~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/ss/policydb.c

Version: ~ [ linux-5.11-rc3 ] ~ [ linux-5.10.7 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.89 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.167 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.215 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.251 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.251 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Implementation of the policy database.
  3  *
  4  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
  5  */
  6 
  7 /*
  8  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
  9  *
 10  *      Support for enhanced MLS infrastructure.
 11  *
 12  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 13  *
 14  *      Added conditional policy language extensions
 15  *
 16  * Updated: Hewlett-Packard <paul@paul-moore.com>
 17  *
 18  *      Added support for the policy capability bitmap
 19  *
 20  * Update: Mellanox Techonologies
 21  *
 22  *      Added Infiniband support
 23  *
 24  * Copyright (C) 2016 Mellanox Techonologies
 25  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
 26  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
 27  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 28  *      This program is free software; you can redistribute it and/or modify
 29  *      it under the terms of the GNU General Public License as published by
 30  *      the Free Software Foundation, version 2.
 31  */
 32 
 33 #include <linux/kernel.h>
 34 #include <linux/sched.h>
 35 #include <linux/slab.h>
 36 #include <linux/string.h>
 37 #include <linux/errno.h>
 38 #include <linux/audit.h>
 39 #include <linux/flex_array.h>
 40 #include "security.h"
 41 
 42 #include "policydb.h"
 43 #include "conditional.h"
 44 #include "mls.h"
 45 #include "services.h"
 46 
 47 #define _DEBUG_HASHES
 48 
 49 #ifdef DEBUG_HASHES
 50 static const char *symtab_name[SYM_NUM] = {
 51         "common prefixes",
 52         "classes",
 53         "roles",
 54         "types",
 55         "users",
 56         "bools",
 57         "levels",
 58         "categories",
 59 };
 60 #endif
 61 
 62 static unsigned int symtab_sizes[SYM_NUM] = {
 63         2,
 64         32,
 65         16,
 66         512,
 67         128,
 68         16,
 69         16,
 70         16,
 71 };
 72 
 73 struct policydb_compat_info {
 74         int version;
 75         int sym_num;
 76         int ocon_num;
 77 };
 78 
 79 /* These need to be updated if SYM_NUM or OCON_NUM changes */
 80 static struct policydb_compat_info policydb_compat[] = {
 81         {
 82                 .version        = POLICYDB_VERSION_BASE,
 83                 .sym_num        = SYM_NUM - 3,
 84                 .ocon_num       = OCON_NUM - 3,
 85         },
 86         {
 87                 .version        = POLICYDB_VERSION_BOOL,
 88                 .sym_num        = SYM_NUM - 2,
 89                 .ocon_num       = OCON_NUM - 3,
 90         },
 91         {
 92                 .version        = POLICYDB_VERSION_IPV6,
 93                 .sym_num        = SYM_NUM - 2,
 94                 .ocon_num       = OCON_NUM - 2,
 95         },
 96         {
 97                 .version        = POLICYDB_VERSION_NLCLASS,
 98                 .sym_num        = SYM_NUM - 2,
 99                 .ocon_num       = OCON_NUM - 2,
100         },
101         {
102                 .version        = POLICYDB_VERSION_MLS,
103                 .sym_num        = SYM_NUM,
104                 .ocon_num       = OCON_NUM - 2,
105         },
106         {
107                 .version        = POLICYDB_VERSION_AVTAB,
108                 .sym_num        = SYM_NUM,
109                 .ocon_num       = OCON_NUM - 2,
110         },
111         {
112                 .version        = POLICYDB_VERSION_RANGETRANS,
113                 .sym_num        = SYM_NUM,
114                 .ocon_num       = OCON_NUM - 2,
115         },
116         {
117                 .version        = POLICYDB_VERSION_POLCAP,
118                 .sym_num        = SYM_NUM,
119                 .ocon_num       = OCON_NUM - 2,
120         },
121         {
122                 .version        = POLICYDB_VERSION_PERMISSIVE,
123                 .sym_num        = SYM_NUM,
124                 .ocon_num       = OCON_NUM - 2,
125         },
126         {
127                 .version        = POLICYDB_VERSION_BOUNDARY,
128                 .sym_num        = SYM_NUM,
129                 .ocon_num       = OCON_NUM - 2,
130         },
131         {
132                 .version        = POLICYDB_VERSION_FILENAME_TRANS,
133                 .sym_num        = SYM_NUM,
134                 .ocon_num       = OCON_NUM - 2,
135         },
136         {
137                 .version        = POLICYDB_VERSION_ROLETRANS,
138                 .sym_num        = SYM_NUM,
139                 .ocon_num       = OCON_NUM - 2,
140         },
141         {
142                 .version        = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
143                 .sym_num        = SYM_NUM,
144                 .ocon_num       = OCON_NUM - 2,
145         },
146         {
147                 .version        = POLICYDB_VERSION_DEFAULT_TYPE,
148                 .sym_num        = SYM_NUM,
149                 .ocon_num       = OCON_NUM - 2,
150         },
151         {
152                 .version        = POLICYDB_VERSION_CONSTRAINT_NAMES,
153                 .sym_num        = SYM_NUM,
154                 .ocon_num       = OCON_NUM - 2,
155         },
156         {
157                 .version        = POLICYDB_VERSION_XPERMS_IOCTL,
158                 .sym_num        = SYM_NUM,
159                 .ocon_num       = OCON_NUM - 2,
160         },
161         {
162                 .version        = POLICYDB_VERSION_INFINIBAND,
163                 .sym_num        = SYM_NUM,
164                 .ocon_num       = OCON_NUM,
165         },
166 };
167 
168 static struct policydb_compat_info *policydb_lookup_compat(int version)
169 {
170         int i;
171         struct policydb_compat_info *info = NULL;
172 
173         for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
174                 if (policydb_compat[i].version == version) {
175                         info = &policydb_compat[i];
176                         break;
177                 }
178         }
179         return info;
180 }
181 
182 /*
183  * Initialize the role table.
184  */
185 static int roles_init(struct policydb *p)
186 {
187         char *key = NULL;
188         int rc;
189         struct role_datum *role;
190 
191         role = kzalloc(sizeof(*role), GFP_KERNEL);
192         if (!role)
193                 return -ENOMEM;
194 
195         rc = -EINVAL;
196         role->value = ++p->p_roles.nprim;
197         if (role->value != OBJECT_R_VAL)
198                 goto out;
199 
200         rc = -ENOMEM;
201         key = kstrdup(OBJECT_R, GFP_KERNEL);
202         if (!key)
203                 goto out;
204 
205         rc = hashtab_insert(p->p_roles.table, key, role);
206         if (rc)
207                 goto out;
208 
209         return 0;
210 out:
211         kfree(key);
212         kfree(role);
213         return rc;
214 }
215 
216 static u32 filenametr_hash(struct hashtab *h, const void *k)
217 {
218         const struct filename_trans *ft = k;
219         unsigned long hash;
220         unsigned int byte_num;
221         unsigned char focus;
222 
223         hash = ft->stype ^ ft->ttype ^ ft->tclass;
224 
225         byte_num = 0;
226         while ((focus = ft->name[byte_num++]))
227                 hash = partial_name_hash(focus, hash);
228         return hash & (h->size - 1);
229 }
230 
231 static int filenametr_cmp(struct hashtab *h, const void *k1, const void *k2)
232 {
233         const struct filename_trans *ft1 = k1;
234         const struct filename_trans *ft2 = k2;
235         int v;
236 
237         v = ft1->stype - ft2->stype;
238         if (v)
239                 return v;
240 
241         v = ft1->ttype - ft2->ttype;
242         if (v)
243                 return v;
244 
245         v = ft1->tclass - ft2->tclass;
246         if (v)
247                 return v;
248 
249         return strcmp(ft1->name, ft2->name);
250 
251 }
252 
253 static u32 rangetr_hash(struct hashtab *h, const void *k)
254 {
255         const struct range_trans *key = k;
256         return (key->source_type + (key->target_type << 3) +
257                 (key->target_class << 5)) & (h->size - 1);
258 }
259 
260 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
261 {
262         const struct range_trans *key1 = k1, *key2 = k2;
263         int v;
264 
265         v = key1->source_type - key2->source_type;
266         if (v)
267                 return v;
268 
269         v = key1->target_type - key2->target_type;
270         if (v)
271                 return v;
272 
273         v = key1->target_class - key2->target_class;
274 
275         return v;
276 }
277 
278 /*
279  * Initialize a policy database structure.
280  */
281 static int policydb_init(struct policydb *p)
282 {
283         int i, rc;
284 
285         memset(p, 0, sizeof(*p));
286 
287         for (i = 0; i < SYM_NUM; i++) {
288                 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
289                 if (rc)
290                         goto out;
291         }
292 
293         rc = avtab_init(&p->te_avtab);
294         if (rc)
295                 goto out;
296 
297         rc = roles_init(p);
298         if (rc)
299                 goto out;
300 
301         rc = cond_policydb_init(p);
302         if (rc)
303                 goto out;
304 
305         p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
306         if (!p->filename_trans) {
307                 rc = -ENOMEM;
308                 goto out;
309         }
310 
311         p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
312         if (!p->range_tr) {
313                 rc = -ENOMEM;
314                 goto out;
315         }
316 
317         ebitmap_init(&p->filename_trans_ttypes);
318         ebitmap_init(&p->policycaps);
319         ebitmap_init(&p->permissive_map);
320 
321         return 0;
322 out:
323         hashtab_destroy(p->filename_trans);
324         hashtab_destroy(p->range_tr);
325         for (i = 0; i < SYM_NUM; i++)
326                 hashtab_destroy(p->symtab[i].table);
327         return rc;
328 }
329 
330 /*
331  * The following *_index functions are used to
332  * define the val_to_name and val_to_struct arrays
333  * in a policy database structure.  The val_to_name
334  * arrays are used when converting security context
335  * structures into string representations.  The
336  * val_to_struct arrays are used when the attributes
337  * of a class, role, or user are needed.
338  */
339 
340 static int common_index(void *key, void *datum, void *datap)
341 {
342         struct policydb *p;
343         struct common_datum *comdatum;
344         struct flex_array *fa;
345 
346         comdatum = datum;
347         p = datap;
348         if (!comdatum->value || comdatum->value > p->p_commons.nprim)
349                 return -EINVAL;
350 
351         fa = p->sym_val_to_name[SYM_COMMONS];
352         if (flex_array_put_ptr(fa, comdatum->value - 1, key,
353                                GFP_KERNEL | __GFP_ZERO))
354                 BUG();
355         return 0;
356 }
357 
358 static int class_index(void *key, void *datum, void *datap)
359 {
360         struct policydb *p;
361         struct class_datum *cladatum;
362         struct flex_array *fa;
363 
364         cladatum = datum;
365         p = datap;
366         if (!cladatum->value || cladatum->value > p->p_classes.nprim)
367                 return -EINVAL;
368         fa = p->sym_val_to_name[SYM_CLASSES];
369         if (flex_array_put_ptr(fa, cladatum->value - 1, key,
370                                GFP_KERNEL | __GFP_ZERO))
371                 BUG();
372         p->class_val_to_struct[cladatum->value - 1] = cladatum;
373         return 0;
374 }
375 
376 static int role_index(void *key, void *datum, void *datap)
377 {
378         struct policydb *p;
379         struct role_datum *role;
380         struct flex_array *fa;
381 
382         role = datum;
383         p = datap;
384         if (!role->value
385             || role->value > p->p_roles.nprim
386             || role->bounds > p->p_roles.nprim)
387                 return -EINVAL;
388 
389         fa = p->sym_val_to_name[SYM_ROLES];
390         if (flex_array_put_ptr(fa, role->value - 1, key,
391                                GFP_KERNEL | __GFP_ZERO))
392                 BUG();
393         p->role_val_to_struct[role->value - 1] = role;
394         return 0;
395 }
396 
397 static int type_index(void *key, void *datum, void *datap)
398 {
399         struct policydb *p;
400         struct type_datum *typdatum;
401         struct flex_array *fa;
402 
403         typdatum = datum;
404         p = datap;
405 
406         if (typdatum->primary) {
407                 if (!typdatum->value
408                     || typdatum->value > p->p_types.nprim
409                     || typdatum->bounds > p->p_types.nprim)
410                         return -EINVAL;
411                 fa = p->sym_val_to_name[SYM_TYPES];
412                 if (flex_array_put_ptr(fa, typdatum->value - 1, key,
413                                        GFP_KERNEL | __GFP_ZERO))
414                         BUG();
415 
416                 fa = p->type_val_to_struct_array;
417                 if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,
418                                        GFP_KERNEL | __GFP_ZERO))
419                         BUG();
420         }
421 
422         return 0;
423 }
424 
425 static int user_index(void *key, void *datum, void *datap)
426 {
427         struct policydb *p;
428         struct user_datum *usrdatum;
429         struct flex_array *fa;
430 
431         usrdatum = datum;
432         p = datap;
433         if (!usrdatum->value
434             || usrdatum->value > p->p_users.nprim
435             || usrdatum->bounds > p->p_users.nprim)
436                 return -EINVAL;
437 
438         fa = p->sym_val_to_name[SYM_USERS];
439         if (flex_array_put_ptr(fa, usrdatum->value - 1, key,
440                                GFP_KERNEL | __GFP_ZERO))
441                 BUG();
442         p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
443         return 0;
444 }
445 
446 static int sens_index(void *key, void *datum, void *datap)
447 {
448         struct policydb *p;
449         struct level_datum *levdatum;
450         struct flex_array *fa;
451 
452         levdatum = datum;
453         p = datap;
454 
455         if (!levdatum->isalias) {
456                 if (!levdatum->level->sens ||
457                     levdatum->level->sens > p->p_levels.nprim)
458                         return -EINVAL;
459                 fa = p->sym_val_to_name[SYM_LEVELS];
460                 if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,
461                                        GFP_KERNEL | __GFP_ZERO))
462                         BUG();
463         }
464 
465         return 0;
466 }
467 
468 static int cat_index(void *key, void *datum, void *datap)
469 {
470         struct policydb *p;
471         struct cat_datum *catdatum;
472         struct flex_array *fa;
473 
474         catdatum = datum;
475         p = datap;
476 
477         if (!catdatum->isalias) {
478                 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
479                         return -EINVAL;
480                 fa = p->sym_val_to_name[SYM_CATS];
481                 if (flex_array_put_ptr(fa, catdatum->value - 1, key,
482                                        GFP_KERNEL | __GFP_ZERO))
483                         BUG();
484         }
485 
486         return 0;
487 }
488 
489 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
490 {
491         common_index,
492         class_index,
493         role_index,
494         type_index,
495         user_index,
496         cond_index_bool,
497         sens_index,
498         cat_index,
499 };
500 
501 #ifdef DEBUG_HASHES
502 static void hash_eval(struct hashtab *h, const char *hash_name)
503 {
504         struct hashtab_info info;
505 
506         hashtab_stat(h, &info);
507         printk(KERN_DEBUG "SELinux: %s:  %d entries and %d/%d buckets used, "
508                "longest chain length %d\n", hash_name, h->nel,
509                info.slots_used, h->size, info.max_chain_len);
510 }
511 
512 static void symtab_hash_eval(struct symtab *s)
513 {
514         int i;
515 
516         for (i = 0; i < SYM_NUM; i++)
517                 hash_eval(s[i].table, symtab_name[i]);
518 }
519 
520 #else
521 static inline void hash_eval(struct hashtab *h, char *hash_name)
522 {
523 }
524 #endif
525 
526 /*
527  * Define the other val_to_name and val_to_struct arrays
528  * in a policy database structure.
529  *
530  * Caller must clean up on failure.
531  */
532 static int policydb_index(struct policydb *p)
533 {
534         int i, rc;
535 
536         printk(KERN_DEBUG "SELinux:  %d users, %d roles, %d types, %d bools",
537                p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
538         if (p->mls_enabled)
539                 printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim,
540                        p->p_cats.nprim);
541         printk(KERN_CONT "\n");
542 
543         printk(KERN_DEBUG "SELinux:  %d classes, %d rules\n",
544                p->p_classes.nprim, p->te_avtab.nel);
545 
546 #ifdef DEBUG_HASHES
547         avtab_hash_eval(&p->te_avtab, "rules");
548         symtab_hash_eval(p->symtab);
549 #endif
550 
551         p->class_val_to_struct = kcalloc(p->p_classes.nprim,
552                                          sizeof(*p->class_val_to_struct),
553                                          GFP_KERNEL);
554         if (!p->class_val_to_struct)
555                 return -ENOMEM;
556 
557         p->role_val_to_struct = kcalloc(p->p_roles.nprim,
558                                         sizeof(*p->role_val_to_struct),
559                                         GFP_KERNEL);
560         if (!p->role_val_to_struct)
561                 return -ENOMEM;
562 
563         p->user_val_to_struct = kcalloc(p->p_users.nprim,
564                                         sizeof(*p->user_val_to_struct),
565                                         GFP_KERNEL);
566         if (!p->user_val_to_struct)
567                 return -ENOMEM;
568 
569         /* Yes, I want the sizeof the pointer, not the structure */
570         p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *),
571                                                        p->p_types.nprim,
572                                                        GFP_KERNEL | __GFP_ZERO);
573         if (!p->type_val_to_struct_array)
574                 return -ENOMEM;
575 
576         rc = flex_array_prealloc(p->type_val_to_struct_array, 0,
577                                  p->p_types.nprim, GFP_KERNEL | __GFP_ZERO);
578         if (rc)
579                 goto out;
580 
581         rc = cond_init_bool_indexes(p);
582         if (rc)
583                 goto out;
584 
585         for (i = 0; i < SYM_NUM; i++) {
586                 p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),
587                                                          p->symtab[i].nprim,
588                                                          GFP_KERNEL | __GFP_ZERO);
589                 if (!p->sym_val_to_name[i])
590                         return -ENOMEM;
591 
592                 rc = flex_array_prealloc(p->sym_val_to_name[i],
593                                          0, p->symtab[i].nprim,
594                                          GFP_KERNEL | __GFP_ZERO);
595                 if (rc)
596                         goto out;
597 
598                 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
599                 if (rc)
600                         goto out;
601         }
602         rc = 0;
603 out:
604         return rc;
605 }
606 
607 /*
608  * The following *_destroy functions are used to
609  * free any memory allocated for each kind of
610  * symbol data in the policy database.
611  */
612 
613 static int perm_destroy(void *key, void *datum, void *p)
614 {
615         kfree(key);
616         kfree(datum);
617         return 0;
618 }
619 
620 static int common_destroy(void *key, void *datum, void *p)
621 {
622         struct common_datum *comdatum;
623 
624         kfree(key);
625         if (datum) {
626                 comdatum = datum;
627                 hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
628                 hashtab_destroy(comdatum->permissions.table);
629         }
630         kfree(datum);
631         return 0;
632 }
633 
634 static void constraint_expr_destroy(struct constraint_expr *expr)
635 {
636         if (expr) {
637                 ebitmap_destroy(&expr->names);
638                 if (expr->type_names) {
639                         ebitmap_destroy(&expr->type_names->types);
640                         ebitmap_destroy(&expr->type_names->negset);
641                         kfree(expr->type_names);
642                 }
643                 kfree(expr);
644         }
645 }
646 
647 static int cls_destroy(void *key, void *datum, void *p)
648 {
649         struct class_datum *cladatum;
650         struct constraint_node *constraint, *ctemp;
651         struct constraint_expr *e, *etmp;
652 
653         kfree(key);
654         if (datum) {
655                 cladatum = datum;
656                 hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
657                 hashtab_destroy(cladatum->permissions.table);
658                 constraint = cladatum->constraints;
659                 while (constraint) {
660                         e = constraint->expr;
661                         while (e) {
662                                 etmp = e;
663                                 e = e->next;
664                                 constraint_expr_destroy(etmp);
665                         }
666                         ctemp = constraint;
667                         constraint = constraint->next;
668                         kfree(ctemp);
669                 }
670 
671                 constraint = cladatum->validatetrans;
672                 while (constraint) {
673                         e = constraint->expr;
674                         while (e) {
675                                 etmp = e;
676                                 e = e->next;
677                                 constraint_expr_destroy(etmp);
678                         }
679                         ctemp = constraint;
680                         constraint = constraint->next;
681                         kfree(ctemp);
682                 }
683                 kfree(cladatum->comkey);
684         }
685         kfree(datum);
686         return 0;
687 }
688 
689 static int role_destroy(void *key, void *datum, void *p)
690 {
691         struct role_datum *role;
692 
693         kfree(key);
694         if (datum) {
695                 role = datum;
696                 ebitmap_destroy(&role->dominates);
697                 ebitmap_destroy(&role->types);
698         }
699         kfree(datum);
700         return 0;
701 }
702 
703 static int type_destroy(void *key, void *datum, void *p)
704 {
705         kfree(key);
706         kfree(datum);
707         return 0;
708 }
709 
710 static int user_destroy(void *key, void *datum, void *p)
711 {
712         struct user_datum *usrdatum;
713 
714         kfree(key);
715         if (datum) {
716                 usrdatum = datum;
717                 ebitmap_destroy(&usrdatum->roles);
718                 ebitmap_destroy(&usrdatum->range.level[0].cat);
719                 ebitmap_destroy(&usrdatum->range.level[1].cat);
720                 ebitmap_destroy(&usrdatum->dfltlevel.cat);
721         }
722         kfree(datum);
723         return 0;
724 }
725 
726 static int sens_destroy(void *key, void *datum, void *p)
727 {
728         struct level_datum *levdatum;
729 
730         kfree(key);
731         if (datum) {
732                 levdatum = datum;
733                 ebitmap_destroy(&levdatum->level->cat);
734                 kfree(levdatum->level);
735         }
736         kfree(datum);
737         return 0;
738 }
739 
740 static int cat_destroy(void *key, void *datum, void *p)
741 {
742         kfree(key);
743         kfree(datum);
744         return 0;
745 }
746 
747 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
748 {
749         common_destroy,
750         cls_destroy,
751         role_destroy,
752         type_destroy,
753         user_destroy,
754         cond_destroy_bool,
755         sens_destroy,
756         cat_destroy,
757 };
758 
759 static int filenametr_destroy(void *key, void *datum, void *p)
760 {
761         struct filename_trans *ft = key;
762         kfree(ft->name);
763         kfree(key);
764         kfree(datum);
765         cond_resched();
766         return 0;
767 }
768 
769 static int range_tr_destroy(void *key, void *datum, void *p)
770 {
771         struct mls_range *rt = datum;
772         kfree(key);
773         ebitmap_destroy(&rt->level[0].cat);
774         ebitmap_destroy(&rt->level[1].cat);
775         kfree(datum);
776         cond_resched();
777         return 0;
778 }
779 
780 static void ocontext_destroy(struct ocontext *c, int i)
781 {
782         if (!c)
783                 return;
784 
785         context_destroy(&c->context[0]);
786         context_destroy(&c->context[1]);
787         if (i == OCON_ISID || i == OCON_FS ||
788             i == OCON_NETIF || i == OCON_FSUSE)
789                 kfree(c->u.name);
790         kfree(c);
791 }
792 
793 /*
794  * Free any memory allocated by a policy database structure.
795  */
796 void policydb_destroy(struct policydb *p)
797 {
798         struct ocontext *c, *ctmp;
799         struct genfs *g, *gtmp;
800         int i;
801         struct role_allow *ra, *lra = NULL;
802         struct role_trans *tr, *ltr = NULL;
803 
804         for (i = 0; i < SYM_NUM; i++) {
805                 cond_resched();
806                 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
807                 hashtab_destroy(p->symtab[i].table);
808         }
809 
810         for (i = 0; i < SYM_NUM; i++) {
811                 if (p->sym_val_to_name[i])
812                         flex_array_free(p->sym_val_to_name[i]);
813         }
814 
815         kfree(p->class_val_to_struct);
816         kfree(p->role_val_to_struct);
817         kfree(p->user_val_to_struct);
818         if (p->type_val_to_struct_array)
819                 flex_array_free(p->type_val_to_struct_array);
820 
821         avtab_destroy(&p->te_avtab);
822 
823         for (i = 0; i < OCON_NUM; i++) {
824                 cond_resched();
825                 c = p->ocontexts[i];
826                 while (c) {
827                         ctmp = c;
828                         c = c->next;
829                         ocontext_destroy(ctmp, i);
830                 }
831                 p->ocontexts[i] = NULL;
832         }
833 
834         g = p->genfs;
835         while (g) {
836                 cond_resched();
837                 kfree(g->fstype);
838                 c = g->head;
839                 while (c) {
840                         ctmp = c;
841                         c = c->next;
842                         ocontext_destroy(ctmp, OCON_FSUSE);
843                 }
844                 gtmp = g;
845                 g = g->next;
846                 kfree(gtmp);
847         }
848         p->genfs = NULL;
849 
850         cond_policydb_destroy(p);
851 
852         for (tr = p->role_tr; tr; tr = tr->next) {
853                 cond_resched();
854                 kfree(ltr);
855                 ltr = tr;
856         }
857         kfree(ltr);
858 
859         for (ra = p->role_allow; ra; ra = ra->next) {
860                 cond_resched();
861                 kfree(lra);
862                 lra = ra;
863         }
864         kfree(lra);
865 
866         hashtab_map(p->filename_trans, filenametr_destroy, NULL);
867         hashtab_destroy(p->filename_trans);
868 
869         hashtab_map(p->range_tr, range_tr_destroy, NULL);
870         hashtab_destroy(p->range_tr);
871 
872         if (p->type_attr_map_array) {
873                 for (i = 0; i < p->p_types.nprim; i++) {
874                         struct ebitmap *e;
875 
876                         e = flex_array_get(p->type_attr_map_array, i);
877                         if (!e)
878                                 continue;
879                         ebitmap_destroy(e);
880                 }
881                 flex_array_free(p->type_attr_map_array);
882         }
883 
884         ebitmap_destroy(&p->filename_trans_ttypes);
885         ebitmap_destroy(&p->policycaps);
886         ebitmap_destroy(&p->permissive_map);
887 }
888 
889 /*
890  * Load the initial SIDs specified in a policy database
891  * structure into a SID table.
892  */
893 int policydb_load_isids(struct policydb *p, struct sidtab *s)
894 {
895         struct ocontext *head, *c;
896         int rc;
897 
898         rc = sidtab_init(s);
899         if (rc) {
900                 printk(KERN_ERR "SELinux:  out of memory on SID table init\n");
901                 goto out;
902         }
903 
904         head = p->ocontexts[OCON_ISID];
905         for (c = head; c; c = c->next) {
906                 rc = -EINVAL;
907                 if (!c->context[0].user) {
908                         printk(KERN_ERR "SELinux:  SID %s was never defined.\n",
909                                 c->u.name);
910                         goto out;
911                 }
912 
913                 rc = sidtab_insert(s, c->sid[0], &c->context[0]);
914                 if (rc) {
915                         printk(KERN_ERR "SELinux:  unable to load initial SID %s.\n",
916                                 c->u.name);
917                         goto out;
918                 }
919         }
920         rc = 0;
921 out:
922         return rc;
923 }
924 
925 int policydb_class_isvalid(struct policydb *p, unsigned int class)
926 {
927         if (!class || class > p->p_classes.nprim)
928                 return 0;
929         return 1;
930 }
931 
932 int policydb_role_isvalid(struct policydb *p, unsigned int role)
933 {
934         if (!role || role > p->p_roles.nprim)
935                 return 0;
936         return 1;
937 }
938 
939 int policydb_type_isvalid(struct policydb *p, unsigned int type)
940 {
941         if (!type || type > p->p_types.nprim)
942                 return 0;
943         return 1;
944 }
945 
946 /*
947  * Return 1 if the fields in the security context
948  * structure `c' are valid.  Return 0 otherwise.
949  */
950 int policydb_context_isvalid(struct policydb *p, struct context *c)
951 {
952         struct role_datum *role;
953         struct user_datum *usrdatum;
954 
955         if (!c->role || c->role > p->p_roles.nprim)
956                 return 0;
957 
958         if (!c->user || c->user > p->p_users.nprim)
959                 return 0;
960 
961         if (!c->type || c->type > p->p_types.nprim)
962                 return 0;
963 
964         if (c->role != OBJECT_R_VAL) {
965                 /*
966                  * Role must be authorized for the type.
967                  */
968                 role = p->role_val_to_struct[c->role - 1];
969                 if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
970                         /* role may not be associated with type */
971                         return 0;
972 
973                 /*
974                  * User must be authorized for the role.
975                  */
976                 usrdatum = p->user_val_to_struct[c->user - 1];
977                 if (!usrdatum)
978                         return 0;
979 
980                 if (!ebitmap_get_bit(&usrdatum->roles, c->role - 1))
981                         /* user may not be associated with role */
982                         return 0;
983         }
984 
985         if (!mls_context_isvalid(p, c))
986                 return 0;
987 
988         return 1;
989 }
990 
991 /*
992  * Read a MLS range structure from a policydb binary
993  * representation file.
994  */
995 static int mls_read_range_helper(struct mls_range *r, void *fp)
996 {
997         __le32 buf[2];
998         u32 items;
999         int rc;
1000 
1001         rc = next_entry(buf, fp, sizeof(u32));
1002         if (rc)
1003                 goto out;
1004 
1005         rc = -EINVAL;
1006         items = le32_to_cpu(buf[0]);
1007         if (items > ARRAY_SIZE(buf)) {
1008                 printk(KERN_ERR "SELinux: mls:  range overflow\n");
1009                 goto out;
1010         }
1011 
1012         rc = next_entry(buf, fp, sizeof(u32) * items);
1013         if (rc) {
1014                 printk(KERN_ERR "SELinux: mls:  truncated range\n");
1015                 goto out;
1016         }
1017 
1018         r->level[0].sens = le32_to_cpu(buf[0]);
1019         if (items > 1)
1020                 r->level[1].sens = le32_to_cpu(buf[1]);
1021         else
1022                 r->level[1].sens = r->level[0].sens;
1023 
1024         rc = ebitmap_read(&r->level[0].cat, fp);
1025         if (rc) {
1026                 printk(KERN_ERR "SELinux: mls:  error reading low categories\n");
1027                 goto out;
1028         }
1029         if (items > 1) {
1030                 rc = ebitmap_read(&r->level[1].cat, fp);
1031                 if (rc) {
1032                         printk(KERN_ERR "SELinux: mls:  error reading high categories\n");
1033                         goto bad_high;
1034                 }
1035         } else {
1036                 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1037                 if (rc) {
1038                         printk(KERN_ERR "SELinux: mls:  out of memory\n");
1039                         goto bad_high;
1040                 }
1041         }
1042 
1043         return 0;
1044 bad_high:
1045         ebitmap_destroy(&r->level[0].cat);
1046 out:
1047         return rc;
1048 }
1049 
1050 /*
1051  * Read and validate a security context structure
1052  * from a policydb binary representation file.
1053  */
1054 static int context_read_and_validate(struct context *c,
1055                                      struct policydb *p,
1056                                      void *fp)
1057 {
1058         __le32 buf[3];
1059         int rc;
1060 
1061         rc = next_entry(buf, fp, sizeof buf);
1062         if (rc) {
1063                 printk(KERN_ERR "SELinux: context truncated\n");
1064                 goto out;
1065         }
1066         c->user = le32_to_cpu(buf[0]);
1067         c->role = le32_to_cpu(buf[1]);
1068         c->type = le32_to_cpu(buf[2]);
1069         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1070                 rc = mls_read_range_helper(&c->range, fp);
1071                 if (rc) {
1072                         printk(KERN_ERR "SELinux: error reading MLS range of context\n");
1073                         goto out;
1074                 }
1075         }
1076 
1077         rc = -EINVAL;
1078         if (!policydb_context_isvalid(p, c)) {
1079                 printk(KERN_ERR "SELinux:  invalid security context\n");
1080                 context_destroy(c);
1081                 goto out;
1082         }
1083         rc = 0;
1084 out:
1085         return rc;
1086 }
1087 
1088 /*
1089  * The following *_read functions are used to
1090  * read the symbol data from a policy database
1091  * binary representation file.
1092  */
1093 
1094 static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
1095 {
1096         int rc;
1097         char *str;
1098 
1099         if ((len == 0) || (len == (u32)-1))
1100                 return -EINVAL;
1101 
1102         str = kmalloc(len + 1, flags);
1103         if (!str)
1104                 return -ENOMEM;
1105 
1106         /* it's expected the caller should free the str */
1107         *strp = str;
1108 
1109         rc = next_entry(str, fp, len);
1110         if (rc)
1111                 return rc;
1112 
1113         str[len] = '\0';
1114         return 0;
1115 }
1116 
1117 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
1118 {
1119         char *key = NULL;
1120         struct perm_datum *perdatum;
1121         int rc;
1122         __le32 buf[2];
1123         u32 len;
1124 
1125         perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
1126         if (!perdatum)
1127                 return -ENOMEM;
1128 
1129         rc = next_entry(buf, fp, sizeof buf);
1130         if (rc)
1131                 goto bad;
1132 
1133         len = le32_to_cpu(buf[0]);
1134         perdatum->value = le32_to_cpu(buf[1]);
1135 
1136         rc = str_read(&key, GFP_KERNEL, fp, len);
1137         if (rc)
1138                 goto bad;
1139 
1140         rc = hashtab_insert(h, key, perdatum);
1141         if (rc)
1142                 goto bad;
1143 
1144         return 0;
1145 bad:
1146         perm_destroy(key, perdatum, NULL);
1147         return rc;
1148 }
1149 
1150 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
1151 {
1152         char *key = NULL;
1153         struct common_datum *comdatum;
1154         __le32 buf[4];
1155         u32 len, nel;
1156         int i, rc;
1157 
1158         comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
1159         if (!comdatum)
1160                 return -ENOMEM;
1161 
1162         rc = next_entry(buf, fp, sizeof buf);
1163         if (rc)
1164                 goto bad;
1165 
1166         len = le32_to_cpu(buf[0]);
1167         comdatum->value = le32_to_cpu(buf[1]);
1168 
1169         rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
1170         if (rc)
1171                 goto bad;
1172         comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1173         nel = le32_to_cpu(buf[3]);
1174 
1175         rc = str_read(&key, GFP_KERNEL, fp, len);
1176         if (rc)
1177                 goto bad;
1178 
1179         for (i = 0; i < nel; i++) {
1180                 rc = perm_read(p, comdatum->permissions.table, fp);
1181                 if (rc)
1182                         goto bad;
1183         }
1184 
1185         rc = hashtab_insert(h, key, comdatum);
1186         if (rc)
1187                 goto bad;
1188         return 0;
1189 bad:
1190         common_destroy(key, comdatum, NULL);
1191         return rc;
1192 }
1193 
1194 static void type_set_init(struct type_set *t)
1195 {
1196         ebitmap_init(&t->types);
1197         ebitmap_init(&t->negset);
1198 }
1199 
1200 static int type_set_read(struct type_set *t, void *fp)
1201 {
1202         __le32 buf[1];
1203         int rc;
1204 
1205         if (ebitmap_read(&t->types, fp))
1206                 return -EINVAL;
1207         if (ebitmap_read(&t->negset, fp))
1208                 return -EINVAL;
1209 
1210         rc = next_entry(buf, fp, sizeof(u32));
1211         if (rc < 0)
1212                 return -EINVAL;
1213         t->flags = le32_to_cpu(buf[0]);
1214 
1215         return 0;
1216 }
1217 
1218 
1219 static int read_cons_helper(struct policydb *p,
1220                                 struct constraint_node **nodep,
1221                                 int ncons, int allowxtarget, void *fp)
1222 {
1223         struct constraint_node *c, *lc;
1224         struct constraint_expr *e, *le;
1225         __le32 buf[3];
1226         u32 nexpr;
1227         int rc, i, j, depth;
1228 
1229         lc = NULL;
1230         for (i = 0; i < ncons; i++) {
1231                 c = kzalloc(sizeof(*c), GFP_KERNEL);
1232                 if (!c)
1233                         return -ENOMEM;
1234 
1235                 if (lc)
1236                         lc->next = c;
1237                 else
1238                         *nodep = c;
1239 
1240                 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1241                 if (rc)
1242                         return rc;
1243                 c->permissions = le32_to_cpu(buf[0]);
1244                 nexpr = le32_to_cpu(buf[1]);
1245                 le = NULL;
1246                 depth = -1;
1247                 for (j = 0; j < nexpr; j++) {
1248                         e = kzalloc(sizeof(*e), GFP_KERNEL);
1249                         if (!e)
1250                                 return -ENOMEM;
1251 
1252                         if (le)
1253                                 le->next = e;
1254                         else
1255                                 c->expr = e;
1256 
1257                         rc = next_entry(buf, fp, (sizeof(u32) * 3));
1258                         if (rc)
1259                                 return rc;
1260                         e->expr_type = le32_to_cpu(buf[0]);
1261                         e->attr = le32_to_cpu(buf[1]);
1262                         e->op = le32_to_cpu(buf[2]);
1263 
1264                         switch (e->expr_type) {
1265                         case CEXPR_NOT:
1266                                 if (depth < 0)
1267                                         return -EINVAL;
1268                                 break;
1269                         case CEXPR_AND:
1270                         case CEXPR_OR:
1271                                 if (depth < 1)
1272                                         return -EINVAL;
1273                                 depth--;
1274                                 break;
1275                         case CEXPR_ATTR:
1276                                 if (depth == (CEXPR_MAXDEPTH - 1))
1277                                         return -EINVAL;
1278                                 depth++;
1279                                 break;
1280                         case CEXPR_NAMES:
1281                                 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1282                                         return -EINVAL;
1283                                 if (depth == (CEXPR_MAXDEPTH - 1))
1284                                         return -EINVAL;
1285                                 depth++;
1286                                 rc = ebitmap_read(&e->names, fp);
1287                                 if (rc)
1288                                         return rc;
1289                                 if (p->policyvers >=
1290                                         POLICYDB_VERSION_CONSTRAINT_NAMES) {
1291                                                 e->type_names = kzalloc(sizeof
1292                                                 (*e->type_names),
1293                                                 GFP_KERNEL);
1294                                         if (!e->type_names)
1295                                                 return -ENOMEM;
1296                                         type_set_init(e->type_names);
1297                                         rc = type_set_read(e->type_names, fp);
1298                                         if (rc)
1299                                                 return rc;
1300                                 }
1301                                 break;
1302                         default:
1303                                 return -EINVAL;
1304                         }
1305                         le = e;
1306                 }
1307                 if (depth != 0)
1308                         return -EINVAL;
1309                 lc = c;
1310         }
1311 
1312         return 0;
1313 }
1314 
1315 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1316 {
1317         char *key = NULL;
1318         struct class_datum *cladatum;
1319         __le32 buf[6];
1320         u32 len, len2, ncons, nel;
1321         int i, rc;
1322 
1323         cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1324         if (!cladatum)
1325                 return -ENOMEM;
1326 
1327         rc = next_entry(buf, fp, sizeof(u32)*6);
1328         if (rc)
1329                 goto bad;
1330 
1331         len = le32_to_cpu(buf[0]);
1332         len2 = le32_to_cpu(buf[1]);
1333         cladatum->value = le32_to_cpu(buf[2]);
1334 
1335         rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1336         if (rc)
1337                 goto bad;
1338         cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1339         nel = le32_to_cpu(buf[4]);
1340 
1341         ncons = le32_to_cpu(buf[5]);
1342 
1343         rc = str_read(&key, GFP_KERNEL, fp, len);
1344         if (rc)
1345                 goto bad;
1346 
1347         if (len2) {
1348                 rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2);
1349                 if (rc)
1350                         goto bad;
1351 
1352                 rc = -EINVAL;
1353                 cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
1354                 if (!cladatum->comdatum) {
1355                         printk(KERN_ERR "SELinux:  unknown common %s\n", cladatum->comkey);
1356                         goto bad;
1357                 }
1358         }
1359         for (i = 0; i < nel; i++) {
1360                 rc = perm_read(p, cladatum->permissions.table, fp);
1361                 if (rc)
1362                         goto bad;
1363         }
1364 
1365         rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp);
1366         if (rc)
1367                 goto bad;
1368 
1369         if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1370                 /* grab the validatetrans rules */
1371                 rc = next_entry(buf, fp, sizeof(u32));
1372                 if (rc)
1373                         goto bad;
1374                 ncons = le32_to_cpu(buf[0]);
1375                 rc = read_cons_helper(p, &cladatum->validatetrans,
1376                                 ncons, 1, fp);
1377                 if (rc)
1378                         goto bad;
1379         }
1380 
1381         if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
1382                 rc = next_entry(buf, fp, sizeof(u32) * 3);
1383                 if (rc)
1384                         goto bad;
1385 
1386                 cladatum->default_user = le32_to_cpu(buf[0]);
1387                 cladatum->default_role = le32_to_cpu(buf[1]);
1388                 cladatum->default_range = le32_to_cpu(buf[2]);
1389         }
1390 
1391         if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
1392                 rc = next_entry(buf, fp, sizeof(u32) * 1);
1393                 if (rc)
1394                         goto bad;
1395                 cladatum->default_type = le32_to_cpu(buf[0]);
1396         }
1397 
1398         rc = hashtab_insert(h, key, cladatum);
1399         if (rc)
1400                 goto bad;
1401 
1402         return 0;
1403 bad:
1404         cls_destroy(key, cladatum, NULL);
1405         return rc;
1406 }
1407 
1408 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1409 {
1410         char *key = NULL;
1411         struct role_datum *role;
1412         int rc, to_read = 2;
1413         __le32 buf[3];
1414         u32 len;
1415 
1416         role = kzalloc(sizeof(*role), GFP_KERNEL);
1417         if (!role)
1418                 return -ENOMEM;
1419 
1420         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1421                 to_read = 3;
1422 
1423         rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1424         if (rc)
1425                 goto bad;
1426 
1427         len = le32_to_cpu(buf[0]);
1428         role->value = le32_to_cpu(buf[1]);
1429         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1430                 role->bounds = le32_to_cpu(buf[2]);
1431 
1432         rc = str_read(&key, GFP_KERNEL, fp, len);
1433         if (rc)
1434                 goto bad;
1435 
1436         rc = ebitmap_read(&role->dominates, fp);
1437         if (rc)
1438                 goto bad;
1439 
1440         rc = ebitmap_read(&role->types, fp);
1441         if (rc)
1442                 goto bad;
1443 
1444         if (strcmp(key, OBJECT_R) == 0) {
1445                 rc = -EINVAL;
1446                 if (role->value != OBJECT_R_VAL) {
1447                         printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
1448                                OBJECT_R, role->value);
1449                         goto bad;
1450                 }
1451                 rc = 0;
1452                 goto bad;
1453         }
1454 
1455         rc = hashtab_insert(h, key, role);
1456         if (rc)
1457                 goto bad;
1458         return 0;
1459 bad:
1460         role_destroy(key, role, NULL);
1461         return rc;
1462 }
1463 
1464 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1465 {
1466         char *key = NULL;
1467         struct type_datum *typdatum;
1468         int rc, to_read = 3;
1469         __le32 buf[4];
1470         u32 len;
1471 
1472         typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
1473         if (!typdatum)
1474                 return -ENOMEM;
1475 
1476         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1477                 to_read = 4;
1478 
1479         rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1480         if (rc)
1481                 goto bad;
1482 
1483         len = le32_to_cpu(buf[0]);
1484         typdatum->value = le32_to_cpu(buf[1]);
1485         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
1486                 u32 prop = le32_to_cpu(buf[2]);
1487 
1488                 if (prop & TYPEDATUM_PROPERTY_PRIMARY)
1489                         typdatum->primary = 1;
1490                 if (prop & TYPEDATUM_PROPERTY_ATTRIBUTE)
1491                         typdatum->attribute = 1;
1492 
1493                 typdatum->bounds = le32_to_cpu(buf[3]);
1494         } else {
1495                 typdatum->primary = le32_to_cpu(buf[2]);
1496         }
1497 
1498         rc = str_read(&key, GFP_KERNEL, fp, len);
1499         if (rc)
1500                 goto bad;
1501 
1502         rc = hashtab_insert(h, key, typdatum);
1503         if (rc)
1504                 goto bad;
1505         return 0;
1506 bad:
1507         type_destroy(key, typdatum, NULL);
1508         return rc;
1509 }
1510 
1511 
1512 /*
1513  * Read a MLS level structure from a policydb binary
1514  * representation file.
1515  */
1516 static int mls_read_level(struct mls_level *lp, void *fp)
1517 {
1518         __le32 buf[1];
1519         int rc;
1520 
1521         memset(lp, 0, sizeof(*lp));
1522 
1523         rc = next_entry(buf, fp, sizeof buf);
1524         if (rc) {
1525                 printk(KERN_ERR "SELinux: mls: truncated level\n");
1526                 return rc;
1527         }
1528         lp->sens = le32_to_cpu(buf[0]);
1529 
1530         rc = ebitmap_read(&lp->cat, fp);
1531         if (rc) {
1532                 printk(KERN_ERR "SELinux: mls:  error reading level categories\n");
1533                 return rc;
1534         }
1535         return 0;
1536 }
1537 
1538 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1539 {
1540         char *key = NULL;
1541         struct user_datum *usrdatum;
1542         int rc, to_read = 2;
1543         __le32 buf[3];
1544         u32 len;
1545 
1546         usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1547         if (!usrdatum)
1548                 return -ENOMEM;
1549 
1550         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1551                 to_read = 3;
1552 
1553         rc = next_entry(buf, fp, sizeof(buf[0]) * to_read);
1554         if (rc)
1555                 goto bad;
1556 
1557         len = le32_to_cpu(buf[0]);
1558         usrdatum->value = le32_to_cpu(buf[1]);
1559         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
1560                 usrdatum->bounds = le32_to_cpu(buf[2]);
1561 
1562         rc = str_read(&key, GFP_KERNEL, fp, len);
1563         if (rc)
1564                 goto bad;
1565 
1566         rc = ebitmap_read(&usrdatum->roles, fp);
1567         if (rc)
1568                 goto bad;
1569 
1570         if (p->policyvers >= POLICYDB_VERSION_MLS) {
1571                 rc = mls_read_range_helper(&usrdatum->range, fp);
1572                 if (rc)
1573                         goto bad;
1574                 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1575                 if (rc)
1576                         goto bad;
1577         }
1578 
1579         rc = hashtab_insert(h, key, usrdatum);
1580         if (rc)
1581                 goto bad;
1582         return 0;
1583 bad:
1584         user_destroy(key, usrdatum, NULL);
1585         return rc;
1586 }
1587 
1588 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1589 {
1590         char *key = NULL;
1591         struct level_datum *levdatum;
1592         int rc;
1593         __le32 buf[2];
1594         u32 len;
1595 
1596         levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1597         if (!levdatum)
1598                 return -ENOMEM;
1599 
1600         rc = next_entry(buf, fp, sizeof buf);
1601         if (rc)
1602                 goto bad;
1603 
1604         len = le32_to_cpu(buf[0]);
1605         levdatum->isalias = le32_to_cpu(buf[1]);
1606 
1607         rc = str_read(&key, GFP_ATOMIC, fp, len);
1608         if (rc)
1609                 goto bad;
1610 
1611         rc = -ENOMEM;
1612         levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
1613         if (!levdatum->level)
1614                 goto bad;
1615 
1616         rc = mls_read_level(levdatum->level, fp);
1617         if (rc)
1618                 goto bad;
1619 
1620         rc = hashtab_insert(h, key, levdatum);
1621         if (rc)
1622                 goto bad;
1623         return 0;
1624 bad:
1625         sens_destroy(key, levdatum, NULL);
1626         return rc;
1627 }
1628 
1629 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1630 {
1631         char *key = NULL;
1632         struct cat_datum *catdatum;
1633         int rc;
1634         __le32 buf[3];
1635         u32 len;
1636 
1637         catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1638         if (!catdatum)
1639                 return -ENOMEM;
1640 
1641         rc = next_entry(buf, fp, sizeof buf);
1642         if (rc)
1643                 goto bad;
1644 
1645         len = le32_to_cpu(buf[0]);
1646         catdatum->value = le32_to_cpu(buf[1]);
1647         catdatum->isalias = le32_to_cpu(buf[2]);
1648 
1649         rc = str_read(&key, GFP_ATOMIC, fp, len);
1650         if (rc)
1651                 goto bad;
1652 
1653         rc = hashtab_insert(h, key, catdatum);
1654         if (rc)
1655                 goto bad;
1656         return 0;
1657 bad:
1658         cat_destroy(key, catdatum, NULL);
1659         return rc;
1660 }
1661 
1662 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1663 {
1664         common_read,
1665         class_read,
1666         role_read,
1667         type_read,
1668         user_read,
1669         cond_read_bool,
1670         sens_read,
1671         cat_read,
1672 };
1673 
1674 static int user_bounds_sanity_check(void *key, void *datum, void *datap)
1675 {
1676         struct user_datum *upper, *user;
1677         struct policydb *p = datap;
1678         int depth = 0;
1679 
1680         upper = user = datum;
1681         while (upper->bounds) {
1682                 struct ebitmap_node *node;
1683                 unsigned long bit;
1684 
1685                 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1686                         printk(KERN_ERR "SELinux: user %s: "
1687                                "too deep or looped boundary",
1688                                (char *) key);
1689                         return -EINVAL;
1690                 }
1691 
1692                 upper = p->user_val_to_struct[upper->bounds - 1];
1693                 ebitmap_for_each_positive_bit(&user->roles, node, bit) {
1694                         if (ebitmap_get_bit(&upper->roles, bit))
1695                                 continue;
1696 
1697                         printk(KERN_ERR
1698                                "SELinux: boundary violated policy: "
1699                                "user=%s role=%s bounds=%s\n",
1700                                sym_name(p, SYM_USERS, user->value - 1),
1701                                sym_name(p, SYM_ROLES, bit),
1702                                sym_name(p, SYM_USERS, upper->value - 1));
1703 
1704                         return -EINVAL;
1705                 }
1706         }
1707 
1708         return 0;
1709 }
1710 
1711 static int role_bounds_sanity_check(void *key, void *datum, void *datap)
1712 {
1713         struct role_datum *upper, *role;
1714         struct policydb *p = datap;
1715         int depth = 0;
1716 
1717         upper = role = datum;
1718         while (upper->bounds) {
1719                 struct ebitmap_node *node;
1720                 unsigned long bit;
1721 
1722                 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1723                         printk(KERN_ERR "SELinux: role %s: "
1724                                "too deep or looped bounds\n",
1725                                (char *) key);
1726                         return -EINVAL;
1727                 }
1728 
1729                 upper = p->role_val_to_struct[upper->bounds - 1];
1730                 ebitmap_for_each_positive_bit(&role->types, node, bit) {
1731                         if (ebitmap_get_bit(&upper->types, bit))
1732                                 continue;
1733 
1734                         printk(KERN_ERR
1735                                "SELinux: boundary violated policy: "
1736                                "role=%s type=%s bounds=%s\n",
1737                                sym_name(p, SYM_ROLES, role->value - 1),
1738                                sym_name(p, SYM_TYPES, bit),
1739                                sym_name(p, SYM_ROLES, upper->value - 1));
1740 
1741                         return -EINVAL;
1742                 }
1743         }
1744 
1745         return 0;
1746 }
1747 
1748 static int type_bounds_sanity_check(void *key, void *datum, void *datap)
1749 {
1750         struct type_datum *upper;
1751         struct policydb *p = datap;
1752         int depth = 0;
1753 
1754         upper = datum;
1755         while (upper->bounds) {
1756                 if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
1757                         printk(KERN_ERR "SELinux: type %s: "
1758                                "too deep or looped boundary\n",
1759                                (char *) key);
1760                         return -EINVAL;
1761                 }
1762 
1763                 upper = flex_array_get_ptr(p->type_val_to_struct_array,
1764                                            upper->bounds - 1);
1765                 BUG_ON(!upper);
1766 
1767                 if (upper->attribute) {
1768                         printk(KERN_ERR "SELinux: type %s: "
1769                                "bounded by attribute %s",
1770                                (char *) key,
1771                                sym_name(p, SYM_TYPES, upper->value - 1));
1772                         return -EINVAL;
1773                 }
1774         }
1775 
1776         return 0;
1777 }
1778 
1779 static int policydb_bounds_sanity_check(struct policydb *p)
1780 {
1781         int rc;
1782 
1783         if (p->policyvers < POLICYDB_VERSION_BOUNDARY)
1784                 return 0;
1785 
1786         rc = hashtab_map(p->p_users.table,
1787                          user_bounds_sanity_check, p);
1788         if (rc)
1789                 return rc;
1790 
1791         rc = hashtab_map(p->p_roles.table,
1792                          role_bounds_sanity_check, p);
1793         if (rc)
1794                 return rc;
1795 
1796         rc = hashtab_map(p->p_types.table,
1797                          type_bounds_sanity_check, p);
1798         if (rc)
1799                 return rc;
1800 
1801         return 0;
1802 }
1803 
1804 u16 string_to_security_class(struct policydb *p, const char *name)
1805 {
1806         struct class_datum *cladatum;
1807 
1808         cladatum = hashtab_search(p->p_classes.table, name);
1809         if (!cladatum)
1810                 return 0;
1811 
1812         return cladatum->value;
1813 }
1814 
1815 u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name)
1816 {
1817         struct class_datum *cladatum;
1818         struct perm_datum *perdatum = NULL;
1819         struct common_datum *comdatum;
1820 
1821         if (!tclass || tclass > p->p_classes.nprim)
1822                 return 0;
1823 
1824         cladatum = p->class_val_to_struct[tclass-1];
1825         comdatum = cladatum->comdatum;
1826         if (comdatum)
1827                 perdatum = hashtab_search(comdatum->permissions.table,
1828                                           name);
1829         if (!perdatum)
1830                 perdatum = hashtab_search(cladatum->permissions.table,
1831                                           name);
1832         if (!perdatum)
1833                 return 0;
1834 
1835         return 1U << (perdatum->value-1);
1836 }
1837 
1838 static int range_read(struct policydb *p, void *fp)
1839 {
1840         struct range_trans *rt = NULL;
1841         struct mls_range *r = NULL;
1842         int i, rc;
1843         __le32 buf[2];
1844         u32 nel;
1845 
1846         if (p->policyvers < POLICYDB_VERSION_MLS)
1847                 return 0;
1848 
1849         rc = next_entry(buf, fp, sizeof(u32));
1850         if (rc)
1851                 return rc;
1852 
1853         nel = le32_to_cpu(buf[0]);
1854         for (i = 0; i < nel; i++) {
1855                 rc = -ENOMEM;
1856                 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1857                 if (!rt)
1858                         goto out;
1859 
1860                 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1861                 if (rc)
1862                         goto out;
1863 
1864                 rt->source_type = le32_to_cpu(buf[0]);
1865                 rt->target_type = le32_to_cpu(buf[1]);
1866                 if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
1867                         rc = next_entry(buf, fp, sizeof(u32));
1868                         if (rc)
1869                                 goto out;
1870                         rt->target_class = le32_to_cpu(buf[0]);
1871                 } else
1872                         rt->target_class = p->process_class;
1873 
1874                 rc = -EINVAL;
1875                 if (!policydb_type_isvalid(p, rt->source_type) ||
1876                     !policydb_type_isvalid(p, rt->target_type) ||
1877                     !policydb_class_isvalid(p, rt->target_class))
1878                         goto out;
1879 
1880                 rc = -ENOMEM;
1881                 r = kzalloc(sizeof(*r), GFP_KERNEL);
1882                 if (!r)
1883                         goto out;
1884 
1885                 rc = mls_read_range_helper(r, fp);
1886                 if (rc)
1887                         goto out;
1888 
1889                 rc = -EINVAL;
1890                 if (!mls_range_isvalid(p, r)) {
1891                         printk(KERN_WARNING "SELinux:  rangetrans:  invalid range\n");
1892                         goto out;
1893                 }
1894 
1895                 rc = hashtab_insert(p->range_tr, rt, r);
1896                 if (rc)
1897                         goto out;
1898 
1899                 rt = NULL;
1900                 r = NULL;
1901         }
1902         hash_eval(p->range_tr, "rangetr");
1903         rc = 0;
1904 out:
1905         kfree(rt);
1906         kfree(r);
1907         return rc;
1908 }
1909 
1910 static int filename_trans_read(struct policydb *p, void *fp)
1911 {
1912         struct filename_trans *ft;
1913         struct filename_trans_datum *otype;
1914         char *name;
1915         u32 nel, len;
1916         __le32 buf[4];
1917         int rc, i;
1918 
1919         if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
1920                 return 0;
1921 
1922         rc = next_entry(buf, fp, sizeof(u32));
1923         if (rc)
1924                 return rc;
1925         nel = le32_to_cpu(buf[0]);
1926 
1927         for (i = 0; i < nel; i++) {
1928                 otype = NULL;
1929                 name = NULL;
1930 
1931                 rc = -ENOMEM;
1932                 ft = kzalloc(sizeof(*ft), GFP_KERNEL);
1933                 if (!ft)
1934                         goto out;
1935 
1936                 rc = -ENOMEM;
1937                 otype = kmalloc(sizeof(*otype), GFP_KERNEL);
1938                 if (!otype)
1939                         goto out;
1940 
1941                 /* length of the path component string */
1942                 rc = next_entry(buf, fp, sizeof(u32));
1943                 if (rc)
1944                         goto out;
1945                 len = le32_to_cpu(buf[0]);
1946 
1947                 /* path component string */
1948                 rc = str_read(&name, GFP_KERNEL, fp, len);
1949                 if (rc)
1950                         goto out;
1951 
1952                 ft->name = name;
1953 
1954                 rc = next_entry(buf, fp, sizeof(u32) * 4);
1955                 if (rc)
1956                         goto out;
1957 
1958                 ft->stype = le32_to_cpu(buf[0]);
1959                 ft->ttype = le32_to_cpu(buf[1]);
1960                 ft->tclass = le32_to_cpu(buf[2]);
1961 
1962                 otype->otype = le32_to_cpu(buf[3]);
1963 
1964                 rc = ebitmap_set_bit(&p->filename_trans_ttypes, ft->ttype, 1);
1965                 if (rc)
1966                         goto out;
1967 
1968                 rc = hashtab_insert(p->filename_trans, ft, otype);
1969                 if (rc) {
1970                         /*
1971                          * Do not return -EEXIST to the caller, or the system
1972                          * will not boot.
1973                          */
1974                         if (rc != -EEXIST)
1975                                 goto out;
1976                         /* But free memory to avoid memory leak. */
1977                         kfree(ft);
1978                         kfree(name);
1979                         kfree(otype);
1980                 }
1981         }
1982         hash_eval(p->filename_trans, "filenametr");
1983         return 0;
1984 out:
1985         kfree(ft);
1986         kfree(name);
1987         kfree(otype);
1988 
1989         return rc;
1990 }
1991 
1992 static int genfs_read(struct policydb *p, void *fp)
1993 {
1994         int i, j, rc;
1995         u32 nel, nel2, len, len2;
1996         __le32 buf[1];
1997         struct ocontext *l, *c;
1998         struct ocontext *newc = NULL;
1999         struct genfs *genfs_p, *genfs;
2000         struct genfs *newgenfs = NULL;
2001 
2002         rc = next_entry(buf, fp, sizeof(u32));
2003         if (rc)
2004                 return rc;
2005         nel = le32_to_cpu(buf[0]);
2006 
2007         for (i = 0; i < nel; i++) {
2008                 rc = next_entry(buf, fp, sizeof(u32));
2009                 if (rc)
2010                         goto out;
2011                 len = le32_to_cpu(buf[0]);
2012 
2013                 rc = -ENOMEM;
2014                 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
2015                 if (!newgenfs)
2016                         goto out;
2017 
2018                 rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len);
2019                 if (rc)
2020                         goto out;
2021 
2022                 for (genfs_p = NULL, genfs = p->genfs; genfs;
2023                      genfs_p = genfs, genfs = genfs->next) {
2024                         rc = -EINVAL;
2025                         if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2026                                 printk(KERN_ERR "SELinux:  dup genfs fstype %s\n",
2027                                        newgenfs->fstype);
2028                                 goto out;
2029                         }
2030                         if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2031                                 break;
2032                 }
2033                 newgenfs->next = genfs;
2034                 if (genfs_p)
2035                         genfs_p->next = newgenfs;
2036                 else
2037                         p->genfs = newgenfs;
2038                 genfs = newgenfs;
2039                 newgenfs = NULL;
2040 
2041                 rc = next_entry(buf, fp, sizeof(u32));
2042                 if (rc)
2043                         goto out;
2044 
2045                 nel2 = le32_to_cpu(buf[0]);
2046                 for (j = 0; j < nel2; j++) {
2047                         rc = next_entry(buf, fp, sizeof(u32));
2048                         if (rc)
2049                                 goto out;
2050                         len = le32_to_cpu(buf[0]);
2051 
2052                         rc = -ENOMEM;
2053                         newc = kzalloc(sizeof(*newc), GFP_KERNEL);
2054                         if (!newc)
2055                                 goto out;
2056 
2057                         rc = str_read(&newc->u.name, GFP_KERNEL, fp, len);
2058                         if (rc)
2059                                 goto out;
2060 
2061                         rc = next_entry(buf, fp, sizeof(u32));
2062                         if (rc)
2063                                 goto out;
2064 
2065                         newc->v.sclass = le32_to_cpu(buf[0]);
2066                         rc = context_read_and_validate(&newc->context[0], p, fp);
2067                         if (rc)
2068                                 goto out;
2069 
2070                         for (l = NULL, c = genfs->head; c;
2071                              l = c, c = c->next) {
2072                                 rc = -EINVAL;
2073                                 if (!strcmp(newc->u.name, c->u.name) &&
2074                                     (!c->v.sclass || !newc->v.sclass ||
2075                                      newc->v.sclass == c->v.sclass)) {
2076                                         printk(KERN_ERR "SELinux:  dup genfs entry (%s,%s)\n",
2077                                                genfs->fstype, c->u.name);
2078                                         goto out;
2079                                 }
2080                                 len = strlen(newc->u.name);
2081                                 len2 = strlen(c->u.name);
2082                                 if (len > len2)
2083                                         break;
2084                         }
2085 
2086                         newc->next = c;
2087                         if (l)
2088                                 l->next = newc;
2089                         else
2090                                 genfs->head = newc;
2091                         newc = NULL;
2092                 }
2093         }
2094         rc = 0;
2095 out:
2096         if (newgenfs) {
2097                 kfree(newgenfs->fstype);
2098                 kfree(newgenfs);
2099         }
2100         ocontext_destroy(newc, OCON_FSUSE);
2101 
2102         return rc;
2103 }
2104 
2105 static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
2106                          void *fp)
2107 {
2108         int i, j, rc;
2109         u32 nel, len;
2110         __le32 buf[3];
2111         struct ocontext *l, *c;
2112         u32 nodebuf[8];
2113 
2114         for (i = 0; i < info->ocon_num; i++) {
2115                 rc = next_entry(buf, fp, sizeof(u32));
2116                 if (rc)
2117                         goto out;
2118                 nel = le32_to_cpu(buf[0]);
2119 
2120                 l = NULL;
2121                 for (j = 0; j < nel; j++) {
2122                         rc = -ENOMEM;
2123                         c = kzalloc(sizeof(*c), GFP_KERNEL);
2124                         if (!c)
2125                                 goto out;
2126                         if (l)
2127                                 l->next = c;
2128                         else
2129                                 p->ocontexts[i] = c;
2130                         l = c;
2131 
2132                         switch (i) {
2133                         case OCON_ISID:
2134                                 rc = next_entry(buf, fp, sizeof(u32));
2135                                 if (rc)
2136                                         goto out;
2137 
2138                                 c->sid[0] = le32_to_cpu(buf[0]);
2139                                 rc = context_read_and_validate(&c->context[0], p, fp);
2140                                 if (rc)
2141                                         goto out;
2142                                 break;
2143                         case OCON_FS:
2144                         case OCON_NETIF:
2145                                 rc = next_entry(buf, fp, sizeof(u32));
2146                                 if (rc)
2147                                         goto out;
2148                                 len = le32_to_cpu(buf[0]);
2149 
2150                                 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2151                                 if (rc)
2152                                         goto out;
2153 
2154                                 rc = context_read_and_validate(&c->context[0], p, fp);
2155                                 if (rc)
2156                                         goto out;
2157                                 rc = context_read_and_validate(&c->context[1], p, fp);
2158                                 if (rc)
2159                                         goto out;
2160                                 break;
2161                         case OCON_PORT:
2162                                 rc = next_entry(buf, fp, sizeof(u32)*3);
2163                                 if (rc)
2164                                         goto out;
2165                                 c->u.port.protocol = le32_to_cpu(buf[0]);
2166                                 c->u.port.low_port = le32_to_cpu(buf[1]);
2167                                 c->u.port.high_port = le32_to_cpu(buf[2]);
2168                                 rc = context_read_and_validate(&c->context[0], p, fp);
2169                                 if (rc)
2170                                         goto out;
2171                                 break;
2172                         case OCON_NODE:
2173                                 rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
2174                                 if (rc)
2175                                         goto out;
2176                                 c->u.node.addr = nodebuf[0]; /* network order */
2177                                 c->u.node.mask = nodebuf[1]; /* network order */
2178                                 rc = context_read_and_validate(&c->context[0], p, fp);
2179                                 if (rc)
2180                                         goto out;
2181                                 break;
2182                         case OCON_FSUSE:
2183                                 rc = next_entry(buf, fp, sizeof(u32)*2);
2184                                 if (rc)
2185                                         goto out;
2186 
2187                                 rc = -EINVAL;
2188                                 c->v.behavior = le32_to_cpu(buf[0]);
2189                                 /* Determined at runtime, not in policy DB. */
2190                                 if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
2191                                         goto out;
2192                                 if (c->v.behavior > SECURITY_FS_USE_MAX)
2193                                         goto out;
2194 
2195                                 len = le32_to_cpu(buf[1]);
2196                                 rc = str_read(&c->u.name, GFP_KERNEL, fp, len);
2197                                 if (rc)
2198                                         goto out;
2199 
2200                                 rc = context_read_and_validate(&c->context[0], p, fp);
2201                                 if (rc)
2202                                         goto out;
2203                                 break;
2204                         case OCON_NODE6: {
2205                                 int k;
2206 
2207                                 rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
2208                                 if (rc)
2209                                         goto out;
2210                                 for (k = 0; k < 4; k++)
2211                                         c->u.node6.addr[k] = nodebuf[k];
2212                                 for (k = 0; k < 4; k++)
2213                                         c->u.node6.mask[k] = nodebuf[k+4];
2214                                 rc = context_read_and_validate(&c->context[0], p, fp);
2215                                 if (rc)
2216                                         goto out;
2217                                 break;
2218                         }
2219                         case OCON_IBPKEY:
2220                                 rc = next_entry(nodebuf, fp, sizeof(u32) * 4);
2221                                 if (rc)
2222                                         goto out;
2223 
2224                                 c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf));
2225 
2226                                 if (nodebuf[2] > 0xffff ||
2227                                     nodebuf[3] > 0xffff) {
2228                                         rc = -EINVAL;
2229                                         goto out;
2230                                 }
2231 
2232                                 c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]);
2233                                 c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]);
2234 
2235                                 rc = context_read_and_validate(&c->context[0],
2236                                                                p,
2237                                                                fp);
2238                                 if (rc)
2239                                         goto out;
2240                                 break;
2241                         case OCON_IBENDPORT:
2242                                 rc = next_entry(buf, fp, sizeof(u32) * 2);
2243                                 if (rc)
2244                                         goto out;
2245                                 len = le32_to_cpu(buf[0]);
2246 
2247                                 rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len);
2248                                 if (rc)
2249                                         goto out;
2250 
2251                                 if (buf[1] > 0xff || buf[1] == 0) {
2252                                         rc = -EINVAL;
2253                                         goto out;
2254                                 }
2255 
2256                                 c->u.ibendport.port = le32_to_cpu(buf[1]);
2257 
2258                                 rc = context_read_and_validate(&c->context[0],
2259                                                                p,
2260                                                                fp);
2261                                 if (rc)
2262                                         goto out;
2263                                 break;
2264                         }
2265                 }
2266         }
2267         rc = 0;
2268 out:
2269         return rc;
2270 }
2271 
2272 /*
2273  * Read the configuration data from a policy database binary
2274  * representation file into a policy database structure.
2275  */
2276 int policydb_read(struct policydb *p, void *fp)
2277 {
2278         struct role_allow *ra, *lra;
2279         struct role_trans *tr, *ltr;
2280         int i, j, rc;
2281         __le32 buf[4];
2282         u32 len, nprim, nel;
2283 
2284         char *policydb_str;
2285         struct policydb_compat_info *info;
2286 
2287         rc = policydb_init(p);
2288         if (rc)
2289                 return rc;
2290 
2291         /* Read the magic number and string length. */
2292         rc = next_entry(buf, fp, sizeof(u32) * 2);
2293         if (rc)
2294                 goto bad;
2295 
2296         rc = -EINVAL;
2297         if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
2298                 printk(KERN_ERR "SELinux:  policydb magic number 0x%x does "
2299                        "not match expected magic number 0x%x\n",
2300                        le32_to_cpu(buf[0]), POLICYDB_MAGIC);
2301                 goto bad;
2302         }
2303 
2304         rc = -EINVAL;
2305         len = le32_to_cpu(buf[1]);
2306         if (len != strlen(POLICYDB_STRING)) {
2307                 printk(KERN_ERR "SELinux:  policydb string length %d does not "
2308                        "match expected length %zu\n",
2309                        len, strlen(POLICYDB_STRING));
2310                 goto bad;
2311         }
2312 
2313         rc = -ENOMEM;
2314         policydb_str = kmalloc(len + 1, GFP_KERNEL);
2315         if (!policydb_str) {
2316                 printk(KERN_ERR "SELinux:  unable to allocate memory for policydb "
2317                        "string of length %d\n", len);
2318                 goto bad;
2319         }
2320 
2321         rc = next_entry(policydb_str, fp, len);
2322         if (rc) {
2323                 printk(KERN_ERR "SELinux:  truncated policydb string identifier\n");
2324                 kfree(policydb_str);
2325                 goto bad;
2326         }
2327 
2328         rc = -EINVAL;
2329         policydb_str[len] = '\0';
2330         if (strcmp(policydb_str, POLICYDB_STRING)) {
2331                 printk(KERN_ERR "SELinux:  policydb string %s does not match "
2332                        "my string %s\n", policydb_str, POLICYDB_STRING);
2333                 kfree(policydb_str);
2334                 goto bad;
2335         }
2336         /* Done with policydb_str. */
2337         kfree(policydb_str);
2338         policydb_str = NULL;
2339 
2340         /* Read the version and table sizes. */
2341         rc = next_entry(buf, fp, sizeof(u32)*4);
2342         if (rc)
2343                 goto bad;
2344 
2345         rc = -EINVAL;
2346         p->policyvers = le32_to_cpu(buf[0]);
2347         if (p->policyvers < POLICYDB_VERSION_MIN ||
2348             p->policyvers > POLICYDB_VERSION_MAX) {
2349                 printk(KERN_ERR "SELinux:  policydb version %d does not match "
2350                        "my version range %d-%d\n",
2351                        le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
2352                 goto bad;
2353         }
2354 
2355         if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
2356                 p->mls_enabled = 1;
2357 
2358                 rc = -EINVAL;
2359                 if (p->policyvers < POLICYDB_VERSION_MLS) {
2360                         printk(KERN_ERR "SELinux: security policydb version %d "
2361                                 "(MLS) not backwards compatible\n",
2362                                 p->policyvers);
2363                         goto bad;
2364                 }
2365         }
2366         p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
2367         p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
2368 
2369         if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
2370                 rc = ebitmap_read(&p->policycaps, fp);
2371                 if (rc)
2372                         goto bad;
2373         }
2374 
2375         if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
2376                 rc = ebitmap_read(&p->permissive_map, fp);
2377                 if (rc)
2378                         goto bad;
2379         }
2380 
2381         rc = -EINVAL;
2382         info = policydb_lookup_compat(p->policyvers);
2383         if (!info) {
2384                 printk(KERN_ERR "SELinux:  unable to find policy compat info "
2385                        "for version %d\n", p->policyvers);
2386                 goto bad;
2387         }
2388 
2389         rc = -EINVAL;
2390         if (le32_to_cpu(buf[2]) != info->sym_num ||
2391                 le32_to_cpu(buf[3]) != info->ocon_num) {
2392                 printk(KERN_ERR "SELinux:  policydb table sizes (%d,%d) do "
2393                        "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
2394                         le32_to_cpu(buf[3]),
2395                        info->sym_num, info->ocon_num);
2396                 goto bad;
2397         }
2398 
2399         for (i = 0; i < info->sym_num; i++) {
2400                 rc = next_entry(buf, fp, sizeof(u32)*2);
2401                 if (rc)
2402                         goto bad;
2403                 nprim = le32_to_cpu(buf[0]);
2404                 nel = le32_to_cpu(buf[1]);
2405                 for (j = 0; j < nel; j++) {
2406                         rc = read_f[i](p, p->symtab[i].table, fp);
2407                         if (rc)
2408                                 goto bad;
2409                 }
2410 
2411                 p->symtab[i].nprim = nprim;
2412         }
2413 
2414         rc = -EINVAL;
2415         p->process_class = string_to_security_class(p, "process");
2416         if (!p->process_class)
2417                 goto bad;
2418 
2419         rc = avtab_read(&p->te_avtab, fp, p);
2420         if (rc)
2421                 goto bad;
2422 
2423         if (p->policyvers >= POLICYDB_VERSION_BOOL) {
2424                 rc = cond_read_list(p, fp);
2425                 if (rc)
2426                         goto bad;
2427         }
2428 
2429         rc = next_entry(buf, fp, sizeof(u32));
2430         if (rc)
2431                 goto bad;
2432         nel = le32_to_cpu(buf[0]);
2433         ltr = NULL;
2434         for (i = 0; i < nel; i++) {
2435                 rc = -ENOMEM;
2436                 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
2437                 if (!tr)
2438                         goto bad;
2439                 if (ltr)
2440                         ltr->next = tr;
2441                 else
2442                         p->role_tr = tr;
2443                 rc = next_entry(buf, fp, sizeof(u32)*3);
2444                 if (rc)
2445                         goto bad;
2446 
2447                 rc = -EINVAL;
2448                 tr->role = le32_to_cpu(buf[0]);
2449                 tr->type = le32_to_cpu(buf[1]);
2450                 tr->new_role = le32_to_cpu(buf[2]);
2451                 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2452                         rc = next_entry(buf, fp, sizeof(u32));
2453                         if (rc)
2454                                 goto bad;
2455                         tr->tclass = le32_to_cpu(buf[0]);
2456                 } else
2457                         tr->tclass = p->process_class;
2458 
2459                 rc = -EINVAL;
2460                 if (!policydb_role_isvalid(p, tr->role) ||
2461                     !policydb_type_isvalid(p, tr->type) ||
2462                     !policydb_class_isvalid(p, tr->tclass) ||
2463                     !policydb_role_isvalid(p, tr->new_role))
2464                         goto bad;
2465                 ltr = tr;
2466         }
2467 
2468         rc = next_entry(buf, fp, sizeof(u32));
2469         if (rc)
2470                 goto bad;
2471         nel = le32_to_cpu(buf[0]);
2472         lra = NULL;
2473         for (i = 0; i < nel; i++) {
2474                 rc = -ENOMEM;
2475                 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
2476                 if (!ra)
2477                         goto bad;
2478                 if (lra)
2479                         lra->next = ra;
2480                 else
2481                         p->role_allow = ra;
2482                 rc = next_entry(buf, fp, sizeof(u32)*2);
2483                 if (rc)
2484                         goto bad;
2485 
2486                 rc = -EINVAL;
2487                 ra->role = le32_to_cpu(buf[0]);
2488                 ra->new_role = le32_to_cpu(buf[1]);
2489                 if (!policydb_role_isvalid(p, ra->role) ||
2490                     !policydb_role_isvalid(p, ra->new_role))
2491                         goto bad;
2492                 lra = ra;
2493         }
2494 
2495         rc = filename_trans_read(p, fp);
2496         if (rc)
2497                 goto bad;
2498 
2499         rc = policydb_index(p);
2500         if (rc)
2501                 goto bad;
2502 
2503         rc = -EINVAL;
2504         p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
2505         p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
2506         if (!p->process_trans_perms)
2507                 goto bad;
2508 
2509         rc = ocontext_read(p, info, fp);
2510         if (rc)
2511                 goto bad;
2512 
2513         rc = genfs_read(p, fp);
2514         if (rc)
2515                 goto bad;
2516 
2517         rc = range_read(p, fp);
2518         if (rc)
2519                 goto bad;
2520 
2521         rc = -ENOMEM;
2522         p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
2523                                                   p->p_types.nprim,
2524                                                   GFP_KERNEL | __GFP_ZERO);
2525         if (!p->type_attr_map_array)
2526                 goto bad;
2527 
2528         /* preallocate so we don't have to worry about the put ever failing */
2529         rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
2530                                  GFP_KERNEL | __GFP_ZERO);
2531         if (rc)
2532                 goto bad;
2533 
2534         for (i = 0; i < p->p_types.nprim; i++) {
2535                 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
2536 
2537                 BUG_ON(!e);
2538                 ebitmap_init(e);
2539                 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
2540                         rc = ebitmap_read(e, fp);
2541                         if (rc)
2542                                 goto bad;
2543                 }
2544                 /* add the type itself as the degenerate case */
2545                 rc = ebitmap_set_bit(e, i, 1);
2546                 if (rc)
2547                         goto bad;
2548         }
2549 
2550         rc = policydb_bounds_sanity_check(p);
2551         if (rc)
2552                 goto bad;
2553 
2554         rc = 0;
2555 out:
2556         return rc;
2557 bad:
2558         policydb_destroy(p);
2559         goto out;
2560 }
2561 
2562 /*
2563  * Write a MLS level structure to a policydb binary
2564  * representation file.
2565  */
2566 static int mls_write_level(struct mls_level *l, void *fp)
2567 {
2568         __le32 buf[1];
2569         int rc;
2570 
2571         buf[0] = cpu_to_le32(l->sens);
2572         rc = put_entry(buf, sizeof(u32), 1, fp);
2573         if (rc)
2574                 return rc;
2575 
2576         rc = ebitmap_write(&l->cat, fp);
2577         if (rc)
2578                 return rc;
2579 
2580         return 0;
2581 }
2582 
2583 /*
2584  * Write a MLS range structure to a policydb binary
2585  * representation file.
2586  */
2587 static int mls_write_range_helper(struct mls_range *r, void *fp)
2588 {
2589         __le32 buf[3];
2590         size_t items;
2591         int rc, eq;
2592 
2593         eq = mls_level_eq(&r->level[1], &r->level[0]);
2594 
2595         if (eq)
2596                 items = 2;
2597         else
2598                 items = 3;
2599         buf[0] = cpu_to_le32(items-1);
2600         buf[1] = cpu_to_le32(r->level[0].sens);
2601         if (!eq)
2602                 buf[2] = cpu_to_le32(r->level[1].sens);
2603 
2604         BUG_ON(items > ARRAY_SIZE(buf));
2605 
2606         rc = put_entry(buf, sizeof(u32), items, fp);
2607         if (rc)
2608                 return rc;
2609 
2610         rc = ebitmap_write(&r->level[0].cat, fp);
2611         if (rc)
2612                 return rc;
2613         if (!eq) {
2614                 rc = ebitmap_write(&r->level[1].cat, fp);
2615                 if (rc)
2616                         return rc;
2617         }
2618 
2619         return 0;
2620 }
2621 
2622 static int sens_write(void *vkey, void *datum, void *ptr)
2623 {
2624         char *key = vkey;
2625         struct level_datum *levdatum = datum;
2626         struct policy_data *pd = ptr;
2627         void *fp = pd->fp;
2628         __le32 buf[2];
2629         size_t len;
2630         int rc;
2631 
2632         len = strlen(key);
2633         buf[0] = cpu_to_le32(len);
2634         buf[1] = cpu_to_le32(levdatum->isalias);
2635         rc = put_entry(buf, sizeof(u32), 2, fp);
2636         if (rc)
2637                 return rc;
2638 
2639         rc = put_entry(key, 1, len, fp);
2640         if (rc)
2641                 return rc;
2642 
2643         rc = mls_write_level(levdatum->level, fp);
2644         if (rc)
2645                 return rc;
2646 
2647         return 0;
2648 }
2649 
2650 static int cat_write(void *vkey, void *datum, void *ptr)
2651 {
2652         char *key = vkey;
2653         struct cat_datum *catdatum = datum;
2654         struct policy_data *pd = ptr;
2655         void *fp = pd->fp;
2656         __le32 buf[3];
2657         size_t len;
2658         int rc;
2659 
2660         len = strlen(key);
2661         buf[0] = cpu_to_le32(len);
2662         buf[1] = cpu_to_le32(catdatum->value);
2663         buf[2] = cpu_to_le32(catdatum->isalias);
2664         rc = put_entry(buf, sizeof(u32), 3, fp);
2665         if (rc)
2666                 return rc;
2667 
2668         rc = put_entry(key, 1, len, fp);
2669         if (rc)
2670                 return rc;
2671 
2672         return 0;
2673 }
2674 
2675 static int role_trans_write(struct policydb *p, void *fp)
2676 {
2677         struct role_trans *r = p->role_tr;
2678         struct role_trans *tr;
2679         u32 buf[3];
2680         size_t nel;
2681         int rc;
2682 
2683         nel = 0;
2684         for (tr = r; tr; tr = tr->next)
2685                 nel++;
2686         buf[0] = cpu_to_le32(nel);
2687         rc = put_entry(buf, sizeof(u32), 1, fp);
2688         if (rc)
2689                 return rc;
2690         for (tr = r; tr; tr = tr->next) {
2691                 buf[0] = cpu_to_le32(tr->role);
2692                 buf[1] = cpu_to_le32(tr->type);
2693                 buf[2] = cpu_to_le32(tr->new_role);
2694                 rc = put_entry(buf, sizeof(u32), 3, fp);
2695                 if (rc)
2696                         return rc;
2697                 if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
2698                         buf[0] = cpu_to_le32(tr->tclass);
2699                         rc = put_entry(buf, sizeof(u32), 1, fp);
2700                         if (rc)
2701                                 return rc;
2702                 }
2703         }
2704 
2705         return 0;
2706 }
2707 
2708 static int role_allow_write(struct role_allow *r, void *fp)
2709 {
2710         struct role_allow *ra;
2711         u32 buf[2];
2712         size_t nel;
2713         int rc;
2714 
2715         nel = 0;
2716         for (ra = r; ra; ra = ra->next)
2717                 nel++;
2718         buf[0] = cpu_to_le32(nel);
2719         rc = put_entry(buf, sizeof(u32), 1, fp);
2720         if (rc)
2721                 return rc;
2722         for (ra = r; ra; ra = ra->next) {
2723                 buf[0] = cpu_to_le32(ra->role);
2724                 buf[1] = cpu_to_le32(ra->new_role);
2725                 rc = put_entry(buf, sizeof(u32), 2, fp);
2726                 if (rc)
2727                         return rc;
2728         }
2729         return 0;
2730 }
2731 
2732 /*
2733  * Write a security context structure
2734  * to a policydb binary representation file.
2735  */
2736 static int context_write(struct policydb *p, struct context *c,
2737                          void *fp)
2738 {
2739         int rc;
2740         __le32 buf[3];
2741 
2742         buf[0] = cpu_to_le32(c->user);
2743         buf[1] = cpu_to_le32(c->role);
2744         buf[2] = cpu_to_le32(c->type);
2745 
2746         rc = put_entry(buf, sizeof(u32), 3, fp);
2747         if (rc)
2748                 return rc;
2749 
2750         rc = mls_write_range_helper(&c->range, fp);
2751         if (rc)
2752                 return rc;
2753 
2754         return 0;
2755 }
2756 
2757 /*
2758  * The following *_write functions are used to
2759  * write the symbol data to a policy database
2760  * binary representation file.
2761  */
2762 
2763 static int perm_write(void *vkey, void *datum, void *fp)
2764 {
2765         char *key = vkey;
2766         struct perm_datum *perdatum = datum;
2767         __le32 buf[2];
2768         size_t len;
2769         int rc;
2770 
2771         len = strlen(key);
2772         buf[0] = cpu_to_le32(len);
2773         buf[1] = cpu_to_le32(perdatum->value);
2774         rc = put_entry(buf, sizeof(u32), 2, fp);
2775         if (rc)
2776                 return rc;
2777 
2778         rc = put_entry(key, 1, len, fp);
2779         if (rc)
2780                 return rc;
2781 
2782         return 0;
2783 }
2784 
2785 static int common_write(void *vkey, void *datum, void *ptr)
2786 {
2787         char *key = vkey;
2788         struct common_datum *comdatum = datum;
2789         struct policy_data *pd = ptr;
2790         void *fp = pd->fp;
2791         __le32 buf[4];
2792         size_t len;
2793         int rc;
2794 
2795         len = strlen(key);
2796         buf[0] = cpu_to_le32(len);
2797         buf[1] = cpu_to_le32(comdatum->value);
2798         buf[2] = cpu_to_le32(comdatum->permissions.nprim);
2799         buf[3] = cpu_to_le32(comdatum->permissions.table->nel);
2800         rc = put_entry(buf, sizeof(u32), 4, fp);
2801         if (rc)
2802                 return rc;
2803 
2804         rc = put_entry(key, 1, len, fp);
2805         if (rc)
2806                 return rc;
2807 
2808         rc = hashtab_map(comdatum->permissions.table, perm_write, fp);
2809         if (rc)
2810                 return rc;
2811 
2812         return 0;
2813 }
2814 
2815 static int type_set_write(struct type_set *t, void *fp)
2816 {
2817         int rc;
2818         __le32 buf[1];
2819 
2820         if (ebitmap_write(&t->types, fp))
2821                 return -EINVAL;
2822         if (ebitmap_write(&t->negset, fp))
2823                 return -EINVAL;
2824 
2825         buf[0] = cpu_to_le32(t->flags);
2826         rc = put_entry(buf, sizeof(u32), 1, fp);
2827         if (rc)
2828                 return -EINVAL;
2829 
2830         return 0;
2831 }
2832 
2833 static int write_cons_helper(struct policydb *p, struct constraint_node *node,
2834                              void *fp)
2835 {
2836         struct constraint_node *c;
2837         struct constraint_expr *e;
2838         __le32 buf[3];
2839         u32 nel;
2840         int rc;
2841 
2842         for (c = node; c; c = c->next) {
2843                 nel = 0;
2844                 for (e = c->expr; e; e = e->next)
2845                         nel++;
2846                 buf[0] = cpu_to_le32(c->permissions);
2847                 buf[1] = cpu_to_le32(nel);
2848                 rc = put_entry(buf, sizeof(u32), 2, fp);
2849                 if (rc)
2850                         return rc;
2851                 for (e = c->expr; e; e = e->next) {
2852                         buf[0] = cpu_to_le32(e->expr_type);
2853                         buf[1] = cpu_to_le32(e->attr);
2854                         buf[2] = cpu_to_le32(e->op);
2855                         rc = put_entry(buf, sizeof(u32), 3, fp);
2856                         if (rc)
2857                                 return rc;
2858 
2859                         switch (e->expr_type) {
2860                         case CEXPR_NAMES:
2861                                 rc = ebitmap_write(&e->names, fp);
2862                                 if (rc)
2863                                         return rc;
2864                                 if (p->policyvers >=
2865                                         POLICYDB_VERSION_CONSTRAINT_NAMES) {
2866                                         rc = type_set_write(e->type_names, fp);
2867                                         if (rc)
2868                                                 return rc;
2869                                 }
2870                                 break;
2871                         default:
2872                                 break;
2873                         }
2874                 }
2875         }
2876 
2877         return 0;
2878 }
2879 
2880 static int class_write(void *vkey, void *datum, void *ptr)
2881 {
2882         char *key = vkey;
2883         struct class_datum *cladatum = datum;
2884         struct policy_data *pd = ptr;
2885         void *fp = pd->fp;
2886         struct policydb *p = pd->p;
2887         struct constraint_node *c;
2888         __le32 buf[6];
2889         u32 ncons;
2890         size_t len, len2;
2891         int rc;
2892 
2893         len = strlen(key);
2894         if (cladatum->comkey)
2895                 len2 = strlen(cladatum->comkey);
2896         else
2897                 len2 = 0;
2898 
2899         ncons = 0;
2900         for (c = cladatum->constraints; c; c = c->next)
2901                 ncons++;
2902 
2903         buf[0] = cpu_to_le32(len);
2904         buf[1] = cpu_to_le32(len2);
2905         buf[2] = cpu_to_le32(cladatum->value);
2906         buf[3] = cpu_to_le32(cladatum->permissions.nprim);
2907         if (cladatum->permissions.table)
2908                 buf[4] = cpu_to_le32(cladatum->permissions.table->nel);
2909         else
2910                 buf[4] = 0;
2911         buf[5] = cpu_to_le32(ncons);
2912         rc = put_entry(buf, sizeof(u32), 6, fp);
2913         if (rc)
2914                 return rc;
2915 
2916         rc = put_entry(key, 1, len, fp);
2917         if (rc)
2918                 return rc;
2919 
2920         if (cladatum->comkey) {
2921                 rc = put_entry(cladatum->comkey, 1, len2, fp);
2922                 if (rc)
2923                         return rc;
2924         }
2925 
2926         rc = hashtab_map(cladatum->permissions.table, perm_write, fp);
2927         if (rc)
2928                 return rc;
2929 
2930         rc = write_cons_helper(p, cladatum->constraints, fp);
2931         if (rc)
2932                 return rc;
2933 
2934         /* write out the validatetrans rule */
2935         ncons = 0;
2936         for (c = cladatum->validatetrans; c; c = c->next)
2937                 ncons++;
2938 
2939         buf[0] = cpu_to_le32(ncons);
2940         rc = put_entry(buf, sizeof(u32), 1, fp);
2941         if (rc)
2942                 return rc;
2943 
2944         rc = write_cons_helper(p, cladatum->validatetrans, fp);
2945         if (rc)
2946                 return rc;
2947 
2948         if (p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) {
2949                 buf[0] = cpu_to_le32(cladatum->default_user);
2950                 buf[1] = cpu_to_le32(cladatum->default_role);
2951                 buf[2] = cpu_to_le32(cladatum->default_range);
2952 
2953                 rc = put_entry(buf, sizeof(uint32_t), 3, fp);
2954                 if (rc)
2955                         return rc;
2956         }
2957 
2958         if (p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) {
2959                 buf[0] = cpu_to_le32(cladatum->default_type);
2960                 rc = put_entry(buf, sizeof(uint32_t), 1, fp);
2961                 if (rc)
2962                         return rc;
2963         }
2964 
2965         return 0;
2966 }
2967 
2968 static int role_write(void *vkey, void *datum, void *ptr)
2969 {
2970         char *key = vkey;
2971         struct role_datum *role = datum;
2972         struct policy_data *pd = ptr;
2973         void *fp = pd->fp;
2974         struct policydb *p = pd->p;
2975         __le32 buf[3];
2976         size_t items, len;
2977         int rc;
2978 
2979         len = strlen(key);
2980         items = 0;
2981         buf[items++] = cpu_to_le32(len);
2982         buf[items++] = cpu_to_le32(role->value);
2983         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
2984                 buf[items++] = cpu_to_le32(role->bounds);
2985 
2986         BUG_ON(items > ARRAY_SIZE(buf));
2987 
2988         rc = put_entry(buf, sizeof(u32), items, fp);
2989         if (rc)
2990                 return rc;
2991 
2992         rc = put_entry(key, 1, len, fp);
2993         if (rc)
2994                 return rc;
2995 
2996         rc = ebitmap_write(&role->dominates, fp);
2997         if (rc)
2998                 return rc;
2999 
3000         rc = ebitmap_write(&role->types, fp);
3001         if (rc)
3002                 return rc;
3003 
3004         return 0;
3005 }
3006 
3007 static int type_write(void *vkey, void *datum, void *ptr)
3008 {
3009         char *key = vkey;
3010         struct type_datum *typdatum = datum;
3011         struct policy_data *pd = ptr;
3012         struct policydb *p = pd->p;
3013         void *fp = pd->fp;
3014         __le32 buf[4];
3015         int rc;
3016         size_t items, len;
3017 
3018         len = strlen(key);
3019         items = 0;
3020         buf[items++] = cpu_to_le32(len);
3021         buf[items++] = cpu_to_le32(typdatum->value);
3022         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) {
3023                 u32 properties = 0;
3024 
3025                 if (typdatum->primary)
3026                         properties |= TYPEDATUM_PROPERTY_PRIMARY;
3027 
3028                 if (typdatum->attribute)
3029                         properties |= TYPEDATUM_PROPERTY_ATTRIBUTE;
3030 
3031                 buf[items++] = cpu_to_le32(properties);
3032                 buf[items++] = cpu_to_le32(typdatum->bounds);
3033         } else {
3034                 buf[items++] = cpu_to_le32(typdatum->primary);
3035         }
3036         BUG_ON(items > ARRAY_SIZE(buf));
3037         rc = put_entry(buf, sizeof(u32), items, fp);
3038         if (rc)
3039                 return rc;
3040 
3041         rc = put_entry(key, 1, len, fp);
3042         if (rc)
3043                 return rc;
3044 
3045         return 0;
3046 }
3047 
3048 static int user_write(void *vkey, void *datum, void *ptr)
3049 {
3050         char *key = vkey;
3051         struct user_datum *usrdatum = datum;
3052         struct policy_data *pd = ptr;
3053         struct policydb *p = pd->p;
3054         void *fp = pd->fp;
3055         __le32 buf[3];
3056         size_t items, len;
3057         int rc;
3058 
3059         len = strlen(key);
3060         items = 0;
3061         buf[items++] = cpu_to_le32(len);
3062         buf[items++] = cpu_to_le32(usrdatum->value);
3063         if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
3064                 buf[items++] = cpu_to_le32(usrdatum->bounds);
3065         BUG_ON(items > ARRAY_SIZE(buf));
3066         rc = put_entry(buf, sizeof(u32), items, fp);
3067         if (rc)
3068                 return rc;
3069 
3070         rc = put_entry(key, 1, len, fp);
3071         if (rc)
3072                 return rc;
3073 
3074         rc = ebitmap_write(&usrdatum->roles, fp);
3075         if (rc)
3076                 return rc;
3077 
3078         rc = mls_write_range_helper(&usrdatum->range, fp);
3079         if (rc)
3080                 return rc;
3081 
3082         rc = mls_write_level(&usrdatum->dfltlevel, fp);
3083         if (rc)
3084                 return rc;
3085 
3086         return 0;
3087 }
3088 
3089 static int (*write_f[SYM_NUM]) (void *key, void *datum,
3090                                 void *datap) =
3091 {
3092         common_write,
3093         class_write,
3094         role_write,
3095         type_write,
3096         user_write,
3097         cond_write_bool,
3098         sens_write,
3099         cat_write,
3100 };
3101 
3102 static int ocontext_write(struct policydb *p, struct policydb_compat_info *info,
3103                           void *fp)
3104 {
3105         unsigned int i, j, rc;
3106         size_t nel, len;
3107         __le32 buf[3];
3108         u32 nodebuf[8];
3109         struct ocontext *c;
3110         for (i = 0; i < info->ocon_num; i++) {
3111                 nel = 0;
3112                 for (c = p->ocontexts[i]; c; c = c->next)
3113                         nel++;
3114                 buf[0] = cpu_to_le32(nel);
3115                 rc = put_entry(buf, sizeof(u32), 1, fp);
3116                 if (rc)
3117                         return rc;
3118                 for (c = p->ocontexts[i]; c; c = c->next) {
3119                         switch (i) {
3120                         case OCON_ISID:
3121                                 buf[0] = cpu_to_le32(c->sid[0]);
3122                                 rc = put_entry(buf, sizeof(u32), 1, fp);
3123                                 if (rc)
3124                                         return rc;
3125                                 rc = context_write(p, &c->context[0], fp);
3126                                 if (rc)
3127                                         return rc;
3128                                 break;
3129                         case OCON_FS:
3130                         case OCON_NETIF:
3131                                 len = strlen(c->u.name);
3132                                 buf[0] = cpu_to_le32(len);
3133                                 rc = put_entry(buf, sizeof(u32), 1, fp);
3134                                 if (rc)
3135                                         return rc;
3136                                 rc = put_entry(c->u.name, 1, len, fp);
3137                                 if (rc)
3138                                         return rc;
3139                                 rc = context_write(p, &c->context[0], fp);
3140                                 if (rc)
3141                                         return rc;
3142                                 rc = context_write(p, &c->context[1], fp);
3143                                 if (rc)
3144                                         return rc;
3145                                 break;
3146                         case OCON_PORT:
3147                                 buf[0] = cpu_to_le32(c->u.port.protocol);
3148                                 buf[1] = cpu_to_le32(c->u.port.low_port);
3149                                 buf[2] = cpu_to_le32(c->u.port.high_port);
3150                                 rc = put_entry(buf, sizeof(u32), 3, fp);
3151                                 if (rc)
3152                                         return rc;
3153                                 rc = context_write(p, &c->context[0], fp);
3154                                 if (rc)
3155                                         return rc;
3156                                 break;
3157                         case OCON_NODE:
3158                                 nodebuf[0] = c->u.node.addr; /* network order */
3159                                 nodebuf[1] = c->u.node.mask; /* network order */
3160                                 rc = put_entry(nodebuf, sizeof(u32), 2, fp);
3161                                 if (rc)
3162                                         return rc;
3163                                 rc = context_write(p, &c->context[0], fp);
3164                                 if (rc)
3165                                         return rc;
3166                                 break;
3167                         case OCON_FSUSE:
3168                                 buf[0] = cpu_to_le32(c->v.behavior);
3169                                 len = strlen(c->u.name);
3170                                 buf[1] = cpu_to_le32(len);
3171                                 rc = put_entry(buf, sizeof(u32), 2, fp);
3172                                 if (rc)
3173                                         return rc;
3174                                 rc = put_entry(c->u.name, 1, len, fp);
3175                                 if (rc)
3176                                         return rc;
3177                                 rc = context_write(p, &c->context[0], fp);
3178                                 if (rc)
3179                                         return rc;
3180                                 break;
3181                         case OCON_NODE6:
3182                                 for (j = 0; j < 4; j++)
3183                                         nodebuf[j] = c->u.node6.addr[j]; /* network order */
3184                                 for (j = 0; j < 4; j++)
3185                                         nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */
3186                                 rc = put_entry(nodebuf, sizeof(u32), 8, fp);
3187                                 if (rc)
3188                                         return rc;
3189                                 rc = context_write(p, &c->context[0], fp);
3190                                 if (rc)
3191                                         return rc;
3192                                 break;
3193                         case OCON_IBPKEY:
3194                                 *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix);
3195 
3196                                 nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey);
3197                                 nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey);
3198 
3199                                 rc = put_entry(nodebuf, sizeof(u32), 4, fp);
3200                                 if (rc)
3201                                         return rc;
3202                                 rc = context_write(p, &c->context[0], fp);
3203                                 if (rc)
3204                                         return rc;
3205                                 break;
3206                         case OCON_IBENDPORT:
3207                                 len = strlen(c->u.ibendport.dev_name);
3208                                 buf[0] = cpu_to_le32(len);
3209                                 buf[1] = cpu_to_le32(c->u.ibendport.port);
3210                                 rc = put_entry(buf, sizeof(u32), 2, fp);
3211                                 if (rc)
3212                                         return rc;
3213                                 rc = put_entry(c->u.ibendport.dev_name, 1, len, fp);
3214                                 if (rc)
3215                                         return rc;
3216                                 rc = context_write(p, &c->context[0], fp);
3217                                 if (rc)
3218                                         return rc;
3219                                 break;
3220                         }
3221                 }
3222         }
3223         return 0;
3224 }
3225 
3226 static int genfs_write(struct policydb *p, void *fp)
3227 {
3228         struct genfs *genfs;
3229         struct ocontext *c;
3230         size_t len;
3231         __le32 buf[1];
3232         int rc;
3233 
3234         len = 0;
3235         for (genfs = p->genfs; genfs; genfs = genfs->next)
3236                 len++;
3237         buf[0] = cpu_to_le32(len);
3238         rc = put_entry(buf, sizeof(u32), 1, fp);
3239         if (rc)
3240                 return rc;
3241         for (genfs = p->genfs; genfs; genfs = genfs->next) {
3242                 len = strlen(genfs->fstype);
3243                 buf[0] = cpu_to_le32(len);
3244                 rc = put_entry(buf, sizeof(u32), 1, fp);
3245                 if (rc)
3246                         return rc;
3247                 rc = put_entry(genfs->fstype, 1, len, fp);
3248                 if (rc)
3249                         return rc;
3250                 len = 0;
3251                 for (c = genfs->head; c; c = c->next)
3252                         len++;
3253                 buf[0] = cpu_to_le32(len);
3254                 rc = put_entry(buf, sizeof(u32), 1, fp);
3255                 if (rc)
3256                         return rc;
3257                 for (c = genfs->head; c; c = c->next) {
3258                         len = strlen(c->u.name);
3259                         buf[0] = cpu_to_le32(len);
3260                         rc = put_entry(buf, sizeof(u32), 1, fp);
3261                         if (rc)
3262                                 return rc;
3263                         rc = put_entry(c->u.name, 1, len, fp);
3264                         if (rc)
3265                                 return rc;
3266                         buf[0] = cpu_to_le32(c->v.sclass);
3267                         rc = put_entry(buf, sizeof(u32), 1, fp);
3268                         if (rc)
3269                                 return rc;
3270                         rc = context_write(p, &c->context[0], fp);
3271                         if (rc)
3272                                 return rc;
3273                 }
3274         }
3275         return 0;
3276 }
3277 
3278 static int hashtab_cnt(void *key, void *data, void *ptr)
3279 {
3280         int *cnt = ptr;
3281         *cnt = *cnt + 1;
3282 
3283         return 0;
3284 }
3285 
3286 static int range_write_helper(void *key, void *data, void *ptr)
3287 {
3288         __le32 buf[2];
3289         struct range_trans *rt = key;
3290         struct mls_range *r = data;
3291         struct policy_data *pd = ptr;
3292         void *fp = pd->fp;
3293         struct policydb *p = pd->p;
3294         int rc;
3295 
3296         buf[0] = cpu_to_le32(rt->source_type);
3297         buf[1] = cpu_to_le32(rt->target_type);
3298         rc = put_entry(buf, sizeof(u32), 2, fp);
3299         if (rc)
3300                 return rc;
3301         if (p->policyvers >= POLICYDB_VERSION_RANGETRANS) {
3302                 buf[0] = cpu_to_le32(rt->target_class);
3303                 rc = put_entry(buf, sizeof(u32), 1, fp);
3304                 if (rc)
3305                         return rc;
3306         }
3307         rc = mls_write_range_helper(r, fp);
3308         if (rc)
3309                 return rc;
3310 
3311         return 0;
3312 }
3313 
3314 static int range_write(struct policydb *p, void *fp)
3315 {
3316         __le32 buf[1];
3317         int rc, nel;
3318         struct policy_data pd;
3319 
3320         pd.p = p;
3321         pd.fp = fp;
3322 
3323         /* count the number of entries in the hashtab */
3324         nel = 0;
3325         rc = hashtab_map(p->range_tr, hashtab_cnt, &nel);
3326         if (rc)
3327                 return rc;
3328 
3329         buf[0] = cpu_to_le32(nel);
3330         rc = put_entry(buf, sizeof(u32), 1, fp);
3331         if (rc)
3332                 return rc;
3333 
3334         /* actually write all of the entries */
3335         rc = hashtab_map(p->range_tr, range_write_helper, &pd);
3336         if (rc)
3337                 return rc;
3338 
3339         return 0;
3340 }
3341 
3342 static int filename_write_helper(void *key, void *data, void *ptr)
3343 {
3344         __le32 buf[4];
3345         struct filename_trans *ft = key;
3346         struct filename_trans_datum *otype = data;
3347         void *fp = ptr;
3348         int rc;
3349         u32 len;
3350 
3351         len = strlen(ft->name);
3352         buf[0] = cpu_to_le32(len);
3353         rc = put_entry(buf, sizeof(u32), 1, fp);
3354         if (rc)
3355                 return rc;
3356 
3357         rc = put_entry(ft->name, sizeof(char), len, fp);
3358         if (rc)
3359                 return rc;
3360 
3361         buf[0] = cpu_to_le32(ft->stype);
3362         buf[1] = cpu_to_le32(ft->ttype);
3363         buf[2] = cpu_to_le32(ft->tclass);
3364         buf[3] = cpu_to_le32(otype->otype);
3365 
3366         rc = put_entry(buf, sizeof(u32), 4, fp);
3367         if (rc)
3368                 return rc;
3369 
3370         return 0;
3371 }
3372 
3373 static int filename_trans_write(struct policydb *p, void *fp)
3374 {
3375         u32 nel;
3376         __le32 buf[1];
3377         int rc;
3378 
3379         if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS)
3380                 return 0;
3381 
3382         nel = 0;
3383         rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel);
3384         if (rc)
3385                 return rc;
3386 
3387         buf[0] = cpu_to_le32(nel);
3388         rc = put_entry(buf, sizeof(u32), 1, fp);
3389         if (rc)
3390                 return rc;
3391 
3392         rc = hashtab_map(p->filename_trans, filename_write_helper, fp);
3393         if (rc)
3394                 return rc;
3395 
3396         return 0;
3397 }
3398 
3399 /*
3400  * Write the configuration data in a policy database
3401  * structure to a policy database binary representation
3402  * file.
3403  */
3404 int policydb_write(struct policydb *p, void *fp)
3405 {
3406         unsigned int i, num_syms;
3407         int rc;
3408         __le32 buf[4];
3409         u32 config;
3410         size_t len;
3411         struct policydb_compat_info *info;
3412 
3413         /*
3414          * refuse to write policy older than compressed avtab
3415          * to simplify the writer.  There are other tests dropped
3416          * since we assume this throughout the writer code.  Be
3417          * careful if you ever try to remove this restriction
3418          */
3419         if (p->policyvers < POLICYDB_VERSION_AVTAB) {
3420                 printk(KERN_ERR "SELinux: refusing to write policy version %d."
3421                        "  Because it is less than version %d\n", p->policyvers,
3422                        POLICYDB_VERSION_AVTAB);
3423                 return -EINVAL;
3424         }
3425 
3426         config = 0;
3427         if (p->mls_enabled)
3428                 config |= POLICYDB_CONFIG_MLS;
3429 
3430         if (p->reject_unknown)
3431                 config |= REJECT_UNKNOWN;
3432         if (p->allow_unknown)
3433                 config |= ALLOW_UNKNOWN;
3434 
3435         /* Write the magic number and string identifiers. */
3436         buf[0] = cpu_to_le32(POLICYDB_MAGIC);
3437         len = strlen(POLICYDB_STRING);
3438         buf[1] = cpu_to_le32(len);
3439         rc = put_entry(buf, sizeof(u32), 2, fp);
3440         if (rc)
3441                 return rc;
3442         rc = put_entry(POLICYDB_STRING, 1, len, fp);
3443         if (rc)
3444                 return rc;
3445 
3446         /* Write the version, config, and table sizes. */
3447         info = policydb_lookup_compat(p->policyvers);
3448         if (!info) {
3449                 printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
3450                     "version %d", p->policyvers);
3451                 return -EINVAL;
3452         }
3453 
3454         buf[0] = cpu_to_le32(p->policyvers);
3455         buf[1] = cpu_to_le32(config);
3456         buf[2] = cpu_to_le32(info->sym_num);
3457         buf[3] = cpu_to_le32(info->ocon_num);
3458 
3459         rc = put_entry(buf, sizeof(u32), 4, fp);
3460         if (rc)
3461                 return rc;
3462 
3463         if (p->policyvers >= POLICYDB_VERSION_POLCAP) {
3464                 rc = ebitmap_write(&p->policycaps, fp);
3465                 if (rc)
3466                         return rc;
3467         }
3468 
3469         if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE) {
3470                 rc = ebitmap_write(&p->permissive_map, fp);
3471                 if (rc)
3472                         return rc;
3473         }
3474 
3475         num_syms = info->sym_num;
3476         for (i = 0; i < num_syms; i++) {
3477                 struct policy_data pd;
3478 
3479                 pd.fp = fp;
3480                 pd.p = p;
3481 
3482                 buf[0] = cpu_to_le32(p->symtab[i].nprim);
3483                 buf[1] = cpu_to_le32(p->symtab[i].table->nel);
3484 
3485                 rc = put_entry(buf, sizeof(u32), 2, fp);
3486                 if (rc)
3487                         return rc;
3488                 rc = hashtab_map(p->symtab[i].table, write_f[i], &pd);
3489                 if (rc)
3490                         return rc;
3491         }
3492 
3493         rc = avtab_write(p, &p->te_avtab, fp);
3494         if (rc)
3495                 return rc;
3496 
3497         rc = cond_write_list(p, p->cond_list, fp);
3498         if (rc)
3499                 return rc;
3500 
3501         rc = role_trans_write(p, fp);
3502         if (rc)
3503                 return rc;
3504 
3505         rc = role_allow_write(p->role_allow, fp);
3506         if (rc)
3507                 return rc;
3508 
3509         rc = filename_trans_write(p, fp);
3510         if (rc)
3511                 return rc;
3512 
3513         rc = ocontext_write(p, info, fp);
3514         if (rc)
3515                 return rc;
3516 
3517         rc = genfs_write(p, fp);
3518         if (rc)
3519                 return rc;
3520 
3521         rc = range_write(p, fp);
3522         if (rc)
3523                 return rc;
3524 
3525         for (i = 0; i < p->p_types.nprim; i++) {
3526                 struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
3527 
3528                 BUG_ON(!e);
3529                 rc = ebitmap_write(e, fp);
3530                 if (rc)
3531                         return rc;
3532         }
3533 
3534         return 0;
3535 }
3536 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp