1 2/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */ 3 4/* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * Copyright (C) 2017 Mellanox Technologies Inc. 22 * 23 * This library is free software; you can redistribute it and/or 24 * modify it under the terms of the GNU Lesser General Public 25 * License as published by the Free Software Foundation; either 26 * version 2.1 of the License, or (at your option) any later version. 27 * 28 * This library is distributed in the hope that it will be useful, 29 * but WITHOUT ANY WARRANTY; without even the implied warranty of 30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 31 * Lesser General Public License for more details. 32 * 33 * You should have received a copy of the GNU Lesser General Public 34 * License along with this library; if not, write to the Free Software 35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 36 */ 37 38/* FLASK */ 39 40/* 41 * Implementation of the policy database. 42 */ 43 44#include <assert.h> 45#include <stdlib.h> 46 47#include <sepol/policydb/policydb.h> 48#include <sepol/policydb/expand.h> 49#include <sepol/policydb/conditional.h> 50#include <sepol/policydb/avrule_block.h> 51#include <sepol/policydb/util.h> 52 53#include "kernel_to_common.h" 54#include "private.h" 55#include "debug.h" 56#include "mls.h" 57#include "policydb_validate.h" 58 59#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 60const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 61 62/* These need to be updated if SYM_NUM or OCON_NUM changes */ 63static const struct policydb_compat_info policydb_compat[] = { 64 { 65 .type = POLICY_KERN, 66 .version = POLICYDB_VERSION_BOUNDARY, 67 .sym_num = SYM_NUM, 68 .ocon_num = OCON_XEN_PCIDEVICE + 1, 69 .target_platform = SEPOL_TARGET_XEN, 70 }, 71 { 72 .type = POLICY_KERN, 73 .version = POLICYDB_VERSION_XEN_DEVICETREE, 74 .sym_num = SYM_NUM, 75 .ocon_num = OCON_XEN_DEVICETREE + 1, 76 .target_platform = SEPOL_TARGET_XEN, 77 }, 78 { 79 .type = POLICY_KERN, 80 .version = POLICYDB_VERSION_BASE, 81 .sym_num = SYM_NUM - 3, 82 .ocon_num = OCON_FSUSE + 1, 83 .target_platform = SEPOL_TARGET_SELINUX, 84 }, 85 { 86 .type = POLICY_KERN, 87 .version = POLICYDB_VERSION_BOOL, 88 .sym_num = SYM_NUM - 2, 89 .ocon_num = OCON_FSUSE + 1, 90 .target_platform = SEPOL_TARGET_SELINUX, 91 }, 92 { 93 .type = POLICY_KERN, 94 .version = POLICYDB_VERSION_IPV6, 95 .sym_num = SYM_NUM - 2, 96 .ocon_num = OCON_NODE6 + 1, 97 .target_platform = SEPOL_TARGET_SELINUX, 98 }, 99 { 100 .type = POLICY_KERN, 101 .version = POLICYDB_VERSION_NLCLASS, 102 .sym_num = SYM_NUM - 2, 103 .ocon_num = OCON_NODE6 + 1, 104 .target_platform = SEPOL_TARGET_SELINUX, 105 }, 106 { 107 .type = POLICY_KERN, 108 .version = POLICYDB_VERSION_MLS, 109 .sym_num = SYM_NUM, 110 .ocon_num = OCON_NODE6 + 1, 111 .target_platform = SEPOL_TARGET_SELINUX, 112 }, 113 { 114 .type = POLICY_KERN, 115 .version = POLICYDB_VERSION_AVTAB, 116 .sym_num = SYM_NUM, 117 .ocon_num = OCON_NODE6 + 1, 118 .target_platform = SEPOL_TARGET_SELINUX, 119 }, 120 { 121 .type = POLICY_KERN, 122 .version = POLICYDB_VERSION_RANGETRANS, 123 .sym_num = SYM_NUM, 124 .ocon_num = OCON_NODE6 + 1, 125 .target_platform = SEPOL_TARGET_SELINUX, 126 }, 127 { 128 .type = POLICY_KERN, 129 .version = POLICYDB_VERSION_POLCAP, 130 .sym_num = SYM_NUM, 131 .ocon_num = OCON_NODE6 + 1, 132 .target_platform = SEPOL_TARGET_SELINUX, 133 }, 134 { 135 .type = POLICY_KERN, 136 .version = POLICYDB_VERSION_PERMISSIVE, 137 .sym_num = SYM_NUM, 138 .ocon_num = OCON_NODE6 + 1, 139 .target_platform = SEPOL_TARGET_SELINUX, 140 }, 141 { 142 .type = POLICY_KERN, 143 .version = POLICYDB_VERSION_BOUNDARY, 144 .sym_num = SYM_NUM, 145 .ocon_num = OCON_NODE6 + 1, 146 .target_platform = SEPOL_TARGET_SELINUX, 147 }, 148 { 149 .type = POLICY_KERN, 150 .version = POLICYDB_VERSION_FILENAME_TRANS, 151 .sym_num = SYM_NUM, 152 .ocon_num = OCON_NODE6 + 1, 153 .target_platform = SEPOL_TARGET_SELINUX, 154 }, 155 { 156 .type = POLICY_KERN, 157 .version = POLICYDB_VERSION_ROLETRANS, 158 .sym_num = SYM_NUM, 159 .ocon_num = OCON_NODE6 + 1, 160 .target_platform = SEPOL_TARGET_SELINUX, 161 }, 162 { 163 .type = POLICY_KERN, 164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 165 .sym_num = SYM_NUM, 166 .ocon_num = OCON_NODE6 + 1, 167 .target_platform = SEPOL_TARGET_SELINUX, 168 }, 169 { 170 .type = POLICY_KERN, 171 .version = POLICYDB_VERSION_DEFAULT_TYPE, 172 .sym_num = SYM_NUM, 173 .ocon_num = OCON_NODE6 + 1, 174 .target_platform = SEPOL_TARGET_SELINUX, 175 }, 176 { 177 .type = POLICY_KERN, 178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 179 .sym_num = SYM_NUM, 180 .ocon_num = OCON_NODE6 + 1, 181 .target_platform = SEPOL_TARGET_SELINUX, 182 }, 183 { 184 .type = POLICY_KERN, 185 .version = POLICYDB_VERSION_XPERMS_IOCTL, 186 .sym_num = SYM_NUM, 187 .ocon_num = OCON_NODE6 + 1, 188 .target_platform = SEPOL_TARGET_SELINUX, 189 }, 190 { 191 .type = POLICY_KERN, 192 .version = POLICYDB_VERSION_INFINIBAND, 193 .sym_num = SYM_NUM, 194 .ocon_num = OCON_IBENDPORT + 1, 195 .target_platform = SEPOL_TARGET_SELINUX, 196 }, 197 { 198 .type = POLICY_KERN, 199 .version = POLICYDB_VERSION_GLBLUB, 200 .sym_num = SYM_NUM, 201 .ocon_num = OCON_IBENDPORT + 1, 202 .target_platform = SEPOL_TARGET_SELINUX, 203 }, 204 { 205 .type = POLICY_KERN, 206 .version = POLICYDB_VERSION_COMP_FTRANS, 207 .sym_num = SYM_NUM, 208 .ocon_num = OCON_IBENDPORT + 1, 209 .target_platform = SEPOL_TARGET_SELINUX, 210 }, 211 { 212 .type = POLICY_BASE, 213 .version = MOD_POLICYDB_VERSION_BASE, 214 .sym_num = SYM_NUM, 215 .ocon_num = OCON_NODE6 + 1, 216 .target_platform = SEPOL_TARGET_SELINUX, 217 }, 218 { 219 .type = POLICY_BASE, 220 .version = MOD_POLICYDB_VERSION_MLS, 221 .sym_num = SYM_NUM, 222 .ocon_num = OCON_NODE6 + 1, 223 .target_platform = SEPOL_TARGET_SELINUX, 224 }, 225 { 226 .type = POLICY_BASE, 227 .version = MOD_POLICYDB_VERSION_MLS_USERS, 228 .sym_num = SYM_NUM, 229 .ocon_num = OCON_NODE6 + 1, 230 .target_platform = SEPOL_TARGET_SELINUX, 231 }, 232 { 233 .type = POLICY_BASE, 234 .version = MOD_POLICYDB_VERSION_POLCAP, 235 .sym_num = SYM_NUM, 236 .ocon_num = OCON_NODE6 + 1, 237 .target_platform = SEPOL_TARGET_SELINUX, 238 }, 239 { 240 .type = POLICY_BASE, 241 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 242 .sym_num = SYM_NUM, 243 .ocon_num = OCON_NODE6 + 1, 244 .target_platform = SEPOL_TARGET_SELINUX, 245 }, 246 { 247 .type = POLICY_BASE, 248 .version = MOD_POLICYDB_VERSION_BOUNDARY, 249 .sym_num = SYM_NUM, 250 .ocon_num = OCON_NODE6 + 1, 251 .target_platform = SEPOL_TARGET_SELINUX, 252 }, 253 { 254 .type = POLICY_BASE, 255 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 256 .sym_num = SYM_NUM, 257 .ocon_num = OCON_NODE6 + 1, 258 .target_platform = SEPOL_TARGET_SELINUX, 259 }, 260 { 261 .type = POLICY_BASE, 262 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 263 .sym_num = SYM_NUM, 264 .ocon_num = OCON_NODE6 + 1, 265 .target_platform = SEPOL_TARGET_SELINUX, 266 }, 267 { 268 .type = POLICY_BASE, 269 .version = MOD_POLICYDB_VERSION_ROLETRANS, 270 .sym_num = SYM_NUM, 271 .ocon_num = OCON_NODE6 + 1, 272 .target_platform = SEPOL_TARGET_SELINUX, 273 }, 274 { 275 .type = POLICY_BASE, 276 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 277 .sym_num = SYM_NUM, 278 .ocon_num = OCON_NODE6 + 1, 279 .target_platform = SEPOL_TARGET_SELINUX, 280 }, 281 { 282 .type = POLICY_BASE, 283 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 284 .sym_num = SYM_NUM, 285 .ocon_num = OCON_NODE6 + 1, 286 .target_platform = SEPOL_TARGET_SELINUX, 287 }, 288 { 289 .type = POLICY_BASE, 290 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 291 .sym_num = SYM_NUM, 292 .ocon_num = OCON_NODE6 + 1, 293 .target_platform = SEPOL_TARGET_SELINUX, 294 }, 295 { 296 .type = POLICY_BASE, 297 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 298 .sym_num = SYM_NUM, 299 .ocon_num = OCON_NODE6 + 1, 300 .target_platform = SEPOL_TARGET_SELINUX, 301 }, 302 { 303 .type = POLICY_BASE, 304 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 305 .sym_num = SYM_NUM, 306 .ocon_num = OCON_NODE6 + 1, 307 .target_platform = SEPOL_TARGET_SELINUX, 308 }, 309 { 310 .type = POLICY_BASE, 311 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL, 312 .sym_num = SYM_NUM, 313 .ocon_num = OCON_NODE6 + 1, 314 .target_platform = SEPOL_TARGET_SELINUX, 315 }, 316 { 317 .type = POLICY_BASE, 318 .version = MOD_POLICYDB_VERSION_INFINIBAND, 319 .sym_num = SYM_NUM, 320 .ocon_num = OCON_IBENDPORT + 1, 321 .target_platform = SEPOL_TARGET_SELINUX, 322 }, 323 { 324 .type = POLICY_BASE, 325 .version = MOD_POLICYDB_VERSION_GLBLUB, 326 .sym_num = SYM_NUM, 327 .ocon_num = OCON_IBENDPORT + 1, 328 .target_platform = SEPOL_TARGET_SELINUX, 329 }, 330 { 331 .type = POLICY_BASE, 332 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS, 333 .sym_num = SYM_NUM, 334 .ocon_num = OCON_IBENDPORT + 1, 335 .target_platform = SEPOL_TARGET_SELINUX, 336 }, 337 { 338 .type = POLICY_MOD, 339 .version = MOD_POLICYDB_VERSION_BASE, 340 .sym_num = SYM_NUM, 341 .ocon_num = 0, 342 .target_platform = SEPOL_TARGET_SELINUX, 343 }, 344 { 345 .type = POLICY_MOD, 346 .version = MOD_POLICYDB_VERSION_MLS, 347 .sym_num = SYM_NUM, 348 .ocon_num = 0, 349 .target_platform = SEPOL_TARGET_SELINUX, 350 }, 351 { 352 .type = POLICY_MOD, 353 .version = MOD_POLICYDB_VERSION_MLS_USERS, 354 .sym_num = SYM_NUM, 355 .ocon_num = 0, 356 .target_platform = SEPOL_TARGET_SELINUX, 357 }, 358 { 359 .type = POLICY_MOD, 360 .version = MOD_POLICYDB_VERSION_POLCAP, 361 .sym_num = SYM_NUM, 362 .ocon_num = 0, 363 .target_platform = SEPOL_TARGET_SELINUX, 364 }, 365 { 366 .type = POLICY_MOD, 367 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 368 .sym_num = SYM_NUM, 369 .ocon_num = 0, 370 .target_platform = SEPOL_TARGET_SELINUX, 371 }, 372 { 373 .type = POLICY_MOD, 374 .version = MOD_POLICYDB_VERSION_BOUNDARY, 375 .sym_num = SYM_NUM, 376 .ocon_num = 0, 377 .target_platform = SEPOL_TARGET_SELINUX, 378 }, 379 { 380 .type = POLICY_MOD, 381 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 382 .sym_num = SYM_NUM, 383 .ocon_num = 0, 384 .target_platform = SEPOL_TARGET_SELINUX, 385 }, 386 { 387 .type = POLICY_MOD, 388 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 389 .sym_num = SYM_NUM, 390 .ocon_num = 0, 391 .target_platform = SEPOL_TARGET_SELINUX, 392 }, 393 { 394 .type = POLICY_MOD, 395 .version = MOD_POLICYDB_VERSION_ROLETRANS, 396 .sym_num = SYM_NUM, 397 .ocon_num = 0, 398 .target_platform = SEPOL_TARGET_SELINUX, 399 }, 400 { 401 .type = POLICY_MOD, 402 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 403 .sym_num = SYM_NUM, 404 .ocon_num = 0, 405 .target_platform = SEPOL_TARGET_SELINUX, 406 }, 407 { 408 .type = POLICY_MOD, 409 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 410 .sym_num = SYM_NUM, 411 .ocon_num = 0, 412 .target_platform = SEPOL_TARGET_SELINUX, 413 }, 414 { 415 .type = POLICY_MOD, 416 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 417 .sym_num = SYM_NUM, 418 .ocon_num = 0, 419 .target_platform = SEPOL_TARGET_SELINUX, 420 }, 421 { 422 .type = POLICY_MOD, 423 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 424 .sym_num = SYM_NUM, 425 .ocon_num = 0, 426 .target_platform = SEPOL_TARGET_SELINUX, 427 }, 428 { 429 .type = POLICY_MOD, 430 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 431 .sym_num = SYM_NUM, 432 .ocon_num = 0, 433 .target_platform = SEPOL_TARGET_SELINUX, 434 }, 435 { 436 .type = POLICY_MOD, 437 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL, 438 .sym_num = SYM_NUM, 439 .ocon_num = 0, 440 .target_platform = SEPOL_TARGET_SELINUX, 441 }, 442 { 443 .type = POLICY_MOD, 444 .version = MOD_POLICYDB_VERSION_INFINIBAND, 445 .sym_num = SYM_NUM, 446 .ocon_num = 0, 447 .target_platform = SEPOL_TARGET_SELINUX, 448 }, 449 { 450 .type = POLICY_MOD, 451 .version = MOD_POLICYDB_VERSION_GLBLUB, 452 .sym_num = SYM_NUM, 453 .ocon_num = 0, 454 .target_platform = SEPOL_TARGET_SELINUX, 455 }, 456 { 457 .type = POLICY_MOD, 458 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS, 459 .sym_num = SYM_NUM, 460 .ocon_num = 0, 461 .target_platform = SEPOL_TARGET_SELINUX, 462 }, 463}; 464 465#if 0 466static char *symtab_name[SYM_NUM] = { 467 "common prefixes", 468 "classes", 469 "roles", 470 "types", 471 "users", 472 "bools" mls_symtab_names cond_symtab_names 473}; 474#endif 475 476static const unsigned int symtab_sizes[SYM_NUM] = { 477 2, 478 32, 479 16, 480 512, 481 128, 482 16, 483 16, 484 16, 485}; 486 487const struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 488 unsigned int type, 489 unsigned int target_platform) 490{ 491 unsigned int i; 492 const struct policydb_compat_info *info = NULL; 493 494 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 495 if (policydb_compat[i].version == version && 496 policydb_compat[i].type == type && 497 policydb_compat[i].target_platform == target_platform) { 498 info = &policydb_compat[i]; 499 break; 500 } 501 } 502 return info; 503} 504 505void type_set_init(type_set_t * x) 506{ 507 memset(x, 0, sizeof(type_set_t)); 508 ebitmap_init(&x->types); 509 ebitmap_init(&x->negset); 510} 511 512void type_set_destroy(type_set_t * x) 513{ 514 if (x != NULL) { 515 ebitmap_destroy(&x->types); 516 ebitmap_destroy(&x->negset); 517 } 518} 519 520void role_set_init(role_set_t * x) 521{ 522 memset(x, 0, sizeof(role_set_t)); 523 ebitmap_init(&x->roles); 524} 525 526void role_set_destroy(role_set_t * x) 527{ 528 ebitmap_destroy(&x->roles); 529} 530 531void role_datum_init(role_datum_t * x) 532{ 533 memset(x, 0, sizeof(role_datum_t)); 534 ebitmap_init(&x->dominates); 535 type_set_init(&x->types); 536 ebitmap_init(&x->cache); 537 ebitmap_init(&x->roles); 538} 539 540void role_datum_destroy(role_datum_t * x) 541{ 542 if (x != NULL) { 543 ebitmap_destroy(&x->dominates); 544 type_set_destroy(&x->types); 545 ebitmap_destroy(&x->cache); 546 ebitmap_destroy(&x->roles); 547 } 548} 549 550void type_datum_init(type_datum_t * x) 551{ 552 memset(x, 0, sizeof(*x)); 553 ebitmap_init(&x->types); 554} 555 556void type_datum_destroy(type_datum_t * x) 557{ 558 if (x != NULL) { 559 ebitmap_destroy(&x->types); 560 } 561} 562 563void user_datum_init(user_datum_t * x) 564{ 565 memset(x, 0, sizeof(user_datum_t)); 566 role_set_init(&x->roles); 567 mls_semantic_range_init(&x->range); 568 mls_semantic_level_init(&x->dfltlevel); 569 ebitmap_init(&x->cache); 570 mls_range_init(&x->exp_range); 571 mls_level_init(&x->exp_dfltlevel); 572} 573 574void user_datum_destroy(user_datum_t * x) 575{ 576 if (x != NULL) { 577 role_set_destroy(&x->roles); 578 mls_semantic_range_destroy(&x->range); 579 mls_semantic_level_destroy(&x->dfltlevel); 580 ebitmap_destroy(&x->cache); 581 mls_range_destroy(&x->exp_range); 582 mls_level_destroy(&x->exp_dfltlevel); 583 } 584} 585 586void level_datum_init(level_datum_t * x) 587{ 588 memset(x, 0, sizeof(level_datum_t)); 589} 590 591void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 592{ 593 /* the mls_level_t referenced by the level_datum is managed 594 * separately for now, so there is nothing to destroy */ 595 return; 596} 597 598void cat_datum_init(cat_datum_t * x) 599{ 600 memset(x, 0, sizeof(cat_datum_t)); 601} 602 603void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 604{ 605 /* it's currently a simple struct - really nothing to destroy */ 606 return; 607} 608 609void class_perm_node_init(class_perm_node_t * x) 610{ 611 memset(x, 0, sizeof(class_perm_node_t)); 612} 613 614void avrule_init(avrule_t * x) 615{ 616 memset(x, 0, sizeof(avrule_t)); 617 type_set_init(&x->stypes); 618 type_set_init(&x->ttypes); 619} 620 621void avrule_destroy(avrule_t * x) 622{ 623 class_perm_node_t *cur, *next; 624 625 if (x == NULL) { 626 return; 627 } 628 type_set_destroy(&x->stypes); 629 type_set_destroy(&x->ttypes); 630 631 free(x->source_filename); 632 633 next = x->perms; 634 while (next) { 635 cur = next; 636 next = cur->next; 637 free(cur); 638 } 639 640 free(x->xperms); 641} 642 643void role_trans_rule_init(role_trans_rule_t * x) 644{ 645 memset(x, 0, sizeof(*x)); 646 role_set_init(&x->roles); 647 type_set_init(&x->types); 648 ebitmap_init(&x->classes); 649} 650 651static void role_trans_rule_destroy(role_trans_rule_t * x) 652{ 653 if (x != NULL) { 654 role_set_destroy(&x->roles); 655 type_set_destroy(&x->types); 656 ebitmap_destroy(&x->classes); 657 } 658} 659 660void role_trans_rule_list_destroy(role_trans_rule_t * x) 661{ 662 while (x != NULL) { 663 role_trans_rule_t *next = x->next; 664 role_trans_rule_destroy(x); 665 free(x); 666 x = next; 667 } 668} 669 670void filename_trans_rule_init(filename_trans_rule_t * x) 671{ 672 memset(x, 0, sizeof(*x)); 673 type_set_init(&x->stypes); 674 type_set_init(&x->ttypes); 675} 676 677static void filename_trans_rule_destroy(filename_trans_rule_t * x) 678{ 679 if (!x) 680 return; 681 type_set_destroy(&x->stypes); 682 type_set_destroy(&x->ttypes); 683 free(x->name); 684} 685 686void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 687{ 688 filename_trans_rule_t *next; 689 while (x) { 690 next = x->next; 691 filename_trans_rule_destroy(x); 692 free(x); 693 x = next; 694 } 695} 696 697void role_allow_rule_init(role_allow_rule_t * x) 698{ 699 memset(x, 0, sizeof(role_allow_rule_t)); 700 role_set_init(&x->roles); 701 role_set_init(&x->new_roles); 702} 703 704void role_allow_rule_destroy(role_allow_rule_t * x) 705{ 706 role_set_destroy(&x->roles); 707 role_set_destroy(&x->new_roles); 708} 709 710void role_allow_rule_list_destroy(role_allow_rule_t * x) 711{ 712 while (x != NULL) { 713 role_allow_rule_t *next = x->next; 714 role_allow_rule_destroy(x); 715 free(x); 716 x = next; 717 } 718} 719 720void range_trans_rule_init(range_trans_rule_t * x) 721{ 722 type_set_init(&x->stypes); 723 type_set_init(&x->ttypes); 724 ebitmap_init(&x->tclasses); 725 mls_semantic_range_init(&x->trange); 726 x->next = NULL; 727} 728 729void range_trans_rule_destroy(range_trans_rule_t * x) 730{ 731 type_set_destroy(&x->stypes); 732 type_set_destroy(&x->ttypes); 733 ebitmap_destroy(&x->tclasses); 734 mls_semantic_range_destroy(&x->trange); 735} 736 737void range_trans_rule_list_destroy(range_trans_rule_t * x) 738{ 739 while (x != NULL) { 740 range_trans_rule_t *next = x->next; 741 range_trans_rule_destroy(x); 742 free(x); 743 x = next; 744 } 745} 746 747void avrule_list_destroy(avrule_t * x) 748{ 749 avrule_t *next, *cur; 750 751 if (!x) 752 return; 753 754 next = x; 755 while (next) { 756 cur = next; 757 next = next->next; 758 avrule_destroy(cur); 759 free(cur); 760 } 761} 762 763/* 764 * Initialize the role table by implicitly adding role 'object_r'. If 765 * the policy is a module, set object_r's scope to be SCOPE_REQ, 766 * otherwise set it to SCOPE_DECL. 767 */ 768static int roles_init(policydb_t * p) 769{ 770 char *key = 0; 771 int rc; 772 role_datum_t *role; 773 774 role = calloc(1, sizeof(role_datum_t)); 775 if (!role) { 776 rc = -ENOMEM; 777 goto out; 778 } 779 key = strdup(OBJECT_R); 780 if (!key) { 781 rc = -ENOMEM; 782 goto out_free_role; 783 } 784 rc = symtab_insert(p, SYM_ROLES, key, role, 785 (p->policy_type == 786 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 787 &role->s.value); 788 if (rc) 789 goto out_free_key; 790 if (role->s.value != OBJECT_R_VAL) { 791 rc = -EINVAL; 792 goto out_free_role; 793 } 794 out: 795 return rc; 796 797 out_free_key: 798 free(key); 799 out_free_role: 800 free(role); 801 goto out; 802} 803 804ignore_unsigned_overflow_ 805static inline unsigned long 806partial_name_hash(unsigned long c, unsigned long prevhash) 807{ 808 return (prevhash + (c << 4) + (c >> 4)) * 11; 809} 810 811static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k) 812{ 813 const filename_trans_key_t *ft = (const filename_trans_key_t *)k; 814 unsigned long hash; 815 unsigned int byte_num; 816 unsigned char focus; 817 818 hash = ft->ttype ^ ft->tclass; 819 820 byte_num = 0; 821 while ((focus = ft->name[byte_num++])) 822 hash = partial_name_hash(focus, hash); 823 return hash & (h->size - 1); 824} 825 826static int filenametr_cmp(hashtab_t h __attribute__ ((unused)), 827 const_hashtab_key_t k1, const_hashtab_key_t k2) 828{ 829 const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1; 830 const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2; 831 int v; 832 833 v = spaceship_cmp(ft1->ttype, ft2->ttype); 834 if (v) 835 return v; 836 837 v = spaceship_cmp(ft1->tclass, ft2->tclass); 838 if (v) 839 return v; 840 841 return strcmp(ft1->name, ft2->name); 842 843} 844 845static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k) 846{ 847 const struct range_trans *key = (const struct range_trans *)k; 848 return (key->source_type + (key->target_type << 3) + 849 (key->target_class << 5)) & (h->size - 1); 850} 851 852static int rangetr_cmp(hashtab_t h __attribute__ ((unused)), 853 const_hashtab_key_t k1, const_hashtab_key_t k2) 854{ 855 const struct range_trans *key1 = (const struct range_trans *)k1; 856 const struct range_trans *key2 = (const struct range_trans *)k2; 857 int v; 858 859 v = spaceship_cmp(key1->source_type, key2->source_type); 860 if (v) 861 return v; 862 863 v = spaceship_cmp(key1->target_type, key2->target_type); 864 if (v) 865 return v; 866 867 v = spaceship_cmp(key1->target_class, key2->target_class); 868 869 return v; 870} 871 872/* 873 * Initialize a policy database structure. 874 */ 875int policydb_init(policydb_t * p) 876{ 877 int i, rc; 878 879 memset(p, 0, sizeof(policydb_t)); 880 881 for (i = 0; i < SYM_NUM; i++) { 882 p->sym_val_to_name[i] = NULL; 883 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 884 if (rc) 885 goto err; 886 } 887 888 /* initialize the module stuff */ 889 for (i = 0; i < SYM_NUM; i++) { 890 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 891 goto err; 892 } 893 } 894 if ((p->global = avrule_block_create()) == NULL || 895 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 896 goto err; 897 } 898 p->decl_val_to_struct = NULL; 899 900 rc = avtab_init(&p->te_avtab); 901 if (rc) 902 goto err; 903 904 rc = roles_init(p); 905 if (rc) 906 goto err; 907 908 rc = cond_policydb_init(p); 909 if (rc) 910 goto err; 911 912 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 913 if (!p->filename_trans) { 914 rc = -ENOMEM; 915 goto err; 916 } 917 918 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 919 if (!p->range_tr) { 920 rc = -ENOMEM; 921 goto err; 922 } 923 924 ebitmap_init(&p->policycaps); 925 ebitmap_init(&p->permissive_map); 926 927 return 0; 928err: 929 hashtab_destroy(p->filename_trans); 930 hashtab_destroy(p->range_tr); 931 for (i = 0; i < SYM_NUM; i++) { 932 hashtab_destroy(p->symtab[i].table); 933 hashtab_destroy(p->scope[i].table); 934 } 935 avrule_block_list_destroy(p->global); 936 return rc; 937} 938 939int policydb_role_cache(hashtab_key_t key 940 __attribute__ ((unused)), hashtab_datum_t datum, 941 void *arg) 942{ 943 policydb_t *p; 944 role_datum_t *role; 945 946 role = (role_datum_t *) datum; 947 p = (policydb_t *) arg; 948 949 ebitmap_destroy(&role->cache); 950 if (type_set_expand(&role->types, &role->cache, p, 1)) { 951 return -1; 952 } 953 954 return 0; 955} 956 957int policydb_user_cache(hashtab_key_t key 958 __attribute__ ((unused)), hashtab_datum_t datum, 959 void *arg) 960{ 961 policydb_t *p; 962 user_datum_t *user; 963 964 user = (user_datum_t *) datum; 965 p = (policydb_t *) arg; 966 967 ebitmap_destroy(&user->cache); 968 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 969 return -1; 970 } 971 972 /* we do not expand user's MLS info in kernel policies because the 973 * semantic representation is not present and we do not expand user's 974 * MLS info in module policies because all of the necessary mls 975 * information is not present */ 976 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 977 mls_range_destroy(&user->exp_range); 978 if (mls_semantic_range_expand(&user->range, 979 &user->exp_range, p, NULL)) { 980 return -1; 981 } 982 983 mls_level_destroy(&user->exp_dfltlevel); 984 if (mls_semantic_level_expand(&user->dfltlevel, 985 &user->exp_dfltlevel, p, NULL)) { 986 return -1; 987 } 988 } 989 990 return 0; 991} 992 993/* 994 * The following *_index functions are used to 995 * define the val_to_name and val_to_struct arrays 996 * in a policy database structure. The val_to_name 997 * arrays are used when converting security context 998 * structures into string representations. The 999 * val_to_struct arrays are used when the attributes 1000 * of a class, role, or user are needed. 1001 */ 1002 1003static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1004{ 1005 policydb_t *p; 1006 common_datum_t *comdatum; 1007 1008 comdatum = (common_datum_t *) datum; 1009 p = (policydb_t *) datap; 1010 if (!value_isvalid(comdatum->s.value, p->p_commons.nprim)) 1011 return -EINVAL; 1012 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL) 1013 return -EINVAL; 1014 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 1015 1016 return 0; 1017} 1018 1019static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1020{ 1021 policydb_t *p; 1022 class_datum_t *cladatum; 1023 1024 cladatum = (class_datum_t *) datum; 1025 p = (policydb_t *) datap; 1026 if (!value_isvalid(cladatum->s.value, p->p_classes.nprim)) 1027 return -EINVAL; 1028 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL) 1029 return -EINVAL; 1030 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 1031 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 1032 1033 return 0; 1034} 1035 1036static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1037{ 1038 policydb_t *p; 1039 role_datum_t *role; 1040 1041 role = (role_datum_t *) datum; 1042 p = (policydb_t *) datap; 1043 if (!value_isvalid(role->s.value, p->p_roles.nprim)) 1044 return -EINVAL; 1045 if (p->p_role_val_to_name[role->s.value - 1] != NULL) 1046 return -EINVAL; 1047 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 1048 p->role_val_to_struct[role->s.value - 1] = role; 1049 1050 return 0; 1051} 1052 1053static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1054{ 1055 policydb_t *p; 1056 type_datum_t *typdatum; 1057 1058 typdatum = (type_datum_t *) datum; 1059 p = (policydb_t *) datap; 1060 1061 if (typdatum->primary) { 1062 if (!value_isvalid(typdatum->s.value, p->p_types.nprim)) 1063 return -EINVAL; 1064 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL) 1065 return -EINVAL; 1066 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 1067 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 1068 } 1069 1070 return 0; 1071} 1072 1073static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1074{ 1075 policydb_t *p; 1076 user_datum_t *usrdatum; 1077 1078 usrdatum = (user_datum_t *) datum; 1079 p = (policydb_t *) datap; 1080 1081 if (!value_isvalid(usrdatum->s.value, p->p_users.nprim)) 1082 return -EINVAL; 1083 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL) 1084 return -EINVAL; 1085 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 1086 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 1087 1088 return 0; 1089} 1090 1091static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1092{ 1093 policydb_t *p; 1094 level_datum_t *levdatum; 1095 1096 levdatum = (level_datum_t *) datum; 1097 p = (policydb_t *) datap; 1098 1099 if (!levdatum->isalias) { 1100 if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim)) 1101 return -EINVAL; 1102 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL) 1103 return -EINVAL; 1104 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 1105 } 1106 1107 return 0; 1108} 1109 1110static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 1111{ 1112 policydb_t *p; 1113 cat_datum_t *catdatum; 1114 1115 catdatum = (cat_datum_t *) datum; 1116 p = (policydb_t *) datap; 1117 1118 if (!catdatum->isalias) { 1119 if (!value_isvalid(catdatum->s.value, p->p_cats.nprim)) 1120 return -EINVAL; 1121 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL) 1122 return -EINVAL; 1123 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 1124 } 1125 1126 return 0; 1127} 1128 1129static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1130 void *datap) = { 1131common_index, class_index, role_index, type_index, user_index, 1132 cond_index_bool, sens_index, cat_index,}; 1133 1134/* 1135 * Define the common val_to_name array and the class 1136 * val_to_name and val_to_struct arrays in a policy 1137 * database structure. 1138 */ 1139int policydb_index_classes(policydb_t * p) 1140{ 1141 free(p->p_common_val_to_name); 1142 p->p_common_val_to_name = (char **) 1143 calloc(p->p_commons.nprim, sizeof(char *)); 1144 if (!p->p_common_val_to_name) 1145 return -1; 1146 1147 if (hashtab_map(p->p_commons.table, common_index, p)) 1148 return -1; 1149 1150 free(p->class_val_to_struct); 1151 p->class_val_to_struct = (class_datum_t **) 1152 calloc(p->p_classes.nprim, sizeof(class_datum_t *)); 1153 if (!p->class_val_to_struct) 1154 return -1; 1155 1156 free(p->p_class_val_to_name); 1157 p->p_class_val_to_name = (char **) 1158 calloc(p->p_classes.nprim, sizeof(char *)); 1159 if (!p->p_class_val_to_name) 1160 return -1; 1161 1162 if (hashtab_map(p->p_classes.table, class_index, p)) 1163 return -1; 1164 1165 return 0; 1166} 1167 1168int policydb_index_bools(policydb_t * p) 1169{ 1170 1171 if (cond_init_bool_indexes(p) == -1) 1172 return -1; 1173 p->p_bool_val_to_name = (char **) 1174 calloc(p->p_bools.nprim, sizeof(char *)); 1175 if (!p->p_bool_val_to_name) 1176 return -1; 1177 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 1178 return -1; 1179 return 0; 1180} 1181 1182static int policydb_index_decls(sepol_handle_t * handle, policydb_t * p) 1183{ 1184 avrule_block_t *curblock; 1185 avrule_decl_t *decl; 1186 unsigned int num_decls = 0; 1187 1188 free(p->decl_val_to_struct); 1189 1190 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1191 for (decl = curblock->branch_list; decl != NULL; 1192 decl = decl->next) { 1193 num_decls++; 1194 } 1195 } 1196 1197 p->decl_val_to_struct = 1198 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 1199 if (!p->decl_val_to_struct) { 1200 return -1; 1201 } 1202 1203 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 1204 for (decl = curblock->branch_list; decl != NULL; 1205 decl = decl->next) { 1206 if (!value_isvalid(decl->decl_id, num_decls)) { 1207 ERR(handle, "invalid decl ID %u", decl->decl_id); 1208 return -1; 1209 } 1210 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) { 1211 ERR(handle, "duplicated decl ID %u", decl->decl_id); 1212 return -1; 1213 } 1214 p->decl_val_to_struct[decl->decl_id - 1] = decl; 1215 } 1216 } 1217 1218 return 0; 1219} 1220 1221/* 1222 * Define the other val_to_name and val_to_struct arrays 1223 * in a policy database structure. 1224 */ 1225int policydb_index_others(sepol_handle_t * handle, 1226 policydb_t * p, unsigned verbose) 1227{ 1228 int i; 1229 1230 if (verbose) { 1231 INFO(handle, 1232 "security: %d users, %d roles, %d types, %d bools", 1233 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 1234 p->p_bools.nprim); 1235 1236 if (p->mls) 1237 INFO(handle, "security: %d sens, %d cats", 1238 p->p_levels.nprim, p->p_cats.nprim); 1239 1240 INFO(handle, "security: %d classes, %d rules, %d cond rules", 1241 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 1242 } 1243#if 0 1244 avtab_hash_eval(&p->te_avtab, "rules"); 1245 for (i = 0; i < SYM_NUM; i++) 1246 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 1247#endif 1248 1249 free(p->role_val_to_struct); 1250 p->role_val_to_struct = (role_datum_t **) 1251 calloc(p->p_roles.nprim, sizeof(role_datum_t *)); 1252 if (!p->role_val_to_struct) 1253 return -1; 1254 1255 free(p->user_val_to_struct); 1256 p->user_val_to_struct = (user_datum_t **) 1257 calloc(p->p_users.nprim, sizeof(user_datum_t *)); 1258 if (!p->user_val_to_struct) 1259 return -1; 1260 1261 free(p->type_val_to_struct); 1262 p->type_val_to_struct = (type_datum_t **) 1263 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 1264 if (!p->type_val_to_struct) 1265 return -1; 1266 1267 if (cond_init_bool_indexes(p)) 1268 return -1; 1269 1270 for (i = SYM_ROLES; i < SYM_NUM; i++) { 1271 free(p->sym_val_to_name[i]); 1272 p->sym_val_to_name[i] = NULL; 1273 if (p->symtab[i].nprim) { 1274 p->sym_val_to_name[i] = (char **) 1275 calloc(p->symtab[i].nprim, sizeof(char *)); 1276 if (!p->sym_val_to_name[i]) 1277 return -1; 1278 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1279 return -1; 1280 } 1281 } 1282 1283 /* This pre-expands the roles and users for context validity checking */ 1284 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1285 return -1; 1286 1287 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1288 return -1; 1289 1290 return 0; 1291} 1292 1293/* 1294 * The following *_destroy functions are used to 1295 * free any memory allocated for each kind of 1296 * symbol data in the policy database. 1297 */ 1298 1299static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1300 __attribute__ ((unused))) 1301{ 1302 if (key) 1303 free(key); 1304 free(datum); 1305 return 0; 1306} 1307 1308static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1309 __attribute__ ((unused))) 1310{ 1311 common_datum_t *comdatum; 1312 1313 if (key) 1314 free(key); 1315 comdatum = (common_datum_t *) datum; 1316 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1317 hashtab_destroy(comdatum->permissions.table); 1318 free(datum); 1319 return 0; 1320} 1321 1322static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1323 __attribute__ ((unused))) 1324{ 1325 class_datum_t *cladatum; 1326 constraint_node_t *constraint, *ctemp; 1327 1328 if (key) 1329 free(key); 1330 cladatum = (class_datum_t *) datum; 1331 if (cladatum == NULL) { 1332 return 0; 1333 } 1334 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1335 hashtab_destroy(cladatum->permissions.table); 1336 constraint = cladatum->constraints; 1337 while (constraint) { 1338 constraint_expr_destroy(constraint->expr); 1339 ctemp = constraint; 1340 constraint = constraint->next; 1341 free(ctemp); 1342 } 1343 1344 constraint = cladatum->validatetrans; 1345 while (constraint) { 1346 constraint_expr_destroy(constraint->expr); 1347 ctemp = constraint; 1348 constraint = constraint->next; 1349 free(ctemp); 1350 } 1351 1352 if (cladatum->comkey) 1353 free(cladatum->comkey); 1354 free(datum); 1355 return 0; 1356} 1357 1358static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1359 __attribute__ ((unused))) 1360{ 1361 free(key); 1362 role_datum_destroy((role_datum_t *) datum); 1363 free(datum); 1364 return 0; 1365} 1366 1367static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1368 __attribute__ ((unused))) 1369{ 1370 free(key); 1371 type_datum_destroy((type_datum_t *) datum); 1372 free(datum); 1373 return 0; 1374} 1375 1376static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1377 __attribute__ ((unused))) 1378{ 1379 free(key); 1380 user_datum_destroy((user_datum_t *) datum); 1381 free(datum); 1382 return 0; 1383} 1384 1385static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1386 __attribute__ ((unused))) 1387{ 1388 level_datum_t *levdatum; 1389 1390 if (key) 1391 free(key); 1392 levdatum = (level_datum_t *) datum; 1393 mls_level_destroy(levdatum->level); 1394 free(levdatum->level); 1395 level_datum_destroy(levdatum); 1396 free(levdatum); 1397 return 0; 1398} 1399 1400static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1401 __attribute__ ((unused))) 1402{ 1403 if (key) 1404 free(key); 1405 cat_datum_destroy((cat_datum_t *) datum); 1406 free(datum); 1407 return 0; 1408} 1409 1410static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1411 void *datap) = { 1412common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1413 cond_destroy_bool, sens_destroy, cat_destroy,}; 1414 1415static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum, 1416 void *p __attribute__ ((unused))) 1417{ 1418 filename_trans_key_t *ft = (filename_trans_key_t *)key; 1419 filename_trans_datum_t *fd = datum, *next; 1420 1421 free(ft->name); 1422 free(key); 1423 do { 1424 next = fd->next; 1425 ebitmap_destroy(&fd->stypes); 1426 free(fd); 1427 fd = next; 1428 } while (fd); 1429 return 0; 1430} 1431 1432static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum, 1433 void *p __attribute__ ((unused))) 1434{ 1435 struct mls_range *rt = (struct mls_range *)datum; 1436 free(key); 1437 ebitmap_destroy(&rt->level[0].cat); 1438 ebitmap_destroy(&rt->level[1].cat); 1439 free(datum); 1440 return 0; 1441} 1442 1443static void ocontext_selinux_free(ocontext_t **ocontexts) 1444{ 1445 ocontext_t *c, *ctmp; 1446 int i; 1447 1448 for (i = 0; i < OCON_NUM; i++) { 1449 c = ocontexts[i]; 1450 while (c) { 1451 ctmp = c; 1452 c = c->next; 1453 context_destroy(&ctmp->context[0]); 1454 context_destroy(&ctmp->context[1]); 1455 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1456 || i == OCON_FSUSE) 1457 free(ctmp->u.name); 1458 else if (i == OCON_IBENDPORT) 1459 free(ctmp->u.ibendport.dev_name); 1460 free(ctmp); 1461 } 1462 } 1463} 1464 1465static void ocontext_xen_free(ocontext_t **ocontexts) 1466{ 1467 ocontext_t *c, *ctmp; 1468 int i; 1469 1470 for (i = 0; i < OCON_NUM; i++) { 1471 c = ocontexts[i]; 1472 while (c) { 1473 ctmp = c; 1474 c = c->next; 1475 context_destroy(&ctmp->context[0]); 1476 context_destroy(&ctmp->context[1]); 1477 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE) 1478 free(ctmp->u.name); 1479 free(ctmp); 1480 } 1481 } 1482} 1483 1484/* 1485 * Free any memory allocated by a policy database structure. 1486 */ 1487void policydb_destroy(policydb_t * p) 1488{ 1489 ocontext_t *c, *ctmp; 1490 genfs_t *g, *gtmp; 1491 unsigned int i; 1492 role_allow_t *ra, *lra = NULL; 1493 role_trans_t *tr, *ltr = NULL; 1494 1495 if (!p) 1496 return; 1497 1498 ebitmap_destroy(&p->policycaps); 1499 1500 ebitmap_destroy(&p->permissive_map); 1501 1502 symtabs_destroy(p->symtab); 1503 1504 for (i = 0; i < SYM_NUM; i++) { 1505 if (p->sym_val_to_name[i]) 1506 free(p->sym_val_to_name[i]); 1507 } 1508 1509 if (p->class_val_to_struct) 1510 free(p->class_val_to_struct); 1511 if (p->role_val_to_struct) 1512 free(p->role_val_to_struct); 1513 if (p->user_val_to_struct) 1514 free(p->user_val_to_struct); 1515 if (p->type_val_to_struct) 1516 free(p->type_val_to_struct); 1517 free(p->decl_val_to_struct); 1518 1519 for (i = 0; i < SYM_NUM; i++) { 1520 (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 1521 hashtab_destroy(p->scope[i].table); 1522 } 1523 avrule_block_list_destroy(p->global); 1524 free(p->name); 1525 free(p->version); 1526 1527 avtab_destroy(&p->te_avtab); 1528 1529 if (p->target_platform == SEPOL_TARGET_SELINUX) 1530 ocontext_selinux_free(p->ocontexts); 1531 else if (p->target_platform == SEPOL_TARGET_XEN) 1532 ocontext_xen_free(p->ocontexts); 1533 1534 g = p->genfs; 1535 while (g) { 1536 free(g->fstype); 1537 c = g->head; 1538 while (c) { 1539 ctmp = c; 1540 c = c->next; 1541 context_destroy(&ctmp->context[0]); 1542 free(ctmp->u.name); 1543 free(ctmp); 1544 } 1545 gtmp = g; 1546 g = g->next; 1547 free(gtmp); 1548 } 1549 cond_policydb_destroy(p); 1550 1551 for (tr = p->role_tr; tr; tr = tr->next) { 1552 if (ltr) 1553 free(ltr); 1554 ltr = tr; 1555 } 1556 if (ltr) 1557 free(ltr); 1558 1559 for (ra = p->role_allow; ra; ra = ra->next) { 1560 if (lra) 1561 free(lra); 1562 lra = ra; 1563 } 1564 if (lra) 1565 free(lra); 1566 1567 hashtab_map(p->filename_trans, filenametr_destroy, NULL); 1568 hashtab_destroy(p->filename_trans); 1569 1570 hashtab_map(p->range_tr, range_tr_destroy, NULL); 1571 hashtab_destroy(p->range_tr); 1572 1573 if (p->type_attr_map) { 1574 for (i = 0; i < p->p_types.nprim; i++) { 1575 ebitmap_destroy(&p->type_attr_map[i]); 1576 } 1577 free(p->type_attr_map); 1578 } 1579 1580 if (p->attr_type_map) { 1581 for (i = 0; i < p->p_types.nprim; i++) { 1582 ebitmap_destroy(&p->attr_type_map[i]); 1583 } 1584 free(p->attr_type_map); 1585 } 1586 1587 return; 1588} 1589 1590void symtabs_destroy(symtab_t * symtab) 1591{ 1592 int i; 1593 for (i = 0; i < SYM_NUM; i++) { 1594 (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 1595 hashtab_destroy(symtab[i].table); 1596 } 1597} 1598 1599int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1600 __attribute__ ((unused))) 1601{ 1602 scope_datum_t *cur = (scope_datum_t *) datum; 1603 free(key); 1604 if (cur != NULL) { 1605 free(cur->decl_ids); 1606 } 1607 free(cur); 1608 return 0; 1609} 1610 1611/* 1612 * Load the initial SIDs specified in a policy database 1613 * structure into a SID table. 1614 */ 1615int policydb_load_isids(policydb_t * p, sidtab_t * s) 1616{ 1617 ocontext_t *head, *c; 1618 1619 if (sepol_sidtab_init(s)) { 1620 ERR(NULL, "out of memory on SID table init"); 1621 return -1; 1622 } 1623 1624 head = p->ocontexts[OCON_ISID]; 1625 for (c = head; c; c = c->next) { 1626 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1627 ERR(NULL, "unable to load initial SID %s", c->u.name); 1628 return -1; 1629 } 1630 } 1631 1632 return 0; 1633} 1634 1635/* Declare a symbol for a certain avrule_block context. Insert it 1636 * into a symbol table for a policy. This function will handle 1637 * inserting the appropriate scope information in addition to 1638 * inserting the symbol into the hash table. 1639 * 1640 * arguments: 1641 * policydb_t *pol module policy to modify 1642 * uint32_t sym the symbole table for insertion (SYM_*) 1643 * hashtab_key_t key the key for the symbol - not cloned 1644 * hashtab_datum_t data the data for the symbol - not cloned 1645 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1646 * avrule_decl_id identifier for this symbol's encapsulating declaration 1647 * value (out) assigned value to the symbol (if value is not NULL) 1648 * 1649 * returns: 1650 * 0 success 1651 * 1 success, but symbol already existed as a requirement 1652 * (datum was not inserted and needs to be free()d) 1653 * -1 general error 1654 * -2 scope conflicted 1655 * -ENOMEM memory error 1656 * error codes from hashtab_insert 1657 */ 1658int symtab_insert(policydb_t * pol, uint32_t sym, 1659 hashtab_key_t key, hashtab_datum_t datum, 1660 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1661{ 1662 int rc, retval = 0; 1663 unsigned int i; 1664 scope_datum_t *scope_datum; 1665 1666 /* check if the symbol is already there. multiple 1667 * declarations of non-roles/non-users are illegal, but 1668 * multiple requires are allowed. */ 1669 1670 /* FIX ME - the failures after the hashtab_insert will leave 1671 * the policy in a inconsistent state. */ 1672 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1673 if (rc == SEPOL_OK) { 1674 /* if no value is passed in the symbol is not primary 1675 * (i.e. aliases) */ 1676 if (value) 1677 *value = ++pol->symtab[sym].nprim; 1678 } else if (rc == SEPOL_EEXIST) { 1679 retval = 1; /* symbol not added -- need to free() later */ 1680 } else { 1681 return rc; 1682 } 1683 1684 /* get existing scope information; if there is not one then 1685 * create it */ 1686 scope_datum = 1687 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1688 if (scope_datum == NULL) { 1689 hashtab_key_t key2 = strdup((char *)key); 1690 if (!key2) 1691 return -ENOMEM; 1692 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1693 free(key2); 1694 return -ENOMEM; 1695 } 1696 scope_datum->scope = scope; 1697 scope_datum->decl_ids = NULL; 1698 scope_datum->decl_ids_len = 0; 1699 if ((rc = 1700 hashtab_insert(pol->scope[sym].table, key2, 1701 scope_datum)) != 0) { 1702 free(key2); 1703 free(scope_datum); 1704 return rc; 1705 } 1706 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1707 /* disallow multiple declarations for non-roles/users */ 1708 if (sym != SYM_ROLES && sym != SYM_USERS) { 1709 return -2; 1710 } 1711 /* Further confine that a role attribute can't have the same 1712 * name as another regular role, and a role attribute can't 1713 * be declared more than once. */ 1714 if (sym == SYM_ROLES) { 1715 role_datum_t *base_role; 1716 role_datum_t *cur_role = (role_datum_t *)datum; 1717 1718 base_role = (role_datum_t *) 1719 hashtab_search(pol->symtab[sym].table, 1720 key); 1721 assert(base_role != NULL); 1722 1723 if (!((base_role->flavor == ROLE_ROLE) && 1724 (cur_role->flavor == ROLE_ROLE))) { 1725 /* Only regular roles are allowed to have 1726 * multiple declarations. */ 1727 return -2; 1728 } 1729 } 1730 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1731 scope_datum->scope = SCOPE_DECL; 1732 } 1733 1734 /* search through the pre-existing list to avoid adding duplicates */ 1735 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1736 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1737 /* already there, so don't modify its scope */ 1738 return retval; 1739 } 1740 } 1741 1742 if (add_i_to_a(avrule_decl_id, 1743 &scope_datum->decl_ids_len, 1744 &scope_datum->decl_ids) == -1) { 1745 return -ENOMEM; 1746 } 1747 1748 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) { 1749 /* Need to keep the decl at the end of the list */ 1750 uint32_t len, tmp; 1751 len = scope_datum->decl_ids_len; 1752 if (len < 2) { 1753 /* This should be impossible here */ 1754 return -1; 1755 } 1756 tmp = scope_datum->decl_ids[len-2]; 1757 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1]; 1758 scope_datum->decl_ids[len-1] = tmp; 1759 } 1760 1761 return retval; 1762} 1763 1764static int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b) 1765{ 1766 type_set_init(dst); 1767 1768 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1769 return -1; 1770 } 1771 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1772 return -1; 1773 } 1774 1775 dst->flags |= a->flags; 1776 dst->flags |= b->flags; 1777 1778 return 0; 1779} 1780 1781int type_set_cpy(type_set_t * dst, const type_set_t * src) 1782{ 1783 type_set_init(dst); 1784 1785 dst->flags = src->flags; 1786 if (ebitmap_cpy(&dst->types, &src->types)) 1787 return -1; 1788 if (ebitmap_cpy(&dst->negset, &src->negset)) 1789 return -1; 1790 1791 return 0; 1792} 1793 1794int type_set_or_eq(type_set_t * dst, const type_set_t * other) 1795{ 1796 int ret; 1797 type_set_t tmp; 1798 1799 if (type_set_or(&tmp, dst, other)) 1800 return -1; 1801 type_set_destroy(dst); 1802 ret = type_set_cpy(dst, &tmp); 1803 type_set_destroy(&tmp); 1804 1805 return ret; 1806} 1807 1808/***********************************************************************/ 1809/* everything below is for policy reads */ 1810 1811/* The following are read functions for module structures */ 1812 1813static int role_set_read(role_set_t * r, struct policy_file *fp) 1814{ 1815 uint32_t buf[1]; 1816 int rc; 1817 1818 if (ebitmap_read(&r->roles, fp)) 1819 return -1; 1820 rc = next_entry(buf, fp, sizeof(uint32_t)); 1821 if (rc < 0) 1822 return -1; 1823 r->flags = le32_to_cpu(buf[0]); 1824 1825 return 0; 1826} 1827 1828static int type_set_read(type_set_t * t, struct policy_file *fp) 1829{ 1830 uint32_t buf[1]; 1831 int rc; 1832 1833 if (ebitmap_read(&t->types, fp)) 1834 return -1; 1835 if (ebitmap_read(&t->negset, fp)) 1836 return -1; 1837 1838 rc = next_entry(buf, fp, sizeof(uint32_t)); 1839 if (rc < 0) 1840 return -1; 1841 t->flags = le32_to_cpu(buf[0]); 1842 1843 return 0; 1844} 1845 1846/* 1847 * Read a MLS range structure from a policydb binary 1848 * representation file. 1849 */ 1850static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1851{ 1852 uint32_t buf[2], items; 1853 int rc; 1854 1855 rc = next_entry(buf, fp, sizeof(uint32_t)); 1856 if (rc < 0) 1857 goto out; 1858 1859 items = le32_to_cpu(buf[0]); 1860 if (items > ARRAY_SIZE(buf)) { 1861 ERR(fp->handle, "range overflow"); 1862 rc = -EINVAL; 1863 goto out; 1864 } 1865 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1866 if (rc < 0) { 1867 ERR(fp->handle, "truncated range"); 1868 goto out; 1869 } 1870 r->level[0].sens = le32_to_cpu(buf[0]); 1871 if (items > 1) 1872 r->level[1].sens = le32_to_cpu(buf[1]); 1873 else 1874 r->level[1].sens = r->level[0].sens; 1875 1876 rc = ebitmap_read(&r->level[0].cat, fp); 1877 if (rc) { 1878 ERR(fp->handle, "error reading low categories"); 1879 goto out; 1880 } 1881 if (items > 1) { 1882 rc = ebitmap_read(&r->level[1].cat, fp); 1883 if (rc) { 1884 ERR(fp->handle, "error reading high categories"); 1885 goto bad_high; 1886 } 1887 } else { 1888 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1889 if (rc) { 1890 ERR(fp->handle, "out of memory"); 1891 goto bad_high; 1892 } 1893 } 1894 1895 rc = 0; 1896 out: 1897 return rc; 1898 bad_high: 1899 ebitmap_destroy(&r->level[0].cat); 1900 goto out; 1901} 1902 1903/* 1904 * Read a semantic MLS level structure from a policydb binary 1905 * representation file. 1906 */ 1907static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1908 struct policy_file *fp) 1909{ 1910 uint32_t buf[2], ncat; 1911 unsigned int i; 1912 mls_semantic_cat_t *cat; 1913 int rc; 1914 1915 mls_semantic_level_init(l); 1916 1917 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1918 if (rc < 0) { 1919 ERR(fp->handle, "truncated level"); 1920 goto bad; 1921 } 1922 l->sens = le32_to_cpu(buf[0]); 1923 1924 ncat = le32_to_cpu(buf[1]); 1925 for (i = 0; i < ncat; i++) { 1926 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1927 if (!cat) { 1928 ERR(fp->handle, "out of memory"); 1929 goto bad; 1930 } 1931 1932 mls_semantic_cat_init(cat); 1933 cat->next = l->cat; 1934 l->cat = cat; 1935 1936 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1937 if (rc < 0) { 1938 ERR(fp->handle, "error reading level categories"); 1939 goto bad; 1940 } 1941 cat->low = le32_to_cpu(buf[0]); 1942 cat->high = le32_to_cpu(buf[1]); 1943 } 1944 1945 return 0; 1946 1947 bad: 1948 return -EINVAL; 1949} 1950 1951/* 1952 * Read a semantic MLS range structure from a policydb binary 1953 * representation file. 1954 */ 1955static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1956 struct policy_file *fp) 1957{ 1958 int rc; 1959 1960 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1961 if (rc) 1962 return rc; 1963 1964 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1965 1966 return rc; 1967} 1968 1969static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1970{ 1971 unsigned int i; 1972 ebitmap_node_t *cnode; 1973 mls_semantic_cat_t *open_cat = NULL; 1974 1975 mls_semantic_level_init(sl); 1976 sl->sens = l->sens; 1977 ebitmap_for_each_bit(&l->cat, cnode, i) { 1978 if (ebitmap_node_get_bit(cnode, i)) { 1979 if (open_cat) 1980 continue; 1981 open_cat = (mls_semantic_cat_t *) 1982 malloc(sizeof(mls_semantic_cat_t)); 1983 if (!open_cat) 1984 return -1; 1985 1986 mls_semantic_cat_init(open_cat); 1987 open_cat->low = i + 1; 1988 open_cat->next = sl->cat; 1989 sl->cat = open_cat; 1990 } else { 1991 if (!open_cat) 1992 continue; 1993 open_cat->high = i; 1994 open_cat = NULL; 1995 } 1996 } 1997 if (open_cat) 1998 open_cat->high = i; 1999 2000 return 0; 2001} 2002 2003static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 2004{ 2005 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 2006 return -1; 2007 2008 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 2009 return -1; 2010 2011 return 0; 2012} 2013 2014/* 2015 * Read and validate a security context structure 2016 * from a policydb binary representation file. 2017 */ 2018static int context_read_and_validate(context_struct_t * c, 2019 policydb_t * p, struct policy_file *fp) 2020{ 2021 uint32_t buf[3]; 2022 int rc; 2023 2024 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2025 if (rc < 0) { 2026 ERR(fp->handle, "context truncated"); 2027 return -1; 2028 } 2029 c->user = le32_to_cpu(buf[0]); 2030 c->role = le32_to_cpu(buf[1]); 2031 c->type = le32_to_cpu(buf[2]); 2032 if ((p->policy_type == POLICY_KERN 2033 && p->policyvers >= POLICYDB_VERSION_MLS) 2034 || (p->policy_type == POLICY_BASE 2035 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 2036 if (mls_read_range_helper(&c->range, fp)) { 2037 ERR(fp->handle, "error reading MLS range " 2038 "of context"); 2039 return -1; 2040 } 2041 } 2042 2043 if (!policydb_context_isvalid(p, c)) { 2044 ERR(fp->handle, "invalid security context"); 2045 context_destroy(c); 2046 return -1; 2047 } 2048 return 0; 2049} 2050 2051/* 2052 * The following *_read functions are used to 2053 * read the symbol data from a policy database 2054 * binary representation file. 2055 */ 2056 2057static int perm_read(policydb_t * p 2058 __attribute__ ((unused)), hashtab_t h, 2059 struct policy_file *fp, uint32_t nprim) 2060{ 2061 char *key = 0; 2062 perm_datum_t *perdatum; 2063 uint32_t buf[2]; 2064 size_t len; 2065 int rc; 2066 2067 perdatum = calloc(1, sizeof(perm_datum_t)); 2068 if (!perdatum) 2069 return -1; 2070 2071 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2072 if (rc < 0) 2073 goto bad; 2074 2075 len = le32_to_cpu(buf[0]); 2076 if(str_read(&key, fp, len)) 2077 goto bad; 2078 2079 perdatum->s.value = le32_to_cpu(buf[1]); 2080 if (!value_isvalid(perdatum->s.value, nprim)) 2081 goto bad; 2082 2083 if (hashtab_insert(h, key, perdatum)) 2084 goto bad; 2085 2086 return 0; 2087 2088 bad: 2089 perm_destroy(key, perdatum, NULL); 2090 return -1; 2091} 2092 2093static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2094{ 2095 char *key = 0; 2096 common_datum_t *comdatum; 2097 uint32_t buf[4]; 2098 size_t len, nel; 2099 unsigned int i; 2100 int rc; 2101 2102 comdatum = calloc(1, sizeof(common_datum_t)); 2103 if (!comdatum) 2104 return -1; 2105 2106 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2107 if (rc < 0) 2108 goto bad; 2109 2110 len = le32_to_cpu(buf[0]); 2111 if (zero_or_saturated(len)) 2112 goto bad; 2113 2114 comdatum->s.value = le32_to_cpu(buf[1]); 2115 2116 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 2117 goto bad; 2118 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 2119 if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE) 2120 goto bad; 2121 nel = le32_to_cpu(buf[3]); 2122 2123 key = malloc(len + 1); 2124 if (!key) 2125 goto bad; 2126 rc = next_entry(key, fp, len); 2127 if (rc < 0) 2128 goto bad; 2129 key[len] = 0; 2130 2131 for (i = 0; i < nel; i++) { 2132 if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim)) 2133 goto bad; 2134 } 2135 2136 if (hashtab_insert(h, key, comdatum)) 2137 goto bad; 2138 2139 return 0; 2140 2141 bad: 2142 common_destroy(key, comdatum, NULL); 2143 return -1; 2144} 2145 2146static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 2147 unsigned int ncons, 2148 int allowxtarget, struct policy_file *fp) 2149{ 2150 constraint_node_t *c, *lc; 2151 constraint_expr_t *e, *le; 2152 uint32_t buf[3]; 2153 size_t nexpr; 2154 unsigned int i, j; 2155 int rc, depth; 2156 2157 lc = NULL; 2158 for (i = 0; i < ncons; i++) { 2159 c = calloc(1, sizeof(constraint_node_t)); 2160 if (!c) 2161 return -1; 2162 2163 if (lc) 2164 lc->next = c; 2165 else 2166 *nodep = c; 2167 2168 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2169 if (rc < 0) 2170 return -1; 2171 c->permissions = le32_to_cpu(buf[0]); 2172 nexpr = le32_to_cpu(buf[1]); 2173 le = NULL; 2174 depth = -1; 2175 for (j = 0; j < nexpr; j++) { 2176 e = malloc(sizeof(constraint_expr_t)); 2177 if (!e) 2178 return -1; 2179 if (constraint_expr_init(e) == -1) { 2180 free(e); 2181 return -1; 2182 } 2183 if (le) { 2184 le->next = e; 2185 } else { 2186 c->expr = e; 2187 } 2188 2189 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2190 if (rc < 0) 2191 return -1; 2192 e->expr_type = le32_to_cpu(buf[0]); 2193 e->attr = le32_to_cpu(buf[1]); 2194 e->op = le32_to_cpu(buf[2]); 2195 2196 switch (e->expr_type) { 2197 case CEXPR_NOT: 2198 if (depth < 0) 2199 return -1; 2200 break; 2201 case CEXPR_AND: 2202 case CEXPR_OR: 2203 if (depth < 1) 2204 return -1; 2205 depth--; 2206 break; 2207 case CEXPR_ATTR: 2208 if (depth == (CEXPR_MAXDEPTH - 1)) 2209 return -1; 2210 depth++; 2211 break; 2212 case CEXPR_NAMES: 2213 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 2214 return -1; 2215 if (depth == (CEXPR_MAXDEPTH - 1)) 2216 return -1; 2217 depth++; 2218 if (ebitmap_read(&e->names, fp)) 2219 return -1; 2220 if (p->policy_type != POLICY_KERN && 2221 type_set_read(e->type_names, fp)) 2222 return -1; 2223 else if (p->policy_type == POLICY_KERN && 2224 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 2225 type_set_read(e->type_names, fp)) 2226 return -1; 2227 break; 2228 default: 2229 return -1; 2230 } 2231 le = e; 2232 } 2233 if (depth != 0) 2234 return -1; 2235 lc = c; 2236 } 2237 2238 return 0; 2239} 2240 2241static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2242{ 2243 char *key = 0; 2244 class_datum_t *cladatum; 2245 uint32_t buf[6]; 2246 size_t len, len2, ncons, nel; 2247 unsigned int i; 2248 int rc; 2249 2250 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 2251 if (!cladatum) 2252 return -1; 2253 2254 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 2255 if (rc < 0) 2256 goto bad; 2257 2258 len = le32_to_cpu(buf[0]); 2259 if (zero_or_saturated(len)) 2260 goto bad; 2261 len2 = le32_to_cpu(buf[1]); 2262 if (is_saturated(len2)) 2263 goto bad; 2264 cladatum->s.value = le32_to_cpu(buf[2]); 2265 2266 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2267 goto bad; 2268 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2269 if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE) 2270 goto bad; 2271 nel = le32_to_cpu(buf[4]); 2272 2273 ncons = le32_to_cpu(buf[5]); 2274 2275 key = malloc(len + 1); 2276 if (!key) 2277 goto bad; 2278 rc = next_entry(key, fp, len); 2279 if (rc < 0) 2280 goto bad; 2281 key[len] = 0; 2282 2283 if (len2) { 2284 cladatum->comkey = malloc(len2 + 1); 2285 if (!cladatum->comkey) 2286 goto bad; 2287 rc = next_entry(cladatum->comkey, fp, len2); 2288 if (rc < 0) 2289 goto bad; 2290 cladatum->comkey[len2] = 0; 2291 2292 cladatum->comdatum = hashtab_search(p->p_commons.table, 2293 cladatum->comkey); 2294 if (!cladatum->comdatum) { 2295 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2296 goto bad; 2297 } 2298 } 2299 for (i = 0; i < nel; i++) { 2300 if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim)) 2301 goto bad; 2302 } 2303 2304 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2305 goto bad; 2306 2307 if ((p->policy_type == POLICY_KERN 2308 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2309 || (p->policy_type == POLICY_BASE 2310 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2311 /* grab the validatetrans rules */ 2312 rc = next_entry(buf, fp, sizeof(uint32_t)); 2313 if (rc < 0) 2314 goto bad; 2315 ncons = le32_to_cpu(buf[0]); 2316 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2317 goto bad; 2318 } 2319 2320 if ((p->policy_type == POLICY_KERN && 2321 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 2322 (p->policy_type == POLICY_BASE && 2323 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 2324 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2325 if (rc < 0) 2326 goto bad; 2327 cladatum->default_user = le32_to_cpu(buf[0]); 2328 cladatum->default_role = le32_to_cpu(buf[1]); 2329 cladatum->default_range = le32_to_cpu(buf[2]); 2330 } 2331 2332 if ((p->policy_type == POLICY_KERN && 2333 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2334 (p->policy_type == POLICY_BASE && 2335 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2336 rc = next_entry(buf, fp, sizeof(uint32_t)); 2337 if (rc < 0) 2338 goto bad; 2339 cladatum->default_type = le32_to_cpu(buf[0]); 2340 } 2341 2342 if (hashtab_insert(h, key, cladatum)) 2343 goto bad; 2344 2345 return 0; 2346 2347 bad: 2348 class_destroy(key, cladatum, NULL); 2349 return -1; 2350} 2351 2352static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2353{ 2354 char *key = 0; 2355 role_datum_t *role; 2356 uint32_t buf[3]; 2357 size_t len; 2358 int rc, to_read = 2; 2359 2360 role = calloc(1, sizeof(role_datum_t)); 2361 if (!role) 2362 return -1; 2363 2364 if (policydb_has_boundary_feature(p)) 2365 to_read = 3; 2366 2367 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2368 if (rc < 0) 2369 goto bad; 2370 2371 len = le32_to_cpu(buf[0]); 2372 if (zero_or_saturated(len)) 2373 goto bad; 2374 2375 role->s.value = le32_to_cpu(buf[1]); 2376 if (policydb_has_boundary_feature(p)) 2377 role->bounds = le32_to_cpu(buf[2]); 2378 2379 key = malloc(len + 1); 2380 if (!key) 2381 goto bad; 2382 rc = next_entry(key, fp, len); 2383 if (rc < 0) 2384 goto bad; 2385 key[len] = 0; 2386 2387 if (ebitmap_read(&role->dominates, fp)) 2388 goto bad; 2389 2390 if (p->policy_type == POLICY_KERN) { 2391 if (ebitmap_read(&role->types.types, fp)) 2392 goto bad; 2393 } else { 2394 if (type_set_read(&role->types, fp)) 2395 goto bad; 2396 } 2397 2398 if (p->policy_type != POLICY_KERN && 2399 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2400 rc = next_entry(buf, fp, sizeof(uint32_t)); 2401 if (rc < 0) 2402 goto bad; 2403 2404 role->flavor = le32_to_cpu(buf[0]); 2405 2406 if (ebitmap_read(&role->roles, fp)) 2407 goto bad; 2408 } 2409 2410 if (strcmp(key, OBJECT_R) == 0) { 2411 if (role->s.value != OBJECT_R_VAL) { 2412 ERR(fp->handle, "role %s has wrong value %d", 2413 OBJECT_R, role->s.value); 2414 role_destroy(key, role, NULL); 2415 return -1; 2416 } 2417 role_destroy(key, role, NULL); 2418 return 0; 2419 } 2420 2421 if (hashtab_insert(h, key, role)) 2422 goto bad; 2423 2424 return 0; 2425 2426 bad: 2427 role_destroy(key, role, NULL); 2428 return -1; 2429} 2430 2431static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2432{ 2433 char *key = 0; 2434 type_datum_t *typdatum; 2435 uint32_t buf[5]; 2436 size_t len; 2437 int rc, to_read; 2438 int pos = 0; 2439 2440 typdatum = calloc(1, sizeof(type_datum_t)); 2441 if (!typdatum) 2442 return -1; 2443 2444 if (policydb_has_boundary_feature(p)) { 2445 if (p->policy_type != POLICY_KERN 2446 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2447 to_read = 5; 2448 else 2449 to_read = 4; 2450 } 2451 else if (p->policy_type == POLICY_KERN) 2452 to_read = 3; 2453 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2454 to_read = 5; 2455 else 2456 to_read = 4; 2457 2458 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2459 if (rc < 0) 2460 goto bad; 2461 2462 len = le32_to_cpu(buf[pos]); 2463 if (zero_or_saturated(len)) 2464 goto bad; 2465 2466 typdatum->s.value = le32_to_cpu(buf[++pos]); 2467 if (policydb_has_boundary_feature(p)) { 2468 uint32_t properties; 2469 2470 if (p->policy_type != POLICY_KERN 2471 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2472 typdatum->primary = le32_to_cpu(buf[++pos]); 2473 properties = le32_to_cpu(buf[++pos]); 2474 } 2475 else { 2476 properties = le32_to_cpu(buf[++pos]); 2477 2478 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2479 typdatum->primary = 1; 2480 } 2481 2482 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2483 typdatum->flavor = TYPE_ATTRIB; 2484 if (properties & TYPEDATUM_PROPERTY_ALIAS 2485 && p->policy_type != POLICY_KERN) 2486 typdatum->flavor = TYPE_ALIAS; 2487 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2488 && p->policy_type != POLICY_KERN) 2489 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2490 2491 typdatum->bounds = le32_to_cpu(buf[++pos]); 2492 } else { 2493 typdatum->primary = le32_to_cpu(buf[++pos]); 2494 if (p->policy_type != POLICY_KERN) { 2495 typdatum->flavor = le32_to_cpu(buf[++pos]); 2496 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2497 typdatum->flags = le32_to_cpu(buf[++pos]); 2498 } 2499 } 2500 2501 if (p->policy_type != POLICY_KERN) { 2502 if (ebitmap_read(&typdatum->types, fp)) 2503 goto bad; 2504 } 2505 2506 key = malloc(len + 1); 2507 if (!key) 2508 goto bad; 2509 rc = next_entry(key, fp, len); 2510 if (rc < 0) 2511 goto bad; 2512 key[len] = 0; 2513 2514 if (hashtab_insert(h, key, typdatum)) 2515 goto bad; 2516 2517 return 0; 2518 2519 bad: 2520 type_destroy(key, typdatum, NULL); 2521 return -1; 2522} 2523 2524static int role_trans_read(policydb_t *p, struct policy_file *fp) 2525{ 2526 role_trans_t **t = &p->role_tr; 2527 unsigned int i; 2528 uint32_t buf[3], nel; 2529 role_trans_t *tr, *ltr; 2530 int rc; 2531 int new_roletr = (p->policy_type == POLICY_KERN && 2532 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2533 2534 rc = next_entry(buf, fp, sizeof(uint32_t)); 2535 if (rc < 0) 2536 return -1; 2537 nel = le32_to_cpu(buf[0]); 2538 ltr = NULL; 2539 for (i = 0; i < nel; i++) { 2540 tr = calloc(1, sizeof(struct role_trans)); 2541 if (!tr) { 2542 return -1; 2543 } 2544 if (ltr) { 2545 ltr->next = tr; 2546 } else { 2547 *t = tr; 2548 } 2549 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2550 if (rc < 0) 2551 return -1; 2552 tr->role = le32_to_cpu(buf[0]); 2553 tr->type = le32_to_cpu(buf[1]); 2554 tr->new_role = le32_to_cpu(buf[2]); 2555 if (new_roletr) { 2556 rc = next_entry(buf, fp, sizeof(uint32_t)); 2557 if (rc < 0) 2558 return -1; 2559 tr->tclass = le32_to_cpu(buf[0]); 2560 } else 2561 tr->tclass = p->process_class; 2562 ltr = tr; 2563 } 2564 return 0; 2565} 2566 2567static int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2568{ 2569 unsigned int i; 2570 uint32_t buf[2], nel; 2571 role_allow_t *ra, *lra; 2572 int rc; 2573 2574 rc = next_entry(buf, fp, sizeof(uint32_t)); 2575 if (rc < 0) 2576 return -1; 2577 nel = le32_to_cpu(buf[0]); 2578 lra = NULL; 2579 for (i = 0; i < nel; i++) { 2580 ra = calloc(1, sizeof(struct role_allow)); 2581 if (!ra) { 2582 return -1; 2583 } 2584 if (lra) { 2585 lra->next = ra; 2586 } else { 2587 *r = ra; 2588 } 2589 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2590 if (rc < 0) 2591 return -1; 2592 ra->role = le32_to_cpu(buf[0]); 2593 ra->new_role = le32_to_cpu(buf[1]); 2594 lra = ra; 2595 } 2596 return 0; 2597} 2598 2599int policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype, 2600 uint32_t tclass, const char *name, 2601 char **name_alloc, uint32_t otype, 2602 uint32_t *present_otype) 2603{ 2604 filename_trans_key_t *ft, key; 2605 filename_trans_datum_t *datum, *last; 2606 2607 key.ttype = ttype; 2608 key.tclass = tclass; 2609 key.name = (char *)name; 2610 2611 last = NULL; 2612 datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key); 2613 while (datum) { 2614 if (ebitmap_get_bit(&datum->stypes, stype - 1)) { 2615 if (present_otype) 2616 *present_otype = datum->otype; 2617 return SEPOL_EEXIST; 2618 } 2619 if (datum->otype == otype) 2620 break; 2621 last = datum; 2622 datum = datum->next; 2623 } 2624 if (!datum) { 2625 datum = malloc(sizeof(*datum)); 2626 if (!datum) 2627 return SEPOL_ENOMEM; 2628 2629 ebitmap_init(&datum->stypes); 2630 datum->otype = otype; 2631 datum->next = NULL; 2632 2633 if (last) { 2634 last->next = datum; 2635 } else { 2636 char *name_dup; 2637 2638 if (name_alloc) { 2639 name_dup = *name_alloc; 2640 *name_alloc = NULL; 2641 } else { 2642 name_dup = strdup(name); 2643 if (!name_dup) { 2644 free(datum); 2645 return SEPOL_ENOMEM; 2646 } 2647 } 2648 2649 ft = malloc(sizeof(*ft)); 2650 if (!ft) { 2651 free(name_dup); 2652 free(datum); 2653 return SEPOL_ENOMEM; 2654 } 2655 2656 ft->ttype = ttype; 2657 ft->tclass = tclass; 2658 ft->name = name_dup; 2659 2660 if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft, 2661 (hashtab_datum_t)datum)) { 2662 free(name_dup); 2663 free(datum); 2664 free(ft); 2665 return SEPOL_ENOMEM; 2666 } 2667 } 2668 } 2669 2670 p->filename_trans_count++; 2671 return ebitmap_set_bit(&datum->stypes, stype - 1, 1); 2672} 2673 2674static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp) 2675{ 2676 uint32_t buf[4], len, stype, ttype, tclass, otype; 2677 char *name = NULL; 2678 int rc; 2679 2680 rc = next_entry(buf, fp, sizeof(uint32_t)); 2681 if (rc < 0) 2682 return -1; 2683 len = le32_to_cpu(buf[0]); 2684 if (zero_or_saturated(len)) 2685 return -1; 2686 2687 name = calloc(len + 1, sizeof(*name)); 2688 if (!name) 2689 return -1; 2690 2691 rc = next_entry(name, fp, len); 2692 if (rc < 0) 2693 goto err; 2694 2695 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2696 if (rc < 0) 2697 goto err; 2698 2699 stype = le32_to_cpu(buf[0]); 2700 if (stype == 0) 2701 goto err; 2702 2703 ttype = le32_to_cpu(buf[1]); 2704 tclass = le32_to_cpu(buf[2]); 2705 otype = le32_to_cpu(buf[3]); 2706 2707 rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name, 2708 otype, NULL); 2709 if (rc) { 2710 if (rc != SEPOL_EEXIST) 2711 goto err; 2712 /* 2713 * Some old policies were wrongly generated with 2714 * duplicate filename transition rules. For backward 2715 * compatibility, do not reject such policies, just 2716 * ignore the duplicate. 2717 */ 2718 } 2719 free(name); 2720 return 0; 2721err: 2722 free(name); 2723 return -1; 2724} 2725 2726static int filename_trans_check_datum(filename_trans_datum_t *datum) 2727{ 2728 ebitmap_t stypes, otypes; 2729 int rc = -1; 2730 2731 ebitmap_init(&stypes); 2732 ebitmap_init(&otypes); 2733 2734 while (datum) { 2735 if (ebitmap_get_bit(&otypes, datum->otype)) 2736 goto out; 2737 2738 if (ebitmap_set_bit(&otypes, datum->otype, 1)) 2739 goto out; 2740 2741 if (ebitmap_match_any(&stypes, &datum->stypes)) 2742 goto out; 2743 2744 if (ebitmap_union(&stypes, &datum->stypes)) 2745 goto out; 2746 2747 datum = datum->next; 2748 } 2749 rc = 0; 2750out: 2751 ebitmap_destroy(&stypes); 2752 ebitmap_destroy(&otypes); 2753 return rc; 2754} 2755 2756static int filename_trans_read_one(policydb_t *p, struct policy_file *fp) 2757{ 2758 filename_trans_key_t *ft = NULL; 2759 filename_trans_datum_t **dst, *datum, *first = NULL; 2760 unsigned int i; 2761 uint32_t buf[3], len, ttype, tclass, ndatum; 2762 char *name = NULL; 2763 int rc; 2764 2765 rc = next_entry(buf, fp, sizeof(uint32_t)); 2766 if (rc < 0) 2767 return -1; 2768 len = le32_to_cpu(buf[0]); 2769 if (zero_or_saturated(len)) 2770 return -1; 2771 2772 name = calloc(len + 1, sizeof(*name)); 2773 if (!name) 2774 return -1; 2775 2776 rc = next_entry(name, fp, len); 2777 if (rc < 0) 2778 goto err; 2779 2780 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2781 if (rc < 0) 2782 goto err; 2783 2784 ttype = le32_to_cpu(buf[0]); 2785 tclass = le32_to_cpu(buf[1]); 2786 ndatum = le32_to_cpu(buf[2]); 2787 if (ndatum == 0) 2788 goto err; 2789 2790 dst = &first; 2791 for (i = 0; i < ndatum; i++) { 2792 datum = malloc(sizeof(*datum)); 2793 if (!datum) 2794 goto err; 2795 2796 datum->next = NULL; 2797 *dst = datum; 2798 2799 /* ebitmap_read() will at least init the bitmap */ 2800 rc = ebitmap_read(&datum->stypes, fp); 2801 if (rc < 0) 2802 goto err; 2803 2804 rc = next_entry(buf, fp, sizeof(uint32_t)); 2805 if (rc < 0) 2806 goto err; 2807 2808 datum->otype = le32_to_cpu(buf[0]); 2809 2810 p->filename_trans_count += ebitmap_cardinality(&datum->stypes); 2811 2812 dst = &datum->next; 2813 } 2814 2815 if (ndatum > 1 && filename_trans_check_datum(first)) 2816 goto err; 2817 2818 ft = malloc(sizeof(*ft)); 2819 if (!ft) 2820 goto err; 2821 2822 ft->ttype = ttype; 2823 ft->tclass = tclass; 2824 ft->name = name; 2825 2826 rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft, 2827 (hashtab_datum_t)first); 2828 if (rc) 2829 goto err; 2830 2831 return 0; 2832err: 2833 free(ft); 2834 free(name); 2835 while (first) { 2836 datum = first; 2837 first = first->next; 2838 2839 ebitmap_destroy(&datum->stypes); 2840 free(datum); 2841 } 2842 return -1; 2843} 2844 2845static int filename_trans_read(policydb_t *p, struct policy_file *fp) 2846{ 2847 unsigned int i; 2848 uint32_t buf[1], nel; 2849 int rc; 2850 2851 rc = next_entry(buf, fp, sizeof(uint32_t)); 2852 if (rc < 0) 2853 return -1; 2854 nel = le32_to_cpu(buf[0]); 2855 2856 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) { 2857 for (i = 0; i < nel; i++) { 2858 rc = filename_trans_read_one_compat(p, fp); 2859 if (rc < 0) 2860 return -1; 2861 } 2862 } else { 2863 for (i = 0; i < nel; i++) { 2864 rc = filename_trans_read_one(p, fp); 2865 if (rc < 0) 2866 return -1; 2867 } 2868 } 2869 return 0; 2870} 2871 2872static int ocontext_read_xen(const struct policydb_compat_info *info, 2873 policydb_t *p, struct policy_file *fp) 2874{ 2875 unsigned int i, j; 2876 size_t nel, len; 2877 ocontext_t *l, *c; 2878 uint32_t buf[8]; 2879 int rc; 2880 2881 for (i = 0; i < info->ocon_num; i++) { 2882 rc = next_entry(buf, fp, sizeof(uint32_t)); 2883 if (rc < 0) 2884 return -1; 2885 nel = le32_to_cpu(buf[0]); 2886 l = NULL; 2887 for (j = 0; j < nel; j++) { 2888 c = calloc(1, sizeof(ocontext_t)); 2889 if (!c) 2890 return -1; 2891 if (l) 2892 l->next = c; 2893 else 2894 p->ocontexts[i] = c; 2895 l = c; 2896 switch (i) { 2897 case OCON_XEN_ISID: 2898 rc = next_entry(buf, fp, sizeof(uint32_t)); 2899 if (rc < 0) 2900 return -1; 2901 c->sid[0] = le32_to_cpu(buf[0]); 2902 if (is_saturated(c->sid[0])) 2903 return -1; 2904 if (context_read_and_validate 2905 (&c->context[0], p, fp)) 2906 return -1; 2907 break; 2908 case OCON_XEN_PIRQ: 2909 rc = next_entry(buf, fp, sizeof(uint32_t)); 2910 if (rc < 0) 2911 return -1; 2912 c->u.pirq = le32_to_cpu(buf[0]); 2913 if (context_read_and_validate 2914 (&c->context[0], p, fp)) 2915 return -1; 2916 break; 2917 case OCON_XEN_IOPORT: 2918 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2919 if (rc < 0) 2920 return -1; 2921 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2922 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2923 if (context_read_and_validate 2924 (&c->context[0], p, fp)) 2925 return -1; 2926 break; 2927 case OCON_XEN_IOMEM: 2928 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) { 2929 uint64_t b64[2]; 2930 rc = next_entry(b64, fp, sizeof(uint64_t) * 2); 2931 if (rc < 0) 2932 return -1; 2933 c->u.iomem.low_iomem = le64_to_cpu(b64[0]); 2934 c->u.iomem.high_iomem = le64_to_cpu(b64[1]); 2935 } else { 2936 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2937 if (rc < 0) 2938 return -1; 2939 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2940 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2941 } 2942 if (context_read_and_validate 2943 (&c->context[0], p, fp)) 2944 return -1; 2945 break; 2946 case OCON_XEN_PCIDEVICE: 2947 rc = next_entry(buf, fp, sizeof(uint32_t)); 2948 if (rc < 0) 2949 return -1; 2950 c->u.device = le32_to_cpu(buf[0]); 2951 if (context_read_and_validate 2952 (&c->context[0], p, fp)) 2953 return -1; 2954 break; 2955 case OCON_XEN_DEVICETREE: 2956 rc = next_entry(buf, fp, sizeof(uint32_t)); 2957 if (rc < 0) 2958 return -1; 2959 len = le32_to_cpu(buf[0]); 2960 if (zero_or_saturated(len)) 2961 return -1; 2962 2963 c->u.name = malloc(len + 1); 2964 if (!c->u.name) 2965 return -1; 2966 rc = next_entry(c->u.name, fp, len); 2967 if (rc < 0) 2968 return -1; 2969 c->u.name[len] = 0; 2970 if (context_read_and_validate 2971 (&c->context[0], p, fp)) 2972 return -1; 2973 break; 2974 default: 2975 /* should never get here */ 2976 ERR(fp->handle, "Unknown Xen ocontext"); 2977 return -1; 2978 } 2979 } 2980 } 2981 return 0; 2982} 2983static int ocontext_read_selinux(const struct policydb_compat_info *info, 2984 policydb_t * p, struct policy_file *fp) 2985{ 2986 unsigned int i, j; 2987 size_t nel, len; 2988 ocontext_t *l, *c; 2989 uint32_t buf[8]; 2990 int rc; 2991 2992 for (i = 0; i < info->ocon_num; i++) { 2993 rc = next_entry(buf, fp, sizeof(uint32_t)); 2994 if (rc < 0) 2995 return -1; 2996 nel = le32_to_cpu(buf[0]); 2997 l = NULL; 2998 for (j = 0; j < nel; j++) { 2999 c = calloc(1, sizeof(ocontext_t)); 3000 if (!c) { 3001 return -1; 3002 } 3003 if (l) { 3004 l->next = c; 3005 } else { 3006 p->ocontexts[i] = c; 3007 } 3008 l = c; 3009 switch (i) { 3010 case OCON_ISID: 3011 rc = next_entry(buf, fp, sizeof(uint32_t)); 3012 if (rc < 0) 3013 return -1; 3014 c->sid[0] = le32_to_cpu(buf[0]); 3015 if (is_saturated(c->sid[0])) 3016 return -1; 3017 if (context_read_and_validate 3018 (&c->context[0], p, fp)) 3019 return -1; 3020 break; 3021 case OCON_FS: 3022 case OCON_NETIF: 3023 rc = next_entry(buf, fp, sizeof(uint32_t)); 3024 if (rc < 0) 3025 return -1; 3026 len = le32_to_cpu(buf[0]); 3027 if (zero_or_saturated(len) || len > 63) 3028 return -1; 3029 c->u.name = malloc(len + 1); 3030 if (!c->u.name) 3031 return -1; 3032 rc = next_entry(c->u.name, fp, len); 3033 if (rc < 0) 3034 return -1; 3035 c->u.name[len] = 0; 3036 if (context_read_and_validate 3037 (&c->context[0], p, fp)) 3038 return -1; 3039 if (context_read_and_validate 3040 (&c->context[1], p, fp)) 3041 return -1; 3042 break; 3043 case OCON_IBPKEY: { 3044 uint32_t pkey_lo, pkey_hi; 3045 3046 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 3047 if (rc < 0) 3048 return -1; 3049 3050 pkey_lo = le32_to_cpu(buf[2]); 3051 pkey_hi = le32_to_cpu(buf[3]); 3052 3053 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX) 3054 return -1; 3055 3056 c->u.ibpkey.low_pkey = pkey_lo; 3057 c->u.ibpkey.high_pkey = pkey_hi; 3058 3059 /* we want c->u.ibpkey.subnet_prefix in network 3060 * (big-endian) order, just memcpy it */ 3061 memcpy(&c->u.ibpkey.subnet_prefix, buf, 3062 sizeof(c->u.ibpkey.subnet_prefix)); 3063 3064 if (context_read_and_validate 3065 (&c->context[0], p, fp)) 3066 return -1; 3067 break; 3068 } 3069 case OCON_IBENDPORT: { 3070 uint32_t port; 3071 3072 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3073 if (rc < 0) 3074 return -1; 3075 len = le32_to_cpu(buf[0]); 3076 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) 3077 return -1; 3078 3079 port = le32_to_cpu(buf[1]); 3080 if (port > UINT8_MAX || port == 0) 3081 return -1; 3082 3083 c->u.ibendport.dev_name = malloc(len + 1); 3084 if (!c->u.ibendport.dev_name) 3085 return -1; 3086 rc = next_entry(c->u.ibendport.dev_name, fp, len); 3087 if (rc < 0) 3088 return -1; 3089 c->u.ibendport.dev_name[len] = 0; 3090 c->u.ibendport.port = port; 3091 if (context_read_and_validate 3092 (&c->context[0], p, fp)) 3093 return -1; 3094 break; 3095 } 3096 case OCON_PORT: 3097 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 3098 if (rc < 0) 3099 return -1; 3100 c->u.port.protocol = le32_to_cpu(buf[0]); 3101 c->u.port.low_port = le32_to_cpu(buf[1]); 3102 c->u.port.high_port = le32_to_cpu(buf[2]); 3103 if (context_read_and_validate 3104 (&c->context[0], p, fp)) 3105 return -1; 3106 break; 3107 case OCON_NODE: 3108 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3109 if (rc < 0) 3110 return -1; 3111 c->u.node.addr = buf[0]; /* network order */ 3112 c->u.node.mask = buf[1]; /* network order */ 3113 if (context_read_and_validate 3114 (&c->context[0], p, fp)) 3115 return -1; 3116 break; 3117 case OCON_FSUSE: 3118 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3119 if (rc < 0) 3120 return -1; 3121 c->v.behavior = le32_to_cpu(buf[0]); 3122 len = le32_to_cpu(buf[1]); 3123 if (zero_or_saturated(len)) 3124 return -1; 3125 c->u.name = malloc(len + 1); 3126 if (!c->u.name) 3127 return -1; 3128 rc = next_entry(c->u.name, fp, len); 3129 if (rc < 0) 3130 return -1; 3131 c->u.name[len] = 0; 3132 if (context_read_and_validate 3133 (&c->context[0], p, fp)) 3134 return -1; 3135 break; 3136 case OCON_NODE6:{ 3137 int k; 3138 3139 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 3140 if (rc < 0) 3141 return -1; 3142 for (k = 0; k < 4; k++) 3143 /* network order */ 3144 c->u.node6.addr[k] = buf[k]; 3145 for (k = 0; k < 4; k++) 3146 /* network order */ 3147 c->u.node6.mask[k] = buf[k + 4]; 3148 if (context_read_and_validate 3149 (&c->context[0], p, fp)) 3150 return -1; 3151 break; 3152 } 3153 default:{ 3154 ERR(fp->handle, "Unknown SELinux ocontext"); 3155 return -1; 3156 } 3157 } 3158 } 3159 } 3160 return 0; 3161} 3162 3163static int ocontext_read(const struct policydb_compat_info *info, 3164 policydb_t *p, struct policy_file *fp) 3165{ 3166 int rc = -1; 3167 switch (p->target_platform) { 3168 case SEPOL_TARGET_SELINUX: 3169 rc = ocontext_read_selinux(info, p, fp); 3170 break; 3171 case SEPOL_TARGET_XEN: 3172 rc = ocontext_read_xen(info, p, fp); 3173 break; 3174 default: 3175 ERR(fp->handle, "Unknown target"); 3176 } 3177 return rc; 3178} 3179 3180static int genfs_read(policydb_t * p, struct policy_file *fp) 3181{ 3182 uint32_t buf[1]; 3183 size_t nel, nel2, len, len2; 3184 genfs_t *genfs_p, *newgenfs, *genfs; 3185 size_t i, j; 3186 ocontext_t *l, *c, *newc = NULL; 3187 int rc; 3188 3189 rc = next_entry(buf, fp, sizeof(uint32_t)); 3190 if (rc < 0) 3191 goto bad; 3192 nel = le32_to_cpu(buf[0]); 3193 genfs_p = NULL; 3194 for (i = 0; i < nel; i++) { 3195 rc = next_entry(buf, fp, sizeof(uint32_t)); 3196 if (rc < 0) 3197 goto bad; 3198 len = le32_to_cpu(buf[0]); 3199 if (zero_or_saturated(len)) 3200 goto bad; 3201 newgenfs = calloc(1, sizeof(genfs_t)); 3202 if (!newgenfs) 3203 goto bad; 3204 newgenfs->fstype = malloc(len + 1); 3205 if (!newgenfs->fstype) { 3206 free(newgenfs); 3207 goto bad; 3208 } 3209 rc = next_entry(newgenfs->fstype, fp, len); 3210 if (rc < 0) { 3211 free(newgenfs->fstype); 3212 free(newgenfs); 3213 goto bad; 3214 } 3215 newgenfs->fstype[len] = 0; 3216 for (genfs_p = NULL, genfs = p->genfs; genfs; 3217 genfs_p = genfs, genfs = genfs->next) { 3218 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 3219 ERR(fp->handle, "dup genfs fstype %s", 3220 newgenfs->fstype); 3221 free(newgenfs->fstype); 3222 free(newgenfs); 3223 goto bad; 3224 } 3225 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 3226 break; 3227 } 3228 newgenfs->next = genfs; 3229 if (genfs_p) 3230 genfs_p->next = newgenfs; 3231 else 3232 p->genfs = newgenfs; 3233 rc = next_entry(buf, fp, sizeof(uint32_t)); 3234 if (rc < 0) 3235 goto bad; 3236 nel2 = le32_to_cpu(buf[0]); 3237 for (j = 0; j < nel2; j++) { 3238 newc = calloc(1, sizeof(ocontext_t)); 3239 if (!newc) { 3240 goto bad; 3241 } 3242 rc = next_entry(buf, fp, sizeof(uint32_t)); 3243 if (rc < 0) 3244 goto bad; 3245 len = le32_to_cpu(buf[0]); 3246 if (zero_or_saturated(len)) 3247 goto bad; 3248 newc->u.name = malloc(len + 1); 3249 if (!newc->u.name) { 3250 goto bad; 3251 } 3252 rc = next_entry(newc->u.name, fp, len); 3253 if (rc < 0) 3254 goto bad; 3255 newc->u.name[len] = 0; 3256 rc = next_entry(buf, fp, sizeof(uint32_t)); 3257 if (rc < 0) 3258 goto bad; 3259 newc->v.sclass = le32_to_cpu(buf[0]); 3260 if (context_read_and_validate(&newc->context[0], p, fp)) 3261 goto bad; 3262 for (l = NULL, c = newgenfs->head; c; 3263 l = c, c = c->next) { 3264 if (!strcmp(newc->u.name, c->u.name) && 3265 (!c->v.sclass || !newc->v.sclass || 3266 newc->v.sclass == c->v.sclass)) { 3267 ERR(fp->handle, "dup genfs entry " 3268 "(%s,%s)", newgenfs->fstype, 3269 c->u.name); 3270 goto bad; 3271 } 3272 len = strlen(newc->u.name); 3273 len2 = strlen(c->u.name); 3274 if (len > len2) 3275 break; 3276 } 3277 newc->next = c; 3278 if (l) 3279 l->next = newc; 3280 else 3281 newgenfs->head = newc; 3282 /* clear newc after a new owner has the pointer */ 3283 newc = NULL; 3284 } 3285 } 3286 3287 return 0; 3288 3289 bad: 3290 if (newc) { 3291 context_destroy(&newc->context[0]); 3292 context_destroy(&newc->context[1]); 3293 free(newc->u.name); 3294 free(newc); 3295 } 3296 return -1; 3297} 3298 3299/* 3300 * Read a MLS level structure from a policydb binary 3301 * representation file. 3302 */ 3303static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 3304{ 3305 uint32_t buf[1]; 3306 int rc; 3307 3308 mls_level_init(lp); 3309 3310 rc = next_entry(buf, fp, sizeof(uint32_t)); 3311 if (rc < 0) { 3312 ERR(fp->handle, "truncated level"); 3313 goto bad; 3314 } 3315 lp->sens = le32_to_cpu(buf[0]); 3316 3317 if (ebitmap_read(&lp->cat, fp)) { 3318 ERR(fp->handle, "error reading level categories"); 3319 goto bad; 3320 } 3321 return 0; 3322 3323 bad: 3324 return -EINVAL; 3325} 3326 3327static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 3328{ 3329 char *key = 0; 3330 user_datum_t *usrdatum; 3331 uint32_t buf[3]; 3332 size_t len; 3333 int rc, to_read = 2; 3334 3335 usrdatum = calloc(1, sizeof(user_datum_t)); 3336 if (!usrdatum) 3337 return -1; 3338 3339 if (policydb_has_boundary_feature(p)) 3340 to_read = 3; 3341 3342 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 3343 if (rc < 0) 3344 goto bad; 3345 3346 len = le32_to_cpu(buf[0]); 3347 if (zero_or_saturated(len)) 3348 goto bad; 3349 3350 usrdatum->s.value = le32_to_cpu(buf[1]); 3351 if (policydb_has_boundary_feature(p)) 3352 usrdatum->bounds = le32_to_cpu(buf[2]); 3353 3354 key = malloc(len + 1); 3355 if (!key) 3356 goto bad; 3357 rc = next_entry(key, fp, len); 3358 if (rc < 0) 3359 goto bad; 3360 key[len] = 0; 3361 3362 if (p->policy_type == POLICY_KERN) { 3363 if (ebitmap_read(&usrdatum->roles.roles, fp)) 3364 goto bad; 3365 } else { 3366 if (role_set_read(&usrdatum->roles, fp)) 3367 goto bad; 3368 } 3369 3370 /* users were not allowed in mls modules before version 3371 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 3372 * required - the mls fields will be empty. user declarations in 3373 * non-mls modules will also have empty mls fields */ 3374 if ((p->policy_type == POLICY_KERN 3375 && p->policyvers >= POLICYDB_VERSION_MLS) 3376 || (p->policy_type == POLICY_MOD 3377 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3378 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 3379 || (p->policy_type == POLICY_BASE 3380 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3381 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 3382 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 3383 goto bad; 3384 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 3385 goto bad; 3386 if (p->policy_type != POLICY_KERN) { 3387 if (mls_range_to_semantic(&usrdatum->exp_range, 3388 &usrdatum->range)) 3389 goto bad; 3390 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 3391 &usrdatum->dfltlevel)) 3392 goto bad; 3393 } 3394 } else if ((p->policy_type == POLICY_MOD 3395 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 3396 || (p->policy_type == POLICY_BASE 3397 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 3398 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 3399 goto bad; 3400 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 3401 goto bad; 3402 } 3403 3404 if (hashtab_insert(h, key, usrdatum)) 3405 goto bad; 3406 3407 return 0; 3408 3409 bad: 3410 user_destroy(key, usrdatum, NULL); 3411 return -1; 3412} 3413 3414static int sens_read(policydb_t * p 3415 __attribute__ ((unused)), hashtab_t h, 3416 struct policy_file *fp) 3417{ 3418 char *key = 0; 3419 level_datum_t *levdatum; 3420 uint32_t buf[2], len; 3421 int rc; 3422 3423 levdatum = malloc(sizeof(level_datum_t)); 3424 if (!levdatum) 3425 return -1; 3426 level_datum_init(levdatum); 3427 3428 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3429 if (rc < 0) 3430 goto bad; 3431 3432 len = le32_to_cpu(buf[0]); 3433 if (zero_or_saturated(len)) 3434 goto bad; 3435 3436 levdatum->isalias = le32_to_cpu(buf[1]); 3437 3438 key = malloc(len + 1); 3439 if (!key) 3440 goto bad; 3441 rc = next_entry(key, fp, len); 3442 if (rc < 0) 3443 goto bad; 3444 key[len] = 0; 3445 3446 levdatum->level = malloc(sizeof(mls_level_t)); 3447 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 3448 goto bad; 3449 3450 if (hashtab_insert(h, key, levdatum)) 3451 goto bad; 3452 3453 return 0; 3454 3455 bad: 3456 sens_destroy(key, levdatum, NULL); 3457 return -1; 3458} 3459 3460static int cat_read(policydb_t * p 3461 __attribute__ ((unused)), hashtab_t h, 3462 struct policy_file *fp) 3463{ 3464 char *key = 0; 3465 cat_datum_t *catdatum; 3466 uint32_t buf[3], len; 3467 int rc; 3468 3469 catdatum = malloc(sizeof(cat_datum_t)); 3470 if (!catdatum) 3471 return -1; 3472 cat_datum_init(catdatum); 3473 3474 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 3475 if (rc < 0) 3476 goto bad; 3477 3478 len = le32_to_cpu(buf[0]); 3479 if(zero_or_saturated(len)) 3480 goto bad; 3481 3482 catdatum->s.value = le32_to_cpu(buf[1]); 3483 catdatum->isalias = le32_to_cpu(buf[2]); 3484 3485 key = malloc(len + 1); 3486 if (!key) 3487 goto bad; 3488 rc = next_entry(key, fp, len); 3489 if (rc < 0) 3490 goto bad; 3491 key[len] = 0; 3492 3493 if (hashtab_insert(h, key, catdatum)) 3494 goto bad; 3495 3496 return 0; 3497 3498 bad: 3499 cat_destroy(key, catdatum, NULL); 3500 return -1; 3501} 3502 3503static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 3504 struct policy_file * fp) = { 3505common_read, class_read, role_read, type_read, user_read, 3506 cond_read_bool, sens_read, cat_read,}; 3507 3508/************** module reading functions below **************/ 3509 3510static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp) 3511{ 3512 unsigned int i; 3513 uint32_t buf[2], len; 3514 class_perm_node_t *cur, *tail = NULL; 3515 avrule_t *avrule; 3516 int rc; 3517 3518 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 3519 if (!avrule) 3520 return NULL; 3521 3522 avrule_init(avrule); 3523 3524 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3525 if (rc < 0) 3526 goto bad; 3527 3528 avrule->specified = le32_to_cpu(buf[0]); 3529 avrule->flags = le32_to_cpu(buf[1]); 3530 3531 if (type_set_read(&avrule->stypes, fp)) 3532 goto bad; 3533 3534 if (type_set_read(&avrule->ttypes, fp)) 3535 goto bad; 3536 3537 rc = next_entry(buf, fp, sizeof(uint32_t)); 3538 if (rc < 0) 3539 goto bad; 3540 len = le32_to_cpu(buf[0]); 3541 3542 for (i = 0; i < len; i++) { 3543 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 3544 if (!cur) 3545 goto bad; 3546 class_perm_node_init(cur); 3547 3548 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3549 if (rc < 0) { 3550 free(cur); 3551 goto bad; 3552 } 3553 3554 cur->tclass = le32_to_cpu(buf[0]); 3555 cur->data = le32_to_cpu(buf[1]); 3556 3557 if (!tail) { 3558 avrule->perms = cur; 3559 } else { 3560 tail->next = cur; 3561 } 3562 tail = cur; 3563 } 3564 3565 if (avrule->specified & AVRULE_XPERMS) { 3566 uint8_t buf8; 3567 size_t nel = ARRAY_SIZE(avrule->xperms->perms); 3568 uint32_t buf32[nel]; 3569 3570 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) { 3571 ERR(fp->handle, 3572 "module policy version %u does not support ioctl" 3573 " extended permissions rules and one was specified", 3574 p->policyvers); 3575 goto bad; 3576 } 3577 3578 if (p->target_platform != SEPOL_TARGET_SELINUX) { 3579 ERR(fp->handle, 3580 "Target platform %s does not support ioctl" 3581 " extended permissions rules and one was specified", 3582 policydb_target_strings[p->target_platform]); 3583 goto bad; 3584 } 3585 3586 avrule->xperms = calloc(1, sizeof(*avrule->xperms)); 3587 if (!avrule->xperms) 3588 goto bad; 3589 3590 rc = next_entry(&buf8, fp, sizeof(uint8_t)); 3591 if (rc < 0) { 3592 ERR(fp->handle, "truncated entry"); 3593 goto bad; 3594 } 3595 avrule->xperms->specified = buf8; 3596 rc = next_entry(&buf8, fp, sizeof(uint8_t)); 3597 if (rc < 0) { 3598 ERR(fp->handle, "truncated entry"); 3599 goto bad; 3600 } 3601 avrule->xperms->driver = buf8; 3602 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel); 3603 if (rc < 0) { 3604 ERR(fp->handle, "truncated entry"); 3605 goto bad; 3606 } 3607 for (i = 0; i < nel; i++) 3608 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]); 3609 } 3610 3611 return avrule; 3612 bad: 3613 if (avrule) { 3614 avrule_destroy(avrule); 3615 free(avrule); 3616 } 3617 return NULL; 3618} 3619 3620static int range_read(policydb_t * p, struct policy_file *fp) 3621{ 3622 uint32_t buf[2], nel; 3623 range_trans_t *rt = NULL; 3624 struct mls_range *r = NULL; 3625 range_trans_rule_t *rtr = NULL, *lrtr = NULL; 3626 unsigned int i; 3627 int new_rangetr = (p->policy_type == POLICY_KERN && 3628 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 3629 int rc; 3630 3631 rc = next_entry(buf, fp, sizeof(uint32_t)); 3632 if (rc < 0) 3633 return -1; 3634 nel = le32_to_cpu(buf[0]); 3635 for (i = 0; i < nel; i++) { 3636 rt = calloc(1, sizeof(range_trans_t)); 3637 if (!rt) 3638 return -1; 3639 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 3640 if (rc < 0) 3641 goto err; 3642 rt->source_type = le32_to_cpu(buf[0]); 3643 if (!value_isvalid(rt->source_type, p->p_types.nprim)) 3644 goto err; 3645 rt->target_type = le32_to_cpu(buf[1]); 3646 if (!value_isvalid(rt->target_type, p->p_types.nprim)) 3647 goto err; 3648 if (new_rangetr) { 3649 rc = next_entry(buf, fp, (sizeof(uint32_t))); 3650 if (rc < 0) 3651 goto err; 3652 rt->target_class = le32_to_cpu(buf[0]); 3653 if (!value_isvalid(rt->target_class, p->p_classes.nprim)) 3654 goto err; 3655 } else 3656 rt->target_class = p->process_class; 3657 r = calloc(1, sizeof(*r)); 3658 if (!r) 3659 goto err; 3660 if (mls_read_range_helper(r, fp)) 3661 goto err; 3662 3663 if (p->policy_type == POLICY_KERN) { 3664 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r); 3665 if (rc) 3666 goto err; 3667 rt = NULL; 3668 r = NULL; 3669 continue; 3670 } 3671 3672 /* Module policy: convert to range_trans_rule and discard. */ 3673 rtr = malloc(sizeof(range_trans_rule_t)); 3674 if (!rtr) 3675 goto err; 3676 range_trans_rule_init(rtr); 3677 3678 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3679 goto err; 3680 3681 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3682 goto err; 3683 3684 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3685 goto err; 3686 3687 if (mls_range_to_semantic(r, &rtr->trange)) 3688 goto err; 3689 3690 if (lrtr) 3691 lrtr->next = rtr; 3692 else 3693 p->global->enabled->range_tr_rules = rtr; 3694 3695 free(rt); 3696 rt = NULL; 3697 free(r); 3698 r = NULL; 3699 lrtr = rtr; 3700 } 3701 3702 return 0; 3703err: 3704 free(rt); 3705 if (r) { 3706 mls_range_destroy(r); 3707 free(r); 3708 } 3709 if (rtr) { 3710 range_trans_rule_destroy(rtr); 3711 free(rtr); 3712 } 3713 return -1; 3714} 3715 3716int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3717 struct policy_file *fp) 3718{ 3719 unsigned int i; 3720 avrule_t *cur, *tail; 3721 uint32_t buf[1], len; 3722 int rc; 3723 3724 *avrules = tail = NULL; 3725 3726 rc = next_entry(buf, fp, sizeof(uint32_t)); 3727 if (rc < 0) { 3728 return -1; 3729 } 3730 len = le32_to_cpu(buf[0]); 3731 3732 for (i = 0; i < len; i++) { 3733 cur = avrule_read(p, fp); 3734 if (!cur) { 3735 return -1; 3736 } 3737 3738 if (!tail) { 3739 *avrules = cur; 3740 } else { 3741 tail->next = cur; 3742 } 3743 tail = cur; 3744 } 3745 3746 return 0; 3747} 3748 3749static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3750 struct policy_file *fp) 3751{ 3752 uint32_t buf[1], nel; 3753 unsigned int i; 3754 role_trans_rule_t *tr, *ltr; 3755 int rc; 3756 3757 rc = next_entry(buf, fp, sizeof(uint32_t)); 3758 if (rc < 0) 3759 return -1; 3760 nel = le32_to_cpu(buf[0]); 3761 ltr = NULL; 3762 for (i = 0; i < nel; i++) { 3763 tr = malloc(sizeof(role_trans_rule_t)); 3764 if (!tr) { 3765 return -1; 3766 } 3767 role_trans_rule_init(tr); 3768 3769 if (ltr) { 3770 ltr->next = tr; 3771 } else { 3772 *r = tr; 3773 } 3774 3775 if (role_set_read(&tr->roles, fp)) 3776 return -1; 3777 3778 if (type_set_read(&tr->types, fp)) 3779 return -1; 3780 3781 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3782 if (ebitmap_read(&tr->classes, fp)) 3783 return -1; 3784 } else { 3785 if (!p->process_class) 3786 return -1; 3787 if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1)) 3788 return -1; 3789 } 3790 3791 rc = next_entry(buf, fp, sizeof(uint32_t)); 3792 if (rc < 0) 3793 return -1; 3794 tr->new_role = le32_to_cpu(buf[0]); 3795 ltr = tr; 3796 } 3797 3798 return 0; 3799} 3800 3801static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3802{ 3803 unsigned int i; 3804 uint32_t buf[1], nel; 3805 role_allow_rule_t *ra, *lra; 3806 int rc; 3807 3808 rc = next_entry(buf, fp, sizeof(uint32_t)); 3809 if (rc < 0) 3810 return -1; 3811 nel = le32_to_cpu(buf[0]); 3812 lra = NULL; 3813 for (i = 0; i < nel; i++) { 3814 ra = malloc(sizeof(role_allow_rule_t)); 3815 if (!ra) { 3816 return -1; 3817 } 3818 role_allow_rule_init(ra); 3819 3820 if (lra) { 3821 lra->next = ra; 3822 } else { 3823 *r = ra; 3824 } 3825 3826 if (role_set_read(&ra->roles, fp)) 3827 return -1; 3828 3829 if (role_set_read(&ra->new_roles, fp)) 3830 return -1; 3831 3832 lra = ra; 3833 } 3834 return 0; 3835} 3836 3837static int filename_trans_rule_read(policydb_t *p, filename_trans_rule_t **r, 3838 struct policy_file *fp) 3839{ 3840 uint32_t buf[3], nel, i, len; 3841 unsigned int entries; 3842 filename_trans_rule_t *ftr, *lftr; 3843 int rc; 3844 3845 rc = next_entry(buf, fp, sizeof(uint32_t)); 3846 if (rc < 0) 3847 return -1; 3848 nel = le32_to_cpu(buf[0]); 3849 lftr = NULL; 3850 for (i = 0; i < nel; i++) { 3851 ftr = malloc(sizeof(*ftr)); 3852 if (!ftr) 3853 return -1; 3854 3855 filename_trans_rule_init(ftr); 3856 3857 if (lftr) 3858 lftr->next = ftr; 3859 else 3860 *r = ftr; 3861 lftr = ftr; 3862 3863 rc = next_entry(buf, fp, sizeof(uint32_t)); 3864 if (rc < 0) 3865 return -1; 3866 3867 len = le32_to_cpu(buf[0]); 3868 if (zero_or_saturated(len)) 3869 return -1; 3870 3871 ftr->name = malloc(len + 1); 3872 if (!ftr->name) 3873 return -1; 3874 3875 rc = next_entry(ftr->name, fp, len); 3876 if (rc) 3877 return -1; 3878 ftr->name[len] = 0; 3879 3880 if (type_set_read(&ftr->stypes, fp)) 3881 return -1; 3882 3883 if (type_set_read(&ftr->ttypes, fp)) 3884 return -1; 3885 3886 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS) 3887 entries = 3; 3888 else 3889 entries = 2; 3890 3891 rc = next_entry(buf, fp, sizeof(uint32_t) * entries); 3892 if (rc < 0) 3893 return -1; 3894 ftr->tclass = le32_to_cpu(buf[0]); 3895 ftr->otype = le32_to_cpu(buf[1]); 3896 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS) 3897 ftr->flags = le32_to_cpu(buf[2]); 3898 } 3899 3900 return 0; 3901} 3902 3903static int range_trans_rule_read(range_trans_rule_t ** r, 3904 struct policy_file *fp) 3905{ 3906 uint32_t buf[1], nel; 3907 unsigned int i; 3908 range_trans_rule_t *rt, *lrt = NULL; 3909 int rc; 3910 3911 rc = next_entry(buf, fp, sizeof(uint32_t)); 3912 if (rc < 0) 3913 return -1; 3914 nel = le32_to_cpu(buf[0]); 3915 for (i = 0; i < nel; i++) { 3916 rt = malloc(sizeof(range_trans_rule_t)); 3917 if (!rt) { 3918 return -1; 3919 } 3920 range_trans_rule_init(rt); 3921 3922 if (lrt) 3923 lrt->next = rt; 3924 else 3925 *r = rt; 3926 3927 if (type_set_read(&rt->stypes, fp)) 3928 return -1; 3929 3930 if (type_set_read(&rt->ttypes, fp)) 3931 return -1; 3932 3933 if (ebitmap_read(&rt->tclasses, fp)) 3934 return -1; 3935 3936 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3937 return -1; 3938 3939 lrt = rt; 3940 } 3941 3942 return 0; 3943} 3944 3945static int scope_index_read(scope_index_t * scope_index, 3946 unsigned int num_scope_syms, struct policy_file *fp) 3947{ 3948 unsigned int i; 3949 uint32_t buf[1]; 3950 int rc; 3951 3952 for (i = 0; i < num_scope_syms; i++) { 3953 if (ebitmap_read(scope_index->scope + i, fp) < 0) { 3954 return -1; 3955 } 3956 } 3957 rc = next_entry(buf, fp, sizeof(uint32_t)); 3958 if (rc < 0) 3959 return -1; 3960 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3961 if (is_saturated(scope_index->class_perms_len)) 3962 return -1; 3963 if (scope_index->class_perms_len == 0) { 3964 scope_index->class_perms_map = NULL; 3965 return 0; 3966 } 3967 if ((scope_index->class_perms_map = 3968 calloc(scope_index->class_perms_len, 3969 sizeof(*scope_index->class_perms_map))) == NULL) { 3970 return -1; 3971 } 3972 for (i = 0; i < scope_index->class_perms_len; i++) { 3973 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) { 3974 return -1; 3975 } 3976 } 3977 return 0; 3978} 3979 3980static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3981 unsigned int num_scope_syms, struct policy_file *fp) 3982{ 3983 uint32_t buf[2], nprim, nel; 3984 unsigned int i, j; 3985 int rc; 3986 3987 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3988 if (rc < 0) 3989 return -1; 3990 decl->decl_id = le32_to_cpu(buf[0]); 3991 decl->enabled = le32_to_cpu(buf[1]); 3992 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3993 avrule_read_list(p, &decl->avrules, fp) == -1 || 3994 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3995 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3996 return -1; 3997 } 3998 3999 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 4000 filename_trans_rule_read(p, &decl->filename_trans_rules, fp)) 4001 return -1; 4002 4003 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 4004 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 4005 return -1; 4006 } 4007 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 4008 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 4009 return -1; 4010 } 4011 4012 for (i = 0; i < num_scope_syms; i++) { 4013 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 4014 if (rc < 0) 4015 return -1; 4016 nprim = le32_to_cpu(buf[0]); 4017 if (is_saturated(nprim)) 4018 return -1; 4019 nel = le32_to_cpu(buf[1]); 4020 for (j = 0; j < nel; j++) { 4021 if (read_f[i] (p, decl->symtab[i].table, fp)) { 4022 return -1; 4023 } 4024 } 4025 decl->symtab[i].nprim = nprim; 4026 } 4027 return 0; 4028} 4029 4030static int avrule_block_read(policydb_t * p, 4031 avrule_block_t ** block, 4032 unsigned int num_scope_syms, 4033 struct policy_file *fp) 4034{ 4035 avrule_block_t *last_block = NULL, *curblock; 4036 uint32_t buf[1], num_blocks, nel; 4037 int rc; 4038 4039 assert(*block == NULL); 4040 4041 rc = next_entry(buf, fp, sizeof(uint32_t)); 4042 if (rc < 0) 4043 return -1; 4044 num_blocks = le32_to_cpu(buf[0]); 4045 nel = num_blocks; 4046 while (num_blocks > 0) { 4047 avrule_decl_t *last_decl = NULL, *curdecl; 4048 uint32_t num_decls; 4049 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 4050 return -1; 4051 } 4052 rc = next_entry(buf, fp, sizeof(uint32_t)); 4053 if (rc < 0) { 4054 free(curblock); 4055 return -1; 4056 } 4057 /* if this is the first block its non-optional, else its optional */ 4058 if (num_blocks != nel) 4059 curblock->flags |= AVRULE_OPTIONAL; 4060 4061 num_decls = le32_to_cpu(buf[0]); 4062 while (num_decls > 0) { 4063 if ((curdecl = avrule_decl_create(0)) == NULL) { 4064 avrule_block_destroy(curblock); 4065 return -1; 4066 } 4067 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 4068 -1) { 4069 avrule_decl_destroy(curdecl); 4070 avrule_block_destroy(curblock); 4071 return -1; 4072 } 4073 if (curdecl->enabled) { 4074 if (curblock->enabled != NULL) { 4075 /* probably a corrupt file */ 4076 avrule_decl_destroy(curdecl); 4077 avrule_block_destroy(curblock); 4078 return -1; 4079 } 4080 curblock->enabled = curdecl; 4081 } 4082 /* one must be careful to reconstruct the 4083 * decl chain in its correct order */ 4084 if (curblock->branch_list == NULL) { 4085 curblock->branch_list = curdecl; 4086 } else { 4087 assert(last_decl); 4088 last_decl->next = curdecl; 4089 } 4090 last_decl = curdecl; 4091 num_decls--; 4092 } 4093 4094 if (*block == NULL) { 4095 *block = curblock; 4096 } else { 4097 assert(last_block); 4098 last_block->next = curblock; 4099 } 4100 last_block = curblock; 4101 4102 num_blocks--; 4103 } 4104 4105 return 0; 4106} 4107 4108static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 4109{ 4110 scope_datum_t *scope = NULL; 4111 uint32_t buf[2]; 4112 char *key = NULL; 4113 size_t key_len; 4114 unsigned int i; 4115 hashtab_t h = p->scope[symnum].table; 4116 int rc; 4117 4118 rc = next_entry(buf, fp, sizeof(uint32_t)); 4119 if (rc < 0) 4120 goto cleanup; 4121 key_len = le32_to_cpu(buf[0]); 4122 if (zero_or_saturated(key_len)) 4123 goto cleanup; 4124 key = malloc(key_len + 1); 4125 if (!key) 4126 goto cleanup; 4127 rc = next_entry(key, fp, key_len); 4128 if (rc < 0) 4129 goto cleanup; 4130 key[key_len] = '\0'; 4131 4132 /* ensure that there already exists a symbol with this key */ 4133 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 4134 goto cleanup; 4135 } 4136 4137 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 4138 goto cleanup; 4139 } 4140 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 4141 if (rc < 0) 4142 goto cleanup; 4143 scope->scope = le32_to_cpu(buf[0]); 4144 scope->decl_ids_len = le32_to_cpu(buf[1]); 4145 if (zero_or_saturated(scope->decl_ids_len)) { 4146 ERR(fp->handle, "invalid scope with no declaration"); 4147 goto cleanup; 4148 } 4149 if ((scope->decl_ids = 4150 calloc(scope->decl_ids_len, sizeof(uint32_t))) == NULL) { 4151 goto cleanup; 4152 } 4153 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 4154 if (rc < 0) 4155 goto cleanup; 4156 for (i = 0; i < scope->decl_ids_len; i++) { 4157 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 4158 } 4159 4160 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 4161 /* object_r was already added to this table in roles_init() */ 4162 scope_destroy(key, scope, NULL); 4163 } else { 4164 if (hashtab_insert(h, key, scope)) { 4165 goto cleanup; 4166 } 4167 } 4168 4169 return 0; 4170 4171 cleanup: 4172 scope_destroy(key, scope, NULL); 4173 return -1; 4174} 4175 4176static sepol_security_class_t policydb_string_to_security_class( 4177 struct policydb *policydb, 4178 const char *class_name) 4179{ 4180 class_datum_t *tclass_datum; 4181 4182 tclass_datum = hashtab_search(policydb->p_classes.table, 4183 class_name); 4184 if (!tclass_datum) 4185 return 0; 4186 return tclass_datum->s.value; 4187} 4188 4189static sepol_access_vector_t policydb_string_to_av_perm( 4190 struct policydb *policydb, 4191 sepol_security_class_t tclass, 4192 const char *perm_name) 4193{ 4194 class_datum_t *tclass_datum; 4195 perm_datum_t *perm_datum; 4196 4197 if (!tclass || tclass > policydb->p_classes.nprim) 4198 return 0; 4199 tclass_datum = policydb->class_val_to_struct[tclass - 1]; 4200 4201 perm_datum = (perm_datum_t *) 4202 hashtab_search(tclass_datum->permissions.table, 4203 perm_name); 4204 if (perm_datum != NULL) 4205 return UINT32_C(1) << (perm_datum->s.value - 1); 4206 4207 if (tclass_datum->comdatum == NULL) 4208 return 0; 4209 4210 perm_datum = (perm_datum_t *) 4211 hashtab_search(tclass_datum->comdatum->permissions.table, 4212 perm_name); 4213 4214 if (perm_datum != NULL) 4215 return UINT32_C(1) << (perm_datum->s.value - 1); 4216 4217 return 0; 4218} 4219 4220 4221/* 4222 * Read the configuration data from a policy database binary 4223 * representation file into a policy database structure. 4224 */ 4225int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 4226{ 4227 4228 unsigned int i, j, r_policyvers; 4229 uint32_t buf[5]; 4230 size_t len, nprim, nel; 4231 char *policydb_str; 4232 const struct policydb_compat_info *info; 4233 unsigned int policy_type, bufindex; 4234 ebitmap_node_t *tnode; 4235 int rc; 4236 4237 /* Read the magic number and string length. */ 4238 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 4239 if (rc < 0) 4240 return POLICYDB_ERROR; 4241 for (i = 0; i < 2; i++) 4242 buf[i] = le32_to_cpu(buf[i]); 4243 4244 if (buf[0] == POLICYDB_MAGIC) { 4245 policy_type = POLICY_KERN; 4246 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 4247 policy_type = POLICY_MOD; 4248 } else { 4249 ERR(fp->handle, "policydb magic number %#08x does not " 4250 "match expected magic number %#08x or %#08x", 4251 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 4252 return POLICYDB_ERROR; 4253 } 4254 4255 len = buf[1]; 4256 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) { 4257 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero"); 4258 return POLICYDB_ERROR; 4259 } 4260 4261 policydb_str = malloc(len + 1); 4262 if (!policydb_str) { 4263 ERR(fp->handle, "unable to allocate memory for policydb " 4264 "string of length %zu", len); 4265 return POLICYDB_ERROR; 4266 } 4267 rc = next_entry(policydb_str, fp, len); 4268 if (rc < 0) { 4269 ERR(fp->handle, "truncated policydb string identifier"); 4270 free(policydb_str); 4271 return POLICYDB_ERROR; 4272 } 4273 policydb_str[len] = 0; 4274 4275 if (policy_type == POLICY_KERN) { 4276 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 4277 if ((strcmp(policydb_str, policydb_target_strings[i]) 4278 == 0)) { 4279 policydb_set_target_platform(p, i); 4280 break; 4281 } 4282 } 4283 4284 if (i == POLICYDB_TARGET_SZ) { 4285 ERR(fp->handle, "cannot find a valid target for policy " 4286 "string %s", policydb_str); 4287 free(policydb_str); 4288 return POLICYDB_ERROR; 4289 } 4290 } else { 4291 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 4292 ERR(fp->handle, "invalid string identifier %s", 4293 policydb_str); 4294 free(policydb_str); 4295 return POLICYDB_ERROR; 4296 } 4297 } 4298 4299 /* Done with policydb_str. */ 4300 free(policydb_str); 4301 policydb_str = NULL; 4302 4303 /* Read the version, config, and table sizes (and policy type if it's a module). */ 4304 if (policy_type == POLICY_KERN) 4305 nel = 4; 4306 else 4307 nel = 5; 4308 4309 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 4310 if (rc < 0) 4311 return POLICYDB_ERROR; 4312 for (i = 0; i < nel; i++) 4313 buf[i] = le32_to_cpu(buf[i]); 4314 4315 bufindex = 0; 4316 4317 if (policy_type == POLICY_MOD) { 4318 /* We know it's a module but not whether it's a base 4319 module or regular binary policy module. buf[0] 4320 tells us which. */ 4321 policy_type = buf[bufindex]; 4322 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 4323 ERR(fp->handle, "unknown module type: %#08x", 4324 policy_type); 4325 return POLICYDB_ERROR; 4326 } 4327 bufindex++; 4328 } 4329 4330 r_policyvers = buf[bufindex]; 4331 if (policy_type == POLICY_KERN) { 4332 if (r_policyvers < POLICYDB_VERSION_MIN || 4333 r_policyvers > POLICYDB_VERSION_MAX) { 4334 ERR(fp->handle, "policydb version %d does not match " 4335 "my version range %d-%d", buf[bufindex], 4336 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 4337 return POLICYDB_ERROR; 4338 } 4339 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 4340 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 4341 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 4342 ERR(fp->handle, "policydb module version %d does " 4343 "not match my version range %d-%d", 4344 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 4345 MOD_POLICYDB_VERSION_MAX); 4346 return POLICYDB_ERROR; 4347 } 4348 } else { 4349 assert(0); 4350 } 4351 bufindex++; 4352 4353 /* Set the policy type and version from the read values. */ 4354 p->policy_type = policy_type; 4355 p->policyvers = r_policyvers; 4356 4357 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 4358 p->mls = 1; 4359 } else { 4360 p->mls = 0; 4361 } 4362 4363 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 4364 4365 bufindex++; 4366 4367 info = policydb_lookup_compat(r_policyvers, policy_type, 4368 p->target_platform); 4369 if (!info) { 4370 ERR(fp->handle, "unable to find policy compat info " 4371 "for version %d", r_policyvers); 4372 goto bad; 4373 } 4374 4375 if (buf[bufindex] != info->sym_num 4376 || buf[bufindex + 1] != info->ocon_num) { 4377 ERR(fp->handle, 4378 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 4379 buf[bufindex], buf[bufindex + 1], info->sym_num, 4380 info->ocon_num); 4381 goto bad; 4382 } 4383 4384 if (p->policy_type == POLICY_MOD) { 4385 /* Get the module name and version */ 4386 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4387 goto bad; 4388 } 4389 len = le32_to_cpu(buf[0]); 4390 if (zero_or_saturated(len)) 4391 goto bad; 4392 if ((p->name = malloc(len + 1)) == NULL) { 4393 goto bad; 4394 } 4395 if ((rc = next_entry(p->name, fp, len)) < 0) { 4396 goto bad; 4397 } 4398 p->name[len] = '\0'; 4399 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4400 goto bad; 4401 } 4402 len = le32_to_cpu(buf[0]); 4403 if (zero_or_saturated(len)) 4404 goto bad; 4405 if ((p->version = malloc(len + 1)) == NULL) { 4406 goto bad; 4407 } 4408 if ((rc = next_entry(p->version, fp, len)) < 0) { 4409 goto bad; 4410 } 4411 p->version[len] = '\0'; 4412 } 4413 4414 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 4415 p->policy_type == POLICY_KERN) || 4416 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 4417 p->policy_type == POLICY_BASE) || 4418 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 4419 p->policy_type == POLICY_MOD)) { 4420 if (ebitmap_read(&p->policycaps, fp)) 4421 goto bad; 4422 } 4423 4424 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 4425 p->policy_type == POLICY_KERN) { 4426 if (ebitmap_read(&p->permissive_map, fp)) 4427 goto bad; 4428 } 4429 4430 for (i = 0; i < info->sym_num; i++) { 4431 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 4432 if (rc < 0) 4433 goto bad; 4434 nprim = le32_to_cpu(buf[0]); 4435 if (is_saturated(nprim)) 4436 goto bad; 4437 nel = le32_to_cpu(buf[1]); 4438 if (nel && !nprim) { 4439 ERR(fp->handle, "unexpected items in symbol table with no symbol"); 4440 goto bad; 4441 } 4442 for (j = 0; j < nel; j++) { 4443 if (read_f[i] (p, p->symtab[i].table, fp)) 4444 goto bad; 4445 } 4446 4447 p->symtab[i].nprim = nprim; 4448 } 4449 4450 switch (p->target_platform) { 4451 case SEPOL_TARGET_SELINUX: 4452 p->process_class = policydb_string_to_security_class(p, "process"); 4453 p->dir_class = policydb_string_to_security_class(p, "dir"); 4454 break; 4455 case SEPOL_TARGET_XEN: 4456 p->process_class = policydb_string_to_security_class(p, "domain"); 4457 break; 4458 default: 4459 break; 4460 } 4461 4462 if (policy_type == POLICY_KERN) { 4463 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 4464 goto bad; 4465 if (r_policyvers >= POLICYDB_VERSION_BOOL) 4466 if (cond_read_list(p, &p->cond_list, fp)) 4467 goto bad; 4468 if (role_trans_read(p, fp)) 4469 goto bad; 4470 if (role_allow_read(&p->role_allow, fp)) 4471 goto bad; 4472 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 4473 filename_trans_read(p, fp)) 4474 goto bad; 4475 } else { 4476 /* first read the AV rule blocks, then the scope tables */ 4477 avrule_block_destroy(p->global); 4478 p->global = NULL; 4479 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 4480 goto bad; 4481 } 4482 if (p->global == NULL) { 4483 ERR(fp->handle, "no avrule block in policy"); 4484 goto bad; 4485 } 4486 for (i = 0; i < info->sym_num; i++) { 4487 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 4488 goto bad; 4489 } 4490 nel = le32_to_cpu(buf[0]); 4491 for (j = 0; j < nel; j++) { 4492 if (scope_read(p, i, fp)) 4493 goto bad; 4494 } 4495 } 4496 4497 } 4498 4499 if (policydb_index_decls(fp->handle, p)) 4500 goto bad; 4501 4502 if (policydb_index_classes(p)) 4503 goto bad; 4504 4505 switch (p->target_platform) { 4506 case SEPOL_TARGET_SELINUX: 4507 /* fall through */ 4508 case SEPOL_TARGET_XEN: 4509 p->process_trans = policydb_string_to_av_perm(p, p->process_class, 4510 "transition"); 4511 p->process_trans_dyntrans = p->process_trans | 4512 policydb_string_to_av_perm(p, p->process_class, 4513 "dyntransition"); 4514 break; 4515 default: 4516 break; 4517 } 4518 4519 if (policydb_index_others(fp->handle, p, verbose)) 4520 goto bad; 4521 4522 if (ocontext_read(info, p, fp) == -1) { 4523 goto bad; 4524 } 4525 4526 if (genfs_read(p, fp) == -1) { 4527 goto bad; 4528 } 4529 4530 if ((p->policy_type == POLICY_KERN 4531 && p->policyvers >= POLICYDB_VERSION_MLS) 4532 || (p->policy_type == POLICY_BASE 4533 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 4534 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 4535 if (range_read(p, fp)) { 4536 goto bad; 4537 } 4538 } 4539 4540 if (policy_type == POLICY_KERN) { 4541 p->type_attr_map = calloc(p->p_types.nprim, sizeof(ebitmap_t)); 4542 p->attr_type_map = calloc(p->p_types.nprim, sizeof(ebitmap_t)); 4543 if (!p->type_attr_map || !p->attr_type_map) 4544 goto bad; 4545 for (i = 0; i < p->p_types.nprim; i++) { 4546 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 4547 if (ebitmap_read(&p->type_attr_map[i], fp)) 4548 goto bad; 4549 ebitmap_for_each_positive_bit(&p->type_attr_map[i], 4550 tnode, j) { 4551 if (i == j) 4552 continue; 4553 4554 if (j >= p->p_types.nprim) 4555 goto bad; 4556 4557 if (ebitmap_set_bit 4558 (&p->attr_type_map[j], i, 1)) 4559 goto bad; 4560 } 4561 } 4562 /* add the type itself as the degenerate case */ 4563 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 4564 goto bad; 4565 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) { 4566 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1)) 4567 goto bad; 4568 } 4569 } 4570 } 4571 4572 if (policydb_validate(fp->handle, p)) 4573 goto bad; 4574 4575 return POLICYDB_SUCCESS; 4576 bad: 4577 return POLICYDB_ERROR; 4578} 4579 4580int policydb_reindex_users(policydb_t * p) 4581{ 4582 unsigned int i = SYM_USERS; 4583 4584 if (p->user_val_to_struct) 4585 free(p->user_val_to_struct); 4586 if (p->sym_val_to_name[i]) 4587 free(p->sym_val_to_name[i]); 4588 4589 p->user_val_to_struct = (user_datum_t **) 4590 calloc(p->p_users.nprim, sizeof(user_datum_t *)); 4591 if (!p->user_val_to_struct) 4592 return -1; 4593 4594 p->sym_val_to_name[i] = (char **) 4595 calloc(p->symtab[i].nprim, sizeof(char *)); 4596 if (!p->sym_val_to_name[i]) 4597 return -1; 4598 4599 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 4600 return -1; 4601 4602 /* Expand user roles for context validity checking */ 4603 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 4604 return -1; 4605 4606 return 0; 4607} 4608 4609void policy_file_init(policy_file_t *pf) 4610{ 4611 memset(pf, 0, sizeof(policy_file_t)); 4612} 4613 4614int policydb_set_target_platform(policydb_t *p, int platform) 4615{ 4616 if (platform == SEPOL_TARGET_SELINUX) 4617 p->target_platform = SEPOL_TARGET_SELINUX; 4618 else if (platform == SEPOL_TARGET_XEN) 4619 p->target_platform = SEPOL_TARGET_XEN; 4620 else 4621 return -1; 4622 4623 return 0; 4624} 4625 4626int policydb_sort_ocontexts(policydb_t *p) 4627{ 4628 return sort_ocontexts(p); 4629} 4630