policydb.c revision 34df32ab85a914c2bb7430e40716be7cbfa0a6bb
1 2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3 4/* 5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 6 * 7 * Support for enhanced MLS infrastructure. 8 * 9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com> 14 * Fine-grained netlink support 15 * IPv6 support 16 * Code cleanup 17 * 18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC 20 * Copyright (C) 2003 - 2007 Red Hat, Inc. 21 * 22 * This library is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU Lesser General Public 24 * License as published by the Free Software Foundation; either 25 * version 2.1 of the License, or (at your option) any later version. 26 * 27 * This library is distributed in the hope that it will be useful, 28 * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 30 * Lesser General Public License for more details. 31 * 32 * You should have received a copy of the GNU Lesser General Public 33 * License along with this library; if not, write to the Free Software 34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 35 */ 36 37/* FLASK */ 38 39/* 40 * Implementation of the policy database. 41 */ 42 43#include <assert.h> 44#include <stdlib.h> 45 46#include <sepol/policydb/policydb.h> 47#include <sepol/policydb/expand.h> 48#include <sepol/policydb/conditional.h> 49#include <sepol/policydb/avrule_block.h> 50#include <sepol/policydb/util.h> 51#include <sepol/policydb/flask.h> 52 53#include "private.h" 54#include "debug.h" 55#include "mls.h" 56 57#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 58char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59 60/* These need to be updated if SYM_NUM or OCON_NUM changes */ 61static struct policydb_compat_info policydb_compat[] = { 62 { 63 .type = POLICY_KERN, 64 .version = POLICYDB_VERSION_BOUNDARY, 65 .sym_num = SYM_NUM, 66 .ocon_num = OCON_XEN_PCIDEVICE + 1, 67 .target_platform = SEPOL_TARGET_XEN, 68 }, 69 { 70 .type = POLICY_KERN, 71 .version = POLICYDB_VERSION_BASE, 72 .sym_num = SYM_NUM - 3, 73 .ocon_num = OCON_FSUSE + 1, 74 .target_platform = SEPOL_TARGET_SELINUX, 75 }, 76 { 77 .type = POLICY_KERN, 78 .version = POLICYDB_VERSION_BOOL, 79 .sym_num = SYM_NUM - 2, 80 .ocon_num = OCON_FSUSE + 1, 81 .target_platform = SEPOL_TARGET_SELINUX, 82 }, 83 { 84 .type = POLICY_KERN, 85 .version = POLICYDB_VERSION_IPV6, 86 .sym_num = SYM_NUM - 2, 87 .ocon_num = OCON_NODE6 + 1, 88 .target_platform = SEPOL_TARGET_SELINUX, 89 }, 90 { 91 .type = POLICY_KERN, 92 .version = POLICYDB_VERSION_NLCLASS, 93 .sym_num = SYM_NUM - 2, 94 .ocon_num = OCON_NODE6 + 1, 95 .target_platform = SEPOL_TARGET_SELINUX, 96 }, 97 { 98 .type = POLICY_KERN, 99 .version = POLICYDB_VERSION_MLS, 100 .sym_num = SYM_NUM, 101 .ocon_num = OCON_NODE6 + 1, 102 .target_platform = SEPOL_TARGET_SELINUX, 103 }, 104 { 105 .type = POLICY_KERN, 106 .version = POLICYDB_VERSION_AVTAB, 107 .sym_num = SYM_NUM, 108 .ocon_num = OCON_NODE6 + 1, 109 .target_platform = SEPOL_TARGET_SELINUX, 110 }, 111 { 112 .type = POLICY_KERN, 113 .version = POLICYDB_VERSION_RANGETRANS, 114 .sym_num = SYM_NUM, 115 .ocon_num = OCON_NODE6 + 1, 116 .target_platform = SEPOL_TARGET_SELINUX, 117 }, 118 { 119 .type = POLICY_KERN, 120 .version = POLICYDB_VERSION_POLCAP, 121 .sym_num = SYM_NUM, 122 .ocon_num = OCON_NODE6 + 1, 123 .target_platform = SEPOL_TARGET_SELINUX, 124 }, 125 { 126 .type = POLICY_KERN, 127 .version = POLICYDB_VERSION_PERMISSIVE, 128 .sym_num = SYM_NUM, 129 .ocon_num = OCON_NODE6 + 1, 130 .target_platform = SEPOL_TARGET_SELINUX, 131 }, 132 { 133 .type = POLICY_KERN, 134 .version = POLICYDB_VERSION_BOUNDARY, 135 .sym_num = SYM_NUM, 136 .ocon_num = OCON_NODE6 + 1, 137 .target_platform = SEPOL_TARGET_SELINUX, 138 }, 139 { 140 .type = POLICY_KERN, 141 .version = POLICYDB_VERSION_FILENAME_TRANS, 142 .sym_num = SYM_NUM, 143 .ocon_num = OCON_NODE6 + 1, 144 .target_platform = SEPOL_TARGET_SELINUX, 145 }, 146 { 147 .type = POLICY_KERN, 148 .version = POLICYDB_VERSION_ROLETRANS, 149 .sym_num = SYM_NUM, 150 .ocon_num = OCON_NODE6 + 1, 151 .target_platform = SEPOL_TARGET_SELINUX, 152 }, 153 { 154 .type = POLICY_BASE, 155 .version = MOD_POLICYDB_VERSION_BASE, 156 .sym_num = SYM_NUM, 157 .ocon_num = OCON_NODE6 + 1, 158 .target_platform = SEPOL_TARGET_SELINUX, 159 }, 160 { 161 .type = POLICY_BASE, 162 .version = MOD_POLICYDB_VERSION_MLS, 163 .sym_num = SYM_NUM, 164 .ocon_num = OCON_NODE6 + 1, 165 .target_platform = SEPOL_TARGET_SELINUX, 166 }, 167 { 168 .type = POLICY_BASE, 169 .version = MOD_POLICYDB_VERSION_MLS_USERS, 170 .sym_num = SYM_NUM, 171 .ocon_num = OCON_NODE6 + 1, 172 .target_platform = SEPOL_TARGET_SELINUX, 173 }, 174 { 175 .type = POLICY_BASE, 176 .version = MOD_POLICYDB_VERSION_POLCAP, 177 .sym_num = SYM_NUM, 178 .ocon_num = OCON_NODE6 + 1, 179 .target_platform = SEPOL_TARGET_SELINUX, 180 }, 181 { 182 .type = POLICY_BASE, 183 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 184 .sym_num = SYM_NUM, 185 .ocon_num = OCON_NODE6 + 1, 186 .target_platform = SEPOL_TARGET_SELINUX, 187 }, 188 { 189 .type = POLICY_BASE, 190 .version = MOD_POLICYDB_VERSION_BOUNDARY, 191 .sym_num = SYM_NUM, 192 .ocon_num = OCON_NODE6 + 1, 193 .target_platform = SEPOL_TARGET_SELINUX, 194 }, 195 { 196 .type = POLICY_BASE, 197 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 198 .sym_num = SYM_NUM, 199 .ocon_num = OCON_NODE6 + 1, 200 .target_platform = SEPOL_TARGET_SELINUX, 201 }, 202 { 203 .type = POLICY_BASE, 204 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 205 .sym_num = SYM_NUM, 206 .ocon_num = OCON_NODE6 + 1, 207 .target_platform = SEPOL_TARGET_SELINUX, 208 }, 209 { 210 .type = POLICY_BASE, 211 .version = MOD_POLICYDB_VERSION_ROLETRANS, 212 .sym_num = SYM_NUM, 213 .ocon_num = OCON_NODE6 + 1, 214 .target_platform = SEPOL_TARGET_SELINUX, 215 }, 216 { 217 .type = POLICY_MOD, 218 .version = MOD_POLICYDB_VERSION_BASE, 219 .sym_num = SYM_NUM, 220 .ocon_num = 0, 221 .target_platform = SEPOL_TARGET_SELINUX, 222 }, 223 { 224 .type = POLICY_MOD, 225 .version = MOD_POLICYDB_VERSION_MLS, 226 .sym_num = SYM_NUM, 227 .ocon_num = 0, 228 .target_platform = SEPOL_TARGET_SELINUX, 229 }, 230 { 231 .type = POLICY_MOD, 232 .version = MOD_POLICYDB_VERSION_MLS_USERS, 233 .sym_num = SYM_NUM, 234 .ocon_num = 0, 235 .target_platform = SEPOL_TARGET_SELINUX, 236 }, 237 { 238 .type = POLICY_MOD, 239 .version = MOD_POLICYDB_VERSION_POLCAP, 240 .sym_num = SYM_NUM, 241 .ocon_num = 0, 242 .target_platform = SEPOL_TARGET_SELINUX, 243 }, 244 { 245 .type = POLICY_MOD, 246 .version = MOD_POLICYDB_VERSION_PERMISSIVE, 247 .sym_num = SYM_NUM, 248 .ocon_num = 0, 249 .target_platform = SEPOL_TARGET_SELINUX, 250 }, 251 { 252 .type = POLICY_MOD, 253 .version = MOD_POLICYDB_VERSION_BOUNDARY, 254 .sym_num = SYM_NUM, 255 .ocon_num = 0, 256 .target_platform = SEPOL_TARGET_SELINUX, 257 }, 258 { 259 .type = POLICY_MOD, 260 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 261 .sym_num = SYM_NUM, 262 .ocon_num = 0, 263 .target_platform = SEPOL_TARGET_SELINUX, 264 }, 265 { 266 .type = POLICY_MOD, 267 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 268 .sym_num = SYM_NUM, 269 .ocon_num = 0, 270 .target_platform = SEPOL_TARGET_SELINUX, 271 }, 272 { 273 .type = POLICY_MOD, 274 .version = MOD_POLICYDB_VERSION_ROLETRANS, 275 .sym_num = SYM_NUM, 276 .ocon_num = 0, 277 .target_platform = SEPOL_TARGET_SELINUX, 278 }, 279}; 280 281#if 0 282static char *symtab_name[SYM_NUM] = { 283 "common prefixes", 284 "classes", 285 "roles", 286 "types", 287 "users", 288 "bools" mls_symtab_names cond_symtab_names 289}; 290#endif 291 292static unsigned int symtab_sizes[SYM_NUM] = { 293 2, 294 32, 295 16, 296 512, 297 128, 298 16, 299 16, 300 16, 301}; 302 303struct policydb_compat_info *policydb_lookup_compat(unsigned int version, 304 unsigned int type, 305 unsigned int target_platform) 306{ 307 unsigned int i; 308 struct policydb_compat_info *info = NULL; 309 310 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 311 if (policydb_compat[i].version == version && 312 policydb_compat[i].type == type && 313 policydb_compat[i].target_platform == target_platform) { 314 info = &policydb_compat[i]; 315 break; 316 } 317 } 318 return info; 319} 320 321void type_set_init(type_set_t * x) 322{ 323 memset(x, 0, sizeof(type_set_t)); 324 ebitmap_init(&x->types); 325 ebitmap_init(&x->negset); 326} 327 328void type_set_destroy(type_set_t * x) 329{ 330 if (x != NULL) { 331 ebitmap_destroy(&x->types); 332 ebitmap_destroy(&x->negset); 333 } 334} 335 336void role_set_init(role_set_t * x) 337{ 338 memset(x, 0, sizeof(role_set_t)); 339 ebitmap_init(&x->roles); 340} 341 342void role_set_destroy(role_set_t * x) 343{ 344 ebitmap_destroy(&x->roles); 345} 346 347void role_datum_init(role_datum_t * x) 348{ 349 memset(x, 0, sizeof(role_datum_t)); 350 ebitmap_init(&x->dominates); 351 type_set_init(&x->types); 352 ebitmap_init(&x->cache); 353} 354 355void role_datum_destroy(role_datum_t * x) 356{ 357 if (x != NULL) { 358 ebitmap_destroy(&x->dominates); 359 type_set_destroy(&x->types); 360 ebitmap_destroy(&x->cache); 361 } 362} 363 364void type_datum_init(type_datum_t * x) 365{ 366 memset(x, 0, sizeof(*x)); 367 ebitmap_init(&x->types); 368} 369 370void type_datum_destroy(type_datum_t * x) 371{ 372 if (x != NULL) { 373 ebitmap_destroy(&x->types); 374 } 375} 376 377void user_datum_init(user_datum_t * x) 378{ 379 memset(x, 0, sizeof(user_datum_t)); 380 role_set_init(&x->roles); 381 mls_semantic_range_init(&x->range); 382 mls_semantic_level_init(&x->dfltlevel); 383 ebitmap_init(&x->cache); 384 mls_range_init(&x->exp_range); 385 mls_level_init(&x->exp_dfltlevel); 386} 387 388void user_datum_destroy(user_datum_t * x) 389{ 390 if (x != NULL) { 391 role_set_destroy(&x->roles); 392 mls_semantic_range_destroy(&x->range); 393 mls_semantic_level_destroy(&x->dfltlevel); 394 ebitmap_destroy(&x->cache); 395 mls_range_destroy(&x->exp_range); 396 mls_level_destroy(&x->exp_dfltlevel); 397 } 398} 399 400void level_datum_init(level_datum_t * x) 401{ 402 memset(x, 0, sizeof(level_datum_t)); 403} 404 405void level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 406{ 407 /* the mls_level_t referenced by the level_datum is managed 408 * separately for now, so there is nothing to destroy */ 409 return; 410} 411 412void cat_datum_init(cat_datum_t * x) 413{ 414 memset(x, 0, sizeof(cat_datum_t)); 415} 416 417void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 418{ 419 /* it's currently a simple struct - really nothing to destroy */ 420 return; 421} 422 423void class_perm_node_init(class_perm_node_t * x) 424{ 425 memset(x, 0, sizeof(class_perm_node_t)); 426} 427 428void avrule_init(avrule_t * x) 429{ 430 memset(x, 0, sizeof(avrule_t)); 431 type_set_init(&x->stypes); 432 type_set_init(&x->ttypes); 433} 434 435void avrule_destroy(avrule_t * x) 436{ 437 class_perm_node_t *cur, *next; 438 439 if (x == NULL) { 440 return; 441 } 442 type_set_destroy(&x->stypes); 443 type_set_destroy(&x->ttypes); 444 445 next = x->perms; 446 while (next) { 447 cur = next; 448 next = cur->next; 449 free(cur); 450 } 451} 452 453void role_trans_rule_init(role_trans_rule_t * x) 454{ 455 memset(x, 0, sizeof(*x)); 456 role_set_init(&x->roles); 457 type_set_init(&x->types); 458 ebitmap_init(&x->classes); 459} 460 461void role_trans_rule_destroy(role_trans_rule_t * x) 462{ 463 if (x != NULL) { 464 role_set_destroy(&x->roles); 465 type_set_destroy(&x->types); 466 ebitmap_destroy(&x->classes); 467 } 468} 469 470void role_trans_rule_list_destroy(role_trans_rule_t * x) 471{ 472 while (x != NULL) { 473 role_trans_rule_t *next = x->next; 474 role_trans_rule_destroy(x); 475 free(x); 476 x = next; 477 } 478} 479 480void filename_trans_rule_init(filename_trans_rule_t * x) 481{ 482 memset(x, 0, sizeof(*x)); 483 type_set_init(&x->stypes); 484 type_set_init(&x->ttypes); 485} 486 487static void filename_trans_rule_destroy(filename_trans_rule_t * x) 488{ 489 if (!x) 490 return; 491 type_set_destroy(&x->stypes); 492 type_set_destroy(&x->ttypes); 493 free(x->name); 494} 495 496void filename_trans_rule_list_destroy(filename_trans_rule_t * x) 497{ 498 filename_trans_rule_t *next; 499 while (x) { 500 next = x->next; 501 filename_trans_rule_destroy(x); 502 free(x); 503 x = next; 504 } 505} 506 507void role_allow_rule_init(role_allow_rule_t * x) 508{ 509 memset(x, 0, sizeof(role_allow_rule_t)); 510 role_set_init(&x->roles); 511 role_set_init(&x->new_roles); 512} 513 514void role_allow_rule_destroy(role_allow_rule_t * x) 515{ 516 role_set_destroy(&x->roles); 517 role_set_destroy(&x->new_roles); 518} 519 520void role_allow_rule_list_destroy(role_allow_rule_t * x) 521{ 522 while (x != NULL) { 523 role_allow_rule_t *next = x->next; 524 role_allow_rule_destroy(x); 525 free(x); 526 x = next; 527 } 528} 529 530void range_trans_rule_init(range_trans_rule_t * x) 531{ 532 type_set_init(&x->stypes); 533 type_set_init(&x->ttypes); 534 ebitmap_init(&x->tclasses); 535 mls_semantic_range_init(&x->trange); 536 x->next = NULL; 537} 538 539void range_trans_rule_destroy(range_trans_rule_t * x) 540{ 541 type_set_destroy(&x->stypes); 542 type_set_destroy(&x->ttypes); 543 ebitmap_destroy(&x->tclasses); 544 mls_semantic_range_destroy(&x->trange); 545} 546 547void range_trans_rule_list_destroy(range_trans_rule_t * x) 548{ 549 while (x != NULL) { 550 range_trans_rule_t *next = x->next; 551 range_trans_rule_destroy(x); 552 free(x); 553 x = next; 554 } 555} 556 557void avrule_list_destroy(avrule_t * x) 558{ 559 avrule_t *next, *cur; 560 561 if (!x) 562 return; 563 564 next = x; 565 while (next) { 566 cur = next; 567 next = next->next; 568 avrule_destroy(cur); 569 free(cur); 570 } 571} 572 573/* 574 * Initialize the role table by implicitly adding role 'object_r'. If 575 * the policy is a module, set object_r's scope to be SCOPE_REQ, 576 * otherwise set it to SCOPE_DECL. 577 */ 578static int roles_init(policydb_t * p) 579{ 580 char *key = 0; 581 int rc; 582 role_datum_t *role; 583 584 role = calloc(1, sizeof(role_datum_t)); 585 if (!role) { 586 rc = -ENOMEM; 587 goto out; 588 } 589 key = malloc(strlen(OBJECT_R) + 1); 590 if (!key) { 591 rc = -ENOMEM; 592 goto out_free_role; 593 } 594 strcpy(key, OBJECT_R); 595 rc = symtab_insert(p, SYM_ROLES, key, role, 596 (p->policy_type == 597 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 598 &role->s.value); 599 if (rc) 600 goto out_free_key; 601 if (role->s.value != OBJECT_R_VAL) { 602 rc = -EINVAL; 603 goto out_free_role; 604 } 605 out: 606 return rc; 607 608 out_free_key: 609 free(key); 610 out_free_role: 611 free(role); 612 goto out; 613} 614 615/* 616 * Initialize a policy database structure. 617 */ 618int policydb_init(policydb_t * p) 619{ 620 int i, rc; 621 622 memset(p, 0, sizeof(policydb_t)); 623 624 ebitmap_init(&p->policycaps); 625 626 ebitmap_init(&p->permissive_map); 627 628 for (i = 0; i < SYM_NUM; i++) { 629 p->sym_val_to_name[i] = NULL; 630 rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 631 if (rc) 632 goto out_free_symtab; 633 } 634 635 /* initialize the module stuff */ 636 for (i = 0; i < SYM_NUM; i++) { 637 if (symtab_init(&p->scope[i], symtab_sizes[i])) { 638 goto out_free_symtab; 639 } 640 } 641 if ((p->global = avrule_block_create()) == NULL || 642 (p->global->branch_list = avrule_decl_create(1)) == NULL) { 643 goto out_free_symtab; 644 } 645 p->decl_val_to_struct = NULL; 646 647 rc = avtab_init(&p->te_avtab); 648 if (rc) 649 goto out_free_symtab; 650 651 rc = roles_init(p); 652 if (rc) 653 goto out_free_symtab; 654 655 rc = cond_policydb_init(p); 656 if (rc) 657 goto out_free_symtab; 658 out: 659 return rc; 660 661 out_free_symtab: 662 for (i = 0; i < SYM_NUM; i++) { 663 hashtab_destroy(p->symtab[i].table); 664 hashtab_destroy(p->scope[i].table); 665 } 666 avrule_block_list_destroy(p->global); 667 goto out; 668} 669 670int policydb_role_cache(hashtab_key_t key 671 __attribute__ ((unused)), hashtab_datum_t datum, 672 void *arg) 673{ 674 policydb_t *p; 675 role_datum_t *role; 676 677 role = (role_datum_t *) datum; 678 p = (policydb_t *) arg; 679 680 ebitmap_destroy(&role->cache); 681 if (type_set_expand(&role->types, &role->cache, p, 1)) { 682 return -1; 683 } 684 685 return 0; 686} 687 688int policydb_user_cache(hashtab_key_t key 689 __attribute__ ((unused)), hashtab_datum_t datum, 690 void *arg) 691{ 692 policydb_t *p; 693 user_datum_t *user; 694 695 user = (user_datum_t *) datum; 696 p = (policydb_t *) arg; 697 698 ebitmap_destroy(&user->cache); 699 if (role_set_expand(&user->roles, &user->cache, p, NULL)) { 700 return -1; 701 } 702 703 /* we do not expand user's MLS info in kernel policies because the 704 * semantic representation is not present and we do not expand user's 705 * MLS info in module policies because all of the necessary mls 706 * information is not present */ 707 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 708 mls_range_destroy(&user->exp_range); 709 if (mls_semantic_range_expand(&user->range, 710 &user->exp_range, p, NULL)) { 711 return -1; 712 } 713 714 mls_level_destroy(&user->exp_dfltlevel); 715 if (mls_semantic_level_expand(&user->dfltlevel, 716 &user->exp_dfltlevel, p, NULL)) { 717 return -1; 718 } 719 } 720 721 return 0; 722} 723 724/* 725 * The following *_index functions are used to 726 * define the val_to_name and val_to_struct arrays 727 * in a policy database structure. The val_to_name 728 * arrays are used when converting security context 729 * structures into string representations. The 730 * val_to_struct arrays are used when the attributes 731 * of a class, role, or user are needed. 732 */ 733 734static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 735{ 736 policydb_t *p; 737 common_datum_t *comdatum; 738 739 comdatum = (common_datum_t *) datum; 740 p = (policydb_t *) datap; 741 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 742 return -EINVAL; 743 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 744 745 return 0; 746} 747 748static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 749{ 750 policydb_t *p; 751 class_datum_t *cladatum; 752 753 cladatum = (class_datum_t *) datum; 754 p = (policydb_t *) datap; 755 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 756 return -EINVAL; 757 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 758 p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 759 760 return 0; 761} 762 763static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 764{ 765 policydb_t *p; 766 role_datum_t *role; 767 768 role = (role_datum_t *) datum; 769 p = (policydb_t *) datap; 770 if (!role->s.value || role->s.value > p->p_roles.nprim) 771 return -EINVAL; 772 p->p_role_val_to_name[role->s.value - 1] = (char *)key; 773 p->role_val_to_struct[role->s.value - 1] = role; 774 775 return 0; 776} 777 778static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 779{ 780 policydb_t *p; 781 type_datum_t *typdatum; 782 783 typdatum = (type_datum_t *) datum; 784 p = (policydb_t *) datap; 785 786 if (typdatum->primary) { 787 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 788 return -EINVAL; 789 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 790 p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 791 } 792 793 return 0; 794} 795 796static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 797{ 798 policydb_t *p; 799 user_datum_t *usrdatum; 800 801 usrdatum = (user_datum_t *) datum; 802 p = (policydb_t *) datap; 803 804 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 805 return -EINVAL; 806 807 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 808 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 809 810 return 0; 811} 812 813static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 814{ 815 policydb_t *p; 816 level_datum_t *levdatum; 817 818 levdatum = (level_datum_t *) datum; 819 p = (policydb_t *) datap; 820 821 if (!levdatum->isalias) { 822 if (!levdatum->level->sens || 823 levdatum->level->sens > p->p_levels.nprim) 824 return -EINVAL; 825 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 826 } 827 828 return 0; 829} 830 831static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 832{ 833 policydb_t *p; 834 cat_datum_t *catdatum; 835 836 catdatum = (cat_datum_t *) datum; 837 p = (policydb_t *) datap; 838 839 if (!catdatum->isalias) { 840 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 841 return -EINVAL; 842 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 843 } 844 845 return 0; 846} 847 848static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 849 void *datap) = { 850common_index, class_index, role_index, type_index, user_index, 851 cond_index_bool, sens_index, cat_index,}; 852 853/* 854 * Define the common val_to_name array and the class 855 * val_to_name and val_to_struct arrays in a policy 856 * database structure. 857 */ 858int policydb_index_classes(policydb_t * p) 859{ 860 free(p->p_common_val_to_name); 861 p->p_common_val_to_name = (char **) 862 malloc(p->p_commons.nprim * sizeof(char *)); 863 if (!p->p_common_val_to_name) 864 return -1; 865 866 if (hashtab_map(p->p_commons.table, common_index, p)) 867 return -1; 868 869 free(p->class_val_to_struct); 870 p->class_val_to_struct = (class_datum_t **) 871 malloc(p->p_classes.nprim * sizeof(class_datum_t *)); 872 if (!p->class_val_to_struct) 873 return -1; 874 875 free(p->p_class_val_to_name); 876 p->p_class_val_to_name = (char **) 877 malloc(p->p_classes.nprim * sizeof(char *)); 878 if (!p->p_class_val_to_name) 879 return -1; 880 881 if (hashtab_map(p->p_classes.table, class_index, p)) 882 return -1; 883 884 return 0; 885} 886 887int policydb_index_bools(policydb_t * p) 888{ 889 890 if (cond_init_bool_indexes(p) == -1) 891 return -1; 892 p->p_bool_val_to_name = (char **) 893 malloc(p->p_bools.nprim * sizeof(char *)); 894 if (!p->p_bool_val_to_name) 895 return -1; 896 if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 897 return -1; 898 return 0; 899} 900 901int policydb_index_decls(policydb_t * p) 902{ 903 avrule_block_t *curblock; 904 avrule_decl_t *decl; 905 int num_decls = 0; 906 907 free(p->decl_val_to_struct); 908 909 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 910 for (decl = curblock->branch_list; decl != NULL; 911 decl = decl->next) { 912 num_decls++; 913 } 914 } 915 916 p->decl_val_to_struct = 917 calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 918 if (!p->decl_val_to_struct) { 919 return -1; 920 } 921 922 for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 923 for (decl = curblock->branch_list; decl != NULL; 924 decl = decl->next) { 925 p->decl_val_to_struct[decl->decl_id - 1] = decl; 926 } 927 } 928 929 return 0; 930} 931 932/* 933 * Define the other val_to_name and val_to_struct arrays 934 * in a policy database structure. 935 */ 936int policydb_index_others(sepol_handle_t * handle, 937 policydb_t * p, unsigned verbose) 938{ 939 int i; 940 941 if (verbose) { 942 INFO(handle, 943 "security: %d users, %d roles, %d types, %d bools", 944 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 945 p->p_bools.nprim); 946 947 if (p->mls) 948 INFO(handle, "security: %d sens, %d cats", 949 p->p_levels.nprim, p->p_cats.nprim); 950 951 INFO(handle, "security: %d classes, %d rules, %d cond rules", 952 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 953 } 954#if 0 955 avtab_hash_eval(&p->te_avtab, "rules"); 956 for (i = 0; i < SYM_NUM; i++) 957 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 958#endif 959 960 free(p->role_val_to_struct); 961 p->role_val_to_struct = (role_datum_t **) 962 malloc(p->p_roles.nprim * sizeof(role_datum_t *)); 963 if (!p->role_val_to_struct) 964 return -1; 965 966 free(p->user_val_to_struct); 967 p->user_val_to_struct = (user_datum_t **) 968 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 969 if (!p->user_val_to_struct) 970 return -1; 971 972 free(p->type_val_to_struct); 973 p->type_val_to_struct = (type_datum_t **) 974 calloc(p->p_types.nprim, sizeof(type_datum_t *)); 975 if (!p->type_val_to_struct) 976 return -1; 977 978 cond_init_bool_indexes(p); 979 980 for (i = SYM_ROLES; i < SYM_NUM; i++) { 981 free(p->sym_val_to_name[i]); 982 p->sym_val_to_name[i] = NULL; 983 if (p->symtab[i].nprim) { 984 p->sym_val_to_name[i] = (char **) 985 calloc(p->symtab[i].nprim, sizeof(char *)); 986 if (!p->sym_val_to_name[i]) 987 return -1; 988 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 989 return -1; 990 } 991 } 992 993 /* This pre-expands the roles and users for context validity checking */ 994 if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 995 return -1; 996 997 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 998 return -1; 999 1000 return 0; 1001} 1002 1003/* 1004 * The following *_destroy functions are used to 1005 * free any memory allocated for each kind of 1006 * symbol data in the policy database. 1007 */ 1008 1009static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1010 __attribute__ ((unused))) 1011{ 1012 if (key) 1013 free(key); 1014 free(datum); 1015 return 0; 1016} 1017 1018static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1019 __attribute__ ((unused))) 1020{ 1021 common_datum_t *comdatum; 1022 1023 if (key) 1024 free(key); 1025 comdatum = (common_datum_t *) datum; 1026 hashtab_map(comdatum->permissions.table, perm_destroy, 0); 1027 hashtab_destroy(comdatum->permissions.table); 1028 free(datum); 1029 return 0; 1030} 1031 1032static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1033 __attribute__ ((unused))) 1034{ 1035 class_datum_t *cladatum; 1036 constraint_node_t *constraint, *ctemp; 1037 constraint_expr_t *e, *etmp; 1038 1039 if (key) 1040 free(key); 1041 cladatum = (class_datum_t *) datum; 1042 if (cladatum == NULL) { 1043 return 0; 1044 } 1045 hashtab_map(cladatum->permissions.table, perm_destroy, 0); 1046 hashtab_destroy(cladatum->permissions.table); 1047 constraint = cladatum->constraints; 1048 while (constraint) { 1049 e = constraint->expr; 1050 while (e) { 1051 etmp = e; 1052 e = e->next; 1053 constraint_expr_destroy(etmp); 1054 } 1055 ctemp = constraint; 1056 constraint = constraint->next; 1057 free(ctemp); 1058 } 1059 1060 constraint = cladatum->validatetrans; 1061 while (constraint) { 1062 e = constraint->expr; 1063 while (e) { 1064 etmp = e; 1065 e = e->next; 1066 constraint_expr_destroy(etmp); 1067 } 1068 ctemp = constraint; 1069 constraint = constraint->next; 1070 free(ctemp); 1071 } 1072 1073 if (cladatum->comkey) 1074 free(cladatum->comkey); 1075 free(datum); 1076 return 0; 1077} 1078 1079static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1080 __attribute__ ((unused))) 1081{ 1082 free(key); 1083 role_datum_destroy((role_datum_t *) datum); 1084 free(datum); 1085 return 0; 1086} 1087 1088static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1089 __attribute__ ((unused))) 1090{ 1091 free(key); 1092 type_datum_destroy((type_datum_t *) datum); 1093 free(datum); 1094 return 0; 1095} 1096 1097static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1098 __attribute__ ((unused))) 1099{ 1100 free(key); 1101 user_datum_destroy((user_datum_t *) datum); 1102 free(datum); 1103 return 0; 1104} 1105 1106static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1107 __attribute__ ((unused))) 1108{ 1109 level_datum_t *levdatum; 1110 1111 if (key) 1112 free(key); 1113 levdatum = (level_datum_t *) datum; 1114 mls_level_destroy(levdatum->level); 1115 free(levdatum->level); 1116 level_datum_destroy(levdatum); 1117 free(levdatum); 1118 return 0; 1119} 1120 1121static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1122 __attribute__ ((unused))) 1123{ 1124 if (key) 1125 free(key); 1126 cat_datum_destroy((cat_datum_t *) datum); 1127 free(datum); 1128 return 0; 1129} 1130 1131static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 1132 void *datap) = { 1133common_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 1134 cond_destroy_bool, sens_destroy, cat_destroy,}; 1135 1136void ocontext_selinux_free(ocontext_t **ocontexts) 1137{ 1138 ocontext_t *c, *ctmp; 1139 int i; 1140 1141 for (i = 0; i < OCON_NUM; i++) { 1142 c = ocontexts[i]; 1143 while (c) { 1144 ctmp = c; 1145 c = c->next; 1146 context_destroy(&ctmp->context[0]); 1147 context_destroy(&ctmp->context[1]); 1148 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1149 || i == OCON_FSUSE) 1150 free(ctmp->u.name); 1151 free(ctmp); 1152 } 1153 } 1154} 1155 1156void ocontext_xen_free(ocontext_t **ocontexts) 1157{ 1158 ocontext_t *c, *ctmp; 1159 int i; 1160 1161 for (i = 0; i < OCON_NUM; i++) { 1162 c = ocontexts[i]; 1163 while (c) { 1164 ctmp = c; 1165 c = c->next; 1166 context_destroy(&ctmp->context[0]); 1167 context_destroy(&ctmp->context[1]); 1168 if (i == OCON_ISID) 1169 free(ctmp->u.name); 1170 free(ctmp); 1171 } 1172 } 1173} 1174 1175/* 1176 * Free any memory allocated by a policy database structure. 1177 */ 1178void policydb_destroy(policydb_t * p) 1179{ 1180 ocontext_t *c, *ctmp; 1181 genfs_t *g, *gtmp; 1182 unsigned int i; 1183 role_allow_t *ra, *lra = NULL; 1184 role_trans_t *tr, *ltr = NULL; 1185 range_trans_t *rt, *lrt = NULL; 1186 filename_trans_t *ft, *nft; 1187 1188 if (!p) 1189 return; 1190 1191 ebitmap_destroy(&p->policycaps); 1192 1193 ebitmap_destroy(&p->permissive_map); 1194 1195 symtabs_destroy(p->symtab); 1196 1197 for (i = 0; i < SYM_NUM; i++) { 1198 if (p->sym_val_to_name[i]) 1199 free(p->sym_val_to_name[i]); 1200 } 1201 1202 if (p->class_val_to_struct) 1203 free(p->class_val_to_struct); 1204 if (p->role_val_to_struct) 1205 free(p->role_val_to_struct); 1206 if (p->user_val_to_struct) 1207 free(p->user_val_to_struct); 1208 if (p->type_val_to_struct) 1209 free(p->type_val_to_struct); 1210 free(p->decl_val_to_struct); 1211 1212 for (i = 0; i < SYM_NUM; i++) { 1213 hashtab_map(p->scope[i].table, scope_destroy, 0); 1214 hashtab_destroy(p->scope[i].table); 1215 } 1216 avrule_block_list_destroy(p->global); 1217 free(p->name); 1218 free(p->version); 1219 1220 avtab_destroy(&p->te_avtab); 1221 1222 if (p->target_platform == SEPOL_TARGET_SELINUX) 1223 ocontext_selinux_free(p->ocontexts); 1224 else if (p->target_platform == SEPOL_TARGET_XEN) 1225 ocontext_xen_free(p->ocontexts); 1226 1227 g = p->genfs; 1228 while (g) { 1229 free(g->fstype); 1230 c = g->head; 1231 while (c) { 1232 ctmp = c; 1233 c = c->next; 1234 context_destroy(&ctmp->context[0]); 1235 free(ctmp->u.name); 1236 free(ctmp); 1237 } 1238 gtmp = g; 1239 g = g->next; 1240 free(gtmp); 1241 } 1242 cond_policydb_destroy(p); 1243 1244 for (tr = p->role_tr; tr; tr = tr->next) { 1245 if (ltr) 1246 free(ltr); 1247 ltr = tr; 1248 } 1249 if (ltr) 1250 free(ltr); 1251 1252 ft = p->filename_trans; 1253 while (ft) { 1254 nft = ft->next; 1255 free(ft->name); 1256 free(ft); 1257 ft = nft; 1258 } 1259 1260 for (ra = p->role_allow; ra; ra = ra->next) { 1261 if (lra) 1262 free(lra); 1263 lra = ra; 1264 } 1265 if (lra) 1266 free(lra); 1267 1268 for (rt = p->range_tr; rt; rt = rt->next) { 1269 if (lrt) { 1270 ebitmap_destroy(&lrt->target_range.level[0].cat); 1271 ebitmap_destroy(&lrt->target_range.level[1].cat); 1272 free(lrt); 1273 } 1274 lrt = rt; 1275 } 1276 if (lrt) { 1277 ebitmap_destroy(&lrt->target_range.level[0].cat); 1278 ebitmap_destroy(&lrt->target_range.level[1].cat); 1279 free(lrt); 1280 } 1281 1282 if (p->type_attr_map) { 1283 for (i = 0; i < p->p_types.nprim; i++) { 1284 ebitmap_destroy(&p->type_attr_map[i]); 1285 } 1286 free(p->type_attr_map); 1287 } 1288 1289 if (p->attr_type_map) { 1290 for (i = 0; i < p->p_types.nprim; i++) { 1291 ebitmap_destroy(&p->attr_type_map[i]); 1292 } 1293 free(p->attr_type_map); 1294 } 1295 1296 return; 1297} 1298 1299void symtabs_destroy(symtab_t * symtab) 1300{ 1301 int i; 1302 for (i = 0; i < SYM_NUM; i++) { 1303 hashtab_map(symtab[i].table, destroy_f[i], 0); 1304 hashtab_destroy(symtab[i].table); 1305 } 1306} 1307 1308int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 1309 __attribute__ ((unused))) 1310{ 1311 scope_datum_t *cur = (scope_datum_t *) datum; 1312 free(key); 1313 if (cur != NULL) { 1314 free(cur->decl_ids); 1315 } 1316 free(cur); 1317 return 0; 1318} 1319 1320hashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 1321{ 1322 if (sym_num < 0 || sym_num >= SYM_NUM) { 1323 return NULL; 1324 } 1325 return (hashtab_destroy_func_t) destroy_f[sym_num]; 1326} 1327 1328/* 1329 * Load the initial SIDs specified in a policy database 1330 * structure into a SID table. 1331 */ 1332int policydb_load_isids(policydb_t * p, sidtab_t * s) 1333{ 1334 ocontext_t *head, *c; 1335 1336 if (sepol_sidtab_init(s)) { 1337 ERR(NULL, "out of memory on SID table init"); 1338 return -1; 1339 } 1340 1341 head = p->ocontexts[OCON_ISID]; 1342 for (c = head; c; c = c->next) { 1343 if (!c->context[0].user) { 1344 ERR(NULL, "SID %s was never defined", c->u.name); 1345 return -1; 1346 } 1347 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 1348 ERR(NULL, "unable to load initial SID %s", c->u.name); 1349 return -1; 1350 } 1351 } 1352 1353 return 0; 1354} 1355 1356/* Declare a symbol for a certain avrule_block context. Insert it 1357 * into a symbol table for a policy. This function will handle 1358 * inserting the appropriate scope information in addition to 1359 * inserting the symbol into the hash table. 1360 * 1361 * arguments: 1362 * policydb_t *pol module policy to modify 1363 * uint32_t sym the symbole table for insertion (SYM_*) 1364 * hashtab_key_t key the key for the symbol - not cloned 1365 * hashtab_datum_t data the data for the symbol - not cloned 1366 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 1367 * avrule_decl_id identifier for this symbol's encapsulating declaration 1368 * value (out) assigned value to the symbol (if value is not NULL) 1369 * 1370 * returns: 1371 * 0 success 1372 * 1 success, but symbol already existed as a requirement 1373 * (datum was not inserted and needs to be free()d) 1374 * -1 general error 1375 * -2 scope conflicted 1376 * -ENOMEM memory error 1377 * error codes from hashtab_insert 1378 */ 1379int symtab_insert(policydb_t * pol, uint32_t sym, 1380 hashtab_key_t key, hashtab_datum_t datum, 1381 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 1382{ 1383 int rc, retval = 0; 1384 unsigned int i; 1385 scope_datum_t *scope_datum; 1386 1387 /* check if the symbol is already there. multiple 1388 * declarations of non-roles/non-users are illegal, but 1389 * multiple requires are allowed. */ 1390 1391 /* FIX ME - the failures after the hashtab_insert will leave 1392 * the policy in a inconsistent state. */ 1393 rc = hashtab_insert(pol->symtab[sym].table, key, datum); 1394 if (rc == SEPOL_OK) { 1395 /* if no value is passed in the symbol is not primary 1396 * (i.e. aliases) */ 1397 if (value) 1398 *value = ++pol->symtab[sym].nprim; 1399 } else if (rc == SEPOL_EEXIST) { 1400 retval = 1; /* symbol not added -- need to free() later */ 1401 } else { 1402 return rc; 1403 } 1404 1405 /* get existing scope information; if there is not one then 1406 * create it */ 1407 scope_datum = 1408 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 1409 if (scope_datum == NULL) { 1410 hashtab_key_t key2 = strdup((char *)key); 1411 if (!key2) 1412 return -ENOMEM; 1413 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 1414 free(key2); 1415 return -ENOMEM; 1416 } 1417 scope_datum->scope = scope; 1418 scope_datum->decl_ids = NULL; 1419 scope_datum->decl_ids_len = 0; 1420 if ((rc = 1421 hashtab_insert(pol->scope[sym].table, key2, 1422 scope_datum)) != 0) { 1423 free(key2); 1424 free(scope_datum); 1425 return rc; 1426 } 1427 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 1428 /* disallow multiple declarations for non-roles/users */ 1429 if (sym != SYM_ROLES && sym != SYM_USERS) { 1430 return -2; 1431 } 1432 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 1433 scope_datum->scope = SCOPE_DECL; 1434 } else if (scope_datum->scope != scope) { 1435 /* This only happens in DECL then REQUIRE case, which is handled by caller */ 1436 return -2; 1437 } 1438 1439 /* search through the pre-existing list to avoid adding duplicates */ 1440 for (i = 0; i < scope_datum->decl_ids_len; i++) { 1441 if (scope_datum->decl_ids[i] == avrule_decl_id) { 1442 /* already there, so don't modify its scope */ 1443 return retval; 1444 } 1445 } 1446 1447 if (add_i_to_a(avrule_decl_id, 1448 &scope_datum->decl_ids_len, 1449 &scope_datum->decl_ids) == -1) { 1450 return -ENOMEM; 1451 } 1452 1453 return retval; 1454} 1455 1456int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 1457{ 1458 type_set_init(dst); 1459 1460 if (ebitmap_or(&dst->types, &a->types, &b->types)) { 1461 return -1; 1462 } 1463 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 1464 return -1; 1465 } 1466 1467 dst->flags |= a->flags; 1468 dst->flags |= b->flags; 1469 1470 return 0; 1471} 1472 1473int type_set_cpy(type_set_t * dst, type_set_t * src) 1474{ 1475 type_set_init(dst); 1476 1477 dst->flags = src->flags; 1478 if (ebitmap_cpy(&dst->types, &src->types)) 1479 return -1; 1480 if (ebitmap_cpy(&dst->negset, &src->negset)) 1481 return -1; 1482 1483 return 0; 1484} 1485 1486int type_set_or_eq(type_set_t * dst, type_set_t * other) 1487{ 1488 int ret; 1489 type_set_t tmp; 1490 1491 if (type_set_or(&tmp, dst, other)) 1492 return -1; 1493 type_set_destroy(dst); 1494 ret = type_set_cpy(dst, &tmp); 1495 type_set_destroy(&tmp); 1496 1497 return ret; 1498} 1499 1500int role_set_get_role(role_set_t * x, uint32_t role) 1501{ 1502 if (x->flags & ROLE_STAR) 1503 return 1; 1504 1505 if (ebitmap_get_bit(&x->roles, role - 1)) { 1506 if (x->flags & ROLE_COMP) 1507 return 0; 1508 else 1509 return 1; 1510 } else { 1511 if (x->flags & ROLE_COMP) 1512 return 1; 1513 else 1514 return 0; 1515 } 1516} 1517 1518/***********************************************************************/ 1519/* everything below is for policy reads */ 1520 1521/* The following are read functions for module structures */ 1522 1523static int role_set_read(role_set_t * r, struct policy_file *fp) 1524{ 1525 uint32_t buf[1]; 1526 int rc; 1527 1528 if (ebitmap_read(&r->roles, fp)) 1529 return -1; 1530 rc = next_entry(buf, fp, sizeof(uint32_t)); 1531 if (rc < 0) 1532 return -1; 1533 r->flags = le32_to_cpu(buf[0]); 1534 1535 return 0; 1536} 1537 1538static int type_set_read(type_set_t * t, struct policy_file *fp) 1539{ 1540 uint32_t buf[1]; 1541 int rc; 1542 1543 if (ebitmap_read(&t->types, fp)) 1544 return -1; 1545 if (ebitmap_read(&t->negset, fp)) 1546 return -1; 1547 1548 rc = next_entry(buf, fp, sizeof(uint32_t)); 1549 if (rc < 0) 1550 return -1; 1551 t->flags = le32_to_cpu(buf[0]); 1552 1553 return 0; 1554} 1555 1556/* 1557 * Read a MLS range structure from a policydb binary 1558 * representation file. 1559 */ 1560static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 1561{ 1562 uint32_t buf[2], items; 1563 int rc; 1564 1565 rc = next_entry(buf, fp, sizeof(uint32_t)); 1566 if (rc < 0) 1567 goto out; 1568 1569 items = le32_to_cpu(buf[0]); 1570 if (items > ARRAY_SIZE(buf)) { 1571 ERR(fp->handle, "range overflow"); 1572 rc = -EINVAL; 1573 goto out; 1574 } 1575 rc = next_entry(buf, fp, sizeof(uint32_t) * items); 1576 if (rc < 0) { 1577 ERR(fp->handle, "truncated range"); 1578 goto out; 1579 } 1580 r->level[0].sens = le32_to_cpu(buf[0]); 1581 if (items > 1) 1582 r->level[1].sens = le32_to_cpu(buf[1]); 1583 else 1584 r->level[1].sens = r->level[0].sens; 1585 1586 rc = ebitmap_read(&r->level[0].cat, fp); 1587 if (rc) { 1588 ERR(fp->handle, "error reading low categories"); 1589 goto out; 1590 } 1591 if (items > 1) { 1592 rc = ebitmap_read(&r->level[1].cat, fp); 1593 if (rc) { 1594 ERR(fp->handle, "error reading high categories"); 1595 goto bad_high; 1596 } 1597 } else { 1598 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 1599 if (rc) { 1600 ERR(fp->handle, "out of memory"); 1601 goto bad_high; 1602 } 1603 } 1604 1605 rc = 0; 1606 out: 1607 return rc; 1608 bad_high: 1609 ebitmap_destroy(&r->level[0].cat); 1610 goto out; 1611} 1612 1613/* 1614 * Read a semantic MLS level structure from a policydb binary 1615 * representation file. 1616 */ 1617static int mls_read_semantic_level_helper(mls_semantic_level_t * l, 1618 struct policy_file *fp) 1619{ 1620 uint32_t buf[2], ncat; 1621 unsigned int i; 1622 mls_semantic_cat_t *cat; 1623 int rc; 1624 1625 mls_semantic_level_init(l); 1626 1627 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1628 if (rc < 0) { 1629 ERR(fp->handle, "truncated level"); 1630 goto bad; 1631 } 1632 l->sens = le32_to_cpu(buf[0]); 1633 1634 ncat = le32_to_cpu(buf[1]); 1635 for (i = 0; i < ncat; i++) { 1636 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 1637 if (!cat) { 1638 ERR(fp->handle, "out of memory"); 1639 goto bad; 1640 } 1641 1642 mls_semantic_cat_init(cat); 1643 cat->next = l->cat; 1644 l->cat = cat; 1645 1646 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1647 if (rc < 0) { 1648 ERR(fp->handle, "error reading level categories"); 1649 goto bad; 1650 } 1651 cat->low = le32_to_cpu(buf[0]); 1652 cat->high = le32_to_cpu(buf[1]); 1653 } 1654 1655 return 0; 1656 1657 bad: 1658 return -EINVAL; 1659} 1660 1661/* 1662 * Read a semantic MLS range structure from a policydb binary 1663 * representation file. 1664 */ 1665static int mls_read_semantic_range_helper(mls_semantic_range_t * r, 1666 struct policy_file *fp) 1667{ 1668 int rc; 1669 1670 rc = mls_read_semantic_level_helper(&r->level[0], fp); 1671 if (rc) 1672 return rc; 1673 1674 rc = mls_read_semantic_level_helper(&r->level[1], fp); 1675 1676 return rc; 1677} 1678 1679static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 1680{ 1681 unsigned int i; 1682 ebitmap_node_t *cnode; 1683 mls_semantic_cat_t *open_cat = NULL; 1684 1685 mls_semantic_level_init(sl); 1686 sl->sens = l->sens; 1687 ebitmap_for_each_bit(&l->cat, cnode, i) { 1688 if (ebitmap_node_get_bit(cnode, i)) { 1689 if (open_cat) 1690 continue; 1691 open_cat = (mls_semantic_cat_t *) 1692 malloc(sizeof(mls_semantic_cat_t)); 1693 if (!open_cat) 1694 return -1; 1695 1696 mls_semantic_cat_init(open_cat); 1697 open_cat->low = i + 1; 1698 open_cat->next = sl->cat; 1699 sl->cat = open_cat; 1700 } else { 1701 if (!open_cat) 1702 continue; 1703 open_cat->high = i; 1704 open_cat = NULL; 1705 } 1706 } 1707 if (open_cat) 1708 open_cat->high = i; 1709 1710 return 0; 1711} 1712 1713static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 1714{ 1715 if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 1716 return -1; 1717 1718 if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 1719 return -1; 1720 1721 return 0; 1722} 1723 1724/* 1725 * Read and validate a security context structure 1726 * from a policydb binary representation file. 1727 */ 1728static int context_read_and_validate(context_struct_t * c, 1729 policydb_t * p, struct policy_file *fp) 1730{ 1731 uint32_t buf[3]; 1732 int rc; 1733 1734 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 1735 if (rc < 0) { 1736 ERR(fp->handle, "context truncated"); 1737 return -1; 1738 } 1739 c->user = le32_to_cpu(buf[0]); 1740 c->role = le32_to_cpu(buf[1]); 1741 c->type = le32_to_cpu(buf[2]); 1742 if ((p->policy_type == POLICY_KERN 1743 && p->policyvers >= POLICYDB_VERSION_MLS) 1744 || (p->policy_type == POLICY_BASE 1745 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 1746 if (mls_read_range_helper(&c->range, fp)) { 1747 ERR(fp->handle, "error reading MLS range " 1748 "of context"); 1749 return -1; 1750 } 1751 } 1752 1753 if (!policydb_context_isvalid(p, c)) { 1754 ERR(fp->handle, "invalid security context"); 1755 context_destroy(c); 1756 return -1; 1757 } 1758 return 0; 1759} 1760 1761/* 1762 * The following *_read functions are used to 1763 * read the symbol data from a policy database 1764 * binary representation file. 1765 */ 1766 1767static int perm_read(policydb_t * p 1768 __attribute__ ((unused)), hashtab_t h, 1769 struct policy_file *fp) 1770{ 1771 char *key = 0; 1772 perm_datum_t *perdatum; 1773 uint32_t buf[2]; 1774 size_t len; 1775 int rc; 1776 1777 perdatum = calloc(1, sizeof(perm_datum_t)); 1778 if (!perdatum) 1779 return -1; 1780 1781 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 1782 if (rc < 0) 1783 goto bad; 1784 1785 len = le32_to_cpu(buf[0]); 1786 perdatum->s.value = le32_to_cpu(buf[1]); 1787 1788 key = malloc(len + 1); 1789 if (!key) 1790 goto bad; 1791 rc = next_entry(key, fp, len); 1792 if (rc < 0) 1793 goto bad; 1794 key[len] = 0; 1795 1796 if (hashtab_insert(h, key, perdatum)) 1797 goto bad; 1798 1799 return 0; 1800 1801 bad: 1802 perm_destroy(key, perdatum, NULL); 1803 return -1; 1804} 1805 1806static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1807{ 1808 char *key = 0; 1809 common_datum_t *comdatum; 1810 uint32_t buf[4]; 1811 size_t len, nel; 1812 unsigned int i; 1813 int rc; 1814 1815 comdatum = calloc(1, sizeof(common_datum_t)); 1816 if (!comdatum) 1817 return -1; 1818 1819 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 1820 if (rc < 0) 1821 goto bad; 1822 1823 len = le32_to_cpu(buf[0]); 1824 comdatum->s.value = le32_to_cpu(buf[1]); 1825 1826 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 1827 goto bad; 1828 comdatum->permissions.nprim = le32_to_cpu(buf[2]); 1829 nel = le32_to_cpu(buf[3]); 1830 1831 key = malloc(len + 1); 1832 if (!key) 1833 goto bad; 1834 rc = next_entry(key, fp, len); 1835 if (rc < 0) 1836 goto bad; 1837 key[len] = 0; 1838 1839 for (i = 0; i < nel; i++) { 1840 if (perm_read(p, comdatum->permissions.table, fp)) 1841 goto bad; 1842 } 1843 1844 if (hashtab_insert(h, key, comdatum)) 1845 goto bad; 1846 1847 return 0; 1848 1849 bad: 1850 common_destroy(key, comdatum, NULL); 1851 return -1; 1852} 1853 1854static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 1855 unsigned int ncons, 1856 int allowxtarget, struct policy_file *fp) 1857{ 1858 constraint_node_t *c, *lc; 1859 constraint_expr_t *e, *le; 1860 uint32_t buf[3]; 1861 size_t nexpr; 1862 unsigned int i, j; 1863 int rc, depth; 1864 1865 lc = NULL; 1866 for (i = 0; i < ncons; i++) { 1867 c = calloc(1, sizeof(constraint_node_t)); 1868 if (!c) 1869 return -1; 1870 1871 if (lc) 1872 lc->next = c; 1873 else 1874 *nodep = c; 1875 1876 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 1877 if (rc < 0) 1878 return -1; 1879 c->permissions = le32_to_cpu(buf[0]); 1880 nexpr = le32_to_cpu(buf[1]); 1881 le = NULL; 1882 depth = -1; 1883 for (j = 0; j < nexpr; j++) { 1884 e = malloc(sizeof(constraint_expr_t)); 1885 if (!e) 1886 return -1; 1887 if (constraint_expr_init(e) == -1) { 1888 free(e); 1889 return -1; 1890 } 1891 if (le) { 1892 le->next = e; 1893 } else { 1894 c->expr = e; 1895 } 1896 1897 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 1898 if (rc < 0) 1899 return -1; 1900 e->expr_type = le32_to_cpu(buf[0]); 1901 e->attr = le32_to_cpu(buf[1]); 1902 e->op = le32_to_cpu(buf[2]); 1903 1904 switch (e->expr_type) { 1905 case CEXPR_NOT: 1906 if (depth < 0) 1907 return -1; 1908 break; 1909 case CEXPR_AND: 1910 case CEXPR_OR: 1911 if (depth < 1) 1912 return -1; 1913 depth--; 1914 break; 1915 case CEXPR_ATTR: 1916 if (depth == (CEXPR_MAXDEPTH - 1)) 1917 return -1; 1918 depth++; 1919 break; 1920 case CEXPR_NAMES: 1921 if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 1922 return -1; 1923 if (depth == (CEXPR_MAXDEPTH - 1)) 1924 return -1; 1925 depth++; 1926 if (ebitmap_read(&e->names, fp)) 1927 return -1; 1928 if (p->policy_type != POLICY_KERN && 1929 type_set_read(e->type_names, fp)) 1930 return -1; 1931 break; 1932 default: 1933 return -1; 1934 } 1935 le = e; 1936 } 1937 if (depth != 0) 1938 return -1; 1939 lc = c; 1940 } 1941 1942 return 0; 1943} 1944 1945static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 1946{ 1947 char *key = 0; 1948 class_datum_t *cladatum; 1949 uint32_t buf[6]; 1950 size_t len, len2, ncons, nel; 1951 unsigned int i; 1952 int rc; 1953 1954 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 1955 if (!cladatum) 1956 return -1; 1957 1958 rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 1959 if (rc < 0) 1960 goto bad; 1961 1962 len = le32_to_cpu(buf[0]); 1963 len2 = le32_to_cpu(buf[1]); 1964 cladatum->s.value = le32_to_cpu(buf[2]); 1965 1966 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 1967 goto bad; 1968 cladatum->permissions.nprim = le32_to_cpu(buf[3]); 1969 nel = le32_to_cpu(buf[4]); 1970 1971 ncons = le32_to_cpu(buf[5]); 1972 1973 key = malloc(len + 1); 1974 if (!key) 1975 goto bad; 1976 rc = next_entry(key, fp, len); 1977 if (rc < 0) 1978 goto bad; 1979 key[len] = 0; 1980 1981 if (len2) { 1982 cladatum->comkey = malloc(len2 + 1); 1983 if (!cladatum->comkey) 1984 goto bad; 1985 rc = next_entry(cladatum->comkey, fp, len2); 1986 if (rc < 0) 1987 goto bad; 1988 cladatum->comkey[len2] = 0; 1989 1990 cladatum->comdatum = hashtab_search(p->p_commons.table, 1991 cladatum->comkey); 1992 if (!cladatum->comdatum) { 1993 ERR(fp->handle, "unknown common %s", cladatum->comkey); 1994 goto bad; 1995 } 1996 } 1997 for (i = 0; i < nel; i++) { 1998 if (perm_read(p, cladatum->permissions.table, fp)) 1999 goto bad; 2000 } 2001 2002 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 2003 goto bad; 2004 2005 if ((p->policy_type == POLICY_KERN 2006 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 2007 || (p->policy_type == POLICY_BASE 2008 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 2009 /* grab the validatetrans rules */ 2010 rc = next_entry(buf, fp, sizeof(uint32_t)); 2011 if (rc < 0) 2012 goto bad; 2013 ncons = le32_to_cpu(buf[0]); 2014 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 2015 goto bad; 2016 } 2017 2018 if (hashtab_insert(h, key, cladatum)) 2019 goto bad; 2020 2021 return 0; 2022 2023 bad: 2024 class_destroy(key, cladatum, NULL); 2025 return -1; 2026} 2027 2028static int role_read(policydb_t * p 2029 __attribute__ ((unused)), hashtab_t h, 2030 struct policy_file *fp) 2031{ 2032 char *key = 0; 2033 role_datum_t *role; 2034 uint32_t buf[3]; 2035 size_t len; 2036 int rc, to_read = 2; 2037 2038 role = calloc(1, sizeof(role_datum_t)); 2039 if (!role) 2040 return -1; 2041 2042 if (policydb_has_boundary_feature(p)) 2043 to_read = 3; 2044 2045 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2046 if (rc < 0) 2047 goto bad; 2048 2049 len = le32_to_cpu(buf[0]); 2050 role->s.value = le32_to_cpu(buf[1]); 2051 if (policydb_has_boundary_feature(p)) 2052 role->bounds = le32_to_cpu(buf[2]); 2053 2054 key = malloc(len + 1); 2055 if (!key) 2056 goto bad; 2057 rc = next_entry(key, fp, len); 2058 if (rc < 0) 2059 goto bad; 2060 key[len] = 0; 2061 2062 if (ebitmap_read(&role->dominates, fp)) 2063 goto bad; 2064 2065 if (p->policy_type == POLICY_KERN) { 2066 if (ebitmap_read(&role->types.types, fp)) 2067 goto bad; 2068 } else { 2069 if (type_set_read(&role->types, fp)) 2070 goto bad; 2071 } 2072 2073 if (strcmp(key, OBJECT_R) == 0) { 2074 if (role->s.value != OBJECT_R_VAL) { 2075 ERR(fp->handle, "role %s has wrong value %d", 2076 OBJECT_R, role->s.value); 2077 role_destroy(key, role, NULL); 2078 return -1; 2079 } 2080 role_destroy(key, role, NULL); 2081 return 0; 2082 } 2083 2084 if (hashtab_insert(h, key, role)) 2085 goto bad; 2086 2087 return 0; 2088 2089 bad: 2090 role_destroy(key, role, NULL); 2091 return -1; 2092} 2093 2094static int type_read(policydb_t * p 2095 __attribute__ ((unused)), hashtab_t h, 2096 struct policy_file *fp) 2097{ 2098 char *key = 0; 2099 type_datum_t *typdatum; 2100 uint32_t buf[5]; 2101 size_t len; 2102 int rc, to_read; 2103 int pos = 0; 2104 2105 typdatum = calloc(1, sizeof(type_datum_t)); 2106 if (!typdatum) 2107 return -1; 2108 2109 if (policydb_has_boundary_feature(p)) { 2110 if (p->policy_type != POLICY_KERN 2111 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2112 to_read = 5; 2113 else 2114 to_read = 4; 2115 } 2116 else if (p->policy_type == POLICY_KERN) 2117 to_read = 3; 2118 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2119 to_read = 5; 2120 else 2121 to_read = 4; 2122 2123 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2124 if (rc < 0) 2125 goto bad; 2126 2127 len = le32_to_cpu(buf[pos]); 2128 typdatum->s.value = le32_to_cpu(buf[++pos]); 2129 if (policydb_has_boundary_feature(p)) { 2130 uint32_t properties; 2131 2132 if (p->policy_type != POLICY_KERN 2133 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2134 typdatum->primary = le32_to_cpu(buf[++pos]); 2135 properties = le32_to_cpu(buf[++pos]); 2136 } 2137 else { 2138 properties = le32_to_cpu(buf[++pos]); 2139 2140 if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2141 typdatum->primary = 1; 2142 } 2143 2144 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2145 typdatum->flavor = TYPE_ATTRIB; 2146 if (properties & TYPEDATUM_PROPERTY_ALIAS 2147 && p->policy_type != POLICY_KERN) 2148 typdatum->flavor = TYPE_ALIAS; 2149 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2150 && p->policy_type != POLICY_KERN) 2151 typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2152 2153 typdatum->bounds = le32_to_cpu(buf[++pos]); 2154 } else { 2155 typdatum->primary = le32_to_cpu(buf[++pos]); 2156 if (p->policy_type != POLICY_KERN) { 2157 typdatum->flavor = le32_to_cpu(buf[++pos]); 2158 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2159 typdatum->flags = le32_to_cpu(buf[++pos]); 2160 } 2161 } 2162 2163 if (p->policy_type != POLICY_KERN) { 2164 if (ebitmap_read(&typdatum->types, fp)) 2165 goto bad; 2166 } 2167 2168 key = malloc(len + 1); 2169 if (!key) 2170 goto bad; 2171 rc = next_entry(key, fp, len); 2172 if (rc < 0) 2173 goto bad; 2174 key[len] = 0; 2175 2176 if (hashtab_insert(h, key, typdatum)) 2177 goto bad; 2178 2179 return 0; 2180 2181 bad: 2182 type_destroy(key, typdatum, NULL); 2183 return -1; 2184} 2185 2186int role_trans_read(policydb_t *p, struct policy_file *fp) 2187{ 2188 role_trans_t **t = &p->role_tr; 2189 unsigned int i; 2190 uint32_t buf[3], nel; 2191 role_trans_t *tr, *ltr; 2192 int rc; 2193 int new_roletr = (p->policy_type == POLICY_KERN && 2194 p->policyvers >= POLICYDB_VERSION_ROLETRANS); 2195 2196 rc = next_entry(buf, fp, sizeof(uint32_t)); 2197 if (rc < 0) 2198 return -1; 2199 nel = le32_to_cpu(buf[0]); 2200 ltr = NULL; 2201 for (i = 0; i < nel; i++) { 2202 tr = calloc(1, sizeof(struct role_trans)); 2203 if (!tr) { 2204 return -1; 2205 } 2206 if (ltr) { 2207 ltr->next = tr; 2208 } else { 2209 *t = tr; 2210 } 2211 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2212 if (rc < 0) 2213 return -1; 2214 tr->role = le32_to_cpu(buf[0]); 2215 tr->type = le32_to_cpu(buf[1]); 2216 tr->new_role = le32_to_cpu(buf[2]); 2217 if (new_roletr) { 2218 rc = next_entry(buf, fp, sizeof(uint32_t)); 2219 if (rc < 0) 2220 return -1; 2221 tr->tclass = le32_to_cpu(buf[0]); 2222 } else 2223 tr->tclass = SECCLASS_PROCESS; 2224 ltr = tr; 2225 } 2226 return 0; 2227} 2228 2229int role_allow_read(role_allow_t ** r, struct policy_file *fp) 2230{ 2231 unsigned int i; 2232 uint32_t buf[2], nel; 2233 role_allow_t *ra, *lra; 2234 int rc; 2235 2236 rc = next_entry(buf, fp, sizeof(uint32_t)); 2237 if (rc < 0) 2238 return -1; 2239 nel = le32_to_cpu(buf[0]); 2240 lra = NULL; 2241 for (i = 0; i < nel; i++) { 2242 ra = calloc(1, sizeof(struct role_allow)); 2243 if (!ra) { 2244 return -1; 2245 } 2246 if (lra) { 2247 lra->next = ra; 2248 } else { 2249 *r = ra; 2250 } 2251 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2252 if (rc < 0) 2253 return -1; 2254 ra->role = le32_to_cpu(buf[0]); 2255 ra->new_role = le32_to_cpu(buf[1]); 2256 lra = ra; 2257 } 2258 return 0; 2259} 2260 2261int filename_trans_read(filename_trans_t **t, struct policy_file *fp) 2262{ 2263 unsigned int i; 2264 uint32_t buf[4], nel, len; 2265 filename_trans_t *ft, *lft; 2266 int rc; 2267 char *name; 2268 2269 rc = next_entry(buf, fp, sizeof(uint32_t)); 2270 if (rc < 0) 2271 return -1; 2272 nel = le32_to_cpu(buf[0]); 2273 2274 lft = NULL; 2275 for (i = 0; i < nel; i++) { 2276 ft = calloc(1, sizeof(struct filename_trans)); 2277 if (!ft) 2278 return -1; 2279 if (lft) 2280 lft->next = ft; 2281 else 2282 *t = ft; 2283 rc = next_entry(buf, fp, sizeof(uint32_t)); 2284 if (rc < 0) 2285 return -1; 2286 len = le32_to_cpu(buf[0]); 2287 2288 name = calloc(len, sizeof(*name)); 2289 if (!name) 2290 return -1; 2291 2292 ft->name = name; 2293 2294 rc = next_entry(name, fp, len); 2295 if (rc < 0) 2296 return -1; 2297 2298 rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 2299 if (rc < 0) 2300 return -1; 2301 2302 ft->stype = le32_to_cpu(buf[0]); 2303 ft->ttype = le32_to_cpu(buf[1]); 2304 ft->tclass = le32_to_cpu(buf[2]); 2305 ft->otype = le32_to_cpu(buf[3]); 2306 } 2307 return 0; 2308} 2309 2310static int ocontext_read_xen(struct policydb_compat_info *info, 2311 policydb_t *p, struct policy_file *fp) 2312{ 2313 unsigned int i, j; 2314 size_t nel; 2315 ocontext_t *l, *c; 2316 uint32_t buf[8]; 2317 int rc; 2318 2319 for (i = 0; i < info->ocon_num; i++) { 2320 rc = next_entry(buf, fp, sizeof(uint32_t)); 2321 if (rc < 0) 2322 return -1; 2323 nel = le32_to_cpu(buf[0]); 2324 l = NULL; 2325 for (j = 0; j < nel; j++) { 2326 c = calloc(1, sizeof(ocontext_t)); 2327 if (!c) 2328 return -1; 2329 if (l) 2330 l->next = c; 2331 else 2332 p->ocontexts[i] = c; 2333 l = c; 2334 switch (i) { 2335 case OCON_XEN_ISID: 2336 rc = next_entry(buf, fp, sizeof(uint32_t)); 2337 if (rc < 0) 2338 return -1; 2339 c->sid[0] = le32_to_cpu(buf[0]); 2340 if (context_read_and_validate 2341 (&c->context[0], p, fp)) 2342 return -1; 2343 break; 2344 case OCON_XEN_PIRQ: 2345 rc = next_entry(buf, fp, sizeof(uint32_t)); 2346 if (rc < 0) 2347 return -1; 2348 c->u.pirq = le32_to_cpu(buf[0]); 2349 if (context_read_and_validate 2350 (&c->context[0], p, fp)) 2351 return -1; 2352 break; 2353 case OCON_XEN_IOPORT: 2354 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2355 if (rc < 0) 2356 return -1; 2357 c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2358 c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2359 if (context_read_and_validate 2360 (&c->context[0], p, fp)) 2361 return -1; 2362 break; 2363 case OCON_XEN_IOMEM: 2364 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2365 if (rc < 0) 2366 return -1; 2367 c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 2368 c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 2369 if (context_read_and_validate 2370 (&c->context[0], p, fp)) 2371 return -1; 2372 break; 2373 case OCON_XEN_PCIDEVICE: 2374 rc = next_entry(buf, fp, sizeof(uint32_t)); 2375 if (rc < 0) 2376 return -1; 2377 c->u.device = le32_to_cpu(buf[0]); 2378 if (context_read_and_validate 2379 (&c->context[0], p, fp)) 2380 return -1; 2381 break; 2382 default: 2383 /* should never get here */ 2384 ERR(fp->handle, "Unknown Xen ocontext"); 2385 return -1; 2386 } 2387 } 2388 } 2389 return 0; 2390} 2391static int ocontext_read_selinux(struct policydb_compat_info *info, 2392 policydb_t * p, struct policy_file *fp) 2393{ 2394 unsigned int i, j; 2395 size_t nel, len; 2396 ocontext_t *l, *c; 2397 uint32_t buf[8]; 2398 int rc; 2399 2400 for (i = 0; i < info->ocon_num; i++) { 2401 rc = next_entry(buf, fp, sizeof(uint32_t)); 2402 if (rc < 0) 2403 return -1; 2404 nel = le32_to_cpu(buf[0]); 2405 l = NULL; 2406 for (j = 0; j < nel; j++) { 2407 c = calloc(1, sizeof(ocontext_t)); 2408 if (!c) { 2409 return -1; 2410 } 2411 if (l) { 2412 l->next = c; 2413 } else { 2414 p->ocontexts[i] = c; 2415 } 2416 l = c; 2417 switch (i) { 2418 case OCON_ISID: 2419 rc = next_entry(buf, fp, sizeof(uint32_t)); 2420 if (rc < 0) 2421 return -1; 2422 c->sid[0] = le32_to_cpu(buf[0]); 2423 if (context_read_and_validate 2424 (&c->context[0], p, fp)) 2425 return -1; 2426 break; 2427 case OCON_FS: 2428 case OCON_NETIF: 2429 rc = next_entry(buf, fp, sizeof(uint32_t)); 2430 if (rc < 0) 2431 return -1; 2432 len = le32_to_cpu(buf[0]); 2433 c->u.name = malloc(len + 1); 2434 if (!c->u.name) 2435 return -1; 2436 rc = next_entry(c->u.name, fp, len); 2437 if (rc < 0) 2438 return -1; 2439 c->u.name[len] = 0; 2440 if (context_read_and_validate 2441 (&c->context[0], p, fp)) 2442 return -1; 2443 if (context_read_and_validate 2444 (&c->context[1], p, fp)) 2445 return -1; 2446 break; 2447 case OCON_PORT: 2448 rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 2449 if (rc < 0) 2450 return -1; 2451 c->u.port.protocol = le32_to_cpu(buf[0]); 2452 c->u.port.low_port = le32_to_cpu(buf[1]); 2453 c->u.port.high_port = le32_to_cpu(buf[2]); 2454 if (context_read_and_validate 2455 (&c->context[0], p, fp)) 2456 return -1; 2457 break; 2458 case OCON_NODE: 2459 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2460 if (rc < 0) 2461 return -1; 2462 c->u.node.addr = buf[0]; /* network order */ 2463 c->u.node.mask = buf[1]; /* network order */ 2464 if (context_read_and_validate 2465 (&c->context[0], p, fp)) 2466 return -1; 2467 break; 2468 case OCON_FSUSE: 2469 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2470 if (rc < 0) 2471 return -1; 2472 c->v.behavior = le32_to_cpu(buf[0]); 2473 len = le32_to_cpu(buf[1]); 2474 c->u.name = malloc(len + 1); 2475 if (!c->u.name) 2476 return -1; 2477 rc = next_entry(c->u.name, fp, len); 2478 if (rc < 0) 2479 return -1; 2480 c->u.name[len] = 0; 2481 if (context_read_and_validate 2482 (&c->context[0], p, fp)) 2483 return -1; 2484 break; 2485 case OCON_NODE6:{ 2486 int k; 2487 2488 rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2489 if (rc < 0) 2490 return -1; 2491 for (k = 0; k < 4; k++) 2492 /* network order */ 2493 c->u.node6.addr[k] = buf[k]; 2494 for (k = 0; k < 4; k++) 2495 /* network order */ 2496 c->u.node6.mask[k] = buf[k + 4]; 2497 if (context_read_and_validate 2498 (&c->context[0], p, fp)) 2499 return -1; 2500 break; 2501 } 2502 default:{ 2503 ERR(fp->handle, "Unknown SELinux ocontext"); 2504 return -1; 2505 } 2506 } 2507 } 2508 } 2509 return 0; 2510} 2511 2512static int ocontext_read(struct policydb_compat_info *info, 2513 policydb_t *p, struct policy_file *fp) 2514{ 2515 int rc = -1; 2516 switch (p->target_platform) { 2517 case SEPOL_TARGET_SELINUX: 2518 rc = ocontext_read_selinux(info, p, fp); 2519 break; 2520 case SEPOL_TARGET_XEN: 2521 rc = ocontext_read_xen(info, p, fp); 2522 break; 2523 default: 2524 ERR(fp->handle, "Unknown target"); 2525 } 2526 return rc; 2527} 2528 2529static int genfs_read(policydb_t * p, struct policy_file *fp) 2530{ 2531 uint32_t buf[1]; 2532 size_t nel, nel2, len, len2; 2533 genfs_t *genfs_p, *newgenfs, *genfs; 2534 unsigned int i, j; 2535 ocontext_t *l, *c, *newc = NULL; 2536 int rc; 2537 2538 rc = next_entry(buf, fp, sizeof(uint32_t)); 2539 if (rc < 0) 2540 goto bad; 2541 nel = le32_to_cpu(buf[0]); 2542 genfs_p = NULL; 2543 for (i = 0; i < nel; i++) { 2544 rc = next_entry(buf, fp, sizeof(uint32_t)); 2545 if (rc < 0) 2546 goto bad; 2547 len = le32_to_cpu(buf[0]); 2548 newgenfs = calloc(1, sizeof(genfs_t)); 2549 if (!newgenfs) 2550 goto bad; 2551 newgenfs->fstype = malloc(len + 1); 2552 if (!newgenfs->fstype) { 2553 free(newgenfs); 2554 goto bad; 2555 } 2556 rc = next_entry(newgenfs->fstype, fp, len); 2557 if (rc < 0) { 2558 free(newgenfs->fstype); 2559 free(newgenfs); 2560 goto bad; 2561 } 2562 newgenfs->fstype[len] = 0; 2563 for (genfs_p = NULL, genfs = p->genfs; genfs; 2564 genfs_p = genfs, genfs = genfs->next) { 2565 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 2566 ERR(fp->handle, "dup genfs fstype %s", 2567 newgenfs->fstype); 2568 free(newgenfs->fstype); 2569 free(newgenfs); 2570 goto bad; 2571 } 2572 if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 2573 break; 2574 } 2575 newgenfs->next = genfs; 2576 if (genfs_p) 2577 genfs_p->next = newgenfs; 2578 else 2579 p->genfs = newgenfs; 2580 rc = next_entry(buf, fp, sizeof(uint32_t)); 2581 if (rc < 0) 2582 goto bad; 2583 nel2 = le32_to_cpu(buf[0]); 2584 for (j = 0; j < nel2; j++) { 2585 newc = calloc(1, sizeof(ocontext_t)); 2586 if (!newc) { 2587 goto bad; 2588 } 2589 rc = next_entry(buf, fp, sizeof(uint32_t)); 2590 if (rc < 0) 2591 goto bad; 2592 len = le32_to_cpu(buf[0]); 2593 newc->u.name = malloc(len + 1); 2594 if (!newc->u.name) { 2595 goto bad; 2596 } 2597 rc = next_entry(newc->u.name, fp, len); 2598 if (rc < 0) 2599 goto bad; 2600 newc->u.name[len] = 0; 2601 rc = next_entry(buf, fp, sizeof(uint32_t)); 2602 if (rc < 0) 2603 goto bad; 2604 newc->v.sclass = le32_to_cpu(buf[0]); 2605 if (context_read_and_validate(&newc->context[0], p, fp)) 2606 goto bad; 2607 for (l = NULL, c = newgenfs->head; c; 2608 l = c, c = c->next) { 2609 if (!strcmp(newc->u.name, c->u.name) && 2610 (!c->v.sclass || !newc->v.sclass || 2611 newc->v.sclass == c->v.sclass)) { 2612 ERR(fp->handle, "dup genfs entry " 2613 "(%s,%s)", newgenfs->fstype, 2614 c->u.name); 2615 goto bad; 2616 } 2617 len = strlen(newc->u.name); 2618 len2 = strlen(c->u.name); 2619 if (len > len2) 2620 break; 2621 } 2622 newc->next = c; 2623 if (l) 2624 l->next = newc; 2625 else 2626 newgenfs->head = newc; 2627 } 2628 } 2629 2630 return 0; 2631 2632 bad: 2633 if (newc) { 2634 context_destroy(&newc->context[0]); 2635 context_destroy(&newc->context[1]); 2636 free(newc->u.name); 2637 free(newc); 2638 } 2639 return -1; 2640} 2641 2642/* 2643 * Read a MLS level structure from a policydb binary 2644 * representation file. 2645 */ 2646static int mls_read_level(mls_level_t * lp, struct policy_file *fp) 2647{ 2648 uint32_t buf[1]; 2649 int rc; 2650 2651 mls_level_init(lp); 2652 2653 rc = next_entry(buf, fp, sizeof(uint32_t)); 2654 if (rc < 0) { 2655 ERR(fp->handle, "truncated level"); 2656 goto bad; 2657 } 2658 lp->sens = le32_to_cpu(buf[0]); 2659 2660 if (ebitmap_read(&lp->cat, fp)) { 2661 ERR(fp->handle, "error reading level categories"); 2662 goto bad; 2663 } 2664 return 0; 2665 2666 bad: 2667 return -EINVAL; 2668} 2669 2670static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 2671{ 2672 char *key = 0; 2673 user_datum_t *usrdatum; 2674 uint32_t buf[3]; 2675 size_t len; 2676 int rc, to_read = 2; 2677 2678 usrdatum = calloc(1, sizeof(user_datum_t)); 2679 if (!usrdatum) 2680 return -1; 2681 2682 if (policydb_has_boundary_feature(p)) 2683 to_read = 3; 2684 2685 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 2686 if (rc < 0) 2687 goto bad; 2688 2689 len = le32_to_cpu(buf[0]); 2690 usrdatum->s.value = le32_to_cpu(buf[1]); 2691 if (policydb_has_boundary_feature(p)) 2692 usrdatum->bounds = le32_to_cpu(buf[2]); 2693 2694 key = malloc(len + 1); 2695 if (!key) 2696 goto bad; 2697 rc = next_entry(key, fp, len); 2698 if (rc < 0) 2699 goto bad; 2700 key[len] = 0; 2701 2702 if (p->policy_type == POLICY_KERN) { 2703 if (ebitmap_read(&usrdatum->roles.roles, fp)) 2704 goto bad; 2705 } else { 2706 if (role_set_read(&usrdatum->roles, fp)) 2707 goto bad; 2708 } 2709 2710 /* users were not allowed in mls modules before version 2711 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 2712 * required - the mls fields will be empty. user declarations in 2713 * non-mls modules will also have empty mls fields */ 2714 if ((p->policy_type == POLICY_KERN 2715 && p->policyvers >= POLICYDB_VERSION_MLS) 2716 || (p->policy_type == POLICY_MOD 2717 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2718 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 2719 || (p->policy_type == POLICY_BASE 2720 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 2721 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 2722 if (mls_read_range_helper(&usrdatum->exp_range, fp)) 2723 goto bad; 2724 if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 2725 goto bad; 2726 if (p->policy_type != POLICY_KERN) { 2727 if (mls_range_to_semantic(&usrdatum->exp_range, 2728 &usrdatum->range)) 2729 goto bad; 2730 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 2731 &usrdatum->dfltlevel)) 2732 goto bad; 2733 } 2734 } else if ((p->policy_type == POLICY_MOD 2735 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 2736 || (p->policy_type == POLICY_BASE 2737 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 2738 if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 2739 goto bad; 2740 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 2741 goto bad; 2742 } 2743 2744 if (hashtab_insert(h, key, usrdatum)) 2745 goto bad; 2746 2747 return 0; 2748 2749 bad: 2750 user_destroy(key, usrdatum, NULL); 2751 return -1; 2752} 2753 2754static int sens_read(policydb_t * p 2755 __attribute__ ((unused)), hashtab_t h, 2756 struct policy_file *fp) 2757{ 2758 char *key = 0; 2759 level_datum_t *levdatum; 2760 uint32_t buf[2], len; 2761 int rc; 2762 2763 levdatum = malloc(sizeof(level_datum_t)); 2764 if (!levdatum) 2765 return -1; 2766 level_datum_init(levdatum); 2767 2768 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2769 if (rc < 0) 2770 goto bad; 2771 2772 len = le32_to_cpu(buf[0]); 2773 levdatum->isalias = le32_to_cpu(buf[1]); 2774 2775 key = malloc(len + 1); 2776 if (!key) 2777 goto bad; 2778 rc = next_entry(key, fp, len); 2779 if (rc < 0) 2780 goto bad; 2781 key[len] = 0; 2782 2783 levdatum->level = malloc(sizeof(mls_level_t)); 2784 if (!levdatum->level || mls_read_level(levdatum->level, fp)) 2785 goto bad; 2786 2787 if (hashtab_insert(h, key, levdatum)) 2788 goto bad; 2789 2790 return 0; 2791 2792 bad: 2793 sens_destroy(key, levdatum, NULL); 2794 return -1; 2795} 2796 2797static int cat_read(policydb_t * p 2798 __attribute__ ((unused)), hashtab_t h, 2799 struct policy_file *fp) 2800{ 2801 char *key = 0; 2802 cat_datum_t *catdatum; 2803 uint32_t buf[3], len; 2804 int rc; 2805 2806 catdatum = malloc(sizeof(cat_datum_t)); 2807 if (!catdatum) 2808 return -1; 2809 cat_datum_init(catdatum); 2810 2811 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 2812 if (rc < 0) 2813 goto bad; 2814 2815 len = le32_to_cpu(buf[0]); 2816 catdatum->s.value = le32_to_cpu(buf[1]); 2817 catdatum->isalias = le32_to_cpu(buf[2]); 2818 2819 key = malloc(len + 1); 2820 if (!key) 2821 goto bad; 2822 rc = next_entry(key, fp, len); 2823 if (rc < 0) 2824 goto bad; 2825 key[len] = 0; 2826 2827 if (hashtab_insert(h, key, catdatum)) 2828 goto bad; 2829 2830 return 0; 2831 2832 bad: 2833 cat_destroy(key, catdatum, NULL); 2834 return -1; 2835} 2836 2837static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 2838 struct policy_file * fp) = { 2839common_read, class_read, role_read, type_read, user_read, 2840 cond_read_bool, sens_read, cat_read,}; 2841 2842/************** module reading functions below **************/ 2843 2844static avrule_t *avrule_read(policydb_t * p 2845 __attribute__ ((unused)), struct policy_file *fp) 2846{ 2847 unsigned int i; 2848 uint32_t buf[2], len; 2849 class_perm_node_t *cur, *tail = NULL; 2850 avrule_t *avrule; 2851 int rc; 2852 2853 avrule = (avrule_t *) malloc(sizeof(avrule_t)); 2854 if (!avrule) 2855 return NULL; 2856 2857 avrule_init(avrule); 2858 2859 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2860 if (rc < 0) 2861 goto bad; 2862 2863 (avrule)->specified = le32_to_cpu(buf[0]); 2864 (avrule)->flags = le32_to_cpu(buf[1]); 2865 2866 if (type_set_read(&avrule->stypes, fp)) 2867 goto bad; 2868 2869 if (type_set_read(&avrule->ttypes, fp)) 2870 goto bad; 2871 2872 rc = next_entry(buf, fp, sizeof(uint32_t)); 2873 if (rc < 0) 2874 goto bad; 2875 len = le32_to_cpu(buf[0]); 2876 2877 for (i = 0; i < len; i++) { 2878 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 2879 if (!cur) 2880 goto bad; 2881 class_perm_node_init(cur); 2882 2883 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2884 if (rc < 0) { 2885 free(cur); 2886 goto bad; 2887 } 2888 2889 cur->class = le32_to_cpu(buf[0]); 2890 cur->data = le32_to_cpu(buf[1]); 2891 2892 if (!tail) { 2893 avrule->perms = cur; 2894 } else { 2895 tail->next = cur; 2896 } 2897 tail = cur; 2898 } 2899 2900 return avrule; 2901 bad: 2902 if (avrule) { 2903 avrule_destroy(avrule); 2904 free(avrule); 2905 } 2906 return NULL; 2907} 2908 2909static int range_read(policydb_t * p, struct policy_file *fp) 2910{ 2911 uint32_t buf[2], nel; 2912 range_trans_t *rt, *lrt; 2913 range_trans_rule_t *rtr, *lrtr = NULL; 2914 unsigned int i; 2915 int new_rangetr = (p->policy_type == POLICY_KERN && 2916 p->policyvers >= POLICYDB_VERSION_RANGETRANS); 2917 int rc; 2918 2919 rc = next_entry(buf, fp, sizeof(uint32_t)); 2920 if (rc < 0) 2921 return -1; 2922 nel = le32_to_cpu(buf[0]); 2923 lrt = NULL; 2924 for (i = 0; i < nel; i++) { 2925 rt = calloc(1, sizeof(range_trans_t)); 2926 if (!rt) 2927 return -1; 2928 if (lrt) 2929 lrt->next = rt; 2930 else 2931 p->range_tr = rt; 2932 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 2933 if (rc < 0) 2934 return -1; 2935 rt->source_type = le32_to_cpu(buf[0]); 2936 rt->target_type = le32_to_cpu(buf[1]); 2937 if (new_rangetr) { 2938 rc = next_entry(buf, fp, (sizeof(uint32_t))); 2939 if (rc < 0) 2940 return -1; 2941 rt->target_class = le32_to_cpu(buf[0]); 2942 } else 2943 rt->target_class = SECCLASS_PROCESS; 2944 if (mls_read_range_helper(&rt->target_range, fp)) 2945 return -1; 2946 lrt = rt; 2947 } 2948 2949 /* if this is a kernel policy, we are done - otherwise we need to 2950 * convert these structs to range_trans_rule_ts */ 2951 if (p->policy_type == POLICY_KERN) 2952 return 0; 2953 2954 /* create range_trans_rules_ts that correspond to the range_trans_ts 2955 * that were just read in from an older policy */ 2956 for (rt = p->range_tr; rt; rt = rt->next) { 2957 rtr = malloc(sizeof(range_trans_rule_t)); 2958 if (!rtr) { 2959 return -1; 2960 } 2961 range_trans_rule_init(rtr); 2962 2963 if (lrtr) 2964 lrtr->next = rtr; 2965 else 2966 p->global->enabled->range_tr_rules = rtr; 2967 2968 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 2969 return -1; 2970 2971 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 2972 return -1; 2973 2974 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 2975 return -1; 2976 2977 if (mls_range_to_semantic(&rt->target_range, &rtr->trange)) 2978 return -1; 2979 2980 lrtr = rtr; 2981 } 2982 2983 /* now destroy the range_trans_ts */ 2984 lrt = NULL; 2985 for (rt = p->range_tr; rt; rt = rt->next) { 2986 if (lrt) { 2987 ebitmap_destroy(&lrt->target_range.level[0].cat); 2988 ebitmap_destroy(&lrt->target_range.level[1].cat); 2989 free(lrt); 2990 } 2991 lrt = rt; 2992 } 2993 if (lrt) { 2994 ebitmap_destroy(&lrt->target_range.level[0].cat); 2995 ebitmap_destroy(&lrt->target_range.level[1].cat); 2996 free(lrt); 2997 } 2998 p->range_tr = NULL; 2999 3000 return 0; 3001} 3002 3003int avrule_read_list(policydb_t * p, avrule_t ** avrules, 3004 struct policy_file *fp) 3005{ 3006 unsigned int i; 3007 avrule_t *cur, *tail; 3008 uint32_t buf[1], len; 3009 int rc; 3010 3011 *avrules = tail = NULL; 3012 3013 rc = next_entry(buf, fp, sizeof(uint32_t)); 3014 if (rc < 0) { 3015 return -1; 3016 } 3017 len = le32_to_cpu(buf[0]); 3018 3019 for (i = 0; i < len; i++) { 3020 cur = avrule_read(p, fp); 3021 if (!cur) { 3022 return -1; 3023 } 3024 3025 if (!tail) { 3026 *avrules = cur; 3027 } else { 3028 tail->next = cur; 3029 } 3030 tail = cur; 3031 } 3032 3033 return 0; 3034} 3035 3036static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 3037 struct policy_file *fp) 3038{ 3039 uint32_t buf[1], nel; 3040 unsigned int i; 3041 role_trans_rule_t *tr, *ltr; 3042 int rc; 3043 3044 rc = next_entry(buf, fp, sizeof(uint32_t)); 3045 if (rc < 0) 3046 return -1; 3047 nel = le32_to_cpu(buf[0]); 3048 ltr = NULL; 3049 for (i = 0; i < nel; i++) { 3050 tr = malloc(sizeof(role_trans_rule_t)); 3051 if (!tr) { 3052 return -1; 3053 } 3054 role_trans_rule_init(tr); 3055 3056 if (ltr) { 3057 ltr->next = tr; 3058 } else { 3059 *r = tr; 3060 } 3061 3062 if (role_set_read(&tr->roles, fp)) 3063 return -1; 3064 3065 if (type_set_read(&tr->types, fp)) 3066 return -1; 3067 3068 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 3069 if (ebitmap_read(&tr->classes, fp)) 3070 return -1; 3071 } else { 3072 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 3073 return -1; 3074 } 3075 3076 rc = next_entry(buf, fp, sizeof(uint32_t)); 3077 if (rc < 0) 3078 return -1; 3079 tr->new_role = le32_to_cpu(buf[0]); 3080 ltr = tr; 3081 } 3082 3083 return 0; 3084} 3085 3086static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 3087{ 3088 unsigned int i; 3089 uint32_t buf[1], nel; 3090 role_allow_rule_t *ra, *lra; 3091 int rc; 3092 3093 rc = next_entry(buf, fp, sizeof(uint32_t)); 3094 if (rc < 0) 3095 return -1; 3096 nel = le32_to_cpu(buf[0]); 3097 lra = NULL; 3098 for (i = 0; i < nel; i++) { 3099 ra = malloc(sizeof(role_allow_rule_t)); 3100 if (!ra) { 3101 return -1; 3102 } 3103 role_allow_rule_init(ra); 3104 3105 if (lra) { 3106 lra->next = ra; 3107 } else { 3108 *r = ra; 3109 } 3110 3111 if (role_set_read(&ra->roles, fp)) 3112 return -1; 3113 3114 if (role_set_read(&ra->new_roles, fp)) 3115 return -1; 3116 3117 lra = ra; 3118 } 3119 return 0; 3120} 3121 3122static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 3123{ 3124 uint32_t buf[2], nel; 3125 unsigned int i, len; 3126 filename_trans_rule_t *ftr, *lftr; 3127 int rc; 3128 3129 rc = next_entry(buf, fp, sizeof(uint32_t)); 3130 if (rc < 0) 3131 return -1; 3132 nel = le32_to_cpu(buf[0]); 3133 lftr = NULL; 3134 for (i = 0; i < nel; i++) { 3135 ftr = malloc(sizeof(*ftr)); 3136 if (!ftr) 3137 return -1; 3138 3139 filename_trans_rule_init(ftr); 3140 3141 if (lftr) 3142 lftr->next = ftr; 3143 else 3144 *r = ftr; 3145 lftr = ftr; 3146 3147 rc = next_entry(buf, fp, sizeof(uint32_t)); 3148 if (rc < 0) 3149 return -1; 3150 3151 len = le32_to_cpu(buf[0]); 3152 3153 ftr->name = malloc(len + 1); 3154 if (!ftr->name) 3155 return -1; 3156 3157 rc = next_entry(ftr->name, fp, len); 3158 if (rc) 3159 return -1; 3160 ftr->name[len] = 0; 3161 3162 if (type_set_read(&ftr->stypes, fp)) 3163 return -1; 3164 3165 if (type_set_read(&ftr->ttypes, fp)) 3166 return -1; 3167 3168 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3169 if (rc < 0) 3170 return -1; 3171 ftr->tclass = le32_to_cpu(buf[0]); 3172 ftr->otype = le32_to_cpu(buf[1]); 3173 } 3174 3175 return 0; 3176} 3177 3178static int range_trans_rule_read(range_trans_rule_t ** r, 3179 struct policy_file *fp) 3180{ 3181 uint32_t buf[1], nel; 3182 unsigned int i; 3183 range_trans_rule_t *rt, *lrt = NULL; 3184 int rc; 3185 3186 rc = next_entry(buf, fp, sizeof(uint32_t)); 3187 if (rc < 0) 3188 return -1; 3189 nel = le32_to_cpu(buf[0]); 3190 for (i = 0; i < nel; i++) { 3191 rt = malloc(sizeof(range_trans_rule_t)); 3192 if (!rt) { 3193 return -1; 3194 } 3195 range_trans_rule_init(rt); 3196 3197 if (lrt) 3198 lrt->next = rt; 3199 else 3200 *r = rt; 3201 3202 if (type_set_read(&rt->stypes, fp)) 3203 return -1; 3204 3205 if (type_set_read(&rt->ttypes, fp)) 3206 return -1; 3207 3208 if (ebitmap_read(&rt->tclasses, fp)) 3209 return -1; 3210 3211 if (mls_read_semantic_range_helper(&rt->trange, fp)) 3212 return -1; 3213 3214 lrt = rt; 3215 } 3216 3217 return 0; 3218} 3219 3220static int scope_index_read(scope_index_t * scope_index, 3221 unsigned int num_scope_syms, struct policy_file *fp) 3222{ 3223 unsigned int i; 3224 uint32_t buf[1]; 3225 int rc; 3226 3227 for (i = 0; i < num_scope_syms; i++) { 3228 if (ebitmap_read(scope_index->scope + i, fp) == -1) { 3229 return -1; 3230 } 3231 } 3232 rc = next_entry(buf, fp, sizeof(uint32_t)); 3233 if (rc < 0) 3234 return -1; 3235 scope_index->class_perms_len = le32_to_cpu(buf[0]); 3236 if (scope_index->class_perms_len == 0) { 3237 scope_index->class_perms_map = NULL; 3238 return 0; 3239 } 3240 if ((scope_index->class_perms_map = 3241 calloc(scope_index->class_perms_len, 3242 sizeof(*scope_index->class_perms_map))) == NULL) { 3243 return -1; 3244 } 3245 for (i = 0; i < scope_index->class_perms_len; i++) { 3246 if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { 3247 return -1; 3248 } 3249 } 3250 return 0; 3251} 3252 3253static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 3254 unsigned int num_scope_syms, struct policy_file *fp) 3255{ 3256 uint32_t buf[2], nprim, nel; 3257 unsigned int i, j; 3258 int rc; 3259 3260 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3261 if (rc < 0) 3262 return -1; 3263 decl->decl_id = le32_to_cpu(buf[0]); 3264 decl->enabled = le32_to_cpu(buf[1]); 3265 if (cond_read_list(p, &decl->cond_list, fp) == -1 || 3266 avrule_read_list(p, &decl->avrules, fp) == -1 || 3267 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 3268 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 3269 return -1; 3270 } 3271 3272 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 3273 filename_trans_rule_read(&decl->filename_trans_rules, fp)) 3274 return -1; 3275 3276 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 3277 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 3278 return -1; 3279 } 3280 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 3281 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 3282 return -1; 3283 } 3284 3285 for (i = 0; i < num_scope_syms; i++) { 3286 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3287 if (rc < 0) 3288 return -1; 3289 nprim = le32_to_cpu(buf[0]); 3290 nel = le32_to_cpu(buf[1]); 3291 for (j = 0; j < nel; j++) { 3292 if (read_f[i] (p, decl->symtab[i].table, fp)) { 3293 return -1; 3294 } 3295 } 3296 decl->symtab[i].nprim = nprim; 3297 } 3298 return 0; 3299} 3300 3301static int avrule_block_read(policydb_t * p, 3302 avrule_block_t ** block, 3303 unsigned int num_scope_syms, 3304 struct policy_file *fp) 3305{ 3306 avrule_block_t *last_block = NULL, *curblock; 3307 uint32_t buf[1], num_blocks, nel; 3308 int rc; 3309 3310 rc = next_entry(buf, fp, sizeof(uint32_t)); 3311 if (rc < 0) 3312 return -1; 3313 num_blocks = le32_to_cpu(buf[0]); 3314 nel = num_blocks; 3315 while (num_blocks > 0) { 3316 avrule_decl_t *last_decl = NULL, *curdecl; 3317 uint32_t num_decls; 3318 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 3319 return -1; 3320 } 3321 rc = next_entry(buf, fp, sizeof(uint32_t)); 3322 if (rc < 0) { 3323 free(curblock); 3324 return -1; 3325 } 3326 /* if this is the first block its non-optional, else its optional */ 3327 if (num_blocks != nel) 3328 curblock->flags |= AVRULE_OPTIONAL; 3329 3330 num_decls = le32_to_cpu(buf[0]); 3331 while (num_decls > 0) { 3332 if ((curdecl = avrule_decl_create(0)) == NULL) { 3333 avrule_block_destroy(curblock); 3334 return -1; 3335 } 3336 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 3337 -1) { 3338 avrule_decl_destroy(curdecl); 3339 avrule_block_destroy(curblock); 3340 return -1; 3341 } 3342 if (curdecl->enabled) { 3343 if (curblock->enabled != NULL) { 3344 /* probably a corrupt file */ 3345 avrule_decl_destroy(curdecl); 3346 avrule_block_destroy(curblock); 3347 return -1; 3348 } 3349 curblock->enabled = curdecl; 3350 } 3351 /* one must be careful to reconstruct the 3352 * decl chain in its correct order */ 3353 if (curblock->branch_list == NULL) { 3354 curblock->branch_list = curdecl; 3355 } else { 3356 last_decl->next = curdecl; 3357 } 3358 last_decl = curdecl; 3359 num_decls--; 3360 } 3361 3362 if (*block == NULL) { 3363 *block = curblock; 3364 } else { 3365 last_block->next = curblock; 3366 } 3367 last_block = curblock; 3368 3369 num_blocks--; 3370 } 3371 3372 return 0; 3373} 3374 3375static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 3376{ 3377 scope_datum_t *scope = NULL; 3378 uint32_t buf[2]; 3379 char *key = NULL; 3380 size_t key_len; 3381 unsigned int i; 3382 hashtab_t h = p->scope[symnum].table; 3383 int rc; 3384 3385 rc = next_entry(buf, fp, sizeof(uint32_t)); 3386 if (rc < 0) 3387 goto cleanup; 3388 key_len = le32_to_cpu(buf[0]); 3389 key = malloc(key_len + 1); 3390 if (!key) 3391 goto cleanup; 3392 rc = next_entry(key, fp, key_len); 3393 if (rc < 0) 3394 goto cleanup; 3395 key[key_len] = '\0'; 3396 3397 /* ensure that there already exists a symbol with this key */ 3398 if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 3399 goto cleanup; 3400 } 3401 3402 if ((scope = calloc(1, sizeof(*scope))) == NULL) { 3403 goto cleanup; 3404 } 3405 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3406 if (rc < 0) 3407 goto cleanup; 3408 scope->scope = le32_to_cpu(buf[0]); 3409 scope->decl_ids_len = le32_to_cpu(buf[1]); 3410 assert(scope->decl_ids_len > 0); 3411 if ((scope->decl_ids = 3412 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 3413 goto cleanup; 3414 } 3415 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 3416 if (rc < 0) 3417 goto cleanup; 3418 for (i = 0; i < scope->decl_ids_len; i++) { 3419 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 3420 } 3421 3422 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 3423 /* object_r was already added to this table in roles_init() */ 3424 scope_destroy(key, scope, NULL); 3425 } else { 3426 if (hashtab_insert(h, key, scope)) { 3427 goto cleanup; 3428 } 3429 } 3430 3431 return 0; 3432 3433 cleanup: 3434 scope_destroy(key, scope, NULL); 3435 return -1; 3436} 3437 3438/* 3439 * Read the configuration data from a policy database binary 3440 * representation file into a policy database structure. 3441 */ 3442int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 3443{ 3444 3445 unsigned int i, j, r_policyvers; 3446 uint32_t buf[5]; 3447 size_t len, nprim, nel; 3448 char *policydb_str; 3449 struct policydb_compat_info *info; 3450 unsigned int policy_type, bufindex; 3451 ebitmap_node_t *tnode; 3452 int rc; 3453 3454 /* Read the magic number and string length. */ 3455 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3456 if (rc < 0) 3457 return POLICYDB_ERROR; 3458 for (i = 0; i < 2; i++) 3459 buf[i] = le32_to_cpu(buf[i]); 3460 3461 if (buf[0] == POLICYDB_MAGIC) { 3462 policy_type = POLICY_KERN; 3463 } else if (buf[0] == POLICYDB_MOD_MAGIC) { 3464 policy_type = POLICY_MOD; 3465 } else { 3466 ERR(fp->handle, "policydb magic number %#08x does not " 3467 "match expected magic number %#08x or %#08x", 3468 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 3469 return POLICYDB_ERROR; 3470 } 3471 3472 len = buf[1]; 3473 if (len > POLICYDB_STRING_MAX_LENGTH) { 3474 ERR(fp->handle, "policydb string length too long "); 3475 return POLICYDB_ERROR; 3476 } 3477 3478 policydb_str = malloc(len + 1); 3479 if (!policydb_str) { 3480 ERR(fp->handle, "unable to allocate memory for policydb " 3481 "string of length %zu", len); 3482 return POLICYDB_ERROR; 3483 } 3484 rc = next_entry(policydb_str, fp, len); 3485 if (rc < 0) { 3486 ERR(fp->handle, "truncated policydb string identifier"); 3487 free(policydb_str); 3488 return POLICYDB_ERROR; 3489 } 3490 policydb_str[len] = 0; 3491 3492 if (policy_type == POLICY_KERN) { 3493 for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3494 if ((strcmp(policydb_str, policydb_target_strings[i]) 3495 == 0)) { 3496 policydb_set_target_platform(p, i); 3497 break; 3498 } 3499 } 3500 3501 if (i == POLICYDB_TARGET_SZ) { 3502 ERR(fp->handle, "cannot find a valid target for policy " 3503 "string %s", policydb_str); 3504 free(policydb_str); 3505 return POLICYDB_ERROR; 3506 } 3507 } else { 3508 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3509 ERR(fp->handle, "invalid string identifier %s", 3510 policydb_str); 3511 free(policydb_str); 3512 return POLICYDB_ERROR; 3513 } 3514 } 3515 3516 /* Done with policydb_str. */ 3517 free(policydb_str); 3518 policydb_str = NULL; 3519 3520 /* Read the version, config, and table sizes (and policy type if it's a module). */ 3521 if (policy_type == POLICY_KERN) 3522 nel = 4; 3523 else 3524 nel = 5; 3525 3526 rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 3527 if (rc < 0) 3528 return POLICYDB_ERROR; 3529 for (i = 0; i < nel; i++) 3530 buf[i] = le32_to_cpu(buf[i]); 3531 3532 bufindex = 0; 3533 3534 if (policy_type == POLICY_MOD) { 3535 /* We know it's a module but not whether it's a base 3536 module or regular binary policy module. buf[0] 3537 tells us which. */ 3538 policy_type = buf[bufindex]; 3539 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 3540 ERR(fp->handle, "unknown module type: %#08x", 3541 policy_type); 3542 return POLICYDB_ERROR; 3543 } 3544 bufindex++; 3545 } 3546 3547 r_policyvers = buf[bufindex]; 3548 if (policy_type == POLICY_KERN) { 3549 if (r_policyvers < POLICYDB_VERSION_MIN || 3550 r_policyvers > POLICYDB_VERSION_MAX) { 3551 ERR(fp->handle, "policydb version %d does not match " 3552 "my version range %d-%d", buf[bufindex], 3553 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 3554 return POLICYDB_ERROR; 3555 } 3556 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 3557 if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 3558 r_policyvers > MOD_POLICYDB_VERSION_MAX) { 3559 ERR(fp->handle, "policydb module version %d does " 3560 "not match my version range %d-%d", 3561 buf[bufindex], MOD_POLICYDB_VERSION_MIN, 3562 MOD_POLICYDB_VERSION_MAX); 3563 return POLICYDB_ERROR; 3564 } 3565 } else { 3566 assert(0); 3567 } 3568 bufindex++; 3569 3570 /* Set the policy type and version from the read values. */ 3571 p->policy_type = policy_type; 3572 p->policyvers = r_policyvers; 3573 3574 if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 3575 p->mls = 1; 3576 } else { 3577 p->mls = 0; 3578 } 3579 3580 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 3581 3582 bufindex++; 3583 3584 info = policydb_lookup_compat(r_policyvers, policy_type, 3585 p->target_platform); 3586 if (!info) { 3587 ERR(fp->handle, "unable to find policy compat info " 3588 "for version %d", r_policyvers); 3589 goto bad; 3590 } 3591 3592 if (buf[bufindex] != info->sym_num 3593 || buf[bufindex + 1] != info->ocon_num) { 3594 ERR(fp->handle, 3595 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 3596 buf[bufindex], buf[bufindex + 1], info->sym_num, 3597 info->ocon_num); 3598 goto bad; 3599 } 3600 3601 if (p->policy_type == POLICY_MOD) { 3602 /* Get the module name and version */ 3603 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3604 goto bad; 3605 } 3606 len = le32_to_cpu(buf[0]); 3607 if ((p->name = malloc(len + 1)) == NULL) { 3608 goto bad; 3609 } 3610 if ((rc = next_entry(p->name, fp, len)) < 0) { 3611 goto bad; 3612 } 3613 p->name[len] = '\0'; 3614 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3615 goto bad; 3616 } 3617 len = le32_to_cpu(buf[0]); 3618 if ((p->version = malloc(len + 1)) == NULL) { 3619 goto bad; 3620 } 3621 if ((rc = next_entry(p->version, fp, len)) < 0) { 3622 goto bad; 3623 } 3624 p->version[len] = '\0'; 3625 } 3626 3627 if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 3628 p->policy_type == POLICY_KERN) || 3629 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3630 p->policy_type == POLICY_BASE) || 3631 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 3632 p->policy_type == POLICY_MOD)) { 3633 if (ebitmap_read(&p->policycaps, fp)) 3634 goto bad; 3635 } 3636 3637 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 3638 p->policy_type == POLICY_KERN) { 3639 if (ebitmap_read(&p->permissive_map, fp)) 3640 goto bad; 3641 } 3642 3643 for (i = 0; i < info->sym_num; i++) { 3644 rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 3645 if (rc < 0) 3646 goto bad; 3647 nprim = le32_to_cpu(buf[0]); 3648 nel = le32_to_cpu(buf[1]); 3649 for (j = 0; j < nel; j++) { 3650 if (read_f[i] (p, p->symtab[i].table, fp)) 3651 goto bad; 3652 } 3653 3654 p->symtab[i].nprim = nprim; 3655 } 3656 3657 if (policy_type == POLICY_KERN) { 3658 if (avtab_read(&p->te_avtab, fp, r_policyvers)) 3659 goto bad; 3660 if (r_policyvers >= POLICYDB_VERSION_BOOL) 3661 if (cond_read_list(p, &p->cond_list, fp)) 3662 goto bad; 3663 if (role_trans_read(p, fp)) 3664 goto bad; 3665 if (role_allow_read(&p->role_allow, fp)) 3666 goto bad; 3667 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 3668 filename_trans_read(&p->filename_trans, fp)) 3669 goto bad; 3670 } else { 3671 /* first read the AV rule blocks, then the scope tables */ 3672 avrule_block_destroy(p->global); 3673 p->global = NULL; 3674 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 3675 goto bad; 3676 } 3677 for (i = 0; i < info->sym_num; i++) { 3678 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 3679 goto bad; 3680 } 3681 nel = le32_to_cpu(buf[0]); 3682 for (j = 0; j < nel; j++) { 3683 if (scope_read(p, i, fp)) 3684 goto bad; 3685 } 3686 } 3687 3688 } 3689 3690 if (policydb_index_decls(p)) 3691 goto bad; 3692 3693 if (policydb_index_classes(p)) 3694 goto bad; 3695 3696 if (policydb_index_others(fp->handle, p, verbose)) 3697 goto bad; 3698 3699 if (ocontext_read(info, p, fp) == -1) { 3700 goto bad; 3701 } 3702 3703 if (genfs_read(p, fp) == -1) { 3704 goto bad; 3705 } 3706 3707 if ((p->policy_type == POLICY_KERN 3708 && p->policyvers >= POLICYDB_VERSION_MLS) 3709 || (p->policy_type == POLICY_BASE 3710 && p->policyvers >= MOD_POLICYDB_VERSION_MLS 3711 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 3712 if (range_read(p, fp)) { 3713 goto bad; 3714 } 3715 } 3716 3717 if (policy_type == POLICY_KERN) { 3718 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3719 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 3720 if (!p->type_attr_map || !p->attr_type_map) 3721 goto bad; 3722 for (i = 0; i < p->p_types.nprim; i++) { 3723 ebitmap_init(&p->type_attr_map[i]); 3724 ebitmap_init(&p->attr_type_map[i]); 3725 } 3726 for (i = 0; i < p->p_types.nprim; i++) { 3727 if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 3728 if (ebitmap_read(&p->type_attr_map[i], fp)) 3729 goto bad; 3730 ebitmap_for_each_bit(&p->type_attr_map[i], 3731 tnode, j) { 3732 if (!ebitmap_node_get_bit(tnode, j) 3733 || i == j) 3734 continue; 3735 if (ebitmap_set_bit 3736 (&p->attr_type_map[j], i, 1)) 3737 goto bad; 3738 } 3739 } 3740 /* add the type itself as the degenerate case */ 3741 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 3742 goto bad; 3743 } 3744 } 3745 3746 return POLICYDB_SUCCESS; 3747 bad: 3748 return POLICYDB_ERROR; 3749} 3750 3751int policydb_reindex_users(policydb_t * p) 3752{ 3753 unsigned int i = SYM_USERS; 3754 3755 if (p->user_val_to_struct) 3756 free(p->user_val_to_struct); 3757 if (p->sym_val_to_name[i]) 3758 free(p->sym_val_to_name[i]); 3759 3760 p->user_val_to_struct = (user_datum_t **) 3761 malloc(p->p_users.nprim * sizeof(user_datum_t *)); 3762 if (!p->user_val_to_struct) 3763 return -1; 3764 3765 p->sym_val_to_name[i] = (char **) 3766 malloc(p->symtab[i].nprim * sizeof(char *)); 3767 if (!p->sym_val_to_name[i]) 3768 return -1; 3769 3770 if (hashtab_map(p->symtab[i].table, index_f[i], p)) 3771 return -1; 3772 3773 /* Expand user roles for context validity checking */ 3774 if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 3775 return -1; 3776 3777 return 0; 3778} 3779 3780void policy_file_init(policy_file_t *pf) 3781{ 3782 memset(pf, 0, sizeof(policy_file_t)); 3783} 3784 3785int policydb_set_target_platform(policydb_t *p, int platform) 3786{ 3787 if (platform == SEPOL_TARGET_SELINUX) 3788 p->target_platform = SEPOL_TARGET_SELINUX; 3789 else if (platform == SEPOL_TARGET_XEN) 3790 p->target_platform = SEPOL_TARGET_XEN; 3791 else 3792 return -1; 3793 3794 return 0; 3795} 3796 3797