1
2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3
4/*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 *	Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * 	Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc.  James Morris <jmorris@redhat.com>
14 *      Fine-grained netlink support
15 *      IPv6 support
16 *      Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 *
22 *  This library is free software; you can redistribute it and/or
23 *  modify it under the terms of the GNU Lesser General Public
24 *  License as published by the Free Software Foundation; either
25 *  version 2.1 of the License, or (at your option) any later version.
26 *
27 *  This library is distributed in the hope that it will be useful,
28 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
29 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
30 *  Lesser General Public License for more details.
31 *
32 *  You should have received a copy of the GNU Lesser General Public
33 *  License along with this library; if not, write to the Free Software
34 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
35 */
36
37/* FLASK */
38
39/*
40 * Implementation of the policy database.
41 */
42
43#include <assert.h>
44#include <stdlib.h>
45
46#include <sepol/policydb/policydb.h>
47#include <sepol/policydb/expand.h>
48#include <sepol/policydb/conditional.h>
49#include <sepol/policydb/avrule_block.h>
50#include <sepol/policydb/util.h>
51#include <sepol/policydb/flask.h>
52
53#include "private.h"
54#include "debug.h"
55#include "mls.h"
56
57#define POLICYDB_TARGET_SZ   ARRAY_SIZE(policydb_target_strings)
58char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
59
60/* These need to be updated if SYM_NUM or OCON_NUM changes */
61static struct policydb_compat_info policydb_compat[] = {
62	{
63	 .type = POLICY_KERN,
64	 .version = POLICYDB_VERSION_BOUNDARY,
65	 .sym_num = SYM_NUM,
66	 .ocon_num = OCON_XEN_PCIDEVICE + 1,
67	 .target_platform = SEPOL_TARGET_XEN,
68	 },
69	{
70	 .type = POLICY_KERN,
71	 .version = POLICYDB_VERSION_BASE,
72	 .sym_num = SYM_NUM - 3,
73	 .ocon_num = OCON_FSUSE + 1,
74	 .target_platform = SEPOL_TARGET_SELINUX,
75	 },
76	{
77	 .type = POLICY_KERN,
78	 .version = POLICYDB_VERSION_BOOL,
79	 .sym_num = SYM_NUM - 2,
80	 .ocon_num = OCON_FSUSE + 1,
81	 .target_platform = SEPOL_TARGET_SELINUX,
82	 },
83	{
84	 .type = POLICY_KERN,
85	 .version = POLICYDB_VERSION_IPV6,
86	 .sym_num = SYM_NUM - 2,
87	 .ocon_num = OCON_NODE6 + 1,
88	 .target_platform = SEPOL_TARGET_SELINUX,
89	 },
90	{
91	 .type = POLICY_KERN,
92	 .version = POLICYDB_VERSION_NLCLASS,
93	 .sym_num = SYM_NUM - 2,
94	 .ocon_num = OCON_NODE6 + 1,
95	 .target_platform = SEPOL_TARGET_SELINUX,
96	 },
97	{
98	 .type = POLICY_KERN,
99	 .version = POLICYDB_VERSION_MLS,
100	 .sym_num = SYM_NUM,
101	 .ocon_num = OCON_NODE6 + 1,
102	 .target_platform = SEPOL_TARGET_SELINUX,
103	 },
104	{
105	 .type = POLICY_KERN,
106	 .version = POLICYDB_VERSION_AVTAB,
107	 .sym_num = SYM_NUM,
108	 .ocon_num = OCON_NODE6 + 1,
109	 .target_platform = SEPOL_TARGET_SELINUX,
110	 },
111	{
112	 .type = POLICY_KERN,
113	 .version = POLICYDB_VERSION_RANGETRANS,
114	 .sym_num = SYM_NUM,
115	 .ocon_num = OCON_NODE6 + 1,
116	 .target_platform = SEPOL_TARGET_SELINUX,
117	 },
118	{
119	 .type = POLICY_KERN,
120	 .version = POLICYDB_VERSION_POLCAP,
121	 .sym_num = SYM_NUM,
122	 .ocon_num = OCON_NODE6 + 1,
123	 .target_platform = SEPOL_TARGET_SELINUX,
124	 },
125	{
126	 .type = POLICY_KERN,
127	 .version = POLICYDB_VERSION_PERMISSIVE,
128	 .sym_num = SYM_NUM,
129	 .ocon_num = OCON_NODE6 + 1,
130	 .target_platform = SEPOL_TARGET_SELINUX,
131	 },
132        {
133	 .type = POLICY_KERN,
134	 .version = POLICYDB_VERSION_BOUNDARY,
135	 .sym_num = SYM_NUM,
136	 .ocon_num = OCON_NODE6 + 1,
137	 .target_platform = SEPOL_TARGET_SELINUX,
138	},
139	{
140	 .type = POLICY_KERN,
141	 .version = POLICYDB_VERSION_FILENAME_TRANS,
142	 .sym_num = SYM_NUM,
143	 .ocon_num = OCON_NODE6 + 1,
144	 .target_platform = SEPOL_TARGET_SELINUX,
145	},
146	{
147	 .type = POLICY_KERN,
148	 .version = POLICYDB_VERSION_ROLETRANS,
149	 .sym_num = SYM_NUM,
150	 .ocon_num = OCON_NODE6 + 1,
151	 .target_platform = SEPOL_TARGET_SELINUX,
152	},
153	{
154	 .type = POLICY_BASE,
155	 .version = MOD_POLICYDB_VERSION_BASE,
156	 .sym_num = SYM_NUM,
157	 .ocon_num = OCON_NODE6 + 1,
158	 .target_platform = SEPOL_TARGET_SELINUX,
159	 },
160	{
161	 .type = POLICY_BASE,
162	 .version = MOD_POLICYDB_VERSION_MLS,
163	 .sym_num = SYM_NUM,
164	 .ocon_num = OCON_NODE6 + 1,
165	 .target_platform = SEPOL_TARGET_SELINUX,
166	 },
167	{
168	 .type = POLICY_BASE,
169	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
170	 .sym_num = SYM_NUM,
171	 .ocon_num = OCON_NODE6 + 1,
172	 .target_platform = SEPOL_TARGET_SELINUX,
173	 },
174	{
175	 .type = POLICY_BASE,
176	 .version = MOD_POLICYDB_VERSION_POLCAP,
177	 .sym_num = SYM_NUM,
178	 .ocon_num = OCON_NODE6 + 1,
179	 .target_platform = SEPOL_TARGET_SELINUX,
180	 },
181	{
182	 .type = POLICY_BASE,
183	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
184	 .sym_num = SYM_NUM,
185	 .ocon_num = OCON_NODE6 + 1,
186	 .target_platform = SEPOL_TARGET_SELINUX,
187	 },
188	{
189	 .type = POLICY_BASE,
190	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
191	 .sym_num = SYM_NUM,
192	 .ocon_num = OCON_NODE6 + 1,
193	 .target_platform = SEPOL_TARGET_SELINUX,
194	},
195	{
196	 .type = POLICY_BASE,
197	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
198	 .sym_num = SYM_NUM,
199	 .ocon_num = OCON_NODE6 + 1,
200	 .target_platform = SEPOL_TARGET_SELINUX,
201	},
202	{
203	 .type = POLICY_BASE,
204	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
205	 .sym_num = SYM_NUM,
206	 .ocon_num = OCON_NODE6 + 1,
207	 .target_platform = SEPOL_TARGET_SELINUX,
208	},
209	{
210	 .type = POLICY_BASE,
211	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
212	 .sym_num = SYM_NUM,
213	 .ocon_num = OCON_NODE6 + 1,
214	 .target_platform = SEPOL_TARGET_SELINUX,
215	},
216	{
217	 .type = POLICY_BASE,
218	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
219	 .sym_num = SYM_NUM,
220	 .ocon_num = OCON_NODE6 + 1,
221	 .target_platform = SEPOL_TARGET_SELINUX,
222	},
223	{
224	 .type = POLICY_BASE,
225	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
226	 .sym_num = SYM_NUM,
227	 .ocon_num = OCON_NODE6 + 1,
228	 .target_platform = SEPOL_TARGET_SELINUX,
229	},
230	{
231	 .type = POLICY_MOD,
232	 .version = MOD_POLICYDB_VERSION_BASE,
233	 .sym_num = SYM_NUM,
234	 .ocon_num = 0,
235	 .target_platform = SEPOL_TARGET_SELINUX,
236	 },
237	{
238	 .type = POLICY_MOD,
239	 .version = MOD_POLICYDB_VERSION_MLS,
240	 .sym_num = SYM_NUM,
241	 .ocon_num = 0,
242	 .target_platform = SEPOL_TARGET_SELINUX,
243	 },
244	{
245	 .type = POLICY_MOD,
246	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
247	 .sym_num = SYM_NUM,
248	 .ocon_num = 0,
249	 .target_platform = SEPOL_TARGET_SELINUX,
250	 },
251	{
252	 .type = POLICY_MOD,
253	 .version = MOD_POLICYDB_VERSION_POLCAP,
254	 .sym_num = SYM_NUM,
255	 .ocon_num = 0,
256	 .target_platform = SEPOL_TARGET_SELINUX,
257	 },
258	{
259	 .type = POLICY_MOD,
260	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
261	 .sym_num = SYM_NUM,
262	 .ocon_num = 0,
263	 .target_platform = SEPOL_TARGET_SELINUX,
264	 },
265	{
266	 .type = POLICY_MOD,
267	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
268	 .sym_num = SYM_NUM,
269	 .ocon_num = 0,
270	 .target_platform = SEPOL_TARGET_SELINUX,
271	},
272	{
273	 .type = POLICY_MOD,
274	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
275	 .sym_num = SYM_NUM,
276	 .ocon_num = 0,
277	 .target_platform = SEPOL_TARGET_SELINUX,
278	},
279	{
280	 .type = POLICY_MOD,
281	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
282	 .sym_num = SYM_NUM,
283	 .ocon_num = 0,
284	 .target_platform = SEPOL_TARGET_SELINUX,
285	},
286	{
287	 .type = POLICY_MOD,
288	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
289	 .sym_num = SYM_NUM,
290	 .ocon_num = 0,
291	 .target_platform = SEPOL_TARGET_SELINUX,
292	},
293	{
294	 .type = POLICY_MOD,
295	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
296	 .sym_num = SYM_NUM,
297	 .ocon_num = 0,
298	 .target_platform = SEPOL_TARGET_SELINUX,
299	},
300	{
301	 .type = POLICY_MOD,
302	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
303	 .sym_num = SYM_NUM,
304	 .ocon_num = 0,
305	 .target_platform = SEPOL_TARGET_SELINUX,
306	},
307};
308
309#if 0
310static char *symtab_name[SYM_NUM] = {
311	"common prefixes",
312	"classes",
313	"roles",
314	"types",
315	"users",
316	"bools" mls_symtab_names cond_symtab_names
317};
318#endif
319
320static unsigned int symtab_sizes[SYM_NUM] = {
321	2,
322	32,
323	16,
324	512,
325	128,
326	16,
327	16,
328	16,
329};
330
331struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
332						    unsigned int type,
333						unsigned int target_platform)
334{
335	unsigned int i;
336	struct policydb_compat_info *info = NULL;
337
338	for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
339		if (policydb_compat[i].version == version &&
340		    policydb_compat[i].type == type &&
341		    policydb_compat[i].target_platform == target_platform) {
342			info = &policydb_compat[i];
343			break;
344		}
345	}
346	return info;
347}
348
349void type_set_init(type_set_t * x)
350{
351	memset(x, 0, sizeof(type_set_t));
352	ebitmap_init(&x->types);
353	ebitmap_init(&x->negset);
354}
355
356void type_set_destroy(type_set_t * x)
357{
358	if (x != NULL) {
359		ebitmap_destroy(&x->types);
360		ebitmap_destroy(&x->negset);
361	}
362}
363
364void role_set_init(role_set_t * x)
365{
366	memset(x, 0, sizeof(role_set_t));
367	ebitmap_init(&x->roles);
368}
369
370void role_set_destroy(role_set_t * x)
371{
372	ebitmap_destroy(&x->roles);
373}
374
375void role_datum_init(role_datum_t * x)
376{
377	memset(x, 0, sizeof(role_datum_t));
378	ebitmap_init(&x->dominates);
379	type_set_init(&x->types);
380	ebitmap_init(&x->cache);
381	ebitmap_init(&x->roles);
382}
383
384void role_datum_destroy(role_datum_t * x)
385{
386	if (x != NULL) {
387		ebitmap_destroy(&x->dominates);
388		type_set_destroy(&x->types);
389		ebitmap_destroy(&x->cache);
390		ebitmap_destroy(&x->roles);
391	}
392}
393
394void type_datum_init(type_datum_t * x)
395{
396	memset(x, 0, sizeof(*x));
397	ebitmap_init(&x->types);
398}
399
400void type_datum_destroy(type_datum_t * x)
401{
402	if (x != NULL) {
403		ebitmap_destroy(&x->types);
404	}
405}
406
407void user_datum_init(user_datum_t * x)
408{
409	memset(x, 0, sizeof(user_datum_t));
410	role_set_init(&x->roles);
411	mls_semantic_range_init(&x->range);
412	mls_semantic_level_init(&x->dfltlevel);
413	ebitmap_init(&x->cache);
414	mls_range_init(&x->exp_range);
415	mls_level_init(&x->exp_dfltlevel);
416}
417
418void user_datum_destroy(user_datum_t * x)
419{
420	if (x != NULL) {
421		role_set_destroy(&x->roles);
422		mls_semantic_range_destroy(&x->range);
423		mls_semantic_level_destroy(&x->dfltlevel);
424		ebitmap_destroy(&x->cache);
425		mls_range_destroy(&x->exp_range);
426		mls_level_destroy(&x->exp_dfltlevel);
427	}
428}
429
430void level_datum_init(level_datum_t * x)
431{
432	memset(x, 0, sizeof(level_datum_t));
433}
434
435void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
436{
437	/* the mls_level_t referenced by the level_datum is managed
438	 * separately for now, so there is nothing to destroy */
439	return;
440}
441
442void cat_datum_init(cat_datum_t * x)
443{
444	memset(x, 0, sizeof(cat_datum_t));
445}
446
447void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
448{
449	/* it's currently a simple struct - really nothing to destroy */
450	return;
451}
452
453void class_perm_node_init(class_perm_node_t * x)
454{
455	memset(x, 0, sizeof(class_perm_node_t));
456}
457
458void avrule_init(avrule_t * x)
459{
460	memset(x, 0, sizeof(avrule_t));
461	type_set_init(&x->stypes);
462	type_set_init(&x->ttypes);
463}
464
465void avrule_destroy(avrule_t * x)
466{
467	class_perm_node_t *cur, *next;
468
469	if (x == NULL) {
470		return;
471	}
472	type_set_destroy(&x->stypes);
473	type_set_destroy(&x->ttypes);
474
475	next = x->perms;
476	while (next) {
477		cur = next;
478		next = cur->next;
479		free(cur);
480	}
481}
482
483void role_trans_rule_init(role_trans_rule_t * x)
484{
485	memset(x, 0, sizeof(*x));
486	role_set_init(&x->roles);
487	type_set_init(&x->types);
488	ebitmap_init(&x->classes);
489}
490
491void role_trans_rule_destroy(role_trans_rule_t * x)
492{
493	if (x != NULL) {
494		role_set_destroy(&x->roles);
495		type_set_destroy(&x->types);
496		ebitmap_destroy(&x->classes);
497	}
498}
499
500void role_trans_rule_list_destroy(role_trans_rule_t * x)
501{
502	while (x != NULL) {
503		role_trans_rule_t *next = x->next;
504		role_trans_rule_destroy(x);
505		free(x);
506		x = next;
507	}
508}
509
510void filename_trans_rule_init(filename_trans_rule_t * x)
511{
512	memset(x, 0, sizeof(*x));
513	type_set_init(&x->stypes);
514	type_set_init(&x->ttypes);
515}
516
517static void filename_trans_rule_destroy(filename_trans_rule_t * x)
518{
519	if (!x)
520		return;
521	type_set_destroy(&x->stypes);
522	type_set_destroy(&x->ttypes);
523	free(x->name);
524}
525
526void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
527{
528	filename_trans_rule_t *next;
529	while (x) {
530		next = x->next;
531		filename_trans_rule_destroy(x);
532		free(x);
533		x = next;
534	}
535}
536
537void role_allow_rule_init(role_allow_rule_t * x)
538{
539	memset(x, 0, sizeof(role_allow_rule_t));
540	role_set_init(&x->roles);
541	role_set_init(&x->new_roles);
542}
543
544void role_allow_rule_destroy(role_allow_rule_t * x)
545{
546	role_set_destroy(&x->roles);
547	role_set_destroy(&x->new_roles);
548}
549
550void role_allow_rule_list_destroy(role_allow_rule_t * x)
551{
552	while (x != NULL) {
553		role_allow_rule_t *next = x->next;
554		role_allow_rule_destroy(x);
555		free(x);
556		x = next;
557	}
558}
559
560void range_trans_rule_init(range_trans_rule_t * x)
561{
562	type_set_init(&x->stypes);
563	type_set_init(&x->ttypes);
564	ebitmap_init(&x->tclasses);
565	mls_semantic_range_init(&x->trange);
566	x->next = NULL;
567}
568
569void range_trans_rule_destroy(range_trans_rule_t * x)
570{
571	type_set_destroy(&x->stypes);
572	type_set_destroy(&x->ttypes);
573	ebitmap_destroy(&x->tclasses);
574	mls_semantic_range_destroy(&x->trange);
575}
576
577void range_trans_rule_list_destroy(range_trans_rule_t * x)
578{
579	while (x != NULL) {
580		range_trans_rule_t *next = x->next;
581		range_trans_rule_destroy(x);
582		free(x);
583		x = next;
584	}
585}
586
587void avrule_list_destroy(avrule_t * x)
588{
589	avrule_t *next, *cur;
590
591	if (!x)
592		return;
593
594	next = x;
595	while (next) {
596		cur = next;
597		next = next->next;
598		avrule_destroy(cur);
599		free(cur);
600	}
601}
602
603/*
604 * Initialize the role table by implicitly adding role 'object_r'.  If
605 * the policy is a module, set object_r's scope to be SCOPE_REQ,
606 * otherwise set it to SCOPE_DECL.
607 */
608static int roles_init(policydb_t * p)
609{
610	char *key = 0;
611	int rc;
612	role_datum_t *role;
613
614	role = calloc(1, sizeof(role_datum_t));
615	if (!role) {
616		rc = -ENOMEM;
617		goto out;
618	}
619	key = malloc(strlen(OBJECT_R) + 1);
620	if (!key) {
621		rc = -ENOMEM;
622		goto out_free_role;
623	}
624	strcpy(key, OBJECT_R);
625	rc = symtab_insert(p, SYM_ROLES, key, role,
626			   (p->policy_type ==
627			    POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
628			   &role->s.value);
629	if (rc)
630		goto out_free_key;
631	if (role->s.value != OBJECT_R_VAL) {
632		rc = -EINVAL;
633		goto out_free_role;
634	}
635      out:
636	return rc;
637
638      out_free_key:
639	free(key);
640      out_free_role:
641	free(role);
642	goto out;
643}
644
645/*
646 * Initialize a policy database structure.
647 */
648int policydb_init(policydb_t * p)
649{
650	int i, rc;
651
652	memset(p, 0, sizeof(policydb_t));
653
654	ebitmap_init(&p->policycaps);
655
656	ebitmap_init(&p->permissive_map);
657
658	for (i = 0; i < SYM_NUM; i++) {
659		p->sym_val_to_name[i] = NULL;
660		rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
661		if (rc)
662			goto out_free_symtab;
663	}
664
665	/* initialize the module stuff */
666	for (i = 0; i < SYM_NUM; i++) {
667		if (symtab_init(&p->scope[i], symtab_sizes[i])) {
668			goto out_free_symtab;
669		}
670	}
671	if ((p->global = avrule_block_create()) == NULL ||
672	    (p->global->branch_list = avrule_decl_create(1)) == NULL) {
673		goto out_free_symtab;
674	}
675	p->decl_val_to_struct = NULL;
676
677	rc = avtab_init(&p->te_avtab);
678	if (rc)
679		goto out_free_symtab;
680
681	rc = roles_init(p);
682	if (rc)
683		goto out_free_symtab;
684
685	rc = cond_policydb_init(p);
686	if (rc)
687		goto out_free_symtab;
688      out:
689	return rc;
690
691      out_free_symtab:
692	for (i = 0; i < SYM_NUM; i++) {
693		hashtab_destroy(p->symtab[i].table);
694		hashtab_destroy(p->scope[i].table);
695	}
696	avrule_block_list_destroy(p->global);
697	goto out;
698}
699
700int policydb_role_cache(hashtab_key_t key
701			__attribute__ ((unused)), hashtab_datum_t datum,
702			void *arg)
703{
704	policydb_t *p;
705	role_datum_t *role;
706
707	role = (role_datum_t *) datum;
708	p = (policydb_t *) arg;
709
710	ebitmap_destroy(&role->cache);
711	if (type_set_expand(&role->types, &role->cache, p, 1)) {
712		return -1;
713	}
714
715	return 0;
716}
717
718int policydb_user_cache(hashtab_key_t key
719			__attribute__ ((unused)), hashtab_datum_t datum,
720			void *arg)
721{
722	policydb_t *p;
723	user_datum_t *user;
724
725	user = (user_datum_t *) datum;
726	p = (policydb_t *) arg;
727
728	ebitmap_destroy(&user->cache);
729	if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
730		return -1;
731	}
732
733	/* we do not expand user's MLS info in kernel policies because the
734	 * semantic representation is not present and we do not expand user's
735	 * MLS info in module policies because all of the necessary mls
736	 * information is not present */
737	if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
738		mls_range_destroy(&user->exp_range);
739		if (mls_semantic_range_expand(&user->range,
740					      &user->exp_range, p, NULL)) {
741			return -1;
742		}
743
744		mls_level_destroy(&user->exp_dfltlevel);
745		if (mls_semantic_level_expand(&user->dfltlevel,
746					      &user->exp_dfltlevel, p, NULL)) {
747			return -1;
748		}
749	}
750
751	return 0;
752}
753
754/*
755 * The following *_index functions are used to
756 * define the val_to_name and val_to_struct arrays
757 * in a policy database structure.  The val_to_name
758 * arrays are used when converting security context
759 * structures into string representations.  The
760 * val_to_struct arrays are used when the attributes
761 * of a class, role, or user are needed.
762 */
763
764static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
765{
766	policydb_t *p;
767	common_datum_t *comdatum;
768
769	comdatum = (common_datum_t *) datum;
770	p = (policydb_t *) datap;
771	if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim)
772		return -EINVAL;
773	p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
774
775	return 0;
776}
777
778static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
779{
780	policydb_t *p;
781	class_datum_t *cladatum;
782
783	cladatum = (class_datum_t *) datum;
784	p = (policydb_t *) datap;
785	if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim)
786		return -EINVAL;
787	p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
788	p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
789
790	return 0;
791}
792
793static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
794{
795	policydb_t *p;
796	role_datum_t *role;
797
798	role = (role_datum_t *) datum;
799	p = (policydb_t *) datap;
800	if (!role->s.value || role->s.value > p->p_roles.nprim)
801		return -EINVAL;
802	p->p_role_val_to_name[role->s.value - 1] = (char *)key;
803	p->role_val_to_struct[role->s.value - 1] = role;
804
805	return 0;
806}
807
808static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
809{
810	policydb_t *p;
811	type_datum_t *typdatum;
812
813	typdatum = (type_datum_t *) datum;
814	p = (policydb_t *) datap;
815
816	if (typdatum->primary) {
817		if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim)
818			return -EINVAL;
819		p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
820		p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
821	}
822
823	return 0;
824}
825
826static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
827{
828	policydb_t *p;
829	user_datum_t *usrdatum;
830
831	usrdatum = (user_datum_t *) datum;
832	p = (policydb_t *) datap;
833
834	if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim)
835		return -EINVAL;
836
837	p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
838	p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
839
840	return 0;
841}
842
843static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
844{
845	policydb_t *p;
846	level_datum_t *levdatum;
847
848	levdatum = (level_datum_t *) datum;
849	p = (policydb_t *) datap;
850
851	if (!levdatum->isalias) {
852		if (!levdatum->level->sens ||
853		    levdatum->level->sens > p->p_levels.nprim)
854			return -EINVAL;
855		p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
856	}
857
858	return 0;
859}
860
861static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
862{
863	policydb_t *p;
864	cat_datum_t *catdatum;
865
866	catdatum = (cat_datum_t *) datum;
867	p = (policydb_t *) datap;
868
869	if (!catdatum->isalias) {
870		if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim)
871			return -EINVAL;
872		p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
873	}
874
875	return 0;
876}
877
878static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
879				void *datap) = {
880common_index, class_index, role_index, type_index, user_index,
881	    cond_index_bool, sens_index, cat_index,};
882
883/*
884 * Define the common val_to_name array and the class
885 * val_to_name and val_to_struct arrays in a policy
886 * database structure.
887 */
888int policydb_index_classes(policydb_t * p)
889{
890	free(p->p_common_val_to_name);
891	p->p_common_val_to_name = (char **)
892	    malloc(p->p_commons.nprim * sizeof(char *));
893	if (!p->p_common_val_to_name)
894		return -1;
895
896	if (hashtab_map(p->p_commons.table, common_index, p))
897		return -1;
898
899	free(p->class_val_to_struct);
900	p->class_val_to_struct = (class_datum_t **)
901	    malloc(p->p_classes.nprim * sizeof(class_datum_t *));
902	if (!p->class_val_to_struct)
903		return -1;
904
905	free(p->p_class_val_to_name);
906	p->p_class_val_to_name = (char **)
907	    malloc(p->p_classes.nprim * sizeof(char *));
908	if (!p->p_class_val_to_name)
909		return -1;
910
911	if (hashtab_map(p->p_classes.table, class_index, p))
912		return -1;
913
914	return 0;
915}
916
917int policydb_index_bools(policydb_t * p)
918{
919
920	if (cond_init_bool_indexes(p) == -1)
921		return -1;
922	p->p_bool_val_to_name = (char **)
923	    malloc(p->p_bools.nprim * sizeof(char *));
924	if (!p->p_bool_val_to_name)
925		return -1;
926	if (hashtab_map(p->p_bools.table, cond_index_bool, p))
927		return -1;
928	return 0;
929}
930
931int policydb_index_decls(policydb_t * p)
932{
933	avrule_block_t *curblock;
934	avrule_decl_t *decl;
935	int num_decls = 0;
936
937	free(p->decl_val_to_struct);
938
939	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
940		for (decl = curblock->branch_list; decl != NULL;
941		     decl = decl->next) {
942			num_decls++;
943		}
944	}
945
946	p->decl_val_to_struct =
947	    calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
948	if (!p->decl_val_to_struct) {
949		return -1;
950	}
951
952	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
953		for (decl = curblock->branch_list; decl != NULL;
954		     decl = decl->next) {
955			p->decl_val_to_struct[decl->decl_id - 1] = decl;
956		}
957	}
958
959	return 0;
960}
961
962/*
963 * Define the other val_to_name and val_to_struct arrays
964 * in a policy database structure.
965 */
966int policydb_index_others(sepol_handle_t * handle,
967			  policydb_t * p, unsigned verbose)
968{
969	int i;
970
971	if (verbose) {
972		INFO(handle,
973		     "security:  %d users, %d roles, %d types, %d bools",
974		     p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
975		     p->p_bools.nprim);
976
977		if (p->mls)
978			INFO(handle, "security: %d sens, %d cats",
979			     p->p_levels.nprim, p->p_cats.nprim);
980
981		INFO(handle, "security:  %d classes, %d rules, %d cond rules",
982		     p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
983	}
984#if 0
985	avtab_hash_eval(&p->te_avtab, "rules");
986	for (i = 0; i < SYM_NUM; i++)
987		hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
988#endif
989
990	free(p->role_val_to_struct);
991	p->role_val_to_struct = (role_datum_t **)
992	    malloc(p->p_roles.nprim * sizeof(role_datum_t *));
993	if (!p->role_val_to_struct)
994		return -1;
995
996	free(p->user_val_to_struct);
997	p->user_val_to_struct = (user_datum_t **)
998	    malloc(p->p_users.nprim * sizeof(user_datum_t *));
999	if (!p->user_val_to_struct)
1000		return -1;
1001
1002	free(p->type_val_to_struct);
1003	p->type_val_to_struct = (type_datum_t **)
1004	    calloc(p->p_types.nprim, sizeof(type_datum_t *));
1005	if (!p->type_val_to_struct)
1006		return -1;
1007
1008	cond_init_bool_indexes(p);
1009
1010	for (i = SYM_ROLES; i < SYM_NUM; i++) {
1011		free(p->sym_val_to_name[i]);
1012		p->sym_val_to_name[i] = NULL;
1013		if (p->symtab[i].nprim) {
1014			p->sym_val_to_name[i] = (char **)
1015			    calloc(p->symtab[i].nprim, sizeof(char *));
1016			if (!p->sym_val_to_name[i])
1017				return -1;
1018			if (hashtab_map(p->symtab[i].table, index_f[i], p))
1019				return -1;
1020		}
1021	}
1022
1023	/* This pre-expands the roles and users for context validity checking */
1024	if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1025		return -1;
1026
1027	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1028		return -1;
1029
1030	return 0;
1031}
1032
1033/*
1034 * The following *_destroy functions are used to
1035 * free any memory allocated for each kind of
1036 * symbol data in the policy database.
1037 */
1038
1039static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1040			__attribute__ ((unused)))
1041{
1042	if (key)
1043		free(key);
1044	free(datum);
1045	return 0;
1046}
1047
1048static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1049			  __attribute__ ((unused)))
1050{
1051	common_datum_t *comdatum;
1052
1053	if (key)
1054		free(key);
1055	comdatum = (common_datum_t *) datum;
1056	hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1057	hashtab_destroy(comdatum->permissions.table);
1058	free(datum);
1059	return 0;
1060}
1061
1062static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1063			 __attribute__ ((unused)))
1064{
1065	class_datum_t *cladatum;
1066	constraint_node_t *constraint, *ctemp;
1067	constraint_expr_t *e, *etmp;
1068
1069	if (key)
1070		free(key);
1071	cladatum = (class_datum_t *) datum;
1072	if (cladatum == NULL) {
1073		return 0;
1074	}
1075	hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1076	hashtab_destroy(cladatum->permissions.table);
1077	constraint = cladatum->constraints;
1078	while (constraint) {
1079		e = constraint->expr;
1080		while (e) {
1081			etmp = e;
1082			e = e->next;
1083			constraint_expr_destroy(etmp);
1084		}
1085		ctemp = constraint;
1086		constraint = constraint->next;
1087		free(ctemp);
1088	}
1089
1090	constraint = cladatum->validatetrans;
1091	while (constraint) {
1092		e = constraint->expr;
1093		while (e) {
1094			etmp = e;
1095			e = e->next;
1096			constraint_expr_destroy(etmp);
1097		}
1098		ctemp = constraint;
1099		constraint = constraint->next;
1100		free(ctemp);
1101	}
1102
1103	if (cladatum->comkey)
1104		free(cladatum->comkey);
1105	free(datum);
1106	return 0;
1107}
1108
1109static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1110			__attribute__ ((unused)))
1111{
1112	free(key);
1113	role_datum_destroy((role_datum_t *) datum);
1114	free(datum);
1115	return 0;
1116}
1117
1118static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1119			__attribute__ ((unused)))
1120{
1121	free(key);
1122	type_datum_destroy((type_datum_t *) datum);
1123	free(datum);
1124	return 0;
1125}
1126
1127static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1128			__attribute__ ((unused)))
1129{
1130	free(key);
1131	user_datum_destroy((user_datum_t *) datum);
1132	free(datum);
1133	return 0;
1134}
1135
1136static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1137			__attribute__ ((unused)))
1138{
1139	level_datum_t *levdatum;
1140
1141	if (key)
1142		free(key);
1143	levdatum = (level_datum_t *) datum;
1144	mls_level_destroy(levdatum->level);
1145	free(levdatum->level);
1146	level_datum_destroy(levdatum);
1147	free(levdatum);
1148	return 0;
1149}
1150
1151static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1152		       __attribute__ ((unused)))
1153{
1154	if (key)
1155		free(key);
1156	cat_datum_destroy((cat_datum_t *) datum);
1157	free(datum);
1158	return 0;
1159}
1160
1161static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1162				  void *datap) = {
1163common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1164	    cond_destroy_bool, sens_destroy, cat_destroy,};
1165
1166void ocontext_selinux_free(ocontext_t **ocontexts)
1167{
1168	ocontext_t *c, *ctmp;
1169	int i;
1170
1171	for (i = 0; i < OCON_NUM; i++) {
1172		c = ocontexts[i];
1173		while (c) {
1174			ctmp = c;
1175			c = c->next;
1176			context_destroy(&ctmp->context[0]);
1177			context_destroy(&ctmp->context[1]);
1178			if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1179				|| i == OCON_FSUSE)
1180				free(ctmp->u.name);
1181			free(ctmp);
1182		}
1183	}
1184}
1185
1186void ocontext_xen_free(ocontext_t **ocontexts)
1187{
1188	ocontext_t *c, *ctmp;
1189	int i;
1190
1191	for (i = 0; i < OCON_NUM; i++) {
1192		c = ocontexts[i];
1193		while (c) {
1194			ctmp = c;
1195			c = c->next;
1196			context_destroy(&ctmp->context[0]);
1197			context_destroy(&ctmp->context[1]);
1198			if (i == OCON_ISID)
1199				free(ctmp->u.name);
1200			free(ctmp);
1201		}
1202	}
1203}
1204
1205/*
1206 * Free any memory allocated by a policy database structure.
1207 */
1208void policydb_destroy(policydb_t * p)
1209{
1210	ocontext_t *c, *ctmp;
1211	genfs_t *g, *gtmp;
1212	unsigned int i;
1213	role_allow_t *ra, *lra = NULL;
1214	role_trans_t *tr, *ltr = NULL;
1215	range_trans_t *rt, *lrt = NULL;
1216	filename_trans_t *ft, *nft;
1217
1218	if (!p)
1219		return;
1220
1221	ebitmap_destroy(&p->policycaps);
1222
1223	ebitmap_destroy(&p->permissive_map);
1224
1225	symtabs_destroy(p->symtab);
1226
1227	for (i = 0; i < SYM_NUM; i++) {
1228		if (p->sym_val_to_name[i])
1229			free(p->sym_val_to_name[i]);
1230	}
1231
1232	if (p->class_val_to_struct)
1233		free(p->class_val_to_struct);
1234	if (p->role_val_to_struct)
1235		free(p->role_val_to_struct);
1236	if (p->user_val_to_struct)
1237		free(p->user_val_to_struct);
1238	if (p->type_val_to_struct)
1239		free(p->type_val_to_struct);
1240	free(p->decl_val_to_struct);
1241
1242	for (i = 0; i < SYM_NUM; i++) {
1243		hashtab_map(p->scope[i].table, scope_destroy, 0);
1244		hashtab_destroy(p->scope[i].table);
1245	}
1246	avrule_block_list_destroy(p->global);
1247	free(p->name);
1248	free(p->version);
1249
1250	avtab_destroy(&p->te_avtab);
1251
1252	if (p->target_platform == SEPOL_TARGET_SELINUX)
1253		ocontext_selinux_free(p->ocontexts);
1254	else if (p->target_platform == SEPOL_TARGET_XEN)
1255		ocontext_xen_free(p->ocontexts);
1256
1257	g = p->genfs;
1258	while (g) {
1259		free(g->fstype);
1260		c = g->head;
1261		while (c) {
1262			ctmp = c;
1263			c = c->next;
1264			context_destroy(&ctmp->context[0]);
1265			free(ctmp->u.name);
1266			free(ctmp);
1267		}
1268		gtmp = g;
1269		g = g->next;
1270		free(gtmp);
1271	}
1272	cond_policydb_destroy(p);
1273
1274	for (tr = p->role_tr; tr; tr = tr->next) {
1275		if (ltr)
1276			free(ltr);
1277		ltr = tr;
1278	}
1279	if (ltr)
1280		free(ltr);
1281
1282	ft = p->filename_trans;
1283	while (ft) {
1284		nft = ft->next;
1285		free(ft->name);
1286		free(ft);
1287		ft = nft;
1288	}
1289
1290	for (ra = p->role_allow; ra; ra = ra->next) {
1291		if (lra)
1292			free(lra);
1293		lra = ra;
1294	}
1295	if (lra)
1296		free(lra);
1297
1298	for (rt = p->range_tr; rt; rt = rt->next) {
1299		if (lrt) {
1300			ebitmap_destroy(&lrt->target_range.level[0].cat);
1301			ebitmap_destroy(&lrt->target_range.level[1].cat);
1302			free(lrt);
1303		}
1304		lrt = rt;
1305	}
1306	if (lrt) {
1307		ebitmap_destroy(&lrt->target_range.level[0].cat);
1308		ebitmap_destroy(&lrt->target_range.level[1].cat);
1309		free(lrt);
1310	}
1311
1312	if (p->type_attr_map) {
1313		for (i = 0; i < p->p_types.nprim; i++) {
1314			ebitmap_destroy(&p->type_attr_map[i]);
1315		}
1316		free(p->type_attr_map);
1317	}
1318
1319	if (p->attr_type_map) {
1320		for (i = 0; i < p->p_types.nprim; i++) {
1321			ebitmap_destroy(&p->attr_type_map[i]);
1322		}
1323		free(p->attr_type_map);
1324	}
1325
1326	return;
1327}
1328
1329void symtabs_destroy(symtab_t * symtab)
1330{
1331	int i;
1332	for (i = 0; i < SYM_NUM; i++) {
1333		hashtab_map(symtab[i].table, destroy_f[i], 0);
1334		hashtab_destroy(symtab[i].table);
1335	}
1336}
1337
1338int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1339		  __attribute__ ((unused)))
1340{
1341	scope_datum_t *cur = (scope_datum_t *) datum;
1342	free(key);
1343	if (cur != NULL) {
1344		free(cur->decl_ids);
1345	}
1346	free(cur);
1347	return 0;
1348}
1349
1350hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
1351{
1352	if (sym_num < 0 || sym_num >= SYM_NUM) {
1353		return NULL;
1354	}
1355	return (hashtab_destroy_func_t) destroy_f[sym_num];
1356}
1357
1358/*
1359 * Load the initial SIDs specified in a policy database
1360 * structure into a SID table.
1361 */
1362int policydb_load_isids(policydb_t * p, sidtab_t * s)
1363{
1364	ocontext_t *head, *c;
1365
1366	if (sepol_sidtab_init(s)) {
1367		ERR(NULL, "out of memory on SID table init");
1368		return -1;
1369	}
1370
1371	head = p->ocontexts[OCON_ISID];
1372	for (c = head; c; c = c->next) {
1373		if (!c->context[0].user) {
1374			ERR(NULL, "SID %s was never defined", c->u.name);
1375			return -1;
1376		}
1377		if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1378			ERR(NULL, "unable to load initial SID %s", c->u.name);
1379			return -1;
1380		}
1381	}
1382
1383	return 0;
1384}
1385
1386/* Declare a symbol for a certain avrule_block context.  Insert it
1387 * into a symbol table for a policy.  This function will handle
1388 * inserting the appropriate scope information in addition to
1389 * inserting the symbol into the hash table.
1390 *
1391 * arguments:
1392 *   policydb_t *pol       module policy to modify
1393 *   uint32_t sym          the symbole table for insertion (SYM_*)
1394 *   hashtab_key_t key     the key for the symbol - not cloned
1395 *   hashtab_datum_t data  the data for the symbol - not cloned
1396 *   scope                 scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1397 *   avrule_decl_id        identifier for this symbol's encapsulating declaration
1398 *   value (out)           assigned value to the symbol (if value is not NULL)
1399 *
1400 * returns:
1401 *   0                     success
1402 *   1                     success, but symbol already existed as a requirement
1403 *                         (datum was not inserted and needs to be free()d)
1404 *   -1                    general error
1405 *   -2                    scope conflicted
1406 *   -ENOMEM               memory error
1407 *   error codes from hashtab_insert
1408 */
1409int symtab_insert(policydb_t * pol, uint32_t sym,
1410		  hashtab_key_t key, hashtab_datum_t datum,
1411		  uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1412{
1413	int rc, retval = 0;
1414	unsigned int i;
1415	scope_datum_t *scope_datum;
1416
1417	/* check if the symbol is already there.  multiple
1418	 * declarations of non-roles/non-users are illegal, but
1419	 * multiple requires are allowed. */
1420
1421	/* FIX ME - the failures after the hashtab_insert will leave
1422	 * the policy in a inconsistent state. */
1423	rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1424	if (rc == SEPOL_OK) {
1425		/* if no value is passed in the symbol is not primary
1426		 * (i.e. aliases) */
1427		if (value)
1428			*value = ++pol->symtab[sym].nprim;
1429	} else if (rc == SEPOL_EEXIST) {
1430		retval = 1;	/* symbol not added -- need to free() later */
1431	} else {
1432		return rc;
1433	}
1434
1435	/* get existing scope information; if there is not one then
1436	 * create it */
1437	scope_datum =
1438	    (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1439	if (scope_datum == NULL) {
1440		hashtab_key_t key2 = strdup((char *)key);
1441		if (!key2)
1442			return -ENOMEM;
1443		if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1444			free(key2);
1445			return -ENOMEM;
1446		}
1447		scope_datum->scope = scope;
1448		scope_datum->decl_ids = NULL;
1449		scope_datum->decl_ids_len = 0;
1450		if ((rc =
1451		     hashtab_insert(pol->scope[sym].table, key2,
1452				    scope_datum)) != 0) {
1453			free(key2);
1454			free(scope_datum);
1455			return rc;
1456		}
1457	} else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1458		/* disallow multiple declarations for non-roles/users */
1459		if (sym != SYM_ROLES && sym != SYM_USERS) {
1460			return -2;
1461		}
1462		/* Further confine that a role attribute can't have the same
1463		 * name as another regular role, and a role attribute can't
1464		 * be declared more than once. */
1465		if (sym == SYM_ROLES) {
1466			role_datum_t *base_role;
1467			role_datum_t *cur_role = (role_datum_t *)datum;
1468
1469			base_role = (role_datum_t *)
1470					hashtab_search(pol->symtab[sym].table,
1471						       key);
1472			assert(base_role != NULL);
1473
1474			if (!((base_role->flavor == ROLE_ROLE) &&
1475			    (cur_role->flavor == ROLE_ROLE))) {
1476				/* Only regular roles are allowed to have
1477				 * multiple declarations. */
1478				return -2;
1479			}
1480		}
1481	} else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1482		scope_datum->scope = SCOPE_DECL;
1483	} else if (scope_datum->scope != scope) {
1484		/* This only happens in DECL then REQUIRE case, which is handled by caller */
1485		return -2;
1486	}
1487
1488	/* search through the pre-existing list to avoid adding duplicates */
1489	for (i = 0; i < scope_datum->decl_ids_len; i++) {
1490		if (scope_datum->decl_ids[i] == avrule_decl_id) {
1491			/* already there, so don't modify its scope */
1492			return retval;
1493		}
1494	}
1495
1496	if (add_i_to_a(avrule_decl_id,
1497		       &scope_datum->decl_ids_len,
1498		       &scope_datum->decl_ids) == -1) {
1499		return -ENOMEM;
1500	}
1501
1502	return retval;
1503}
1504
1505int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b)
1506{
1507	type_set_init(dst);
1508
1509	if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1510		return -1;
1511	}
1512	if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1513		return -1;
1514	}
1515
1516	dst->flags |= a->flags;
1517	dst->flags |= b->flags;
1518
1519	return 0;
1520}
1521
1522int type_set_cpy(type_set_t * dst, type_set_t * src)
1523{
1524	type_set_init(dst);
1525
1526	dst->flags = src->flags;
1527	if (ebitmap_cpy(&dst->types, &src->types))
1528		return -1;
1529	if (ebitmap_cpy(&dst->negset, &src->negset))
1530		return -1;
1531
1532	return 0;
1533}
1534
1535int type_set_or_eq(type_set_t * dst, type_set_t * other)
1536{
1537	int ret;
1538	type_set_t tmp;
1539
1540	if (type_set_or(&tmp, dst, other))
1541		return -1;
1542	type_set_destroy(dst);
1543	ret = type_set_cpy(dst, &tmp);
1544	type_set_destroy(&tmp);
1545
1546	return ret;
1547}
1548
1549int role_set_get_role(role_set_t * x, uint32_t role)
1550{
1551	if (x->flags & ROLE_STAR)
1552		return 1;
1553
1554	if (ebitmap_get_bit(&x->roles, role - 1)) {
1555		if (x->flags & ROLE_COMP)
1556			return 0;
1557		else
1558			return 1;
1559	} else {
1560		if (x->flags & ROLE_COMP)
1561			return 1;
1562		else
1563			return 0;
1564	}
1565}
1566
1567/***********************************************************************/
1568/* everything below is for policy reads */
1569
1570/* The following are read functions for module structures */
1571
1572static int role_set_read(role_set_t * r, struct policy_file *fp)
1573{
1574	uint32_t buf[1];
1575	int rc;
1576
1577	if (ebitmap_read(&r->roles, fp))
1578		return -1;
1579	rc = next_entry(buf, fp, sizeof(uint32_t));
1580	if (rc < 0)
1581		return -1;
1582	r->flags = le32_to_cpu(buf[0]);
1583
1584	return 0;
1585}
1586
1587static int type_set_read(type_set_t * t, struct policy_file *fp)
1588{
1589	uint32_t buf[1];
1590	int rc;
1591
1592	if (ebitmap_read(&t->types, fp))
1593		return -1;
1594	if (ebitmap_read(&t->negset, fp))
1595		return -1;
1596
1597	rc = next_entry(buf, fp, sizeof(uint32_t));
1598	if (rc < 0)
1599		return -1;
1600	t->flags = le32_to_cpu(buf[0]);
1601
1602	return 0;
1603}
1604
1605/*
1606 * Read a MLS range structure from a policydb binary
1607 * representation file.
1608 */
1609static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1610{
1611	uint32_t buf[2], items;
1612	int rc;
1613
1614	rc = next_entry(buf, fp, sizeof(uint32_t));
1615	if (rc < 0)
1616		goto out;
1617
1618	items = le32_to_cpu(buf[0]);
1619	if (items > ARRAY_SIZE(buf)) {
1620		ERR(fp->handle, "range overflow");
1621		rc = -EINVAL;
1622		goto out;
1623	}
1624	rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1625	if (rc < 0) {
1626		ERR(fp->handle, "truncated range");
1627		goto out;
1628	}
1629	r->level[0].sens = le32_to_cpu(buf[0]);
1630	if (items > 1)
1631		r->level[1].sens = le32_to_cpu(buf[1]);
1632	else
1633		r->level[1].sens = r->level[0].sens;
1634
1635	rc = ebitmap_read(&r->level[0].cat, fp);
1636	if (rc) {
1637		ERR(fp->handle, "error reading low categories");
1638		goto out;
1639	}
1640	if (items > 1) {
1641		rc = ebitmap_read(&r->level[1].cat, fp);
1642		if (rc) {
1643			ERR(fp->handle, "error reading high categories");
1644			goto bad_high;
1645		}
1646	} else {
1647		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1648		if (rc) {
1649			ERR(fp->handle, "out of memory");
1650			goto bad_high;
1651		}
1652	}
1653
1654	rc = 0;
1655      out:
1656	return rc;
1657      bad_high:
1658	ebitmap_destroy(&r->level[0].cat);
1659	goto out;
1660}
1661
1662/*
1663 * Read a semantic MLS level structure from a policydb binary
1664 * representation file.
1665 */
1666static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1667					  struct policy_file *fp)
1668{
1669	uint32_t buf[2], ncat;
1670	unsigned int i;
1671	mls_semantic_cat_t *cat;
1672	int rc;
1673
1674	mls_semantic_level_init(l);
1675
1676	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1677	if (rc < 0) {
1678		ERR(fp->handle, "truncated level");
1679		goto bad;
1680	}
1681	l->sens = le32_to_cpu(buf[0]);
1682
1683	ncat = le32_to_cpu(buf[1]);
1684	for (i = 0; i < ncat; i++) {
1685		cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1686		if (!cat) {
1687			ERR(fp->handle, "out of memory");
1688			goto bad;
1689		}
1690
1691		mls_semantic_cat_init(cat);
1692		cat->next = l->cat;
1693		l->cat = cat;
1694
1695		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1696		if (rc < 0) {
1697			ERR(fp->handle, "error reading level categories");
1698			goto bad;
1699		}
1700		cat->low = le32_to_cpu(buf[0]);
1701		cat->high = le32_to_cpu(buf[1]);
1702	}
1703
1704	return 0;
1705
1706      bad:
1707	return -EINVAL;
1708}
1709
1710/*
1711 * Read a semantic MLS range structure from a policydb binary
1712 * representation file.
1713 */
1714static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1715					  struct policy_file *fp)
1716{
1717	int rc;
1718
1719	rc = mls_read_semantic_level_helper(&r->level[0], fp);
1720	if (rc)
1721		return rc;
1722
1723	rc = mls_read_semantic_level_helper(&r->level[1], fp);
1724
1725	return rc;
1726}
1727
1728static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1729{
1730	unsigned int i;
1731	ebitmap_node_t *cnode;
1732	mls_semantic_cat_t *open_cat = NULL;
1733
1734	mls_semantic_level_init(sl);
1735	sl->sens = l->sens;
1736	ebitmap_for_each_bit(&l->cat, cnode, i) {
1737		if (ebitmap_node_get_bit(cnode, i)) {
1738			if (open_cat)
1739				continue;
1740			open_cat = (mls_semantic_cat_t *)
1741			    malloc(sizeof(mls_semantic_cat_t));
1742			if (!open_cat)
1743				return -1;
1744
1745			mls_semantic_cat_init(open_cat);
1746			open_cat->low = i + 1;
1747			open_cat->next = sl->cat;
1748			sl->cat = open_cat;
1749		} else {
1750			if (!open_cat)
1751				continue;
1752			open_cat->high = i;
1753			open_cat = NULL;
1754		}
1755	}
1756	if (open_cat)
1757		open_cat->high = i;
1758
1759	return 0;
1760}
1761
1762static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1763{
1764	if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1765		return -1;
1766
1767	if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1768		return -1;
1769
1770	return 0;
1771}
1772
1773/*
1774 * Read and validate a security context structure
1775 * from a policydb binary representation file.
1776 */
1777static int context_read_and_validate(context_struct_t * c,
1778				     policydb_t * p, struct policy_file *fp)
1779{
1780	uint32_t buf[3];
1781	int rc;
1782
1783	rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
1784	if (rc < 0) {
1785		ERR(fp->handle, "context truncated");
1786		return -1;
1787	}
1788	c->user = le32_to_cpu(buf[0]);
1789	c->role = le32_to_cpu(buf[1]);
1790	c->type = le32_to_cpu(buf[2]);
1791	if ((p->policy_type == POLICY_KERN
1792	     && p->policyvers >= POLICYDB_VERSION_MLS)
1793	    || (p->policy_type == POLICY_BASE
1794		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
1795		if (mls_read_range_helper(&c->range, fp)) {
1796			ERR(fp->handle, "error reading MLS range "
1797			    "of context");
1798			return -1;
1799		}
1800	}
1801
1802	if (!policydb_context_isvalid(p, c)) {
1803		ERR(fp->handle, "invalid security context");
1804		context_destroy(c);
1805		return -1;
1806	}
1807	return 0;
1808}
1809
1810/*
1811 * The following *_read functions are used to
1812 * read the symbol data from a policy database
1813 * binary representation file.
1814 */
1815
1816static int perm_read(policydb_t * p
1817		     __attribute__ ((unused)), hashtab_t h,
1818		     struct policy_file *fp)
1819{
1820	char *key = 0;
1821	perm_datum_t *perdatum;
1822	uint32_t buf[2];
1823	size_t len;
1824	int rc;
1825
1826	perdatum = calloc(1, sizeof(perm_datum_t));
1827	if (!perdatum)
1828		return -1;
1829
1830	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1831	if (rc < 0)
1832		goto bad;
1833
1834	len = le32_to_cpu(buf[0]);
1835	perdatum->s.value = le32_to_cpu(buf[1]);
1836
1837	key = malloc(len + 1);
1838	if (!key)
1839		goto bad;
1840	rc = next_entry(key, fp, len);
1841	if (rc < 0)
1842		goto bad;
1843	key[len] = 0;
1844
1845	if (hashtab_insert(h, key, perdatum))
1846		goto bad;
1847
1848	return 0;
1849
1850      bad:
1851	perm_destroy(key, perdatum, NULL);
1852	return -1;
1853}
1854
1855static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
1856{
1857	char *key = 0;
1858	common_datum_t *comdatum;
1859	uint32_t buf[4];
1860	size_t len, nel;
1861	unsigned int i;
1862	int rc;
1863
1864	comdatum = calloc(1, sizeof(common_datum_t));
1865	if (!comdatum)
1866		return -1;
1867
1868	rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
1869	if (rc < 0)
1870		goto bad;
1871
1872	len = le32_to_cpu(buf[0]);
1873	comdatum->s.value = le32_to_cpu(buf[1]);
1874
1875	if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
1876		goto bad;
1877	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
1878	nel = le32_to_cpu(buf[3]);
1879
1880	key = malloc(len + 1);
1881	if (!key)
1882		goto bad;
1883	rc = next_entry(key, fp, len);
1884	if (rc < 0)
1885		goto bad;
1886	key[len] = 0;
1887
1888	for (i = 0; i < nel; i++) {
1889		if (perm_read(p, comdatum->permissions.table, fp))
1890			goto bad;
1891	}
1892
1893	if (hashtab_insert(h, key, comdatum))
1894		goto bad;
1895
1896	return 0;
1897
1898      bad:
1899	common_destroy(key, comdatum, NULL);
1900	return -1;
1901}
1902
1903static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
1904			    unsigned int ncons,
1905			    int allowxtarget, struct policy_file *fp)
1906{
1907	constraint_node_t *c, *lc;
1908	constraint_expr_t *e, *le;
1909	uint32_t buf[3];
1910	size_t nexpr;
1911	unsigned int i, j;
1912	int rc, depth;
1913
1914	lc = NULL;
1915	for (i = 0; i < ncons; i++) {
1916		c = calloc(1, sizeof(constraint_node_t));
1917		if (!c)
1918			return -1;
1919
1920		if (lc)
1921			lc->next = c;
1922		else
1923			*nodep = c;
1924
1925		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
1926		if (rc < 0)
1927			return -1;
1928		c->permissions = le32_to_cpu(buf[0]);
1929		nexpr = le32_to_cpu(buf[1]);
1930		le = NULL;
1931		depth = -1;
1932		for (j = 0; j < nexpr; j++) {
1933			e = malloc(sizeof(constraint_expr_t));
1934			if (!e)
1935				return -1;
1936			if (constraint_expr_init(e) == -1) {
1937				free(e);
1938				return -1;
1939			}
1940			if (le) {
1941				le->next = e;
1942			} else {
1943				c->expr = e;
1944			}
1945
1946			rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
1947			if (rc < 0)
1948				return -1;
1949			e->expr_type = le32_to_cpu(buf[0]);
1950			e->attr = le32_to_cpu(buf[1]);
1951			e->op = le32_to_cpu(buf[2]);
1952
1953			switch (e->expr_type) {
1954			case CEXPR_NOT:
1955				if (depth < 0)
1956					return -1;
1957				break;
1958			case CEXPR_AND:
1959			case CEXPR_OR:
1960				if (depth < 1)
1961					return -1;
1962				depth--;
1963				break;
1964			case CEXPR_ATTR:
1965				if (depth == (CEXPR_MAXDEPTH - 1))
1966					return -1;
1967				depth++;
1968				break;
1969			case CEXPR_NAMES:
1970				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1971					return -1;
1972				if (depth == (CEXPR_MAXDEPTH - 1))
1973					return -1;
1974				depth++;
1975				if (ebitmap_read(&e->names, fp))
1976					return -1;
1977				if (p->policy_type != POLICY_KERN &&
1978				    type_set_read(e->type_names, fp))
1979					return -1;
1980				break;
1981			default:
1982				return -1;
1983			}
1984			le = e;
1985		}
1986		if (depth != 0)
1987			return -1;
1988		lc = c;
1989	}
1990
1991	return 0;
1992}
1993
1994static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
1995{
1996	char *key = 0;
1997	class_datum_t *cladatum;
1998	uint32_t buf[6];
1999	size_t len, len2, ncons, nel;
2000	unsigned int i;
2001	int rc;
2002
2003	cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2004	if (!cladatum)
2005		return -1;
2006
2007	rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2008	if (rc < 0)
2009		goto bad;
2010
2011	len = le32_to_cpu(buf[0]);
2012	len2 = le32_to_cpu(buf[1]);
2013	cladatum->s.value = le32_to_cpu(buf[2]);
2014
2015	if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2016		goto bad;
2017	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2018	nel = le32_to_cpu(buf[4]);
2019
2020	ncons = le32_to_cpu(buf[5]);
2021
2022	key = malloc(len + 1);
2023	if (!key)
2024		goto bad;
2025	rc = next_entry(key, fp, len);
2026	if (rc < 0)
2027		goto bad;
2028	key[len] = 0;
2029
2030	if (len2) {
2031		cladatum->comkey = malloc(len2 + 1);
2032		if (!cladatum->comkey)
2033			goto bad;
2034		rc = next_entry(cladatum->comkey, fp, len2);
2035		if (rc < 0)
2036			goto bad;
2037		cladatum->comkey[len2] = 0;
2038
2039		cladatum->comdatum = hashtab_search(p->p_commons.table,
2040						    cladatum->comkey);
2041		if (!cladatum->comdatum) {
2042			ERR(fp->handle, "unknown common %s", cladatum->comkey);
2043			goto bad;
2044		}
2045	}
2046	for (i = 0; i < nel; i++) {
2047		if (perm_read(p, cladatum->permissions.table, fp))
2048			goto bad;
2049	}
2050
2051	if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2052		goto bad;
2053
2054	if ((p->policy_type == POLICY_KERN
2055	     && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2056	    || (p->policy_type == POLICY_BASE
2057		&& p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2058		/* grab the validatetrans rules */
2059		rc = next_entry(buf, fp, sizeof(uint32_t));
2060		if (rc < 0)
2061			goto bad;
2062		ncons = le32_to_cpu(buf[0]);
2063		if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2064			goto bad;
2065	}
2066
2067	if (hashtab_insert(h, key, cladatum))
2068		goto bad;
2069
2070	return 0;
2071
2072      bad:
2073	class_destroy(key, cladatum, NULL);
2074	return -1;
2075}
2076
2077static int role_read(policydb_t * p
2078		     __attribute__ ((unused)), hashtab_t h,
2079		     struct policy_file *fp)
2080{
2081	char *key = 0;
2082	role_datum_t *role;
2083	uint32_t buf[3];
2084	size_t len;
2085	int rc, to_read = 2;
2086
2087	role = calloc(1, sizeof(role_datum_t));
2088	if (!role)
2089		return -1;
2090
2091	if (policydb_has_boundary_feature(p))
2092		to_read = 3;
2093
2094	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2095	if (rc < 0)
2096		goto bad;
2097
2098	len = le32_to_cpu(buf[0]);
2099	role->s.value = le32_to_cpu(buf[1]);
2100	if (policydb_has_boundary_feature(p))
2101		role->bounds = le32_to_cpu(buf[2]);
2102
2103	key = malloc(len + 1);
2104	if (!key)
2105		goto bad;
2106	rc = next_entry(key, fp, len);
2107	if (rc < 0)
2108		goto bad;
2109	key[len] = 0;
2110
2111	if (ebitmap_read(&role->dominates, fp))
2112		goto bad;
2113
2114	if (p->policy_type == POLICY_KERN) {
2115		if (ebitmap_read(&role->types.types, fp))
2116			goto bad;
2117	} else {
2118		if (type_set_read(&role->types, fp))
2119			goto bad;
2120	}
2121
2122	if (p->policy_type != POLICY_KERN &&
2123	    p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2124		rc = next_entry(buf, fp, sizeof(uint32_t));
2125		if (rc < 0)
2126			goto bad;
2127
2128		role->flavor = le32_to_cpu(buf[0]);
2129
2130		if (ebitmap_read(&role->roles, fp))
2131			goto bad;
2132	}
2133
2134	if (strcmp(key, OBJECT_R) == 0) {
2135		if (role->s.value != OBJECT_R_VAL) {
2136			ERR(fp->handle, "role %s has wrong value %d",
2137			    OBJECT_R, role->s.value);
2138			role_destroy(key, role, NULL);
2139			return -1;
2140		}
2141		role_destroy(key, role, NULL);
2142		return 0;
2143	}
2144
2145	if (hashtab_insert(h, key, role))
2146		goto bad;
2147
2148	return 0;
2149
2150      bad:
2151	role_destroy(key, role, NULL);
2152	return -1;
2153}
2154
2155static int type_read(policydb_t * p
2156		     __attribute__ ((unused)), hashtab_t h,
2157		     struct policy_file *fp)
2158{
2159	char *key = 0;
2160	type_datum_t *typdatum;
2161	uint32_t buf[5];
2162	size_t len;
2163	int rc, to_read;
2164	int pos = 0;
2165
2166	typdatum = calloc(1, sizeof(type_datum_t));
2167	if (!typdatum)
2168		return -1;
2169
2170	if (policydb_has_boundary_feature(p)) {
2171		if (p->policy_type != POLICY_KERN
2172		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2173			to_read = 5;
2174		else
2175			to_read = 4;
2176	}
2177	else if (p->policy_type == POLICY_KERN)
2178		to_read = 3;
2179	else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2180		to_read = 5;
2181	else
2182		to_read = 4;
2183
2184	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2185	if (rc < 0)
2186		goto bad;
2187
2188	len = le32_to_cpu(buf[pos]);
2189	typdatum->s.value = le32_to_cpu(buf[++pos]);
2190	if (policydb_has_boundary_feature(p)) {
2191		uint32_t properties;
2192
2193		if (p->policy_type != POLICY_KERN
2194		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2195			typdatum->primary = le32_to_cpu(buf[++pos]);
2196			properties = le32_to_cpu(buf[++pos]);
2197		}
2198		else {
2199			properties = le32_to_cpu(buf[++pos]);
2200
2201			if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2202				typdatum->primary = 1;
2203		}
2204
2205		if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2206			typdatum->flavor = TYPE_ATTRIB;
2207		if (properties & TYPEDATUM_PROPERTY_ALIAS
2208		    && p->policy_type != POLICY_KERN)
2209			typdatum->flavor = TYPE_ALIAS;
2210		if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2211		    && p->policy_type != POLICY_KERN)
2212			typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2213
2214		typdatum->bounds = le32_to_cpu(buf[++pos]);
2215	} else {
2216		typdatum->primary = le32_to_cpu(buf[++pos]);
2217		if (p->policy_type != POLICY_KERN) {
2218			typdatum->flavor = le32_to_cpu(buf[++pos]);
2219			if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2220				typdatum->flags = le32_to_cpu(buf[++pos]);
2221		}
2222	}
2223
2224	if (p->policy_type != POLICY_KERN) {
2225		if (ebitmap_read(&typdatum->types, fp))
2226			goto bad;
2227	}
2228
2229	key = malloc(len + 1);
2230	if (!key)
2231		goto bad;
2232	rc = next_entry(key, fp, len);
2233	if (rc < 0)
2234		goto bad;
2235	key[len] = 0;
2236
2237	if (hashtab_insert(h, key, typdatum))
2238		goto bad;
2239
2240	return 0;
2241
2242      bad:
2243	type_destroy(key, typdatum, NULL);
2244	return -1;
2245}
2246
2247int role_trans_read(policydb_t *p, struct policy_file *fp)
2248{
2249	role_trans_t **t = &p->role_tr;
2250	unsigned int i;
2251	uint32_t buf[3], nel;
2252	role_trans_t *tr, *ltr;
2253	int rc;
2254	int new_roletr = (p->policy_type == POLICY_KERN &&
2255			  p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2256
2257	rc = next_entry(buf, fp, sizeof(uint32_t));
2258	if (rc < 0)
2259		return -1;
2260	nel = le32_to_cpu(buf[0]);
2261	ltr = NULL;
2262	for (i = 0; i < nel; i++) {
2263		tr = calloc(1, sizeof(struct role_trans));
2264		if (!tr) {
2265			return -1;
2266		}
2267		if (ltr) {
2268			ltr->next = tr;
2269		} else {
2270			*t = tr;
2271		}
2272		rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2273		if (rc < 0)
2274			return -1;
2275		tr->role = le32_to_cpu(buf[0]);
2276		tr->type = le32_to_cpu(buf[1]);
2277		tr->new_role = le32_to_cpu(buf[2]);
2278		if (new_roletr) {
2279			rc = next_entry(buf, fp, sizeof(uint32_t));
2280			if (rc < 0)
2281				return -1;
2282			tr->tclass = le32_to_cpu(buf[0]);
2283		} else
2284			tr->tclass = SECCLASS_PROCESS;
2285		ltr = tr;
2286	}
2287	return 0;
2288}
2289
2290int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2291{
2292	unsigned int i;
2293	uint32_t buf[2], nel;
2294	role_allow_t *ra, *lra;
2295	int rc;
2296
2297	rc = next_entry(buf, fp, sizeof(uint32_t));
2298	if (rc < 0)
2299		return -1;
2300	nel = le32_to_cpu(buf[0]);
2301	lra = NULL;
2302	for (i = 0; i < nel; i++) {
2303		ra = calloc(1, sizeof(struct role_allow));
2304		if (!ra) {
2305			return -1;
2306		}
2307		if (lra) {
2308			lra->next = ra;
2309		} else {
2310			*r = ra;
2311		}
2312		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2313		if (rc < 0)
2314			return -1;
2315		ra->role = le32_to_cpu(buf[0]);
2316		ra->new_role = le32_to_cpu(buf[1]);
2317		lra = ra;
2318	}
2319	return 0;
2320}
2321
2322int filename_trans_read(filename_trans_t **t, struct policy_file *fp)
2323{
2324	unsigned int i;
2325	uint32_t buf[4], nel, len;
2326	filename_trans_t *ft, *lft;
2327	int rc;
2328	char *name;
2329
2330	rc = next_entry(buf, fp, sizeof(uint32_t));
2331	if (rc < 0)
2332		return -1;
2333	nel = le32_to_cpu(buf[0]);
2334
2335	lft = NULL;
2336	for (i = 0; i < nel; i++) {
2337		ft = calloc(1, sizeof(struct filename_trans));
2338		if (!ft)
2339			return -1;
2340		if (lft)
2341			lft->next = ft;
2342		else
2343			*t = ft;
2344		lft = ft;
2345		rc = next_entry(buf, fp, sizeof(uint32_t));
2346		if (rc < 0)
2347			return -1;
2348		len = le32_to_cpu(buf[0]);
2349
2350		name = calloc(len, sizeof(*name));
2351		if (!name)
2352			return -1;
2353
2354		ft->name = name;
2355
2356		rc = next_entry(name, fp, len);
2357		if (rc < 0)
2358			return -1;
2359
2360		rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2361		if (rc < 0)
2362			return -1;
2363
2364		ft->stype = le32_to_cpu(buf[0]);
2365		ft->ttype = le32_to_cpu(buf[1]);
2366		ft->tclass = le32_to_cpu(buf[2]);
2367		ft->otype = le32_to_cpu(buf[3]);
2368	}
2369	return 0;
2370}
2371
2372static int ocontext_read_xen(struct policydb_compat_info *info,
2373	policydb_t *p, struct policy_file *fp)
2374{
2375	unsigned int i, j;
2376	size_t nel;
2377	ocontext_t *l, *c;
2378	uint32_t buf[8];
2379	int rc;
2380
2381	for (i = 0; i < info->ocon_num; i++) {
2382		rc = next_entry(buf, fp, sizeof(uint32_t));
2383		if (rc < 0)
2384			return -1;
2385		nel = le32_to_cpu(buf[0]);
2386		l = NULL;
2387		for (j = 0; j < nel; j++) {
2388			c = calloc(1, sizeof(ocontext_t));
2389			if (!c)
2390				return -1;
2391			if (l)
2392				l->next = c;
2393			else
2394				p->ocontexts[i] = c;
2395			l = c;
2396			switch (i) {
2397			case OCON_XEN_ISID:
2398				rc = next_entry(buf, fp, sizeof(uint32_t));
2399				if (rc < 0)
2400					return -1;
2401				c->sid[0] = le32_to_cpu(buf[0]);
2402				if (context_read_and_validate
2403				    (&c->context[0], p, fp))
2404					return -1;
2405				break;
2406			case OCON_XEN_PIRQ:
2407				rc = next_entry(buf, fp, sizeof(uint32_t));
2408				if (rc < 0)
2409					return -1;
2410				c->u.pirq = le32_to_cpu(buf[0]);
2411				if (context_read_and_validate
2412				    (&c->context[0], p, fp))
2413					return -1;
2414				break;
2415			case OCON_XEN_IOPORT:
2416				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2417				if (rc < 0)
2418					return -1;
2419				c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2420				c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2421				if (context_read_and_validate
2422				    (&c->context[0], p, fp))
2423					return -1;
2424				break;
2425			case OCON_XEN_IOMEM:
2426				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2427				if (rc < 0)
2428					return -1;
2429				c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2430				c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2431				if (context_read_and_validate
2432				    (&c->context[0], p, fp))
2433					return -1;
2434				break;
2435			case OCON_XEN_PCIDEVICE:
2436				rc = next_entry(buf, fp, sizeof(uint32_t));
2437				if (rc < 0)
2438					return -1;
2439				c->u.device = le32_to_cpu(buf[0]);
2440				if (context_read_and_validate
2441				    (&c->context[0], p, fp))
2442					return -1;
2443				break;
2444			default:
2445				/* should never get here */
2446				ERR(fp->handle, "Unknown Xen ocontext");
2447				return -1;
2448			}
2449		}
2450	}
2451	return 0;
2452}
2453static int ocontext_read_selinux(struct policydb_compat_info *info,
2454			 policydb_t * p, struct policy_file *fp)
2455{
2456	unsigned int i, j;
2457	size_t nel, len;
2458	ocontext_t *l, *c;
2459	uint32_t buf[8];
2460	int rc;
2461
2462	for (i = 0; i < info->ocon_num; i++) {
2463		rc = next_entry(buf, fp, sizeof(uint32_t));
2464		if (rc < 0)
2465			return -1;
2466		nel = le32_to_cpu(buf[0]);
2467		l = NULL;
2468		for (j = 0; j < nel; j++) {
2469			c = calloc(1, sizeof(ocontext_t));
2470			if (!c) {
2471				return -1;
2472			}
2473			if (l) {
2474				l->next = c;
2475			} else {
2476				p->ocontexts[i] = c;
2477			}
2478			l = c;
2479			switch (i) {
2480			case OCON_ISID:
2481				rc = next_entry(buf, fp, sizeof(uint32_t));
2482				if (rc < 0)
2483					return -1;
2484				c->sid[0] = le32_to_cpu(buf[0]);
2485				if (context_read_and_validate
2486				    (&c->context[0], p, fp))
2487					return -1;
2488				break;
2489			case OCON_FS:
2490			case OCON_NETIF:
2491				rc = next_entry(buf, fp, sizeof(uint32_t));
2492				if (rc < 0)
2493					return -1;
2494				len = le32_to_cpu(buf[0]);
2495				c->u.name = malloc(len + 1);
2496				if (!c->u.name)
2497					return -1;
2498				rc = next_entry(c->u.name, fp, len);
2499				if (rc < 0)
2500					return -1;
2501				c->u.name[len] = 0;
2502				if (context_read_and_validate
2503				    (&c->context[0], p, fp))
2504					return -1;
2505				if (context_read_and_validate
2506				    (&c->context[1], p, fp))
2507					return -1;
2508				break;
2509			case OCON_PORT:
2510				rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2511				if (rc < 0)
2512					return -1;
2513				c->u.port.protocol = le32_to_cpu(buf[0]);
2514				c->u.port.low_port = le32_to_cpu(buf[1]);
2515				c->u.port.high_port = le32_to_cpu(buf[2]);
2516				if (context_read_and_validate
2517				    (&c->context[0], p, fp))
2518					return -1;
2519				break;
2520			case OCON_NODE:
2521				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2522				if (rc < 0)
2523					return -1;
2524				c->u.node.addr = buf[0]; /* network order */
2525				c->u.node.mask = buf[1]; /* network order */
2526				if (context_read_and_validate
2527				    (&c->context[0], p, fp))
2528					return -1;
2529				break;
2530			case OCON_FSUSE:
2531				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2532				if (rc < 0)
2533					return -1;
2534				c->v.behavior = le32_to_cpu(buf[0]);
2535				len = le32_to_cpu(buf[1]);
2536				c->u.name = malloc(len + 1);
2537				if (!c->u.name)
2538					return -1;
2539				rc = next_entry(c->u.name, fp, len);
2540				if (rc < 0)
2541					return -1;
2542				c->u.name[len] = 0;
2543				if (context_read_and_validate
2544				    (&c->context[0], p, fp))
2545					return -1;
2546				break;
2547			case OCON_NODE6:{
2548				int k;
2549
2550				rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
2551				if (rc < 0)
2552					return -1;
2553				for (k = 0; k < 4; k++)
2554					 /* network order */
2555					c->u.node6.addr[k] = buf[k];
2556				for (k = 0; k < 4; k++)
2557					/* network order */
2558					c->u.node6.mask[k] = buf[k + 4];
2559				if (context_read_and_validate
2560				    (&c->context[0], p, fp))
2561					return -1;
2562				break;
2563				}
2564			default:{
2565				ERR(fp->handle, "Unknown SELinux ocontext");
2566				return -1;
2567				}
2568			}
2569		}
2570	}
2571	return 0;
2572}
2573
2574static int ocontext_read(struct policydb_compat_info *info,
2575	policydb_t *p, struct policy_file *fp)
2576{
2577	int rc = -1;
2578	switch (p->target_platform) {
2579	case SEPOL_TARGET_SELINUX:
2580		rc = ocontext_read_selinux(info, p, fp);
2581		break;
2582	case SEPOL_TARGET_XEN:
2583		rc = ocontext_read_xen(info, p, fp);
2584		break;
2585	default:
2586		ERR(fp->handle, "Unknown target");
2587	}
2588	return rc;
2589}
2590
2591static int genfs_read(policydb_t * p, struct policy_file *fp)
2592{
2593	uint32_t buf[1];
2594	size_t nel, nel2, len, len2;
2595	genfs_t *genfs_p, *newgenfs, *genfs;
2596	unsigned int i, j;
2597	ocontext_t *l, *c, *newc = NULL;
2598	int rc;
2599
2600	rc = next_entry(buf, fp, sizeof(uint32_t));
2601	if (rc < 0)
2602		goto bad;
2603	nel = le32_to_cpu(buf[0]);
2604	genfs_p = NULL;
2605	for (i = 0; i < nel; i++) {
2606		rc = next_entry(buf, fp, sizeof(uint32_t));
2607		if (rc < 0)
2608			goto bad;
2609		len = le32_to_cpu(buf[0]);
2610		newgenfs = calloc(1, sizeof(genfs_t));
2611		if (!newgenfs)
2612			goto bad;
2613		newgenfs->fstype = malloc(len + 1);
2614		if (!newgenfs->fstype) {
2615			free(newgenfs);
2616			goto bad;
2617		}
2618		rc = next_entry(newgenfs->fstype, fp, len);
2619		if (rc < 0) {
2620			free(newgenfs->fstype);
2621			free(newgenfs);
2622			goto bad;
2623		}
2624		newgenfs->fstype[len] = 0;
2625		for (genfs_p = NULL, genfs = p->genfs; genfs;
2626		     genfs_p = genfs, genfs = genfs->next) {
2627			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
2628				ERR(fp->handle, "dup genfs fstype %s",
2629				    newgenfs->fstype);
2630				free(newgenfs->fstype);
2631				free(newgenfs);
2632				goto bad;
2633			}
2634			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
2635				break;
2636		}
2637		newgenfs->next = genfs;
2638		if (genfs_p)
2639			genfs_p->next = newgenfs;
2640		else
2641			p->genfs = newgenfs;
2642		rc = next_entry(buf, fp, sizeof(uint32_t));
2643		if (rc < 0)
2644			goto bad;
2645		nel2 = le32_to_cpu(buf[0]);
2646		for (j = 0; j < nel2; j++) {
2647			newc = calloc(1, sizeof(ocontext_t));
2648			if (!newc) {
2649				goto bad;
2650			}
2651			rc = next_entry(buf, fp, sizeof(uint32_t));
2652			if (rc < 0)
2653				goto bad;
2654			len = le32_to_cpu(buf[0]);
2655			newc->u.name = malloc(len + 1);
2656			if (!newc->u.name) {
2657				goto bad;
2658			}
2659			rc = next_entry(newc->u.name, fp, len);
2660			if (rc < 0)
2661				goto bad;
2662			newc->u.name[len] = 0;
2663			rc = next_entry(buf, fp, sizeof(uint32_t));
2664			if (rc < 0)
2665				goto bad;
2666			newc->v.sclass = le32_to_cpu(buf[0]);
2667			if (context_read_and_validate(&newc->context[0], p, fp))
2668				goto bad;
2669			for (l = NULL, c = newgenfs->head; c;
2670			     l = c, c = c->next) {
2671				if (!strcmp(newc->u.name, c->u.name) &&
2672				    (!c->v.sclass || !newc->v.sclass ||
2673				     newc->v.sclass == c->v.sclass)) {
2674					ERR(fp->handle, "dup genfs entry "
2675					    "(%s,%s)", newgenfs->fstype,
2676					    c->u.name);
2677					goto bad;
2678				}
2679				len = strlen(newc->u.name);
2680				len2 = strlen(c->u.name);
2681				if (len > len2)
2682					break;
2683			}
2684			newc->next = c;
2685			if (l)
2686				l->next = newc;
2687			else
2688				newgenfs->head = newc;
2689		}
2690	}
2691
2692	return 0;
2693
2694      bad:
2695	if (newc) {
2696		context_destroy(&newc->context[0]);
2697		context_destroy(&newc->context[1]);
2698		free(newc->u.name);
2699		free(newc);
2700	}
2701	return -1;
2702}
2703
2704/*
2705 * Read a MLS level structure from a policydb binary
2706 * representation file.
2707 */
2708static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
2709{
2710	uint32_t buf[1];
2711	int rc;
2712
2713	mls_level_init(lp);
2714
2715	rc = next_entry(buf, fp, sizeof(uint32_t));
2716	if (rc < 0) {
2717		ERR(fp->handle, "truncated level");
2718		goto bad;
2719	}
2720	lp->sens = le32_to_cpu(buf[0]);
2721
2722	if (ebitmap_read(&lp->cat, fp)) {
2723		ERR(fp->handle, "error reading level categories");
2724		goto bad;
2725	}
2726	return 0;
2727
2728      bad:
2729	return -EINVAL;
2730}
2731
2732static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2733{
2734	char *key = 0;
2735	user_datum_t *usrdatum;
2736	uint32_t buf[3];
2737	size_t len;
2738	int rc, to_read = 2;
2739
2740	usrdatum = calloc(1, sizeof(user_datum_t));
2741	if (!usrdatum)
2742		return -1;
2743
2744	if (policydb_has_boundary_feature(p))
2745		to_read = 3;
2746
2747	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2748	if (rc < 0)
2749		goto bad;
2750
2751	len = le32_to_cpu(buf[0]);
2752	usrdatum->s.value = le32_to_cpu(buf[1]);
2753	if (policydb_has_boundary_feature(p))
2754		usrdatum->bounds = le32_to_cpu(buf[2]);
2755
2756	key = malloc(len + 1);
2757	if (!key)
2758		goto bad;
2759	rc = next_entry(key, fp, len);
2760	if (rc < 0)
2761		goto bad;
2762	key[len] = 0;
2763
2764	if (p->policy_type == POLICY_KERN) {
2765		if (ebitmap_read(&usrdatum->roles.roles, fp))
2766			goto bad;
2767	} else {
2768		if (role_set_read(&usrdatum->roles, fp))
2769			goto bad;
2770	}
2771
2772	/* users were not allowed in mls modules before version
2773	 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
2774	 * required - the mls fields will be empty.  user declarations in
2775	 * non-mls modules will also have empty mls fields */
2776	if ((p->policy_type == POLICY_KERN
2777	     && p->policyvers >= POLICYDB_VERSION_MLS)
2778	    || (p->policy_type == POLICY_MOD
2779		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
2780		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
2781	    || (p->policy_type == POLICY_BASE
2782		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
2783		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
2784		if (mls_read_range_helper(&usrdatum->exp_range, fp))
2785			goto bad;
2786		if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
2787			goto bad;
2788		if (p->policy_type != POLICY_KERN) {
2789			if (mls_range_to_semantic(&usrdatum->exp_range,
2790						  &usrdatum->range))
2791				goto bad;
2792			if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
2793						  &usrdatum->dfltlevel))
2794				goto bad;
2795		}
2796	} else if ((p->policy_type == POLICY_MOD
2797		    && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
2798		   || (p->policy_type == POLICY_BASE
2799		       && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
2800		if (mls_read_semantic_range_helper(&usrdatum->range, fp))
2801			goto bad;
2802		if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
2803			goto bad;
2804	}
2805
2806	if (hashtab_insert(h, key, usrdatum))
2807		goto bad;
2808
2809	return 0;
2810
2811      bad:
2812	user_destroy(key, usrdatum, NULL);
2813	return -1;
2814}
2815
2816static int sens_read(policydb_t * p
2817		     __attribute__ ((unused)), hashtab_t h,
2818		     struct policy_file *fp)
2819{
2820	char *key = 0;
2821	level_datum_t *levdatum;
2822	uint32_t buf[2], len;
2823	int rc;
2824
2825	levdatum = malloc(sizeof(level_datum_t));
2826	if (!levdatum)
2827		return -1;
2828	level_datum_init(levdatum);
2829
2830	rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2831	if (rc < 0)
2832		goto bad;
2833
2834	len = le32_to_cpu(buf[0]);
2835	levdatum->isalias = le32_to_cpu(buf[1]);
2836
2837	key = malloc(len + 1);
2838	if (!key)
2839		goto bad;
2840	rc = next_entry(key, fp, len);
2841	if (rc < 0)
2842		goto bad;
2843	key[len] = 0;
2844
2845	levdatum->level = malloc(sizeof(mls_level_t));
2846	if (!levdatum->level || mls_read_level(levdatum->level, fp))
2847		goto bad;
2848
2849	if (hashtab_insert(h, key, levdatum))
2850		goto bad;
2851
2852	return 0;
2853
2854      bad:
2855	sens_destroy(key, levdatum, NULL);
2856	return -1;
2857}
2858
2859static int cat_read(policydb_t * p
2860		    __attribute__ ((unused)), hashtab_t h,
2861		    struct policy_file *fp)
2862{
2863	char *key = 0;
2864	cat_datum_t *catdatum;
2865	uint32_t buf[3], len;
2866	int rc;
2867
2868	catdatum = malloc(sizeof(cat_datum_t));
2869	if (!catdatum)
2870		return -1;
2871	cat_datum_init(catdatum);
2872
2873	rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2874	if (rc < 0)
2875		goto bad;
2876
2877	len = le32_to_cpu(buf[0]);
2878	catdatum->s.value = le32_to_cpu(buf[1]);
2879	catdatum->isalias = le32_to_cpu(buf[2]);
2880
2881	key = malloc(len + 1);
2882	if (!key)
2883		goto bad;
2884	rc = next_entry(key, fp, len);
2885	if (rc < 0)
2886		goto bad;
2887	key[len] = 0;
2888
2889	if (hashtab_insert(h, key, catdatum))
2890		goto bad;
2891
2892	return 0;
2893
2894      bad:
2895	cat_destroy(key, catdatum, NULL);
2896	return -1;
2897}
2898
2899static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
2900			       struct policy_file * fp) = {
2901common_read, class_read, role_read, type_read, user_read,
2902	    cond_read_bool, sens_read, cat_read,};
2903
2904/************** module reading functions below **************/
2905
2906static avrule_t *avrule_read(policydb_t * p
2907			     __attribute__ ((unused)), struct policy_file *fp)
2908{
2909	unsigned int i;
2910	uint32_t buf[2], len;
2911	class_perm_node_t *cur, *tail = NULL;
2912	avrule_t *avrule;
2913	int rc;
2914
2915	avrule = (avrule_t *) malloc(sizeof(avrule_t));
2916	if (!avrule)
2917		return NULL;
2918
2919	avrule_init(avrule);
2920
2921	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2922	if (rc < 0)
2923		goto bad;
2924
2925	(avrule)->specified = le32_to_cpu(buf[0]);
2926	(avrule)->flags = le32_to_cpu(buf[1]);
2927
2928	if (type_set_read(&avrule->stypes, fp))
2929		goto bad;
2930
2931	if (type_set_read(&avrule->ttypes, fp))
2932		goto bad;
2933
2934	rc = next_entry(buf, fp, sizeof(uint32_t));
2935	if (rc < 0)
2936		goto bad;
2937	len = le32_to_cpu(buf[0]);
2938
2939	for (i = 0; i < len; i++) {
2940		cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
2941		if (!cur)
2942			goto bad;
2943		class_perm_node_init(cur);
2944
2945		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2946		if (rc < 0) {
2947			free(cur);
2948			goto bad;
2949		}
2950
2951		cur->class = le32_to_cpu(buf[0]);
2952		cur->data = le32_to_cpu(buf[1]);
2953
2954		if (!tail) {
2955			avrule->perms = cur;
2956		} else {
2957			tail->next = cur;
2958		}
2959		tail = cur;
2960	}
2961
2962	return avrule;
2963      bad:
2964	if (avrule) {
2965		avrule_destroy(avrule);
2966		free(avrule);
2967	}
2968	return NULL;
2969}
2970
2971static int range_read(policydb_t * p, struct policy_file *fp)
2972{
2973	uint32_t buf[2], nel;
2974	range_trans_t *rt, *lrt;
2975	range_trans_rule_t *rtr, *lrtr = NULL;
2976	unsigned int i;
2977	int new_rangetr = (p->policy_type == POLICY_KERN &&
2978			   p->policyvers >= POLICYDB_VERSION_RANGETRANS);
2979	int rc;
2980
2981	rc = next_entry(buf, fp, sizeof(uint32_t));
2982	if (rc < 0)
2983		return -1;
2984	nel = le32_to_cpu(buf[0]);
2985	lrt = NULL;
2986	for (i = 0; i < nel; i++) {
2987		rt = calloc(1, sizeof(range_trans_t));
2988		if (!rt)
2989			return -1;
2990		if (lrt)
2991			lrt->next = rt;
2992		else
2993			p->range_tr = rt;
2994		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2995		if (rc < 0)
2996			return -1;
2997		rt->source_type = le32_to_cpu(buf[0]);
2998		rt->target_type = le32_to_cpu(buf[1]);
2999		if (new_rangetr) {
3000			rc = next_entry(buf, fp, (sizeof(uint32_t)));
3001			if (rc < 0)
3002				return -1;
3003			rt->target_class = le32_to_cpu(buf[0]);
3004		} else
3005			rt->target_class = SECCLASS_PROCESS;
3006		if (mls_read_range_helper(&rt->target_range, fp))
3007			return -1;
3008		lrt = rt;
3009	}
3010
3011	/* if this is a kernel policy, we are done - otherwise we need to
3012	 * convert these structs to range_trans_rule_ts */
3013	if (p->policy_type == POLICY_KERN)
3014		return 0;
3015
3016	/* create range_trans_rules_ts that correspond to the range_trans_ts
3017	 * that were just read in from an older policy */
3018	for (rt = p->range_tr; rt; rt = rt->next) {
3019		rtr = malloc(sizeof(range_trans_rule_t));
3020		if (!rtr) {
3021			return -1;
3022		}
3023		range_trans_rule_init(rtr);
3024
3025		if (lrtr)
3026			lrtr->next = rtr;
3027		else
3028			p->global->enabled->range_tr_rules = rtr;
3029
3030		if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3031			return -1;
3032
3033		if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3034			return -1;
3035
3036		if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3037			return -1;
3038
3039		if (mls_range_to_semantic(&rt->target_range, &rtr->trange))
3040			return -1;
3041
3042		lrtr = rtr;
3043	}
3044
3045	/* now destroy the range_trans_ts */
3046	lrt = NULL;
3047	for (rt = p->range_tr; rt; rt = rt->next) {
3048		if (lrt) {
3049			ebitmap_destroy(&lrt->target_range.level[0].cat);
3050			ebitmap_destroy(&lrt->target_range.level[1].cat);
3051			free(lrt);
3052		}
3053		lrt = rt;
3054	}
3055	if (lrt) {
3056		ebitmap_destroy(&lrt->target_range.level[0].cat);
3057		ebitmap_destroy(&lrt->target_range.level[1].cat);
3058		free(lrt);
3059	}
3060	p->range_tr = NULL;
3061
3062	return 0;
3063}
3064
3065int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3066		     struct policy_file *fp)
3067{
3068	unsigned int i;
3069	avrule_t *cur, *tail;
3070	uint32_t buf[1], len;
3071	int rc;
3072
3073	*avrules = tail = NULL;
3074
3075	rc = next_entry(buf, fp, sizeof(uint32_t));
3076	if (rc < 0) {
3077		return -1;
3078	}
3079	len = le32_to_cpu(buf[0]);
3080
3081	for (i = 0; i < len; i++) {
3082		cur = avrule_read(p, fp);
3083		if (!cur) {
3084			return -1;
3085		}
3086
3087		if (!tail) {
3088			*avrules = cur;
3089		} else {
3090			tail->next = cur;
3091		}
3092		tail = cur;
3093	}
3094
3095	return 0;
3096}
3097
3098static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3099				struct policy_file *fp)
3100{
3101	uint32_t buf[1], nel;
3102	unsigned int i;
3103	role_trans_rule_t *tr, *ltr;
3104	int rc;
3105
3106	rc = next_entry(buf, fp, sizeof(uint32_t));
3107	if (rc < 0)
3108		return -1;
3109	nel = le32_to_cpu(buf[0]);
3110	ltr = NULL;
3111	for (i = 0; i < nel; i++) {
3112		tr = malloc(sizeof(role_trans_rule_t));
3113		if (!tr) {
3114			return -1;
3115		}
3116		role_trans_rule_init(tr);
3117
3118		if (ltr) {
3119			ltr->next = tr;
3120		} else {
3121			*r = tr;
3122		}
3123
3124		if (role_set_read(&tr->roles, fp))
3125			return -1;
3126
3127		if (type_set_read(&tr->types, fp))
3128			return -1;
3129
3130		if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3131			if (ebitmap_read(&tr->classes, fp))
3132				return -1;
3133		} else {
3134			if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1))
3135				return -1;
3136		}
3137
3138		rc = next_entry(buf, fp, sizeof(uint32_t));
3139		if (rc < 0)
3140			return -1;
3141		tr->new_role = le32_to_cpu(buf[0]);
3142		ltr = tr;
3143	}
3144
3145	return 0;
3146}
3147
3148static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3149{
3150	unsigned int i;
3151	uint32_t buf[1], nel;
3152	role_allow_rule_t *ra, *lra;
3153	int rc;
3154
3155	rc = next_entry(buf, fp, sizeof(uint32_t));
3156	if (rc < 0)
3157		return -1;
3158	nel = le32_to_cpu(buf[0]);
3159	lra = NULL;
3160	for (i = 0; i < nel; i++) {
3161		ra = malloc(sizeof(role_allow_rule_t));
3162		if (!ra) {
3163			return -1;
3164		}
3165		role_allow_rule_init(ra);
3166
3167		if (lra) {
3168			lra->next = ra;
3169		} else {
3170			*r = ra;
3171		}
3172
3173		if (role_set_read(&ra->roles, fp))
3174			return -1;
3175
3176		if (role_set_read(&ra->new_roles, fp))
3177			return -1;
3178
3179		lra = ra;
3180	}
3181	return 0;
3182}
3183
3184static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3185{
3186	uint32_t buf[2], nel;
3187	unsigned int i, len;
3188	filename_trans_rule_t *ftr, *lftr;
3189	int rc;
3190
3191	rc = next_entry(buf, fp, sizeof(uint32_t));
3192	if (rc < 0)
3193		return -1;
3194	nel = le32_to_cpu(buf[0]);
3195	lftr = NULL;
3196	for (i = 0; i < nel; i++) {
3197		ftr = malloc(sizeof(*ftr));
3198		if (!ftr)
3199			return -1;
3200
3201		filename_trans_rule_init(ftr);
3202
3203		if (lftr)
3204			lftr->next = ftr;
3205		else
3206			*r = ftr;
3207		lftr = ftr;
3208
3209		rc = next_entry(buf, fp, sizeof(uint32_t));
3210		if (rc < 0)
3211			return -1;
3212
3213		len = le32_to_cpu(buf[0]);
3214
3215		ftr->name = malloc(len + 1);
3216		if (!ftr->name)
3217			return -1;
3218
3219		rc = next_entry(ftr->name, fp, len);
3220		if (rc)
3221			return -1;
3222		ftr->name[len] = 0;
3223
3224		if (type_set_read(&ftr->stypes, fp))
3225			return -1;
3226
3227		if (type_set_read(&ftr->ttypes, fp))
3228			return -1;
3229
3230		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3231		if (rc < 0)
3232			return -1;
3233		ftr->tclass = le32_to_cpu(buf[0]);
3234		ftr->otype = le32_to_cpu(buf[1]);
3235	}
3236
3237	return 0;
3238}
3239
3240static int range_trans_rule_read(range_trans_rule_t ** r,
3241				 struct policy_file *fp)
3242{
3243	uint32_t buf[1], nel;
3244	unsigned int i;
3245	range_trans_rule_t *rt, *lrt = NULL;
3246	int rc;
3247
3248	rc = next_entry(buf, fp, sizeof(uint32_t));
3249	if (rc < 0)
3250		return -1;
3251	nel = le32_to_cpu(buf[0]);
3252	for (i = 0; i < nel; i++) {
3253		rt = malloc(sizeof(range_trans_rule_t));
3254		if (!rt) {
3255			return -1;
3256		}
3257		range_trans_rule_init(rt);
3258
3259		if (lrt)
3260			lrt->next = rt;
3261		else
3262			*r = rt;
3263
3264		if (type_set_read(&rt->stypes, fp))
3265			return -1;
3266
3267		if (type_set_read(&rt->ttypes, fp))
3268			return -1;
3269
3270		if (ebitmap_read(&rt->tclasses, fp))
3271			return -1;
3272
3273		if (mls_read_semantic_range_helper(&rt->trange, fp))
3274			return -1;
3275
3276		lrt = rt;
3277	}
3278
3279	return 0;
3280}
3281
3282static int scope_index_read(scope_index_t * scope_index,
3283			    unsigned int num_scope_syms, struct policy_file *fp)
3284{
3285	unsigned int i;
3286	uint32_t buf[1];
3287	int rc;
3288
3289	for (i = 0; i < num_scope_syms; i++) {
3290		if (ebitmap_read(scope_index->scope + i, fp) == -1) {
3291			return -1;
3292		}
3293	}
3294	rc = next_entry(buf, fp, sizeof(uint32_t));
3295	if (rc < 0)
3296		return -1;
3297	scope_index->class_perms_len = le32_to_cpu(buf[0]);
3298	if (scope_index->class_perms_len == 0) {
3299		scope_index->class_perms_map = NULL;
3300		return 0;
3301	}
3302	if ((scope_index->class_perms_map =
3303	     calloc(scope_index->class_perms_len,
3304		    sizeof(*scope_index->class_perms_map))) == NULL) {
3305		return -1;
3306	}
3307	for (i = 0; i < scope_index->class_perms_len; i++) {
3308		if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) {
3309			return -1;
3310		}
3311	}
3312	return 0;
3313}
3314
3315static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3316			    unsigned int num_scope_syms, struct policy_file *fp)
3317{
3318	uint32_t buf[2], nprim, nel;
3319	unsigned int i, j;
3320	int rc;
3321
3322	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3323	if (rc < 0)
3324		return -1;
3325	decl->decl_id = le32_to_cpu(buf[0]);
3326	decl->enabled = le32_to_cpu(buf[1]);
3327	if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3328	    avrule_read_list(p, &decl->avrules, fp) == -1 ||
3329	    role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3330	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3331		return -1;
3332	}
3333
3334	if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3335	    filename_trans_rule_read(&decl->filename_trans_rules, fp))
3336		return -1;
3337
3338	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3339	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3340		return -1;
3341	}
3342	if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3343	    scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3344		return -1;
3345	}
3346
3347	for (i = 0; i < num_scope_syms; i++) {
3348		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3349		if (rc < 0)
3350			return -1;
3351		nprim = le32_to_cpu(buf[0]);
3352		nel = le32_to_cpu(buf[1]);
3353		for (j = 0; j < nel; j++) {
3354			if (read_f[i] (p, decl->symtab[i].table, fp)) {
3355				return -1;
3356			}
3357		}
3358		decl->symtab[i].nprim = nprim;
3359	}
3360	return 0;
3361}
3362
3363static int avrule_block_read(policydb_t * p,
3364			     avrule_block_t ** block,
3365			     unsigned int num_scope_syms,
3366			     struct policy_file *fp)
3367{
3368	avrule_block_t *last_block = NULL, *curblock;
3369	uint32_t buf[1], num_blocks, nel;
3370	int rc;
3371
3372	rc = next_entry(buf, fp, sizeof(uint32_t));
3373	if (rc < 0)
3374		return -1;
3375	num_blocks = le32_to_cpu(buf[0]);
3376	nel = num_blocks;
3377	while (num_blocks > 0) {
3378		avrule_decl_t *last_decl = NULL, *curdecl;
3379		uint32_t num_decls;
3380		if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
3381			return -1;
3382		}
3383		rc = next_entry(buf, fp, sizeof(uint32_t));
3384		if (rc < 0) {
3385			free(curblock);
3386			return -1;
3387		}
3388		/* if this is the first block its non-optional, else its optional */
3389		if (num_blocks != nel)
3390			curblock->flags |= AVRULE_OPTIONAL;
3391
3392		num_decls = le32_to_cpu(buf[0]);
3393		while (num_decls > 0) {
3394			if ((curdecl = avrule_decl_create(0)) == NULL) {
3395				avrule_block_destroy(curblock);
3396				return -1;
3397			}
3398			if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
3399			    -1) {
3400				avrule_decl_destroy(curdecl);
3401				avrule_block_destroy(curblock);
3402				return -1;
3403			}
3404			if (curdecl->enabled) {
3405				if (curblock->enabled != NULL) {
3406					/* probably a corrupt file */
3407					avrule_decl_destroy(curdecl);
3408					avrule_block_destroy(curblock);
3409					return -1;
3410				}
3411				curblock->enabled = curdecl;
3412			}
3413			/* one must be careful to reconstruct the
3414			 * decl chain in its correct order */
3415			if (curblock->branch_list == NULL) {
3416				curblock->branch_list = curdecl;
3417			} else {
3418				last_decl->next = curdecl;
3419			}
3420			last_decl = curdecl;
3421			num_decls--;
3422		}
3423
3424		if (*block == NULL) {
3425			*block = curblock;
3426		} else {
3427			last_block->next = curblock;
3428		}
3429		last_block = curblock;
3430
3431		num_blocks--;
3432	}
3433
3434	return 0;
3435}
3436
3437static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
3438{
3439	scope_datum_t *scope = NULL;
3440	uint32_t buf[2];
3441	char *key = NULL;
3442	size_t key_len;
3443	unsigned int i;
3444	hashtab_t h = p->scope[symnum].table;
3445	int rc;
3446
3447	rc = next_entry(buf, fp, sizeof(uint32_t));
3448	if (rc < 0)
3449		goto cleanup;
3450	key_len = le32_to_cpu(buf[0]);
3451	key = malloc(key_len + 1);
3452	if (!key)
3453		goto cleanup;
3454	rc = next_entry(key, fp, key_len);
3455	if (rc < 0)
3456		goto cleanup;
3457	key[key_len] = '\0';
3458
3459	/* ensure that there already exists a symbol with this key */
3460	if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
3461		goto cleanup;
3462	}
3463
3464	if ((scope = calloc(1, sizeof(*scope))) == NULL) {
3465		goto cleanup;
3466	}
3467	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3468	if (rc < 0)
3469		goto cleanup;
3470	scope->scope = le32_to_cpu(buf[0]);
3471	scope->decl_ids_len = le32_to_cpu(buf[1]);
3472	assert(scope->decl_ids_len > 0);
3473	if ((scope->decl_ids =
3474	     malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
3475		goto cleanup;
3476	}
3477	rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
3478	if (rc < 0)
3479		goto cleanup;
3480	for (i = 0; i < scope->decl_ids_len; i++) {
3481		scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
3482	}
3483
3484	if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
3485		/* object_r was already added to this table in roles_init() */
3486		scope_destroy(key, scope, NULL);
3487	} else {
3488		if (hashtab_insert(h, key, scope)) {
3489			goto cleanup;
3490		}
3491	}
3492
3493	return 0;
3494
3495      cleanup:
3496	scope_destroy(key, scope, NULL);
3497	return -1;
3498}
3499
3500/*
3501 * Read the configuration data from a policy database binary
3502 * representation file into a policy database structure.
3503 */
3504int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
3505{
3506
3507	unsigned int i, j, r_policyvers;
3508	uint32_t buf[5];
3509	size_t len, nprim, nel;
3510	char *policydb_str;
3511	struct policydb_compat_info *info;
3512	unsigned int policy_type, bufindex;
3513	ebitmap_node_t *tnode;
3514	int rc;
3515
3516	/* Read the magic number and string length. */
3517	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3518	if (rc < 0)
3519		return POLICYDB_ERROR;
3520	for (i = 0; i < 2; i++)
3521		buf[i] = le32_to_cpu(buf[i]);
3522
3523	if (buf[0] == POLICYDB_MAGIC) {
3524		policy_type = POLICY_KERN;
3525	} else if (buf[0] == POLICYDB_MOD_MAGIC) {
3526		policy_type = POLICY_MOD;
3527	} else {
3528		ERR(fp->handle, "policydb magic number %#08x does not "
3529		    "match expected magic number %#08x or %#08x",
3530		    buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
3531		return POLICYDB_ERROR;
3532	}
3533
3534	len = buf[1];
3535	if (len > POLICYDB_STRING_MAX_LENGTH) {
3536		ERR(fp->handle, "policydb string length too long ");
3537		return POLICYDB_ERROR;
3538	}
3539
3540	policydb_str = malloc(len + 1);
3541	if (!policydb_str) {
3542		ERR(fp->handle, "unable to allocate memory for policydb "
3543		    "string of length %zu", len);
3544		return POLICYDB_ERROR;
3545	}
3546	rc = next_entry(policydb_str, fp, len);
3547	if (rc < 0) {
3548		ERR(fp->handle, "truncated policydb string identifier");
3549		free(policydb_str);
3550		return POLICYDB_ERROR;
3551	}
3552	policydb_str[len] = 0;
3553
3554	if (policy_type == POLICY_KERN) {
3555		for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
3556			if ((strcmp(policydb_str, policydb_target_strings[i])
3557				== 0)) {
3558				policydb_set_target_platform(p, i);
3559				break;
3560			}
3561		}
3562
3563		if (i == POLICYDB_TARGET_SZ) {
3564			ERR(fp->handle, "cannot find a valid target for policy "
3565				"string %s", policydb_str);
3566			free(policydb_str);
3567			return POLICYDB_ERROR;
3568		}
3569	} else {
3570		if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
3571			ERR(fp->handle, "invalid string identifier %s",
3572				policydb_str);
3573			free(policydb_str);
3574			return POLICYDB_ERROR;
3575		}
3576	}
3577
3578	/* Done with policydb_str. */
3579	free(policydb_str);
3580	policydb_str = NULL;
3581
3582	/* Read the version, config, and table sizes (and policy type if it's a module). */
3583	if (policy_type == POLICY_KERN)
3584		nel = 4;
3585	else
3586		nel = 5;
3587
3588	rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
3589	if (rc < 0)
3590		return POLICYDB_ERROR;
3591	for (i = 0; i < nel; i++)
3592		buf[i] = le32_to_cpu(buf[i]);
3593
3594	bufindex = 0;
3595
3596	if (policy_type == POLICY_MOD) {
3597		/* We know it's a module but not whether it's a base
3598		   module or regular binary policy module.  buf[0]
3599		   tells us which. */
3600		policy_type = buf[bufindex];
3601		if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
3602			ERR(fp->handle, "unknown module type: %#08x",
3603			    policy_type);
3604			return POLICYDB_ERROR;
3605		}
3606		bufindex++;
3607	}
3608
3609	r_policyvers = buf[bufindex];
3610	if (policy_type == POLICY_KERN) {
3611		if (r_policyvers < POLICYDB_VERSION_MIN ||
3612		    r_policyvers > POLICYDB_VERSION_MAX) {
3613			ERR(fp->handle, "policydb version %d does not match "
3614			    "my version range %d-%d", buf[bufindex],
3615			    POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
3616			return POLICYDB_ERROR;
3617		}
3618	} else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
3619		if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
3620		    r_policyvers > MOD_POLICYDB_VERSION_MAX) {
3621			ERR(fp->handle, "policydb module version %d does "
3622			    "not match my version range %d-%d",
3623			    buf[bufindex], MOD_POLICYDB_VERSION_MIN,
3624			    MOD_POLICYDB_VERSION_MAX);
3625			return POLICYDB_ERROR;
3626		}
3627	} else {
3628		assert(0);
3629	}
3630	bufindex++;
3631
3632	/* Set the policy type and version from the read values. */
3633	p->policy_type = policy_type;
3634	p->policyvers = r_policyvers;
3635
3636	if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
3637		p->mls = 1;
3638	} else {
3639		p->mls = 0;
3640	}
3641
3642	p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
3643
3644	bufindex++;
3645
3646	info = policydb_lookup_compat(r_policyvers, policy_type,
3647					p->target_platform);
3648	if (!info) {
3649		ERR(fp->handle, "unable to find policy compat info "
3650		    "for version %d", r_policyvers);
3651		goto bad;
3652	}
3653
3654	if (buf[bufindex] != info->sym_num
3655	    || buf[bufindex + 1] != info->ocon_num) {
3656		ERR(fp->handle,
3657		    "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
3658		    buf[bufindex], buf[bufindex + 1], info->sym_num,
3659		    info->ocon_num);
3660		goto bad;
3661	}
3662
3663	if (p->policy_type == POLICY_MOD) {
3664		/* Get the module name and version */
3665		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3666			goto bad;
3667		}
3668		len = le32_to_cpu(buf[0]);
3669		if ((p->name = malloc(len + 1)) == NULL) {
3670			goto bad;
3671		}
3672		if ((rc = next_entry(p->name, fp, len)) < 0) {
3673			goto bad;
3674		}
3675		p->name[len] = '\0';
3676		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3677			goto bad;
3678		}
3679		len = le32_to_cpu(buf[0]);
3680		if ((p->version = malloc(len + 1)) == NULL) {
3681			goto bad;
3682		}
3683		if ((rc = next_entry(p->version, fp, len)) < 0) {
3684			goto bad;
3685		}
3686		p->version[len] = '\0';
3687	}
3688
3689	if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
3690	     p->policy_type == POLICY_KERN) ||
3691	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3692	     p->policy_type == POLICY_BASE) ||
3693	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
3694	     p->policy_type == POLICY_MOD)) {
3695		if (ebitmap_read(&p->policycaps, fp))
3696			goto bad;
3697	}
3698
3699	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
3700	    p->policy_type == POLICY_KERN) {
3701		if (ebitmap_read(&p->permissive_map, fp))
3702			goto bad;
3703	}
3704
3705	for (i = 0; i < info->sym_num; i++) {
3706		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3707		if (rc < 0)
3708			goto bad;
3709		nprim = le32_to_cpu(buf[0]);
3710		nel = le32_to_cpu(buf[1]);
3711		for (j = 0; j < nel; j++) {
3712			if (read_f[i] (p, p->symtab[i].table, fp))
3713				goto bad;
3714		}
3715
3716		p->symtab[i].nprim = nprim;
3717	}
3718
3719	if (policy_type == POLICY_KERN) {
3720		if (avtab_read(&p->te_avtab, fp, r_policyvers))
3721			goto bad;
3722		if (r_policyvers >= POLICYDB_VERSION_BOOL)
3723			if (cond_read_list(p, &p->cond_list, fp))
3724				goto bad;
3725		if (role_trans_read(p, fp))
3726			goto bad;
3727		if (role_allow_read(&p->role_allow, fp))
3728			goto bad;
3729		if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
3730		    filename_trans_read(&p->filename_trans, fp))
3731			goto bad;
3732	} else {
3733		/* first read the AV rule blocks, then the scope tables */
3734		avrule_block_destroy(p->global);
3735		p->global = NULL;
3736		if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
3737			goto bad;
3738		}
3739		for (i = 0; i < info->sym_num; i++) {
3740			if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
3741				goto bad;
3742			}
3743			nel = le32_to_cpu(buf[0]);
3744			for (j = 0; j < nel; j++) {
3745				if (scope_read(p, i, fp))
3746					goto bad;
3747			}
3748		}
3749
3750	}
3751
3752	if (policydb_index_decls(p))
3753		goto bad;
3754
3755	if (policydb_index_classes(p))
3756		goto bad;
3757
3758	if (policydb_index_others(fp->handle, p, verbose))
3759		goto bad;
3760
3761	if (ocontext_read(info, p, fp) == -1) {
3762		goto bad;
3763	}
3764
3765	if (genfs_read(p, fp) == -1) {
3766		goto bad;
3767	}
3768
3769	if ((p->policy_type == POLICY_KERN
3770	     && p->policyvers >= POLICYDB_VERSION_MLS)
3771	    || (p->policy_type == POLICY_BASE
3772		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
3773		&& p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
3774		if (range_read(p, fp)) {
3775			goto bad;
3776		}
3777	}
3778
3779	if (policy_type == POLICY_KERN) {
3780		p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3781		p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
3782		if (!p->type_attr_map || !p->attr_type_map)
3783			goto bad;
3784		for (i = 0; i < p->p_types.nprim; i++) {
3785			ebitmap_init(&p->type_attr_map[i]);
3786			ebitmap_init(&p->attr_type_map[i]);
3787		}
3788		for (i = 0; i < p->p_types.nprim; i++) {
3789			if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
3790				if (ebitmap_read(&p->type_attr_map[i], fp))
3791					goto bad;
3792				ebitmap_for_each_bit(&p->type_attr_map[i],
3793						     tnode, j) {
3794					if (!ebitmap_node_get_bit(tnode, j)
3795					    || i == j)
3796						continue;
3797					if (ebitmap_set_bit
3798					    (&p->attr_type_map[j], i, 1))
3799						goto bad;
3800				}
3801			}
3802			/* add the type itself as the degenerate case */
3803			if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
3804				goto bad;
3805		}
3806	}
3807
3808	return POLICYDB_SUCCESS;
3809      bad:
3810	return POLICYDB_ERROR;
3811}
3812
3813int policydb_reindex_users(policydb_t * p)
3814{
3815	unsigned int i = SYM_USERS;
3816
3817	if (p->user_val_to_struct)
3818		free(p->user_val_to_struct);
3819	if (p->sym_val_to_name[i])
3820		free(p->sym_val_to_name[i]);
3821
3822	p->user_val_to_struct = (user_datum_t **)
3823	    malloc(p->p_users.nprim * sizeof(user_datum_t *));
3824	if (!p->user_val_to_struct)
3825		return -1;
3826
3827	p->sym_val_to_name[i] = (char **)
3828	    malloc(p->symtab[i].nprim * sizeof(char *));
3829	if (!p->sym_val_to_name[i])
3830		return -1;
3831
3832	if (hashtab_map(p->symtab[i].table, index_f[i], p))
3833		return -1;
3834
3835	/* Expand user roles for context validity checking */
3836	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
3837		return -1;
3838
3839	return 0;
3840}
3841
3842void policy_file_init(policy_file_t *pf)
3843{
3844	memset(pf, 0, sizeof(policy_file_t));
3845}
3846
3847int policydb_set_target_platform(policydb_t *p, int platform)
3848{
3849	if (platform == SEPOL_TARGET_SELINUX)
3850		p->target_platform = SEPOL_TARGET_SELINUX;
3851	else if (platform == SEPOL_TARGET_XEN)
3852		p->target_platform = SEPOL_TARGET_XEN;
3853	else
3854		return -1;
3855
3856	return 0;
3857}
3858
3859