1 2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 3 4 /* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris (at) redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37 /* FLASK */ 38 39 /* 40 * Implementation of the policy database. 41 */ 42 43 #include <assert.h> 44 #include <stdlib.h> 45 46 #include <sepol/policydb/policydb.h> 47 #include <sepol/policydb/expand.h> 48 #include <sepol/policydb/conditional.h> 49 #include <sepol/policydb/avrule_block.h> 50 #include <sepol/policydb/util.h> 51 #include <sepol/policydb/flask.h> 52 53 #include "private.h" 54 #include "debug.h" 55 #include "mls.h" 56 57 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58 const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60 /* These need to be updated if SYM_NUM or OCON_NUM changes */ 61 static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_XEN_DEVICETREE, 72 .sym_num = SYM_NUM, 73 .ocon_num = OCON_XEN_DEVICETREE + 1, 74 .target_platform = SEPOL_TARGET_XEN, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BASE, 79 .sym_num = SYM_NUM - 3, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_BOOL, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_FSUSE + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_IPV6, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_NLCLASS, 100 .sym_num = SYM_NUM - 2, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_MLS, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_AVTAB, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_RANGETRANS, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_POLCAP, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_PERMISSIVE, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_BOUNDARY, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_FILENAME_TRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_KERN, 155 .version = POLICYDB_VERSION_ROLETRANS, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_KERN, 162 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_KERN, 169 .version = POLICYDB_VERSION_DEFAULT_TYPE, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_KERN, 176 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_KERN, 183 .version = POLICYDB_VERSION_XPERMS_IOCTL, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_BASE, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_MLS, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_MLS_USERS, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_POLCAP, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_BASE, 218 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 219 .sym_num = SYM_NUM, 220 .ocon_num = OCON_NODE6 + 1, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_BASE, 225 .version = MOD_POLICYDB_VERSION_BOUNDARY, 226 .sym_num = SYM_NUM, 227 .ocon_num = OCON_NODE6 + 1, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_BASE, 232 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 233 .sym_num = SYM_NUM, 234 .ocon_num = OCON_NODE6 + 1, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_BASE, 239 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 240 .sym_num = SYM_NUM, 241 .ocon_num = OCON_NODE6 + 1, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_BASE, 246 .version = MOD_POLICYDB_VERSION_ROLETRANS, 247 .sym_num = SYM_NUM, 248 .ocon_num = OCON_NODE6 + 1, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_BASE, 253 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 254 .sym_num = SYM_NUM, 255 .ocon_num = OCON_NODE6 + 1, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_BASE, 260 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 261 .sym_num = SYM_NUM, 262 .ocon_num = OCON_NODE6 + 1, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_BASE, 267 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 268 .sym_num = SYM_NUM, 269 .ocon_num = OCON_NODE6 + 1, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_BASE, 274 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 275 .sym_num = SYM_NUM, 276 .ocon_num = OCON_NODE6 + 1, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279 { 280 .type = POLICY_BASE, 281 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 282 .sym_num = SYM_NUM, 283 .ocon_num = OCON_NODE6 + 1, 284 .target_platform = SEPOL_TARGET_SELINUX, 285 }, 286 { 287 .type = POLICY_MOD, 288 .version = MOD_POLICYDB_VERSION_BASE, 289 .sym_num = SYM_NUM, 290 .ocon_num = 0, 291 .target_platform = SEPOL_TARGET_SELINUX, 292 }, 293 { 294 .type = POLICY_MOD, 295 .version = MOD_POLICYDB_VERSION_MLS, 296 .sym_num = SYM_NUM, 297 .ocon_num = 0, 298 .target_platform = SEPOL_TARGET_SELINUX, 299 }, 300 { 301 .type = POLICY_MOD, 302 .version = MOD_POLICYDB_VERSION_MLS_USERS, 303 .sym_num = SYM_NUM, 304 .ocon_num = 0, 305 .target_platform = SEPOL_TARGET_SELINUX, 306 }, 307 { 308 .type = POLICY_MOD, 309 .version = MOD_POLICYDB_VERSION_POLCAP, 310 .sym_num = SYM_NUM, 311 .ocon_num = 0, 312 .target_platform = SEPOL_TARGET_SELINUX, 313 }, 314 { 315 .type = POLICY_MOD, 316 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 317 .sym_num = SYM_NUM, 318 .ocon_num = 0, 319 .target_platform = SEPOL_TARGET_SELINUX, 320 }, 321 { 322 .type = POLICY_MOD, 323 .version = MOD_POLICYDB_VERSION_BOUNDARY, 324 .sym_num = SYM_NUM, 325 .ocon_num = 0, 326 .target_platform = SEPOL_TARGET_SELINUX, 327 }, 328 { 329 .type = POLICY_MOD, 330 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 331 .sym_num = SYM_NUM, 332 .ocon_num = 0, 333 .target_platform = SEPOL_TARGET_SELINUX, 334 }, 335 { 336 .type = POLICY_MOD, 337 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 338 .sym_num = SYM_NUM, 339 .ocon_num = 0, 340 .target_platform = SEPOL_TARGET_SELINUX, 341 }, 342 { 343 .type = POLICY_MOD, 344 .version = MOD_POLICYDB_VERSION_ROLETRANS, 345 .sym_num = SYM_NUM, 346 .ocon_num = 0, 347 .target_platform = SEPOL_TARGET_SELINUX, 348 }, 349 { 350 .type = POLICY_MOD, 351 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 352 .sym_num = SYM_NUM, 353 .ocon_num = 0, 354 .target_platform = SEPOL_TARGET_SELINUX, 355 }, 356 { 357 .type = POLICY_MOD, 358 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 359 .sym_num = SYM_NUM, 360 .ocon_num = 0, 361 .target_platform = SEPOL_TARGET_SELINUX, 362 }, 363 { 364 .type = POLICY_MOD, 365 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 366 .sym_num = SYM_NUM, 367 .ocon_num = 0, 368 .target_platform = SEPOL_TARGET_SELINUX, 369 }, 370 { 371 .type = POLICY_MOD, 372 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 373 .sym_num = SYM_NUM, 374 .ocon_num = 0, 375 .target_platform = SEPOL_TARGET_SELINUX, 376 }, 377 { 378 .type = POLICY_MOD, 379 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 380 .sym_num = SYM_NUM, 381 .ocon_num = 0, 382 .target_platform = SEPOL_TARGET_SELINUX, 383 }, 384 }; 385 386 #if 0 387 static char *symtab_name[SYM_NUM] = { 388 "common prefixes", 389 "classes", 390 "roles", 391 "types", 392 "users", 393 "bools" mls_symtab_names cond_symtab_names 394 }; 395 #endif 396 397 static unsigned int symtab_sizes[SYM_NUM] = { 398 2, 399 32, 400 16, 401 512, 402 128, 403 16, 404 16, 405 16, 406 }; 407 408 struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 409 unsigned int type, 410 unsigned int target_platform) 411 { 412 unsigned int i; 413 struct policydb_compat_info *info = NULL; 414 415 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 416 if (policydb_compat[i].version == version && 417 policydb_compat[i].type == type && 418 policydb_compat[i].target_platform == target_platform) { 419 info = &policydb_compat[i]; 420 break; 421 } 422 } 423 return info; 424 } 425 426 void type_set_init(type_set_t * x) 427 { 428 memset(x, 0, sizeof(type_set_t)); 429 ebitmap_init(&x->types); 430 ebitmap_init(&x->negset); 431 } 432 433 void type_set_destroy(type_set_t * x) 434 { 435 if (x != NULL) { 436 ebitmap_destroy(&x->types); 437 ebitmap_destroy(&x->negset); 438 } 439 } 440 441 void role_set_init(role_set_t * x) 442 { 443 memset(x, 0, sizeof(role_set_t)); 444 ebitmap_init(&x->roles); 445 } 446 447 void role_set_destroy(role_set_t * x) 448 { 449 ebitmap_destroy(&x->roles); 450 } 451 452 void role_datum_init(role_datum_t * x) 453 { 454 memset(x, 0, sizeof(role_datum_t)); 455 ebitmap_init(&x->dominates); 456 type_set_init(&x->types); 457 ebitmap_init(&x->cache); 458 ebitmap_init(&x->roles); 459 } 460 461 void role_datum_destroy(role_datum_t * x) 462 { 463 if (x != NULL) { 464 ebitmap_destroy(&x->dominates); 465 type_set_destroy(&x->types); 466 ebitmap_destroy(&x->cache); 467 ebitmap_destroy(&x->roles); 468 } 469 } 470 471 void type_datum_init(type_datum_t * x) 472 { 473 memset(x, 0, sizeof(*x)); 474 ebitmap_init(&x->types); 475 } 476 477 void type_datum_destroy(type_datum_t * x) 478 { 479 if (x != NULL) { 480 ebitmap_destroy(&x->types); 481 } 482 } 483 484 void user_datum_init(user_datum_t * x) 485 { 486 memset(x, 0, sizeof(user_datum_t)); 487 role_set_init(&x->roles); 488 mls_semantic_range_init(&x->range); 489 mls_semantic_level_init(&x->dfltlevel); 490 ebitmap_init(&x->cache); 491 mls_range_init(&x->exp_range); 492 mls_level_init(&x->exp_dfltlevel); 493 } 494 495 void user_datum_destroy(user_datum_t * x) 496 { 497 if (x != NULL) { 498 role_set_destroy(&x->roles); 499 mls_semantic_range_destroy(&x->range); 500 mls_semantic_level_destroy(&x->dfltlevel); 501 ebitmap_destroy(&x->cache); 502 mls_range_destroy(&x->exp_range); 503 mls_level_destroy(&x->exp_dfltlevel); 504 } 505 } 506 507 void level_datum_init(level_datum_t * x) 508 { 509 memset(x, 0, sizeof(level_datum_t)); 510 } 511 512 void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 513 { 514 /* the mls_level_t referenced by the level_datum is managed 515 * separately for now, so there is nothing to destroy */ 516 return; 517 } 518 519 void cat_datum_init(cat_datum_t * x) 520 { 521 memset(x, 0, sizeof(cat_datum_t)); 522 } 523 524 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 525 { 526 /* it's currently a simple struct - really nothing to destroy */ 527 return; 528 } 529 530 void class_perm_node_init(class_perm_node_t * x) 531 { 532 memset(x, 0, sizeof(class_perm_node_t)); 533 } 534 535 void avrule_init(avrule_t * x) 536 { 537 memset(x, 0, sizeof(avrule_t)); 538 type_set_init(&x->stypes); 539 type_set_init(&x->ttypes); 540 } 541 542 void avrule_destroy(avrule_t * x) 543 { 544 class_perm_node_t *cur, *next; 545 546 if (x == NULL) { 547 return; 548 } 549 type_set_destroy(&x->stypes); 550 type_set_destroy(&x->ttypes); 551 552 free(x->source_filename); 553 554 next = x->perms; 555 while (next) { 556 cur = next; 557 next = cur->next; 558 free(cur); 559 } 560 } 561 562 void role_trans_rule_init(role_trans_rule_t * x) 563 { 564 memset(x, 0, sizeof(*x)); 565 role_set_init(&x->roles); 566 type_set_init(&x->types); 567 ebitmap_init(&x->classes); 568 } 569 570 void role_trans_rule_destroy(role_trans_rule_t * x) 571 { 572 if (x != NULL) { 573 role_set_destroy(&x->roles); 574 type_set_destroy(&x->types); 575 ebitmap_destroy(&x->classes); 576 } 577 } 578 579 void role_trans_rule_list_destroy(role_trans_rule_t * x) 580 { 581 while (x != NULL) { 582 role_trans_rule_t *next = x->next; 583 role_trans_rule_destroy(x); 584 free(x); 585 x = next; 586 } 587 } 588 589 void filename_trans_rule_init(filename_trans_rule_t * x) 590 { 591 memset(x, 0, sizeof(*x)); 592 type_set_init(&x->stypes); 593 type_set_init(&x->ttypes); 594 } 595 596 static void filename_trans_rule_destroy(filename_trans_rule_t * x) 597 { 598 if (!x) 599 return; 600 type_set_destroy(&x->stypes); 601 type_set_destroy(&x->ttypes); 602 free(x->name); 603 } 604 605 void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 606 { 607 filename_trans_rule_t *next; 608 while (x) { 609 next = x->next; 610 filename_trans_rule_destroy(x); 611 free(x); 612 x = next; 613 } 614 } 615 616 void role_allow_rule_init(role_allow_rule_t * x) 617 { 618 memset(x, 0, sizeof(role_allow_rule_t)); 619 role_set_init(&x->roles); 620 role_set_init(&x->new_roles); 621 } 622 623 void role_allow_rule_destroy(role_allow_rule_t * x) 624 { 625 role_set_destroy(&x->roles); 626 role_set_destroy(&x->new_roles); 627 } 628 629 void role_allow_rule_list_destroy(role_allow_rule_t * x) 630 { 631 while (x != NULL) { 632 role_allow_rule_t *next = x->next; 633 role_allow_rule_destroy(x); 634 free(x); 635 x = next; 636 } 637 } 638 639 void range_trans_rule_init(range_trans_rule_t * x) 640 { 641 type_set_init(&x->stypes); 642 type_set_init(&x->ttypes); 643 ebitmap_init(&x->tclasses); 644 mls_semantic_range_init(&x->trange); 645 x->next = NULL; 646 } 647 648 void range_trans_rule_destroy(range_trans_rule_t * x) 649 { 650 type_set_destroy(&x->stypes); 651 type_set_destroy(&x->ttypes); 652 ebitmap_destroy(&x->tclasses); 653 mls_semantic_range_destroy(&x->trange); 654 } 655 656 void range_trans_rule_list_destroy(range_trans_rule_t * x) 657 { 658 while (x != NULL) { 659 range_trans_rule_t *next = x->next; 660 range_trans_rule_destroy(x); 661 free(x); 662 x = next; 663 } 664 } 665 666 void avrule_list_destroy(avrule_t * x) 667 { 668 avrule_t *next, *cur; 669 670 if (!x) 671 return; 672 673 next = x; 674 while (next) { 675 cur = next; 676 next = next->next; 677 avrule_destroy(cur); 678 free(cur); 679 } 680 } 681 682 /* 683 * Initialize the role table by implicitly adding role 'object_r'. If 684 * the policy is a module, set object_r's scope to be SCOPE_REQ, 685 * otherwise set it to SCOPE_DECL. 686 */ 687 static int roles_init(policydb_t * p) 688 { 689 char *key = 0; 690 int rc; 691 role_datum_t *role; 692 693 role = calloc(1, sizeof(role_datum_t)); 694 if (!role) { 695 rc = -ENOMEM; 696 goto out; 697 } 698 key = malloc(strlen(OBJECT_R) + 1); 699 if (!key) { 700 rc = -ENOMEM; 701 goto out_free_role; 702 } 703 strcpy(key, OBJECT_R); 704 rc = symtab_insert(p, SYM_ROLES, key, role, 705 (p->policy_type == 706 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 707 &role->s.value); 708 if (rc) 709 goto out_free_key; 710 if (role->s.value != OBJECT_R_VAL) { 711 rc = -EINVAL; 712 goto out_free_role; 713 } 714 out: 715 return rc; 716 717 out_free_key: 718 free(key); 719 out_free_role: 720 free(role); 721 goto out; 722 } 723 724 /* 725 * Initialize a policy database structure. 726 */ 727 int policydb_init(policydb_t * p) 728 { 729 int i, rc; 730 731 memset(p, 0, sizeof(policydb_t)); 732 733 ebitmap_init(&p->policycaps); 734 735 ebitmap_init(&p->permissive_map); 736 737 for (i = 0; i < SYM_NUM; i++) { 738 p->sym_val_to_name[i] = NULL; 739 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 740 if (rc) 741 goto out_free_symtab; 742 } 743 744 /* initialize the module stuff */ 745 for (i = 0; i < SYM_NUM; i++) { 746 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 747 goto out_free_symtab; 748 } 749 } 750 if ((p->global = avrule_block_create()) == NULL || 751 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 752 goto out_free_symtab; 753 } 754 p->decl_val_to_struct = NULL; 755 756 rc = avtab_init(&p->te_avtab); 757 if (rc) 758 goto out_free_symtab; 759 760 rc = roles_init(p); 761 if (rc) 762 goto out_free_symtab; 763 764 rc = cond_policydb_init(p); 765 if (rc) 766 goto out_free_symtab; 767 out: 768 return rc; 769 770 out_free_symtab: 771 for (i = 0; i < SYM_NUM; i++) { 772 hashtab_destroy(p->symtab[i].table); 773 hashtab_destroy(p->scope[i].table); 774 } 775 avrule_block_list_destroy(p->global); 776 goto out; 777 } 778 779 int policydb_role_cache(hashtab_key_t key 780 __attribute__ ((unused)), hashtab_datum_t datum, 781 void *arg) 782 { 783 policydb_t *p; 784 role_datum_t *role; 785 786 role = (role_datum_t *) datum; 787 p = (policydb_t *) arg; 788 789 ebitmap_destroy(&role->cache); 790 if (type_set_expand(&role->types, &role->cache, p, 1)) { 791 return -1; 792 } 793 794 return 0; 795 } 796 797 int policydb_user_cache(hashtab_key_t key 798 __attribute__ ((unused)), hashtab_datum_t datum, 799 void *arg) 800 { 801 policydb_t *p; 802 user_datum_t *user; 803 804 user = (user_datum_t *) datum; 805 p = (policydb_t *) arg; 806 807 ebitmap_destroy(&user->cache); 808 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 809 return -1; 810 } 811 812 /* we do not expand user's MLS info in kernel policies because the 813 * semantic representation is not present and we do not expand user's 814 * MLS info in module policies because all of the necessary mls 815 * information is not present */ 816 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 817 mls_range_destroy(&user->exp_range); 818 if (mls_semantic_range_expand(&user->range, 819 &user->exp_range, p, NULL)) { 820 return -1; 821 } 822 823 mls_level_destroy(&user->exp_dfltlevel); 824 if (mls_semantic_level_expand(&user->dfltlevel, 825 &user->exp_dfltlevel, p, NULL)) { 826 return -1; 827 } 828 } 829 830 return 0; 831 } 832 833 /* 834 * The following *_index functions are used to 835 * define the val_to_name and val_to_struct arrays 836 * in a policy database structure. The val_to_name 837 * arrays are used when converting security context 838 * structures into string representations. The 839 * val_to_struct arrays are used when the attributes 840 * of a class, role, or user are needed. 841 */ 842 843 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 844 { 845 policydb_t *p; 846 common_datum_t *comdatum; 847 848 comdatum = (common_datum_t *) datum; 849 p = (policydb_t *) datap; 850 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 851 return -EINVAL; 852 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 853 854 return 0; 855 } 856 857 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 858 { 859 policydb_t *p; 860 class_datum_t *cladatum; 861 862 cladatum = (class_datum_t *) datum; 863 p = (policydb_t *) datap; 864 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 865 return -EINVAL; 866 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 867 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 868 869 return 0; 870 } 871 872 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 873 { 874 policydb_t *p; 875 role_datum_t *role; 876 877 role = (role_datum_t *) datum; 878 p = (policydb_t *) datap; 879 if (!role->s.value || role->s.value > p->p_roles.nprim) 880 return -EINVAL; 881 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 882 p->role_val_to_struct[role->s.value - 1] = role; 883 884 return 0; 885 } 886 887 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 888 { 889 policydb_t *p; 890 type_datum_t *typdatum; 891 892 typdatum = (type_datum_t *) datum; 893 p = (policydb_t *) datap; 894 895 if (typdatum->primary) { 896 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 897 return -EINVAL; 898 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 899 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 900 } 901 902 return 0; 903 } 904 905 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 906 { 907 policydb_t *p; 908 user_datum_t *usrdatum; 909 910 usrdatum = (user_datum_t *) datum; 911 p = (policydb_t *) datap; 912 913 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 914 return -EINVAL; 915 916 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 917 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 918 919 return 0; 920 } 921 922 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 923 { 924 policydb_t *p; 925 level_datum_t *levdatum; 926 927 levdatum = (level_datum_t *) datum; 928 p = (policydb_t *) datap; 929 930 if (!levdatum->isalias) { 931 if (!levdatum->level->sens || 932 levdatum->level->sens > p->p_levels.nprim) 933 return -EINVAL; 934 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 935 } 936 937 return 0; 938 } 939 940 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 941 { 942 policydb_t *p; 943 cat_datum_t *catdatum; 944 945 catdatum = (cat_datum_t *) datum; 946 p = (policydb_t *) datap; 947 948 if (!catdatum->isalias) { 949 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 950 return -EINVAL; 951 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 952 } 953 954 return 0; 955 } 956 957 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 958 void *datap) = { 959 common_index, class_index, role_index, type_index, user_index, 960 cond_index_bool, sens_index, cat_index,}; 961 962 /* 963 * Define the common val_to_name array and the class 964 * val_to_name and val_to_struct arrays in a policy 965 * database structure. 966 */ 967 int policydb_index_classes(policydb_t * p) 968 { 969 free(p->p_common_val_to_name); 970 p->p_common_val_to_name = (char **) 971 malloc(p->p_commons.nprim * sizeof(char *)); 972 if (!p->p_common_val_to_name) 973 return -1; 974 975 if (hashtab_map(p->p_commons.table, common_index, p)) 976 return -1; 977 978 free(p->class_val_to_struct); 979 p->class_val_to_struct = (class_datum_t **) 980 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 981 if (!p->class_val_to_struct) 982 return -1; 983 984 free(p->p_class_val_to_name); 985 p->p_class_val_to_name = (char **) 986 malloc(p->p_classes.nprim * sizeof(char *)); 987 if (!p->p_class_val_to_name) 988 return -1; 989 990 if (hashtab_map(p->p_classes.table, class_index, p)) 991 return -1; 992 993 return 0; 994 } 995 996 int policydb_index_bools(policydb_t * p) 997 { 998 999 if (cond_init_bool_indexes(p) == -1) 1000 return -1; 1001 p->p_bool_val_to_name = (char **) 1002 malloc(p->p_bools.nprim * sizeof(char *)); 1003 if (!p->p_bool_val_to_name) 1004 return -1; 1005 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 1006 return -1; 1007 return 0; 1008 } 1009 1010 int policydb_index_decls(policydb_t * p) 1011 { 1012 avrule_block_t *curblock; 1013 avrule_decl_t *decl; 1014 int num_decls = 0; 1015 1016 free(p->decl_val_to_struct); 1017 1018 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1019 for (decl = curblock->branch_list; decl != NULL; 1020 decl = decl->next) { 1021 num_decls++; 1022 } 1023 } 1024 1025 p->decl_val_to_struct = 1026 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 1027 if (!p->decl_val_to_struct) { 1028 return -1; 1029 } 1030 1031 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1032 for (decl = curblock->branch_list; decl != NULL; 1033 decl = decl->next) { 1034 p->decl_val_to_struct[decl->decl_id - 1] = decl; 1035 } 1036 } 1037 1038 return 0; 1039 } 1040 1041 /* 1042 * Define the other val_to_name and val_to_struct arrays 1043 * in a policy database structure. 1044 */ 1045 int policydb_index_others(sepol_handle_t * handle, 1046 policydb_t * p, unsigned verbose) 1047 { 1048 int i; 1049 1050 if (verbose) { 1051 INFO(handle, 1052 "security: %d users, %d roles, %d types, %d bools", 1053 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 1054 p->p_bools.nprim); 1055 1056 if (p->mls) 1057 INFO(handle, "security: %d sens, %d cats", 1058 p->p_levels.nprim, p->p_cats.nprim); 1059 1060 INFO(handle, "security: %d classes, %d rules, %d cond rules", 1061 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 1062 } 1063 #if 0 1064 avtab_hash_eval(&p->te_avtab, "rules"); 1065 for (i = 0; i < SYM_NUM; i++) 1066 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 1067 #endif 1068 1069 free(p->role_val_to_struct); 1070 p->role_val_to_struct = (role_datum_t **) 1071 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 1072 if (!p->role_val_to_struct) 1073 return -1; 1074 1075 free(p->user_val_to_struct); 1076 p->user_val_to_struct = (user_datum_t **) 1077 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 1078 if (!p->user_val_to_struct) 1079 return -1; 1080 1081 free(p->type_val_to_struct); 1082 p->type_val_to_struct = (type_datum_t **) 1083 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1084 if (!p->type_val_to_struct) 1085 return -1; 1086 1087 cond_init_bool_indexes(p); 1088 1089 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1090 free(p->sym_val_to_name[i]); 1091 p->sym_val_to_name[i] = NULL; 1092 if (p->symtab[i].nprim) { 1093 p->sym_val_to_name[i] = (char **) 1094 calloc(p->symtab[i].nprim, sizeof(char *)); 1095 if (!p->sym_val_to_name[i]) 1096 return -1; 1097 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1098 return -1; 1099 } 1100 } 1101 1102 /* This pre-expands the roles and users for context validity checking */ 1103 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1104 return -1; 1105 1106 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1107 return -1; 1108 1109 return 0; 1110 } 1111 1112 /* 1113 * The following *_destroy functions are used to 1114 * free any memory allocated for each kind of 1115 * symbol data in the policy database. 1116 */ 1117 1118 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1119 __attribute__ ((unused))) 1120 { 1121 if (key) 1122 free(key); 1123 free(datum); 1124 return 0; 1125 } 1126 1127 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1128 __attribute__ ((unused))) 1129 { 1130 common_datum_t *comdatum; 1131 1132 if (key) 1133 free(key); 1134 comdatum = (common_datum_t *) datum; 1135 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1136 hashtab_destroy(comdatum->permissions.table); 1137 free(datum); 1138 return 0; 1139 } 1140 1141 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1142 __attribute__ ((unused))) 1143 { 1144 class_datum_t *cladatum; 1145 constraint_node_t *constraint, *ctemp; 1146 constraint_expr_t *e, *etmp; 1147 1148 if (key) 1149 free(key); 1150 cladatum = (class_datum_t *) datum; 1151 if (cladatum == NULL) { 1152 return 0; 1153 } 1154 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1155 hashtab_destroy(cladatum->permissions.table); 1156 constraint = cladatum->constraints; 1157 while (constraint) { 1158 e = constraint->expr; 1159 while (e) { 1160 etmp = e; 1161 e = e->next; 1162 constraint_expr_destroy(etmp); 1163 } 1164 ctemp = constraint; 1165 constraint = constraint->next; 1166 free(ctemp); 1167 } 1168 1169 constraint = cladatum->validatetrans; 1170 while (constraint) { 1171 e = constraint->expr; 1172 while (e) { 1173 etmp = e; 1174 e = e->next; 1175 constraint_expr_destroy(etmp); 1176 } 1177 ctemp = constraint; 1178 constraint = constraint->next; 1179 free(ctemp); 1180 } 1181 1182 if (cladatum->comkey) 1183 free(cladatum->comkey); 1184 free(datum); 1185 return 0; 1186 } 1187 1188 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1189 __attribute__ ((unused))) 1190 { 1191 free(key); 1192 role_datum_destroy((role_datum_t *) datum); 1193 free(datum); 1194 return 0; 1195 } 1196 1197 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1198 __attribute__ ((unused))) 1199 { 1200 free(key); 1201 type_datum_destroy((type_datum_t *) datum); 1202 free(datum); 1203 return 0; 1204 } 1205 1206 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1207 __attribute__ ((unused))) 1208 { 1209 free(key); 1210 user_datum_destroy((user_datum_t *) datum); 1211 free(datum); 1212 return 0; 1213 } 1214 1215 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1216 __attribute__ ((unused))) 1217 { 1218 level_datum_t *levdatum; 1219 1220 if (key) 1221 free(key); 1222 levdatum = (level_datum_t *) datum; 1223 mls_level_destroy(levdatum->level); 1224 free(levdatum->level); 1225 level_datum_destroy(levdatum); 1226 free(levdatum); 1227 return 0; 1228 } 1229 1230 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1231 __attribute__ ((unused))) 1232 { 1233 if (key) 1234 free(key); 1235 cat_datum_destroy((cat_datum_t *) datum); 1236 free(datum); 1237 return 0; 1238 } 1239 1240 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1241 void *datap) = { 1242 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1243 cond_destroy_bool, sens_destroy, cat_destroy,}; 1244 1245 void ocontext_selinux_free(ocontext_t **ocontexts) 1246 { 1247 ocontext_t *c, *ctmp; 1248 int i; 1249 1250 for (i = 0; i < OCON_NUM; i++) { 1251 c = ocontexts[i]; 1252 while (c) { 1253 ctmp = c; 1254 c = c->next; 1255 context_destroy(&ctmp->context[0]); 1256 context_destroy(&ctmp->context[1]); 1257 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1258 || i == OCON_FSUSE) 1259 free(ctmp->u.name); 1260 free(ctmp); 1261 } 1262 } 1263 } 1264 1265 void ocontext_xen_free(ocontext_t **ocontexts) 1266 { 1267 ocontext_t *c, *ctmp; 1268 int i; 1269 1270 for (i = 0; i < OCON_NUM; i++) { 1271 c = ocontexts[i]; 1272 while (c) { 1273 ctmp = c; 1274 c = c->next; 1275 context_destroy(&ctmp->context[0]); 1276 context_destroy(&ctmp->context[1]); 1277 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE) 1278 free(ctmp->u.name); 1279 free(ctmp); 1280 } 1281 } 1282 } 1283 1284 /* 1285 * Free any memory allocated by a policy database structure. 1286 */ 1287 void policydb_destroy(policydb_t * p) 1288 { 1289 ocontext_t *c, *ctmp; 1290 genfs_t *g, *gtmp; 1291 unsigned int i; 1292 role_allow_t *ra, *lra = NULL; 1293 role_trans_t *tr, *ltr = NULL; 1294 range_trans_t *rt, *lrt = NULL; 1295 filename_trans_t *ft, *nft; 1296 1297 if (!p) 1298 return; 1299 1300 ebitmap_destroy(&p->policycaps); 1301 1302 ebitmap_destroy(&p->permissive_map); 1303 1304 symtabs_destroy(p->symtab); 1305 1306 for (i = 0; i < SYM_NUM; i++) { 1307 if (p->sym_val_to_name[i]) 1308 free(p->sym_val_to_name[i]); 1309 } 1310 1311 if (p->class_val_to_struct) 1312 free(p->class_val_to_struct); 1313 if (p->role_val_to_struct) 1314 free(p->role_val_to_struct); 1315 if (p->user_val_to_struct) 1316 free(p->user_val_to_struct); 1317 if (p->type_val_to_struct) 1318 free(p->type_val_to_struct); 1319 free(p->decl_val_to_struct); 1320 1321 for (i = 0; i < SYM_NUM; i++) { 1322 (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 1323 hashtab_destroy(p->scope[i].table); 1324 } 1325 avrule_block_list_destroy(p->global); 1326 free(p->name); 1327 free(p->version); 1328 1329 avtab_destroy(&p->te_avtab); 1330 1331 if (p->target_platform == SEPOL_TARGET_SELINUX) 1332 ocontext_selinux_free(p->ocontexts); 1333 else if (p->target_platform == SEPOL_TARGET_XEN) 1334 ocontext_xen_free(p->ocontexts); 1335 1336 g = p->genfs; 1337 while (g) { 1338 free(g->fstype); 1339 c = g->head; 1340 while (c) { 1341 ctmp = c; 1342 c = c->next; 1343 context_destroy(&ctmp->context[0]); 1344 free(ctmp->u.name); 1345 free(ctmp); 1346 } 1347 gtmp = g; 1348 g = g->next; 1349 free(gtmp); 1350 } 1351 cond_policydb_destroy(p); 1352 1353 for (tr = p->role_tr; tr; tr = tr->next) { 1354 if (ltr) 1355 free(ltr); 1356 ltr = tr; 1357 } 1358 if (ltr) 1359 free(ltr); 1360 1361 ft = p->filename_trans; 1362 while (ft) { 1363 nft = ft->next; 1364 free(ft->name); 1365 free(ft); 1366 ft = nft; 1367 } 1368 1369 for (ra = p->role_allow; ra; ra = ra->next) { 1370 if (lra) 1371 free(lra); 1372 lra = ra; 1373 } 1374 if (lra) 1375 free(lra); 1376 1377 for (rt = p->range_tr; rt; rt = rt->next) { 1378 if (lrt) { 1379 ebitmap_destroy(&lrt->target_range.level[0].cat); 1380 ebitmap_destroy(&lrt->target_range.level[1].cat); 1381 free(lrt); 1382 } 1383 lrt = rt; 1384 } 1385 if (lrt) { 1386 ebitmap_destroy(&lrt->target_range.level[0].cat); 1387 ebitmap_destroy(&lrt->target_range.level[1].cat); 1388 free(lrt); 1389 } 1390 1391 if (p->type_attr_map) { 1392 for (i = 0; i < p->p_types.nprim; i++) { 1393 ebitmap_destroy(&p->type_attr_map[i]); 1394 } 1395 free(p->type_attr_map); 1396 } 1397 1398 if (p->attr_type_map) { 1399 for (i = 0; i < p->p_types.nprim; i++) { 1400 ebitmap_destroy(&p->attr_type_map[i]); 1401 } 1402 free(p->attr_type_map); 1403 } 1404 1405 return; 1406 } 1407 1408 void symtabs_destroy(symtab_t * symtab) 1409 { 1410 int i; 1411 for (i = 0; i < SYM_NUM; i++) { 1412 (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 1413 hashtab_destroy(symtab[i].table); 1414 } 1415 } 1416 1417 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1418 __attribute__ ((unused))) 1419 { 1420 scope_datum_t *cur = (scope_datum_t *) datum; 1421 free(key); 1422 if (cur != NULL) { 1423 free(cur->decl_ids); 1424 } 1425 free(cur); 1426 return 0; 1427 } 1428 1429 hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1430 { 1431 if (sym_num < 0 || sym_num >= SYM_NUM) { 1432 return NULL; 1433 } 1434 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1435 } 1436 1437 /* 1438 * Load the initial SIDs specified in a policy database 1439 * structure into a SID table. 1440 */ 1441 int policydb_load_isids(policydb_t * p, sidtab_t * s) 1442 { 1443 ocontext_t *head, *c; 1444 1445 if (sepol_sidtab_init(s)) { 1446 ERR(NULL, "out of memory on SID table init"); 1447 return -1; 1448 } 1449 1450 head = p->ocontexts[OCON_ISID]; 1451 for (c = head; c; c = c->next) { 1452 if (!c->context[0].user) { 1453 ERR(NULL, "SID %s was never defined", c->u.name); 1454 return -1; 1455 } 1456 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1457 ERR(NULL, "unable to load initial SID %s", c->u.name); 1458 return -1; 1459 } 1460 } 1461 1462 return 0; 1463 } 1464 1465 /* Declare a symbol for a certain avrule_block context. Insert it 1466 * into a symbol table for a policy. This function will handle 1467 * inserting the appropriate scope information in addition to 1468 * inserting the symbol into the hash table. 1469 * 1470 * arguments: 1471 * policydb_t *pol module policy to modify 1472 * uint32_t sym the symbole table for insertion (SYM_*) 1473 * hashtab_key_t key the key for the symbol - not cloned 1474 * hashtab_datum_t data the data for the symbol - not cloned 1475 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1476 * avrule_decl_id identifier for this symbol's encapsulating declaration 1477 * value (out) assigned value to the symbol (if value is not NULL) 1478 * 1479 * returns: 1480 * 0 success 1481 * 1 success, but symbol already existed as a requirement 1482 * (datum was not inserted and needs to be free()d) 1483 * -1 general error 1484 * -2 scope conflicted 1485 * -ENOMEM memory error 1486 * error codes from hashtab_insert 1487 */ 1488 int symtab_insert(policydb_t * pol, uint32_t sym, 1489 hashtab_key_t key, hashtab_datum_t datum, 1490 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1491 { 1492 int rc, retval = 0; 1493 unsigned int i; 1494 scope_datum_t *scope_datum; 1495 1496 /* check if the symbol is already there. multiple 1497 * declarations of non-roles/non-users are illegal, but 1498 * multiple requires are allowed. */ 1499 1500 /* FIX ME - the failures after the hashtab_insert will leave 1501 * the policy in a inconsistent state. */ 1502 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1503 if (rc == SEPOL_OK) { 1504 /* if no value is passed in the symbol is not primary 1505 * (i.e. aliases) */ 1506 if (value) 1507 *value = ++pol->symtab[sym].nprim; 1508 } else if (rc == SEPOL_EEXIST) { 1509 retval = 1; /* symbol not added -- need to free() later */ 1510 } else { 1511 return rc; 1512 } 1513 1514 /* get existing scope information; if there is not one then 1515 * create it */ 1516 scope_datum = 1517 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1518 if (scope_datum == NULL) { 1519 hashtab_key_t key2 = strdup((char *)key); 1520 if (!key2) 1521 return -ENOMEM; 1522 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1523 free(key2); 1524 return -ENOMEM; 1525 } 1526 scope_datum->scope = scope; 1527 scope_datum->decl_ids = NULL; 1528 scope_datum->decl_ids_len = 0; 1529 if ((rc = 1530 hashtab_insert(pol->scope[sym].table, key2, 1531 scope_datum)) != 0) { 1532 free(key2); 1533 free(scope_datum); 1534 return rc; 1535 } 1536 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1537 /* disallow multiple declarations for non-roles/users */ 1538 if (sym != SYM_ROLES && sym != SYM_USERS) { 1539 return -2; 1540 } 1541 /* Further confine that a role attribute can't have the same 1542 * name as another regular role, and a role attribute can't 1543 * be declared more than once. */ 1544 if (sym == SYM_ROLES) { 1545 role_datum_t *base_role; 1546 role_datum_t *cur_role = (role_datum_t *)datum; 1547 1548 base_role = (role_datum_t *) 1549 hashtab_search(pol->symtab[sym].table, 1550 key); 1551 assert(base_role != NULL); 1552 1553 if (!((base_role->flavor == ROLE_ROLE) && 1554 (cur_role->flavor == ROLE_ROLE))) { 1555 /* Only regular roles are allowed to have 1556 * multiple declarations. */ 1557 return -2; 1558 } 1559 } 1560 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1561 scope_datum->scope = SCOPE_DECL; 1562 } else if (scope_datum->scope != scope) { 1563 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1564 return -2; 1565 } 1566 1567 /* search through the pre-existing list to avoid adding duplicates */ 1568 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1569 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1570 /* already there, so don't modify its scope */ 1571 return retval; 1572 } 1573 } 1574 1575 if (add_i_to_a(avrule_decl_id, 1576 &scope_datum->decl_ids_len, 1577 &scope_datum->decl_ids) == -1) { 1578 return -ENOMEM; 1579 } 1580 1581 return retval; 1582 } 1583 1584 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1585 { 1586 type_set_init(dst); 1587 1588 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1589 return -1; 1590 } 1591 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1592 return -1; 1593 } 1594 1595 dst->flags |= a->flags; 1596 dst->flags |= b->flags; 1597 1598 return 0; 1599 } 1600 1601 int type_set_cpy(type_set_t * dst, type_set_t * src) 1602 { 1603 type_set_init(dst); 1604 1605 dst->flags = src->flags; 1606 if (ebitmap_cpy(&dst->types, &src->types)) 1607 return -1; 1608 if (ebitmap_cpy(&dst->negset, &src->negset)) 1609 return -1; 1610 1611 return 0; 1612 } 1613 1614 int type_set_or_eq(type_set_t * dst, type_set_t * other) 1615 { 1616 int ret; 1617 type_set_t tmp; 1618 1619 if (type_set_or(&tmp, dst, other)) 1620 return -1; 1621 type_set_destroy(dst); 1622 ret = type_set_cpy(dst, &tmp); 1623 type_set_destroy(&tmp); 1624 1625 return ret; 1626 } 1627 1628 int role_set_get_role(role_set_t * x, uint32_t role) 1629 { 1630 if (x->flags & ROLE_STAR) 1631 return 1; 1632 1633 if (ebitmap_get_bit(&x->roles, role - 1)) { 1634 if (x->flags & ROLE_COMP) 1635 return 0; 1636 else 1637 return 1; 1638 } else { 1639 if (x->flags & ROLE_COMP) 1640 return 1; 1641 else 1642 return 0; 1643 } 1644 } 1645 1646 /***********************************************************************/ 1647 /* everything below is for policy reads */ 1648 1649 /* The following are read functions for module structures */ 1650 1651 static int role_set_read(role_set_t * r, struct policy_file *fp) 1652 { 1653 uint32_t buf[1]; 1654 int rc; 1655 1656 if (ebitmap_read(&r->roles, fp)) 1657 return -1; 1658 rc = next_entry(buf, fp, sizeof(uint32_t)); 1659 if (rc < 0) 1660 return -1; 1661 r->flags = le32_to_cpu(buf[0]); 1662 1663 return 0; 1664 } 1665 1666 static int type_set_read(type_set_t * t, struct policy_file *fp) 1667 { 1668 uint32_t buf[1]; 1669 int rc; 1670 1671 if (ebitmap_read(&t->types, fp)) 1672 return -1; 1673 if (ebitmap_read(&t->negset, fp)) 1674 return -1; 1675 1676 rc = next_entry(buf, fp, sizeof(uint32_t)); 1677 if (rc < 0) 1678 return -1; 1679 t->flags = le32_to_cpu(buf[0]); 1680 1681 return 0; 1682 } 1683 1684 /* 1685 * Read a MLS range structure from a policydb binary 1686 * representation file. 1687 */ 1688 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1689 { 1690 uint32_t buf[2], items; 1691 int rc; 1692 1693 rc = next_entry(buf, fp, sizeof(uint32_t)); 1694 if (rc < 0) 1695 goto out; 1696 1697 items = le32_to_cpu(buf[0]); 1698 if (items > ARRAY_SIZE(buf)) { 1699 ERR(fp->handle, "range overflow"); 1700 rc = -EINVAL; 1701 goto out; 1702 } 1703 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1704 if (rc < 0) { 1705 ERR(fp->handle, "truncated range"); 1706 goto out; 1707 } 1708 r->level[0].sens = le32_to_cpu(buf[0]); 1709 if (items > 1) 1710 r->level[1].sens = le32_to_cpu(buf[1]); 1711 else 1712 r->level[1].sens = r->level[0].sens; 1713 1714 rc = ebitmap_read(&r->level[0].cat, fp); 1715 if (rc) { 1716 ERR(fp->handle, "error reading low categories"); 1717 goto out; 1718 } 1719 if (items > 1) { 1720 rc = ebitmap_read(&r->level[1].cat, fp); 1721 if (rc) { 1722 ERR(fp->handle, "error reading high categories"); 1723 goto bad_high; 1724 } 1725 } else { 1726 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1727 if (rc) { 1728 ERR(fp->handle, "out of memory"); 1729 goto bad_high; 1730 } 1731 } 1732 1733 rc = 0; 1734 out: 1735 return rc; 1736 bad_high: 1737 ebitmap_destroy(&r->level[0].cat); 1738 goto out; 1739 } 1740 1741 /* 1742 * Read a semantic MLS level structure from a policydb binary 1743 * representation file. 1744 */ 1745 static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1746 struct policy_file *fp) 1747 { 1748 uint32_t buf[2], ncat; 1749 unsigned int i; 1750 mls_semantic_cat_t *cat; 1751 int rc; 1752 1753 mls_semantic_level_init(l); 1754 1755 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1756 if (rc < 0) { 1757 ERR(fp->handle, "truncated level"); 1758 goto bad; 1759 } 1760 l->sens = le32_to_cpu(buf[0]); 1761 1762 ncat = le32_to_cpu(buf[1]); 1763 for (i = 0; i < ncat; i++) { 1764 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1765 if (!cat) { 1766 ERR(fp->handle, "out of memory"); 1767 goto bad; 1768 } 1769 1770 mls_semantic_cat_init(cat); 1771 cat->next = l->cat; 1772 l->cat = cat; 1773 1774 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1775 if (rc < 0) { 1776 ERR(fp->handle, "error reading level categories"); 1777 goto bad; 1778 } 1779 cat->low = le32_to_cpu(buf[0]); 1780 cat->high = le32_to_cpu(buf[1]); 1781 } 1782 1783 return 0; 1784 1785 bad: 1786 return -EINVAL; 1787 } 1788 1789 /* 1790 * Read a semantic MLS range structure from a policydb binary 1791 * representation file. 1792 */ 1793 static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1794 struct policy_file *fp) 1795 { 1796 int rc; 1797 1798 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1799 if (rc) 1800 return rc; 1801 1802 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1803 1804 return rc; 1805 } 1806 1807 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1808 { 1809 unsigned int i; 1810 ebitmap_node_t *cnode; 1811 mls_semantic_cat_t *open_cat = NULL; 1812 1813 mls_semantic_level_init(sl); 1814 sl->sens = l->sens; 1815 ebitmap_for_each_bit(&l->cat, cnode, i) { 1816 if (ebitmap_node_get_bit(cnode, i)) { 1817 if (open_cat) 1818 continue; 1819 open_cat = (mls_semantic_cat_t *) 1820 malloc(sizeof(mls_semantic_cat_t)); 1821 if (!open_cat) 1822 return -1; 1823 1824 mls_semantic_cat_init(open_cat); 1825 open_cat->low = i + 1; 1826 open_cat->next = sl->cat; 1827 sl->cat = open_cat; 1828 } else { 1829 if (!open_cat) 1830 continue; 1831 open_cat->high = i; 1832 open_cat = NULL; 1833 } 1834 } 1835 if (open_cat) 1836 open_cat->high = i; 1837 1838 return 0; 1839 } 1840 1841 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1842 { 1843 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1844 return -1; 1845 1846 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1847 return -1; 1848 1849 return 0; 1850 } 1851 1852 /* 1853 * Read and validate a security context structure 1854 * from a policydb binary representation file. 1855 */ 1856 static int context_read_and_validate(context_struct_t * c, 1857 policydb_t * p, struct policy_file *fp) 1858 { 1859 uint32_t buf[3]; 1860 int rc; 1861 1862 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1863 if (rc < 0) { 1864 ERR(fp->handle, "context truncated"); 1865 return -1; 1866 } 1867 c->user = le32_to_cpu(buf[0]); 1868 c->role = le32_to_cpu(buf[1]); 1869 c->type = le32_to_cpu(buf[2]); 1870 if ((p->policy_type == POLICY_KERN 1871 && p->policyvers >= POLICYDB_VERSION_MLS) 1872 || (p->policy_type == POLICY_BASE 1873 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1874 if (mls_read_range_helper(&c->range, fp)) { 1875 ERR(fp->handle, "error reading MLS range " 1876 "of context"); 1877 return -1; 1878 } 1879 } 1880 1881 if (!policydb_context_isvalid(p, c)) { 1882 ERR(fp->handle, "invalid security context"); 1883 context_destroy(c); 1884 return -1; 1885 } 1886 return 0; 1887 } 1888 1889 /* 1890 * The following *_read functions are used to 1891 * read the symbol data from a policy database 1892 * binary representation file. 1893 */ 1894 1895 static int perm_read(policydb_t * p 1896 __attribute__ ((unused)), hashtab_t h, 1897 struct policy_file *fp) 1898 { 1899 char *key = 0; 1900 perm_datum_t *perdatum; 1901 uint32_t buf[2]; 1902 size_t len; 1903 int rc; 1904 1905 perdatum = calloc(1, sizeof(perm_datum_t)); 1906 if (!perdatum) 1907 return -1; 1908 1909 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1910 if (rc < 0) 1911 goto bad; 1912 1913 len = le32_to_cpu(buf[0]); 1914 perdatum->s.value = le32_to_cpu(buf[1]); 1915 1916 key = malloc(len + 1); 1917 if (!key) 1918 goto bad; 1919 rc = next_entry(key, fp, len); 1920 if (rc < 0) 1921 goto bad; 1922 key[len] = 0; 1923 1924 if (hashtab_insert(h, key, perdatum)) 1925 goto bad; 1926 1927 return 0; 1928 1929 bad: 1930 perm_destroy(key, perdatum, NULL); 1931 return -1; 1932 } 1933 1934 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1935 { 1936 char *key = 0; 1937 common_datum_t *comdatum; 1938 uint32_t buf[4]; 1939 size_t len, nel; 1940 unsigned int i; 1941 int rc; 1942 1943 comdatum = calloc(1, sizeof(common_datum_t)); 1944 if (!comdatum) 1945 return -1; 1946 1947 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1948 if (rc < 0) 1949 goto bad; 1950 1951 len = le32_to_cpu(buf[0]); 1952 comdatum->s.value = le32_to_cpu(buf[1]); 1953 1954 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1955 goto bad; 1956 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1957 nel = le32_to_cpu(buf[3]); 1958 1959 key = malloc(len + 1); 1960 if (!key) 1961 goto bad; 1962 rc = next_entry(key, fp, len); 1963 if (rc < 0) 1964 goto bad; 1965 key[len] = 0; 1966 1967 for (i = 0; i < nel; i++) { 1968 if (perm_read(p, comdatum->permissions.table, fp)) 1969 goto bad; 1970 } 1971 1972 if (hashtab_insert(h, key, comdatum)) 1973 goto bad; 1974 1975 return 0; 1976 1977 bad: 1978 common_destroy(key, comdatum, NULL); 1979 return -1; 1980 } 1981 1982 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1983 unsigned int ncons, 1984 int allowxtarget, struct policy_file *fp) 1985 { 1986 constraint_node_t *c, *lc; 1987 constraint_expr_t *e, *le; 1988 uint32_t buf[3]; 1989 size_t nexpr; 1990 unsigned int i, j; 1991 int rc, depth; 1992 1993 lc = NULL; 1994 for (i = 0; i < ncons; i++) { 1995 c = calloc(1, sizeof(constraint_node_t)); 1996 if (!c) 1997 return -1; 1998 1999 if (lc) 2000 lc->next = c; 2001 else 2002 *nodep = c; 2003 2004 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2005 if (rc < 0) 2006 return -1; 2007 c->permissions = le32_to_cpu(buf[0]); 2008 nexpr = le32_to_cpu(buf[1]); 2009 le = NULL; 2010 depth = -1; 2011 for (j = 0; j < nexpr; j++) { 2012 e = malloc(sizeof(constraint_expr_t)); 2013 if (!e) 2014 return -1; 2015 if (constraint_expr_init(e) == -1) { 2016 free(e); 2017 return -1; 2018 } 2019 if (le) { 2020 le->next = e; 2021 } else { 2022 c->expr = e; 2023 } 2024 2025 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2026 if (rc < 0) 2027 return -1; 2028 e->expr_type = le32_to_cpu(buf[0]); 2029 e->attr = le32_to_cpu(buf[1]); 2030 e->op = le32_to_cpu(buf[2]); 2031 2032 switch (e->expr_type) { 2033 case CEXPR_NOT: 2034 if (depth < 0) 2035 return -1; 2036 break; 2037 case CEXPR_AND: 2038 case CEXPR_OR: 2039 if (depth < 1) 2040 return -1; 2041 depth--; 2042 break; 2043 case CEXPR_ATTR: 2044 if (depth == (CEXPR_MAXDEPTH - 1)) 2045 return -1; 2046 depth++; 2047 break; 2048 case CEXPR_NAMES: 2049 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 2050 return -1; 2051 if (depth == (CEXPR_MAXDEPTH - 1)) 2052 return -1; 2053 depth++; 2054 if (ebitmap_read(&e->names, fp)) 2055 return -1; 2056 if (p->policy_type != POLICY_KERN && 2057 type_set_read(e->type_names, fp)) 2058 return -1; 2059 else if (p->policy_type == POLICY_KERN && 2060 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 2061 type_set_read(e->type_names, fp)) 2062 return -1; 2063 break; 2064 default: 2065 return -1; 2066 } 2067 le = e; 2068 } 2069 if (depth != 0) 2070 return -1; 2071 lc = c; 2072 } 2073 2074 return 0; 2075 } 2076 2077 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2078 { 2079 char *key = 0; 2080 class_datum_t *cladatum; 2081 uint32_t buf[6]; 2082 size_t len, len2, ncons, nel; 2083 unsigned int i; 2084 int rc; 2085 2086 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2087 if (!cladatum) 2088 return -1; 2089 2090 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2091 if (rc < 0) 2092 goto bad; 2093 2094 len = le32_to_cpu(buf[0]); 2095 len2 = le32_to_cpu(buf[1]); 2096 cladatum->s.value = le32_to_cpu(buf[2]); 2097 2098 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2099 goto bad; 2100 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2101 nel = le32_to_cpu(buf[4]); 2102 2103 ncons = le32_to_cpu(buf[5]); 2104 2105 key = malloc(len + 1); 2106 if (!key) 2107 goto bad; 2108 rc = next_entry(key, fp, len); 2109 if (rc < 0) 2110 goto bad; 2111 key[len] = 0; 2112 2113 if (len2) { 2114 cladatum->comkey = malloc(len2 + 1); 2115 if (!cladatum->comkey) 2116 goto bad; 2117 rc = next_entry(cladatum->comkey, fp, len2); 2118 if (rc < 0) 2119 goto bad; 2120 cladatum->comkey[len2] = 0; 2121 2122 cladatum->comdatum = hashtab_search(p->p_commons.table, 2123 cladatum->comkey); 2124 if (!cladatum->comdatum) { 2125 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2126 goto bad; 2127 } 2128 } 2129 for (i = 0; i < nel; i++) { 2130 if (perm_read(p, cladatum->permissions.table, fp)) 2131 goto bad; 2132 } 2133 2134 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2135 goto bad; 2136 2137 if ((p->policy_type == POLICY_KERN 2138 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2139 || (p->policy_type == POLICY_BASE 2140 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2141 /* grab the validatetrans rules */ 2142 rc = next_entry(buf, fp, sizeof(uint32_t)); 2143 if (rc < 0) 2144 goto bad; 2145 ncons = le32_to_cpu(buf[0]); 2146 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2147 goto bad; 2148 } 2149 2150 if ((p->policy_type == POLICY_KERN && 2151 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 2152 (p->policy_type == POLICY_BASE && 2153 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 2154 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2155 if (rc < 0) 2156 goto bad; 2157 cladatum->default_user = le32_to_cpu(buf[0]); 2158 cladatum->default_role = le32_to_cpu(buf[1]); 2159 cladatum->default_range = le32_to_cpu(buf[2]); 2160 } 2161 2162 if ((p->policy_type == POLICY_KERN && 2163 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2164 (p->policy_type == POLICY_BASE && 2165 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2166 rc = next_entry(buf, fp, sizeof(uint32_t)); 2167 if (rc < 0) 2168 goto bad; 2169 cladatum->default_type = le32_to_cpu(buf[0]); 2170 } 2171 2172 if (hashtab_insert(h, key, cladatum)) 2173 goto bad; 2174 2175 return 0; 2176 2177 bad: 2178 class_destroy(key, cladatum, NULL); 2179 return -1; 2180 } 2181 2182 static int role_read(policydb_t * p 2183 __attribute__ ((unused)), hashtab_t h, 2184 struct policy_file *fp) 2185 { 2186 char *key = 0; 2187 role_datum_t *role; 2188 uint32_t buf[3]; 2189 size_t len; 2190 int rc, to_read = 2; 2191 2192 role = calloc(1, sizeof(role_datum_t)); 2193 if (!role) 2194 return -1; 2195 2196 if (policydb_has_boundary_feature(p)) 2197 to_read = 3; 2198 2199 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2200 if (rc < 0) 2201 goto bad; 2202 2203 len = le32_to_cpu(buf[0]); 2204 role->s.value = le32_to_cpu(buf[1]); 2205 if (policydb_has_boundary_feature(p)) 2206 role->bounds = le32_to_cpu(buf[2]); 2207 2208 key = malloc(len + 1); 2209 if (!key) 2210 goto bad; 2211 rc = next_entry(key, fp, len); 2212 if (rc < 0) 2213 goto bad; 2214 key[len] = 0; 2215 2216 if (ebitmap_read(&role->dominates, fp)) 2217 goto bad; 2218 2219 if (p->policy_type == POLICY_KERN) { 2220 if (ebitmap_read(&role->types.types, fp)) 2221 goto bad; 2222 } else { 2223 if (type_set_read(&role->types, fp)) 2224 goto bad; 2225 } 2226 2227 if (p->policy_type != POLICY_KERN && 2228 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2229 rc = next_entry(buf, fp, sizeof(uint32_t)); 2230 if (rc < 0) 2231 goto bad; 2232 2233 role->flavor = le32_to_cpu(buf[0]); 2234 2235 if (ebitmap_read(&role->roles, fp)) 2236 goto bad; 2237 } 2238 2239 if (strcmp(key, OBJECT_R) == 0) { 2240 if (role->s.value != OBJECT_R_VAL) { 2241 ERR(fp->handle, "role %s has wrong value %d", 2242 OBJECT_R, role->s.value); 2243 role_destroy(key, role, NULL); 2244 return -1; 2245 } 2246 role_destroy(key, role, NULL); 2247 return 0; 2248 } 2249 2250 if (hashtab_insert(h, key, role)) 2251 goto bad; 2252 2253 return 0; 2254 2255 bad: 2256 role_destroy(key, role, NULL); 2257 return -1; 2258 } 2259 2260 static int type_read(policydb_t * p 2261 __attribute__ ((unused)), hashtab_t h, 2262 struct policy_file *fp) 2263 { 2264 char *key = 0; 2265 type_datum_t *typdatum; 2266 uint32_t buf[5]; 2267 size_t len; 2268 int rc, to_read; 2269 int pos = 0; 2270 2271 typdatum = calloc(1, sizeof(type_datum_t)); 2272 if (!typdatum) 2273 return -1; 2274 2275 if (policydb_has_boundary_feature(p)) { 2276 if (p->policy_type != POLICY_KERN 2277 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2278 to_read = 5; 2279 else 2280 to_read = 4; 2281 } 2282 else if (p->policy_type == POLICY_KERN) 2283 to_read = 3; 2284 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2285 to_read = 5; 2286 else 2287 to_read = 4; 2288 2289 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2290 if (rc < 0) 2291 goto bad; 2292 2293 len = le32_to_cpu(buf[pos]); 2294 typdatum->s.value = le32_to_cpu(buf[++pos]); 2295 if (policydb_has_boundary_feature(p)) { 2296 uint32_t properties; 2297 2298 if (p->policy_type != POLICY_KERN 2299 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2300 typdatum->primary = le32_to_cpu(buf[++pos]); 2301 properties = le32_to_cpu(buf[++pos]); 2302 } 2303 else { 2304 properties = le32_to_cpu(buf[++pos]); 2305 2306 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2307 typdatum->primary = 1; 2308 } 2309 2310 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2311 typdatum->flavor = TYPE_ATTRIB; 2312 if (properties & TYPEDATUM_PROPERTY_ALIAS 2313 && p->policy_type != POLICY_KERN) 2314 typdatum->flavor = TYPE_ALIAS; 2315 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2316 && p->policy_type != POLICY_KERN) 2317 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2318 2319 typdatum->bounds = le32_to_cpu(buf[++pos]); 2320 } else { 2321 typdatum->primary = le32_to_cpu(buf[++pos]); 2322 if (p->policy_type != POLICY_KERN) { 2323 typdatum->flavor = le32_to_cpu(buf[++pos]); 2324 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2325 typdatum->flags = le32_to_cpu(buf[++pos]); 2326 } 2327 } 2328 2329 if (p->policy_type != POLICY_KERN) { 2330 if (ebitmap_read(&typdatum->types, fp)) 2331 goto bad; 2332 } 2333 2334 key = malloc(len + 1); 2335 if (!key) 2336 goto bad; 2337 rc = next_entry(key, fp, len); 2338 if (rc < 0) 2339 goto bad; 2340 key[len] = 0; 2341 2342 if (hashtab_insert(h, key, typdatum)) 2343 goto bad; 2344 2345 return 0; 2346 2347 bad: 2348 type_destroy(key, typdatum, NULL); 2349 return -1; 2350 } 2351 2352 int role_trans_read(policydb_t *p, struct policy_file *fp) 2353 { 2354 role_trans_t **t = &p->role_tr; 2355 unsigned int i; 2356 uint32_t buf[3], nel; 2357 role_trans_t *tr, *ltr; 2358 int rc; 2359 int new_roletr = (p->policy_type == POLICY_KERN && 2360 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2361 2362 rc = next_entry(buf, fp, sizeof(uint32_t)); 2363 if (rc < 0) 2364 return -1; 2365 nel = le32_to_cpu(buf[0]); 2366 ltr = NULL; 2367 for (i = 0; i < nel; i++) { 2368 tr = calloc(1, sizeof(struct role_trans)); 2369 if (!tr) { 2370 return -1; 2371 } 2372 if (ltr) { 2373 ltr->next = tr; 2374 } else { 2375 *t = tr; 2376 } 2377 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2378 if (rc < 0) 2379 return -1; 2380 tr->role = le32_to_cpu(buf[0]); 2381 tr->type = le32_to_cpu(buf[1]); 2382 tr->new_role = le32_to_cpu(buf[2]); 2383 if (new_roletr) { 2384 rc = next_entry(buf, fp, sizeof(uint32_t)); 2385 if (rc < 0) 2386 return -1; 2387 tr->tclass = le32_to_cpu(buf[0]); 2388 } else 2389 tr->tclass = SECCLASS_PROCESS; 2390 ltr = tr; 2391 } 2392 return 0; 2393 } 2394 2395 int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2396 { 2397 unsigned int i; 2398 uint32_t buf[2], nel; 2399 role_allow_t *ra, *lra; 2400 int rc; 2401 2402 rc = next_entry(buf, fp, sizeof(uint32_t)); 2403 if (rc < 0) 2404 return -1; 2405 nel = le32_to_cpu(buf[0]); 2406 lra = NULL; 2407 for (i = 0; i < nel; i++) { 2408 ra = calloc(1, sizeof(struct role_allow)); 2409 if (!ra) { 2410 return -1; 2411 } 2412 if (lra) { 2413 lra->next = ra; 2414 } else { 2415 *r = ra; 2416 } 2417 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2418 if (rc < 0) 2419 return -1; 2420 ra->role = le32_to_cpu(buf[0]); 2421 ra->new_role = le32_to_cpu(buf[1]); 2422 lra = ra; 2423 } 2424 return 0; 2425 } 2426 2427 int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2428 { 2429 unsigned int i; 2430 uint32_t buf[4], nel, len; 2431 filename_trans_t *ft, *lft; 2432 int rc; 2433 char *name; 2434 2435 rc = next_entry(buf, fp, sizeof(uint32_t)); 2436 if (rc < 0) 2437 return -1; 2438 nel = le32_to_cpu(buf[0]); 2439 2440 lft = NULL; 2441 for (i = 0; i < nel; i++) { 2442 ft = calloc(1, sizeof(struct filename_trans)); 2443 if (!ft) 2444 return -1; 2445 if (lft) 2446 lft->next = ft; 2447 else 2448 *t = ft; 2449 lft = ft; 2450 rc = next_entry(buf, fp, sizeof(uint32_t)); 2451 if (rc < 0) 2452 return -1; 2453 len = le32_to_cpu(buf[0]); 2454 2455 name = calloc(len + 1, sizeof(*name)); 2456 if (!name) 2457 return -1; 2458 2459 ft->name = name; 2460 2461 rc = next_entry(name, fp, len); 2462 if (rc < 0) 2463 return -1; 2464 2465 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2466 if (rc < 0) 2467 return -1; 2468 2469 ft->stype = le32_to_cpu(buf[0]); 2470 ft->ttype = le32_to_cpu(buf[1]); 2471 ft->tclass = le32_to_cpu(buf[2]); 2472 ft->otype = le32_to_cpu(buf[3]); 2473 } 2474 return 0; 2475 } 2476 2477 static int ocontext_read_xen(struct policydb_compat_info *info, 2478 policydb_t *p, struct policy_file *fp) 2479 { 2480 unsigned int i, j; 2481 size_t nel, len; 2482 ocontext_t *l, *c; 2483 uint32_t buf[8]; 2484 int rc; 2485 2486 for (i = 0; i < info->ocon_num; i++) { 2487 rc = next_entry(buf, fp, sizeof(uint32_t)); 2488 if (rc < 0) 2489 return -1; 2490 nel = le32_to_cpu(buf[0]); 2491 l = NULL; 2492 for (j = 0; j < nel; j++) { 2493 c = calloc(1, sizeof(ocontext_t)); 2494 if (!c) 2495 return -1; 2496 if (l) 2497 l->next = c; 2498 else 2499 p->ocontexts[i] = c; 2500 l = c; 2501 switch (i) { 2502 case OCON_XEN_ISID: 2503 rc = next_entry(buf, fp, sizeof(uint32_t)); 2504 if (rc < 0) 2505 return -1; 2506 c->sid[0] = le32_to_cpu(buf[0]); 2507 if (context_read_and_validate 2508 (&c->context[0], p, fp)) 2509 return -1; 2510 break; 2511 case OCON_XEN_PIRQ: 2512 rc = next_entry(buf, fp, sizeof(uint32_t)); 2513 if (rc < 0) 2514 return -1; 2515 c->u.pirq = le32_to_cpu(buf[0]); 2516 if (context_read_and_validate 2517 (&c->context[0], p, fp)) 2518 return -1; 2519 break; 2520 case OCON_XEN_IOPORT: 2521 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2522 if (rc < 0) 2523 return -1; 2524 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2525 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2526 if (context_read_and_validate 2527 (&c->context[0], p, fp)) 2528 return -1; 2529 break; 2530 case OCON_XEN_IOMEM: 2531 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) { 2532 uint64_t b64[2]; 2533 rc = next_entry(b64, fp, sizeof(uint64_t) * 2); 2534 if (rc < 0) 2535 return -1; 2536 c->u.iomem.low_iomem = le64_to_cpu(b64[0]); 2537 c->u.iomem.high_iomem = le64_to_cpu(b64[1]); 2538 } else { 2539 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2540 if (rc < 0) 2541 return -1; 2542 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2543 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2544 } 2545 if (context_read_and_validate 2546 (&c->context[0], p, fp)) 2547 return -1; 2548 break; 2549 case OCON_XEN_PCIDEVICE: 2550 rc = next_entry(buf, fp, sizeof(uint32_t)); 2551 if (rc < 0) 2552 return -1; 2553 c->u.device = le32_to_cpu(buf[0]); 2554 if (context_read_and_validate 2555 (&c->context[0], p, fp)) 2556 return -1; 2557 break; 2558 case OCON_XEN_DEVICETREE: 2559 rc = next_entry(buf, fp, sizeof(uint32_t)); 2560 if (rc < 0) 2561 return -1; 2562 len = le32_to_cpu(buf[0]); 2563 c->u.name = malloc(len + 1); 2564 if (!c->u.name) 2565 return -1; 2566 rc = next_entry(c->u.name, fp, len); 2567 if (rc < 0) 2568 return -1; 2569 c->u.name[len] = 0; 2570 if (context_read_and_validate 2571 (&c->context[0], p, fp)) 2572 return -1; 2573 break; 2574 default: 2575 /* should never get here */ 2576 ERR(fp->handle, "Unknown Xen ocontext"); 2577 return -1; 2578 } 2579 } 2580 } 2581 return 0; 2582 } 2583 static int ocontext_read_selinux(struct policydb_compat_info *info, 2584 policydb_t * p, struct policy_file *fp) 2585 { 2586 unsigned int i, j; 2587 size_t nel, len; 2588 ocontext_t *l, *c; 2589 uint32_t buf[8]; 2590 int rc; 2591 2592 for (i = 0; i < info->ocon_num; i++) { 2593 rc = next_entry(buf, fp, sizeof(uint32_t)); 2594 if (rc < 0) 2595 return -1; 2596 nel = le32_to_cpu(buf[0]); 2597 l = NULL; 2598 for (j = 0; j < nel; j++) { 2599 c = calloc(1, sizeof(ocontext_t)); 2600 if (!c) { 2601 return -1; 2602 } 2603 if (l) { 2604 l->next = c; 2605 } else { 2606 p->ocontexts[i] = c; 2607 } 2608 l = c; 2609 switch (i) { 2610 case OCON_ISID: 2611 rc = next_entry(buf, fp, sizeof(uint32_t)); 2612 if (rc < 0) 2613 return -1; 2614 c->sid[0] = le32_to_cpu(buf[0]); 2615 if (context_read_and_validate 2616 (&c->context[0], p, fp)) 2617 return -1; 2618 break; 2619 case OCON_FS: 2620 case OCON_NETIF: 2621 rc = next_entry(buf, fp, sizeof(uint32_t)); 2622 if (rc < 0) 2623 return -1; 2624 len = le32_to_cpu(buf[0]); 2625 c->u.name = malloc(len + 1); 2626 if (!c->u.name) 2627 return -1; 2628 rc = next_entry(c->u.name, fp, len); 2629 if (rc < 0) 2630 return -1; 2631 c->u.name[len] = 0; 2632 if (context_read_and_validate 2633 (&c->context[0], p, fp)) 2634 return -1; 2635 if (context_read_and_validate 2636 (&c->context[1], p, fp)) 2637 return -1; 2638 break; 2639 case OCON_PORT: 2640 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2641 if (rc < 0) 2642 return -1; 2643 c->u.port.protocol = le32_to_cpu(buf[0]); 2644 c->u.port.low_port = le32_to_cpu(buf[1]); 2645 c->u.port.high_port = le32_to_cpu(buf[2]); 2646 if (context_read_and_validate 2647 (&c->context[0], p, fp)) 2648 return -1; 2649 break; 2650 case OCON_NODE: 2651 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2652 if (rc < 0) 2653 return -1; 2654 c->u.node.addr = buf[0]; /* network order */ 2655 c->u.node.mask = buf[1]; /* network order */ 2656 if (context_read_and_validate 2657 (&c->context[0], p, fp)) 2658 return -1; 2659 break; 2660 case OCON_FSUSE: 2661 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2662 if (rc < 0) 2663 return -1; 2664 c->v.behavior = le32_to_cpu(buf[0]); 2665 len = le32_to_cpu(buf[1]); 2666 c->u.name = malloc(len + 1); 2667 if (!c->u.name) 2668 return -1; 2669 rc = next_entry(c->u.name, fp, len); 2670 if (rc < 0) 2671 return -1; 2672 c->u.name[len] = 0; 2673 if (context_read_and_validate 2674 (&c->context[0], p, fp)) 2675 return -1; 2676 break; 2677 case OCON_NODE6:{ 2678 int k; 2679 2680 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2681 if (rc < 0) 2682 return -1; 2683 for (k = 0; k < 4; k++) 2684 /* network order */ 2685 c->u.node6.addr[k] = buf[k]; 2686 for (k = 0; k < 4; k++) 2687 /* network order */ 2688 c->u.node6.mask[k] = buf[k + 4]; 2689 if (context_read_and_validate 2690 (&c->context[0], p, fp)) 2691 return -1; 2692 break; 2693 } 2694 default:{ 2695 ERR(fp->handle, "Unknown SELinux ocontext"); 2696 return -1; 2697 } 2698 } 2699 } 2700 } 2701 return 0; 2702 } 2703 2704 static int ocontext_read(struct policydb_compat_info *info, 2705 policydb_t *p, struct policy_file *fp) 2706 { 2707 int rc = -1; 2708 switch (p->target_platform) { 2709 case SEPOL_TARGET_SELINUX: 2710 rc = ocontext_read_selinux(info, p, fp); 2711 break; 2712 case SEPOL_TARGET_XEN: 2713 rc = ocontext_read_xen(info, p, fp); 2714 break; 2715 default: 2716 ERR(fp->handle, "Unknown target"); 2717 } 2718 return rc; 2719 } 2720 2721 static int genfs_read(policydb_t * p, struct policy_file *fp) 2722 { 2723 uint32_t buf[1]; 2724 size_t nel, nel2, len, len2; 2725 genfs_t *genfs_p, *newgenfs, *genfs; 2726 unsigned int i, j; 2727 ocontext_t *l, *c, *newc = NULL; 2728 int rc; 2729 2730 rc = next_entry(buf, fp, sizeof(uint32_t)); 2731 if (rc < 0) 2732 goto bad; 2733 nel = le32_to_cpu(buf[0]); 2734 genfs_p = NULL; 2735 for (i = 0; i < nel; i++) { 2736 rc = next_entry(buf, fp, sizeof(uint32_t)); 2737 if (rc < 0) 2738 goto bad; 2739 len = le32_to_cpu(buf[0]); 2740 newgenfs = calloc(1, sizeof(genfs_t)); 2741 if (!newgenfs) 2742 goto bad; 2743 newgenfs->fstype = malloc(len + 1); 2744 if (!newgenfs->fstype) { 2745 free(newgenfs); 2746 goto bad; 2747 } 2748 rc = next_entry(newgenfs->fstype, fp, len); 2749 if (rc < 0) { 2750 free(newgenfs->fstype); 2751 free(newgenfs); 2752 goto bad; 2753 } 2754 newgenfs->fstype[len] = 0; 2755 for (genfs_p = NULL, genfs = p->genfs; genfs; 2756 genfs_p = genfs, genfs = genfs->next) { 2757 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2758 ERR(fp->handle, "dup genfs fstype %s", 2759 newgenfs->fstype); 2760 free(newgenfs->fstype); 2761 free(newgenfs); 2762 goto bad; 2763 } 2764 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2765 break; 2766 } 2767 newgenfs->next = genfs; 2768 if (genfs_p) 2769 genfs_p->next = newgenfs; 2770 else 2771 p->genfs = newgenfs; 2772 rc = next_entry(buf, fp, sizeof(uint32_t)); 2773 if (rc < 0) 2774 goto bad; 2775 nel2 = le32_to_cpu(buf[0]); 2776 for (j = 0; j < nel2; j++) { 2777 newc = calloc(1, sizeof(ocontext_t)); 2778 if (!newc) { 2779 goto bad; 2780 } 2781 rc = next_entry(buf, fp, sizeof(uint32_t)); 2782 if (rc < 0) 2783 goto bad; 2784 len = le32_to_cpu(buf[0]); 2785 newc->u.name = malloc(len + 1); 2786 if (!newc->u.name) { 2787 goto bad; 2788 } 2789 rc = next_entry(newc->u.name, fp, len); 2790 if (rc < 0) 2791 goto bad; 2792 newc->u.name[len] = 0; 2793 rc = next_entry(buf, fp, sizeof(uint32_t)); 2794 if (rc < 0) 2795 goto bad; 2796 newc->v.sclass = le32_to_cpu(buf[0]); 2797 if (context_read_and_validate(&newc->context[0], p, fp)) 2798 goto bad; 2799 for (l = NULL, c = newgenfs->head; c; 2800 l = c, c = c->next) { 2801 if (!strcmp(newc->u.name, c->u.name) && 2802 (!c->v.sclass || !newc->v.sclass || 2803 newc->v.sclass == c->v.sclass)) { 2804 ERR(fp->handle, "dup genfs entry " 2805 "(%s,%s)", newgenfs->fstype, 2806 c->u.name); 2807 goto bad; 2808 } 2809 len = strlen(newc->u.name); 2810 len2 = strlen(c->u.name); 2811 if (len > len2) 2812 break; 2813 } 2814 newc->next = c; 2815 if (l) 2816 l->next = newc; 2817 else 2818 newgenfs->head = newc; 2819 } 2820 } 2821 2822 return 0; 2823 2824 bad: 2825 if (newc) { 2826 context_destroy(&newc->context[0]); 2827 context_destroy(&newc->context[1]); 2828 free(newc->u.name); 2829 free(newc); 2830 } 2831 return -1; 2832 } 2833 2834 /* 2835 * Read a MLS level structure from a policydb binary 2836 * representation file. 2837 */ 2838 static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2839 { 2840 uint32_t buf[1]; 2841 int rc; 2842 2843 mls_level_init(lp); 2844 2845 rc = next_entry(buf, fp, sizeof(uint32_t)); 2846 if (rc < 0) { 2847 ERR(fp->handle, "truncated level"); 2848 goto bad; 2849 } 2850 lp->sens = le32_to_cpu(buf[0]); 2851 2852 if (ebitmap_read(&lp->cat, fp)) { 2853 ERR(fp->handle, "error reading level categories"); 2854 goto bad; 2855 } 2856 return 0; 2857 2858 bad: 2859 return -EINVAL; 2860 } 2861 2862 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2863 { 2864 char *key = 0; 2865 user_datum_t *usrdatum; 2866 uint32_t buf[3]; 2867 size_t len; 2868 int rc, to_read = 2; 2869 2870 usrdatum = calloc(1, sizeof(user_datum_t)); 2871 if (!usrdatum) 2872 return -1; 2873 2874 if (policydb_has_boundary_feature(p)) 2875 to_read = 3; 2876 2877 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2878 if (rc < 0) 2879 goto bad; 2880 2881 len = le32_to_cpu(buf[0]); 2882 usrdatum->s.value = le32_to_cpu(buf[1]); 2883 if (policydb_has_boundary_feature(p)) 2884 usrdatum->bounds = le32_to_cpu(buf[2]); 2885 2886 key = malloc(len + 1); 2887 if (!key) 2888 goto bad; 2889 rc = next_entry(key, fp, len); 2890 if (rc < 0) 2891 goto bad; 2892 key[len] = 0; 2893 2894 if (p->policy_type == POLICY_KERN) { 2895 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2896 goto bad; 2897 } else { 2898 if (role_set_read(&usrdatum->roles, fp)) 2899 goto bad; 2900 } 2901 2902 /* users were not allowed in mls modules before version 2903 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2904 * required - the mls fields will be empty. user declarations in 2905 * non-mls modules will also have empty mls fields */ 2906 if ((p->policy_type == POLICY_KERN 2907 && p->policyvers >= POLICYDB_VERSION_MLS) 2908 || (p->policy_type == POLICY_MOD 2909 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2910 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2911 || (p->policy_type == POLICY_BASE 2912 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2913 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2914 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2915 goto bad; 2916 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2917 goto bad; 2918 if (p->policy_type != POLICY_KERN) { 2919 if (mls_range_to_semantic(&usrdatum->exp_range, 2920 &usrdatum->range)) 2921 goto bad; 2922 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2923 &usrdatum->dfltlevel)) 2924 goto bad; 2925 } 2926 } else if ((p->policy_type == POLICY_MOD 2927 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2928 || (p->policy_type == POLICY_BASE 2929 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2930 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2931 goto bad; 2932 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2933 goto bad; 2934 } 2935 2936 if (hashtab_insert(h, key, usrdatum)) 2937 goto bad; 2938 2939 return 0; 2940 2941 bad: 2942 user_destroy(key, usrdatum, NULL); 2943 return -1; 2944 } 2945 2946 static int sens_read(policydb_t * p 2947 __attribute__ ((unused)), hashtab_t h, 2948 struct policy_file *fp) 2949 { 2950 char *key = 0; 2951 level_datum_t *levdatum; 2952 uint32_t buf[2], len; 2953 int rc; 2954 2955 levdatum = malloc(sizeof(level_datum_t)); 2956 if (!levdatum) 2957 return -1; 2958 level_datum_init(levdatum); 2959 2960 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2961 if (rc < 0) 2962 goto bad; 2963 2964 len = le32_to_cpu(buf[0]); 2965 levdatum->isalias = le32_to_cpu(buf[1]); 2966 2967 key = malloc(len + 1); 2968 if (!key) 2969 goto bad; 2970 rc = next_entry(key, fp, len); 2971 if (rc < 0) 2972 goto bad; 2973 key[len] = 0; 2974 2975 levdatum->level = malloc(sizeof(mls_level_t)); 2976 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2977 goto bad; 2978 2979 if (hashtab_insert(h, key, levdatum)) 2980 goto bad; 2981 2982 return 0; 2983 2984 bad: 2985 sens_destroy(key, levdatum, NULL); 2986 return -1; 2987 } 2988 2989 static int cat_read(policydb_t * p 2990 __attribute__ ((unused)), hashtab_t h, 2991 struct policy_file *fp) 2992 { 2993 char *key = 0; 2994 cat_datum_t *catdatum; 2995 uint32_t buf[3], len; 2996 int rc; 2997 2998 catdatum = malloc(sizeof(cat_datum_t)); 2999 if (!catdatum) 3000 return -1; 3001 cat_datum_init(catdatum); 3002 3003 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 3004 if (rc < 0) 3005 goto bad; 3006 3007 len = le32_to_cpu(buf[0]); 3008 catdatum->s.value = le32_to_cpu(buf[1]); 3009 catdatum->isalias = le32_to_cpu(buf[2]); 3010 3011 key = malloc(len + 1); 3012 if (!key) 3013 goto bad; 3014 rc = next_entry(key, fp, len); 3015 if (rc < 0) 3016 goto bad; 3017 key[len] = 0; 3018 3019 if (hashtab_insert(h, key, catdatum)) 3020 goto bad; 3021 3022 return 0; 3023 3024 bad: 3025 cat_destroy(key, catdatum, NULL); 3026 return -1; 3027 } 3028 3029 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 3030 struct policy_file * fp) = { 3031 common_read, class_read, role_read, type_read, user_read, 3032 cond_read_bool, sens_read, cat_read,}; 3033 3034 /************** module reading functions below **************/ 3035 3036 static avrule_t *avrule_read(policydb_t * p 3037 __attribute__ ((unused)), struct policy_file *fp) 3038 { 3039 unsigned int i; 3040 uint32_t buf[2], len; 3041 class_perm_node_t *cur, *tail = NULL; 3042 avrule_t *avrule; 3043 int rc; 3044 3045 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 3046 if (!avrule) 3047 return NULL; 3048 3049 avrule_init(avrule); 3050 3051 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3052 if (rc < 0) 3053 goto bad; 3054 3055 (avrule)->specified = le32_to_cpu(buf[0]); 3056 (avrule)->flags = le32_to_cpu(buf[1]); 3057 3058 if (type_set_read(&avrule->stypes, fp)) 3059 goto bad; 3060 3061 if (type_set_read(&avrule->ttypes, fp)) 3062 goto bad; 3063 3064 rc = next_entry(buf, fp, sizeof(uint32_t)); 3065 if (rc < 0) 3066 goto bad; 3067 len = le32_to_cpu(buf[0]); 3068 3069 for (i = 0; i < len; i++) { 3070 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 3071 if (!cur) 3072 goto bad; 3073 class_perm_node_init(cur); 3074 3075 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3076 if (rc < 0) { 3077 free(cur); 3078 goto bad; 3079 } 3080 3081 cur->tclass = le32_to_cpu(buf[0]); 3082 cur->data = le32_to_cpu(buf[1]); 3083 3084 if (!tail) { 3085 avrule->perms = cur; 3086 } else { 3087 tail->next = cur; 3088 } 3089 tail = cur; 3090 } 3091 3092 return avrule; 3093 bad: 3094 if (avrule) { 3095 avrule_destroy(avrule); 3096 free(avrule); 3097 } 3098 return NULL; 3099 } 3100 3101 static int range_read(policydb_t * p, struct policy_file *fp) 3102 { 3103 uint32_t buf[2], nel; 3104 range_trans_t *rt, *lrt; 3105 range_trans_rule_t *rtr, *lrtr = NULL; 3106 unsigned int i; 3107 int new_rangetr = (p->policy_type == POLICY_KERN && 3108 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 3109 int rc; 3110 3111 rc = next_entry(buf, fp, sizeof(uint32_t)); 3112 if (rc < 0) 3113 return -1; 3114 nel = le32_to_cpu(buf[0]); 3115 lrt = NULL; 3116 for (i = 0; i < nel; i++) { 3117 rt = calloc(1, sizeof(range_trans_t)); 3118 if (!rt) 3119 return -1; 3120 if (lrt) 3121 lrt->next = rt; 3122 else 3123 p->range_tr = rt; 3124 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3125 if (rc < 0) 3126 return -1; 3127 rt->source_type = le32_to_cpu(buf[0]); 3128 rt->target_type = le32_to_cpu(buf[1]); 3129 if (new_rangetr) { 3130 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3131 if (rc < 0) 3132 return -1; 3133 rt->target_class = le32_to_cpu(buf[0]); 3134 } else 3135 rt->target_class = SECCLASS_PROCESS; 3136 if (mls_read_range_helper(&rt->target_range, fp)) 3137 return -1; 3138 lrt = rt; 3139 } 3140 3141 /* if this is a kernel policy, we are done - otherwise we need to 3142 * convert these structs to range_trans_rule_ts */ 3143 if (p->policy_type == POLICY_KERN) 3144 return 0; 3145 3146 /* create range_trans_rules_ts that correspond to the range_trans_ts 3147 * that were just read in from an older policy */ 3148 for (rt = p->range_tr; rt; rt = rt->next) { 3149 rtr = malloc(sizeof(range_trans_rule_t)); 3150 if (!rtr) { 3151 return -1; 3152 } 3153 range_trans_rule_init(rtr); 3154 3155 if (lrtr) 3156 lrtr->next = rtr; 3157 else 3158 p->global->enabled->range_tr_rules = rtr; 3159 3160 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3161 return -1; 3162 3163 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3164 return -1; 3165 3166 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3167 return -1; 3168 3169 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 3170 return -1; 3171 3172 lrtr = rtr; 3173 } 3174 3175 /* now destroy the range_trans_ts */ 3176 lrt = NULL; 3177 for (rt = p->range_tr; rt; rt = rt->next) { 3178 if (lrt) { 3179 ebitmap_destroy(&lrt->target_range.level[0].cat); 3180 ebitmap_destroy(&lrt->target_range.level[1].cat); 3181 free(lrt); 3182 } 3183 lrt = rt; 3184 } 3185 if (lrt) { 3186 ebitmap_destroy(&lrt->target_range.level[0].cat); 3187 ebitmap_destroy(&lrt->target_range.level[1].cat); 3188 free(lrt); 3189 } 3190 p->range_tr = NULL; 3191 3192 return 0; 3193 } 3194 3195 int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3196 struct policy_file *fp) 3197 { 3198 unsigned int i; 3199 avrule_t *cur, *tail; 3200 uint32_t buf[1], len; 3201 int rc; 3202 3203 *avrules = tail = NULL; 3204 3205 rc = next_entry(buf, fp, sizeof(uint32_t)); 3206 if (rc < 0) { 3207 return -1; 3208 } 3209 len = le32_to_cpu(buf[0]); 3210 3211 for (i = 0; i < len; i++) { 3212 cur = avrule_read(p, fp); 3213 if (!cur) { 3214 return -1; 3215 } 3216 3217 if (!tail) { 3218 *avrules = cur; 3219 } else { 3220 tail->next = cur; 3221 } 3222 tail = cur; 3223 } 3224 3225 return 0; 3226 } 3227 3228 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3229 struct policy_file *fp) 3230 { 3231 uint32_t buf[1], nel; 3232 unsigned int i; 3233 role_trans_rule_t *tr, *ltr; 3234 int rc; 3235 3236 rc = next_entry(buf, fp, sizeof(uint32_t)); 3237 if (rc < 0) 3238 return -1; 3239 nel = le32_to_cpu(buf[0]); 3240 ltr = NULL; 3241 for (i = 0; i < nel; i++) { 3242 tr = malloc(sizeof(role_trans_rule_t)); 3243 if (!tr) { 3244 return -1; 3245 } 3246 role_trans_rule_init(tr); 3247 3248 if (ltr) { 3249 ltr->next = tr; 3250 } else { 3251 *r = tr; 3252 } 3253 3254 if (role_set_read(&tr->roles, fp)) 3255 return -1; 3256 3257 if (type_set_read(&tr->types, fp)) 3258 return -1; 3259 3260 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3261 if (ebitmap_read(&tr->classes, fp)) 3262 return -1; 3263 } else { 3264 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3265 return -1; 3266 } 3267 3268 rc = next_entry(buf, fp, sizeof(uint32_t)); 3269 if (rc < 0) 3270 return -1; 3271 tr->new_role = le32_to_cpu(buf[0]); 3272 ltr = tr; 3273 } 3274 3275 return 0; 3276 } 3277 3278 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3279 { 3280 unsigned int i; 3281 uint32_t buf[1], nel; 3282 role_allow_rule_t *ra, *lra; 3283 int rc; 3284 3285 rc = next_entry(buf, fp, sizeof(uint32_t)); 3286 if (rc < 0) 3287 return -1; 3288 nel = le32_to_cpu(buf[0]); 3289 lra = NULL; 3290 for (i = 0; i < nel; i++) { 3291 ra = malloc(sizeof(role_allow_rule_t)); 3292 if (!ra) { 3293 return -1; 3294 } 3295 role_allow_rule_init(ra); 3296 3297 if (lra) { 3298 lra->next = ra; 3299 } else { 3300 *r = ra; 3301 } 3302 3303 if (role_set_read(&ra->roles, fp)) 3304 return -1; 3305 3306 if (role_set_read(&ra->new_roles, fp)) 3307 return -1; 3308 3309 lra = ra; 3310 } 3311 return 0; 3312 } 3313 3314 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3315 { 3316 uint32_t buf[2], nel; 3317 unsigned int i, len; 3318 filename_trans_rule_t *ftr, *lftr; 3319 int rc; 3320 3321 rc = next_entry(buf, fp, sizeof(uint32_t)); 3322 if (rc < 0) 3323 return -1; 3324 nel = le32_to_cpu(buf[0]); 3325 lftr = NULL; 3326 for (i = 0; i < nel; i++) { 3327 ftr = malloc(sizeof(*ftr)); 3328 if (!ftr) 3329 return -1; 3330 3331 filename_trans_rule_init(ftr); 3332 3333 if (lftr) 3334 lftr->next = ftr; 3335 else 3336 *r = ftr; 3337 lftr = ftr; 3338 3339 rc = next_entry(buf, fp, sizeof(uint32_t)); 3340 if (rc < 0) 3341 return -1; 3342 3343 len = le32_to_cpu(buf[0]); 3344 3345 ftr->name = malloc(len + 1); 3346 if (!ftr->name) 3347 return -1; 3348 3349 rc = next_entry(ftr->name, fp, len); 3350 if (rc) 3351 return -1; 3352 ftr->name[len] = 0; 3353 3354 if (type_set_read(&ftr->stypes, fp)) 3355 return -1; 3356 3357 if (type_set_read(&ftr->ttypes, fp)) 3358 return -1; 3359 3360 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3361 if (rc < 0) 3362 return -1; 3363 ftr->tclass = le32_to_cpu(buf[0]); 3364 ftr->otype = le32_to_cpu(buf[1]); 3365 } 3366 3367 return 0; 3368 } 3369 3370 static int range_trans_rule_read(range_trans_rule_t ** r, 3371 struct policy_file *fp) 3372 { 3373 uint32_t buf[1], nel; 3374 unsigned int i; 3375 range_trans_rule_t *rt, *lrt = NULL; 3376 int rc; 3377 3378 rc = next_entry(buf, fp, sizeof(uint32_t)); 3379 if (rc < 0) 3380 return -1; 3381 nel = le32_to_cpu(buf[0]); 3382 for (i = 0; i < nel; i++) { 3383 rt = malloc(sizeof(range_trans_rule_t)); 3384 if (!rt) { 3385 return -1; 3386 } 3387 range_trans_rule_init(rt); 3388 3389 if (lrt) 3390 lrt->next = rt; 3391 else 3392 *r = rt; 3393 3394 if (type_set_read(&rt->stypes, fp)) 3395 return -1; 3396 3397 if (type_set_read(&rt->ttypes, fp)) 3398 return -1; 3399 3400 if (ebitmap_read(&rt->tclasses, fp)) 3401 return -1; 3402 3403 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3404 return -1; 3405 3406 lrt = rt; 3407 } 3408 3409 return 0; 3410 } 3411 3412 static int scope_index_read(scope_index_t * scope_index, 3413 unsigned int num_scope_syms, struct policy_file *fp) 3414 { 3415 unsigned int i; 3416 uint32_t buf[1]; 3417 int rc; 3418 3419 for (i = 0; i < num_scope_syms; i++) { 3420 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3421 return -1; 3422 } 3423 } 3424 rc = next_entry(buf, fp, sizeof(uint32_t)); 3425 if (rc < 0) 3426 return -1; 3427 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3428 if (scope_index->class_perms_len == 0) { 3429 scope_index->class_perms_map = NULL; 3430 return 0; 3431 } 3432 if ((scope_index->class_perms_map = 3433 calloc(scope_index->class_perms_len, 3434 sizeof(*scope_index->class_perms_map))) == NULL) { 3435 return -1; 3436 } 3437 for (i = 0; i < scope_index->class_perms_len; i++) { 3438 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3439 return -1; 3440 } 3441 } 3442 return 0; 3443 } 3444 3445 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3446 unsigned int num_scope_syms, struct policy_file *fp) 3447 { 3448 uint32_t buf[2], nprim, nel; 3449 unsigned int i, j; 3450 int rc; 3451 3452 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3453 if (rc < 0) 3454 return -1; 3455 decl->decl_id = le32_to_cpu(buf[0]); 3456 decl->enabled = le32_to_cpu(buf[1]); 3457 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3458 avrule_read_list(p, &decl->avrules, fp) == -1 || 3459 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3460 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3461 return -1; 3462 } 3463 3464 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3465 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3466 return -1; 3467 3468 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3469 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3470 return -1; 3471 } 3472 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3473 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3474 return -1; 3475 } 3476 3477 for (i = 0; i < num_scope_syms; i++) { 3478 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3479 if (rc < 0) 3480 return -1; 3481 nprim = le32_to_cpu(buf[0]); 3482 nel = le32_to_cpu(buf[1]); 3483 for (j = 0; j < nel; j++) { 3484 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3485 return -1; 3486 } 3487 } 3488 decl->symtab[i].nprim = nprim; 3489 } 3490 return 0; 3491 } 3492 3493 static int avrule_block_read(policydb_t * p, 3494 avrule_block_t ** block, 3495 unsigned int num_scope_syms, 3496 struct policy_file *fp) 3497 { 3498 avrule_block_t *last_block = NULL, *curblock; 3499 uint32_t buf[1], num_blocks, nel; 3500 int rc; 3501 3502 assert(*block == NULL); 3503 3504 rc = next_entry(buf, fp, sizeof(uint32_t)); 3505 if (rc < 0) 3506 return -1; 3507 num_blocks = le32_to_cpu(buf[0]); 3508 nel = num_blocks; 3509 while (num_blocks > 0) { 3510 avrule_decl_t *last_decl = NULL, *curdecl; 3511 uint32_t num_decls; 3512 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3513 return -1; 3514 } 3515 rc = next_entry(buf, fp, sizeof(uint32_t)); 3516 if (rc < 0) { 3517 free(curblock); 3518 return -1; 3519 } 3520 /* if this is the first block its non-optional, else its optional */ 3521 if (num_blocks != nel) 3522 curblock->flags |= AVRULE_OPTIONAL; 3523 3524 num_decls = le32_to_cpu(buf[0]); 3525 while (num_decls > 0) { 3526 if ((curdecl = avrule_decl_create(0)) == NULL) { 3527 avrule_block_destroy(curblock); 3528 return -1; 3529 } 3530 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3531 -1) { 3532 avrule_decl_destroy(curdecl); 3533 avrule_block_destroy(curblock); 3534 return -1; 3535 } 3536 if (curdecl->enabled) { 3537 if (curblock->enabled != NULL) { 3538 /* probably a corrupt file */ 3539 avrule_decl_destroy(curdecl); 3540 avrule_block_destroy(curblock); 3541 return -1; 3542 } 3543 curblock->enabled = curdecl; 3544 } 3545 /* one must be careful to reconstruct the 3546 * decl chain in its correct order */ 3547 if (curblock->branch_list == NULL) { 3548 curblock->branch_list = curdecl; 3549 } else { 3550 assert(last_decl); 3551 last_decl->next = curdecl; 3552 } 3553 last_decl = curdecl; 3554 num_decls--; 3555 } 3556 3557 if (*block == NULL) { 3558 *block = curblock; 3559 } else { 3560 assert(last_block); 3561 last_block->next = curblock; 3562 } 3563 last_block = curblock; 3564 3565 num_blocks--; 3566 } 3567 3568 return 0; 3569 } 3570 3571 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3572 { 3573 scope_datum_t *scope = NULL; 3574 uint32_t buf[2]; 3575 char *key = NULL; 3576 size_t key_len; 3577 unsigned int i; 3578 hashtab_t h = p->scope[symnum].table; 3579 int rc; 3580 3581 rc = next_entry(buf, fp, sizeof(uint32_t)); 3582 if (rc < 0) 3583 goto cleanup; 3584 key_len = le32_to_cpu(buf[0]); 3585 key = malloc(key_len + 1); 3586 if (!key) 3587 goto cleanup; 3588 rc = next_entry(key, fp, key_len); 3589 if (rc < 0) 3590 goto cleanup; 3591 key[key_len] = '\0'; 3592 3593 /* ensure that there already exists a symbol with this key */ 3594 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3595 goto cleanup; 3596 } 3597 3598 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3599 goto cleanup; 3600 } 3601 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3602 if (rc < 0) 3603 goto cleanup; 3604 scope->scope = le32_to_cpu(buf[0]); 3605 scope->decl_ids_len = le32_to_cpu(buf[1]); 3606 assert(scope->decl_ids_len > 0); 3607 if ((scope->decl_ids = 3608 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3609 goto cleanup; 3610 } 3611 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3612 if (rc < 0) 3613 goto cleanup; 3614 for (i = 0; i < scope->decl_ids_len; i++) { 3615 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3616 } 3617 3618 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3619 /* object_r was already added to this table in roles_init() */ 3620 scope_destroy(key, scope, NULL); 3621 } else { 3622 if (hashtab_insert(h, key, scope)) { 3623 goto cleanup; 3624 } 3625 } 3626 3627 return 0; 3628 3629 cleanup: 3630 scope_destroy(key, scope, NULL); 3631 return -1; 3632 } 3633 3634 /* 3635 * Read the configuration data from a policy database binary 3636 * representation file into a policy database structure. 3637 */ 3638 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3639 { 3640 3641 unsigned int i, j, r_policyvers; 3642 uint32_t buf[5]; 3643 size_t len, nprim, nel; 3644 char *policydb_str; 3645 struct policydb_compat_info *info; 3646 unsigned int policy_type, bufindex; 3647 ebitmap_node_t *tnode; 3648 int rc; 3649 3650 /* Read the magic number and string length. */ 3651 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3652 if (rc < 0) 3653 return POLICYDB_ERROR; 3654 for (i = 0; i < 2; i++) 3655 buf[i] = le32_to_cpu(buf[i]); 3656 3657 if (buf[0] == POLICYDB_MAGIC) { 3658 policy_type = POLICY_KERN; 3659 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3660 policy_type = POLICY_MOD; 3661 } else { 3662 ERR(fp->handle, "policydb magic number %#08x does not " 3663 "match expected magic number %#08x or %#08x", 3664 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3665 return POLICYDB_ERROR; 3666 } 3667 3668 len = buf[1]; 3669 if (len > POLICYDB_STRING_MAX_LENGTH) { 3670 ERR(fp->handle, "policydb string length too long "); 3671 return POLICYDB_ERROR; 3672 } 3673 3674 policydb_str = malloc(len + 1); 3675 if (!policydb_str) { 3676 ERR(fp->handle, "unable to allocate memory for policydb " 3677 "string of length %zu", len); 3678 return POLICYDB_ERROR; 3679 } 3680 rc = next_entry(policydb_str, fp, len); 3681 if (rc < 0) { 3682 ERR(fp->handle, "truncated policydb string identifier"); 3683 free(policydb_str); 3684 return POLICYDB_ERROR; 3685 } 3686 policydb_str[len] = 0; 3687 3688 if (policy_type == POLICY_KERN) { 3689 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3690 if ((strcmp(policydb_str, policydb_target_strings[i]) 3691 == 0)) { 3692 policydb_set_target_platform(p, i); 3693 break; 3694 } 3695 } 3696 3697 if (i == POLICYDB_TARGET_SZ) { 3698 ERR(fp->handle, "cannot find a valid target for policy " 3699 "string %s", policydb_str); 3700 free(policydb_str); 3701 return POLICYDB_ERROR; 3702 } 3703 } else { 3704 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3705 ERR(fp->handle, "invalid string identifier %s", 3706 policydb_str); 3707 free(policydb_str); 3708 return POLICYDB_ERROR; 3709 } 3710 } 3711 3712 /* Done with policydb_str. */ 3713 free(policydb_str); 3714 policydb_str = NULL; 3715 3716 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3717 if (policy_type == POLICY_KERN) 3718 nel = 4; 3719 else 3720 nel = 5; 3721 3722 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3723 if (rc < 0) 3724 return POLICYDB_ERROR; 3725 for (i = 0; i < nel; i++) 3726 buf[i] = le32_to_cpu(buf[i]); 3727 3728 bufindex = 0; 3729 3730 if (policy_type == POLICY_MOD) { 3731 /* We know it's a module but not whether it's a base 3732 module or regular binary policy module. buf[0] 3733 tells us which. */ 3734 policy_type = buf[bufindex]; 3735 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3736 ERR(fp->handle, "unknown module type: %#08x", 3737 policy_type); 3738 return POLICYDB_ERROR; 3739 } 3740 bufindex++; 3741 } 3742 3743 r_policyvers = buf[bufindex]; 3744 if (policy_type == POLICY_KERN) { 3745 if (r_policyvers < POLICYDB_VERSION_MIN || 3746 r_policyvers > POLICYDB_VERSION_MAX) { 3747 ERR(fp->handle, "policydb version %d does not match " 3748 "my version range %d-%d", buf[bufindex], 3749 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3750 return POLICYDB_ERROR; 3751 } 3752 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3753 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3754 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3755 ERR(fp->handle, "policydb module version %d does " 3756 "not match my version range %d-%d", 3757 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3758 MOD_POLICYDB_VERSION_MAX); 3759 return POLICYDB_ERROR; 3760 } 3761 } else { 3762 assert(0); 3763 } 3764 bufindex++; 3765 3766 /* Set the policy type and version from the read values. */ 3767 p->policy_type = policy_type; 3768 p->policyvers = r_policyvers; 3769 3770 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3771 p->mls = 1; 3772 } else { 3773 p->mls = 0; 3774 } 3775 3776 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3777 3778 bufindex++; 3779 3780 info = policydb_lookup_compat(r_policyvers, policy_type, 3781 p->target_platform); 3782 if (!info) { 3783 ERR(fp->handle, "unable to find policy compat info " 3784 "for version %d", r_policyvers); 3785 goto bad; 3786 } 3787 3788 if (buf[bufindex] != info->sym_num 3789 || buf[bufindex + 1] != info->ocon_num) { 3790 ERR(fp->handle, 3791 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3792 buf[bufindex], buf[bufindex + 1], info->sym_num, 3793 info->ocon_num); 3794 goto bad; 3795 } 3796 3797 if (p->policy_type == POLICY_MOD) { 3798 /* Get the module name and version */ 3799 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3800 goto bad; 3801 } 3802 len = le32_to_cpu(buf[0]); 3803 if ((p->name = malloc(len + 1)) == NULL) { 3804 goto bad; 3805 } 3806 if ((rc = next_entry(p->name, fp, len)) < 0) { 3807 goto bad; 3808 } 3809 p->name[len] = '\0'; 3810 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3811 goto bad; 3812 } 3813 len = le32_to_cpu(buf[0]); 3814 if ((p->version = malloc(len + 1)) == NULL) { 3815 goto bad; 3816 } 3817 if ((rc = next_entry(p->version, fp, len)) < 0) { 3818 goto bad; 3819 } 3820 p->version[len] = '\0'; 3821 } 3822 3823 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3824 p->policy_type == POLICY_KERN) || 3825 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3826 p->policy_type == POLICY_BASE) || 3827 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3828 p->policy_type == POLICY_MOD)) { 3829 if (ebitmap_read(&p->policycaps, fp)) 3830 goto bad; 3831 } 3832 3833 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3834 p->policy_type == POLICY_KERN) { 3835 if (ebitmap_read(&p->permissive_map, fp)) 3836 goto bad; 3837 } 3838 3839 for (i = 0; i < info->sym_num; i++) { 3840 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3841 if (rc < 0) 3842 goto bad; 3843 nprim = le32_to_cpu(buf[0]); 3844 nel = le32_to_cpu(buf[1]); 3845 for (j = 0; j < nel; j++) { 3846 if (read_f[i] (p, p->symtab[i].table, fp)) 3847 goto bad; 3848 } 3849 3850 p->symtab[i].nprim = nprim; 3851 } 3852 3853 if (policy_type == POLICY_KERN) { 3854 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3855 goto bad; 3856 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3857 if (cond_read_list(p, &p->cond_list, fp)) 3858 goto bad; 3859 if (role_trans_read(p, fp)) 3860 goto bad; 3861 if (role_allow_read(&p->role_allow, fp)) 3862 goto bad; 3863 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3864 filename_trans_read(&p->filename_trans, fp)) 3865 goto bad; 3866 } else { 3867 /* first read the AV rule blocks, then the scope tables */ 3868 avrule_block_destroy(p->global); 3869 p->global = NULL; 3870 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3871 goto bad; 3872 } 3873 for (i = 0; i < info->sym_num; i++) { 3874 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3875 goto bad; 3876 } 3877 nel = le32_to_cpu(buf[0]); 3878 for (j = 0; j < nel; j++) { 3879 if (scope_read(p, i, fp)) 3880 goto bad; 3881 } 3882 } 3883 3884 } 3885 3886 if (policydb_index_decls(p)) 3887 goto bad; 3888 3889 if (policydb_index_classes(p)) 3890 goto bad; 3891 3892 if (policydb_index_others(fp->handle, p, verbose)) 3893 goto bad; 3894 3895 if (ocontext_read(info, p, fp) == -1) { 3896 goto bad; 3897 } 3898 3899 if (genfs_read(p, fp) == -1) { 3900 goto bad; 3901 } 3902 3903 if ((p->policy_type == POLICY_KERN 3904 && p->policyvers >= POLICYDB_VERSION_MLS) 3905 || (p->policy_type == POLICY_BASE 3906 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3907 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3908 if (range_read(p, fp)) { 3909 goto bad; 3910 } 3911 } 3912 3913 if (policy_type == POLICY_KERN) { 3914 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3915 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3916 if (!p->type_attr_map || !p->attr_type_map) 3917 goto bad; 3918 for (i = 0; i < p->p_types.nprim; i++) { 3919 ebitmap_init(&p->type_attr_map[i]); 3920 ebitmap_init(&p->attr_type_map[i]); 3921 } 3922 for (i = 0; i < p->p_types.nprim; i++) { 3923 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3924 if (ebitmap_read(&p->type_attr_map[i], fp)) 3925 goto bad; 3926 ebitmap_for_each_bit(&p->type_attr_map[i], 3927 tnode, j) { 3928 if (!ebitmap_node_get_bit(tnode, j) 3929 || i == j) 3930 continue; 3931 if (ebitmap_set_bit 3932 (&p->attr_type_map[j], i, 1)) 3933 goto bad; 3934 } 3935 } 3936 /* add the type itself as the degenerate case */ 3937 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3938 goto bad; 3939 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) { 3940 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1)) 3941 goto bad; 3942 } 3943 } 3944 } 3945 3946 return POLICYDB_SUCCESS; 3947 bad: 3948 return POLICYDB_ERROR; 3949 } 3950 3951 int policydb_reindex_users(policydb_t * p) 3952 { 3953 unsigned int i = SYM_USERS; 3954 3955 if (p->user_val_to_struct) 3956 free(p->user_val_to_struct); 3957 if (p->sym_val_to_name[i]) 3958 free(p->sym_val_to_name[i]); 3959 3960 p->user_val_to_struct = (user_datum_t **) 3961 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3962 if (!p->user_val_to_struct) 3963 return -1; 3964 3965 p->sym_val_to_name[i] = (char **) 3966 malloc(p->symtab[i].nprim * sizeof(char *)); 3967 if (!p->sym_val_to_name[i]) 3968 return -1; 3969 3970 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3971 return -1; 3972 3973 /* Expand user roles for context validity checking */ 3974 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3975 return -1; 3976 3977 return 0; 3978 } 3979 3980 void policy_file_init(policy_file_t *pf) 3981 { 3982 memset(pf, 0, sizeof(policy_file_t)); 3983 } 3984 3985 int policydb_set_target_platform(policydb_t *p, int platform) 3986 { 3987 if (platform == SEPOL_TARGET_SELINUX) 3988 p->target_platform = SEPOL_TARGET_SELINUX; 3989 else if (platform == SEPOL_TARGET_XEN) 3990 p->target_platform = SEPOL_TARGET_XEN; 3991 else 3992 return -1; 3993 3994 return 0; 3995 } 3996 3997
