1 2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 3 4 /* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris (at) redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37 /* FLASK */ 38 39 /* 40 * Implementation of the policy database. 41 */ 42 43 #include <assert.h> 44 #include <stdlib.h> 45 46 #include <sepol/policydb/policydb.h> 47 #include <sepol/policydb/expand.h> 48 #include <sepol/policydb/conditional.h> 49 #include <sepol/policydb/avrule_block.h> 50 #include <sepol/policydb/util.h> 51 #include <sepol/policydb/flask.h> 52 53 #include "private.h" 54 #include "debug.h" 55 #include "mls.h" 56 57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58 char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 61 static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_FSUSE + 1, 74 .target_platform = SEPOL_TARGET_SELINUX, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BOOL, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_IPV6, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NODE6 + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_RANGETRANS, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_POLCAP, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_PERMISSIVE, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_BOUNDARY, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_FILENAME_TRANS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_ROLETRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_KERN, 155 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_KERN, 162 .version = POLICYDB_VERSION_DEFAULT_TYPE, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_KERN, 169 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_BASE, 176 .version = MOD_POLICYDB_VERSION_BASE, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_BASE, 183 .version = MOD_POLICYDB_VERSION_MLS, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_MLS_USERS, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_POLCAP, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_BOUNDARY, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_BASE, 218 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 219 .sym_num = SYM_NUM, 220 .ocon_num = OCON_NODE6 + 1, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_BASE, 225 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 226 .sym_num = SYM_NUM, 227 .ocon_num = OCON_NODE6 + 1, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_BASE, 232 .version = MOD_POLICYDB_VERSION_ROLETRANS, 233 .sym_num = SYM_NUM, 234 .ocon_num = OCON_NODE6 + 1, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_BASE, 239 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 240 .sym_num = SYM_NUM, 241 .ocon_num = OCON_NODE6 + 1, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_BASE, 246 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 247 .sym_num = SYM_NUM, 248 .ocon_num = OCON_NODE6 + 1, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_BASE, 253 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 254 .sym_num = SYM_NUM, 255 .ocon_num = OCON_NODE6 + 1, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_BASE, 260 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 261 .sym_num = SYM_NUM, 262 .ocon_num = OCON_NODE6 + 1, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_BASE, 267 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 268 .sym_num = SYM_NUM, 269 .ocon_num = OCON_NODE6 + 1, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_MOD, 274 .version = MOD_POLICYDB_VERSION_BASE, 275 .sym_num = SYM_NUM, 276 .ocon_num = 0, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279 { 280 .type = POLICY_MOD, 281 .version = MOD_POLICYDB_VERSION_MLS, 282 .sym_num = SYM_NUM, 283 .ocon_num = 0, 284 .target_platform = SEPOL_TARGET_SELINUX, 285 }, 286 { 287 .type = POLICY_MOD, 288 .version = MOD_POLICYDB_VERSION_MLS_USERS, 289 .sym_num = SYM_NUM, 290 .ocon_num = 0, 291 .target_platform = SEPOL_TARGET_SELINUX, 292 }, 293 { 294 .type = POLICY_MOD, 295 .version = MOD_POLICYDB_VERSION_POLCAP, 296 .sym_num = SYM_NUM, 297 .ocon_num = 0, 298 .target_platform = SEPOL_TARGET_SELINUX, 299 }, 300 { 301 .type = POLICY_MOD, 302 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 303 .sym_num = SYM_NUM, 304 .ocon_num = 0, 305 .target_platform = SEPOL_TARGET_SELINUX, 306 }, 307 { 308 .type = POLICY_MOD, 309 .version = MOD_POLICYDB_VERSION_BOUNDARY, 310 .sym_num = SYM_NUM, 311 .ocon_num = 0, 312 .target_platform = SEPOL_TARGET_SELINUX, 313 }, 314 { 315 .type = POLICY_MOD, 316 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 317 .sym_num = SYM_NUM, 318 .ocon_num = 0, 319 .target_platform = SEPOL_TARGET_SELINUX, 320 }, 321 { 322 .type = POLICY_MOD, 323 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 324 .sym_num = SYM_NUM, 325 .ocon_num = 0, 326 .target_platform = SEPOL_TARGET_SELINUX, 327 }, 328 { 329 .type = POLICY_MOD, 330 .version = MOD_POLICYDB_VERSION_ROLETRANS, 331 .sym_num = SYM_NUM, 332 .ocon_num = 0, 333 .target_platform = SEPOL_TARGET_SELINUX, 334 }, 335 { 336 .type = POLICY_MOD, 337 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 338 .sym_num = SYM_NUM, 339 .ocon_num = 0, 340 .target_platform = SEPOL_TARGET_SELINUX, 341 }, 342 { 343 .type = POLICY_MOD, 344 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 345 .sym_num = SYM_NUM, 346 .ocon_num = 0, 347 .target_platform = SEPOL_TARGET_SELINUX, 348 }, 349 { 350 .type = POLICY_MOD, 351 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 352 .sym_num = SYM_NUM, 353 .ocon_num = 0, 354 .target_platform = SEPOL_TARGET_SELINUX, 355 }, 356 { 357 .type = POLICY_MOD, 358 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 359 .sym_num = SYM_NUM, 360 .ocon_num = 0, 361 .target_platform = SEPOL_TARGET_SELINUX, 362 }, 363 { 364 .type = POLICY_MOD, 365 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 366 .sym_num = SYM_NUM, 367 .ocon_num = 0, 368 .target_platform = SEPOL_TARGET_SELINUX, 369 }, 370 }; 371 372 #if 0 373 static char *symtab_name[SYM_NUM] = { 374 "common prefixes", 375 "classes", 376 "roles", 377 "types", 378 "users", 379 "bools" mls_symtab_names cond_symtab_names 380 }; 381 #endif 382 383 static unsigned int symtab_sizes[SYM_NUM] = { 384 2, 385 32, 386 16, 387 512, 388 128, 389 16, 390 16, 391 16, 392 }; 393 394 struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 395 unsigned int type, 396 unsigned int target_platform) 397 { 398 unsigned int i; 399 struct policydb_compat_info *info = NULL; 400 401 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 402 if (policydb_compat[i].version == version && 403 policydb_compat[i].type == type && 404 policydb_compat[i].target_platform == target_platform) { 405 info = &policydb_compat[i]; 406 break; 407 } 408 } 409 return info; 410 } 411 412 void type_set_init(type_set_t * x) 413 { 414 memset(x, 0, sizeof(type_set_t)); 415 ebitmap_init(&x->types); 416 ebitmap_init(&x->negset); 417 } 418 419 void type_set_destroy(type_set_t * x) 420 { 421 if (x != NULL) { 422 ebitmap_destroy(&x->types); 423 ebitmap_destroy(&x->negset); 424 } 425 } 426 427 void role_set_init(role_set_t * x) 428 { 429 memset(x, 0, sizeof(role_set_t)); 430 ebitmap_init(&x->roles); 431 } 432 433 void role_set_destroy(role_set_t * x) 434 { 435 ebitmap_destroy(&x->roles); 436 } 437 438 void role_datum_init(role_datum_t * x) 439 { 440 memset(x, 0, sizeof(role_datum_t)); 441 ebitmap_init(&x->dominates); 442 type_set_init(&x->types); 443 ebitmap_init(&x->cache); 444 ebitmap_init(&x->roles); 445 } 446 447 void role_datum_destroy(role_datum_t * x) 448 { 449 if (x != NULL) { 450 ebitmap_destroy(&x->dominates); 451 type_set_destroy(&x->types); 452 ebitmap_destroy(&x->cache); 453 ebitmap_destroy(&x->roles); 454 } 455 } 456 457 void type_datum_init(type_datum_t * x) 458 { 459 memset(x, 0, sizeof(*x)); 460 ebitmap_init(&x->types); 461 } 462 463 void type_datum_destroy(type_datum_t * x) 464 { 465 if (x != NULL) { 466 ebitmap_destroy(&x->types); 467 } 468 } 469 470 void user_datum_init(user_datum_t * x) 471 { 472 memset(x, 0, sizeof(user_datum_t)); 473 role_set_init(&x->roles); 474 mls_semantic_range_init(&x->range); 475 mls_semantic_level_init(&x->dfltlevel); 476 ebitmap_init(&x->cache); 477 mls_range_init(&x->exp_range); 478 mls_level_init(&x->exp_dfltlevel); 479 } 480 481 void user_datum_destroy(user_datum_t * x) 482 { 483 if (x != NULL) { 484 role_set_destroy(&x->roles); 485 mls_semantic_range_destroy(&x->range); 486 mls_semantic_level_destroy(&x->dfltlevel); 487 ebitmap_destroy(&x->cache); 488 mls_range_destroy(&x->exp_range); 489 mls_level_destroy(&x->exp_dfltlevel); 490 } 491 } 492 493 void level_datum_init(level_datum_t * x) 494 { 495 memset(x, 0, sizeof(level_datum_t)); 496 } 497 498 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 499 { 500 /* the mls_level_t referenced by the level_datum is managed 501 * separately for now, so there is nothing to destroy */ 502 return; 503 } 504 505 void cat_datum_init(cat_datum_t * x) 506 { 507 memset(x, 0, sizeof(cat_datum_t)); 508 } 509 510 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 511 { 512 /* it's currently a simple struct - really nothing to destroy */ 513 return; 514 } 515 516 void class_perm_node_init(class_perm_node_t * x) 517 { 518 memset(x, 0, sizeof(class_perm_node_t)); 519 } 520 521 void avrule_init(avrule_t * x) 522 { 523 memset(x, 0, sizeof(avrule_t)); 524 type_set_init(&x->stypes); 525 type_set_init(&x->ttypes); 526 } 527 528 void avrule_destroy(avrule_t * x) 529 { 530 class_perm_node_t *cur, *next; 531 532 if (x == NULL) { 533 return; 534 } 535 type_set_destroy(&x->stypes); 536 type_set_destroy(&x->ttypes); 537 538 free(x->source_filename); 539 540 next = x->perms; 541 while (next) { 542 cur = next; 543 next = cur->next; 544 free(cur); 545 } 546 } 547 548 void role_trans_rule_init(role_trans_rule_t * x) 549 { 550 memset(x, 0, sizeof(*x)); 551 role_set_init(&x->roles); 552 type_set_init(&x->types); 553 ebitmap_init(&x->classes); 554 } 555 556 void role_trans_rule_destroy(role_trans_rule_t * x) 557 { 558 if (x != NULL) { 559 role_set_destroy(&x->roles); 560 type_set_destroy(&x->types); 561 ebitmap_destroy(&x->classes); 562 } 563 } 564 565 void role_trans_rule_list_destroy(role_trans_rule_t * x) 566 { 567 while (x != NULL) { 568 role_trans_rule_t *next = x->next; 569 role_trans_rule_destroy(x); 570 free(x); 571 x = next; 572 } 573 } 574 575 void filename_trans_rule_init(filename_trans_rule_t * x) 576 { 577 memset(x, 0, sizeof(*x)); 578 type_set_init(&x->stypes); 579 type_set_init(&x->ttypes); 580 } 581 582 static void filename_trans_rule_destroy(filename_trans_rule_t * x) 583 { 584 if (!x) 585 return; 586 type_set_destroy(&x->stypes); 587 type_set_destroy(&x->ttypes); 588 free(x->name); 589 } 590 591 void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 592 { 593 filename_trans_rule_t *next; 594 while (x) { 595 next = x->next; 596 filename_trans_rule_destroy(x); 597 free(x); 598 x = next; 599 } 600 } 601 602 void role_allow_rule_init(role_allow_rule_t * x) 603 { 604 memset(x, 0, sizeof(role_allow_rule_t)); 605 role_set_init(&x->roles); 606 role_set_init(&x->new_roles); 607 } 608 609 void role_allow_rule_destroy(role_allow_rule_t * x) 610 { 611 role_set_destroy(&x->roles); 612 role_set_destroy(&x->new_roles); 613 } 614 615 void role_allow_rule_list_destroy(role_allow_rule_t * x) 616 { 617 while (x != NULL) { 618 role_allow_rule_t *next = x->next; 619 role_allow_rule_destroy(x); 620 free(x); 621 x = next; 622 } 623 } 624 625 void range_trans_rule_init(range_trans_rule_t * x) 626 { 627 type_set_init(&x->stypes); 628 type_set_init(&x->ttypes); 629 ebitmap_init(&x->tclasses); 630 mls_semantic_range_init(&x->trange); 631 x->next = NULL; 632 } 633 634 void range_trans_rule_destroy(range_trans_rule_t * x) 635 { 636 type_set_destroy(&x->stypes); 637 type_set_destroy(&x->ttypes); 638 ebitmap_destroy(&x->tclasses); 639 mls_semantic_range_destroy(&x->trange); 640 } 641 642 void range_trans_rule_list_destroy(range_trans_rule_t * x) 643 { 644 while (x != NULL) { 645 range_trans_rule_t *next = x->next; 646 range_trans_rule_destroy(x); 647 free(x); 648 x = next; 649 } 650 } 651 652 void avrule_list_destroy(avrule_t * x) 653 { 654 avrule_t *next, *cur; 655 656 if (!x) 657 return; 658 659 next = x; 660 while (next) { 661 cur = next; 662 next = next->next; 663 avrule_destroy(cur); 664 free(cur); 665 } 666 } 667 668 /* 669 * Initialize the role table by implicitly adding role 'object_r'. If 670 * the policy is a module, set object_r's scope to be SCOPE_REQ, 671 * otherwise set it to SCOPE_DECL. 672 */ 673 static int roles_init(policydb_t * p) 674 { 675 char *key = 0; 676 int rc; 677 role_datum_t *role; 678 679 role = calloc(1, sizeof(role_datum_t)); 680 if (!role) { 681 rc = -ENOMEM; 682 goto out; 683 } 684 key = malloc(strlen(OBJECT_R) + 1); 685 if (!key) { 686 rc = -ENOMEM; 687 goto out_free_role; 688 } 689 strcpy(key, OBJECT_R); 690 rc = symtab_insert(p, SYM_ROLES, key, role, 691 (p->policy_type == 692 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 693 &role->s.value); 694 if (rc) 695 goto out_free_key; 696 if (role->s.value != OBJECT_R_VAL) { 697 rc = -EINVAL; 698 goto out_free_role; 699 } 700 out: 701 return rc; 702 703 out_free_key: 704 free(key); 705 out_free_role: 706 free(role); 707 goto out; 708 } 709 710 /* 711 * Initialize a policy database structure. 712 */ 713 int policydb_init(policydb_t * p) 714 { 715 int i, rc; 716 717 memset(p, 0, sizeof(policydb_t)); 718 719 ebitmap_init(&p->policycaps); 720 721 ebitmap_init(&p->permissive_map); 722 723 for (i = 0; i < SYM_NUM; i++) { 724 p->sym_val_to_name[i] = NULL; 725 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 726 if (rc) 727 goto out_free_symtab; 728 } 729 730 /* initialize the module stuff */ 731 for (i = 0; i < SYM_NUM; i++) { 732 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 733 goto out_free_symtab; 734 } 735 } 736 if ((p->global = avrule_block_create()) == NULL || 737 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 738 goto out_free_symtab; 739 } 740 p->decl_val_to_struct = NULL; 741 742 rc = avtab_init(&p->te_avtab); 743 if (rc) 744 goto out_free_symtab; 745 746 rc = roles_init(p); 747 if (rc) 748 goto out_free_symtab; 749 750 rc = cond_policydb_init(p); 751 if (rc) 752 goto out_free_symtab; 753 out: 754 return rc; 755 756 out_free_symtab: 757 for (i = 0; i < SYM_NUM; i++) { 758 hashtab_destroy(p->symtab[i].table); 759 hashtab_destroy(p->scope[i].table); 760 } 761 avrule_block_list_destroy(p->global); 762 goto out; 763 } 764 765 int policydb_role_cache(hashtab_key_t key 766 __attribute__ ((unused)), hashtab_datum_t datum, 767 void *arg) 768 { 769 policydb_t *p; 770 role_datum_t *role; 771 772 role = (role_datum_t *) datum; 773 p = (policydb_t *) arg; 774 775 ebitmap_destroy(&role->cache); 776 if (type_set_expand(&role->types, &role->cache, p, 1)) { 777 return -1; 778 } 779 780 return 0; 781 } 782 783 int policydb_user_cache(hashtab_key_t key 784 __attribute__ ((unused)), hashtab_datum_t datum, 785 void *arg) 786 { 787 policydb_t *p; 788 user_datum_t *user; 789 790 user = (user_datum_t *) datum; 791 p = (policydb_t *) arg; 792 793 ebitmap_destroy(&user->cache); 794 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 795 return -1; 796 } 797 798 /* we do not expand user's MLS info in kernel policies because the 799 * semantic representation is not present and we do not expand user's 800 * MLS info in module policies because all of the necessary mls 801 * information is not present */ 802 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 803 mls_range_destroy(&user->exp_range); 804 if (mls_semantic_range_expand(&user->range, 805 &user->exp_range, p, NULL)) { 806 return -1; 807 } 808 809 mls_level_destroy(&user->exp_dfltlevel); 810 if (mls_semantic_level_expand(&user->dfltlevel, 811 &user->exp_dfltlevel, p, NULL)) { 812 return -1; 813 } 814 } 815 816 return 0; 817 } 818 819 /* 820 * The following *_index functions are used to 821 * define the val_to_name and val_to_struct arrays 822 * in a policy database structure. The val_to_name 823 * arrays are used when converting security context 824 * structures into string representations. The 825 * val_to_struct arrays are used when the attributes 826 * of a class, role, or user are needed. 827 */ 828 829 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 830 { 831 policydb_t *p; 832 common_datum_t *comdatum; 833 834 comdatum = (common_datum_t *) datum; 835 p = (policydb_t *) datap; 836 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 837 return -EINVAL; 838 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 839 840 return 0; 841 } 842 843 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 844 { 845 policydb_t *p; 846 class_datum_t *cladatum; 847 848 cladatum = (class_datum_t *) datum; 849 p = (policydb_t *) datap; 850 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 851 return -EINVAL; 852 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 853 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 854 855 return 0; 856 } 857 858 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 859 { 860 policydb_t *p; 861 role_datum_t *role; 862 863 role = (role_datum_t *) datum; 864 p = (policydb_t *) datap; 865 if (!role->s.value || role->s.value > p->p_roles.nprim) 866 return -EINVAL; 867 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 868 p->role_val_to_struct[role->s.value - 1] = role; 869 870 return 0; 871 } 872 873 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 874 { 875 policydb_t *p; 876 type_datum_t *typdatum; 877 878 typdatum = (type_datum_t *) datum; 879 p = (policydb_t *) datap; 880 881 if (typdatum->primary) { 882 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 883 return -EINVAL; 884 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 885 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 886 } 887 888 return 0; 889 } 890 891 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 892 { 893 policydb_t *p; 894 user_datum_t *usrdatum; 895 896 usrdatum = (user_datum_t *) datum; 897 p = (policydb_t *) datap; 898 899 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 900 return -EINVAL; 901 902 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 903 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 904 905 return 0; 906 } 907 908 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 909 { 910 policydb_t *p; 911 level_datum_t *levdatum; 912 913 levdatum = (level_datum_t *) datum; 914 p = (policydb_t *) datap; 915 916 if (!levdatum->isalias) { 917 if (!levdatum->level->sens || 918 levdatum->level->sens > p->p_levels.nprim) 919 return -EINVAL; 920 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 921 } 922 923 return 0; 924 } 925 926 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 927 { 928 policydb_t *p; 929 cat_datum_t *catdatum; 930 931 catdatum = (cat_datum_t *) datum; 932 p = (policydb_t *) datap; 933 934 if (!catdatum->isalias) { 935 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 936 return -EINVAL; 937 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 938 } 939 940 return 0; 941 } 942 943 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 944 void *datap) = { 945 common_index, class_index, role_index, type_index, user_index, 946 cond_index_bool, sens_index, cat_index,}; 947 948 /* 949 * Define the common val_to_name array and the class 950 * val_to_name and val_to_struct arrays in a policy 951 * database structure. 952 */ 953 int policydb_index_classes(policydb_t * p) 954 { 955 free(p->p_common_val_to_name); 956 p->p_common_val_to_name = (char **) 957 malloc(p->p_commons.nprim * sizeof(char *)); 958 if (!p->p_common_val_to_name) 959 return -1; 960 961 if (hashtab_map(p->p_commons.table, common_index, p)) 962 return -1; 963 964 free(p->class_val_to_struct); 965 p->class_val_to_struct = (class_datum_t **) 966 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 967 if (!p->class_val_to_struct) 968 return -1; 969 970 free(p->p_class_val_to_name); 971 p->p_class_val_to_name = (char **) 972 malloc(p->p_classes.nprim * sizeof(char *)); 973 if (!p->p_class_val_to_name) 974 return -1; 975 976 if (hashtab_map(p->p_classes.table, class_index, p)) 977 return -1; 978 979 return 0; 980 } 981 982 int policydb_index_bools(policydb_t * p) 983 { 984 985 if (cond_init_bool_indexes(p) == -1) 986 return -1; 987 p->p_bool_val_to_name = (char **) 988 malloc(p->p_bools.nprim * sizeof(char *)); 989 if (!p->p_bool_val_to_name) 990 return -1; 991 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 992 return -1; 993 return 0; 994 } 995 996 int policydb_index_decls(policydb_t * p) 997 { 998 avrule_block_t *curblock; 999 avrule_decl_t *decl; 1000 int num_decls = 0; 1001 1002 free(p->decl_val_to_struct); 1003 1004 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1005 for (decl = curblock->branch_list; decl != NULL; 1006 decl = decl->next) { 1007 num_decls++; 1008 } 1009 } 1010 1011 p->decl_val_to_struct = 1012 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 1013 if (!p->decl_val_to_struct) { 1014 return -1; 1015 } 1016 1017 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1018 for (decl = curblock->branch_list; decl != NULL; 1019 decl = decl->next) { 1020 p->decl_val_to_struct[decl->decl_id - 1] = decl; 1021 } 1022 } 1023 1024 return 0; 1025 } 1026 1027 /* 1028 * Define the other val_to_name and val_to_struct arrays 1029 * in a policy database structure. 1030 */ 1031 int policydb_index_others(sepol_handle_t * handle, 1032 policydb_t * p, unsigned verbose) 1033 { 1034 int i; 1035 1036 if (verbose) { 1037 INFO(handle, 1038 "security: %d users, %d roles, %d types, %d bools", 1039 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 1040 p->p_bools.nprim); 1041 1042 if (p->mls) 1043 INFO(handle, "security: %d sens, %d cats", 1044 p->p_levels.nprim, p->p_cats.nprim); 1045 1046 INFO(handle, "security: %d classes, %d rules, %d cond rules", 1047 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 1048 } 1049 #if 0 1050 avtab_hash_eval(&p->te_avtab, "rules"); 1051 for (i = 0; i < SYM_NUM; i++) 1052 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 1053 #endif 1054 1055 free(p->role_val_to_struct); 1056 p->role_val_to_struct = (role_datum_t **) 1057 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 1058 if (!p->role_val_to_struct) 1059 return -1; 1060 1061 free(p->user_val_to_struct); 1062 p->user_val_to_struct = (user_datum_t **) 1063 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 1064 if (!p->user_val_to_struct) 1065 return -1; 1066 1067 free(p->type_val_to_struct); 1068 p->type_val_to_struct = (type_datum_t **) 1069 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1070 if (!p->type_val_to_struct) 1071 return -1; 1072 1073 cond_init_bool_indexes(p); 1074 1075 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1076 free(p->sym_val_to_name[i]); 1077 p->sym_val_to_name[i] = NULL; 1078 if (p->symtab[i].nprim) { 1079 p->sym_val_to_name[i] = (char **) 1080 calloc(p->symtab[i].nprim, sizeof(char *)); 1081 if (!p->sym_val_to_name[i]) 1082 return -1; 1083 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1084 return -1; 1085 } 1086 } 1087 1088 /* This pre-expands the roles and users for context validity checking */ 1089 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1090 return -1; 1091 1092 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1093 return -1; 1094 1095 return 0; 1096 } 1097 1098 /* 1099 * The following *_destroy functions are used to 1100 * free any memory allocated for each kind of 1101 * symbol data in the policy database. 1102 */ 1103 1104 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1105 __attribute__ ((unused))) 1106 { 1107 if (key) 1108 free(key); 1109 free(datum); 1110 return 0; 1111 } 1112 1113 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1114 __attribute__ ((unused))) 1115 { 1116 common_datum_t *comdatum; 1117 1118 if (key) 1119 free(key); 1120 comdatum = (common_datum_t *) datum; 1121 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1122 hashtab_destroy(comdatum->permissions.table); 1123 free(datum); 1124 return 0; 1125 } 1126 1127 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1128 __attribute__ ((unused))) 1129 { 1130 class_datum_t *cladatum; 1131 constraint_node_t *constraint, *ctemp; 1132 constraint_expr_t *e, *etmp; 1133 1134 if (key) 1135 free(key); 1136 cladatum = (class_datum_t *) datum; 1137 if (cladatum == NULL) { 1138 return 0; 1139 } 1140 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1141 hashtab_destroy(cladatum->permissions.table); 1142 constraint = cladatum->constraints; 1143 while (constraint) { 1144 e = constraint->expr; 1145 while (e) { 1146 etmp = e; 1147 e = e->next; 1148 constraint_expr_destroy(etmp); 1149 } 1150 ctemp = constraint; 1151 constraint = constraint->next; 1152 free(ctemp); 1153 } 1154 1155 constraint = cladatum->validatetrans; 1156 while (constraint) { 1157 e = constraint->expr; 1158 while (e) { 1159 etmp = e; 1160 e = e->next; 1161 constraint_expr_destroy(etmp); 1162 } 1163 ctemp = constraint; 1164 constraint = constraint->next; 1165 free(ctemp); 1166 } 1167 1168 if (cladatum->comkey) 1169 free(cladatum->comkey); 1170 free(datum); 1171 return 0; 1172 } 1173 1174 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1175 __attribute__ ((unused))) 1176 { 1177 free(key); 1178 role_datum_destroy((role_datum_t *) datum); 1179 free(datum); 1180 return 0; 1181 } 1182 1183 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1184 __attribute__ ((unused))) 1185 { 1186 free(key); 1187 type_datum_destroy((type_datum_t *) datum); 1188 free(datum); 1189 return 0; 1190 } 1191 1192 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1193 __attribute__ ((unused))) 1194 { 1195 free(key); 1196 user_datum_destroy((user_datum_t *) datum); 1197 free(datum); 1198 return 0; 1199 } 1200 1201 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1202 __attribute__ ((unused))) 1203 { 1204 level_datum_t *levdatum; 1205 1206 if (key) 1207 free(key); 1208 levdatum = (level_datum_t *) datum; 1209 mls_level_destroy(levdatum->level); 1210 free(levdatum->level); 1211 level_datum_destroy(levdatum); 1212 free(levdatum); 1213 return 0; 1214 } 1215 1216 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1217 __attribute__ ((unused))) 1218 { 1219 if (key) 1220 free(key); 1221 cat_datum_destroy((cat_datum_t *) datum); 1222 free(datum); 1223 return 0; 1224 } 1225 1226 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1227 void *datap) = { 1228 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1229 cond_destroy_bool, sens_destroy, cat_destroy,}; 1230 1231 void ocontext_selinux_free(ocontext_t **ocontexts) 1232 { 1233 ocontext_t *c, *ctmp; 1234 int i; 1235 1236 for (i = 0; i < OCON_NUM; i++) { 1237 c = ocontexts[i]; 1238 while (c) { 1239 ctmp = c; 1240 c = c->next; 1241 context_destroy(&ctmp->context[0]); 1242 context_destroy(&ctmp->context[1]); 1243 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1244 || i == OCON_FSUSE) 1245 free(ctmp->u.name); 1246 free(ctmp); 1247 } 1248 } 1249 } 1250 1251 void ocontext_xen_free(ocontext_t **ocontexts) 1252 { 1253 ocontext_t *c, *ctmp; 1254 int i; 1255 1256 for (i = 0; i < OCON_NUM; i++) { 1257 c = ocontexts[i]; 1258 while (c) { 1259 ctmp = c; 1260 c = c->next; 1261 context_destroy(&ctmp->context[0]); 1262 context_destroy(&ctmp->context[1]); 1263 if (i == OCON_ISID) 1264 free(ctmp->u.name); 1265 free(ctmp); 1266 } 1267 } 1268 } 1269 1270 /* 1271 * Free any memory allocated by a policy database structure. 1272 */ 1273 void policydb_destroy(policydb_t * p) 1274 { 1275 ocontext_t *c, *ctmp; 1276 genfs_t *g, *gtmp; 1277 unsigned int i; 1278 role_allow_t *ra, *lra = NULL; 1279 role_trans_t *tr, *ltr = NULL; 1280 range_trans_t *rt, *lrt = NULL; 1281 filename_trans_t *ft, *nft; 1282 1283 if (!p) 1284 return; 1285 1286 ebitmap_destroy(&p->policycaps); 1287 1288 ebitmap_destroy(&p->permissive_map); 1289 1290 symtabs_destroy(p->symtab); 1291 1292 for (i = 0; i < SYM_NUM; i++) { 1293 if (p->sym_val_to_name[i]) 1294 free(p->sym_val_to_name[i]); 1295 } 1296 1297 if (p->class_val_to_struct) 1298 free(p->class_val_to_struct); 1299 if (p->role_val_to_struct) 1300 free(p->role_val_to_struct); 1301 if (p->user_val_to_struct) 1302 free(p->user_val_to_struct); 1303 if (p->type_val_to_struct) 1304 free(p->type_val_to_struct); 1305 free(p->decl_val_to_struct); 1306 1307 for (i = 0; i < SYM_NUM; i++) { 1308 (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 1309 hashtab_destroy(p->scope[i].table); 1310 } 1311 avrule_block_list_destroy(p->global); 1312 free(p->name); 1313 free(p->version); 1314 1315 avtab_destroy(&p->te_avtab); 1316 1317 if (p->target_platform == SEPOL_TARGET_SELINUX) 1318 ocontext_selinux_free(p->ocontexts); 1319 else if (p->target_platform == SEPOL_TARGET_XEN) 1320 ocontext_xen_free(p->ocontexts); 1321 1322 g = p->genfs; 1323 while (g) { 1324 free(g->fstype); 1325 c = g->head; 1326 while (c) { 1327 ctmp = c; 1328 c = c->next; 1329 context_destroy(&ctmp->context[0]); 1330 free(ctmp->u.name); 1331 free(ctmp); 1332 } 1333 gtmp = g; 1334 g = g->next; 1335 free(gtmp); 1336 } 1337 cond_policydb_destroy(p); 1338 1339 for (tr = p->role_tr; tr; tr = tr->next) { 1340 if (ltr) 1341 free(ltr); 1342 ltr = tr; 1343 } 1344 if (ltr) 1345 free(ltr); 1346 1347 ft = p->filename_trans; 1348 while (ft) { 1349 nft = ft->next; 1350 free(ft->name); 1351 free(ft); 1352 ft = nft; 1353 } 1354 1355 for (ra = p->role_allow; ra; ra = ra->next) { 1356 if (lra) 1357 free(lra); 1358 lra = ra; 1359 } 1360 if (lra) 1361 free(lra); 1362 1363 for (rt = p->range_tr; rt; rt = rt->next) { 1364 if (lrt) { 1365 ebitmap_destroy(&lrt->target_range.level[0].cat); 1366 ebitmap_destroy(&lrt->target_range.level[1].cat); 1367 free(lrt); 1368 } 1369 lrt = rt; 1370 } 1371 if (lrt) { 1372 ebitmap_destroy(&lrt->target_range.level[0].cat); 1373 ebitmap_destroy(&lrt->target_range.level[1].cat); 1374 free(lrt); 1375 } 1376 1377 if (p->type_attr_map) { 1378 for (i = 0; i < p->p_types.nprim; i++) { 1379 ebitmap_destroy(&p->type_attr_map[i]); 1380 } 1381 free(p->type_attr_map); 1382 } 1383 1384 if (p->attr_type_map) { 1385 for (i = 0; i < p->p_types.nprim; i++) { 1386 ebitmap_destroy(&p->attr_type_map[i]); 1387 } 1388 free(p->attr_type_map); 1389 } 1390 1391 return; 1392 } 1393 1394 void symtabs_destroy(symtab_t * symtab) 1395 { 1396 int i; 1397 for (i = 0; i < SYM_NUM; i++) { 1398 (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 1399 hashtab_destroy(symtab[i].table); 1400 } 1401 } 1402 1403 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1404 __attribute__ ((unused))) 1405 { 1406 scope_datum_t *cur = (scope_datum_t *) datum; 1407 free(key); 1408 if (cur != NULL) { 1409 free(cur->decl_ids); 1410 } 1411 free(cur); 1412 return 0; 1413 } 1414 1415 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1416 { 1417 if (sym_num < 0 || sym_num >= SYM_NUM) { 1418 return NULL; 1419 } 1420 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1421 } 1422 1423 /* 1424 * Load the initial SIDs specified in a policy database 1425 * structure into a SID table. 1426 */ 1427 int policydb_load_isids(policydb_t * p, sidtab_t * s) 1428 { 1429 ocontext_t *head, *c; 1430 1431 if (sepol_sidtab_init(s)) { 1432 ERR(NULL, "out of memory on SID table init"); 1433 return -1; 1434 } 1435 1436 head = p->ocontexts[OCON_ISID]; 1437 for (c = head; c; c = c->next) { 1438 if (!c->context[0].user) { 1439 ERR(NULL, "SID %s was never defined", c->u.name); 1440 return -1; 1441 } 1442 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1443 ERR(NULL, "unable to load initial SID %s", c->u.name); 1444 return -1; 1445 } 1446 } 1447 1448 return 0; 1449 } 1450 1451 /* Declare a symbol for a certain avrule_block context. Insert it 1452 * into a symbol table for a policy. This function will handle 1453 * inserting the appropriate scope information in addition to 1454 * inserting the symbol into the hash table. 1455 * 1456 * arguments: 1457 * policydb_t *pol module policy to modify 1458 * uint32_t sym the symbole table for insertion (SYM_*) 1459 * hashtab_key_t key the key for the symbol - not cloned 1460 * hashtab_datum_t data the data for the symbol - not cloned 1461 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1462 * avrule_decl_id identifier for this symbol's encapsulating declaration 1463 * value (out) assigned value to the symbol (if value is not NULL) 1464 * 1465 * returns: 1466 * 0 success 1467 * 1 success, but symbol already existed as a requirement 1468 * (datum was not inserted and needs to be free()d) 1469 * -1 general error 1470 * -2 scope conflicted 1471 * -ENOMEM memory error 1472 * error codes from hashtab_insert 1473 */ 1474 int symtab_insert(policydb_t * pol, uint32_t sym, 1475 hashtab_key_t key, hashtab_datum_t datum, 1476 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1477 { 1478 int rc, retval = 0; 1479 unsigned int i; 1480 scope_datum_t *scope_datum; 1481 1482 /* check if the symbol is already there. multiple 1483 * declarations of non-roles/non-users are illegal, but 1484 * multiple requires are allowed. */ 1485 1486 /* FIX ME - the failures after the hashtab_insert will leave 1487 * the policy in a inconsistent state. */ 1488 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1489 if (rc == SEPOL_OK) { 1490 /* if no value is passed in the symbol is not primary 1491 * (i.e. aliases) */ 1492 if (value) 1493 *value = ++pol->symtab[sym].nprim; 1494 } else if (rc == SEPOL_EEXIST) { 1495 retval = 1; /* symbol not added -- need to free() later */ 1496 } else { 1497 return rc; 1498 } 1499 1500 /* get existing scope information; if there is not one then 1501 * create it */ 1502 scope_datum = 1503 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1504 if (scope_datum == NULL) { 1505 hashtab_key_t key2 = strdup((char *)key); 1506 if (!key2) 1507 return -ENOMEM; 1508 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1509 free(key2); 1510 return -ENOMEM; 1511 } 1512 scope_datum->scope = scope; 1513 scope_datum->decl_ids = NULL; 1514 scope_datum->decl_ids_len = 0; 1515 if ((rc = 1516 hashtab_insert(pol->scope[sym].table, key2, 1517 scope_datum)) != 0) { 1518 free(key2); 1519 free(scope_datum); 1520 return rc; 1521 } 1522 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1523 /* disallow multiple declarations for non-roles/users */ 1524 if (sym != SYM_ROLES && sym != SYM_USERS) { 1525 return -2; 1526 } 1527 /* Further confine that a role attribute can't have the same 1528 * name as another regular role, and a role attribute can't 1529 * be declared more than once. */ 1530 if (sym == SYM_ROLES) { 1531 role_datum_t *base_role; 1532 role_datum_t *cur_role = (role_datum_t *)datum; 1533 1534 base_role = (role_datum_t *) 1535 hashtab_search(pol->symtab[sym].table, 1536 key); 1537 assert(base_role != NULL); 1538 1539 if (!((base_role->flavor == ROLE_ROLE) && 1540 (cur_role->flavor == ROLE_ROLE))) { 1541 /* Only regular roles are allowed to have 1542 * multiple declarations. */ 1543 return -2; 1544 } 1545 } 1546 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1547 scope_datum->scope = SCOPE_DECL; 1548 } else if (scope_datum->scope != scope) { 1549 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1550 return -2; 1551 } 1552 1553 /* search through the pre-existing list to avoid adding duplicates */ 1554 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1555 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1556 /* already there, so don't modify its scope */ 1557 return retval; 1558 } 1559 } 1560 1561 if (add_i_to_a(avrule_decl_id, 1562 &scope_datum->decl_ids_len, 1563 &scope_datum->decl_ids) == -1) { 1564 return -ENOMEM; 1565 } 1566 1567 return retval; 1568 } 1569 1570 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1571 { 1572 type_set_init(dst); 1573 1574 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1575 return -1; 1576 } 1577 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1578 return -1; 1579 } 1580 1581 dst->flags |= a->flags; 1582 dst->flags |= b->flags; 1583 1584 return 0; 1585 } 1586 1587 int type_set_cpy(type_set_t * dst, type_set_t * src) 1588 { 1589 type_set_init(dst); 1590 1591 dst->flags = src->flags; 1592 if (ebitmap_cpy(&dst->types, &src->types)) 1593 return -1; 1594 if (ebitmap_cpy(&dst->negset, &src->negset)) 1595 return -1; 1596 1597 return 0; 1598 } 1599 1600 int type_set_or_eq(type_set_t * dst, type_set_t * other) 1601 { 1602 int ret; 1603 type_set_t tmp; 1604 1605 if (type_set_or(&tmp, dst, other)) 1606 return -1; 1607 type_set_destroy(dst); 1608 ret = type_set_cpy(dst, &tmp); 1609 type_set_destroy(&tmp); 1610 1611 return ret; 1612 } 1613 1614 int role_set_get_role(role_set_t * x, uint32_t role) 1615 { 1616 if (x->flags & ROLE_STAR) 1617 return 1; 1618 1619 if (ebitmap_get_bit(&x->roles, role - 1)) { 1620 if (x->flags & ROLE_COMP) 1621 return 0; 1622 else 1623 return 1; 1624 } else { 1625 if (x->flags & ROLE_COMP) 1626 return 1; 1627 else 1628 return 0; 1629 } 1630 } 1631 1632 /***********************************************************************/ 1633 /* everything below is for policy reads */ 1634 1635 /* The following are read functions for module structures */ 1636 1637 static int role_set_read(role_set_t * r, struct policy_file *fp) 1638 { 1639 uint32_t buf[1]; 1640 int rc; 1641 1642 if (ebitmap_read(&r->roles, fp)) 1643 return -1; 1644 rc = next_entry(buf, fp, sizeof(uint32_t)); 1645 if (rc < 0) 1646 return -1; 1647 r->flags = le32_to_cpu(buf[0]); 1648 1649 return 0; 1650 } 1651 1652 static int type_set_read(type_set_t * t, struct policy_file *fp) 1653 { 1654 uint32_t buf[1]; 1655 int rc; 1656 1657 if (ebitmap_read(&t->types, fp)) 1658 return -1; 1659 if (ebitmap_read(&t->negset, fp)) 1660 return -1; 1661 1662 rc = next_entry(buf, fp, sizeof(uint32_t)); 1663 if (rc < 0) 1664 return -1; 1665 t->flags = le32_to_cpu(buf[0]); 1666 1667 return 0; 1668 } 1669 1670 /* 1671 * Read a MLS range structure from a policydb binary 1672 * representation file. 1673 */ 1674 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1675 { 1676 uint32_t buf[2], items; 1677 int rc; 1678 1679 rc = next_entry(buf, fp, sizeof(uint32_t)); 1680 if (rc < 0) 1681 goto out; 1682 1683 items = le32_to_cpu(buf[0]); 1684 if (items > ARRAY_SIZE(buf)) { 1685 ERR(fp->handle, "range overflow"); 1686 rc = -EINVAL; 1687 goto out; 1688 } 1689 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1690 if (rc < 0) { 1691 ERR(fp->handle, "truncated range"); 1692 goto out; 1693 } 1694 r->level[0].sens = le32_to_cpu(buf[0]); 1695 if (items > 1) 1696 r->level[1].sens = le32_to_cpu(buf[1]); 1697 else 1698 r->level[1].sens = r->level[0].sens; 1699 1700 rc = ebitmap_read(&r->level[0].cat, fp); 1701 if (rc) { 1702 ERR(fp->handle, "error reading low categories"); 1703 goto out; 1704 } 1705 if (items > 1) { 1706 rc = ebitmap_read(&r->level[1].cat, fp); 1707 if (rc) { 1708 ERR(fp->handle, "error reading high categories"); 1709 goto bad_high; 1710 } 1711 } else { 1712 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1713 if (rc) { 1714 ERR(fp->handle, "out of memory"); 1715 goto bad_high; 1716 } 1717 } 1718 1719 rc = 0; 1720 out: 1721 return rc; 1722 bad_high: 1723 ebitmap_destroy(&r->level[0].cat); 1724 goto out; 1725 } 1726 1727 /* 1728 * Read a semantic MLS level structure from a policydb binary 1729 * representation file. 1730 */ 1731 static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1732 struct policy_file *fp) 1733 { 1734 uint32_t buf[2], ncat; 1735 unsigned int i; 1736 mls_semantic_cat_t *cat; 1737 int rc; 1738 1739 mls_semantic_level_init(l); 1740 1741 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1742 if (rc < 0) { 1743 ERR(fp->handle, "truncated level"); 1744 goto bad; 1745 } 1746 l->sens = le32_to_cpu(buf[0]); 1747 1748 ncat = le32_to_cpu(buf[1]); 1749 for (i = 0; i < ncat; i++) { 1750 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1751 if (!cat) { 1752 ERR(fp->handle, "out of memory"); 1753 goto bad; 1754 } 1755 1756 mls_semantic_cat_init(cat); 1757 cat->next = l->cat; 1758 l->cat = cat; 1759 1760 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1761 if (rc < 0) { 1762 ERR(fp->handle, "error reading level categories"); 1763 goto bad; 1764 } 1765 cat->low = le32_to_cpu(buf[0]); 1766 cat->high = le32_to_cpu(buf[1]); 1767 } 1768 1769 return 0; 1770 1771 bad: 1772 return -EINVAL; 1773 } 1774 1775 /* 1776 * Read a semantic MLS range structure from a policydb binary 1777 * representation file. 1778 */ 1779 static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1780 struct policy_file *fp) 1781 { 1782 int rc; 1783 1784 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1785 if (rc) 1786 return rc; 1787 1788 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1789 1790 return rc; 1791 } 1792 1793 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1794 { 1795 unsigned int i; 1796 ebitmap_node_t *cnode; 1797 mls_semantic_cat_t *open_cat = NULL; 1798 1799 mls_semantic_level_init(sl); 1800 sl->sens = l->sens; 1801 ebitmap_for_each_bit(&l->cat, cnode, i) { 1802 if (ebitmap_node_get_bit(cnode, i)) { 1803 if (open_cat) 1804 continue; 1805 open_cat = (mls_semantic_cat_t *) 1806 malloc(sizeof(mls_semantic_cat_t)); 1807 if (!open_cat) 1808 return -1; 1809 1810 mls_semantic_cat_init(open_cat); 1811 open_cat->low = i + 1; 1812 open_cat->next = sl->cat; 1813 sl->cat = open_cat; 1814 } else { 1815 if (!open_cat) 1816 continue; 1817 open_cat->high = i; 1818 open_cat = NULL; 1819 } 1820 } 1821 if (open_cat) 1822 open_cat->high = i; 1823 1824 return 0; 1825 } 1826 1827 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1828 { 1829 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1830 return -1; 1831 1832 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1833 return -1; 1834 1835 return 0; 1836 } 1837 1838 /* 1839 * Read and validate a security context structure 1840 * from a policydb binary representation file. 1841 */ 1842 static int context_read_and_validate(context_struct_t * c, 1843 policydb_t * p, struct policy_file *fp) 1844 { 1845 uint32_t buf[3]; 1846 int rc; 1847 1848 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1849 if (rc < 0) { 1850 ERR(fp->handle, "context truncated"); 1851 return -1; 1852 } 1853 c->user = le32_to_cpu(buf[0]); 1854 c->role = le32_to_cpu(buf[1]); 1855 c->type = le32_to_cpu(buf[2]); 1856 if ((p->policy_type == POLICY_KERN 1857 && p->policyvers >= POLICYDB_VERSION_MLS) 1858 || (p->policy_type == POLICY_BASE 1859 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1860 if (mls_read_range_helper(&c->range, fp)) { 1861 ERR(fp->handle, "error reading MLS range " 1862 "of context"); 1863 return -1; 1864 } 1865 } 1866 1867 if (!policydb_context_isvalid(p, c)) { 1868 ERR(fp->handle, "invalid security context"); 1869 context_destroy(c); 1870 return -1; 1871 } 1872 return 0; 1873 } 1874 1875 /* 1876 * The following *_read functions are used to 1877 * read the symbol data from a policy database 1878 * binary representation file. 1879 */ 1880 1881 static int perm_read(policydb_t * p 1882 __attribute__ ((unused)), hashtab_t h, 1883 struct policy_file *fp) 1884 { 1885 char *key = 0; 1886 perm_datum_t *perdatum; 1887 uint32_t buf[2]; 1888 size_t len; 1889 int rc; 1890 1891 perdatum = calloc(1, sizeof(perm_datum_t)); 1892 if (!perdatum) 1893 return -1; 1894 1895 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1896 if (rc < 0) 1897 goto bad; 1898 1899 len = le32_to_cpu(buf[0]); 1900 perdatum->s.value = le32_to_cpu(buf[1]); 1901 1902 key = malloc(len + 1); 1903 if (!key) 1904 goto bad; 1905 rc = next_entry(key, fp, len); 1906 if (rc < 0) 1907 goto bad; 1908 key[len] = 0; 1909 1910 if (hashtab_insert(h, key, perdatum)) 1911 goto bad; 1912 1913 return 0; 1914 1915 bad: 1916 perm_destroy(key, perdatum, NULL); 1917 return -1; 1918 } 1919 1920 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1921 { 1922 char *key = 0; 1923 common_datum_t *comdatum; 1924 uint32_t buf[4]; 1925 size_t len, nel; 1926 unsigned int i; 1927 int rc; 1928 1929 comdatum = calloc(1, sizeof(common_datum_t)); 1930 if (!comdatum) 1931 return -1; 1932 1933 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1934 if (rc < 0) 1935 goto bad; 1936 1937 len = le32_to_cpu(buf[0]); 1938 comdatum->s.value = le32_to_cpu(buf[1]); 1939 1940 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1941 goto bad; 1942 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1943 nel = le32_to_cpu(buf[3]); 1944 1945 key = malloc(len + 1); 1946 if (!key) 1947 goto bad; 1948 rc = next_entry(key, fp, len); 1949 if (rc < 0) 1950 goto bad; 1951 key[len] = 0; 1952 1953 for (i = 0; i < nel; i++) { 1954 if (perm_read(p, comdatum->permissions.table, fp)) 1955 goto bad; 1956 } 1957 1958 if (hashtab_insert(h, key, comdatum)) 1959 goto bad; 1960 1961 return 0; 1962 1963 bad: 1964 common_destroy(key, comdatum, NULL); 1965 return -1; 1966 } 1967 1968 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1969 unsigned int ncons, 1970 int allowxtarget, struct policy_file *fp) 1971 { 1972 constraint_node_t *c, *lc; 1973 constraint_expr_t *e, *le; 1974 uint32_t buf[3]; 1975 size_t nexpr; 1976 unsigned int i, j; 1977 int rc, depth; 1978 1979 lc = NULL; 1980 for (i = 0; i < ncons; i++) { 1981 c = calloc(1, sizeof(constraint_node_t)); 1982 if (!c) 1983 return -1; 1984 1985 if (lc) 1986 lc->next = c; 1987 else 1988 *nodep = c; 1989 1990 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 1991 if (rc < 0) 1992 return -1; 1993 c->permissions = le32_to_cpu(buf[0]); 1994 nexpr = le32_to_cpu(buf[1]); 1995 le = NULL; 1996 depth = -1; 1997 for (j = 0; j < nexpr; j++) { 1998 e = malloc(sizeof(constraint_expr_t)); 1999 if (!e) 2000 return -1; 2001 if (constraint_expr_init(e) == -1) { 2002 free(e); 2003 return -1; 2004 } 2005 if (le) { 2006 le->next = e; 2007 } else { 2008 c->expr = e; 2009 } 2010 2011 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2012 if (rc < 0) 2013 return -1; 2014 e->expr_type = le32_to_cpu(buf[0]); 2015 e->attr = le32_to_cpu(buf[1]); 2016 e->op = le32_to_cpu(buf[2]); 2017 2018 switch (e->expr_type) { 2019 case CEXPR_NOT: 2020 if (depth < 0) 2021 return -1; 2022 break; 2023 case CEXPR_AND: 2024 case CEXPR_OR: 2025 if (depth < 1) 2026 return -1; 2027 depth--; 2028 break; 2029 case CEXPR_ATTR: 2030 if (depth == (CEXPR_MAXDEPTH - 1)) 2031 return -1; 2032 depth++; 2033 break; 2034 case CEXPR_NAMES: 2035 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 2036 return -1; 2037 if (depth == (CEXPR_MAXDEPTH - 1)) 2038 return -1; 2039 depth++; 2040 if (ebitmap_read(&e->names, fp)) 2041 return -1; 2042 if (p->policy_type != POLICY_KERN && 2043 type_set_read(e->type_names, fp)) 2044 return -1; 2045 else if (p->policy_type == POLICY_KERN && 2046 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 2047 type_set_read(e->type_names, fp)) 2048 return -1; 2049 break; 2050 default: 2051 return -1; 2052 } 2053 le = e; 2054 } 2055 if (depth != 0) 2056 return -1; 2057 lc = c; 2058 } 2059 2060 return 0; 2061 } 2062 2063 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2064 { 2065 char *key = 0; 2066 class_datum_t *cladatum; 2067 uint32_t buf[6]; 2068 size_t len, len2, ncons, nel; 2069 unsigned int i; 2070 int rc; 2071 2072 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2073 if (!cladatum) 2074 return -1; 2075 2076 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2077 if (rc < 0) 2078 goto bad; 2079 2080 len = le32_to_cpu(buf[0]); 2081 len2 = le32_to_cpu(buf[1]); 2082 cladatum->s.value = le32_to_cpu(buf[2]); 2083 2084 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2085 goto bad; 2086 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2087 nel = le32_to_cpu(buf[4]); 2088 2089 ncons = le32_to_cpu(buf[5]); 2090 2091 key = malloc(len + 1); 2092 if (!key) 2093 goto bad; 2094 rc = next_entry(key, fp, len); 2095 if (rc < 0) 2096 goto bad; 2097 key[len] = 0; 2098 2099 if (len2) { 2100 cladatum->comkey = malloc(len2 + 1); 2101 if (!cladatum->comkey) 2102 goto bad; 2103 rc = next_entry(cladatum->comkey, fp, len2); 2104 if (rc < 0) 2105 goto bad; 2106 cladatum->comkey[len2] = 0; 2107 2108 cladatum->comdatum = hashtab_search(p->p_commons.table, 2109 cladatum->comkey); 2110 if (!cladatum->comdatum) { 2111 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2112 goto bad; 2113 } 2114 } 2115 for (i = 0; i < nel; i++) { 2116 if (perm_read(p, cladatum->permissions.table, fp)) 2117 goto bad; 2118 } 2119 2120 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2121 goto bad; 2122 2123 if ((p->policy_type == POLICY_KERN 2124 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2125 || (p->policy_type == POLICY_BASE 2126 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2127 /* grab the validatetrans rules */ 2128 rc = next_entry(buf, fp, sizeof(uint32_t)); 2129 if (rc < 0) 2130 goto bad; 2131 ncons = le32_to_cpu(buf[0]); 2132 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2133 goto bad; 2134 } 2135 2136 if ((p->policy_type == POLICY_KERN && 2137 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 2138 (p->policy_type == POLICY_BASE && 2139 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 2140 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2141 if (rc < 0) 2142 goto bad; 2143 cladatum->default_user = le32_to_cpu(buf[0]); 2144 cladatum->default_role = le32_to_cpu(buf[1]); 2145 cladatum->default_range = le32_to_cpu(buf[2]); 2146 } 2147 2148 if ((p->policy_type == POLICY_KERN && 2149 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2150 (p->policy_type == POLICY_BASE && 2151 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2152 rc = next_entry(buf, fp, sizeof(uint32_t)); 2153 if (rc < 0) 2154 goto bad; 2155 cladatum->default_type = le32_to_cpu(buf[0]); 2156 } 2157 2158 if (hashtab_insert(h, key, cladatum)) 2159 goto bad; 2160 2161 return 0; 2162 2163 bad: 2164 class_destroy(key, cladatum, NULL); 2165 return -1; 2166 } 2167 2168 static int role_read(policydb_t * p 2169 __attribute__ ((unused)), hashtab_t h, 2170 struct policy_file *fp) 2171 { 2172 char *key = 0; 2173 role_datum_t *role; 2174 uint32_t buf[3]; 2175 size_t len; 2176 int rc, to_read = 2; 2177 2178 role = calloc(1, sizeof(role_datum_t)); 2179 if (!role) 2180 return -1; 2181 2182 if (policydb_has_boundary_feature(p)) 2183 to_read = 3; 2184 2185 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2186 if (rc < 0) 2187 goto bad; 2188 2189 len = le32_to_cpu(buf[0]); 2190 role->s.value = le32_to_cpu(buf[1]); 2191 if (policydb_has_boundary_feature(p)) 2192 role->bounds = le32_to_cpu(buf[2]); 2193 2194 key = malloc(len + 1); 2195 if (!key) 2196 goto bad; 2197 rc = next_entry(key, fp, len); 2198 if (rc < 0) 2199 goto bad; 2200 key[len] = 0; 2201 2202 if (ebitmap_read(&role->dominates, fp)) 2203 goto bad; 2204 2205 if (p->policy_type == POLICY_KERN) { 2206 if (ebitmap_read(&role->types.types, fp)) 2207 goto bad; 2208 } else { 2209 if (type_set_read(&role->types, fp)) 2210 goto bad; 2211 } 2212 2213 if (p->policy_type != POLICY_KERN && 2214 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2215 rc = next_entry(buf, fp, sizeof(uint32_t)); 2216 if (rc < 0) 2217 goto bad; 2218 2219 role->flavor = le32_to_cpu(buf[0]); 2220 2221 if (ebitmap_read(&role->roles, fp)) 2222 goto bad; 2223 } 2224 2225 if (strcmp(key, OBJECT_R) == 0) { 2226 if (role->s.value != OBJECT_R_VAL) { 2227 ERR(fp->handle, "role %s has wrong value %d", 2228 OBJECT_R, role->s.value); 2229 role_destroy(key, role, NULL); 2230 return -1; 2231 } 2232 role_destroy(key, role, NULL); 2233 return 0; 2234 } 2235 2236 if (hashtab_insert(h, key, role)) 2237 goto bad; 2238 2239 return 0; 2240 2241 bad: 2242 role_destroy(key, role, NULL); 2243 return -1; 2244 } 2245 2246 static int type_read(policydb_t * p 2247 __attribute__ ((unused)), hashtab_t h, 2248 struct policy_file *fp) 2249 { 2250 char *key = 0; 2251 type_datum_t *typdatum; 2252 uint32_t buf[5]; 2253 size_t len; 2254 int rc, to_read; 2255 int pos = 0; 2256 2257 typdatum = calloc(1, sizeof(type_datum_t)); 2258 if (!typdatum) 2259 return -1; 2260 2261 if (policydb_has_boundary_feature(p)) { 2262 if (p->policy_type != POLICY_KERN 2263 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2264 to_read = 5; 2265 else 2266 to_read = 4; 2267 } 2268 else if (p->policy_type == POLICY_KERN) 2269 to_read = 3; 2270 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2271 to_read = 5; 2272 else 2273 to_read = 4; 2274 2275 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2276 if (rc < 0) 2277 goto bad; 2278 2279 len = le32_to_cpu(buf[pos]); 2280 typdatum->s.value = le32_to_cpu(buf[++pos]); 2281 if (policydb_has_boundary_feature(p)) { 2282 uint32_t properties; 2283 2284 if (p->policy_type != POLICY_KERN 2285 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2286 typdatum->primary = le32_to_cpu(buf[++pos]); 2287 properties = le32_to_cpu(buf[++pos]); 2288 } 2289 else { 2290 properties = le32_to_cpu(buf[++pos]); 2291 2292 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2293 typdatum->primary = 1; 2294 } 2295 2296 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2297 typdatum->flavor = TYPE_ATTRIB; 2298 if (properties & TYPEDATUM_PROPERTY_ALIAS 2299 && p->policy_type != POLICY_KERN) 2300 typdatum->flavor = TYPE_ALIAS; 2301 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2302 && p->policy_type != POLICY_KERN) 2303 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2304 2305 typdatum->bounds = le32_to_cpu(buf[++pos]); 2306 } else { 2307 typdatum->primary = le32_to_cpu(buf[++pos]); 2308 if (p->policy_type != POLICY_KERN) { 2309 typdatum->flavor = le32_to_cpu(buf[++pos]); 2310 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2311 typdatum->flags = le32_to_cpu(buf[++pos]); 2312 } 2313 } 2314 2315 if (p->policy_type != POLICY_KERN) { 2316 if (ebitmap_read(&typdatum->types, fp)) 2317 goto bad; 2318 } 2319 2320 key = malloc(len + 1); 2321 if (!key) 2322 goto bad; 2323 rc = next_entry(key, fp, len); 2324 if (rc < 0) 2325 goto bad; 2326 key[len] = 0; 2327 2328 if (hashtab_insert(h, key, typdatum)) 2329 goto bad; 2330 2331 return 0; 2332 2333 bad: 2334 type_destroy(key, typdatum, NULL); 2335 return -1; 2336 } 2337 2338 int role_trans_read(policydb_t *p, struct policy_file *fp) 2339 { 2340 role_trans_t **t = &p->role_tr; 2341 unsigned int i; 2342 uint32_t buf[3], nel; 2343 role_trans_t *tr, *ltr; 2344 int rc; 2345 int new_roletr = (p->policy_type == POLICY_KERN && 2346 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2347 2348 rc = next_entry(buf, fp, sizeof(uint32_t)); 2349 if (rc < 0) 2350 return -1; 2351 nel = le32_to_cpu(buf[0]); 2352 ltr = NULL; 2353 for (i = 0; i < nel; i++) { 2354 tr = calloc(1, sizeof(struct role_trans)); 2355 if (!tr) { 2356 return -1; 2357 } 2358 if (ltr) { 2359 ltr->next = tr; 2360 } else { 2361 *t = tr; 2362 } 2363 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2364 if (rc < 0) 2365 return -1; 2366 tr->role = le32_to_cpu(buf[0]); 2367 tr->type = le32_to_cpu(buf[1]); 2368 tr->new_role = le32_to_cpu(buf[2]); 2369 if (new_roletr) { 2370 rc = next_entry(buf, fp, sizeof(uint32_t)); 2371 if (rc < 0) 2372 return -1; 2373 tr->tclass = le32_to_cpu(buf[0]); 2374 } else 2375 tr->tclass = SECCLASS_PROCESS; 2376 ltr = tr; 2377 } 2378 return 0; 2379 } 2380 2381 int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2382 { 2383 unsigned int i; 2384 uint32_t buf[2], nel; 2385 role_allow_t *ra, *lra; 2386 int rc; 2387 2388 rc = next_entry(buf, fp, sizeof(uint32_t)); 2389 if (rc < 0) 2390 return -1; 2391 nel = le32_to_cpu(buf[0]); 2392 lra = NULL; 2393 for (i = 0; i < nel; i++) { 2394 ra = calloc(1, sizeof(struct role_allow)); 2395 if (!ra) { 2396 return -1; 2397 } 2398 if (lra) { 2399 lra->next = ra; 2400 } else { 2401 *r = ra; 2402 } 2403 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2404 if (rc < 0) 2405 return -1; 2406 ra->role = le32_to_cpu(buf[0]); 2407 ra->new_role = le32_to_cpu(buf[1]); 2408 lra = ra; 2409 } 2410 return 0; 2411 } 2412 2413 int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2414 { 2415 unsigned int i; 2416 uint32_t buf[4], nel, len; 2417 filename_trans_t *ft, *lft; 2418 int rc; 2419 char *name; 2420 2421 rc = next_entry(buf, fp, sizeof(uint32_t)); 2422 if (rc < 0) 2423 return -1; 2424 nel = le32_to_cpu(buf[0]); 2425 2426 lft = NULL; 2427 for (i = 0; i < nel; i++) { 2428 ft = calloc(1, sizeof(struct filename_trans)); 2429 if (!ft) 2430 return -1; 2431 if (lft) 2432 lft->next = ft; 2433 else 2434 *t = ft; 2435 lft = ft; 2436 rc = next_entry(buf, fp, sizeof(uint32_t)); 2437 if (rc < 0) 2438 return -1; 2439 len = le32_to_cpu(buf[0]); 2440 2441 name = calloc(len + 1, sizeof(*name)); 2442 if (!name) 2443 return -1; 2444 2445 ft->name = name; 2446 2447 rc = next_entry(name, fp, len); 2448 if (rc < 0) 2449 return -1; 2450 2451 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2452 if (rc < 0) 2453 return -1; 2454 2455 ft->stype = le32_to_cpu(buf[0]); 2456 ft->ttype = le32_to_cpu(buf[1]); 2457 ft->tclass = le32_to_cpu(buf[2]); 2458 ft->otype = le32_to_cpu(buf[3]); 2459 } 2460 return 0; 2461 } 2462 2463 static int ocontext_read_xen(struct policydb_compat_info *info, 2464 policydb_t *p, struct policy_file *fp) 2465 { 2466 unsigned int i, j; 2467 size_t nel; 2468 ocontext_t *l, *c; 2469 uint32_t buf[8]; 2470 int rc; 2471 2472 for (i = 0; i < info->ocon_num; i++) { 2473 rc = next_entry(buf, fp, sizeof(uint32_t)); 2474 if (rc < 0) 2475 return -1; 2476 nel = le32_to_cpu(buf[0]); 2477 l = NULL; 2478 for (j = 0; j < nel; j++) { 2479 c = calloc(1, sizeof(ocontext_t)); 2480 if (!c) 2481 return -1; 2482 if (l) 2483 l->next = c; 2484 else 2485 p->ocontexts[i] = c; 2486 l = c; 2487 switch (i) { 2488 case OCON_XEN_ISID: 2489 rc = next_entry(buf, fp, sizeof(uint32_t)); 2490 if (rc < 0) 2491 return -1; 2492 c->sid[0] = le32_to_cpu(buf[0]); 2493 if (context_read_and_validate 2494 (&c->context[0], p, fp)) 2495 return -1; 2496 break; 2497 case OCON_XEN_PIRQ: 2498 rc = next_entry(buf, fp, sizeof(uint32_t)); 2499 if (rc < 0) 2500 return -1; 2501 c->u.pirq = le32_to_cpu(buf[0]); 2502 if (context_read_and_validate 2503 (&c->context[0], p, fp)) 2504 return -1; 2505 break; 2506 case OCON_XEN_IOPORT: 2507 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2508 if (rc < 0) 2509 return -1; 2510 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2511 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2512 if (context_read_and_validate 2513 (&c->context[0], p, fp)) 2514 return -1; 2515 break; 2516 case OCON_XEN_IOMEM: 2517 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2518 if (rc < 0) 2519 return -1; 2520 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2521 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2522 if (context_read_and_validate 2523 (&c->context[0], p, fp)) 2524 return -1; 2525 break; 2526 case OCON_XEN_PCIDEVICE: 2527 rc = next_entry(buf, fp, sizeof(uint32_t)); 2528 if (rc < 0) 2529 return -1; 2530 c->u.device = le32_to_cpu(buf[0]); 2531 if (context_read_and_validate 2532 (&c->context[0], p, fp)) 2533 return -1; 2534 break; 2535 default: 2536 /* should never get here */ 2537 ERR(fp->handle, "Unknown Xen ocontext"); 2538 return -1; 2539 } 2540 } 2541 } 2542 return 0; 2543 } 2544 static int ocontext_read_selinux(struct policydb_compat_info *info, 2545 policydb_t * p, struct policy_file *fp) 2546 { 2547 unsigned int i, j; 2548 size_t nel, len; 2549 ocontext_t *l, *c; 2550 uint32_t buf[8]; 2551 int rc; 2552 2553 for (i = 0; i < info->ocon_num; i++) { 2554 rc = next_entry(buf, fp, sizeof(uint32_t)); 2555 if (rc < 0) 2556 return -1; 2557 nel = le32_to_cpu(buf[0]); 2558 l = NULL; 2559 for (j = 0; j < nel; j++) { 2560 c = calloc(1, sizeof(ocontext_t)); 2561 if (!c) { 2562 return -1; 2563 } 2564 if (l) { 2565 l->next = c; 2566 } else { 2567 p->ocontexts[i] = c; 2568 } 2569 l = c; 2570 switch (i) { 2571 case OCON_ISID: 2572 rc = next_entry(buf, fp, sizeof(uint32_t)); 2573 if (rc < 0) 2574 return -1; 2575 c->sid[0] = le32_to_cpu(buf[0]); 2576 if (context_read_and_validate 2577 (&c->context[0], p, fp)) 2578 return -1; 2579 break; 2580 case OCON_FS: 2581 case OCON_NETIF: 2582 rc = next_entry(buf, fp, sizeof(uint32_t)); 2583 if (rc < 0) 2584 return -1; 2585 len = le32_to_cpu(buf[0]); 2586 c->u.name = malloc(len + 1); 2587 if (!c->u.name) 2588 return -1; 2589 rc = next_entry(c->u.name, fp, len); 2590 if (rc < 0) 2591 return -1; 2592 c->u.name[len] = 0; 2593 if (context_read_and_validate 2594 (&c->context[0], p, fp)) 2595 return -1; 2596 if (context_read_and_validate 2597 (&c->context[1], p, fp)) 2598 return -1; 2599 break; 2600 case OCON_PORT: 2601 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2602 if (rc < 0) 2603 return -1; 2604 c->u.port.protocol = le32_to_cpu(buf[0]); 2605 c->u.port.low_port = le32_to_cpu(buf[1]); 2606 c->u.port.high_port = le32_to_cpu(buf[2]); 2607 if (context_read_and_validate 2608 (&c->context[0], p, fp)) 2609 return -1; 2610 break; 2611 case OCON_NODE: 2612 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2613 if (rc < 0) 2614 return -1; 2615 c->u.node.addr = buf[0]; /* network order */ 2616 c->u.node.mask = buf[1]; /* network order */ 2617 if (context_read_and_validate 2618 (&c->context[0], p, fp)) 2619 return -1; 2620 break; 2621 case OCON_FSUSE: 2622 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2623 if (rc < 0) 2624 return -1; 2625 c->v.behavior = le32_to_cpu(buf[0]); 2626 len = le32_to_cpu(buf[1]); 2627 c->u.name = malloc(len + 1); 2628 if (!c->u.name) 2629 return -1; 2630 rc = next_entry(c->u.name, fp, len); 2631 if (rc < 0) 2632 return -1; 2633 c->u.name[len] = 0; 2634 if (context_read_and_validate 2635 (&c->context[0], p, fp)) 2636 return -1; 2637 break; 2638 case OCON_NODE6:{ 2639 int k; 2640 2641 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2642 if (rc < 0) 2643 return -1; 2644 for (k = 0; k < 4; k++) 2645 /* network order */ 2646 c->u.node6.addr[k] = buf[k]; 2647 for (k = 0; k < 4; k++) 2648 /* network order */ 2649 c->u.node6.mask[k] = buf[k + 4]; 2650 if (context_read_and_validate 2651 (&c->context[0], p, fp)) 2652 return -1; 2653 break; 2654 } 2655 default:{ 2656 ERR(fp->handle, "Unknown SELinux ocontext"); 2657 return -1; 2658 } 2659 } 2660 } 2661 } 2662 return 0; 2663 } 2664 2665 static int ocontext_read(struct policydb_compat_info *info, 2666 policydb_t *p, struct policy_file *fp) 2667 { 2668 int rc = -1; 2669 switch (p->target_platform) { 2670 case SEPOL_TARGET_SELINUX: 2671 rc = ocontext_read_selinux(info, p, fp); 2672 break; 2673 case SEPOL_TARGET_XEN: 2674 rc = ocontext_read_xen(info, p, fp); 2675 break; 2676 default: 2677 ERR(fp->handle, "Unknown target"); 2678 } 2679 return rc; 2680 } 2681 2682 static int genfs_read(policydb_t * p, struct policy_file *fp) 2683 { 2684 uint32_t buf[1]; 2685 size_t nel, nel2, len, len2; 2686 genfs_t *genfs_p, *newgenfs, *genfs; 2687 unsigned int i, j; 2688 ocontext_t *l, *c, *newc = NULL; 2689 int rc; 2690 2691 rc = next_entry(buf, fp, sizeof(uint32_t)); 2692 if (rc < 0) 2693 goto bad; 2694 nel = le32_to_cpu(buf[0]); 2695 genfs_p = NULL; 2696 for (i = 0; i < nel; i++) { 2697 rc = next_entry(buf, fp, sizeof(uint32_t)); 2698 if (rc < 0) 2699 goto bad; 2700 len = le32_to_cpu(buf[0]); 2701 newgenfs = calloc(1, sizeof(genfs_t)); 2702 if (!newgenfs) 2703 goto bad; 2704 newgenfs->fstype = malloc(len + 1); 2705 if (!newgenfs->fstype) { 2706 free(newgenfs); 2707 goto bad; 2708 } 2709 rc = next_entry(newgenfs->fstype, fp, len); 2710 if (rc < 0) { 2711 free(newgenfs->fstype); 2712 free(newgenfs); 2713 goto bad; 2714 } 2715 newgenfs->fstype[len] = 0; 2716 for (genfs_p = NULL, genfs = p->genfs; genfs; 2717 genfs_p = genfs, genfs = genfs->next) { 2718 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2719 ERR(fp->handle, "dup genfs fstype %s", 2720 newgenfs->fstype); 2721 free(newgenfs->fstype); 2722 free(newgenfs); 2723 goto bad; 2724 } 2725 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2726 break; 2727 } 2728 newgenfs->next = genfs; 2729 if (genfs_p) 2730 genfs_p->next = newgenfs; 2731 else 2732 p->genfs = newgenfs; 2733 rc = next_entry(buf, fp, sizeof(uint32_t)); 2734 if (rc < 0) 2735 goto bad; 2736 nel2 = le32_to_cpu(buf[0]); 2737 for (j = 0; j < nel2; j++) { 2738 newc = calloc(1, sizeof(ocontext_t)); 2739 if (!newc) { 2740 goto bad; 2741 } 2742 rc = next_entry(buf, fp, sizeof(uint32_t)); 2743 if (rc < 0) 2744 goto bad; 2745 len = le32_to_cpu(buf[0]); 2746 newc->u.name = malloc(len + 1); 2747 if (!newc->u.name) { 2748 goto bad; 2749 } 2750 rc = next_entry(newc->u.name, fp, len); 2751 if (rc < 0) 2752 goto bad; 2753 newc->u.name[len] = 0; 2754 rc = next_entry(buf, fp, sizeof(uint32_t)); 2755 if (rc < 0) 2756 goto bad; 2757 newc->v.sclass = le32_to_cpu(buf[0]); 2758 if (context_read_and_validate(&newc->context[0], p, fp)) 2759 goto bad; 2760 for (l = NULL, c = newgenfs->head; c; 2761 l = c, c = c->next) { 2762 if (!strcmp(newc->u.name, c->u.name) && 2763 (!c->v.sclass || !newc->v.sclass || 2764 newc->v.sclass == c->v.sclass)) { 2765 ERR(fp->handle, "dup genfs entry " 2766 "(%s,%s)", newgenfs->fstype, 2767 c->u.name); 2768 goto bad; 2769 } 2770 len = strlen(newc->u.name); 2771 len2 = strlen(c->u.name); 2772 if (len > len2) 2773 break; 2774 } 2775 newc->next = c; 2776 if (l) 2777 l->next = newc; 2778 else 2779 newgenfs->head = newc; 2780 } 2781 } 2782 2783 return 0; 2784 2785 bad: 2786 if (newc) { 2787 context_destroy(&newc->context[0]); 2788 context_destroy(&newc->context[1]); 2789 free(newc->u.name); 2790 free(newc); 2791 } 2792 return -1; 2793 } 2794 2795 /* 2796 * Read a MLS level structure from a policydb binary 2797 * representation file. 2798 */ 2799 static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2800 { 2801 uint32_t buf[1]; 2802 int rc; 2803 2804 mls_level_init(lp); 2805 2806 rc = next_entry(buf, fp, sizeof(uint32_t)); 2807 if (rc < 0) { 2808 ERR(fp->handle, "truncated level"); 2809 goto bad; 2810 } 2811 lp->sens = le32_to_cpu(buf[0]); 2812 2813 if (ebitmap_read(&lp->cat, fp)) { 2814 ERR(fp->handle, "error reading level categories"); 2815 goto bad; 2816 } 2817 return 0; 2818 2819 bad: 2820 return -EINVAL; 2821 } 2822 2823 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2824 { 2825 char *key = 0; 2826 user_datum_t *usrdatum; 2827 uint32_t buf[3]; 2828 size_t len; 2829 int rc, to_read = 2; 2830 2831 usrdatum = calloc(1, sizeof(user_datum_t)); 2832 if (!usrdatum) 2833 return -1; 2834 2835 if (policydb_has_boundary_feature(p)) 2836 to_read = 3; 2837 2838 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2839 if (rc < 0) 2840 goto bad; 2841 2842 len = le32_to_cpu(buf[0]); 2843 usrdatum->s.value = le32_to_cpu(buf[1]); 2844 if (policydb_has_boundary_feature(p)) 2845 usrdatum->bounds = le32_to_cpu(buf[2]); 2846 2847 key = malloc(len + 1); 2848 if (!key) 2849 goto bad; 2850 rc = next_entry(key, fp, len); 2851 if (rc < 0) 2852 goto bad; 2853 key[len] = 0; 2854 2855 if (p->policy_type == POLICY_KERN) { 2856 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2857 goto bad; 2858 } else { 2859 if (role_set_read(&usrdatum->roles, fp)) 2860 goto bad; 2861 } 2862 2863 /* users were not allowed in mls modules before version 2864 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2865 * required - the mls fields will be empty. user declarations in 2866 * non-mls modules will also have empty mls fields */ 2867 if ((p->policy_type == POLICY_KERN 2868 && p->policyvers >= POLICYDB_VERSION_MLS) 2869 || (p->policy_type == POLICY_MOD 2870 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2871 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2872 || (p->policy_type == POLICY_BASE 2873 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2874 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2875 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2876 goto bad; 2877 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2878 goto bad; 2879 if (p->policy_type != POLICY_KERN) { 2880 if (mls_range_to_semantic(&usrdatum->exp_range, 2881 &usrdatum->range)) 2882 goto bad; 2883 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2884 &usrdatum->dfltlevel)) 2885 goto bad; 2886 } 2887 } else if ((p->policy_type == POLICY_MOD 2888 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2889 || (p->policy_type == POLICY_BASE 2890 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2891 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2892 goto bad; 2893 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2894 goto bad; 2895 } 2896 2897 if (hashtab_insert(h, key, usrdatum)) 2898 goto bad; 2899 2900 return 0; 2901 2902 bad: 2903 user_destroy(key, usrdatum, NULL); 2904 return -1; 2905 } 2906 2907 static int sens_read(policydb_t * p 2908 __attribute__ ((unused)), hashtab_t h, 2909 struct policy_file *fp) 2910 { 2911 char *key = 0; 2912 level_datum_t *levdatum; 2913 uint32_t buf[2], len; 2914 int rc; 2915 2916 levdatum = malloc(sizeof(level_datum_t)); 2917 if (!levdatum) 2918 return -1; 2919 level_datum_init(levdatum); 2920 2921 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2922 if (rc < 0) 2923 goto bad; 2924 2925 len = le32_to_cpu(buf[0]); 2926 levdatum->isalias = le32_to_cpu(buf[1]); 2927 2928 key = malloc(len + 1); 2929 if (!key) 2930 goto bad; 2931 rc = next_entry(key, fp, len); 2932 if (rc < 0) 2933 goto bad; 2934 key[len] = 0; 2935 2936 levdatum->level = malloc(sizeof(mls_level_t)); 2937 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2938 goto bad; 2939 2940 if (hashtab_insert(h, key, levdatum)) 2941 goto bad; 2942 2943 return 0; 2944 2945 bad: 2946 sens_destroy(key, levdatum, NULL); 2947 return -1; 2948 } 2949 2950 static int cat_read(policydb_t * p 2951 __attribute__ ((unused)), hashtab_t h, 2952 struct policy_file *fp) 2953 { 2954 char *key = 0; 2955 cat_datum_t *catdatum; 2956 uint32_t buf[3], len; 2957 int rc; 2958 2959 catdatum = malloc(sizeof(cat_datum_t)); 2960 if (!catdatum) 2961 return -1; 2962 cat_datum_init(catdatum); 2963 2964 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2965 if (rc < 0) 2966 goto bad; 2967 2968 len = le32_to_cpu(buf[0]); 2969 catdatum->s.value = le32_to_cpu(buf[1]); 2970 catdatum->isalias = le32_to_cpu(buf[2]); 2971 2972 key = malloc(len + 1); 2973 if (!key) 2974 goto bad; 2975 rc = next_entry(key, fp, len); 2976 if (rc < 0) 2977 goto bad; 2978 key[len] = 0; 2979 2980 if (hashtab_insert(h, key, catdatum)) 2981 goto bad; 2982 2983 return 0; 2984 2985 bad: 2986 cat_destroy(key, catdatum, NULL); 2987 return -1; 2988 } 2989 2990 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 2991 struct policy_file * fp) = { 2992 common_read, class_read, role_read, type_read, user_read, 2993 cond_read_bool, sens_read, cat_read,}; 2994 2995 /************** module reading functions below **************/ 2996 2997 static avrule_t *avrule_read(policydb_t * p 2998 __attribute__ ((unused)), struct policy_file *fp) 2999 { 3000 unsigned int i; 3001 uint32_t buf[2], len; 3002 class_perm_node_t *cur, *tail = NULL; 3003 avrule_t *avrule; 3004 int rc; 3005 3006 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 3007 if (!avrule) 3008 return NULL; 3009 3010 avrule_init(avrule); 3011 3012 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3013 if (rc < 0) 3014 goto bad; 3015 3016 (avrule)->specified = le32_to_cpu(buf[0]); 3017 (avrule)->flags = le32_to_cpu(buf[1]); 3018 3019 if (type_set_read(&avrule->stypes, fp)) 3020 goto bad; 3021 3022 if (type_set_read(&avrule->ttypes, fp)) 3023 goto bad; 3024 3025 rc = next_entry(buf, fp, sizeof(uint32_t)); 3026 if (rc < 0) 3027 goto bad; 3028 len = le32_to_cpu(buf[0]); 3029 3030 for (i = 0; i < len; i++) { 3031 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 3032 if (!cur) 3033 goto bad; 3034 class_perm_node_init(cur); 3035 3036 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3037 if (rc < 0) { 3038 free(cur); 3039 goto bad; 3040 } 3041 3042 cur->class = le32_to_cpu(buf[0]); 3043 cur->data = le32_to_cpu(buf[1]); 3044 3045 if (!tail) { 3046 avrule->perms = cur; 3047 } else { 3048 tail->next = cur; 3049 } 3050 tail = cur; 3051 } 3052 3053 return avrule; 3054 bad: 3055 if (avrule) { 3056 avrule_destroy(avrule); 3057 free(avrule); 3058 } 3059 return NULL; 3060 } 3061 3062 static int range_read(policydb_t * p, struct policy_file *fp) 3063 { 3064 uint32_t buf[2], nel; 3065 range_trans_t *rt, *lrt; 3066 range_trans_rule_t *rtr, *lrtr = NULL; 3067 unsigned int i; 3068 int new_rangetr = (p->policy_type == POLICY_KERN && 3069 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 3070 int rc; 3071 3072 rc = next_entry(buf, fp, sizeof(uint32_t)); 3073 if (rc < 0) 3074 return -1; 3075 nel = le32_to_cpu(buf[0]); 3076 lrt = NULL; 3077 for (i = 0; i < nel; i++) { 3078 rt = calloc(1, sizeof(range_trans_t)); 3079 if (!rt) 3080 return -1; 3081 if (lrt) 3082 lrt->next = rt; 3083 else 3084 p->range_tr = rt; 3085 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3086 if (rc < 0) 3087 return -1; 3088 rt->source_type = le32_to_cpu(buf[0]); 3089 rt->target_type = le32_to_cpu(buf[1]); 3090 if (new_rangetr) { 3091 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3092 if (rc < 0) 3093 return -1; 3094 rt->target_class = le32_to_cpu(buf[0]); 3095 } else 3096 rt->target_class = SECCLASS_PROCESS; 3097 if (mls_read_range_helper(&rt->target_range, fp)) 3098 return -1; 3099 lrt = rt; 3100 } 3101 3102 /* if this is a kernel policy, we are done - otherwise we need to 3103 * convert these structs to range_trans_rule_ts */ 3104 if (p->policy_type == POLICY_KERN) 3105 return 0; 3106 3107 /* create range_trans_rules_ts that correspond to the range_trans_ts 3108 * that were just read in from an older policy */ 3109 for (rt = p->range_tr; rt; rt = rt->next) { 3110 rtr = malloc(sizeof(range_trans_rule_t)); 3111 if (!rtr) { 3112 return -1; 3113 } 3114 range_trans_rule_init(rtr); 3115 3116 if (lrtr) 3117 lrtr->next = rtr; 3118 else 3119 p->global->enabled->range_tr_rules = rtr; 3120 3121 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3122 return -1; 3123 3124 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3125 return -1; 3126 3127 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3128 return -1; 3129 3130 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 3131 return -1; 3132 3133 lrtr = rtr; 3134 } 3135 3136 /* now destroy the range_trans_ts */ 3137 lrt = NULL; 3138 for (rt = p->range_tr; rt; rt = rt->next) { 3139 if (lrt) { 3140 ebitmap_destroy(&lrt->target_range.level[0].cat); 3141 ebitmap_destroy(&lrt->target_range.level[1].cat); 3142 free(lrt); 3143 } 3144 lrt = rt; 3145 } 3146 if (lrt) { 3147 ebitmap_destroy(&lrt->target_range.level[0].cat); 3148 ebitmap_destroy(&lrt->target_range.level[1].cat); 3149 free(lrt); 3150 } 3151 p->range_tr = NULL; 3152 3153 return 0; 3154 } 3155 3156 int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3157 struct policy_file *fp) 3158 { 3159 unsigned int i; 3160 avrule_t *cur, *tail; 3161 uint32_t buf[1], len; 3162 int rc; 3163 3164 *avrules = tail = NULL; 3165 3166 rc = next_entry(buf, fp, sizeof(uint32_t)); 3167 if (rc < 0) { 3168 return -1; 3169 } 3170 len = le32_to_cpu(buf[0]); 3171 3172 for (i = 0; i < len; i++) { 3173 cur = avrule_read(p, fp); 3174 if (!cur) { 3175 return -1; 3176 } 3177 3178 if (!tail) { 3179 *avrules = cur; 3180 } else { 3181 tail->next = cur; 3182 } 3183 tail = cur; 3184 } 3185 3186 return 0; 3187 } 3188 3189 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3190 struct policy_file *fp) 3191 { 3192 uint32_t buf[1], nel; 3193 unsigned int i; 3194 role_trans_rule_t *tr, *ltr; 3195 int rc; 3196 3197 rc = next_entry(buf, fp, sizeof(uint32_t)); 3198 if (rc < 0) 3199 return -1; 3200 nel = le32_to_cpu(buf[0]); 3201 ltr = NULL; 3202 for (i = 0; i < nel; i++) { 3203 tr = malloc(sizeof(role_trans_rule_t)); 3204 if (!tr) { 3205 return -1; 3206 } 3207 role_trans_rule_init(tr); 3208 3209 if (ltr) { 3210 ltr->next = tr; 3211 } else { 3212 *r = tr; 3213 } 3214 3215 if (role_set_read(&tr->roles, fp)) 3216 return -1; 3217 3218 if (type_set_read(&tr->types, fp)) 3219 return -1; 3220 3221 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3222 if (ebitmap_read(&tr->classes, fp)) 3223 return -1; 3224 } else { 3225 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3226 return -1; 3227 } 3228 3229 rc = next_entry(buf, fp, sizeof(uint32_t)); 3230 if (rc < 0) 3231 return -1; 3232 tr->new_role = le32_to_cpu(buf[0]); 3233 ltr = tr; 3234 } 3235 3236 return 0; 3237 } 3238 3239 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3240 { 3241 unsigned int i; 3242 uint32_t buf[1], nel; 3243 role_allow_rule_t *ra, *lra; 3244 int rc; 3245 3246 rc = next_entry(buf, fp, sizeof(uint32_t)); 3247 if (rc < 0) 3248 return -1; 3249 nel = le32_to_cpu(buf[0]); 3250 lra = NULL; 3251 for (i = 0; i < nel; i++) { 3252 ra = malloc(sizeof(role_allow_rule_t)); 3253 if (!ra) { 3254 return -1; 3255 } 3256 role_allow_rule_init(ra); 3257 3258 if (lra) { 3259 lra->next = ra; 3260 } else { 3261 *r = ra; 3262 } 3263 3264 if (role_set_read(&ra->roles, fp)) 3265 return -1; 3266 3267 if (role_set_read(&ra->new_roles, fp)) 3268 return -1; 3269 3270 lra = ra; 3271 } 3272 return 0; 3273 } 3274 3275 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3276 { 3277 uint32_t buf[2], nel; 3278 unsigned int i, len; 3279 filename_trans_rule_t *ftr, *lftr; 3280 int rc; 3281 3282 rc = next_entry(buf, fp, sizeof(uint32_t)); 3283 if (rc < 0) 3284 return -1; 3285 nel = le32_to_cpu(buf[0]); 3286 lftr = NULL; 3287 for (i = 0; i < nel; i++) { 3288 ftr = malloc(sizeof(*ftr)); 3289 if (!ftr) 3290 return -1; 3291 3292 filename_trans_rule_init(ftr); 3293 3294 if (lftr) 3295 lftr->next = ftr; 3296 else 3297 *r = ftr; 3298 lftr = ftr; 3299 3300 rc = next_entry(buf, fp, sizeof(uint32_t)); 3301 if (rc < 0) 3302 return -1; 3303 3304 len = le32_to_cpu(buf[0]); 3305 3306 ftr->name = malloc(len + 1); 3307 if (!ftr->name) 3308 return -1; 3309 3310 rc = next_entry(ftr->name, fp, len); 3311 if (rc) 3312 return -1; 3313 ftr->name[len] = 0; 3314 3315 if (type_set_read(&ftr->stypes, fp)) 3316 return -1; 3317 3318 if (type_set_read(&ftr->ttypes, fp)) 3319 return -1; 3320 3321 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3322 if (rc < 0) 3323 return -1; 3324 ftr->tclass = le32_to_cpu(buf[0]); 3325 ftr->otype = le32_to_cpu(buf[1]); 3326 } 3327 3328 return 0; 3329 } 3330 3331 static int range_trans_rule_read(range_trans_rule_t ** r, 3332 struct policy_file *fp) 3333 { 3334 uint32_t buf[1], nel; 3335 unsigned int i; 3336 range_trans_rule_t *rt, *lrt = NULL; 3337 int rc; 3338 3339 rc = next_entry(buf, fp, sizeof(uint32_t)); 3340 if (rc < 0) 3341 return -1; 3342 nel = le32_to_cpu(buf[0]); 3343 for (i = 0; i < nel; i++) { 3344 rt = malloc(sizeof(range_trans_rule_t)); 3345 if (!rt) { 3346 return -1; 3347 } 3348 range_trans_rule_init(rt); 3349 3350 if (lrt) 3351 lrt->next = rt; 3352 else 3353 *r = rt; 3354 3355 if (type_set_read(&rt->stypes, fp)) 3356 return -1; 3357 3358 if (type_set_read(&rt->ttypes, fp)) 3359 return -1; 3360 3361 if (ebitmap_read(&rt->tclasses, fp)) 3362 return -1; 3363 3364 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3365 return -1; 3366 3367 lrt = rt; 3368 } 3369 3370 return 0; 3371 } 3372 3373 static int scope_index_read(scope_index_t * scope_index, 3374 unsigned int num_scope_syms, struct policy_file *fp) 3375 { 3376 unsigned int i; 3377 uint32_t buf[1]; 3378 int rc; 3379 3380 for (i = 0; i < num_scope_syms; i++) { 3381 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3382 return -1; 3383 } 3384 } 3385 rc = next_entry(buf, fp, sizeof(uint32_t)); 3386 if (rc < 0) 3387 return -1; 3388 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3389 if (scope_index->class_perms_len == 0) { 3390 scope_index->class_perms_map = NULL; 3391 return 0; 3392 } 3393 if ((scope_index->class_perms_map = 3394 calloc(scope_index->class_perms_len, 3395 sizeof(*scope_index->class_perms_map))) == NULL) { 3396 return -1; 3397 } 3398 for (i = 0; i < scope_index->class_perms_len; i++) { 3399 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3400 return -1; 3401 } 3402 } 3403 return 0; 3404 } 3405 3406 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3407 unsigned int num_scope_syms, struct policy_file *fp) 3408 { 3409 uint32_t buf[2], nprim, nel; 3410 unsigned int i, j; 3411 int rc; 3412 3413 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3414 if (rc < 0) 3415 return -1; 3416 decl->decl_id = le32_to_cpu(buf[0]); 3417 decl->enabled = le32_to_cpu(buf[1]); 3418 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3419 avrule_read_list(p, &decl->avrules, fp) == -1 || 3420 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3421 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3422 return -1; 3423 } 3424 3425 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3426 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3427 return -1; 3428 3429 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3430 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3431 return -1; 3432 } 3433 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3434 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3435 return -1; 3436 } 3437 3438 for (i = 0; i < num_scope_syms; i++) { 3439 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3440 if (rc < 0) 3441 return -1; 3442 nprim = le32_to_cpu(buf[0]); 3443 nel = le32_to_cpu(buf[1]); 3444 for (j = 0; j < nel; j++) { 3445 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3446 return -1; 3447 } 3448 } 3449 decl->symtab[i].nprim = nprim; 3450 } 3451 return 0; 3452 } 3453 3454 static int avrule_block_read(policydb_t * p, 3455 avrule_block_t ** block, 3456 unsigned int num_scope_syms, 3457 struct policy_file *fp) 3458 { 3459 avrule_block_t *last_block = NULL, *curblock; 3460 uint32_t buf[1], num_blocks, nel; 3461 int rc; 3462 3463 assert(*block == NULL); 3464 3465 rc = next_entry(buf, fp, sizeof(uint32_t)); 3466 if (rc < 0) 3467 return -1; 3468 num_blocks = le32_to_cpu(buf[0]); 3469 nel = num_blocks; 3470 while (num_blocks > 0) { 3471 avrule_decl_t *last_decl = NULL, *curdecl; 3472 uint32_t num_decls; 3473 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3474 return -1; 3475 } 3476 rc = next_entry(buf, fp, sizeof(uint32_t)); 3477 if (rc < 0) { 3478 free(curblock); 3479 return -1; 3480 } 3481 /* if this is the first block its non-optional, else its optional */ 3482 if (num_blocks != nel) 3483 curblock->flags |= AVRULE_OPTIONAL; 3484 3485 num_decls = le32_to_cpu(buf[0]); 3486 while (num_decls > 0) { 3487 if ((curdecl = avrule_decl_create(0)) == NULL) { 3488 avrule_block_destroy(curblock); 3489 return -1; 3490 } 3491 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3492 -1) { 3493 avrule_decl_destroy(curdecl); 3494 avrule_block_destroy(curblock); 3495 return -1; 3496 } 3497 if (curdecl->enabled) { 3498 if (curblock->enabled != NULL) { 3499 /* probably a corrupt file */ 3500 avrule_decl_destroy(curdecl); 3501 avrule_block_destroy(curblock); 3502 return -1; 3503 } 3504 curblock->enabled = curdecl; 3505 } 3506 /* one must be careful to reconstruct the 3507 * decl chain in its correct order */ 3508 if (curblock->branch_list == NULL) { 3509 curblock->branch_list = curdecl; 3510 } else { 3511 assert(last_decl); 3512 last_decl->next = curdecl; 3513 } 3514 last_decl = curdecl; 3515 num_decls--; 3516 } 3517 3518 if (*block == NULL) { 3519 *block = curblock; 3520 } else { 3521 assert(last_block); 3522 last_block->next = curblock; 3523 } 3524 last_block = curblock; 3525 3526 num_blocks--; 3527 } 3528 3529 return 0; 3530 } 3531 3532 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3533 { 3534 scope_datum_t *scope = NULL; 3535 uint32_t buf[2]; 3536 char *key = NULL; 3537 size_t key_len; 3538 unsigned int i; 3539 hashtab_t h = p->scope[symnum].table; 3540 int rc; 3541 3542 rc = next_entry(buf, fp, sizeof(uint32_t)); 3543 if (rc < 0) 3544 goto cleanup; 3545 key_len = le32_to_cpu(buf[0]); 3546 key = malloc(key_len + 1); 3547 if (!key) 3548 goto cleanup; 3549 rc = next_entry(key, fp, key_len); 3550 if (rc < 0) 3551 goto cleanup; 3552 key[key_len] = '\0'; 3553 3554 /* ensure that there already exists a symbol with this key */ 3555 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3556 goto cleanup; 3557 } 3558 3559 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3560 goto cleanup; 3561 } 3562 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3563 if (rc < 0) 3564 goto cleanup; 3565 scope->scope = le32_to_cpu(buf[0]); 3566 scope->decl_ids_len = le32_to_cpu(buf[1]); 3567 assert(scope->decl_ids_len > 0); 3568 if ((scope->decl_ids = 3569 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3570 goto cleanup; 3571 } 3572 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3573 if (rc < 0) 3574 goto cleanup; 3575 for (i = 0; i < scope->decl_ids_len; i++) { 3576 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3577 } 3578 3579 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3580 /* object_r was already added to this table in roles_init() */ 3581 scope_destroy(key, scope, NULL); 3582 } else { 3583 if (hashtab_insert(h, key, scope)) { 3584 goto cleanup; 3585 } 3586 } 3587 3588 return 0; 3589 3590 cleanup: 3591 scope_destroy(key, scope, NULL); 3592 return -1; 3593 } 3594 3595 /* 3596 * Read the configuration data from a policy database binary 3597 * representation file into a policy database structure. 3598 */ 3599 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3600 { 3601 3602 unsigned int i, j, r_policyvers; 3603 uint32_t buf[5]; 3604 size_t len, nprim, nel; 3605 char *policydb_str; 3606 struct policydb_compat_info *info; 3607 unsigned int policy_type, bufindex; 3608 ebitmap_node_t *tnode; 3609 int rc; 3610 3611 /* Read the magic number and string length. */ 3612 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3613 if (rc < 0) 3614 return POLICYDB_ERROR; 3615 for (i = 0; i < 2; i++) 3616 buf[i] = le32_to_cpu(buf[i]); 3617 3618 if (buf[0] == POLICYDB_MAGIC) { 3619 policy_type = POLICY_KERN; 3620 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3621 policy_type = POLICY_MOD; 3622 } else { 3623 ERR(fp->handle, "policydb magic number %#08x does not " 3624 "match expected magic number %#08x or %#08x", 3625 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3626 return POLICYDB_ERROR; 3627 } 3628 3629 len = buf[1]; 3630 if (len > POLICYDB_STRING_MAX_LENGTH) { 3631 ERR(fp->handle, "policydb string length too long "); 3632 return POLICYDB_ERROR; 3633 } 3634 3635 policydb_str = malloc(len + 1); 3636 if (!policydb_str) { 3637 ERR(fp->handle, "unable to allocate memory for policydb " 3638 "string of length %zu", len); 3639 return POLICYDB_ERROR; 3640 } 3641 rc = next_entry(policydb_str, fp, len); 3642 if (rc < 0) { 3643 ERR(fp->handle, "truncated policydb string identifier"); 3644 free(policydb_str); 3645 return POLICYDB_ERROR; 3646 } 3647 policydb_str[len] = 0; 3648 3649 if (policy_type == POLICY_KERN) { 3650 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3651 if ((strcmp(policydb_str, policydb_target_strings[i]) 3652 == 0)) { 3653 policydb_set_target_platform(p, i); 3654 break; 3655 } 3656 } 3657 3658 if (i == POLICYDB_TARGET_SZ) { 3659 ERR(fp->handle, "cannot find a valid target for policy " 3660 "string %s", policydb_str); 3661 free(policydb_str); 3662 return POLICYDB_ERROR; 3663 } 3664 } else { 3665 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3666 ERR(fp->handle, "invalid string identifier %s", 3667 policydb_str); 3668 free(policydb_str); 3669 return POLICYDB_ERROR; 3670 } 3671 } 3672 3673 /* Done with policydb_str. */ 3674 free(policydb_str); 3675 policydb_str = NULL; 3676 3677 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3678 if (policy_type == POLICY_KERN) 3679 nel = 4; 3680 else 3681 nel = 5; 3682 3683 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3684 if (rc < 0) 3685 return POLICYDB_ERROR; 3686 for (i = 0; i < nel; i++) 3687 buf[i] = le32_to_cpu(buf[i]); 3688 3689 bufindex = 0; 3690 3691 if (policy_type == POLICY_MOD) { 3692 /* We know it's a module but not whether it's a base 3693 module or regular binary policy module. buf[0] 3694 tells us which. */ 3695 policy_type = buf[bufindex]; 3696 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3697 ERR(fp->handle, "unknown module type: %#08x", 3698 policy_type); 3699 return POLICYDB_ERROR; 3700 } 3701 bufindex++; 3702 } 3703 3704 r_policyvers = buf[bufindex]; 3705 if (policy_type == POLICY_KERN) { 3706 if (r_policyvers < POLICYDB_VERSION_MIN || 3707 r_policyvers > POLICYDB_VERSION_MAX) { 3708 ERR(fp->handle, "policydb version %d does not match " 3709 "my version range %d-%d", buf[bufindex], 3710 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3711 return POLICYDB_ERROR; 3712 } 3713 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3714 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3715 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3716 ERR(fp->handle, "policydb module version %d does " 3717 "not match my version range %d-%d", 3718 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3719 MOD_POLICYDB_VERSION_MAX); 3720 return POLICYDB_ERROR; 3721 } 3722 } else { 3723 assert(0); 3724 } 3725 bufindex++; 3726 3727 /* Set the policy type and version from the read values. */ 3728 p->policy_type = policy_type; 3729 p->policyvers = r_policyvers; 3730 3731 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3732 p->mls = 1; 3733 } else { 3734 p->mls = 0; 3735 } 3736 3737 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3738 3739 bufindex++; 3740 3741 info = policydb_lookup_compat(r_policyvers, policy_type, 3742 p->target_platform); 3743 if (!info) { 3744 ERR(fp->handle, "unable to find policy compat info " 3745 "for version %d", r_policyvers); 3746 goto bad; 3747 } 3748 3749 if (buf[bufindex] != info->sym_num 3750 || buf[bufindex + 1] != info->ocon_num) { 3751 ERR(fp->handle, 3752 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3753 buf[bufindex], buf[bufindex + 1], info->sym_num, 3754 info->ocon_num); 3755 goto bad; 3756 } 3757 3758 if (p->policy_type == POLICY_MOD) { 3759 /* Get the module name and version */ 3760 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3761 goto bad; 3762 } 3763 len = le32_to_cpu(buf[0]); 3764 if ((p->name = malloc(len + 1)) == NULL) { 3765 goto bad; 3766 } 3767 if ((rc = next_entry(p->name, fp, len)) < 0) { 3768 goto bad; 3769 } 3770 p->name[len] = '\0'; 3771 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3772 goto bad; 3773 } 3774 len = le32_to_cpu(buf[0]); 3775 if ((p->version = malloc(len + 1)) == NULL) { 3776 goto bad; 3777 } 3778 if ((rc = next_entry(p->version, fp, len)) < 0) { 3779 goto bad; 3780 } 3781 p->version[len] = '\0'; 3782 } 3783 3784 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3785 p->policy_type == POLICY_KERN) || 3786 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3787 p->policy_type == POLICY_BASE) || 3788 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3789 p->policy_type == POLICY_MOD)) { 3790 if (ebitmap_read(&p->policycaps, fp)) 3791 goto bad; 3792 } 3793 3794 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3795 p->policy_type == POLICY_KERN) { 3796 if (ebitmap_read(&p->permissive_map, fp)) 3797 goto bad; 3798 } 3799 3800 for (i = 0; i < info->sym_num; i++) { 3801 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3802 if (rc < 0) 3803 goto bad; 3804 nprim = le32_to_cpu(buf[0]); 3805 nel = le32_to_cpu(buf[1]); 3806 for (j = 0; j < nel; j++) { 3807 if (read_f[i] (p, p->symtab[i].table, fp)) 3808 goto bad; 3809 } 3810 3811 p->symtab[i].nprim = nprim; 3812 } 3813 3814 if (policy_type == POLICY_KERN) { 3815 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3816 goto bad; 3817 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3818 if (cond_read_list(p, &p->cond_list, fp)) 3819 goto bad; 3820 if (role_trans_read(p, fp)) 3821 goto bad; 3822 if (role_allow_read(&p->role_allow, fp)) 3823 goto bad; 3824 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3825 filename_trans_read(&p->filename_trans, fp)) 3826 goto bad; 3827 } else { 3828 /* first read the AV rule blocks, then the scope tables */ 3829 avrule_block_destroy(p->global); 3830 p->global = NULL; 3831 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3832 goto bad; 3833 } 3834 for (i = 0; i < info->sym_num; i++) { 3835 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3836 goto bad; 3837 } 3838 nel = le32_to_cpu(buf[0]); 3839 for (j = 0; j < nel; j++) { 3840 if (scope_read(p, i, fp)) 3841 goto bad; 3842 } 3843 } 3844 3845 } 3846 3847 if (policydb_index_decls(p)) 3848 goto bad; 3849 3850 if (policydb_index_classes(p)) 3851 goto bad; 3852 3853 if (policydb_index_others(fp->handle, p, verbose)) 3854 goto bad; 3855 3856 if (ocontext_read(info, p, fp) == -1) { 3857 goto bad; 3858 } 3859 3860 if (genfs_read(p, fp) == -1) { 3861 goto bad; 3862 } 3863 3864 if ((p->policy_type == POLICY_KERN 3865 && p->policyvers >= POLICYDB_VERSION_MLS) 3866 || (p->policy_type == POLICY_BASE 3867 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3868 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3869 if (range_read(p, fp)) { 3870 goto bad; 3871 } 3872 } 3873 3874 if (policy_type == POLICY_KERN) { 3875 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3876 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3877 if (!p->type_attr_map || !p->attr_type_map) 3878 goto bad; 3879 for (i = 0; i < p->p_types.nprim; i++) { 3880 ebitmap_init(&p->type_attr_map[i]); 3881 ebitmap_init(&p->attr_type_map[i]); 3882 } 3883 for (i = 0; i < p->p_types.nprim; i++) { 3884 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3885 if (ebitmap_read(&p->type_attr_map[i], fp)) 3886 goto bad; 3887 ebitmap_for_each_bit(&p->type_attr_map[i], 3888 tnode, j) { 3889 if (!ebitmap_node_get_bit(tnode, j) 3890 || i == j) 3891 continue; 3892 if (ebitmap_set_bit 3893 (&p->attr_type_map[j], i, 1)) 3894 goto bad; 3895 } 3896 } 3897 /* add the type itself as the degenerate case */ 3898 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3899 goto bad; 3900 } 3901 } 3902 3903 return POLICYDB_SUCCESS; 3904 bad: 3905 return POLICYDB_ERROR; 3906 } 3907 3908 int policydb_reindex_users(policydb_t * p) 3909 { 3910 unsigned int i = SYM_USERS; 3911 3912 if (p->user_val_to_struct) 3913 free(p->user_val_to_struct); 3914 if (p->sym_val_to_name[i]) 3915 free(p->sym_val_to_name[i]); 3916 3917 p->user_val_to_struct = (user_datum_t **) 3918 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3919 if (!p->user_val_to_struct) 3920 return -1; 3921 3922 p->sym_val_to_name[i] = (char **) 3923 malloc(p->symtab[i].nprim * sizeof(char *)); 3924 if (!p->sym_val_to_name[i]) 3925 return -1; 3926 3927 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3928 return -1; 3929 3930 /* Expand user roles for context validity checking */ 3931 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3932 return -1; 3933 3934 return 0; 3935 } 3936 3937 void policy_file_init(policy_file_t *pf) 3938 { 3939 memset(pf, 0, sizeof(policy_file_t)); 3940 } 3941 3942 int policydb_set_target_platform(policydb_t *p, int platform) 3943 { 3944 if (platform == SEPOL_TARGET_SELINUX) 3945 p->target_platform = SEPOL_TARGET_SELINUX; 3946 else if (platform == SEPOL_TARGET_XEN) 3947 p->target_platform = SEPOL_TARGET_XEN; 3948 else 3949 return -1; 3950 3951 return 0; 3952 } 3953 3954
