL; 1817 } 1818 } 1819 if (open_cat) 1820 open_cat->high = i; 1821 1822 return 0; 1823 } 1824 1825 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1826 { 1827 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1828 return -1; 1829 1830 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1831 return -1; 1832 1833 return 0; 1834 } 1835 1836 /* 1837 * Read and validate a security context structure 1838 * from a policydb binary representation file. 1839 */ 1840 static int context_read_and_validate(context_struct_t * c, 1841 policydb_t * p, struct policy_file *fp) 1842 { 1843 uint32_t buf[3]; 1844 int rc; 1845 1846 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1847 if (rc < 0) { 1848 ERR(fp->handle, "context truncated"); 1849 return -1; 1850 } 1851 c->user = le32_to_cpu(buf[0]); 1852 c->role = le32_to_cpu(buf[1]); 1853 c->type = le32_to_cpu(buf[2]); 1854 if ((p->policy_type == POLICY_KERN 1855 && p->policyvers >= POLICYDB_VERSION_MLS) 1856 || (p->policy_type == POLICY_BASE 1857 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1858 if (mls_read_range_helper(&c->range, fp)) { 1859 ERR(fp->handle, "error reading MLS range " 1860 "of context"); 1861 return -1; 1862 } 1863 } 1864 1865 if (!policydb_context_isvalid(p, c)) { 1866 ERR(fp->handle, "invalid security context"); 1867 context_destroy(c); 1868 return -1; 1869 } 1870 return 0; 1871 } 1872 1873 /* 1874 * The following *_read functions are used to 1875 * read the symbol data from a policy database 1876 * binary representation file. 1877 */ 1878 1879 static int perm_read(policydb_t * p 1880 __attribute__ ((unused)), hashtab_t h, 1881 struct policy_file *fp) 1882 { 1883 char *key = 0; 1884 perm_datum_t *perdatum; 1885 uint32_t buf[2]; 1886 size_t len; 1887 int rc; 1888 1889 perdatum = calloc(1, sizeof(perm_datum_t)); 1890 if (!perdatum) 1891 return -1; 1892 1893 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1894 if (rc < 0) 1895 goto bad; 1896 1897 len = le32_to_cpu(buf[0]); 1898 perdatum->s.value = le32_to_cpu(buf[1]); 1899 1900 key = malloc(len + 1); 1901 if (!key) 1902 goto bad; 1903 rc = next_entry(key, fp, len); 1904 if (rc < 0) 1905 goto bad; 1906 key[len] = 0; 1907 1908 if (hashtab_insert(h, key, perdatum)) 1909 goto bad; 1910 1911 return 0; 1912 1913 bad: 1914 perm_destroy(key, perdatum, NULL); 1915 return -1; 1916 } 1917 1918 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1919 { 1920 char *key = 0; 1921 common_datum_t *comdatum; 1922 uint32_t buf[4]; 1923 size_t len, nel; 1924 unsigned int i; 1925 int rc; 1926 1927 comdatum = calloc(1, sizeof(common_datum_t)); 1928 if (!comdatum) 1929 return -1; 1930 1931 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1932 if (rc < 0) 1933 goto bad; 1934 1935 len = le32_to_cpu(buf[0]); 1936 comdatum->s.value = le32_to_cpu(buf[1]); 1937 1938 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1939 goto bad; 1940 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1941 nel = le32_to_cpu(buf[3]); 1942 1943 key = malloc(len + 1); 1944 if (!key) 1945 goto bad; 1946 rc = next_entry(key, fp, len); 1947 if (rc < 0) 1948 goto bad; 1949 key[len] = 0; 1950 1951 for (i = 0; i < nel; i++) { 1952 if (perm_read(p, comdatum->permissions.table, fp)) 1953 goto bad; 1954 } 1955 1956 if (hashtab_insert(h, key, comdatum)) 1957 goto bad; 1958 1959 return 0; 1960 1961 bad: 1962 common_destroy(key, comdatum, NULL); 1963 return -1; 1964 } 1965 1966 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1967 unsigned int ncons, 1968 int allowxtarget, struct policy_file *fp) 1969 { 1970 constraint_node_t *c, *lc; 1971 constraint_expr_t *e, *le; 1972 uint32_t buf[3]; 1973 size_t nexpr; 1974 unsigned int i, j; 1975 int rc, depth; 1976 1977 lc = NULL; 1978 for (i = 0; i < ncons; i++) { 1979 c = calloc(1, sizeof(constraint_node_t)); 1980 if (!c) 1981 return -1; 1982 1983 if (lc) 1984 lc->next = c; 1985 else 1986 *nodep = c; 1987 1988 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 1989 if (rc < 0) 1990 return -1; 1991 c->permissions = le32_to_cpu(buf[0]); 1992 nexpr = le32_to_cpu(buf[1]); 1993 le = NULL; 1994 depth = -1; 1995 for (j = 0; j < nexpr; j++) { 1996 e = malloc(sizeof(constraint_expr_t)); 1997 if (!e) 1998 return -1; 1999 if (constraint_expr_init(e) == -1) { 2000 free(e); 2001 return -1; 2002 } 2003 if (le) { 2004 le->next = e; 2005 } else { 2006 c->expr = e; 2007 } 2008 2009 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2010 if (rc < 0) 2011 return -1; 2012 e->expr_type = le32_to_cpu(buf[0]); 2013 e->attr = le32_to_cpu(buf[1]); 2014 e->op = le32_to_cpu(buf[2]); 2015 2016 switch (e->expr_type) { 2017 case CEXPR_NOT: 2018 if (depth < 0) 2019 return -1; 2020 break; 2021 case CEXPR_AND: 2022 case CEXPR_OR: 2023 if (depth < 1) 2024 return -1; 2025 depth--; 2026 break; 2027 case CEXPR_ATTR: 2028 if (depth == (CEXPR_MAXDEPTH - 1)) 2029 return -1; 2030 depth++; 2031 break; 2032 case CEXPR_NAMES: 2033 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 2034 return -1; 2035 if (depth == (CEXPR_MAXDEPTH - 1)) 2036 return -1; 2037 depth++; 2038 if (ebitmap_read(&e->names, fp)) 2039 return -1; 2040 if (p->policy_type != POLICY_KERN && 2041 type_set_read(e->type_names, fp)) 2042 return -1; 2043 else if (p->policy_type == POLICY_KERN && 2044 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 2045 type_set_read(e->type_names, fp)) 2046 return -1; 2047 break; 2048 default: 2049 return -1; 2050 } 2051 le = e; 2052 } 2053 if (depth != 0) 2054 return -1; 2055 lc = c; 2056 } 2057 2058 return 0; 2059 } 2060 2061 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2062 { 2063 char *key = 0; 2064 class_datum_t *cladatum; 2065 uint32_t buf[6]; 2066 size_t len, len2, ncons, nel; 2067 unsigned int i; 2068 int rc; 2069 2070 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2071 if (!cladatum) 2072 return -1; 2073 2074 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2075 if (rc < 0) 2076 goto bad; 2077 2078 len = le32_to_cpu(buf[0]); 2079 len2 = le32_to_cpu(buf[1]); 2080 cladatum->s.value = le32_to_cpu(buf[2]); 2081 2082 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2083 goto bad; 2084 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2085 nel = le32_to_cpu(buf[4]); 2086 2087 ncons = le32_to_cpu(buf[5]); 2088 2089 key = malloc(len + 1); 2090 if (!key) 2091 goto bad; 2092 rc = next_entry(key, fp, len); 2093 if (rc < 0) 2094 goto bad; 2095 key[len] = 0; 2096 2097 if (len2) { 2098 cladatum->comkey = malloc(len2 + 1); 2099 if (!cladatum->comkey) 2100 goto bad; 2101 rc = next_entry(cladatum->comkey, fp, len2); 2102 if (rc < 0) 2103 goto bad; 2104 cladatum->comkey[len2] = 0; 2105 2106 cladatum->comdatum = hashtab_search(p->p_commons.table, 2107 cladatum->comkey); 2108 if (!cladatum->comdatum) { 2109 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2110 goto bad; 2111 } 2112 } 2113 for (i = 0; i < nel; i++) { 2114 if (perm_read(p, cladatum->permissions.table, fp)) 2115 goto bad; 2116 } 2117 2118 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2119 goto bad; 2120 2121 if ((p->policy_type == POLICY_KERN 2122 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2123 || (p->policy_type == POLICY_BASE 2124 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2125 /* grab the validatetrans rules */ 2126 rc = next_entry(buf, fp, sizeof(uint32_t)); 2127 if (rc < 0) 2128 goto bad; 2129 ncons = le32_to_cpu(buf[0]); 2130 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2131 goto bad; 2132 } 2133 2134 if ((p->policy_type == POLICY_KERN && 2135 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 2136 (p->policy_type == POLICY_BASE && 2137 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 2138 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2139 if (rc < 0) 2140 goto bad; 2141 cladatum->default_user = le32_to_cpu(buf[0]); 2142 cladatum->default_role = le32_to_cpu(buf[1]); 2143 cladatum->default_range = le32_to_cpu(buf[2]); 2144 } 2145 2146 if ((p->policy_type == POLICY_KERN && 2147 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2148 (p->policy_type == POLICY_BASE && 2149 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2150 rc = next_entry(buf, fp, sizeof(uint32_t)); 2151 if (rc < 0) 2152 goto bad; 2153 cladatum->default_type = le32_to_cpu(buf[0]); 2154 } 2155 2156 if (hashtab_insert(h, key, cladatum)) 2157 goto bad; 2158 2159 return 0; 2160 2161 bad: 2162 class_destroy(key, cladatum, NULL); 2163 return -1; 2164 } 2165 2166 static int role_read(policydb_t * p 2167 __attribute__ ((unused)), hashtab_t h, 2168 struct policy_file *fp) 2169 { 2170 char *key = 0; 2171 role_datum_t *role; 2172 uint32_t buf[3]; 2173 size_t len; 2174 int rc, to_read = 2; 2175 2176 role = calloc(1, sizeof(role_datum_t)); 2177 if (!role) 2178 return -1; 2179 2180 if (policydb_has_boundary_feature(p)) 2181 to_read = 3; 2182 2183 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2184 if (rc < 0) 2185 goto bad; 2186 2187 len = le32_to_cpu(buf[0]); 2188 role->s.value = le32_to_cpu(buf[1]); 2189 if (policydb_has_boundary_feature(p)) 2190 role->bounds = le32_to_cpu(buf[2]); 2191 2192 key = malloc(len + 1); 2193 if (!key) 2194 goto bad; 2195 rc = next_entry(key, fp, len); 2196 if (rc < 0) 2197 goto bad; 2198 key[len] = 0; 2199 2200 if (ebitmap_read(&role->dominates, fp)) 2201 goto bad; 2202 2203 if (p->policy_type == POLICY_KERN) { 2204 if (ebitmap_read(&role->types.types, fp)) 2205 goto bad; 2206 } else { 2207 if (type_set_read(&role->types, fp)) 2208 goto bad; 2209 } 2210 2211 if (p->policy_type != POLICY_KERN && 2212 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2213 rc = next_entry(buf, fp, sizeof(uint32_t)); 2214 if (rc < 0) 2215 goto bad; 2216 2217 role->flavor = le32_to_cpu(buf[0]); 2218 2219 if (ebitmap_read(&role->roles, fp)) 2220 goto bad; 2221 } 2222 2223 if (strcmp(key, OBJECT_R) == 0) { 2224 if (role->s.value != OBJECT_R_VAL) { 2225 ERR(fp->handle, "role %s has wrong value %d", 2226 OBJECT_R, role->s.value); 2227 role_destroy(key, role, NULL); 2228 return -1; 2229 } 2230 role_destroy(key, role, NULL); 2231 return 0; 2232 } 2233 2234 if (hashtab_insert(h, key, role)) 2235 goto bad; 2236 2237 return 0; 2238 2239 bad: 2240 role_destroy(key, role, NULL); 2241 return -1; 2242 } 2243 2244 static int type_read(policydb_t * p 2245 __attribute__ ((unused)), hashtab_t h, 2246 struct policy_file *fp) 2247 { 2248 char *key = 0; 2249 type_datum_t *typdatum; 2250 uint32_t buf[5]; 2251 size_t len; 2252 int rc, to_read; 2253 int pos = 0; 2254 2255 typdatum = calloc(1, sizeof(type_datum_t)); 2256 if (!typdatum) 2257 return -1; 2258 2259 if (policydb_has_boundary_feature(p)) { 2260 if (p->policy_type != POLICY_KERN 2261 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2262 to_read = 5; 2263 else 2264 to_read = 4; 2265 } 2266 else if (p->policy_type == POLICY_KERN) 2267 to_read = 3; 2268 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2269 to_read = 5; 2270 else 2271 to_read = 4; 2272 2273 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2274 if (rc < 0) 2275 goto bad; 2276 2277 len = le32_to_cpu(buf[pos]); 2278 typdatum->s.value = le32_to_cpu(buf[++pos]); 2279 if (policydb_has_boundary_feature(p)) { 2280 uint32_t properties; 2281 2282 if (p->policy_type != POLICY_KERN 2283 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2284 typdatum->primary = le32_to_cpu(buf[++pos]); 2285 properties = le32_to_cpu(buf[++pos]); 2286 } 2287 else { 2288 properties = le32_to_cpu(buf[++pos]); 2289 2290 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2291 typdatum->primary = 1; 2292 } 2293 2294 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2295 typdatum->flavor = TYPE_ATTRIB; 2296 if (properties & TYPEDATUM_PROPERTY_ALIAS 2297 && p->policy_type != POLICY_KERN) 2298 typdatum->flavor = TYPE_ALIAS; 2299 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2300 && p->policy_type != POLICY_KERN) 2301 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2302 2303 typdatum->bounds = le32_to_cpu(buf[++pos]); 2304 } else { 2305 typdatum->primary = le32_to_cpu(buf[++pos]); 2306 if (p->policy_type != POLICY_KERN) { 2307 typdatum->flavor = le32_to_cpu(buf[++pos]); 2308 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2309 typdatum->flags = le32_to_cpu(buf[++pos]); 2310 } 2311 } 2312 2313 if (p->policy_type != POLICY_KERN) { 2314 if (ebitmap_read(&typdatum->types, fp)) 2315 goto bad; 2316 } 2317 2318 key = malloc(len + 1); 2319 if (!key) 2320 goto bad; 2321 rc = next_entry(key, fp, len); 2322 if (rc < 0) 2323 goto bad; 2324 key[len] = 0; 2325 2326 if (hashtab_insert(h, key, typdatum)) 2327 goto bad; 2328 2329 return 0; 2330 2331 bad: 2332 type_destroy(key, typdatum, NULL); 2333 return -1; 2334 } 2335 2336 int role_trans_read(policydb_t *p, struct policy_file *fp) 2337 { 2338 role_trans_t **t = &p->role_tr; 2339 unsigned int i; 2340 uint32_t buf[3], nel; 2341 role_trans_t *tr, *ltr; 2342 int rc; 2343 int new_roletr = (p->policy_type == POLICY_KERN && 2344 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2345 2346 rc = next_entry(buf, fp, sizeof(uint32_t)); 2347 if (rc < 0) 2348 return -1; 2349 nel = le32_to_cpu(buf[0]); 2350 ltr = NULL; 2351 for (i = 0; i < nel; i++) { 2352 tr = calloc(1, sizeof(struct role_trans)); 2353 if (!tr) { 2354 return -1; 2355 } 2356 if (ltr) { 2357 ltr->next = tr; 2358 } else { 2359 *t = tr; 2360 } 2361 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2362 if (rc < 0) 2363 return -1; 2364 tr->role = le32_to_cpu(buf[0]); 2365 tr->type = le32_to_cpu(buf[1]); 2366 tr->new_role = le32_to_cpu(buf[2]); 2367 if (new_roletr) { 2368 rc = next_entry(buf, fp, sizeof(uint32_t)); 2369 if (rc < 0) 2370 return -1; 2371 tr->tclass = le32_to_cpu(buf[0]); 2372 } else 2373 tr->tclass = SECCLASS_PROCESS; 2374 ltr = tr; 2375 } 2376 return 0; 2377 } 2378 2379 int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2380 { 2381 unsigned int i; 2382 uint32_t buf[2], nel; 2383 role_allow_t *ra, *lra; 2384 int rc; 2385 2386 rc = next_entry(buf, fp, sizeof(uint32_t)); 2387 if (rc < 0) 2388 return -1; 2389 nel = le32_to_cpu(buf[0]); 2390 lra = NULL; 2391 for (i = 0; i < nel; i++) { 2392 ra = calloc(1, sizeof(struct role_allow)); 2393 if (!ra) { 2394 return -1; 2395 } 2396 if (lra) { 2397 lra->next = ra; 2398 } else { 2399 *r = ra; 2400 } 2401 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2402 if (rc < 0) 2403 return -1; 2404 ra->role = le32_to_cpu(buf[0]); 2405 ra->new_role = le32_to_cpu(buf[1]); 2406 lra = ra; 2407 } 2408 return 0; 2409 } 2410 2411 int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2412 { 2413 unsigned int i; 2414 uint32_t buf[4], nel, len; 2415 filename_trans_t *ft, *lft; 2416 int rc; 2417 char *name; 2418 2419 rc = next_entry(buf, fp, sizeof(uint32_t)); 2420 if (rc < 0) 2421 return -1; 2422 nel = le32_to_cpu(buf[0]); 2423 2424 lft = NULL; 2425 for (i = 0; i < nel; i++) { 2426 ft = calloc(1, sizeof(struct filename_trans)); 2427 if (!ft) 2428 return -1; 2429 if (lft) 2430 lft->next = ft; 2431 else 2432 *t = ft; 2433 lft = ft; 2434 rc = next_entry(buf, fp, sizeof(uint32_t)); 2435 if (rc < 0) 2436 return -1; 2437 len = le32_to_cpu(buf[0]); 2438 2439 name = calloc(len + 1, sizeof(*name)); 2440 if (!name) 2441 return -1; 2442 2443 ft->name = name; 2444 2445 rc = next_entry(name, fp, len); 2446 if (rc < 0) 2447 return -1; 2448 2449 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2450 if (rc < 0) 2451 return -1; 2452 2453 ft->stype = le32_to_cpu(buf[0]); 2454 ft->ttype = le32_to_cpu(buf[1]); 2455 ft->tclass = le32_to_cpu(buf[2]); 2456 ft->otype = le32_to_cpu(buf[3]); 2457 } 2458 return 0; 2459 } 2460 2461 static int ocontext_read_xen(struct policydb_compat_info *info, 2462 policydb_t *p, struct policy_file *fp) 2463 { 2464 unsigned int i, j; 2465 size_t nel; 2466 ocontext_t *l, *c; 2467 uint32_t buf[8]; 2468 int rc; 2469 2470 for (i = 0; i < info->ocon_num; i++) { 2471 rc = next_entry(buf, fp, sizeof(uint32_t)); 2472 if (rc < 0) 2473 return -1; 2474 nel = le32_to_cpu(buf[0]); 2475 l = NULL; 2476 for (j = 0; j < nel; j++) { 2477 c = calloc(1, sizeof(ocontext_t)); 2478 if (!c) 2479 return -1; 2480 if (l) 2481 l->next = c; 2482 else 2483 p->ocontexts[i] = c; 2484 l = c; 2485 switch (i) { 2486 case OCON_XEN_ISID: 2487 rc = next_entry(buf, fp, sizeof(uint32_t)); 2488 if (rc < 0) 2489 return -1; 2490 c->sid[0] = le32_to_cpu(buf[0]); 2491 if (context_read_and_validate 2492 (&c->context[0], p, fp)) 2493 return -1; 2494 break; 2495 case OCON_XEN_PIRQ: 2496 rc = next_entry(buf, fp, sizeof(uint32_t)); 2497 if (rc < 0) 2498 return -1; 2499 c->u.pirq = le32_to_cpu(buf[0]); 2500 if (context_read_and_validate 2501 (&c->context[0], p, fp)) 2502 return -1; 2503 break; 2504 case OCON_XEN_IOPORT: 2505 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2506 if (rc < 0) 2507 return -1; 2508 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2509 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2510 if (context_read_and_validate 2511 (&c->context[0], p, fp)) 2512 return -1; 2513 break; 2514 case OCON_XEN_IOMEM: 2515 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2516 if (rc < 0) 2517 return -1; 2518 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2519 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2520 if (context_read_and_validate 2521 (&c->context[0], p, fp)) 2522 return -1; 2523 break; 2524 case OCON_XEN_PCIDEVICE: 2525 rc = next_entry(buf, fp, sizeof(uint32_t)); 2526 if (rc < 0) 2527 return -1; 2528 c->u.device = le32_to_cpu(buf[0]); 2529 if (context_read_and_validate 2530 (&c->context[0], p, fp)) 2531 return -1; 2532 break; 2533 default: 2534 /* should never get here */ 2535 ERR(fp->handle, "Unknown Xen ocontext"); 2536 return -1; 2537 } 2538 } 2539 } 2540 return 0; 2541 } 2542 static int ocontext_read_selinux(struct policydb_compat_info *info, 2543 policydb_t * p, struct policy_file *fp) 2544 { 2545 unsigned int i, j; 2546 size_t nel, len; 2547 ocontext_t *l, *c; 2548 uint32_t buf[8]; 2549 int rc; 2550 2551 for (i = 0; i < info->ocon_num; i++) { 2552 rc = next_entry(buf, fp, sizeof(uint32_t)); 2553 if (rc < 0) 2554 return -1; 2555 nel = le32_to_cpu(buf[0]); 2556 l = NULL; 2557 for (j = 0; j < nel; j++) { 2558 c = calloc(1, sizeof(ocontext_t)); 2559 if (!c) { 2560 return -1; 2561 } 2562 if (l) { 2563 l->next = c; 2564 } else { 2565 p->ocontexts[i] = c; 2566 } 2567 l = c; 2568 switch (i) { 2569 case OCON_ISID: 2570 rc = next_entry(buf, fp, sizeof(uint32_t)); 2571 if (rc < 0) 2572 return -1; 2573 c->sid[0] = le32_to_cpu(buf[0]); 2574 if (context_read_and_validate 2575 (&c->context[0], p, fp)) 2576 return -1; 2577 break; 2578 case OCON_FS: 2579 case OCON_NETIF: 2580 rc = next_entry(buf, fp, sizeof(uint32_t)); 2581 if (rc < 0) 2582 return -1; 2583 len = le32_to_cpu(buf[0]); 2584 c->u.name = malloc(len + 1); 2585 if (!c->u.name) 2586 return -1; 2587 rc = next_entry(c->u.name, fp, len); 2588 if (rc < 0) 2589 return -1; 2590 c->u.name[len] = 0; 2591 if (context_read_and_validate 2592 (&c->context[0], p, fp)) 2593 return -1; 2594 if (context_read_and_validate 2595 (&c->context[1], p, fp)) 2596 return -1; 2597 break; 2598 case OCON_PORT: 2599 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2600 if (rc < 0) 2601 return -1; 2602 c->u.port.protocol = le32_to_cpu(buf[0]); 2603 c->u.port.low_port = le32_to_cpu(buf[1]); 2604 c->u.port.high_port = le32_to_cpu(buf[2]); 2605 if (context_read_and_validate 2606 (&c->context[0], p, fp)) 2607 return -1; 2608 break; 2609 case OCON_NODE: 2610 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2611 if (rc < 0) 2612 return -1; 2613 c->u.node.addr = buf[0]; /* network order */ 2614 c->u.node.mask = buf[1]; /* network order */ 2615 if (context_read_and_validate 2616 (&c->context[0], p, fp)) 2617 return -1; 2618 break; 2619 case OCON_FSUSE: 2620 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2621 if (rc < 0) 2622 return -1; 2623 c->v.behavior = le32_to_cpu(buf[0]); 2624 len = le32_to_cpu(buf[1]); 2625 c->u.name = malloc(len + 1); 2626 if (!c->u.name) 2627 return -1; 2628 rc = next_entry(c->u.name, fp, len); 2629 if (rc < 0) 2630 return -1; 2631 c->u.name[len] = 0; 2632 if (context_read_and_validate 2633 (&c->context[0], p, fp)) 2634 return -1; 2635 break; 2636 case OCON_NODE6:{ 2637 int k; 2638 2639 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2640 if (rc < 0) 2641 return -1; 2642 for (k = 0; k < 4; k++) 2643 /* network order */ 2644 c->u.node6.addr[k] = buf[k]; 2645 for (k = 0; k < 4; k++) 2646 /* network order */ 2647 c->u.node6.mask[k] = buf[k + 4]; 2648 if (context_read_and_validate 2649 (&c->context[0], p, fp)) 2650 return -1; 2651 break; 2652 } 2653 default:{ 2654 ERR(fp->handle, "Unknown SELinux ocontext"); 2655 return -1; 2656 } 2657 } 2658 } 2659 } 2660 return 0; 2661 } 2662 2663 static int ocontext_read(struct policydb_compat_info *info, 2664 policydb_t *p, struct policy_file *fp) 2665 { 2666 int rc = -1; 2667 switch (p->target_platform) { 2668 case SEPOL_TARGET_SELINUX: 2669 rc = ocontext_read_selinux(info, p, fp); 2670 break; 2671 case SEPOL_TARGET_XEN: 2672 rc = ocontext_read_xen(info, p, fp); 2673 break; 2674 default: 2675 ERR(fp->handle, "Unknown target"); 2676 } 2677 return rc; 2678 } 2679 2680 static int genfs_read(policydb_t * p, struct policy_file *fp) 2681 { 2682 uint32_t buf[1]; 2683 size_t nel, nel2, len, len2; 2684 genfs_t *genfs_p, *newgenfs, *genfs; 2685 unsigned int i, j; 2686 ocontext_t *l, *c, *newc = NULL; 2687 int rc; 2688 2689 rc = next_entry(buf, fp, sizeof(uint32_t)); 2690 if (rc < 0) 2691 goto bad; 2692 nel = le32_to_cpu(buf[0]); 2693 genfs_p = NULL; 2694 for (i = 0; i < nel; i++) { 2695 rc = next_entry(buf, fp, sizeof(uint32_t)); 2696 if (rc < 0) 2697 goto bad; 2698 len = le32_to_cpu(buf[0]); 2699 newgenfs = calloc(1, sizeof(genfs_t)); 2700 if (!newgenfs) 2701 goto bad; 2702 newgenfs->fstype = malloc(len + 1); 2703 if (!newgenfs->fstype) { 2704 free(newgenfs); 2705 goto bad; 2706 } 2707 rc = next_entry(newgenfs->fstype, fp, len); 2708 if (rc < 0) { 2709 free(newgenfs->fstype); 2710 free(newgenfs); 2711 goto bad; 2712 } 2713 newgenfs->fstype[len] = 0; 2714 for (genfs_p = NULL, genfs = p->genfs; genfs; 2715 genfs_p = genfs, genfs = genfs->next) { 2716 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2717 ERR(fp->handle, "dup genfs fstype %s", 2718 newgenfs->fstype); 2719 free(newgenfs->fstype); 2720 free(newgenfs); 2721 goto bad; 2722 } 2723 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2724 break; 2725 } 2726 newgenfs->next = genfs; 2727 if (genfs_p) 2728 genfs_p->next = newgenfs; 2729 else 2730 p->genfs = newgenfs; 2731 rc = next_entry(buf, fp, sizeof(uint32_t)); 2732 if (rc < 0) 2733 goto bad; 2734 nel2 = le32_to_cpu(buf[0]); 2735 for (j = 0; j < nel2; j++) { 2736 newc = calloc(1, sizeof(ocontext_t)); 2737 if (!newc) { 2738 goto bad; 2739 } 2740 rc = next_entry(buf, fp, sizeof(uint32_t)); 2741 if (rc < 0) 2742 goto bad; 2743 len = le32_to_cpu(buf[0]); 2744 newc->u.name = malloc(len + 1); 2745 if (!newc->u.name) { 2746 goto bad; 2747 } 2748 rc = next_entry(newc->u.name, fp, len); 2749 if (rc < 0) 2750 goto bad; 2751 newc->u.name[len] = 0; 2752 rc = next_entry(buf, fp, sizeof(uint32_t)); 2753 if (rc < 0) 2754 goto bad; 2755 newc->v.sclass = le32_to_cpu(buf[0]); 2756 if (context_read_and_validate(&newc->context[0], p, fp)) 2757 goto bad; 2758 for (l = NULL, c = newgenfs->head; c; 2759 l = c, c = c->next) { 2760 if (!strcmp(newc->u.name, c->u.name) && 2761 (!c->v.sclass || !newc->v.sclass || 2762 newc->v.sclass == c->v.sclass)) { 2763 ERR(fp->handle, "dup genfs entry " 2764 "(%s,%s)", newgenfs->fstype, 2765 c->u.name); 2766 goto bad; 2767 } 2768 len = strlen(newc->u.name); 2769 len2 = strlen(c->u.name); 2770 if (len > len2) 2771 break; 2772 } 2773 newc->next = c; 2774 if (l) 2775 l->next = newc; 2776 else 2777 newgenfs->head = newc; 2778 } 2779 } 2780 2781 return 0; 2782 2783 bad: 2784 if (newc) { 2785 context_destroy(&newc->context[0]); 2786 context_destroy(&newc->context[1]); 2787 free(newc->u.name); 2788 free(newc); 2789 } 2790 return -1; 2791 } 2792 2793 /* 2794 * Read a MLS level structure from a policydb binary 2795 * representation file. 2796 */ 2797 static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2798 { 2799 uint32_t buf[1]; 2800 int rc; 2801 2802 mls_level_init(lp); 2803 2804 rc = next_entry(buf, fp, sizeof(uint32_t)); 2805 if (rc < 0) { 2806 ERR(fp->handle, "truncated level"); 2807 goto bad; 2808 } 2809 lp->sens = le32_to_cpu(buf[0]); 2810 2811 if (ebitmap_read(&lp->cat, fp)) { 2812 ERR(fp->handle, "error reading level categories"); 2813 goto bad; 2814 } 2815 return 0; 2816 2817 bad: 2818 return -EINVAL; 2819 } 2820 2821 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2822 { 2823 char *key = 0; 2824 user_datum_t *usrdatum; 2825 uint32_t buf[3]; 2826 size_t len; 2827 int rc, to_read = 2; 2828 2829 usrdatum = calloc(1, sizeof(user_datum_t)); 2830 if (!usrdatum) 2831 return -1; 2832 2833 if (policydb_has_boundary_feature(p)) 2834 to_read = 3; 2835 2836 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2837 if (rc < 0) 2838 goto bad; 2839 2840 len = le32_to_cpu(buf[0]); 2841 usrdatum->s.value = le32_to_cpu(buf[1]); 2842 if (policydb_has_boundary_feature(p)) 2843 usrdatum->bounds = le32_to_cpu(buf[2]); 2844 2845 key = malloc(len + 1); 2846 if (!key) 2847 goto bad; 2848 rc = next_entry(key, fp, len); 2849 if (rc < 0) 2850 goto bad; 2851 key[len] = 0; 2852 2853 if (p->policy_type == POLICY_KERN) { 2854 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2855 goto bad; 2856 } else { 2857 if (role_set_read(&usrdatum->roles, fp)) 2858 goto bad; 2859 } 2860 2861 /* users were not allowed in mls modules before version 2862 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2863 * required - the mls fields will be empty. user declarations in 2864 * non-mls modules will also have empty mls fields */ 2865 if ((p->policy_type == POLICY_KERN 2866 && p->policyvers >= POLICYDB_VERSION_MLS) 2867 || (p->policy_type == POLICY_MOD 2868 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2869 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2870 || (p->policy_type == POLICY_BASE 2871 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2872 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2873 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2874 goto bad; 2875 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2876 goto bad; 2877 if (p->policy_type != POLICY_KERN) { 2878 if (mls_range_to_semantic(&usrdatum->exp_range, 2879 &usrdatum->range)) 2880 goto bad; 2881 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2882 &usrdatum->dfltlevel)) 2883 goto bad; 2884 } 2885 } else if ((p->policy_type == POLICY_MOD 2886 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2887 || (p->policy_type == POLICY_BASE 2888 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2889 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2890 goto bad; 2891 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2892 goto bad; 2893 } 2894 2895 if (hashtab_insert(h, key, usrdatum)) 2896 goto bad; 2897 2898 return 0; 2899 2900 bad: 2901 user_destroy(key, usrdatum, NULL); 2902 return -1; 2903 } 2904 2905 static int sens_read(policydb_t * p 2906 __attribute__ ((unused)), hashtab_t h, 2907 struct policy_file *fp) 2908 { 2909 char *key = 0; 2910 level_datum_t *levdatum; 2911 uint32_t buf[2], len; 2912 int rc; 2913 2914 levdatum = malloc(sizeof(level_datum_t)); 2915 if (!levdatum) 2916 return -1; 2917 level_datum_init(levdatum); 2918 2919 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2920 if (rc < 0) 2921 goto bad; 2922 2923 len = le32_to_cpu(buf[0]); 2924 levdatum->isalias = le32_to_cpu(buf[1]); 2925 2926 key = malloc(len + 1); 2927 if (!key) 2928 goto bad; 2929 rc = next_entry(key, fp, len); 2930 if (rc < 0) 2931 goto bad; 2932 key[len] = 0; 2933 2934 levdatum->level = malloc(sizeof(mls_level_t)); 2935 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2936 goto bad; 2937 2938 if (hashtab_insert(h, key, levdatum)) 2939 goto bad; 2940 2941 return 0; 2942 2943 bad: 2944 sens_destroy(key, levdatum, NULL); 2945 return -1; 2946 } 2947 2948 static int cat_read(policydb_t * p 2949 __attribute__ ((unused)), hashtab_t h, 2950 struct policy_file *fp) 2951 { 2952 char *key = 0; 2953 cat_datum_t *catdatum; 2954 uint32_t buf[3], len; 2955 int rc; 2956 2957 catdatum = malloc(sizeof(cat_datum_t)); 2958 if (!catdatum) 2959 return -1; 2960 cat_datum_init(catdatum); 2961 2962 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2963 if (rc < 0) 2964 goto bad; 2965 2966 len = le32_to_cpu(buf[0]); 2967 catdatum->s.value = le32_to_cpu(buf[1]); 2968 catdatum->isalias = le32_to_cpu(buf[2]); 2969 2970 key = malloc(len + 1); 2971 if (!key) 2972 goto bad; 2973 rc = next_entry(key, fp, len); 2974 if (rc < 0) 2975 goto bad; 2976 key[len] = 0; 2977 2978 if (hashtab_insert(h, key, catdatum)) 2979 goto bad; 2980 2981 return 0; 2982 2983 bad: 2984 cat_destroy(key, catdatum, NULL); 2985 return -1; 2986 } 2987 2988 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 2989 struct policy_file * fp) = { 2990 common_read, class_read, role_read, type_read, user_read, 2991 cond_read_bool, sens_read, cat_read,}; 2992 2993 /************** module reading functions below **************/ 2994 2995 static avrule_t *avrule_read(policydb_t * p 2996 __attribute__ ((unused)), struct policy_file *fp) 2997 { 2998 unsigned int i; 2999 uint32_t buf[2], len; 3000 class_perm_node_t *cur, *tail = NULL; 3001 avrule_t *avrule; 3002 int rc; 3003 3004 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 3005 if (!avrule) 3006 return NULL; 3007 3008 avrule_init(avrule); 3009 3010 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3011 if (rc < 0) 3012 goto bad; 3013 3014 (avrule)->specified = le32_to_cpu(buf[0]); 3015 (avrule)->flags = le32_to_cpu(buf[1]); 3016 3017 if (type_set_read(&avrule->stypes, fp)) 3018 goto bad; 3019 3020 if (type_set_read(&avrule->ttypes, fp)) 3021 goto bad; 3022 3023 rc = next_entry(buf, fp, sizeof(uint32_t)); 3024 if (rc < 0) 3025 goto bad; 3026 len = le32_to_cpu(buf[0]); 3027 3028 for (i = 0; i < len; i++) { 3029 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 3030 if (!cur) 3031 goto bad; 3032 class_perm_node_init(cur); 3033 3034 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3035 if (rc < 0) { 3036 free(cur); 3037 goto bad; 3038 } 3039 3040 cur->class = le32_to_cpu(buf[0]); 3041 cur->data = le32_to_cpu(buf[1]); 3042 3043 if (!tail) { 3044 avrule->perms = cur; 3045 } else { 3046 tail->next = cur; 3047 } 3048 tail = cur; 3049 } 3050 3051 return avrule; 3052 bad: 3053 if (avrule) { 3054 avrule_destroy(avrule); 3055 free(avrule); 3056 } 3057 return NULL; 3058 } 3059 3060 static int range_read(policydb_t * p, struct policy_file *fp) 3061 { 3062 uint32_t buf[2], nel; 3063 range_trans_t *rt, *lrt; 3064 range_trans_rule_t *rtr, *lrtr = NULL; 3065 unsigned int i; 3066 int new_rangetr = (p->policy_type == POLICY_KERN && 3067 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 3068 int rc; 3069 3070 rc = next_entry(buf, fp, sizeof(uint32_t)); 3071 if (rc < 0) 3072 return -1; 3073 nel = le32_to_cpu(buf[0]); 3074 lrt = NULL; 3075 for (i = 0; i < nel; i++) { 3076 rt = calloc(1, sizeof(range_trans_t)); 3077 if (!rt) 3078 return -1; 3079 if (lrt) 3080 lrt->next = rt; 3081 else 3082 p->range_tr = rt; 3083 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3084 if (rc < 0) 3085 return -1; 3086 rt->source_type = le32_to_cpu(buf[0]); 3087 rt->target_type = le32_to_cpu(buf[1]); 3088 if (new_rangetr) { 3089 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3090 if (rc < 0) 3091 return -1; 3092 rt->target_class = le32_to_cpu(buf[0]); 3093 } else 3094 rt->target_class = SECCLASS_PROCESS; 3095 if (mls_read_range_helper(&rt->target_range, fp)) 3096 return -1; 3097 lrt = rt; 3098 } 3099 3100 /* if this is a kernel policy, we are done - otherwise we need to 3101 * convert these structs to range_trans_rule_ts */ 3102 if (p->policy_type == POLICY_KERN) 3103 return 0; 3104 3105 /* create range_trans_rules_ts that correspond to the range_trans_ts 3106 * that were just read in from an older policy */ 3107 for (rt = p->range_tr; rt; rt = rt->next) { 3108 rtr = malloc(sizeof(range_trans_rule_t)); 3109 if (!rtr) { 3110 return -1; 3111 } 3112 range_trans_rule_init(rtr); 3113 3114 if (lrtr) 3115 lrtr->next = rtr; 3116 else 3117 p->global->enabled->range_tr_rules = rtr; 3118 3119 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3120 return -1; 3121 3122 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3123 return -1; 3124 3125 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3126 return -1; 3127 3128 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 3129 return -1; 3130 3131 lrtr = rtr; 3132 } 3133 3134 /* now destroy the range_trans_ts */ 3135 lrt = NULL; 3136 for (rt = p->range_tr; rt; rt = rt->next) { 3137 if (lrt) { 3138 ebitmap_destroy(&lrt->target_range.level[0].cat); 3139 ebitmap_destroy(&lrt->target_range.level[1].cat); 3140 free(lrt); 3141 } 3142 lrt = rt; 3143 } 3144 if (lrt) { 3145 ebitmap_destroy(&lrt->target_range.level[0].cat); 3146 ebitmap_destroy(&lrt->target_range.level[1].cat); 3147 free(lrt); 3148 } 3149 p->range_tr = NULL; 3150 3151 return 0; 3152 } 3153 3154 int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3155 struct policy_file *fp) 3156 { 3157 unsigned int i; 3158 avrule_t *cur, *tail; 3159 uint32_t buf[1], len; 3160 int rc; 3161 3162 *avrules = tail = NULL; 3163 3164 rc = next_entry(buf, fp, sizeof(uint32_t)); 3165 if (rc < 0) { 3166 return -1; 3167 } 3168 len = le32_to_cpu(buf[0]); 3169 3170 for (i = 0; i < len; i++) { 3171 cur = avrule_read(p, fp); 3172 if (!cur) { 3173 return -1; 3174 } 3175 3176 if (!tail) { 3177 *avrules = cur; 3178 } else { 3179 tail->next = cur; 3180 } 3181 tail = cur; 3182 } 3183 3184 return 0; 3185 } 3186 3187 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3188 struct policy_file *fp) 3189 { 3190 uint32_t buf[1], nel; 3191 unsigned int i; 3192 role_trans_rule_t *tr, *ltr; 3193 int rc; 3194 3195 rc = next_entry(buf, fp, sizeof(uint32_t)); 3196 if (rc < 0) 3197 return -1; 3198 nel = le32_to_cpu(buf[0]); 3199 ltr = NULL; 3200 for (i = 0; i < nel; i++) { 3201 tr = malloc(sizeof(role_trans_rule_t)); 3202 if (!tr) { 3203 return -1; 3204 } 3205 role_trans_rule_init(tr); 3206 3207 if (ltr) { 3208 ltr->next = tr; 3209 } else { 3210 *r = tr; 3211 } 3212 3213 if (role_set_read(&tr->roles, fp)) 3214 return -1; 3215 3216 if (type_set_read(&tr->types, fp)) 3217 return -1; 3218 3219 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3220 if (ebitmap_read(&tr->classes, fp)) 3221 return -1; 3222 } else { 3223 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3224 return -1; 3225 } 3226 3227 rc = next_entry(buf, fp, sizeof(uint32_t)); 3228 if (rc < 0) 3229 return -1; 3230 tr->new_role = le32_to_cpu(buf[0]); 3231 ltr = tr; 3232 } 3233 3234 return 0; 3235 } 3236 3237 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3238 { 3239 unsigned int i; 3240 uint32_t buf[1], nel; 3241 role_allow_rule_t *ra, *lra; 3242 int rc; 3243 3244 rc = next_entry(buf, fp, sizeof(uint32_t)); 3245 if (rc < 0) 3246 return -1; 3247 nel = le32_to_cpu(buf[0]); 3248 lra = NULL; 3249 for (i = 0; i < nel; i++) { 3250 ra = malloc(sizeof(role_allow_rule_t)); 3251 if (!ra) { 3252 return -1; 3253 } 3254 role_allow_rule_init(ra); 3255 3256 if (lra) { 3257 lra->next = ra; 3258 } else { 3259 *r = ra; 3260 } 3261 3262 if (role_set_read(&ra->roles, fp)) 3263 return -1; 3264 3265 if (role_set_read(&ra->new_roles, fp)) 3266 return -1; 3267 3268 lra = ra; 3269 } 3270 return 0; 3271 } 3272 3273 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3274 { 3275 uint32_t buf[2], nel; 3276 unsigned int i, len; 3277 filename_trans_rule_t *ftr, *lftr; 3278 int rc; 3279 3280 rc = next_entry(buf, fp, sizeof(uint32_t)); 3281 if (rc < 0) 3282 return -1; 3283 nel = le32_to_cpu(buf[0]); 3284 lftr = NULL; 3285 for (i = 0; i < nel; i++) { 3286 ftr = malloc(sizeof(*ftr)); 3287 if (!ftr) 3288 return -1; 3289 3290 filename_trans_rule_init(ftr); 3291 3292 if (lftr) 3293 lftr->next = ftr; 3294 else 3295 *r = ftr; 3296 lftr = ftr; 3297 3298 rc = next_entry(buf, fp, sizeof(uint32_t)); 3299 if (rc < 0) 3300 return -1; 3301 3302 len = le32_to_cpu(buf[0]); 3303 3304 ftr->name = malloc(len + 1); 3305 if (!ftr->name) 3306 return -1; 3307 3308 rc = next_entry(ftr->name, fp, len); 3309 if (rc) 3310 return -1; 3311 ftr->name[len] = 0; 3312 3313 if (type_set_read(&ftr->stypes, fp)) 3314 return -1; 3315 3316 if (type_set_read(&ftr->ttypes, fp)) 3317 return -1; 3318 3319 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3320 if (rc < 0) 3321 return -1; 3322 ftr->tclass = le32_to_cpu(buf[0]); 3323 ftr->otype = le32_to_cpu(buf[1]); 3324 } 3325 3326 return 0; 3327 } 3328 3329 static int range_trans_rule_read(range_trans_rule_t ** r, 3330 struct policy_file *fp) 3331 { 3332 uint32_t buf[1], nel; 3333 unsigned int i; 3334 range_trans_rule_t *rt, *lrt = NULL; 3335 int rc; 3336 3337 rc = next_entry(buf, fp, sizeof(uint32_t)); 3338 if (rc < 0) 3339 return -1; 3340 nel = le32_to_cpu(buf[0]); 3341 for (i = 0; i < nel; i++) { 3342 rt = malloc(sizeof(range_trans_rule_t)); 3343 if (!rt) { 3344 return -1; 3345 } 3346 range_trans_rule_init(rt); 3347 3348 if (lrt) 3349 lrt->next = rt; 3350 else 3351 *r = rt; 3352 3353 if (type_set_read(&rt->stypes, fp)) 3354 return -1; 3355 3356 if (type_set_read(&rt->ttypes, fp)) 3357 return -1; 3358 3359 if (ebitmap_read(&rt->tclasses, fp)) 3360 return -1; 3361 3362 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3363 return -1; 3364 3365 lrt = rt; 3366 } 3367 3368 return 0; 3369 } 3370 3371 static int scope_index_read(scope_index_t * scope_index, 3372 unsigned int num_scope_syms, struct policy_file *fp) 3373 { 3374 unsigned int i; 3375 uint32_t buf[1]; 3376 int rc; 3377 3378 for (i = 0; i < num_scope_syms; i++) { 3379 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3380 return -1; 3381 } 3382 } 3383 rc = next_entry(buf, fp, sizeof(uint32_t)); 3384 if (rc < 0) 3385 return -1; 3386 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3387 if (scope_index->class_perms_len == 0) { 3388 scope_index->class_perms_map = NULL; 3389 return 0; 3390 } 3391 if ((scope_index->class_perms_map = 3392 calloc(scope_index->class_perms_len, 3393 sizeof(*scope_index->class_perms_map))) == NULL) { 3394 return -1; 3395 } 3396 for (i = 0; i < scope_index->class_perms_len; i++) { 3397 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3398 return -1; 3399 } 3400 } 3401 return 0; 3402 } 3403 3404 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3405 unsigned int num_scope_syms, struct policy_file *fp) 3406 { 3407 uint32_t buf[2], nprim, nel; 3408 unsigned int i, j; 3409 int rc; 3410 3411 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3412 if (rc < 0) 3413 return -1; 3414 decl->decl_id = le32_to_cpu(buf[0]); 3415 decl->enabled = le32_to_cpu(buf[1]); 3416 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3417 avrule_read_list(p, &decl->avrules, fp) == -1 || 3418 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3419 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3420 return -1; 3421 } 3422 3423 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3424 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3425 return -1; 3426 3427 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3428 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3429 return -1; 3430 } 3431 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3432 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3433 return -1; 3434 } 3435 3436 for (i = 0; i < num_scope_syms; i++) { 3437 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3438 if (rc < 0) 3439 return -1; 3440 nprim = le32_to_cpu(buf[0]); 3441 nel = le32_to_cpu(buf[1]); 3442 for (j = 0; j < nel; j++) { 3443 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3444 return -1; 3445 } 3446 } 3447 decl->symtab[i].nprim = nprim; 3448 } 3449 return 0; 3450 } 3451 3452 static int avrule_block_read(policydb_t * p, 3453 avrule_block_t ** block, 3454 unsigned int num_scope_syms, 3455 struct policy_file *fp) 3456 { 3457 avrule_block_t *last_block = NULL, *curblock; 3458 uint32_t buf[1], num_blocks, nel; 3459 int rc; 3460 3461 assert(*block == NULL); 3462 3463 rc = next_entry(buf, fp, sizeof(uint32_t)); 3464 if (rc < 0) 3465 return -1; 3466 num_blocks = le32_to_cpu(buf[0]); 3467 nel = num_blocks; 3468 while (num_blocks > 0) { 3469 avrule_decl_t *last_decl = NULL, *curdecl; 3470 uint32_t num_decls; 3471 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3472 return -1; 3473 } 3474 rc = next_entry(buf, fp, sizeof(uint32_t)); 3475 if (rc < 0) { 3476 free(curblock); 3477 return -1; 3478 } 3479 /* if this is the first block its non-optional, else its optional */ 3480 if (num_blocks != nel) 3481 curblock->flags |= AVRULE_OPTIONAL; 3482 3483 num_decls = le32_to_cpu(buf[0]); 3484 while (num_decls > 0) { 3485 if ((curdecl = avrule_decl_create(0)) == NULL) { 3486 avrule_block_destroy(curblock); 3487 return -1; 3488 } 3489 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3490 -1) { 3491 avrule_decl_destroy(curdecl); 3492 avrule_block_destroy(curblock); 3493 return -1; 3494 } 3495 if (curdecl->enabled) { 3496 if (curblock->enabled != NULL) { 3497 /* probably a corrupt file */ 3498 avrule_decl_destroy(curdecl); 3499 avrule_block_destroy(curblock); 3500 return -1; 3501 } 3502 curblock->enabled = curdecl; 3503 } 3504 /* one must be careful to reconstruct the 3505 * decl chain in its correct order */ 3506 if (curblock->branch_list == NULL) { 3507 curblock->branch_list = curdecl; 3508 } else { 3509 assert(last_decl); 3510 last_decl->next = curdecl; 3511 } 3512 last_decl = curdecl; 3513 num_decls--; 3514 } 3515 3516 if (*block == NULL) { 3517 *block = curblock; 3518 } else { 3519 assert(last_block); 3520 last_block->next = curblock; 3521 } 3522 last_block = curblock; 3523 3524 num_blocks--; 3525 } 3526 3527 return 0; 3528 } 3529 3530 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3531 { 3532 scope_datum_t *scope = NULL; 3533 uint32_t buf[2]; 3534 char *key = NULL; 3535 size_t key_len; 3536 unsigned int i; 3537 hashtab_t h = p->scope[symnum].table; 3538 int rc; 3539 3540 rc = next_entry(buf, fp, sizeof(uint32_t)); 3541 if (rc < 0) 3542 goto cleanup; 3543 key_len = le32_to_cpu(buf[0]); 3544 key = malloc(key_len + 1); 3545 if (!key) 3546 goto cleanup; 3547 rc = next_entry(key, fp, key_len); 3548 if (rc < 0) 3549 goto cleanup; 3550 key[key_len] = '\0'; 3551 3552 /* ensure that there already exists a symbol with this key */ 3553 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3554 goto cleanup; 3555 } 3556 3557 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3558 goto cleanup; 3559 } 3560 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3561 if (rc < 0) 3562 goto cleanup; 3563 scope->scope = le32_to_cpu(buf[0]); 3564 scope->decl_ids_len = le32_to_cpu(buf[1]); 3565 assert(scope->decl_ids_len > 0); 3566 if ((scope->decl_ids = 3567 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3568 goto cleanup; 3569 } 3570 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3571 if (rc < 0) 3572 goto cleanup; 3573 for (i = 0; i < scope->decl_ids_len; i++) { 3574 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3575 } 3576 3577 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3578 /* object_r was already added to this table in roles_init() */ 3579 scope_destroy(key, scope, NULL); 3580 } else { 3581 if (hashtab_insert(h, key, scope)) { 3582 goto cleanup; 3583 } 3584 } 3585 3586 return 0; 3587 3588 cleanup: 3589 scope_destroy(key, scope, NULL); 3590 return -1; 3591 } 3592 3593 /* 3594 * Read the configuration data from a policy database binary 3595 * representation file into a policy database structure. 3596 */ 3597 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3598 { 3599 3600 unsigned int i, j, r_policyvers; 3601 uint32_t buf[5]; 3602 size_t len, nprim, nel; 3603 char *policydb_str; 3604 struct policydb_compat_info *info; 3605 unsigned int policy_type, bufindex; 3606 ebitmap_node_t *tnode; 3607 int rc; 3608 3609 /* Read the magic number and string length. */ 3610 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3611 if (rc < 0) 3612 return POLICYDB_ERROR; 3613 for (i = 0; i < 2; i++) 3614 buf[i] = le32_to_cpu(buf[i]); 3615 3616 if (buf[0] == POLICYDB_MAGIC) { 3617 policy_type = POLICY_KERN; 3618 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3619 policy_type = POLICY_MOD; 3620 } else { 3621 ERR(fp->handle, "policydb magic number %#08x does not " 3622 "match expected magic number %#08x or %#08x", 3623 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3624 return POLICYDB_ERROR; 3625 } 3626 3627 len = buf[1]; 3628 if (len > POLICYDB_STRING_MAX_LENGTH) { 3629 ERR(fp->handle, "policydb string length too long "); 3630 return POLICYDB_ERROR; 3631 } 3632 3633 policydb_str = malloc(len + 1); 3634 if (!policydb_str) { 3635 ERR(fp->handle, "unable to allocate memory for policydb " 3636 "string of length %zu", len); 3637 return POLICYDB_ERROR; 3638 } 3639 rc = next_entry(policydb_str, fp, len); 3640 if (rc < 0) { 3641 ERR(fp->handle, "truncated policydb string identifier"); 3642 free(policydb_str); 3643 return POLICYDB_ERROR; 3644 } 3645 policydb_str[len] = 0; 3646 3647 if (policy_type == POLICY_KERN) { 3648 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3649 if ((strcmp(policydb_str, policydb_target_strings[i]) 3650 == 0)) { 3651 policydb_set_target_platform(p, i); 3652 break; 3653 } 3654 } 3655 3656 if (i == POLICYDB_TARGET_SZ) { 3657 ERR(fp->handle, "cannot find a valid target for policy " 3658 "string %s", policydb_str); 3659 free(policydb_str); 3660 return POLICYDB_ERROR; 3661 } 3662 } else { 3663 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3664 ERR(fp->handle, "invalid string identifier %s", 3665 policydb_str); 3666 free(policydb_str); 3667 return POLICYDB_ERROR; 3668 } 3669 } 3670 3671 /* Done with policydb_str. */ 3672 free(policydb_str); 3673 policydb_str = NULL; 3674 3675 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3676 if (policy_type == POLICY_KERN) 3677 nel = 4; 3678 else 3679 nel = 5; 3680 3681 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3682 if (rc < 0) 3683 return POLICYDB_ERROR; 3684 for (i = 0; i < nel; i++) 3685 buf[i] = le32_to_cpu(buf[i]); 3686 3687 bufindex = 0; 3688 3689 if (policy_type == POLICY_MOD) { 3690 /* We know it's a module but not whether it's a base 3691 module or regular binary policy module. buf[0] 3692 tells us which. */ 3693 policy_type = buf[bufindex]; 3694 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3695 ERR(fp->handle, "unknown module type: %#08x", 3696 policy_type); 3697 return POLICYDB_ERROR; 3698 } 3699 bufindex++; 3700 } 3701 3702 r_policyvers = buf[bufindex]; 3703 if (policy_type == POLICY_KERN) { 3704 if (r_policyvers < POLICYDB_VERSION_MIN || 3705 r_policyvers > POLICYDB_VERSION_MAX) { 3706 ERR(fp->handle, "policydb version %d does not match " 3707 "my version range %d-%d", buf[bufindex], 3708 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3709 return POLICYDB_ERROR; 3710 } 3711 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3712 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3713 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3714 ERR(fp->handle, "policydb module version %d does " 3715 "not match my version range %d-%d", 3716 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3717 MOD_POLICYDB_VERSION_MAX); 3718 return POLICYDB_ERROR; 3719 } 3720 } else { 3721 assert(0); 3722 } 3723 bufindex++; 3724 3725 /* Set the policy type and version from the read values. */ 3726 p->policy_type = policy_type; 3727 p->policyvers = r_policyvers; 3728 3729 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3730 p->mls = 1; 3731 } else { 3732 p->mls = 0; 3733 } 3734 3735 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3736 3737 bufindex++; 3738 3739 info = policydb_lookup_compat(r_policyvers, policy_type, 3740 p->target_platform); 3741 if (!info) { 3742 ERR(fp->handle, "unable to find policy compat info " 3743 "for version %d", r_policyvers); 3744 goto bad; 3745 } 3746 3747 if (buf[bufindex] != info->sym_num 3748 || buf[bufindex + 1] != info->ocon_num) { 3749 ERR(fp->handle, 3750 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3751 buf[bufindex], buf[bufindex + 1], info->sym_num, 3752 info->ocon_num); 3753 goto bad; 3754 } 3755 3756 if (p->policy_type == POLICY_MOD) { 3757 /* Get the module name and version */ 3758 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3759 goto bad; 3760 } 3761 len = le32_to_cpu(buf[0]); 3762 if ((p->name = malloc(len + 1)) == NULL) { 3763 goto bad; 3764 } 3765 if ((rc = next_entry(p->name, fp, len)) < 0) { 3766 goto bad; 3767 } 3768 p->name[len] = '\0'; 3769 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3770 goto bad; 3771 } 3772 len = le32_to_cpu(buf[0]); 3773 if ((p->version = malloc(len + 1)) == NULL) { 3774 goto bad; 3775 } 3776 if ((rc = next_entry(p->version, fp, len)) < 0) { 3777 goto bad; 3778 } 3779 p->version[len] = '\0'; 3780 } 3781 3782 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3783 p->policy_type == POLICY_KERN) || 3784 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3785 p->policy_type == POLICY_BASE) || 3786 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3787 p->policy_type == POLICY_MOD)) { 3788 if (ebitmap_read(&p->policycaps, fp)) 3789 goto bad; 3790 } 3791 3792 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3793 p->policy_type == POLICY_KERN) { 3794 if (ebitmap_read(&p->permissive_map, fp)) 3795 goto bad; 3796 } 3797 3798 for (i = 0; i < info->sym_num; i++) { 3799 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3800 if (rc < 0) 3801 goto bad; 3802 nprim = le32_to_cpu(buf[0]); 3803 nel = le32_to_cpu(buf[1]); 3804 for (j = 0; j < nel; j++) { 3805 if (read_f[i] (p, p->symtab[i].table, fp)) 3806 goto bad; 3807 } 3808 3809 p->symtab[i].nprim = nprim; 3810 } 3811 3812 if (policy_type == POLICY_KERN) { 3813 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3814 goto bad; 3815 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3816 if (cond_read_list(p, &p->cond_list, fp)) 3817 goto bad; 3818 if (role_trans_read(p, fp)) 3819 goto bad; 3820 if (role_allow_read(&p->role_allow, fp)) 3821 goto bad; 3822 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3823 filename_trans_read(&p->filename_trans, fp)) 3824 goto bad; 3825 } else { 3826 /* first read the AV rule blocks, then the scope tables */ 3827 avrule_block_destroy(p->global); 3828 p->global = NULL; 3829 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3830 goto bad; 3831 } 3832 for (i = 0; i < info->sym_num; i++) { 3833 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3834 goto bad; 3835 } 3836 nel = le32_to_cpu(buf[0]); 3837 for (j = 0; j < nel; j++) { 3838 if (scope_read(p, i, fp)) 3839 goto bad; 3840 } 3841 } 3842 3843 } 3844 3845 if (policydb_index_decls(p)) 3846 goto bad; 3847 3848 if (policydb_index_classes(p)) 3849 goto bad; 3850 3851 if (policydb_index_others(fp->handle, p, verbose)) 3852 goto bad; 3853 3854 if (ocontext_read(info, p, fp) == -1) { 3855 goto bad; 3856 } 3857 3858 if (genfs_read(p, fp) == -1) { 3859 goto bad; 3860 } 3861 3862 if ((p->policy_type == POLICY_KERN 3863 && p->policyvers >= POLICYDB_VERSION_MLS) 3864 || (p->policy_type == POLICY_BASE 3865 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3866 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3867 if (range_read(p, fp)) { 3868 goto bad; 3869 } 3870 } 3871 3872 if (policy_type == POLICY_KERN) { 3873 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3874 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3875 if (!p->type_attr_map || !p->attr_type_map) 3876 goto bad; 3877 for (i = 0; i < p->p_types.nprim; i++) { 3878 ebitmap_init(&p->type_attr_map[i]); 3879 ebitmap_init(&p->attr_type_map[i]); 3880 } 3881 for (i = 0; i < p->p_types.nprim; i++) { 3882 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3883 if (ebitmap_read(&p->type_attr_map[i], fp)) 3884 goto bad; 3885 ebitmap_for_each_bit(&p->type_attr_map[i], 3886 tnode, j) { 3887 if (!ebitmap_node_get_bit(tnode, j) 3888 || i == j) 3889 continue; 3890 if (ebitmap_set_bit 3891 (&p->attr_type_map[j], i, 1)) 3892 goto bad; 3893 } 3894 } 3895 /* add the type itself as the degenerate case */ 3896 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3897 goto bad; 3898 } 3899 } 3900 3901 return POLICYDB_SUCCESS; 3902 bad: 3903 return POLICYDB_ERROR; 3904 } 3905 3906 int policydb_reindex_users(policydb_t * p) 3907 { 3908 unsigned int i = SYM_USERS; 3909 3910 if (p->user_val_to_struct) 3911 free(p->user_val_to_struct); 3912 if (p->sym_val_to_name[i]) 3913 free(p->sym_val_to_name[i]); 3914 3915 p->user_val_to_struct = (user_datum_t **) 3916 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3917 if (!p->user_val_to_struct) 3918 return -1; 3919 3920 p->sym_val_to_name[i] = (char **) 3921 malloc(p->symtab[i].nprim * sizeof(char *)); 3922 if (!p->sym_val_to_name[i]) 3923 return -1; 3924 3925 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3926 return -1; 3927 3928 /* Expand user roles for context validity checking */ 3929 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3930 return -1; 3931 3932 return 0; 3933 } 3934 3935 void policy_file_init(policy_file_t *pf) 3936 { 3937 memset(pf, 0, sizeof(policy_file_t)); 3938 } 3939 3940 int policydb_set_target_platform(policydb_t *p, int platform) 3941 { 3942 if (platform == SEPOL_TARGET_SELINUX) 3943 p->target_platform = SEPOL_TARGET_SELINUX; 3944 else if (platform == SEPOL_TARGET_XEN) 3945 p->target_platform = SEPOL_TARGET_XEN; 3946 else 3947 return -1; 3948 3949 return 0; 3950 } 3951 3952
