policydb.c revision 255e72915d4cbddceb435e13d81601755714e9f3
1 2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3 4/* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37/* FLASK */ 38 39/* 40 * Implementation of the policy database. 41 */ 42 43#include <assert.h> 44#include <stdlib.h> 45 46#include <sepol/policydb/policydb.h> 47#include <sepol/policydb/expand.h> 48#include <sepol/policydb/conditional.h> 49#include <sepol/policydb/avrule_block.h> 50#include <sepol/policydb/util.h> 51#include <sepol/policydb/flask.h> 52 53#include "private.h" 54#include "debug.h" 55#include "mls.h" 56 57#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60/* These need to be updated if SYM_NUM or OCON_NUM changes */ 61static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_FSUSE + 1, 74 .target_platform = SEPOL_TARGET_SELINUX, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BOOL, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_IPV6, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NODE6 + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_RANGETRANS, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_POLCAP, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_PERMISSIVE, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_BOUNDARY, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_FILENAME_TRANS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_ROLETRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_BASE, 155 .version = MOD_POLICYDB_VERSION_BASE, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_BASE, 162 .version = MOD_POLICYDB_VERSION_MLS, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_BASE, 169 .version = MOD_POLICYDB_VERSION_MLS_USERS, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_BASE, 176 .version = MOD_POLICYDB_VERSION_POLCAP, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_BASE, 183 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_BOUNDARY, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_ROLETRANS, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_BASE, 218 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 219 .sym_num = SYM_NUM, 220 .ocon_num = OCON_NODE6 + 1, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_MOD, 225 .version = MOD_POLICYDB_VERSION_BASE, 226 .sym_num = SYM_NUM, 227 .ocon_num = 0, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_MOD, 232 .version = MOD_POLICYDB_VERSION_MLS, 233 .sym_num = SYM_NUM, 234 .ocon_num = 0, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_MOD, 239 .version = MOD_POLICYDB_VERSION_MLS_USERS, 240 .sym_num = SYM_NUM, 241 .ocon_num = 0, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_MOD, 246 .version = MOD_POLICYDB_VERSION_POLCAP, 247 .sym_num = SYM_NUM, 248 .ocon_num = 0, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_MOD, 253 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 254 .sym_num = SYM_NUM, 255 .ocon_num = 0, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_MOD, 260 .version = MOD_POLICYDB_VERSION_BOUNDARY, 261 .sym_num = SYM_NUM, 262 .ocon_num = 0, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_MOD, 267 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 268 .sym_num = SYM_NUM, 269 .ocon_num = 0, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_MOD, 274 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 275 .sym_num = SYM_NUM, 276 .ocon_num = 0, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279 { 280 .type = POLICY_MOD, 281 .version = MOD_POLICYDB_VERSION_ROLETRANS, 282 .sym_num = SYM_NUM, 283 .ocon_num = 0, 284 .target_platform = SEPOL_TARGET_SELINUX, 285 }, 286 { 287 .type = POLICY_MOD, 288 .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 289 .sym_num = SYM_NUM, 290 .ocon_num = 0, 291 .target_platform = SEPOL_TARGET_SELINUX, 292 }, 293}; 294 295#if 0 296static char *symtab_name[SYM_NUM] = { 297 "common prefixes", 298 "classes", 299 "roles", 300 "types", 301 "users", 302 "bools" mls_symtab_names cond_symtab_names 303}; 304#endif 305 306static unsigned int symtab_sizes[SYM_NUM] = { 307 2, 308 32, 309 16, 310 512, 311 128, 312 16, 313 16, 314 16, 315}; 316 317struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 318 unsigned int type, 319 unsigned int target_platform) 320{ 321 unsigned int i; 322 struct policydb_compat_info *info = NULL; 323 324 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 325 if (policydb_compat[i].version == version && 326 policydb_compat[i].type == type && 327 policydb_compat[i].target_platform == target_platform) { 328 info = &policydb_compat[i]; 329 break; 330 } 331 } 332 return info; 333} 334 335void type_set_init(type_set_t * x) 336{ 337 memset(x, 0, sizeof(type_set_t)); 338 ebitmap_init(&x->types); 339 ebitmap_init(&x->negset); 340} 341 342void type_set_destroy(type_set_t * x) 343{ 344 if (x != NULL) { 345 ebitmap_destroy(&x->types); 346 ebitmap_destroy(&x->negset); 347 } 348} 349 350void role_set_init(role_set_t * x) 351{ 352 memset(x, 0, sizeof(role_set_t)); 353 ebitmap_init(&x->roles); 354} 355 356void role_set_destroy(role_set_t * x) 357{ 358 ebitmap_destroy(&x->roles); 359} 360 361void role_datum_init(role_datum_t * x) 362{ 363 memset(x, 0, sizeof(role_datum_t)); 364 ebitmap_init(&x->dominates); 365 type_set_init(&x->types); 366 ebitmap_init(&x->cache); 367 ebitmap_init(&x->roles); 368} 369 370void role_datum_destroy(role_datum_t * x) 371{ 372 if (x != NULL) { 373 ebitmap_destroy(&x->dominates); 374 type_set_destroy(&x->types); 375 ebitmap_destroy(&x->cache); 376 ebitmap_destroy(&x->roles); 377 } 378} 379 380void type_datum_init(type_datum_t * x) 381{ 382 memset(x, 0, sizeof(*x)); 383 ebitmap_init(&x->types); 384} 385 386void type_datum_destroy(type_datum_t * x) 387{ 388 if (x != NULL) { 389 ebitmap_destroy(&x->types); 390 } 391} 392 393void user_datum_init(user_datum_t * x) 394{ 395 memset(x, 0, sizeof(user_datum_t)); 396 role_set_init(&x->roles); 397 mls_semantic_range_init(&x->range); 398 mls_semantic_level_init(&x->dfltlevel); 399 ebitmap_init(&x->cache); 400 mls_range_init(&x->exp_range); 401 mls_level_init(&x->exp_dfltlevel); 402} 403 404void user_datum_destroy(user_datum_t * x) 405{ 406 if (x != NULL) { 407 role_set_destroy(&x->roles); 408 mls_semantic_range_destroy(&x->range); 409 mls_semantic_level_destroy(&x->dfltlevel); 410 ebitmap_destroy(&x->cache); 411 mls_range_destroy(&x->exp_range); 412 mls_level_destroy(&x->exp_dfltlevel); 413 } 414} 415 416void level_datum_init(level_datum_t * x) 417{ 418 memset(x, 0, sizeof(level_datum_t)); 419} 420 421void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 422{ 423 /* the mls_level_t referenced by the level_datum is managed 424 * separately for now, so there is nothing to destroy */ 425 return; 426} 427 428void cat_datum_init(cat_datum_t * x) 429{ 430 memset(x, 0, sizeof(cat_datum_t)); 431} 432 433void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 434{ 435 /* it's currently a simple struct - really nothing to destroy */ 436 return; 437} 438 439void class_perm_node_init(class_perm_node_t * x) 440{ 441 memset(x, 0, sizeof(class_perm_node_t)); 442} 443 444void avrule_init(avrule_t * x) 445{ 446 memset(x, 0, sizeof(avrule_t)); 447 type_set_init(&x->stypes); 448 type_set_init(&x->ttypes); 449} 450 451void avrule_destroy(avrule_t * x) 452{ 453 class_perm_node_t *cur, *next; 454 455 if (x == NULL) { 456 return; 457 } 458 type_set_destroy(&x->stypes); 459 type_set_destroy(&x->ttypes); 460 461 next = x->perms; 462 while (next) { 463 cur = next; 464 next = cur->next; 465 free(cur); 466 } 467} 468 469void role_trans_rule_init(role_trans_rule_t * x) 470{ 471 memset(x, 0, sizeof(*x)); 472 role_set_init(&x->roles); 473 type_set_init(&x->types); 474 ebitmap_init(&x->classes); 475} 476 477void role_trans_rule_destroy(role_trans_rule_t * x) 478{ 479 if (x != NULL) { 480 role_set_destroy(&x->roles); 481 type_set_destroy(&x->types); 482 ebitmap_destroy(&x->classes); 483 } 484} 485 486void role_trans_rule_list_destroy(role_trans_rule_t * x) 487{ 488 while (x != NULL) { 489 role_trans_rule_t *next = x->next; 490 role_trans_rule_destroy(x); 491 free(x); 492 x = next; 493 } 494} 495 496void filename_trans_rule_init(filename_trans_rule_t * x) 497{ 498 memset(x, 0, sizeof(*x)); 499 type_set_init(&x->stypes); 500 type_set_init(&x->ttypes); 501} 502 503static void filename_trans_rule_destroy(filename_trans_rule_t * x) 504{ 505 if (!x) 506 return; 507 type_set_destroy(&x->stypes); 508 type_set_destroy(&x->ttypes); 509 free(x->name); 510} 511 512void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 513{ 514 filename_trans_rule_t *next; 515 while (x) { 516 next = x->next; 517 filename_trans_rule_destroy(x); 518 free(x); 519 x = next; 520 } 521} 522 523void role_allow_rule_init(role_allow_rule_t * x) 524{ 525 memset(x, 0, sizeof(role_allow_rule_t)); 526 role_set_init(&x->roles); 527 role_set_init(&x->new_roles); 528} 529 530void role_allow_rule_destroy(role_allow_rule_t * x) 531{ 532 role_set_destroy(&x->roles); 533 role_set_destroy(&x->new_roles); 534} 535 536void role_allow_rule_list_destroy(role_allow_rule_t * x) 537{ 538 while (x != NULL) { 539 role_allow_rule_t *next = x->next; 540 role_allow_rule_destroy(x); 541 free(x); 542 x = next; 543 } 544} 545 546void range_trans_rule_init(range_trans_rule_t * x) 547{ 548 type_set_init(&x->stypes); 549 type_set_init(&x->ttypes); 550 ebitmap_init(&x->tclasses); 551 mls_semantic_range_init(&x->trange); 552 x->next = NULL; 553} 554 555void range_trans_rule_destroy(range_trans_rule_t * x) 556{ 557 type_set_destroy(&x->stypes); 558 type_set_destroy(&x->ttypes); 559 ebitmap_destroy(&x->tclasses); 560 mls_semantic_range_destroy(&x->trange); 561} 562 563void range_trans_rule_list_destroy(range_trans_rule_t * x) 564{ 565 while (x != NULL) { 566 range_trans_rule_t *next = x->next; 567 range_trans_rule_destroy(x); 568 free(x); 569 x = next; 570 } 571} 572 573void avrule_list_destroy(avrule_t * x) 574{ 575 avrule_t *next, *cur; 576 577 if (!x) 578 return; 579 580 next = x; 581 while (next) { 582 cur = next; 583 next = next->next; 584 avrule_destroy(cur); 585 free(cur); 586 } 587} 588 589/* 590 * Initialize the role table by implicitly adding role 'object_r'. If 591 * the policy is a module, set object_r's scope to be SCOPE_REQ, 592 * otherwise set it to SCOPE_DECL. 593 */ 594static int roles_init(policydb_t * p) 595{ 596 char *key = 0; 597 int rc; 598 role_datum_t *role; 599 600 role = calloc(1, sizeof(role_datum_t)); 601 if (!role) { 602 rc = -ENOMEM; 603 goto out; 604 } 605 key = malloc(strlen(OBJECT_R) + 1); 606 if (!key) { 607 rc = -ENOMEM; 608 goto out_free_role; 609 } 610 strcpy(key, OBJECT_R); 611 rc = symtab_insert(p, SYM_ROLES, key, role, 612 (p->policy_type == 613 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 614 &role->s.value); 615 if (rc) 616 goto out_free_key; 617 if (role->s.value != OBJECT_R_VAL) { 618 rc = -EINVAL; 619 goto out_free_role; 620 } 621 out: 622 return rc; 623 624 out_free_key: 625 free(key); 626 out_free_role: 627 free(role); 628 goto out; 629} 630 631/* 632 * Initialize a policy database structure. 633 */ 634int policydb_init(policydb_t * p) 635{ 636 int i, rc; 637 638 memset(p, 0, sizeof(policydb_t)); 639 640 ebitmap_init(&p->policycaps); 641 642 ebitmap_init(&p->permissive_map); 643 644 for (i = 0; i < SYM_NUM; i++) { 645 p->sym_val_to_name[i] = NULL; 646 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 647 if (rc) 648 goto out_free_symtab; 649 } 650 651 /* initialize the module stuff */ 652 for (i = 0; i < SYM_NUM; i++) { 653 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 654 goto out_free_symtab; 655 } 656 } 657 if ((p->global = avrule_block_create()) == NULL || 658 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 659 goto out_free_symtab; 660 } 661 p->decl_val_to_struct = NULL; 662 663 rc = avtab_init(&p->te_avtab); 664 if (rc) 665 goto out_free_symtab; 666 667 rc = roles_init(p); 668 if (rc) 669 goto out_free_symtab; 670 671 rc = cond_policydb_init(p); 672 if (rc) 673 goto out_free_symtab; 674 out: 675 return rc; 676 677 out_free_symtab: 678 for (i = 0; i < SYM_NUM; i++) { 679 hashtab_destroy(p->symtab[i].table); 680 hashtab_destroy(p->scope[i].table); 681 } 682 avrule_block_list_destroy(p->global); 683 goto out; 684} 685 686int policydb_role_cache(hashtab_key_t key 687 __attribute__ ((unused)), hashtab_datum_t datum, 688 void *arg) 689{ 690 policydb_t *p; 691 role_datum_t *role; 692 693 role = (role_datum_t *) datum; 694 p = (policydb_t *) arg; 695 696 ebitmap_destroy(&role->cache); 697 if (type_set_expand(&role->types, &role->cache, p, 1)) { 698 return -1; 699 } 700 701 return 0; 702} 703 704int policydb_user_cache(hashtab_key_t key 705 __attribute__ ((unused)), hashtab_datum_t datum, 706 void *arg) 707{ 708 policydb_t *p; 709 user_datum_t *user; 710 711 user = (user_datum_t *) datum; 712 p = (policydb_t *) arg; 713 714 ebitmap_destroy(&user->cache); 715 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 716 return -1; 717 } 718 719 /* we do not expand user's MLS info in kernel policies because the 720 * semantic representation is not present and we do not expand user's 721 * MLS info in module policies because all of the necessary mls 722 * information is not present */ 723 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 724 mls_range_destroy(&user->exp_range); 725 if (mls_semantic_range_expand(&user->range, 726 &user->exp_range, p, NULL)) { 727 return -1; 728 } 729 730 mls_level_destroy(&user->exp_dfltlevel); 731 if (mls_semantic_level_expand(&user->dfltlevel, 732 &user->exp_dfltlevel, p, NULL)) { 733 return -1; 734 } 735 } 736 737 return 0; 738} 739 740/* 741 * The following *_index functions are used to 742 * define the val_to_name and val_to_struct arrays 743 * in a policy database structure. The val_to_name 744 * arrays are used when converting security context 745 * structures into string representations. The 746 * val_to_struct arrays are used when the attributes 747 * of a class, role, or user are needed. 748 */ 749 750static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 751{ 752 policydb_t *p; 753 common_datum_t *comdatum; 754 755 comdatum = (common_datum_t *) datum; 756 p = (policydb_t *) datap; 757 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 758 return -EINVAL; 759 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 760 761 return 0; 762} 763 764static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 765{ 766 policydb_t *p; 767 class_datum_t *cladatum; 768 769 cladatum = (class_datum_t *) datum; 770 p = (policydb_t *) datap; 771 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 772 return -EINVAL; 773 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 774 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 775 776 return 0; 777} 778 779static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 780{ 781 policydb_t *p; 782 role_datum_t *role; 783 784 role = (role_datum_t *) datum; 785 p = (policydb_t *) datap; 786 if (!role->s.value || role->s.value > p->p_roles.nprim) 787 return -EINVAL; 788 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 789 p->role_val_to_struct[role->s.value - 1] = role; 790 791 return 0; 792} 793 794static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 795{ 796 policydb_t *p; 797 type_datum_t *typdatum; 798 799 typdatum = (type_datum_t *) datum; 800 p = (policydb_t *) datap; 801 802 if (typdatum->primary) { 803 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 804 return -EINVAL; 805 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 806 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 807 } 808 809 return 0; 810} 811 812static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 813{ 814 policydb_t *p; 815 user_datum_t *usrdatum; 816 817 usrdatum = (user_datum_t *) datum; 818 p = (policydb_t *) datap; 819 820 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 821 return -EINVAL; 822 823 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 824 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 825 826 return 0; 827} 828 829static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 830{ 831 policydb_t *p; 832 level_datum_t *levdatum; 833 834 levdatum = (level_datum_t *) datum; 835 p = (policydb_t *) datap; 836 837 if (!levdatum->isalias) { 838 if (!levdatum->level->sens || 839 levdatum->level->sens > p->p_levels.nprim) 840 return -EINVAL; 841 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 842 } 843 844 return 0; 845} 846 847static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 848{ 849 policydb_t *p; 850 cat_datum_t *catdatum; 851 852 catdatum = (cat_datum_t *) datum; 853 p = (policydb_t *) datap; 854 855 if (!catdatum->isalias) { 856 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 857 return -EINVAL; 858 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 859 } 860 861 return 0; 862} 863 864static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 865 void *datap) = { 866common_index, class_index, role_index, type_index, user_index, 867 cond_index_bool, sens_index, cat_index,}; 868 869/* 870 * Define the common val_to_name array and the class 871 * val_to_name and val_to_struct arrays in a policy 872 * database structure. 873 */ 874int policydb_index_classes(policydb_t * p) 875{ 876 free(p->p_common_val_to_name); 877 p->p_common_val_to_name = (char **) 878 malloc(p->p_commons.nprim * sizeof(char *)); 879 if (!p->p_common_val_to_name) 880 return -1; 881 882 if (hashtab_map(p->p_commons.table, common_index, p)) 883 return -1; 884 885 free(p->class_val_to_struct); 886 p->class_val_to_struct = (class_datum_t **) 887 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 888 if (!p->class_val_to_struct) 889 return -1; 890 891 free(p->p_class_val_to_name); 892 p->p_class_val_to_name = (char **) 893 malloc(p->p_classes.nprim * sizeof(char *)); 894 if (!p->p_class_val_to_name) 895 return -1; 896 897 if (hashtab_map(p->p_classes.table, class_index, p)) 898 return -1; 899 900 return 0; 901} 902 903int policydb_index_bools(policydb_t * p) 904{ 905 906 if (cond_init_bool_indexes(p) == -1) 907 return -1; 908 p->p_bool_val_to_name = (char **) 909 malloc(p->p_bools.nprim * sizeof(char *)); 910 if (!p->p_bool_val_to_name) 911 return -1; 912 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 913 return -1; 914 return 0; 915} 916 917int policydb_index_decls(policydb_t * p) 918{ 919 avrule_block_t *curblock; 920 avrule_decl_t *decl; 921 int num_decls = 0; 922 923 free(p->decl_val_to_struct); 924 925 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 926 for (decl = curblock->branch_list; decl != NULL; 927 decl = decl->next) { 928 num_decls++; 929 } 930 } 931 932 p->decl_val_to_struct = 933 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 934 if (!p->decl_val_to_struct) { 935 return -1; 936 } 937 938 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 939 for (decl = curblock->branch_list; decl != NULL; 940 decl = decl->next) { 941 p->decl_val_to_struct[decl->decl_id - 1] = decl; 942 } 943 } 944 945 return 0; 946} 947 948/* 949 * Define the other val_to_name and val_to_struct arrays 950 * in a policy database structure. 951 */ 952int policydb_index_others(sepol_handle_t * handle, 953 policydb_t * p, unsigned verbose) 954{ 955 int i; 956 957 if (verbose) { 958 INFO(handle, 959 "security: %d users, %d roles, %d types, %d bools", 960 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 961 p->p_bools.nprim); 962 963 if (p->mls) 964 INFO(handle, "security: %d sens, %d cats", 965 p->p_levels.nprim, p->p_cats.nprim); 966 967 INFO(handle, "security: %d classes, %d rules, %d cond rules", 968 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 969 } 970#if 0 971 avtab_hash_eval(&p->te_avtab, "rules"); 972 for (i = 0; i < SYM_NUM; i++) 973 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 974#endif 975 976 free(p->role_val_to_struct); 977 p->role_val_to_struct = (role_datum_t **) 978 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 979 if (!p->role_val_to_struct) 980 return -1; 981 982 free(p->user_val_to_struct); 983 p->user_val_to_struct = (user_datum_t **) 984 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 985 if (!p->user_val_to_struct) 986 return -1; 987 988 free(p->type_val_to_struct); 989 p->type_val_to_struct = (type_datum_t **) 990 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 991 if (!p->type_val_to_struct) 992 return -1; 993 994 cond_init_bool_indexes(p); 995 996 for (i = SYM_ROLES; i < SYM_NUM; i++) { 997 free(p->sym_val_to_name[i]); 998 p->sym_val_to_name[i] = NULL; 999 if (p->symtab[i].nprim) { 1000 p->sym_val_to_name[i] = (char **) 1001 calloc(p->symtab[i].nprim, sizeof(char *)); 1002 if (!p->sym_val_to_name[i]) 1003 return -1; 1004 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 1005 return -1; 1006 } 1007 } 1008 1009 /* This pre-expands the roles and users for context validity checking */ 1010 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 1011 return -1; 1012 1013 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 1014 return -1; 1015 1016 return 0; 1017} 1018 1019/* 1020 * The following *_destroy functions are used to 1021 * free any memory allocated for each kind of 1022 * symbol data in the policy database. 1023 */ 1024 1025static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1026 __attribute__ ((unused))) 1027{ 1028 if (key) 1029 free(key); 1030 free(datum); 1031 return 0; 1032} 1033 1034static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1035 __attribute__ ((unused))) 1036{ 1037 common_datum_t *comdatum; 1038 1039 if (key) 1040 free(key); 1041 comdatum = (common_datum_t *) datum; 1042 hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1043 hashtab_destroy(comdatum->permissions.table); 1044 free(datum); 1045 return 0; 1046} 1047 1048static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1049 __attribute__ ((unused))) 1050{ 1051 class_datum_t *cladatum; 1052 constraint_node_t *constraint, *ctemp; 1053 constraint_expr_t *e, *etmp; 1054 1055 if (key) 1056 free(key); 1057 cladatum = (class_datum_t *) datum; 1058 if (cladatum == NULL) { 1059 return 0; 1060 } 1061 hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1062 hashtab_destroy(cladatum->permissions.table); 1063 constraint = cladatum->constraints; 1064 while (constraint) { 1065 e = constraint->expr; 1066 while (e) { 1067 etmp = e; 1068 e = e->next; 1069 constraint_expr_destroy(etmp); 1070 } 1071 ctemp = constraint; 1072 constraint = constraint->next; 1073 free(ctemp); 1074 } 1075 1076 constraint = cladatum->validatetrans; 1077 while (constraint) { 1078 e = constraint->expr; 1079 while (e) { 1080 etmp = e; 1081 e = e->next; 1082 constraint_expr_destroy(etmp); 1083 } 1084 ctemp = constraint; 1085 constraint = constraint->next; 1086 free(ctemp); 1087 } 1088 1089 if (cladatum->comkey) 1090 free(cladatum->comkey); 1091 free(datum); 1092 return 0; 1093} 1094 1095static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1096 __attribute__ ((unused))) 1097{ 1098 free(key); 1099 role_datum_destroy((role_datum_t *) datum); 1100 free(datum); 1101 return 0; 1102} 1103 1104static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1105 __attribute__ ((unused))) 1106{ 1107 free(key); 1108 type_datum_destroy((type_datum_t *) datum); 1109 free(datum); 1110 return 0; 1111} 1112 1113static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1114 __attribute__ ((unused))) 1115{ 1116 free(key); 1117 user_datum_destroy((user_datum_t *) datum); 1118 free(datum); 1119 return 0; 1120} 1121 1122static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1123 __attribute__ ((unused))) 1124{ 1125 level_datum_t *levdatum; 1126 1127 if (key) 1128 free(key); 1129 levdatum = (level_datum_t *) datum; 1130 mls_level_destroy(levdatum->level); 1131 free(levdatum->level); 1132 level_datum_destroy(levdatum); 1133 free(levdatum); 1134 return 0; 1135} 1136 1137static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1138 __attribute__ ((unused))) 1139{ 1140 if (key) 1141 free(key); 1142 cat_datum_destroy((cat_datum_t *) datum); 1143 free(datum); 1144 return 0; 1145} 1146 1147static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1148 void *datap) = { 1149common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1150 cond_destroy_bool, sens_destroy, cat_destroy,}; 1151 1152void ocontext_selinux_free(ocontext_t **ocontexts) 1153{ 1154 ocontext_t *c, *ctmp; 1155 int i; 1156 1157 for (i = 0; i < OCON_NUM; i++) { 1158 c = ocontexts[i]; 1159 while (c) { 1160 ctmp = c; 1161 c = c->next; 1162 context_destroy(&ctmp->context[0]); 1163 context_destroy(&ctmp->context[1]); 1164 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1165 || i == OCON_FSUSE) 1166 free(ctmp->u.name); 1167 free(ctmp); 1168 } 1169 } 1170} 1171 1172void ocontext_xen_free(ocontext_t **ocontexts) 1173{ 1174 ocontext_t *c, *ctmp; 1175 int i; 1176 1177 for (i = 0; i < OCON_NUM; i++) { 1178 c = ocontexts[i]; 1179 while (c) { 1180 ctmp = c; 1181 c = c->next; 1182 context_destroy(&ctmp->context[0]); 1183 context_destroy(&ctmp->context[1]); 1184 if (i == OCON_ISID) 1185 free(ctmp->u.name); 1186 free(ctmp); 1187 } 1188 } 1189} 1190 1191/* 1192 * Free any memory allocated by a policy database structure. 1193 */ 1194void policydb_destroy(policydb_t * p) 1195{ 1196 ocontext_t *c, *ctmp; 1197 genfs_t *g, *gtmp; 1198 unsigned int i; 1199 role_allow_t *ra, *lra = NULL; 1200 role_trans_t *tr, *ltr = NULL; 1201 range_trans_t *rt, *lrt = NULL; 1202 filename_trans_t *ft, *nft; 1203 1204 if (!p) 1205 return; 1206 1207 ebitmap_destroy(&p->policycaps); 1208 1209 ebitmap_destroy(&p->permissive_map); 1210 1211 symtabs_destroy(p->symtab); 1212 1213 for (i = 0; i < SYM_NUM; i++) { 1214 if (p->sym_val_to_name[i]) 1215 free(p->sym_val_to_name[i]); 1216 } 1217 1218 if (p->class_val_to_struct) 1219 free(p->class_val_to_struct); 1220 if (p->role_val_to_struct) 1221 free(p->role_val_to_struct); 1222 if (p->user_val_to_struct) 1223 free(p->user_val_to_struct); 1224 if (p->type_val_to_struct) 1225 free(p->type_val_to_struct); 1226 free(p->decl_val_to_struct); 1227 1228 for (i = 0; i < SYM_NUM; i++) { 1229 hashtab_map(p->scope[i].table, scope_destroy, 0); 1230 hashtab_destroy(p->scope[i].table); 1231 } 1232 avrule_block_list_destroy(p->global); 1233 free(p->name); 1234 free(p->version); 1235 1236 avtab_destroy(&p->te_avtab); 1237 1238 if (p->target_platform == SEPOL_TARGET_SELINUX) 1239 ocontext_selinux_free(p->ocontexts); 1240 else if (p->target_platform == SEPOL_TARGET_XEN) 1241 ocontext_xen_free(p->ocontexts); 1242 1243 g = p->genfs; 1244 while (g) { 1245 free(g->fstype); 1246 c = g->head; 1247 while (c) { 1248 ctmp = c; 1249 c = c->next; 1250 context_destroy(&ctmp->context[0]); 1251 free(ctmp->u.name); 1252 free(ctmp); 1253 } 1254 gtmp = g; 1255 g = g->next; 1256 free(gtmp); 1257 } 1258 cond_policydb_destroy(p); 1259 1260 for (tr = p->role_tr; tr; tr = tr->next) { 1261 if (ltr) 1262 free(ltr); 1263 ltr = tr; 1264 } 1265 if (ltr) 1266 free(ltr); 1267 1268 ft = p->filename_trans; 1269 while (ft) { 1270 nft = ft->next; 1271 free(ft->name); 1272 free(ft); 1273 ft = nft; 1274 } 1275 1276 for (ra = p->role_allow; ra; ra = ra->next) { 1277 if (lra) 1278 free(lra); 1279 lra = ra; 1280 } 1281 if (lra) 1282 free(lra); 1283 1284 for (rt = p->range_tr; rt; rt = rt->next) { 1285 if (lrt) { 1286 ebitmap_destroy(&lrt->target_range.level[0].cat); 1287 ebitmap_destroy(&lrt->target_range.level[1].cat); 1288 free(lrt); 1289 } 1290 lrt = rt; 1291 } 1292 if (lrt) { 1293 ebitmap_destroy(&lrt->target_range.level[0].cat); 1294 ebitmap_destroy(&lrt->target_range.level[1].cat); 1295 free(lrt); 1296 } 1297 1298 if (p->type_attr_map) { 1299 for (i = 0; i < p->p_types.nprim; i++) { 1300 ebitmap_destroy(&p->type_attr_map[i]); 1301 } 1302 free(p->type_attr_map); 1303 } 1304 1305 if (p->attr_type_map) { 1306 for (i = 0; i < p->p_types.nprim; i++) { 1307 ebitmap_destroy(&p->attr_type_map[i]); 1308 } 1309 free(p->attr_type_map); 1310 } 1311 1312 return; 1313} 1314 1315void symtabs_destroy(symtab_t * symtab) 1316{ 1317 int i; 1318 for (i = 0; i < SYM_NUM; i++) { 1319 hashtab_map(symtab[i].table, destroy_f[i], 0); 1320 hashtab_destroy(symtab[i].table); 1321 } 1322} 1323 1324int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1325 __attribute__ ((unused))) 1326{ 1327 scope_datum_t *cur = (scope_datum_t *) datum; 1328 free(key); 1329 if (cur != NULL) { 1330 free(cur->decl_ids); 1331 } 1332 free(cur); 1333 return 0; 1334} 1335 1336hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1337{ 1338 if (sym_num < 0 || sym_num >= SYM_NUM) { 1339 return NULL; 1340 } 1341 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1342} 1343 1344/* 1345 * Load the initial SIDs specified in a policy database 1346 * structure into a SID table. 1347 */ 1348int policydb_load_isids(policydb_t * p, sidtab_t * s) 1349{ 1350 ocontext_t *head, *c; 1351 1352 if (sepol_sidtab_init(s)) { 1353 ERR(NULL, "out of memory on SID table init"); 1354 return -1; 1355 } 1356 1357 head = p->ocontexts[OCON_ISID]; 1358 for (c = head; c; c = c->next) { 1359 if (!c->context[0].user) { 1360 ERR(NULL, "SID %s was never defined", c->u.name); 1361 return -1; 1362 } 1363 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1364 ERR(NULL, "unable to load initial SID %s", c->u.name); 1365 return -1; 1366 } 1367 } 1368 1369 return 0; 1370} 1371 1372/* Declare a symbol for a certain avrule_block context. Insert it 1373 * into a symbol table for a policy. This function will handle 1374 * inserting the appropriate scope information in addition to 1375 * inserting the symbol into the hash table. 1376 * 1377 * arguments: 1378 * policydb_t *pol module policy to modify 1379 * uint32_t sym the symbole table for insertion (SYM_*) 1380 * hashtab_key_t key the key for the symbol - not cloned 1381 * hashtab_datum_t data the data for the symbol - not cloned 1382 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1383 * avrule_decl_id identifier for this symbol's encapsulating declaration 1384 * value (out) assigned value to the symbol (if value is not NULL) 1385 * 1386 * returns: 1387 * 0 success 1388 * 1 success, but symbol already existed as a requirement 1389 * (datum was not inserted and needs to be free()d) 1390 * -1 general error 1391 * -2 scope conflicted 1392 * -ENOMEM memory error 1393 * error codes from hashtab_insert 1394 */ 1395int symtab_insert(policydb_t * pol, uint32_t sym, 1396 hashtab_key_t key, hashtab_datum_t datum, 1397 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1398{ 1399 int rc, retval = 0; 1400 unsigned int i; 1401 scope_datum_t *scope_datum; 1402 1403 /* check if the symbol is already there. multiple 1404 * declarations of non-roles/non-users are illegal, but 1405 * multiple requires are allowed. */ 1406 1407 /* FIX ME - the failures after the hashtab_insert will leave 1408 * the policy in a inconsistent state. */ 1409 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1410 if (rc == SEPOL_OK) { 1411 /* if no value is passed in the symbol is not primary 1412 * (i.e. aliases) */ 1413 if (value) 1414 *value = ++pol->symtab[sym].nprim; 1415 } else if (rc == SEPOL_EEXIST) { 1416 retval = 1; /* symbol not added -- need to free() later */ 1417 } else { 1418 return rc; 1419 } 1420 1421 /* get existing scope information; if there is not one then 1422 * create it */ 1423 scope_datum = 1424 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1425 if (scope_datum == NULL) { 1426 hashtab_key_t key2 = strdup((char *)key); 1427 if (!key2) 1428 return -ENOMEM; 1429 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1430 free(key2); 1431 return -ENOMEM; 1432 } 1433 scope_datum->scope = scope; 1434 scope_datum->decl_ids = NULL; 1435 scope_datum->decl_ids_len = 0; 1436 if ((rc = 1437 hashtab_insert(pol->scope[sym].table, key2, 1438 scope_datum)) != 0) { 1439 free(key2); 1440 free(scope_datum); 1441 return rc; 1442 } 1443 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1444 /* disallow multiple declarations for non-roles/users */ 1445 if (sym != SYM_ROLES && sym != SYM_USERS) { 1446 return -2; 1447 } 1448 /* Further confine that a role attribute can't have the same 1449 * name as another regular role, and a role attribute can't 1450 * be declared more than once. */ 1451 if (sym == SYM_ROLES) { 1452 role_datum_t *base_role; 1453 role_datum_t *cur_role = (role_datum_t *)datum; 1454 1455 base_role = (role_datum_t *) 1456 hashtab_search(pol->symtab[sym].table, 1457 key); 1458 assert(base_role != NULL); 1459 1460 if (!((base_role->flavor == ROLE_ROLE) && 1461 (cur_role->flavor == ROLE_ROLE))) { 1462 /* Only regular roles are allowed to have 1463 * multiple declarations. */ 1464 return -2; 1465 } 1466 } 1467 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1468 scope_datum->scope = SCOPE_DECL; 1469 } else if (scope_datum->scope != scope) { 1470 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1471 return -2; 1472 } 1473 1474 /* search through the pre-existing list to avoid adding duplicates */ 1475 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1476 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1477 /* already there, so don't modify its scope */ 1478 return retval; 1479 } 1480 } 1481 1482 if (add_i_to_a(avrule_decl_id, 1483 &scope_datum->decl_ids_len, 1484 &scope_datum->decl_ids) == -1) { 1485 return -ENOMEM; 1486 } 1487 1488 return retval; 1489} 1490 1491int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1492{ 1493 type_set_init(dst); 1494 1495 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1496 return -1; 1497 } 1498 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1499 return -1; 1500 } 1501 1502 dst->flags |= a->flags; 1503 dst->flags |= b->flags; 1504 1505 return 0; 1506} 1507 1508int type_set_cpy(type_set_t * dst, type_set_t * src) 1509{ 1510 type_set_init(dst); 1511 1512 dst->flags = src->flags; 1513 if (ebitmap_cpy(&dst->types, &src->types)) 1514 return -1; 1515 if (ebitmap_cpy(&dst->negset, &src->negset)) 1516 return -1; 1517 1518 return 0; 1519} 1520 1521int type_set_or_eq(type_set_t * dst, type_set_t * other) 1522{ 1523 int ret; 1524 type_set_t tmp; 1525 1526 if (type_set_or(&tmp, dst, other)) 1527 return -1; 1528 type_set_destroy(dst); 1529 ret = type_set_cpy(dst, &tmp); 1530 type_set_destroy(&tmp); 1531 1532 return ret; 1533} 1534 1535int role_set_get_role(role_set_t * x, uint32_t role) 1536{ 1537 if (x->flags & ROLE_STAR) 1538 return 1; 1539 1540 if (ebitmap_get_bit(&x->roles, role - 1)) { 1541 if (x->flags & ROLE_COMP) 1542 return 0; 1543 else 1544 return 1; 1545 } else { 1546 if (x->flags & ROLE_COMP) 1547 return 1; 1548 else 1549 return 0; 1550 } 1551} 1552 1553/***********************************************************************/ 1554/* everything below is for policy reads */ 1555 1556/* The following are read functions for module structures */ 1557 1558static int role_set_read(role_set_t * r, struct policy_file *fp) 1559{ 1560 uint32_t buf[1]; 1561 int rc; 1562 1563 if (ebitmap_read(&r->roles, fp)) 1564 return -1; 1565 rc = next_entry(buf, fp, sizeof(uint32_t)); 1566 if (rc < 0) 1567 return -1; 1568 r->flags = le32_to_cpu(buf[0]); 1569 1570 return 0; 1571} 1572 1573static int type_set_read(type_set_t * t, struct policy_file *fp) 1574{ 1575 uint32_t buf[1]; 1576 int rc; 1577 1578 if (ebitmap_read(&t->types, fp)) 1579 return -1; 1580 if (ebitmap_read(&t->negset, fp)) 1581 return -1; 1582 1583 rc = next_entry(buf, fp, sizeof(uint32_t)); 1584 if (rc < 0) 1585 return -1; 1586 t->flags = le32_to_cpu(buf[0]); 1587 1588 return 0; 1589} 1590 1591/* 1592 * Read a MLS range structure from a policydb binary 1593 * representation file. 1594 */ 1595static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1596{ 1597 uint32_t buf[2], items; 1598 int rc; 1599 1600 rc = next_entry(buf, fp, sizeof(uint32_t)); 1601 if (rc < 0) 1602 goto out; 1603 1604 items = le32_to_cpu(buf[0]); 1605 if (items > ARRAY_SIZE(buf)) { 1606 ERR(fp->handle, "range overflow"); 1607 rc = -EINVAL; 1608 goto out; 1609 } 1610 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1611 if (rc < 0) { 1612 ERR(fp->handle, "truncated range"); 1613 goto out; 1614 } 1615 r->level[0].sens = le32_to_cpu(buf[0]); 1616 if (items > 1) 1617 r->level[1].sens = le32_to_cpu(buf[1]); 1618 else 1619 r->level[1].sens = r->level[0].sens; 1620 1621 rc = ebitmap_read(&r->level[0].cat, fp); 1622 if (rc) { 1623 ERR(fp->handle, "error reading low categories"); 1624 goto out; 1625 } 1626 if (items > 1) { 1627 rc = ebitmap_read(&r->level[1].cat, fp); 1628 if (rc) { 1629 ERR(fp->handle, "error reading high categories"); 1630 goto bad_high; 1631 } 1632 } else { 1633 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1634 if (rc) { 1635 ERR(fp->handle, "out of memory"); 1636 goto bad_high; 1637 } 1638 } 1639 1640 rc = 0; 1641 out: 1642 return rc; 1643 bad_high: 1644 ebitmap_destroy(&r->level[0].cat); 1645 goto out; 1646} 1647 1648/* 1649 * Read a semantic MLS level structure from a policydb binary 1650 * representation file. 1651 */ 1652static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1653 struct policy_file *fp) 1654{ 1655 uint32_t buf[2], ncat; 1656 unsigned int i; 1657 mls_semantic_cat_t *cat; 1658 int rc; 1659 1660 mls_semantic_level_init(l); 1661 1662 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1663 if (rc < 0) { 1664 ERR(fp->handle, "truncated level"); 1665 goto bad; 1666 } 1667 l->sens = le32_to_cpu(buf[0]); 1668 1669 ncat = le32_to_cpu(buf[1]); 1670 for (i = 0; i < ncat; i++) { 1671 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1672 if (!cat) { 1673 ERR(fp->handle, "out of memory"); 1674 goto bad; 1675 } 1676 1677 mls_semantic_cat_init(cat); 1678 cat->next = l->cat; 1679 l->cat = cat; 1680 1681 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1682 if (rc < 0) { 1683 ERR(fp->handle, "error reading level categories"); 1684 goto bad; 1685 } 1686 cat->low = le32_to_cpu(buf[0]); 1687 cat->high = le32_to_cpu(buf[1]); 1688 } 1689 1690 return 0; 1691 1692 bad: 1693 return -EINVAL; 1694} 1695 1696/* 1697 * Read a semantic MLS range structure from a policydb binary 1698 * representation file. 1699 */ 1700static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1701 struct policy_file *fp) 1702{ 1703 int rc; 1704 1705 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1706 if (rc) 1707 return rc; 1708 1709 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1710 1711 return rc; 1712} 1713 1714static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1715{ 1716 unsigned int i; 1717 ebitmap_node_t *cnode; 1718 mls_semantic_cat_t *open_cat = NULL; 1719 1720 mls_semantic_level_init(sl); 1721 sl->sens = l->sens; 1722 ebitmap_for_each_bit(&l->cat, cnode, i) { 1723 if (ebitmap_node_get_bit(cnode, i)) { 1724 if (open_cat) 1725 continue; 1726 open_cat = (mls_semantic_cat_t *) 1727 malloc(sizeof(mls_semantic_cat_t)); 1728 if (!open_cat) 1729 return -1; 1730 1731 mls_semantic_cat_init(open_cat); 1732 open_cat->low = i + 1; 1733 open_cat->next = sl->cat; 1734 sl->cat = open_cat; 1735 } else { 1736 if (!open_cat) 1737 continue; 1738 open_cat->high = i; 1739 open_cat = NULL; 1740 } 1741 } 1742 if (open_cat) 1743 open_cat->high = i; 1744 1745 return 0; 1746} 1747 1748static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1749{ 1750 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1751 return -1; 1752 1753 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1754 return -1; 1755 1756 return 0; 1757} 1758 1759/* 1760 * Read and validate a security context structure 1761 * from a policydb binary representation file. 1762 */ 1763static int context_read_and_validate(context_struct_t * c, 1764 policydb_t * p, struct policy_file *fp) 1765{ 1766 uint32_t buf[3]; 1767 int rc; 1768 1769 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1770 if (rc < 0) { 1771 ERR(fp->handle, "context truncated"); 1772 return -1; 1773 } 1774 c->user = le32_to_cpu(buf[0]); 1775 c->role = le32_to_cpu(buf[1]); 1776 c->type = le32_to_cpu(buf[2]); 1777 if ((p->policy_type == POLICY_KERN 1778 && p->policyvers >= POLICYDB_VERSION_MLS) 1779 || (p->policy_type == POLICY_BASE 1780 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1781 if (mls_read_range_helper(&c->range, fp)) { 1782 ERR(fp->handle, "error reading MLS range " 1783 "of context"); 1784 return -1; 1785 } 1786 } 1787 1788 if (!policydb_context_isvalid(p, c)) { 1789 ERR(fp->handle, "invalid security context"); 1790 context_destroy(c); 1791 return -1; 1792 } 1793 return 0; 1794} 1795 1796/* 1797 * The following *_read functions are used to 1798 * read the symbol data from a policy database 1799 * binary representation file. 1800 */ 1801 1802static int perm_read(policydb_t * p 1803 __attribute__ ((unused)), hashtab_t h, 1804 struct policy_file *fp) 1805{ 1806 char *key = 0; 1807 perm_datum_t *perdatum; 1808 uint32_t buf[2]; 1809 size_t len; 1810 int rc; 1811 1812 perdatum = calloc(1, sizeof(perm_datum_t)); 1813 if (!perdatum) 1814 return -1; 1815 1816 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1817 if (rc < 0) 1818 goto bad; 1819 1820 len = le32_to_cpu(buf[0]); 1821 perdatum->s.value = le32_to_cpu(buf[1]); 1822 1823 key = malloc(len + 1); 1824 if (!key) 1825 goto bad; 1826 rc = next_entry(key, fp, len); 1827 if (rc < 0) 1828 goto bad; 1829 key[len] = 0; 1830 1831 if (hashtab_insert(h, key, perdatum)) 1832 goto bad; 1833 1834 return 0; 1835 1836 bad: 1837 perm_destroy(key, perdatum, NULL); 1838 return -1; 1839} 1840 1841static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1842{ 1843 char *key = 0; 1844 common_datum_t *comdatum; 1845 uint32_t buf[4]; 1846 size_t len, nel; 1847 unsigned int i; 1848 int rc; 1849 1850 comdatum = calloc(1, sizeof(common_datum_t)); 1851 if (!comdatum) 1852 return -1; 1853 1854 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1855 if (rc < 0) 1856 goto bad; 1857 1858 len = le32_to_cpu(buf[0]); 1859 comdatum->s.value = le32_to_cpu(buf[1]); 1860 1861 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1862 goto bad; 1863 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1864 nel = le32_to_cpu(buf[3]); 1865 1866 key = malloc(len + 1); 1867 if (!key) 1868 goto bad; 1869 rc = next_entry(key, fp, len); 1870 if (rc < 0) 1871 goto bad; 1872 key[len] = 0; 1873 1874 for (i = 0; i < nel; i++) { 1875 if (perm_read(p, comdatum->permissions.table, fp)) 1876 goto bad; 1877 } 1878 1879 if (hashtab_insert(h, key, comdatum)) 1880 goto bad; 1881 1882 return 0; 1883 1884 bad: 1885 common_destroy(key, comdatum, NULL); 1886 return -1; 1887} 1888 1889static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1890 unsigned int ncons, 1891 int allowxtarget, struct policy_file *fp) 1892{ 1893 constraint_node_t *c, *lc; 1894 constraint_expr_t *e, *le; 1895 uint32_t buf[3]; 1896 size_t nexpr; 1897 unsigned int i, j; 1898 int rc, depth; 1899 1900 lc = NULL; 1901 for (i = 0; i < ncons; i++) { 1902 c = calloc(1, sizeof(constraint_node_t)); 1903 if (!c) 1904 return -1; 1905 1906 if (lc) 1907 lc->next = c; 1908 else 1909 *nodep = c; 1910 1911 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 1912 if (rc < 0) 1913 return -1; 1914 c->permissions = le32_to_cpu(buf[0]); 1915 nexpr = le32_to_cpu(buf[1]); 1916 le = NULL; 1917 depth = -1; 1918 for (j = 0; j < nexpr; j++) { 1919 e = malloc(sizeof(constraint_expr_t)); 1920 if (!e) 1921 return -1; 1922 if (constraint_expr_init(e) == -1) { 1923 free(e); 1924 return -1; 1925 } 1926 if (le) { 1927 le->next = e; 1928 } else { 1929 c->expr = e; 1930 } 1931 1932 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 1933 if (rc < 0) 1934 return -1; 1935 e->expr_type = le32_to_cpu(buf[0]); 1936 e->attr = le32_to_cpu(buf[1]); 1937 e->op = le32_to_cpu(buf[2]); 1938 1939 switch (e->expr_type) { 1940 case CEXPR_NOT: 1941 if (depth < 0) 1942 return -1; 1943 break; 1944 case CEXPR_AND: 1945 case CEXPR_OR: 1946 if (depth < 1) 1947 return -1; 1948 depth--; 1949 break; 1950 case CEXPR_ATTR: 1951 if (depth == (CEXPR_MAXDEPTH - 1)) 1952 return -1; 1953 depth++; 1954 break; 1955 case CEXPR_NAMES: 1956 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1957 return -1; 1958 if (depth == (CEXPR_MAXDEPTH - 1)) 1959 return -1; 1960 depth++; 1961 if (ebitmap_read(&e->names, fp)) 1962 return -1; 1963 if (p->policy_type != POLICY_KERN && 1964 type_set_read(e->type_names, fp)) 1965 return -1; 1966 break; 1967 default: 1968 return -1; 1969 } 1970 le = e; 1971 } 1972 if (depth != 0) 1973 return -1; 1974 lc = c; 1975 } 1976 1977 return 0; 1978} 1979 1980static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1981{ 1982 char *key = 0; 1983 class_datum_t *cladatum; 1984 uint32_t buf[6]; 1985 size_t len, len2, ncons, nel; 1986 unsigned int i; 1987 int rc; 1988 1989 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 1990 if (!cladatum) 1991 return -1; 1992 1993 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 1994 if (rc < 0) 1995 goto bad; 1996 1997 len = le32_to_cpu(buf[0]); 1998 len2 = le32_to_cpu(buf[1]); 1999 cladatum->s.value = le32_to_cpu(buf[2]); 2000 2001 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 2002 goto bad; 2003 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 2004 nel = le32_to_cpu(buf[4]); 2005 2006 ncons = le32_to_cpu(buf[5]); 2007 2008 key = malloc(len + 1); 2009 if (!key) 2010 goto bad; 2011 rc = next_entry(key, fp, len); 2012 if (rc < 0) 2013 goto bad; 2014 key[len] = 0; 2015 2016 if (len2) { 2017 cladatum->comkey = malloc(len2 + 1); 2018 if (!cladatum->comkey) 2019 goto bad; 2020 rc = next_entry(cladatum->comkey, fp, len2); 2021 if (rc < 0) 2022 goto bad; 2023 cladatum->comkey[len2] = 0; 2024 2025 cladatum->comdatum = hashtab_search(p->p_commons.table, 2026 cladatum->comkey); 2027 if (!cladatum->comdatum) { 2028 ERR(fp->handle, "unknown common %s", cladatum->comkey); 2029 goto bad; 2030 } 2031 } 2032 for (i = 0; i < nel; i++) { 2033 if (perm_read(p, cladatum->permissions.table, fp)) 2034 goto bad; 2035 } 2036 2037 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2038 goto bad; 2039 2040 if ((p->policy_type == POLICY_KERN 2041 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2042 || (p->policy_type == POLICY_BASE 2043 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2044 /* grab the validatetrans rules */ 2045 rc = next_entry(buf, fp, sizeof(uint32_t)); 2046 if (rc < 0) 2047 goto bad; 2048 ncons = le32_to_cpu(buf[0]); 2049 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2050 goto bad; 2051 } 2052 2053 if (hashtab_insert(h, key, cladatum)) 2054 goto bad; 2055 2056 return 0; 2057 2058 bad: 2059 class_destroy(key, cladatum, NULL); 2060 return -1; 2061} 2062 2063static int role_read(policydb_t * p 2064 __attribute__ ((unused)), hashtab_t h, 2065 struct policy_file *fp) 2066{ 2067 char *key = 0; 2068 role_datum_t *role; 2069 uint32_t buf[3]; 2070 size_t len; 2071 int rc, to_read = 2; 2072 2073 role = calloc(1, sizeof(role_datum_t)); 2074 if (!role) 2075 return -1; 2076 2077 if (policydb_has_boundary_feature(p)) 2078 to_read = 3; 2079 2080 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2081 if (rc < 0) 2082 goto bad; 2083 2084 len = le32_to_cpu(buf[0]); 2085 role->s.value = le32_to_cpu(buf[1]); 2086 if (policydb_has_boundary_feature(p)) 2087 role->bounds = le32_to_cpu(buf[2]); 2088 2089 key = malloc(len + 1); 2090 if (!key) 2091 goto bad; 2092 rc = next_entry(key, fp, len); 2093 if (rc < 0) 2094 goto bad; 2095 key[len] = 0; 2096 2097 if (ebitmap_read(&role->dominates, fp)) 2098 goto bad; 2099 2100 if (p->policy_type == POLICY_KERN) { 2101 if (ebitmap_read(&role->types.types, fp)) 2102 goto bad; 2103 } else { 2104 if (type_set_read(&role->types, fp)) 2105 goto bad; 2106 } 2107 2108 if (p->policy_type != POLICY_KERN && 2109 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 2110 rc = next_entry(buf, fp, sizeof(uint32_t)); 2111 if (rc < 0) 2112 goto bad; 2113 2114 role->flavor = le32_to_cpu(buf[0]); 2115 2116 if (ebitmap_read(&role->roles, fp)) 2117 goto bad; 2118 } 2119 2120 if (strcmp(key, OBJECT_R) == 0) { 2121 if (role->s.value != OBJECT_R_VAL) { 2122 ERR(fp->handle, "role %s has wrong value %d", 2123 OBJECT_R, role->s.value); 2124 role_destroy(key, role, NULL); 2125 return -1; 2126 } 2127 role_destroy(key, role, NULL); 2128 return 0; 2129 } 2130 2131 if (hashtab_insert(h, key, role)) 2132 goto bad; 2133 2134 return 0; 2135 2136 bad: 2137 role_destroy(key, role, NULL); 2138 return -1; 2139} 2140 2141static int type_read(policydb_t * p 2142 __attribute__ ((unused)), hashtab_t h, 2143 struct policy_file *fp) 2144{ 2145 char *key = 0; 2146 type_datum_t *typdatum; 2147 uint32_t buf[5]; 2148 size_t len; 2149 int rc, to_read; 2150 int pos = 0; 2151 2152 typdatum = calloc(1, sizeof(type_datum_t)); 2153 if (!typdatum) 2154 return -1; 2155 2156 if (policydb_has_boundary_feature(p)) { 2157 if (p->policy_type != POLICY_KERN 2158 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2159 to_read = 5; 2160 else 2161 to_read = 4; 2162 } 2163 else if (p->policy_type == POLICY_KERN) 2164 to_read = 3; 2165 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2166 to_read = 5; 2167 else 2168 to_read = 4; 2169 2170 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2171 if (rc < 0) 2172 goto bad; 2173 2174 len = le32_to_cpu(buf[pos]); 2175 typdatum->s.value = le32_to_cpu(buf[++pos]); 2176 if (policydb_has_boundary_feature(p)) { 2177 uint32_t properties; 2178 2179 if (p->policy_type != POLICY_KERN 2180 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2181 typdatum->primary = le32_to_cpu(buf[++pos]); 2182 properties = le32_to_cpu(buf[++pos]); 2183 } 2184 else { 2185 properties = le32_to_cpu(buf[++pos]); 2186 2187 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2188 typdatum->primary = 1; 2189 } 2190 2191 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2192 typdatum->flavor = TYPE_ATTRIB; 2193 if (properties & TYPEDATUM_PROPERTY_ALIAS 2194 && p->policy_type != POLICY_KERN) 2195 typdatum->flavor = TYPE_ALIAS; 2196 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2197 && p->policy_type != POLICY_KERN) 2198 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2199 2200 typdatum->bounds = le32_to_cpu(buf[++pos]); 2201 } else { 2202 typdatum->primary = le32_to_cpu(buf[++pos]); 2203 if (p->policy_type != POLICY_KERN) { 2204 typdatum->flavor = le32_to_cpu(buf[++pos]); 2205 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2206 typdatum->flags = le32_to_cpu(buf[++pos]); 2207 } 2208 } 2209 2210 if (p->policy_type != POLICY_KERN) { 2211 if (ebitmap_read(&typdatum->types, fp)) 2212 goto bad; 2213 } 2214 2215 key = malloc(len + 1); 2216 if (!key) 2217 goto bad; 2218 rc = next_entry(key, fp, len); 2219 if (rc < 0) 2220 goto bad; 2221 key[len] = 0; 2222 2223 if (hashtab_insert(h, key, typdatum)) 2224 goto bad; 2225 2226 return 0; 2227 2228 bad: 2229 type_destroy(key, typdatum, NULL); 2230 return -1; 2231} 2232 2233int role_trans_read(policydb_t *p, struct policy_file *fp) 2234{ 2235 role_trans_t **t = &p->role_tr; 2236 unsigned int i; 2237 uint32_t buf[3], nel; 2238 role_trans_t *tr, *ltr; 2239 int rc; 2240 int new_roletr = (p->policy_type == POLICY_KERN && 2241 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2242 2243 rc = next_entry(buf, fp, sizeof(uint32_t)); 2244 if (rc < 0) 2245 return -1; 2246 nel = le32_to_cpu(buf[0]); 2247 ltr = NULL; 2248 for (i = 0; i < nel; i++) { 2249 tr = calloc(1, sizeof(struct role_trans)); 2250 if (!tr) { 2251 return -1; 2252 } 2253 if (ltr) { 2254 ltr->next = tr; 2255 } else { 2256 *t = tr; 2257 } 2258 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2259 if (rc < 0) 2260 return -1; 2261 tr->role = le32_to_cpu(buf[0]); 2262 tr->type = le32_to_cpu(buf[1]); 2263 tr->new_role = le32_to_cpu(buf[2]); 2264 if (new_roletr) { 2265 rc = next_entry(buf, fp, sizeof(uint32_t)); 2266 if (rc < 0) 2267 return -1; 2268 tr->tclass = le32_to_cpu(buf[0]); 2269 } else 2270 tr->tclass = SECCLASS_PROCESS; 2271 ltr = tr; 2272 } 2273 return 0; 2274} 2275 2276int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2277{ 2278 unsigned int i; 2279 uint32_t buf[2], nel; 2280 role_allow_t *ra, *lra; 2281 int rc; 2282 2283 rc = next_entry(buf, fp, sizeof(uint32_t)); 2284 if (rc < 0) 2285 return -1; 2286 nel = le32_to_cpu(buf[0]); 2287 lra = NULL; 2288 for (i = 0; i < nel; i++) { 2289 ra = calloc(1, sizeof(struct role_allow)); 2290 if (!ra) { 2291 return -1; 2292 } 2293 if (lra) { 2294 lra->next = ra; 2295 } else { 2296 *r = ra; 2297 } 2298 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2299 if (rc < 0) 2300 return -1; 2301 ra->role = le32_to_cpu(buf[0]); 2302 ra->new_role = le32_to_cpu(buf[1]); 2303 lra = ra; 2304 } 2305 return 0; 2306} 2307 2308int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2309{ 2310 unsigned int i; 2311 uint32_t buf[4], nel, len; 2312 filename_trans_t *ft, *lft; 2313 int rc; 2314 char *name; 2315 2316 rc = next_entry(buf, fp, sizeof(uint32_t)); 2317 if (rc < 0) 2318 return -1; 2319 nel = le32_to_cpu(buf[0]); 2320 2321 lft = NULL; 2322 for (i = 0; i < nel; i++) { 2323 ft = calloc(1, sizeof(struct filename_trans)); 2324 if (!ft) 2325 return -1; 2326 if (lft) 2327 lft->next = ft; 2328 else 2329 *t = ft; 2330 rc = next_entry(buf, fp, sizeof(uint32_t)); 2331 if (rc < 0) 2332 return -1; 2333 len = le32_to_cpu(buf[0]); 2334 2335 name = calloc(len, sizeof(*name)); 2336 if (!name) 2337 return -1; 2338 2339 ft->name = name; 2340 2341 rc = next_entry(name, fp, len); 2342 if (rc < 0) 2343 return -1; 2344 2345 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2346 if (rc < 0) 2347 return -1; 2348 2349 ft->stype = le32_to_cpu(buf[0]); 2350 ft->ttype = le32_to_cpu(buf[1]); 2351 ft->tclass = le32_to_cpu(buf[2]); 2352 ft->otype = le32_to_cpu(buf[3]); 2353 } 2354 return 0; 2355} 2356 2357static int ocontext_read_xen(struct policydb_compat_info *info, 2358 policydb_t *p, struct policy_file *fp) 2359{ 2360 unsigned int i, j; 2361 size_t nel; 2362 ocontext_t *l, *c; 2363 uint32_t buf[8]; 2364 int rc; 2365 2366 for (i = 0; i < info->ocon_num; i++) { 2367 rc = next_entry(buf, fp, sizeof(uint32_t)); 2368 if (rc < 0) 2369 return -1; 2370 nel = le32_to_cpu(buf[0]); 2371 l = NULL; 2372 for (j = 0; j < nel; j++) { 2373 c = calloc(1, sizeof(ocontext_t)); 2374 if (!c) 2375 return -1; 2376 if (l) 2377 l->next = c; 2378 else 2379 p->ocontexts[i] = c; 2380 l = c; 2381 switch (i) { 2382 case OCON_XEN_ISID: 2383 rc = next_entry(buf, fp, sizeof(uint32_t)); 2384 if (rc < 0) 2385 return -1; 2386 c->sid[0] = le32_to_cpu(buf[0]); 2387 if (context_read_and_validate 2388 (&c->context[0], p, fp)) 2389 return -1; 2390 break; 2391 case OCON_XEN_PIRQ: 2392 rc = next_entry(buf, fp, sizeof(uint32_t)); 2393 if (rc < 0) 2394 return -1; 2395 c->u.pirq = le32_to_cpu(buf[0]); 2396 if (context_read_and_validate 2397 (&c->context[0], p, fp)) 2398 return -1; 2399 break; 2400 case OCON_XEN_IOPORT: 2401 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2402 if (rc < 0) 2403 return -1; 2404 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2405 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2406 if (context_read_and_validate 2407 (&c->context[0], p, fp)) 2408 return -1; 2409 break; 2410 case OCON_XEN_IOMEM: 2411 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2412 if (rc < 0) 2413 return -1; 2414 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2415 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2416 if (context_read_and_validate 2417 (&c->context[0], p, fp)) 2418 return -1; 2419 break; 2420 case OCON_XEN_PCIDEVICE: 2421 rc = next_entry(buf, fp, sizeof(uint32_t)); 2422 if (rc < 0) 2423 return -1; 2424 c->u.device = le32_to_cpu(buf[0]); 2425 if (context_read_and_validate 2426 (&c->context[0], p, fp)) 2427 return -1; 2428 break; 2429 default: 2430 /* should never get here */ 2431 ERR(fp->handle, "Unknown Xen ocontext"); 2432 return -1; 2433 } 2434 } 2435 } 2436 return 0; 2437} 2438static int ocontext_read_selinux(struct policydb_compat_info *info, 2439 policydb_t * p, struct policy_file *fp) 2440{ 2441 unsigned int i, j; 2442 size_t nel, len; 2443 ocontext_t *l, *c; 2444 uint32_t buf[8]; 2445 int rc; 2446 2447 for (i = 0; i < info->ocon_num; i++) { 2448 rc = next_entry(buf, fp, sizeof(uint32_t)); 2449 if (rc < 0) 2450 return -1; 2451 nel = le32_to_cpu(buf[0]); 2452 l = NULL; 2453 for (j = 0; j < nel; j++) { 2454 c = calloc(1, sizeof(ocontext_t)); 2455 if (!c) { 2456 return -1; 2457 } 2458 if (l) { 2459 l->next = c; 2460 } else { 2461 p->ocontexts[i] = c; 2462 } 2463 l = c; 2464 switch (i) { 2465 case OCON_ISID: 2466 rc = next_entry(buf, fp, sizeof(uint32_t)); 2467 if (rc < 0) 2468 return -1; 2469 c->sid[0] = le32_to_cpu(buf[0]); 2470 if (context_read_and_validate 2471 (&c->context[0], p, fp)) 2472 return -1; 2473 break; 2474 case OCON_FS: 2475 case OCON_NETIF: 2476 rc = next_entry(buf, fp, sizeof(uint32_t)); 2477 if (rc < 0) 2478 return -1; 2479 len = le32_to_cpu(buf[0]); 2480 c->u.name = malloc(len + 1); 2481 if (!c->u.name) 2482 return -1; 2483 rc = next_entry(c->u.name, fp, len); 2484 if (rc < 0) 2485 return -1; 2486 c->u.name[len] = 0; 2487 if (context_read_and_validate 2488 (&c->context[0], p, fp)) 2489 return -1; 2490 if (context_read_and_validate 2491 (&c->context[1], p, fp)) 2492 return -1; 2493 break; 2494 case OCON_PORT: 2495 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2496 if (rc < 0) 2497 return -1; 2498 c->u.port.protocol = le32_to_cpu(buf[0]); 2499 c->u.port.low_port = le32_to_cpu(buf[1]); 2500 c->u.port.high_port = le32_to_cpu(buf[2]); 2501 if (context_read_and_validate 2502 (&c->context[0], p, fp)) 2503 return -1; 2504 break; 2505 case OCON_NODE: 2506 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2507 if (rc < 0) 2508 return -1; 2509 c->u.node.addr = buf[0]; /* network order */ 2510 c->u.node.mask = buf[1]; /* network order */ 2511 if (context_read_and_validate 2512 (&c->context[0], p, fp)) 2513 return -1; 2514 break; 2515 case OCON_FSUSE: 2516 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2517 if (rc < 0) 2518 return -1; 2519 c->v.behavior = le32_to_cpu(buf[0]); 2520 len = le32_to_cpu(buf[1]); 2521 c->u.name = malloc(len + 1); 2522 if (!c->u.name) 2523 return -1; 2524 rc = next_entry(c->u.name, fp, len); 2525 if (rc < 0) 2526 return -1; 2527 c->u.name[len] = 0; 2528 if (context_read_and_validate 2529 (&c->context[0], p, fp)) 2530 return -1; 2531 break; 2532 case OCON_NODE6:{ 2533 int k; 2534 2535 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2536 if (rc < 0) 2537 return -1; 2538 for (k = 0; k < 4; k++) 2539 /* network order */ 2540 c->u.node6.addr[k] = buf[k]; 2541 for (k = 0; k < 4; k++) 2542 /* network order */ 2543 c->u.node6.mask[k] = buf[k + 4]; 2544 if (context_read_and_validate 2545 (&c->context[0], p, fp)) 2546 return -1; 2547 break; 2548 } 2549 default:{ 2550 ERR(fp->handle, "Unknown SELinux ocontext"); 2551 return -1; 2552 } 2553 } 2554 } 2555 } 2556 return 0; 2557} 2558 2559static int ocontext_read(struct policydb_compat_info *info, 2560 policydb_t *p, struct policy_file *fp) 2561{ 2562 int rc = -1; 2563 switch (p->target_platform) { 2564 case SEPOL_TARGET_SELINUX: 2565 rc = ocontext_read_selinux(info, p, fp); 2566 break; 2567 case SEPOL_TARGET_XEN: 2568 rc = ocontext_read_xen(info, p, fp); 2569 break; 2570 default: 2571 ERR(fp->handle, "Unknown target"); 2572 } 2573 return rc; 2574} 2575 2576static int genfs_read(policydb_t * p, struct policy_file *fp) 2577{ 2578 uint32_t buf[1]; 2579 size_t nel, nel2, len, len2; 2580 genfs_t *genfs_p, *newgenfs, *genfs; 2581 unsigned int i, j; 2582 ocontext_t *l, *c, *newc = NULL; 2583 int rc; 2584 2585 rc = next_entry(buf, fp, sizeof(uint32_t)); 2586 if (rc < 0) 2587 goto bad; 2588 nel = le32_to_cpu(buf[0]); 2589 genfs_p = NULL; 2590 for (i = 0; i < nel; i++) { 2591 rc = next_entry(buf, fp, sizeof(uint32_t)); 2592 if (rc < 0) 2593 goto bad; 2594 len = le32_to_cpu(buf[0]); 2595 newgenfs = calloc(1, sizeof(genfs_t)); 2596 if (!newgenfs) 2597 goto bad; 2598 newgenfs->fstype = malloc(len + 1); 2599 if (!newgenfs->fstype) { 2600 free(newgenfs); 2601 goto bad; 2602 } 2603 rc = next_entry(newgenfs->fstype, fp, len); 2604 if (rc < 0) { 2605 free(newgenfs->fstype); 2606 free(newgenfs); 2607 goto bad; 2608 } 2609 newgenfs->fstype[len] = 0; 2610 for (genfs_p = NULL, genfs = p->genfs; genfs; 2611 genfs_p = genfs, genfs = genfs->next) { 2612 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2613 ERR(fp->handle, "dup genfs fstype %s", 2614 newgenfs->fstype); 2615 free(newgenfs->fstype); 2616 free(newgenfs); 2617 goto bad; 2618 } 2619 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2620 break; 2621 } 2622 newgenfs->next = genfs; 2623 if (genfs_p) 2624 genfs_p->next = newgenfs; 2625 else 2626 p->genfs = newgenfs; 2627 rc = next_entry(buf, fp, sizeof(uint32_t)); 2628 if (rc < 0) 2629 goto bad; 2630 nel2 = le32_to_cpu(buf[0]); 2631 for (j = 0; j < nel2; j++) { 2632 newc = calloc(1, sizeof(ocontext_t)); 2633 if (!newc) { 2634 goto bad; 2635 } 2636 rc = next_entry(buf, fp, sizeof(uint32_t)); 2637 if (rc < 0) 2638 goto bad; 2639 len = le32_to_cpu(buf[0]); 2640 newc->u.name = malloc(len + 1); 2641 if (!newc->u.name) { 2642 goto bad; 2643 } 2644 rc = next_entry(newc->u.name, fp, len); 2645 if (rc < 0) 2646 goto bad; 2647 newc->u.name[len] = 0; 2648 rc = next_entry(buf, fp, sizeof(uint32_t)); 2649 if (rc < 0) 2650 goto bad; 2651 newc->v.sclass = le32_to_cpu(buf[0]); 2652 if (context_read_and_validate(&newc->context[0], p, fp)) 2653 goto bad; 2654 for (l = NULL, c = newgenfs->head; c; 2655 l = c, c = c->next) { 2656 if (!strcmp(newc->u.name, c->u.name) && 2657 (!c->v.sclass || !newc->v.sclass || 2658 newc->v.sclass == c->v.sclass)) { 2659 ERR(fp->handle, "dup genfs entry " 2660 "(%s,%s)", newgenfs->fstype, 2661 c->u.name); 2662 goto bad; 2663 } 2664 len = strlen(newc->u.name); 2665 len2 = strlen(c->u.name); 2666 if (len > len2) 2667 break; 2668 } 2669 newc->next = c; 2670 if (l) 2671 l->next = newc; 2672 else 2673 newgenfs->head = newc; 2674 } 2675 } 2676 2677 return 0; 2678 2679 bad: 2680 if (newc) { 2681 context_destroy(&newc->context[0]); 2682 context_destroy(&newc->context[1]); 2683 free(newc->u.name); 2684 free(newc); 2685 } 2686 return -1; 2687} 2688 2689/* 2690 * Read a MLS level structure from a policydb binary 2691 * representation file. 2692 */ 2693static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2694{ 2695 uint32_t buf[1]; 2696 int rc; 2697 2698 mls_level_init(lp); 2699 2700 rc = next_entry(buf, fp, sizeof(uint32_t)); 2701 if (rc < 0) { 2702 ERR(fp->handle, "truncated level"); 2703 goto bad; 2704 } 2705 lp->sens = le32_to_cpu(buf[0]); 2706 2707 if (ebitmap_read(&lp->cat, fp)) { 2708 ERR(fp->handle, "error reading level categories"); 2709 goto bad; 2710 } 2711 return 0; 2712 2713 bad: 2714 return -EINVAL; 2715} 2716 2717static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2718{ 2719 char *key = 0; 2720 user_datum_t *usrdatum; 2721 uint32_t buf[3]; 2722 size_t len; 2723 int rc, to_read = 2; 2724 2725 usrdatum = calloc(1, sizeof(user_datum_t)); 2726 if (!usrdatum) 2727 return -1; 2728 2729 if (policydb_has_boundary_feature(p)) 2730 to_read = 3; 2731 2732 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2733 if (rc < 0) 2734 goto bad; 2735 2736 len = le32_to_cpu(buf[0]); 2737 usrdatum->s.value = le32_to_cpu(buf[1]); 2738 if (policydb_has_boundary_feature(p)) 2739 usrdatum->bounds = le32_to_cpu(buf[2]); 2740 2741 key = malloc(len + 1); 2742 if (!key) 2743 goto bad; 2744 rc = next_entry(key, fp, len); 2745 if (rc < 0) 2746 goto bad; 2747 key[len] = 0; 2748 2749 if (p->policy_type == POLICY_KERN) { 2750 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2751 goto bad; 2752 } else { 2753 if (role_set_read(&usrdatum->roles, fp)) 2754 goto bad; 2755 } 2756 2757 /* users were not allowed in mls modules before version 2758 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2759 * required - the mls fields will be empty. user declarations in 2760 * non-mls modules will also have empty mls fields */ 2761 if ((p->policy_type == POLICY_KERN 2762 && p->policyvers >= POLICYDB_VERSION_MLS) 2763 || (p->policy_type == POLICY_MOD 2764 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2765 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2766 || (p->policy_type == POLICY_BASE 2767 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2768 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2769 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2770 goto bad; 2771 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2772 goto bad; 2773 if (p->policy_type != POLICY_KERN) { 2774 if (mls_range_to_semantic(&usrdatum->exp_range, 2775 &usrdatum->range)) 2776 goto bad; 2777 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2778 &usrdatum->dfltlevel)) 2779 goto bad; 2780 } 2781 } else if ((p->policy_type == POLICY_MOD 2782 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2783 || (p->policy_type == POLICY_BASE 2784 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2785 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2786 goto bad; 2787 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2788 goto bad; 2789 } 2790 2791 if (hashtab_insert(h, key, usrdatum)) 2792 goto bad; 2793 2794 return 0; 2795 2796 bad: 2797 user_destroy(key, usrdatum, NULL); 2798 return -1; 2799} 2800 2801static int sens_read(policydb_t * p 2802 __attribute__ ((unused)), hashtab_t h, 2803 struct policy_file *fp) 2804{ 2805 char *key = 0; 2806 level_datum_t *levdatum; 2807 uint32_t buf[2], len; 2808 int rc; 2809 2810 levdatum = malloc(sizeof(level_datum_t)); 2811 if (!levdatum) 2812 return -1; 2813 level_datum_init(levdatum); 2814 2815 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2816 if (rc < 0) 2817 goto bad; 2818 2819 len = le32_to_cpu(buf[0]); 2820 levdatum->isalias = le32_to_cpu(buf[1]); 2821 2822 key = malloc(len + 1); 2823 if (!key) 2824 goto bad; 2825 rc = next_entry(key, fp, len); 2826 if (rc < 0) 2827 goto bad; 2828 key[len] = 0; 2829 2830 levdatum->level = malloc(sizeof(mls_level_t)); 2831 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2832 goto bad; 2833 2834 if (hashtab_insert(h, key, levdatum)) 2835 goto bad; 2836 2837 return 0; 2838 2839 bad: 2840 sens_destroy(key, levdatum, NULL); 2841 return -1; 2842} 2843 2844static int cat_read(policydb_t * p 2845 __attribute__ ((unused)), hashtab_t h, 2846 struct policy_file *fp) 2847{ 2848 char *key = 0; 2849 cat_datum_t *catdatum; 2850 uint32_t buf[3], len; 2851 int rc; 2852 2853 catdatum = malloc(sizeof(cat_datum_t)); 2854 if (!catdatum) 2855 return -1; 2856 cat_datum_init(catdatum); 2857 2858 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2859 if (rc < 0) 2860 goto bad; 2861 2862 len = le32_to_cpu(buf[0]); 2863 catdatum->s.value = le32_to_cpu(buf[1]); 2864 catdatum->isalias = le32_to_cpu(buf[2]); 2865 2866 key = malloc(len + 1); 2867 if (!key) 2868 goto bad; 2869 rc = next_entry(key, fp, len); 2870 if (rc < 0) 2871 goto bad; 2872 key[len] = 0; 2873 2874 if (hashtab_insert(h, key, catdatum)) 2875 goto bad; 2876 2877 return 0; 2878 2879 bad: 2880 cat_destroy(key, catdatum, NULL); 2881 return -1; 2882} 2883 2884static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 2885 struct policy_file * fp) = { 2886common_read, class_read, role_read, type_read, user_read, 2887 cond_read_bool, sens_read, cat_read,}; 2888 2889/************** module reading functions below **************/ 2890 2891static avrule_t *avrule_read(policydb_t * p 2892 __attribute__ ((unused)), struct policy_file *fp) 2893{ 2894 unsigned int i; 2895 uint32_t buf[2], len; 2896 class_perm_node_t *cur, *tail = NULL; 2897 avrule_t *avrule; 2898 int rc; 2899 2900 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 2901 if (!avrule) 2902 return NULL; 2903 2904 avrule_init(avrule); 2905 2906 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2907 if (rc < 0) 2908 goto bad; 2909 2910 (avrule)->specified = le32_to_cpu(buf[0]); 2911 (avrule)->flags = le32_to_cpu(buf[1]); 2912 2913 if (type_set_read(&avrule->stypes, fp)) 2914 goto bad; 2915 2916 if (type_set_read(&avrule->ttypes, fp)) 2917 goto bad; 2918 2919 rc = next_entry(buf, fp, sizeof(uint32_t)); 2920 if (rc < 0) 2921 goto bad; 2922 len = le32_to_cpu(buf[0]); 2923 2924 for (i = 0; i < len; i++) { 2925 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 2926 if (!cur) 2927 goto bad; 2928 class_perm_node_init(cur); 2929 2930 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2931 if (rc < 0) { 2932 free(cur); 2933 goto bad; 2934 } 2935 2936 cur->class = le32_to_cpu(buf[0]); 2937 cur->data = le32_to_cpu(buf[1]); 2938 2939 if (!tail) { 2940 avrule->perms = cur; 2941 } else { 2942 tail->next = cur; 2943 } 2944 tail = cur; 2945 } 2946 2947 return avrule; 2948 bad: 2949 if (avrule) { 2950 avrule_destroy(avrule); 2951 free(avrule); 2952 } 2953 return NULL; 2954} 2955 2956static int range_read(policydb_t * p, struct policy_file *fp) 2957{ 2958 uint32_t buf[2], nel; 2959 range_trans_t *rt, *lrt; 2960 range_trans_rule_t *rtr, *lrtr = NULL; 2961 unsigned int i; 2962 int new_rangetr = (p->policy_type == POLICY_KERN && 2963 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 2964 int rc; 2965 2966 rc = next_entry(buf, fp, sizeof(uint32_t)); 2967 if (rc < 0) 2968 return -1; 2969 nel = le32_to_cpu(buf[0]); 2970 lrt = NULL; 2971 for (i = 0; i < nel; i++) { 2972 rt = calloc(1, sizeof(range_trans_t)); 2973 if (!rt) 2974 return -1; 2975 if (lrt) 2976 lrt->next = rt; 2977 else 2978 p->range_tr = rt; 2979 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2980 if (rc < 0) 2981 return -1; 2982 rt->source_type = le32_to_cpu(buf[0]); 2983 rt->target_type = le32_to_cpu(buf[1]); 2984 if (new_rangetr) { 2985 rc = next_entry(buf, fp, (sizeof(uint32_t))); 2986 if (rc < 0) 2987 return -1; 2988 rt->target_class = le32_to_cpu(buf[0]); 2989 } else 2990 rt->target_class = SECCLASS_PROCESS; 2991 if (mls_read_range_helper(&rt->target_range, fp)) 2992 return -1; 2993 lrt = rt; 2994 } 2995 2996 /* if this is a kernel policy, we are done - otherwise we need to 2997 * convert these structs to range_trans_rule_ts */ 2998 if (p->policy_type == POLICY_KERN) 2999 return 0; 3000 3001 /* create range_trans_rules_ts that correspond to the range_trans_ts 3002 * that were just read in from an older policy */ 3003 for (rt = p->range_tr; rt; rt = rt->next) { 3004 rtr = malloc(sizeof(range_trans_rule_t)); 3005 if (!rtr) { 3006 return -1; 3007 } 3008 range_trans_rule_init(rtr); 3009 3010 if (lrtr) 3011 lrtr->next = rtr; 3012 else 3013 p->global->enabled->range_tr_rules = rtr; 3014 3015 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 3016 return -1; 3017 3018 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 3019 return -1; 3020 3021 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 3022 return -1; 3023 3024 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 3025 return -1; 3026 3027 lrtr = rtr; 3028 } 3029 3030 /* now destroy the range_trans_ts */ 3031 lrt = NULL; 3032 for (rt = p->range_tr; rt; rt = rt->next) { 3033 if (lrt) { 3034 ebitmap_destroy(&lrt->target_range.level[0].cat); 3035 ebitmap_destroy(&lrt->target_range.level[1].cat); 3036 free(lrt); 3037 } 3038 lrt = rt; 3039 } 3040 if (lrt) { 3041 ebitmap_destroy(&lrt->target_range.level[0].cat); 3042 ebitmap_destroy(&lrt->target_range.level[1].cat); 3043 free(lrt); 3044 } 3045 p->range_tr = NULL; 3046 3047 return 0; 3048} 3049 3050int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3051 struct policy_file *fp) 3052{ 3053 unsigned int i; 3054 avrule_t *cur, *tail; 3055 uint32_t buf[1], len; 3056 int rc; 3057 3058 *avrules = tail = NULL; 3059 3060 rc = next_entry(buf, fp, sizeof(uint32_t)); 3061 if (rc < 0) { 3062 return -1; 3063 } 3064 len = le32_to_cpu(buf[0]); 3065 3066 for (i = 0; i < len; i++) { 3067 cur = avrule_read(p, fp); 3068 if (!cur) { 3069 return -1; 3070 } 3071 3072 if (!tail) { 3073 *avrules = cur; 3074 } else { 3075 tail->next = cur; 3076 } 3077 tail = cur; 3078 } 3079 3080 return 0; 3081} 3082 3083static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3084 struct policy_file *fp) 3085{ 3086 uint32_t buf[1], nel; 3087 unsigned int i; 3088 role_trans_rule_t *tr, *ltr; 3089 int rc; 3090 3091 rc = next_entry(buf, fp, sizeof(uint32_t)); 3092 if (rc < 0) 3093 return -1; 3094 nel = le32_to_cpu(buf[0]); 3095 ltr = NULL; 3096 for (i = 0; i < nel; i++) { 3097 tr = malloc(sizeof(role_trans_rule_t)); 3098 if (!tr) { 3099 return -1; 3100 } 3101 role_trans_rule_init(tr); 3102 3103 if (ltr) { 3104 ltr->next = tr; 3105 } else { 3106 *r = tr; 3107 } 3108 3109 if (role_set_read(&tr->roles, fp)) 3110 return -1; 3111 3112 if (type_set_read(&tr->types, fp)) 3113 return -1; 3114 3115 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3116 if (ebitmap_read(&tr->classes, fp)) 3117 return -1; 3118 } else { 3119 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3120 return -1; 3121 } 3122 3123 rc = next_entry(buf, fp, sizeof(uint32_t)); 3124 if (rc < 0) 3125 return -1; 3126 tr->new_role = le32_to_cpu(buf[0]); 3127 ltr = tr; 3128 } 3129 3130 return 0; 3131} 3132 3133static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3134{ 3135 unsigned int i; 3136 uint32_t buf[1], nel; 3137 role_allow_rule_t *ra, *lra; 3138 int rc; 3139 3140 rc = next_entry(buf, fp, sizeof(uint32_t)); 3141 if (rc < 0) 3142 return -1; 3143 nel = le32_to_cpu(buf[0]); 3144 lra = NULL; 3145 for (i = 0; i < nel; i++) { 3146 ra = malloc(sizeof(role_allow_rule_t)); 3147 if (!ra) { 3148 return -1; 3149 } 3150 role_allow_rule_init(ra); 3151 3152 if (lra) { 3153 lra->next = ra; 3154 } else { 3155 *r = ra; 3156 } 3157 3158 if (role_set_read(&ra->roles, fp)) 3159 return -1; 3160 3161 if (role_set_read(&ra->new_roles, fp)) 3162 return -1; 3163 3164 lra = ra; 3165 } 3166 return 0; 3167} 3168 3169static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3170{ 3171 uint32_t buf[2], nel; 3172 unsigned int i, len; 3173 filename_trans_rule_t *ftr, *lftr; 3174 int rc; 3175 3176 rc = next_entry(buf, fp, sizeof(uint32_t)); 3177 if (rc < 0) 3178 return -1; 3179 nel = le32_to_cpu(buf[0]); 3180 lftr = NULL; 3181 for (i = 0; i < nel; i++) { 3182 ftr = malloc(sizeof(*ftr)); 3183 if (!ftr) 3184 return -1; 3185 3186 filename_trans_rule_init(ftr); 3187 3188 if (lftr) 3189 lftr->next = ftr; 3190 else 3191 *r = ftr; 3192 lftr = ftr; 3193 3194 rc = next_entry(buf, fp, sizeof(uint32_t)); 3195 if (rc < 0) 3196 return -1; 3197 3198 len = le32_to_cpu(buf[0]); 3199 3200 ftr->name = malloc(len + 1); 3201 if (!ftr->name) 3202 return -1; 3203 3204 rc = next_entry(ftr->name, fp, len); 3205 if (rc) 3206 return -1; 3207 ftr->name[len] = 0; 3208 3209 if (type_set_read(&ftr->stypes, fp)) 3210 return -1; 3211 3212 if (type_set_read(&ftr->ttypes, fp)) 3213 return -1; 3214 3215 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3216 if (rc < 0) 3217 return -1; 3218 ftr->tclass = le32_to_cpu(buf[0]); 3219 ftr->otype = le32_to_cpu(buf[1]); 3220 } 3221 3222 return 0; 3223} 3224 3225static int range_trans_rule_read(range_trans_rule_t ** r, 3226 struct policy_file *fp) 3227{ 3228 uint32_t buf[1], nel; 3229 unsigned int i; 3230 range_trans_rule_t *rt, *lrt = NULL; 3231 int rc; 3232 3233 rc = next_entry(buf, fp, sizeof(uint32_t)); 3234 if (rc < 0) 3235 return -1; 3236 nel = le32_to_cpu(buf[0]); 3237 for (i = 0; i < nel; i++) { 3238 rt = malloc(sizeof(range_trans_rule_t)); 3239 if (!rt) { 3240 return -1; 3241 } 3242 range_trans_rule_init(rt); 3243 3244 if (lrt) 3245 lrt->next = rt; 3246 else 3247 *r = rt; 3248 3249 if (type_set_read(&rt->stypes, fp)) 3250 return -1; 3251 3252 if (type_set_read(&rt->ttypes, fp)) 3253 return -1; 3254 3255 if (ebitmap_read(&rt->tclasses, fp)) 3256 return -1; 3257 3258 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3259 return -1; 3260 3261 lrt = rt; 3262 } 3263 3264 return 0; 3265} 3266 3267static int scope_index_read(scope_index_t * scope_index, 3268 unsigned int num_scope_syms, struct policy_file *fp) 3269{ 3270 unsigned int i; 3271 uint32_t buf[1]; 3272 int rc; 3273 3274 for (i = 0; i < num_scope_syms; i++) { 3275 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3276 return -1; 3277 } 3278 } 3279 rc = next_entry(buf, fp, sizeof(uint32_t)); 3280 if (rc < 0) 3281 return -1; 3282 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3283 if (scope_index->class_perms_len == 0) { 3284 scope_index->class_perms_map = NULL; 3285 return 0; 3286 } 3287 if ((scope_index->class_perms_map = 3288 calloc(scope_index->class_perms_len, 3289 sizeof(*scope_index->class_perms_map))) == NULL) { 3290 return -1; 3291 } 3292 for (i = 0; i < scope_index->class_perms_len; i++) { 3293 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3294 return -1; 3295 } 3296 } 3297 return 0; 3298} 3299 3300static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3301 unsigned int num_scope_syms, struct policy_file *fp) 3302{ 3303 uint32_t buf[2], nprim, nel; 3304 unsigned int i, j; 3305 int rc; 3306 3307 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3308 if (rc < 0) 3309 return -1; 3310 decl->decl_id = le32_to_cpu(buf[0]); 3311 decl->enabled = le32_to_cpu(buf[1]); 3312 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3313 avrule_read_list(p, &decl->avrules, fp) == -1 || 3314 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3315 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3316 return -1; 3317 } 3318 3319 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3320 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3321 return -1; 3322 3323 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3324 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3325 return -1; 3326 } 3327 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3328 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3329 return -1; 3330 } 3331 3332 for (i = 0; i < num_scope_syms; i++) { 3333 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3334 if (rc < 0) 3335 return -1; 3336 nprim = le32_to_cpu(buf[0]); 3337 nel = le32_to_cpu(buf[1]); 3338 for (j = 0; j < nel; j++) { 3339 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3340 return -1; 3341 } 3342 } 3343 decl->symtab[i].nprim = nprim; 3344 } 3345 return 0; 3346} 3347 3348static int avrule_block_read(policydb_t * p, 3349 avrule_block_t ** block, 3350 unsigned int num_scope_syms, 3351 struct policy_file *fp) 3352{ 3353 avrule_block_t *last_block = NULL, *curblock; 3354 uint32_t buf[1], num_blocks, nel; 3355 int rc; 3356 3357 rc = next_entry(buf, fp, sizeof(uint32_t)); 3358 if (rc < 0) 3359 return -1; 3360 num_blocks = le32_to_cpu(buf[0]); 3361 nel = num_blocks; 3362 while (num_blocks > 0) { 3363 avrule_decl_t *last_decl = NULL, *curdecl; 3364 uint32_t num_decls; 3365 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3366 return -1; 3367 } 3368 rc = next_entry(buf, fp, sizeof(uint32_t)); 3369 if (rc < 0) { 3370 free(curblock); 3371 return -1; 3372 } 3373 /* if this is the first block its non-optional, else its optional */ 3374 if (num_blocks != nel) 3375 curblock->flags |= AVRULE_OPTIONAL; 3376 3377 num_decls = le32_to_cpu(buf[0]); 3378 while (num_decls > 0) { 3379 if ((curdecl = avrule_decl_create(0)) == NULL) { 3380 avrule_block_destroy(curblock); 3381 return -1; 3382 } 3383 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3384 -1) { 3385 avrule_decl_destroy(curdecl); 3386 avrule_block_destroy(curblock); 3387 return -1; 3388 } 3389 if (curdecl->enabled) { 3390 if (curblock->enabled != NULL) { 3391 /* probably a corrupt file */ 3392 avrule_decl_destroy(curdecl); 3393 avrule_block_destroy(curblock); 3394 return -1; 3395 } 3396 curblock->enabled = curdecl; 3397 } 3398 /* one must be careful to reconstruct the 3399 * decl chain in its correct order */ 3400 if (curblock->branch_list == NULL) { 3401 curblock->branch_list = curdecl; 3402 } else { 3403 last_decl->next = curdecl; 3404 } 3405 last_decl = curdecl; 3406 num_decls--; 3407 } 3408 3409 if (*block == NULL) { 3410 *block = curblock; 3411 } else { 3412 last_block->next = curblock; 3413 } 3414 last_block = curblock; 3415 3416 num_blocks--; 3417 } 3418 3419 return 0; 3420} 3421 3422static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3423{ 3424 scope_datum_t *scope = NULL; 3425 uint32_t buf[2]; 3426 char *key = NULL; 3427 size_t key_len; 3428 unsigned int i; 3429 hashtab_t h = p->scope[symnum].table; 3430 int rc; 3431 3432 rc = next_entry(buf, fp, sizeof(uint32_t)); 3433 if (rc < 0) 3434 goto cleanup; 3435 key_len = le32_to_cpu(buf[0]); 3436 key = malloc(key_len + 1); 3437 if (!key) 3438 goto cleanup; 3439 rc = next_entry(key, fp, key_len); 3440 if (rc < 0) 3441 goto cleanup; 3442 key[key_len] = '\0'; 3443 3444 /* ensure that there already exists a symbol with this key */ 3445 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3446 goto cleanup; 3447 } 3448 3449 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3450 goto cleanup; 3451 } 3452 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3453 if (rc < 0) 3454 goto cleanup; 3455 scope->scope = le32_to_cpu(buf[0]); 3456 scope->decl_ids_len = le32_to_cpu(buf[1]); 3457 assert(scope->decl_ids_len > 0); 3458 if ((scope->decl_ids = 3459 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3460 goto cleanup; 3461 } 3462 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3463 if (rc < 0) 3464 goto cleanup; 3465 for (i = 0; i < scope->decl_ids_len; i++) { 3466 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3467 } 3468 3469 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3470 /* object_r was already added to this table in roles_init() */ 3471 scope_destroy(key, scope, NULL); 3472 } else { 3473 if (hashtab_insert(h, key, scope)) { 3474 goto cleanup; 3475 } 3476 } 3477 3478 return 0; 3479 3480 cleanup: 3481 scope_destroy(key, scope, NULL); 3482 return -1; 3483} 3484 3485/* 3486 * Read the configuration data from a policy database binary 3487 * representation file into a policy database structure. 3488 */ 3489int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3490{ 3491 3492 unsigned int i, j, r_policyvers; 3493 uint32_t buf[5]; 3494 size_t len, nprim, nel; 3495 char *policydb_str; 3496 struct policydb_compat_info *info; 3497 unsigned int policy_type, bufindex; 3498 ebitmap_node_t *tnode; 3499 int rc; 3500 3501 /* Read the magic number and string length. */ 3502 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3503 if (rc < 0) 3504 return POLICYDB_ERROR; 3505 for (i = 0; i < 2; i++) 3506 buf[i] = le32_to_cpu(buf[i]); 3507 3508 if (buf[0] == POLICYDB_MAGIC) { 3509 policy_type = POLICY_KERN; 3510 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3511 policy_type = POLICY_MOD; 3512 } else { 3513 ERR(fp->handle, "policydb magic number %#08x does not " 3514 "match expected magic number %#08x or %#08x", 3515 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3516 return POLICYDB_ERROR; 3517 } 3518 3519 len = buf[1]; 3520 if (len > POLICYDB_STRING_MAX_LENGTH) { 3521 ERR(fp->handle, "policydb string length too long "); 3522 return POLICYDB_ERROR; 3523 } 3524 3525 policydb_str = malloc(len + 1); 3526 if (!policydb_str) { 3527 ERR(fp->handle, "unable to allocate memory for policydb " 3528 "string of length %zu", len); 3529 return POLICYDB_ERROR; 3530 } 3531 rc = next_entry(policydb_str, fp, len); 3532 if (rc < 0) { 3533 ERR(fp->handle, "truncated policydb string identifier"); 3534 free(policydb_str); 3535 return POLICYDB_ERROR; 3536 } 3537 policydb_str[len] = 0; 3538 3539 if (policy_type == POLICY_KERN) { 3540 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3541 if ((strcmp(policydb_str, policydb_target_strings[i]) 3542 == 0)) { 3543 policydb_set_target_platform(p, i); 3544 break; 3545 } 3546 } 3547 3548 if (i == POLICYDB_TARGET_SZ) { 3549 ERR(fp->handle, "cannot find a valid target for policy " 3550 "string %s", policydb_str); 3551 free(policydb_str); 3552 return POLICYDB_ERROR; 3553 } 3554 } else { 3555 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3556 ERR(fp->handle, "invalid string identifier %s", 3557 policydb_str); 3558 free(policydb_str); 3559 return POLICYDB_ERROR; 3560 } 3561 } 3562 3563 /* Done with policydb_str. */ 3564 free(policydb_str); 3565 policydb_str = NULL; 3566 3567 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3568 if (policy_type == POLICY_KERN) 3569 nel = 4; 3570 else 3571 nel = 5; 3572 3573 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3574 if (rc < 0) 3575 return POLICYDB_ERROR; 3576 for (i = 0; i < nel; i++) 3577 buf[i] = le32_to_cpu(buf[i]); 3578 3579 bufindex = 0; 3580 3581 if (policy_type == POLICY_MOD) { 3582 /* We know it's a module but not whether it's a base 3583 module or regular binary policy module. buf[0] 3584 tells us which. */ 3585 policy_type = buf[bufindex]; 3586 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3587 ERR(fp->handle, "unknown module type: %#08x", 3588 policy_type); 3589 return POLICYDB_ERROR; 3590 } 3591 bufindex++; 3592 } 3593 3594 r_policyvers = buf[bufindex]; 3595 if (policy_type == POLICY_KERN) { 3596 if (r_policyvers < POLICYDB_VERSION_MIN || 3597 r_policyvers > POLICYDB_VERSION_MAX) { 3598 ERR(fp->handle, "policydb version %d does not match " 3599 "my version range %d-%d", buf[bufindex], 3600 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3601 return POLICYDB_ERROR; 3602 } 3603 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3604 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3605 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3606 ERR(fp->handle, "policydb module version %d does " 3607 "not match my version range %d-%d", 3608 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3609 MOD_POLICYDB_VERSION_MAX); 3610 return POLICYDB_ERROR; 3611 } 3612 } else { 3613 assert(0); 3614 } 3615 bufindex++; 3616 3617 /* Set the policy type and version from the read values. */ 3618 p->policy_type = policy_type; 3619 p->policyvers = r_policyvers; 3620 3621 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3622 p->mls = 1; 3623 } else { 3624 p->mls = 0; 3625 } 3626 3627 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3628 3629 bufindex++; 3630 3631 info = policydb_lookup_compat(r_policyvers, policy_type, 3632 p->target_platform); 3633 if (!info) { 3634 ERR(fp->handle, "unable to find policy compat info " 3635 "for version %d", r_policyvers); 3636 goto bad; 3637 } 3638 3639 if (buf[bufindex] != info->sym_num 3640 || buf[bufindex + 1] != info->ocon_num) { 3641 ERR(fp->handle, 3642 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3643 buf[bufindex], buf[bufindex + 1], info->sym_num, 3644 info->ocon_num); 3645 goto bad; 3646 } 3647 3648 if (p->policy_type == POLICY_MOD) { 3649 /* Get the module name and version */ 3650 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3651 goto bad; 3652 } 3653 len = le32_to_cpu(buf[0]); 3654 if ((p->name = malloc(len + 1)) == NULL) { 3655 goto bad; 3656 } 3657 if ((rc = next_entry(p->name, fp, len)) < 0) { 3658 goto bad; 3659 } 3660 p->name[len] = '\0'; 3661 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3662 goto bad; 3663 } 3664 len = le32_to_cpu(buf[0]); 3665 if ((p->version = malloc(len + 1)) == NULL) { 3666 goto bad; 3667 } 3668 if ((rc = next_entry(p->version, fp, len)) < 0) { 3669 goto bad; 3670 } 3671 p->version[len] = '\0'; 3672 } 3673 3674 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3675 p->policy_type == POLICY_KERN) || 3676 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3677 p->policy_type == POLICY_BASE) || 3678 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3679 p->policy_type == POLICY_MOD)) { 3680 if (ebitmap_read(&p->policycaps, fp)) 3681 goto bad; 3682 } 3683 3684 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3685 p->policy_type == POLICY_KERN) { 3686 if (ebitmap_read(&p->permissive_map, fp)) 3687 goto bad; 3688 } 3689 3690 for (i = 0; i < info->sym_num; i++) { 3691 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3692 if (rc < 0) 3693 goto bad; 3694 nprim = le32_to_cpu(buf[0]); 3695 nel = le32_to_cpu(buf[1]); 3696 for (j = 0; j < nel; j++) { 3697 if (read_f[i] (p, p->symtab[i].table, fp)) 3698 goto bad; 3699 } 3700 3701 p->symtab[i].nprim = nprim; 3702 } 3703 3704 if (policy_type == POLICY_KERN) { 3705 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3706 goto bad; 3707 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3708 if (cond_read_list(p, &p->cond_list, fp)) 3709 goto bad; 3710 if (role_trans_read(p, fp)) 3711 goto bad; 3712 if (role_allow_read(&p->role_allow, fp)) 3713 goto bad; 3714 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3715 filename_trans_read(&p->filename_trans, fp)) 3716 goto bad; 3717 } else { 3718 /* first read the AV rule blocks, then the scope tables */ 3719 avrule_block_destroy(p->global); 3720 p->global = NULL; 3721 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3722 goto bad; 3723 } 3724 for (i = 0; i < info->sym_num; i++) { 3725 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3726 goto bad; 3727 } 3728 nel = le32_to_cpu(buf[0]); 3729 for (j = 0; j < nel; j++) { 3730 if (scope_read(p, i, fp)) 3731 goto bad; 3732 } 3733 } 3734 3735 } 3736 3737 if (policydb_index_decls(p)) 3738 goto bad; 3739 3740 if (policydb_index_classes(p)) 3741 goto bad; 3742 3743 if (policydb_index_others(fp->handle, p, verbose)) 3744 goto bad; 3745 3746 if (ocontext_read(info, p, fp) == -1) { 3747 goto bad; 3748 } 3749 3750 if (genfs_read(p, fp) == -1) { 3751 goto bad; 3752 } 3753 3754 if ((p->policy_type == POLICY_KERN 3755 && p->policyvers >= POLICYDB_VERSION_MLS) 3756 || (p->policy_type == POLICY_BASE 3757 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3758 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3759 if (range_read(p, fp)) { 3760 goto bad; 3761 } 3762 } 3763 3764 if (policy_type == POLICY_KERN) { 3765 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3766 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3767 if (!p->type_attr_map || !p->attr_type_map) 3768 goto bad; 3769 for (i = 0; i < p->p_types.nprim; i++) { 3770 ebitmap_init(&p->type_attr_map[i]); 3771 ebitmap_init(&p->attr_type_map[i]); 3772 } 3773 for (i = 0; i < p->p_types.nprim; i++) { 3774 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3775 if (ebitmap_read(&p->type_attr_map[i], fp)) 3776 goto bad; 3777 ebitmap_for_each_bit(&p->type_attr_map[i], 3778 tnode, j) { 3779 if (!ebitmap_node_get_bit(tnode, j) 3780 || i == j) 3781 continue; 3782 if (ebitmap_set_bit 3783 (&p->attr_type_map[j], i, 1)) 3784 goto bad; 3785 } 3786 } 3787 /* add the type itself as the degenerate case */ 3788 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3789 goto bad; 3790 } 3791 } 3792 3793 return POLICYDB_SUCCESS; 3794 bad: 3795 return POLICYDB_ERROR; 3796} 3797 3798int policydb_reindex_users(policydb_t * p) 3799{ 3800 unsigned int i = SYM_USERS; 3801 3802 if (p->user_val_to_struct) 3803 free(p->user_val_to_struct); 3804 if (p->sym_val_to_name[i]) 3805 free(p->sym_val_to_name[i]); 3806 3807 p->user_val_to_struct = (user_datum_t **) 3808 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3809 if (!p->user_val_to_struct) 3810 return -1; 3811 3812 p->sym_val_to_name[i] = (char **) 3813 malloc(p->symtab[i].nprim * sizeof(char *)); 3814 if (!p->sym_val_to_name[i]) 3815 return -1; 3816 3817 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3818 return -1; 3819 3820 /* Expand user roles for context validity checking */ 3821 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3822 return -1; 3823 3824 return 0; 3825} 3826 3827void policy_file_init(policy_file_t *pf) 3828{ 3829 memset(pf, 0, sizeof(policy_file_t)); 3830} 3831 3832int policydb_set_target_platform(policydb_t *p, int platform) 3833{ 3834 if (platform == SEPOL_TARGET_SELINUX) 3835 p->target_platform = SEPOL_TARGET_SELINUX; 3836 else if (platform == SEPOL_TARGET_XEN) 3837 p->target_platform = SEPOL_TARGET_XEN; 3838 else 3839 return -1; 3840 3841 return 0; 3842} 3843 3844