113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Support for enhanced MLS infrastructure. 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Added conditional policy language extensions 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com> 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Fine-grained netlink support 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * IPv6 support 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Code cleanup 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2003 - 2005 Tresys Technology, LLC 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2003 - 2007 Red Hat, Inc. 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This library is free software; you can redistribute it and/or 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * modify it under the terms of the GNU Lesser General Public 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * License as published by the Free Software Foundation; either 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * version 2.1 of the License, or (at your option) any later version. 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This library is distributed in the hope that it will be useful, 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * but WITHOUT ANY WARRANTY; without even the implied warranty of 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Lesser General Public License for more details. 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * You should have received a copy of the GNU Lesser General Public 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * License along with this library; if not, write to the Free Software 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* FLASK */ 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Implementation of the policy database. 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <assert.h> 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/expand.h> 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/avrule_block.h> 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/util.h> 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/flask.h> 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "private.h" 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "debug.h" 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "mls.h" 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) 5814c0564641e6c8be386f117c2b0f09434121226fNicolas Ioossconst char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; 59505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* These need to be updated if SYM_NUM or OCON_NUM changes */ 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic struct policydb_compat_info policydb_compat[] = { 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 64505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .version = POLICYDB_VERSION_BOUNDARY, 65505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .sym_num = SYM_NUM, 66505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = OCON_XEN_PCIDEVICE + 1, 67505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_XEN, 68505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi }, 69505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi { 70505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .type = POLICY_KERN, 7182030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .version = POLICYDB_VERSION_XEN_DEVICETREE, 7282030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .sym_num = SYM_NUM, 73f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf .ocon_num = OCON_XEN_DEVICETREE + 1, 7482030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .target_platform = SEPOL_TARGET_XEN, 7582030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf }, 7682030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf { 7782030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .type = POLICY_KERN, 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_BASE, 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM - 3, 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_FSUSE + 1, 81505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_BOOL, 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM - 2, 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_FSUSE + 1, 88505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_IPV6, 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM - 2, 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 95505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_NLCLASS, 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM - 2, 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 102505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_MLS, 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 109505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_AVTAB, 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 116505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_RANGETRANS, 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 123505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_POLCAP, 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 130505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_KERN, 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = POLICYDB_VERSION_PERMISSIVE, 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 137505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 139f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle { 140f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .type = POLICY_KERN, 141f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .version = POLICYDB_VERSION_BOUNDARY, 142f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .sym_num = SYM_NUM, 143f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .ocon_num = OCON_NODE6 + 1, 144505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 145f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle }, 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 14745b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .type = POLICY_KERN, 1486eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .version = POLICYDB_VERSION_FILENAME_TRANS, 1496eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .sym_num = SYM_NUM, 1506eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .ocon_num = OCON_NODE6 + 1, 1516eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .target_platform = SEPOL_TARGET_SELINUX, 1526eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris }, 1536eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris { 1546eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .type = POLICY_KERN, 15545b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .version = POLICYDB_VERSION_ROLETRANS, 15645b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .sym_num = SYM_NUM, 15745b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .ocon_num = OCON_NODE6 + 1, 15845b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .target_platform = SEPOL_TARGET_SELINUX, 15945b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao }, 16045b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao { 16109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .type = POLICY_KERN, 16209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 16309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .sym_num = SYM_NUM, 16409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .ocon_num = OCON_NODE6 + 1, 16509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .target_platform = SEPOL_TARGET_SELINUX, 16609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris }, 16709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris { 168693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .type = POLICY_KERN, 169693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .version = POLICYDB_VERSION_DEFAULT_TYPE, 170693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .sym_num = SYM_NUM, 171693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .ocon_num = OCON_NODE6 + 1, 172693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .target_platform = SEPOL_TARGET_SELINUX, 173693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris }, 174693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris { 1759eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines .type = POLICY_KERN, 1769eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines .version = POLICYDB_VERSION_CONSTRAINT_NAMES, 1779eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines .sym_num = SYM_NUM, 1789eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines .ocon_num = OCON_NODE6 + 1, 1799eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines .target_platform = SEPOL_TARGET_SELINUX, 1809eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines }, 1819eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines { 18282030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .type = POLICY_KERN, 183915fa8f08f4f9a4c437ee8280a4e641872ea59ddJeff Vander Stoep .version = POLICYDB_VERSION_XPERMS_IOCTL, 18482030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .sym_num = SYM_NUM, 18582030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .ocon_num = OCON_NODE6 + 1, 18682030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf .target_platform = SEPOL_TARGET_SELINUX, 18782030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf }, 18882030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf { 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_BASE, 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_BASE, 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 193505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_BASE, 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_MLS, 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 200505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_BASE, 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_MLS_USERS, 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 207505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_BASE, 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_POLCAP, 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 214505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_BASE, 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_PERMISSIVE, 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = OCON_NODE6 + 1, 221505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 224f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .type = POLICY_BASE, 225f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .version = MOD_POLICYDB_VERSION_BOUNDARY, 226f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .sym_num = SYM_NUM, 227f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .ocon_num = OCON_NODE6 + 1, 228505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 229f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle }, 230f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle { 231f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .type = POLICY_BASE, 232f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 233f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .sym_num = SYM_NUM, 234f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .ocon_num = OCON_NODE6 + 1, 235505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 236f7917ea9cf6af752de98a1e742152d813028c669Caleb Case }, 237f7917ea9cf6af752de98a1e742152d813028c669Caleb Case { 23845b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .type = POLICY_BASE, 2396eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 2406eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .sym_num = SYM_NUM, 2416eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .ocon_num = OCON_NODE6 + 1, 2426eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .target_platform = SEPOL_TARGET_SELINUX, 2436eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris }, 2446eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris { 2456eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .type = POLICY_BASE, 24645b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .version = MOD_POLICYDB_VERSION_ROLETRANS, 24745b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .sym_num = SYM_NUM, 24845b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .ocon_num = OCON_NODE6 + 1, 24945b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .target_platform = SEPOL_TARGET_SELINUX, 25045b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao }, 25145b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao { 2528072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .type = POLICY_BASE, 2538072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 2548072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .sym_num = SYM_NUM, 2558072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .ocon_num = OCON_NODE6 + 1, 2568072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .target_platform = SEPOL_TARGET_SELINUX, 2578072dba146b213a3f12a394596537e73f1b9339cHarry Ciao }, 2588072dba146b213a3f12a394596537e73f1b9339cHarry Ciao { 259f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .type = POLICY_BASE, 260f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 261f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .sym_num = SYM_NUM, 262f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .ocon_num = OCON_NODE6 + 1, 263f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .target_platform = SEPOL_TARGET_SELINUX, 264f87ae538256eff759cb67c448416dc14031849a1Harry Ciao }, 265f87ae538256eff759cb67c448416dc14031849a1Harry Ciao { 26609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .type = POLICY_BASE, 26709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 26809c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .sym_num = SYM_NUM, 26909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .ocon_num = OCON_NODE6 + 1, 27009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .target_platform = SEPOL_TARGET_SELINUX, 27109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris }, 27209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris { 273693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .type = POLICY_BASE, 274693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 275693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .sym_num = SYM_NUM, 276693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .ocon_num = OCON_NODE6 + 1, 277693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .target_platform = SEPOL_TARGET_SELINUX, 278693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris }, 279693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris { 2804bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .type = POLICY_BASE, 2814bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 2824bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .sym_num = SYM_NUM, 2834bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .ocon_num = OCON_NODE6 + 1, 2844bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .target_platform = SEPOL_TARGET_SELINUX, 2854bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh }, 2864bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh { 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_MOD, 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_BASE, 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = 0, 291505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_MOD, 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_MLS, 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .ocon_num = 0, 298505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_MOD, 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_MLS_USERS, 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 304505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = 0, 305505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_MOD, 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_POLCAP, 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 311505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = 0, 312505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .type = POLICY_MOD, 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .version = MOD_POLICYDB_VERSION_PERMISSIVE, 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .sym_num = SYM_NUM, 318505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = 0, 319505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle }, 321f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle { 322f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .type = POLICY_MOD, 323f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .version = MOD_POLICYDB_VERSION_BOUNDARY, 324f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle .sym_num = SYM_NUM, 325505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = 0, 326505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 327f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle }, 328f7917ea9cf6af752de98a1e742152d813028c669Caleb Case { 329f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .type = POLICY_MOD, 330f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS, 331f7917ea9cf6af752de98a1e742152d813028c669Caleb Case .sym_num = SYM_NUM, 332505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .ocon_num = 0, 333505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi .target_platform = SEPOL_TARGET_SELINUX, 334f7917ea9cf6af752de98a1e742152d813028c669Caleb Case }, 33545b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao { 33645b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .type = POLICY_MOD, 3376eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .version = MOD_POLICYDB_VERSION_FILENAME_TRANS, 3386eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .sym_num = SYM_NUM, 3396eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .ocon_num = 0, 3406eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .target_platform = SEPOL_TARGET_SELINUX, 3416eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris }, 3426eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris { 3436eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris .type = POLICY_MOD, 34445b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .version = MOD_POLICYDB_VERSION_ROLETRANS, 34545b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .sym_num = SYM_NUM, 34645b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .ocon_num = 0, 34745b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao .target_platform = SEPOL_TARGET_SELINUX, 34845b2e6ec2340d698db506dff8c3df947b6e29452Harry Ciao }, 3498072dba146b213a3f12a394596537e73f1b9339cHarry Ciao { 3508072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .type = POLICY_MOD, 3518072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .version = MOD_POLICYDB_VERSION_ROLEATTRIB, 3528072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .sym_num = SYM_NUM, 3538072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .ocon_num = 0, 3548072dba146b213a3f12a394596537e73f1b9339cHarry Ciao .target_platform = SEPOL_TARGET_SELINUX, 3558072dba146b213a3f12a394596537e73f1b9339cHarry Ciao }, 356f87ae538256eff759cb67c448416dc14031849a1Harry Ciao { 357f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .type = POLICY_MOD, 358f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .version = MOD_POLICYDB_VERSION_TUNABLE_SEP, 359f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .sym_num = SYM_NUM, 360f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .ocon_num = 0, 361f87ae538256eff759cb67c448416dc14031849a1Harry Ciao .target_platform = SEPOL_TARGET_SELINUX, 362f87ae538256eff759cb67c448416dc14031849a1Harry Ciao }, 36309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris { 36409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .type = POLICY_MOD, 36509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS, 36609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .sym_num = SYM_NUM, 36709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .ocon_num = 0, 36809c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris .target_platform = SEPOL_TARGET_SELINUX, 36909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris }, 370693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris { 371693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .type = POLICY_MOD, 372693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE, 373693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .sym_num = SYM_NUM, 374693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .ocon_num = 0, 375693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris .target_platform = SEPOL_TARGET_SELINUX, 376693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris }, 3774bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh { 3784bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .type = POLICY_MOD, 3794bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES, 3804bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .sym_num = SYM_NUM, 3814bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .ocon_num = 0, 3824bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh .target_platform = SEPOL_TARGET_SELINUX, 3834bc2cd49d4bb5cfb54c8133a9e9881e8f18f45cdDan Walsh }, 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic char *symtab_name[SYM_NUM] = { 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "common prefixes", 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "classes", 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "roles", 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "types", 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "users", 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "bools" mls_symtab_names cond_symtab_names 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic unsigned int symtab_sizes[SYM_NUM] = { 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2, 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32, 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16, 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 512, 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 128, 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16, 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16, 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16, 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct policydb_compat_info *policydb_lookup_compat(unsigned int version, 409505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi unsigned int type, 410505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi unsigned int target_platform) 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policydb_compat_info *info = NULL; 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_compat[i].version == version && 417505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_compat[i].type == type && 418505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_compat[i].target_platform == target_platform) { 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle info = &policydb_compat[i]; 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return info; 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid type_set_init(type_set_t * x) 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(type_set_t)); 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->types); 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->negset); 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid type_set_destroy(type_set_t * x) 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x != NULL) { 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->types); 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->negset); 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_set_init(role_set_t * x) 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(role_set_t)); 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->roles); 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_set_destroy(role_set_t * x) 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->roles); 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_datum_init(role_datum_t * x) 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(role_datum_t)); 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->dominates); 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->types); 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->cache); 45816675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao ebitmap_init(&x->roles); 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_datum_destroy(role_datum_t * x) 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x != NULL) { 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->dominates); 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->types); 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->cache); 46716675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao ebitmap_destroy(&x->roles); 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid type_datum_init(type_datum_t * x) 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(*x)); 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->types); 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid type_datum_destroy(type_datum_t * x) 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x != NULL) { 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->types); 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 48313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid user_datum_init(user_datum_t * x) 48513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 48613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(user_datum_t)); 48713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_init(&x->roles); 48813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_range_init(&x->range); 48913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_level_init(&x->dfltlevel); 49013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->cache); 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_range_init(&x->exp_range); 49213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_level_init(&x->exp_dfltlevel); 49313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 49413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 49513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid user_datum_destroy(user_datum_t * x) 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x != NULL) { 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_destroy(&x->roles); 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_range_destroy(&x->range); 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_level_destroy(&x->dfltlevel); 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->cache); 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_range_destroy(&x->exp_range); 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_level_destroy(&x->exp_dfltlevel); 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 50613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid level_datum_init(level_datum_t * x) 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 50913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(level_datum_t)); 51013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid level_datum_destroy(level_datum_t * x __attribute__ ((unused))) 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 51413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* the mls_level_t referenced by the level_datum is managed 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * separately for now, so there is nothing to destroy */ 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 51713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 51813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid cat_datum_init(cat_datum_t * x) 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(cat_datum_t)); 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid cat_datum_destroy(cat_datum_t * x __attribute__ ((unused))) 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* it's currently a simple struct - really nothing to destroy */ 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid class_perm_node_init(class_perm_node_t * x) 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(class_perm_node_t)); 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid avrule_init(avrule_t * x) 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(avrule_t)); 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->stypes); 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->ttypes); 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid avrule_destroy(avrule_t * x) 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perm_node_t *cur, *next; 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x == NULL) { 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->stypes); 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->ttypes); 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 552ef24ade029329a6e9981bd1de2ba7b9ea48e1c79Stephen Smalley free(x->source_filename); 553ef24ade029329a6e9981bd1de2ba7b9ea48e1c79Stephen Smalley 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle next = x->perms; 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (next) { 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = next; 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle next = cur->next; 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cur); 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_trans_rule_init(role_trans_rule_t * x) 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(*x)); 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_init(&x->roles); 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->types); 5676db9b74210197f792a52038abbd10e946e99e49dHarry Ciao ebitmap_init(&x->classes); 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_trans_rule_destroy(role_trans_rule_t * x) 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x != NULL) { 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_destroy(&x->roles); 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->types); 5756db9b74210197f792a52038abbd10e946e99e49dHarry Ciao ebitmap_destroy(&x->classes); 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_trans_rule_list_destroy(role_trans_rule_t * x) 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (x != NULL) { 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_rule_t *next = x->next; 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_rule_destroy(x); 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(x); 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = next; 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5896eeb71538ea29b639ac7549831cd1aa4da32722aEric Parisvoid filename_trans_rule_init(filename_trans_rule_t * x) 5906eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris{ 5916eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris memset(x, 0, sizeof(*x)); 5926eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris type_set_init(&x->stypes); 5936eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris type_set_init(&x->ttypes); 5946eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris} 5956eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 5966eeb71538ea29b639ac7549831cd1aa4da32722aEric Parisstatic void filename_trans_rule_destroy(filename_trans_rule_t * x) 5976eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris{ 5986eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (!x) 5996eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return; 6006eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris type_set_destroy(&x->stypes); 6016eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris type_set_destroy(&x->ttypes); 6026eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris free(x->name); 6036eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris} 6046eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 6056eeb71538ea29b639ac7549831cd1aa4da32722aEric Parisvoid filename_trans_rule_list_destroy(filename_trans_rule_t * x) 6066eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris{ 6076eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris filename_trans_rule_t *next; 6086eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris while (x) { 6096eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris next = x->next; 6106eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris filename_trans_rule_destroy(x); 6116eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris free(x); 6126eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris x = next; 6136eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris } 6146eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris} 6156eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_allow_rule_init(role_allow_rule_t * x) 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(x, 0, sizeof(role_allow_rule_t)); 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_init(&x->roles); 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_init(&x->new_roles); 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_allow_rule_destroy(role_allow_rule_t * x) 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_destroy(&x->roles); 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_set_destroy(&x->new_roles); 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid role_allow_rule_list_destroy(role_allow_rule_t * x) 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (x != NULL) { 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_rule_t *next = x->next; 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_rule_destroy(x); 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(x); 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = next; 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid range_trans_rule_init(range_trans_rule_t * x) 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->stypes); 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(&x->ttypes); 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&x->tclasses); 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_range_init(&x->trange); 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x->next = NULL; 64613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 64713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid range_trans_rule_destroy(range_trans_rule_t * x) 64913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 65013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->stypes); 65113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&x->ttypes); 65213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&x->tclasses); 65313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_range_destroy(&x->trange); 65413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 65513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 65613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid range_trans_rule_list_destroy(range_trans_rule_t * x) 65713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 65813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (x != NULL) { 65913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_t *next = x->next; 66013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_destroy(x); 66113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(x); 66213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = next; 66313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 66413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 66513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 66613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid avrule_list_destroy(avrule_t * x) 66713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 66813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *next, *cur; 66913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 67013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!x) 67113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 67213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 67313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle next = x; 67413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (next) { 67513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = next; 67613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle next = next->next; 67713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_destroy(cur); 67813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cur); 67913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 68013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 68113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 68213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 68313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Initialize the role table by implicitly adding role 'object_r'. If 68413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the policy is a module, set object_r's scope to be SCOPE_REQ, 68513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * otherwise set it to SCOPE_DECL. 68613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 68713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int roles_init(policydb_t * p) 68813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 68913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 69013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 69113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 69213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 69313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = calloc(1, sizeof(role_datum_t)); 69413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!role) { 69513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = -ENOMEM; 69613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 69713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 69813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(strlen(OBJECT_R) + 1); 69913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) { 70013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = -ENOMEM; 70113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out_free_role; 70213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 70313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle strcpy(key, OBJECT_R); 70413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = symtab_insert(p, SYM_ROLES, key, role, 70513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (p->policy_type == 70613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, 70713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &role->s.value); 70813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 70913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out_free_key; 71013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role->s.value != OBJECT_R_VAL) { 71113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = -EINVAL; 71213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out_free_role; 71313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 71413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out: 71513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 71613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_free_key: 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out_free_role: 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(role); 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7248fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleystatic inline unsigned long 7258fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleypartial_name_hash(unsigned long c, unsigned long prevhash) 7268fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 7278fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return (prevhash + (c << 4) + (c >> 4)) * 11; 7288fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 7298fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 730fd9e5ef7b78b34a7bd3ffc786bdd785f4fa29bebNicolas Ioossstatic unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k) 7318fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 7328fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct filename_trans *ft = (const struct filename_trans *)k; 7338fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley unsigned long hash; 7348fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley unsigned int byte_num; 7358fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley unsigned char focus; 7368fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7378fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hash = ft->stype ^ ft->ttype ^ ft->tclass; 7388fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7398fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley byte_num = 0; 7408fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley while ((focus = ft->name[byte_num++])) 7418fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hash = partial_name_hash(focus, hash); 7428fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return hash & (h->size - 1); 7438fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 7448fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7458fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleystatic int filenametr_cmp(hashtab_t h __attribute__ ((unused)), 746fd9e5ef7b78b34a7bd3ffc786bdd785f4fa29bebNicolas Iooss const_hashtab_key_t k1, const_hashtab_key_t k2) 7478fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 7488fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct filename_trans *ft1 = (const struct filename_trans *)k1; 7498fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct filename_trans *ft2 = (const struct filename_trans *)k2; 7508fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley int v; 7518fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7528fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = ft1->stype - ft2->stype; 7538fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (v) 7548fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7558fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7568fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = ft1->ttype - ft2->ttype; 7578fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (v) 7588fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7598fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7608fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = ft1->tclass - ft2->tclass; 7618fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (v) 7628fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7638fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7648fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return strcmp(ft1->name, ft2->name); 7658fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7668fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 7678fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 768fd9e5ef7b78b34a7bd3ffc786bdd785f4fa29bebNicolas Ioossstatic unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k) 7698fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 7708fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct range_trans *key = (const struct range_trans *)k; 7718fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return (key->source_type + (key->target_type << 3) + 7728fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley (key->target_class << 5)) & (h->size - 1); 7738fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 7748fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7758fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleystatic int rangetr_cmp(hashtab_t h __attribute__ ((unused)), 776fd9e5ef7b78b34a7bd3ffc786bdd785f4fa29bebNicolas Iooss const_hashtab_key_t k1, const_hashtab_key_t k2) 7778fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 7788fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct range_trans *key1 = (const struct range_trans *)k1; 7798fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley const struct range_trans *key2 = (const struct range_trans *)k2; 7808fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley int v; 7818fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7828fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = key1->source_type - key2->source_type; 7838fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (v) 7848fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7858fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7868fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = key1->target_type - key2->target_type; 7878fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (v) 7888fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7898fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7908fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley v = key1->target_class - key2->target_class; 7918fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 7928fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return v; 7938fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 7948fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Initialize a policy database structure. 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_init(policydb_t * p) 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 80013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i, rc; 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(p, 0, sizeof(policydb_t)); 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i] = NULL; 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = symtab_init(&p->symtab[i], symtab_sizes[i]); 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 8088fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 80913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* initialize the module stuff */ 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (symtab_init(&p->scope[i], symtab_sizes[i])) { 8148fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 81513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->global = avrule_block_create()) == NULL || 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (p->global->branch_list = avrule_decl_create(1)) == NULL) { 8198fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->decl_val_to_struct = NULL; 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = avtab_init(&p->te_avtab); 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 8258fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = roles_init(p); 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 8298fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = cond_policydb_init(p); 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 8338fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 8348fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 8358fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10)); 8368fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (!p->filename_trans) { 8378fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rc = -ENOMEM; 8388fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 8398fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley } 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8418fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256); 8428fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (!p->range_tr) { 8438fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rc = -ENOMEM; 8448fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 8458fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley } 8468fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 8478fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ebitmap_init(&p->policycaps); 8488fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ebitmap_init(&p->permissive_map); 8498fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 8508fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return 0; 8518fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleyerr: 8528fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_destroy(p->filename_trans); 8538fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_destroy(p->range_tr); 85413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 85513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(p->symtab[i].table); 85613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(p->scope[i].table); 85713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 85813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_list_destroy(p->global); 8598fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return rc; 86013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 86113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_role_cache(hashtab_key_t key 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), hashtab_datum_t datum, 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *arg) 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = (role_datum_t *) datum; 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) arg; 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&role->cache); 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_expand(&role->types, &role->cache, p, 1)) { 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_user_cache(hashtab_key_t key 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), hashtab_datum_t datum, 88213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *arg) 88313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user_datum_t *user; 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user = (user_datum_t *) datum; 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) arg; 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&user->cache); 8913592ebea1a5beb390a520c09747d3699867af9deHarry Ciao if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) { 89213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 89313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 89413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* we do not expand user's MLS info in kernel policies because the 89613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * semantic representation is not present and we do not expand user's 89713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * MLS info in module policies because all of the necessary mls 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * information is not present */ 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) { 90013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_range_destroy(&user->exp_range); 90113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_semantic_range_expand(&user->range, 90213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &user->exp_range, p, NULL)) { 90313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 90413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_level_destroy(&user->exp_dfltlevel); 90713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_semantic_level_expand(&user->dfltlevel, 90813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &user->exp_dfltlevel, p, NULL)) { 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 91213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 91513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 91613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 91713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * The following *_index functions are used to 91813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * define the val_to_name and val_to_struct arrays 91913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * in a policy database structure. The val_to_name 92013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * arrays are used when converting security context 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * structures into string representations. The 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * val_to_struct arrays are used when the attributes 92313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * of a class, role, or user are needed. 92413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 92513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle common_datum_t *comdatum; 93013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 93113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle comdatum = (common_datum_t *) datum; 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim) 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 935fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL) 936fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key; 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 93913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 94113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 94213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 94313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 94413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 94513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_datum_t *cladatum; 94613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 94713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum = (class_datum_t *) datum; 94813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 94913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim) 95013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 951fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL) 952fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 95313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key; 95413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->class_val_to_struct[cladatum->s.value - 1] = cladatum; 95513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 95613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 95713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 95813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 95913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 96013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 96113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 96213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 96313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = (role_datum_t *) datum; 96513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 96613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!role->s.value || role->s.value > p->p_roles.nprim) 96713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 968fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_role_val_to_name[role->s.value - 1] != NULL) 969fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 97013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_role_val_to_name[role->s.value - 1] = (char *)key; 97113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->role_val_to_struct[role->s.value - 1] = role; 97213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 97313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 97413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 97513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 97613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 97713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 97813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 97913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_datum_t *typdatum; 98013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 98113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle typdatum = (type_datum_t *) datum; 98213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 98313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 98413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (typdatum->primary) { 98513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim) 98613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 987fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL) 988fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 98913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key; 99013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->type_val_to_struct[typdatum->s.value - 1] = typdatum; 99113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 99213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 99413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 99513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 99713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 99813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 99913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user_datum_t *usrdatum; 100013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usrdatum = (user_datum_t *) datum; 100213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 100313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim) 100513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 1006fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL) 1007fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 100813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key; 100913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum; 101013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 101213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 101313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 101513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 101613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 101713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level_datum_t *levdatum; 101813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum = (level_datum_t *) datum; 102013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 102113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 102213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!levdatum->isalias) { 102313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!levdatum->level->sens || 102413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum->level->sens > p->p_levels.nprim) 102513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 1026fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL) 1027fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 102813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key; 102913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 103013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 103113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 103213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 103313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 103413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap) 103513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 103613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t *p; 103713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat_datum_t *catdatum; 103813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 103913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle catdatum = (cat_datum_t *) datum; 104013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p = (policydb_t *) datap; 104113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!catdatum->isalias) { 104313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim) 104413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 1045fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL) 1046fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -EINVAL; 104713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key; 104813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 104913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 105113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 105213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 105413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *datap) = { 105513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommon_index, class_index, role_index, type_index, user_index, 105613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_index_bool, sens_index, cat_index,}; 105713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 105913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Define the common val_to_name array and the class 106013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * val_to_name and val_to_struct arrays in a policy 106113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * database structure. 106213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 106313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_index_classes(policydb_t * p) 106413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 106513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->p_common_val_to_name); 106613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_common_val_to_name = (char **) 1067fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss calloc(p->p_commons.nprim, sizeof(char *)); 106813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->p_common_val_to_name) 106913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 107013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 107113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_commons.table, common_index, p)) 107213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 107313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 107413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->class_val_to_struct); 107513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->class_val_to_struct = (class_datum_t **) 1076fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss calloc(p->p_classes.nprim, sizeof(class_datum_t *)); 107713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->class_val_to_struct) 107813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 107913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->p_class_val_to_name); 108113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_class_val_to_name = (char **) 1082fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss calloc(p->p_classes.nprim, sizeof(char *)); 108313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->p_class_val_to_name) 108413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 108513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_classes.table, class_index, p)) 108713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 108813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 109013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 109113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 109213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_index_bools(policydb_t * p) 109313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 109413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 109513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cond_init_bool_indexes(p) == -1) 109613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 109713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_bool_val_to_name = (char **) 1098fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss calloc(p->p_bools.nprim, sizeof(char *)); 109913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->p_bool_val_to_name) 110013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 110113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_bools.table, cond_index_bool, p)) 110213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 110313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 110413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 110513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11069872b04a8020417664143e35925f81d4ecc5ee96Nicolas Ioossint policydb_index_decls(sepol_handle_t * handle, policydb_t * p) 110713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 110813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_t *curblock; 110913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_t *decl; 11109872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss unsigned int num_decls = 0; 111113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 111213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->decl_val_to_struct); 111313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 111413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 111513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (decl = curblock->branch_list; decl != NULL; 111613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl = decl->next) { 111713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_decls++; 111813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 111913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 112013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 112113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->decl_val_to_struct = 112213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle calloc(num_decls, sizeof(*(p->decl_val_to_struct))); 112313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->decl_val_to_struct) { 112413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 112513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 112613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 112713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (curblock = p->global; curblock != NULL; curblock = curblock->next) { 112813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (decl = curblock->branch_list; decl != NULL; 112913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl = decl->next) { 11309872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss if (decl->decl_id < 1 || decl->decl_id > num_decls) { 11319872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss ERR(handle, "invalid decl ID %u", decl->decl_id); 11329872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss return -1; 11339872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss } 1134fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) { 1135fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss ERR(handle, "duplicated decl ID %u", decl->decl_id); 1136fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss return -1; 1137fb237459c84ef843828988a953e06826435dfcaeNicolas Iooss } 113813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->decl_val_to_struct[decl->decl_id - 1] = decl; 113913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 114013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 114113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 114213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 114313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 114413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 114513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 114613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Define the other val_to_name and val_to_struct arrays 114713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * in a policy database structure. 114813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 114913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_index_others(sepol_handle_t * handle, 115013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * p, unsigned verbose) 115113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 115213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i; 115313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 115413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (verbose) { 115513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle INFO(handle, 115613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "security: %d users, %d roles, %d types, %d bools", 115713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, 115813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_bools.nprim); 115913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 116013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->mls) 116113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle INFO(handle, "security: %d sens, %d cats", 116213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_levels.nprim, p->p_cats.nprim); 116313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 116413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle INFO(handle, "security: %d classes, %d rules, %d cond rules", 116513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel); 116613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 116713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#if 0 116813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avtab_hash_eval(&p->te_avtab, "rules"); 116913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) 117013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_hash_eval(p->symtab[i].table, symtab_name[i]); 117113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 117213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 117313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->role_val_to_struct); 117413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->role_val_to_struct = (role_datum_t **) 117502081779f3bbae034f9b4c2450a28c519460ae9eWilliam Roberts calloc(p->p_roles.nprim, sizeof(role_datum_t *)); 117613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->role_val_to_struct) 117713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 117813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 117913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->user_val_to_struct); 118013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->user_val_to_struct = (user_datum_t **) 1181fb0cc0cc649a12edf1dc846841a5d026b1cc20ecWilliam Roberts calloc(p->p_users.nprim, sizeof(user_datum_t *)); 118213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->user_val_to_struct) 118313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 118413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 118513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->type_val_to_struct); 118613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->type_val_to_struct = (type_datum_t **) 118713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle calloc(p->p_types.nprim, sizeof(type_datum_t *)); 118813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->type_val_to_struct) 118913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 119013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 119113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_init_bool_indexes(p); 119213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 119313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = SYM_ROLES; i < SYM_NUM; i++) { 119413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->sym_val_to_name[i]); 119513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i] = NULL; 119613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->symtab[i].nprim) { 119713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i] = (char **) 119813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle calloc(p->symtab[i].nprim, sizeof(char *)); 119913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->sym_val_to_name[i]) 120013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 120113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->symtab[i].table, index_f[i], p)) 120213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 120313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 120413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 120513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 120613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* This pre-expands the roles and users for context validity checking */ 120713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_roles.table, policydb_role_cache, p)) 120813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 120913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 121013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 121113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 121213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 121313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 121413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 121513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 121613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 121713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * The following *_destroy functions are used to 121813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * free any memory allocated for each kind of 121913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * symbol data in the policy database. 122013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 122113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 122213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 122313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 122413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 122513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (key) 122613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 122713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 122813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 122913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 123013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 123113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 123213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 123313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 123413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle common_datum_t *comdatum; 123513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 123613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (key) 123713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 123813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle comdatum = (common_datum_t *) datum; 1239afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7Eric Paris (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0); 124013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(comdatum->permissions.table); 124113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 124213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 124313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 124413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 124513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 124613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 124713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 124813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_datum_t *cladatum; 124913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_node_t *constraint, *ctemp; 125013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_expr_t *e, *etmp; 125113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 125213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (key) 125313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 125413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum = (class_datum_t *) datum; 125513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cladatum == NULL) { 125613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 125713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 1258afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7Eric Paris (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0); 125913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(cladatum->permissions.table); 126013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint = cladatum->constraints; 126113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (constraint) { 126213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e = constraint->expr; 126313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (e) { 126413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle etmp = e; 126513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e = e->next; 126613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_expr_destroy(etmp); 126713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 126813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ctemp = constraint; 126913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint = constraint->next; 127013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ctemp); 127113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 127213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 127313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint = cladatum->validatetrans; 127413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (constraint) { 127513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e = constraint->expr; 127613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (e) { 127713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle etmp = e; 127813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e = e->next; 127913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_expr_destroy(etmp); 128013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 128113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ctemp = constraint; 128213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint = constraint->next; 128313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ctemp); 128413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 128513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 128613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cladatum->comkey) 128713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cladatum->comkey); 128813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 128913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 129013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 129113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 129213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 129313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 129413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 129513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 129613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_destroy((role_datum_t *) datum); 129713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 129813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 129913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 130013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 130113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 130213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 130313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 130413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 130513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_datum_destroy((type_datum_t *) datum); 130613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 130713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 130813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 130913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 131013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 131113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 131213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 131313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 131413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user_datum_destroy((user_datum_t *) datum); 131513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 131613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 131713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 131813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 131913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 132013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 132113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 132213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level_datum_t *levdatum; 132313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 132413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (key) 132513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 132613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum = (level_datum_t *) datum; 132713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_level_destroy(levdatum->level); 132813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(levdatum->level); 132913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level_datum_destroy(levdatum); 133013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(levdatum); 133113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 133213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 133313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 133413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 133513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 133613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 133713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (key) 133813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 133913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat_datum_destroy((cat_datum_t *) datum); 134013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(datum); 134113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 134213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 134313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 134413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, 134513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *datap) = { 134613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommon_destroy, class_destroy, role_destroy, type_destroy, user_destroy, 134713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_destroy_bool, sens_destroy, cat_destroy,}; 134813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13498fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleystatic int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum, 13508fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley void *p __attribute__ ((unused))) 13518fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 13528fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley struct filename_trans *ft = (struct filename_trans *)key; 13538fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(ft->name); 13548fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(key); 13558fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(datum); 13568fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return 0; 13578fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 13588fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 13598fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleystatic int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum, 13608fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley void *p __attribute__ ((unused))) 13618fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley{ 13628fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley struct mls_range *rt = (struct mls_range *)datum; 13638fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(key); 13648fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ebitmap_destroy(&rt->level[0].cat); 13658fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ebitmap_destroy(&rt->level[1].cat); 13668fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(datum); 13678fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return 0; 13688fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley} 13698fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 1370505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzivoid ocontext_selinux_free(ocontext_t **ocontexts) 1371505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi{ 1372505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ocontext_t *c, *ctmp; 1373505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi int i; 1374505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 1375505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (i = 0; i < OCON_NUM; i++) { 1376505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c = ocontexts[i]; 1377505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi while (c) { 1378505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ctmp = c; 1379505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c = c->next; 1380505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi context_destroy(&ctmp->context[0]); 1381505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi context_destroy(&ctmp->context[1]); 1382505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF 1383505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi || i == OCON_FSUSE) 1384505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(ctmp->u.name); 1385505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(ctmp); 1386505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 1387505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 1388505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi} 1389505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 1390505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzivoid ocontext_xen_free(ocontext_t **ocontexts) 1391505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi{ 1392505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ocontext_t *c, *ctmp; 1393505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi int i; 1394505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 1395505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (i = 0; i < OCON_NUM; i++) { 1396505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c = ocontexts[i]; 1397505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi while (c) { 1398505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ctmp = c; 1399505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c = c->next; 1400505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi context_destroy(&ctmp->context[0]); 1401505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi context_destroy(&ctmp->context[1]); 1402d03e9373e82d143c396401adf4912ed0ea490ecfRichard Haines if (i == OCON_ISID || i == OCON_XEN_DEVICETREE) 1403505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(ctmp->u.name); 1404505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(ctmp); 1405505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 1406505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 1407505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi} 1408505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 140913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 141013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Free any memory allocated by a policy database structure. 141113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 141213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid policydb_destroy(policydb_t * p) 141313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 141413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *c, *ctmp; 141513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle genfs_t *g, *gtmp; 141613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 141713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_t *ra, *lra = NULL; 141813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_t *tr, *ltr = NULL; 141913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 142013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p) 142113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 142213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 142313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&p->policycaps); 142413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 142513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&p->permissive_map); 142613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 142713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle symtabs_destroy(p->symtab); 142813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 142913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 143013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->sym_val_to_name[i]) 143113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->sym_val_to_name[i]); 143213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 143313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 143413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->class_val_to_struct) 143513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->class_val_to_struct); 143613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->role_val_to_struct) 143713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->role_val_to_struct); 143813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->user_val_to_struct) 143913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->user_val_to_struct); 144013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->type_val_to_struct) 144113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->type_val_to_struct); 144213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->decl_val_to_struct); 144313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 144413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 1445afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7Eric Paris (void)hashtab_map(p->scope[i].table, scope_destroy, 0); 144613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(p->scope[i].table); 144713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 144813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_list_destroy(p->global); 144913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->name); 145013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->version); 145113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 145213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avtab_destroy(&p->te_avtab); 145313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1454505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (p->target_platform == SEPOL_TARGET_SELINUX) 1455505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ocontext_selinux_free(p->ocontexts); 1456505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi else if (p->target_platform == SEPOL_TARGET_XEN) 1457505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ocontext_xen_free(p->ocontexts); 145813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 145913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g = p->genfs; 146013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (g) { 146113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(g->fstype); 146213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = g->head; 146313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (c) { 146413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ctmp = c; 146513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = c->next; 146613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_destroy(&ctmp->context[0]); 146713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ctmp->u.name); 146813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ctmp); 146913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 147013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gtmp = g; 147113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g = g->next; 147213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(gtmp); 147313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 147413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_policydb_destroy(p); 147513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 147613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (tr = p->role_tr; tr; tr = tr->next) { 147713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ltr) 147813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ltr); 147913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr = tr; 148013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 148113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ltr) 148213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(ltr); 148313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 148413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (ra = p->role_allow; ra; ra = ra->next) { 148513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lra) 148613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(lra); 148713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra = ra; 148813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 148913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lra) 149013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(lra); 149113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14928fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_map(p->filename_trans, filenametr_destroy, NULL); 14938fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_destroy(p->filename_trans); 14948fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 14958fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_map(p->range_tr, range_tr_destroy, NULL); 14968fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley hashtab_destroy(p->range_tr); 149713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 149813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->type_attr_map) { 149913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_types.nprim; i++) { 150013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&p->type_attr_map[i]); 150113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 150213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->type_attr_map); 150313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 150413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 150513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->attr_type_map) { 150613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_types.nprim; i++) { 150713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&p->attr_type_map[i]); 150813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 150913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->attr_type_map); 151013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 151113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 151213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return; 151313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 151413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 151513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid symtabs_destroy(symtab_t * symtab) 151613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 151713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i; 151813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < SYM_NUM; i++) { 1519afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7Eric Paris (void)hashtab_map(symtab[i].table, destroy_f[i], 0); 152013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_destroy(symtab[i].table); 152113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 152213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 152313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 152413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p 152513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused))) 152613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 152713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum_t *cur = (scope_datum_t *) datum; 152813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key); 152913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cur != NULL) { 153013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cur->decl_ids); 153113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 153213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cur); 153313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 153413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 153513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 153613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlehashtab_destroy_func_t get_symtab_destroy_func(int sym_num) 153713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 153813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sym_num < 0 || sym_num >= SYM_NUM) { 153913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return NULL; 154013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 154113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (hashtab_destroy_func_t) destroy_f[sym_num]; 154213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 154313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 154413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 154513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Load the initial SIDs specified in a policy database 154613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * structure into a SID table. 154713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 154813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_load_isids(policydb_t * p, sidtab_t * s) 154913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 155013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *head, *c; 155113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 155213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_sidtab_init(s)) { 155313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "out of memory on SID table init"); 155413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 155513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 155613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 155713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle head = p->ocontexts[OCON_ISID]; 155813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (c = head; c; c = c->next) { 155913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!c->context[0].user) { 156013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "SID %s was never defined", c->u.name); 156113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 156213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 156313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) { 156413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(NULL, "unable to load initial SID %s", c->u.name); 156513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 156613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 156713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 156813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 156913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 157013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 157113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 157213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Declare a symbol for a certain avrule_block context. Insert it 157313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * into a symbol table for a policy. This function will handle 157413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * inserting the appropriate scope information in addition to 157513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * inserting the symbol into the hash table. 157613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 157713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * arguments: 157813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * policydb_t *pol module policy to modify 157913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * uint32_t sym the symbole table for insertion (SYM_*) 158013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * hashtab_key_t key the key for the symbol - not cloned 158113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * hashtab_datum_t data the data for the symbol - not cloned 158213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL 158313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * avrule_decl_id identifier for this symbol's encapsulating declaration 158413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * value (out) assigned value to the symbol (if value is not NULL) 158513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 158613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * returns: 158713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 0 success 158813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1 success, but symbol already existed as a requirement 158913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * (datum was not inserted and needs to be free()d) 159013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * -1 general error 159113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * -2 scope conflicted 159213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * -ENOMEM memory error 159313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * error codes from hashtab_insert 159413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 159513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint symtab_insert(policydb_t * pol, uint32_t sym, 159613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_key_t key, hashtab_datum_t datum, 159713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t scope, uint32_t avrule_decl_id, uint32_t * value) 159813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 159913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, retval = 0; 160013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 160113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum_t *scope_datum; 160213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 160313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* check if the symbol is already there. multiple 160413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * declarations of non-roles/non-users are illegal, but 160513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * multiple requires are allowed. */ 160613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 160713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* FIX ME - the failures after the hashtab_insert will leave 160813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the policy in a inconsistent state. */ 160913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = hashtab_insert(pol->symtab[sym].table, key, datum); 161013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc == SEPOL_OK) { 161113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* if no value is passed in the symbol is not primary 161213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * (i.e. aliases) */ 161313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (value) 161413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *value = ++pol->symtab[sym].nprim; 161513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (rc == SEPOL_EEXIST) { 161613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle retval = 1; /* symbol not added -- need to free() later */ 161713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 161813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 161913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 162013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 162113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* get existing scope information; if there is not one then 162213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * create it */ 162313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum = 162413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (scope_datum_t *) hashtab_search(pol->scope[sym].table, key); 162513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope_datum == NULL) { 162613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_key_t key2 = strdup((char *)key); 162713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key2) 162813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -ENOMEM; 162913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) { 163013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key2); 163113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -ENOMEM; 163213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 163313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum->scope = scope; 163413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum->decl_ids = NULL; 163513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum->decl_ids_len = 0; 163613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = 163713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_insert(pol->scope[sym].table, key2, 163813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum)) != 0) { 163913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(key2); 164013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(scope_datum); 164113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 164213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 164313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) { 164413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* disallow multiple declarations for non-roles/users */ 164513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sym != SYM_ROLES && sym != SYM_USERS) { 164613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -2; 164713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 164816675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao /* Further confine that a role attribute can't have the same 164916675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao * name as another regular role, and a role attribute can't 165016675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao * be declared more than once. */ 165116675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao if (sym == SYM_ROLES) { 165216675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao role_datum_t *base_role; 165316675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao role_datum_t *cur_role = (role_datum_t *)datum; 165416675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao 165516675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao base_role = (role_datum_t *) 165616675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao hashtab_search(pol->symtab[sym].table, 165716675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao key); 165816675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao assert(base_role != NULL); 165916675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao 166016675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao if (!((base_role->flavor == ROLE_ROLE) && 166116675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao (cur_role->flavor == ROLE_ROLE))) { 166216675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao /* Only regular roles are allowed to have 166316675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao * multiple declarations. */ 166416675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao return -2; 166516675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao } 166616675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao } 166713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) { 166813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum->scope = SCOPE_DECL; 166913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 167013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 167113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* search through the pre-existing list to avoid adding duplicates */ 167213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < scope_datum->decl_ids_len; i++) { 167313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope_datum->decl_ids[i] == avrule_decl_id) { 167413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* already there, so don't modify its scope */ 167513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return retval; 167613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 167713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 167813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 167913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (add_i_to_a(avrule_decl_id, 168013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &scope_datum->decl_ids_len, 168113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &scope_datum->decl_ids) == -1) { 168213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -ENOMEM; 168313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 168413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 168513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return retval; 168613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 168713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 168813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b) 168913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 169013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(dst); 169113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 169213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_or(&dst->types, &a->types, &b->types)) { 169313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 169413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 169513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) { 169613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 169713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 169813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 169913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dst->flags |= a->flags; 170013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dst->flags |= b->flags; 170113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 170213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 170313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 170413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 170513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint type_set_cpy(type_set_t * dst, type_set_t * src) 170613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 170713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_init(dst); 170813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 170913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dst->flags = src->flags; 171013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_cpy(&dst->types, &src->types)) 171113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 171213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_cpy(&dst->negset, &src->negset)) 171313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 171413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 171513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 171613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 171713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 171813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint type_set_or_eq(type_set_t * dst, type_set_t * other) 171913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 172013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int ret; 172113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_t tmp; 172213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 172313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_or(&tmp, dst, other)) 172413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 172513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(dst); 172613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ret = type_set_cpy(dst, &tmp); 172713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_destroy(&tmp); 172813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 172913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return ret; 173013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 173113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 173213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint role_set_get_role(role_set_t * x, uint32_t role) 173313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 173413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x->flags & ROLE_STAR) 173513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 173613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 173713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_get_bit(&x->roles, role - 1)) { 173813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x->flags & ROLE_COMP) 173913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 174013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 174113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 174213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 174313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (x->flags & ROLE_COMP) 174413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 174513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 174613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 174713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 174813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 174913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 175013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/***********************************************************************/ 175113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* everything below is for policy reads */ 175213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 175313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* The following are read functions for module structures */ 175413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 175513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int role_set_read(role_set_t * r, struct policy_file *fp) 175613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 175713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 175813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 175913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 176013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&r->roles, fp)) 176113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 176213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 176313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 176413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 176513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r->flags = le32_to_cpu(buf[0]); 176613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 176713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 176813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 176913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 177013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int type_set_read(type_set_t * t, struct policy_file *fp) 177113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 177213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 177313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 177413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 177513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&t->types, fp)) 177613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 177713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&t->negset, fp)) 177813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 177913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 178013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 178113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 178213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 178313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t->flags = le32_to_cpu(buf[0]); 178413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 178513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 178613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 178713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 178813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 178913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read a MLS range structure from a policydb binary 179013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * representation file. 179113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 179213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_read_range_helper(mls_range_t * r, struct policy_file *fp) 179313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 179413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], items; 179513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 179613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 179713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 179813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 179913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 180013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 180113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle items = le32_to_cpu(buf[0]); 180213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (items > ARRAY_SIZE(buf)) { 180313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "range overflow"); 180413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = -EINVAL; 180513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 180613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 180713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * items); 180813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 180913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "truncated range"); 181013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 181113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 181213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r->level[0].sens = le32_to_cpu(buf[0]); 181313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (items > 1) 181413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r->level[1].sens = le32_to_cpu(buf[1]); 181513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 181613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r->level[1].sens = r->level[0].sens; 181713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 181813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = ebitmap_read(&r->level[0].cat, fp); 181913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) { 182013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "error reading low categories"); 182113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 182213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 182313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (items > 1) { 182413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = ebitmap_read(&r->level[1].cat, fp); 182513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) { 182613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "error reading high categories"); 182713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad_high; 182813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 182913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 183013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); 183113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) { 183213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "out of memory"); 183313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad_high; 183413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 183513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 183613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 183713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = 0; 183813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out: 183913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 184013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad_high: 184113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_destroy(&r->level[0].cat); 184213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 184313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 184413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 184513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 184613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read a semantic MLS level structure from a policydb binary 184713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * representation file. 184813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 184913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_read_semantic_level_helper(mls_semantic_level_t * l, 185013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 185113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 185213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], ncat; 185313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 185413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_cat_t *cat; 185513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 185613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 185713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_level_init(l); 185813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 185913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 186013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 186113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "truncated level"); 186213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 186313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 186413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l->sens = le32_to_cpu(buf[0]); 186513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 186613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ncat = le32_to_cpu(buf[1]); 186713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < ncat; i++) { 186813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t)); 186913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cat) { 187013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "out of memory"); 187113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 187213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 187313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 187413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_cat_init(cat); 187513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat->next = l->cat; 187613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l->cat = cat; 187713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 187813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 187913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 188013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "error reading level categories"); 188113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 188213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 188313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat->low = le32_to_cpu(buf[0]); 188413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat->high = le32_to_cpu(buf[1]); 188513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 188613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 188713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 188813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 188913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 189013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 189113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 189213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 189313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 189413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read a semantic MLS range structure from a policydb binary 189513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * representation file. 189613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 189713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_read_semantic_range_helper(mls_semantic_range_t * r, 189813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 189913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 190013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 190113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 190213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = mls_read_semantic_level_helper(&r->level[0], fp); 190313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc) 190413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 190513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 190613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = mls_read_semantic_level_helper(&r->level[1], fp); 190713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 190813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return rc; 190913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 191013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 191113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl) 191213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 191313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 191413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_node_t *cnode; 191513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_cat_t *open_cat = NULL; 191613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 191713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_level_init(sl); 191813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sl->sens = l->sens; 191913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_for_each_bit(&l->cat, cnode, i) { 192013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_node_get_bit(cnode, i)) { 192113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (open_cat) 192213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 192313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat = (mls_semantic_cat_t *) 192413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle malloc(sizeof(mls_semantic_cat_t)); 192513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!open_cat) 192613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 192713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 192813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_semantic_cat_init(open_cat); 192913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat->low = i + 1; 193013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat->next = sl->cat; 193113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sl->cat = open_cat; 193213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 193313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!open_cat) 193413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 193513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat->high = i; 193613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat = NULL; 193713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 193813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 193913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (open_cat) 194013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle open_cat->high = i; 194113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 194213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 194313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 194413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 194513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr) 194613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 194713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_level_to_semantic(&r->level[0], &sr->level[0])) 194813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 194913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 195013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_level_to_semantic(&r->level[1], &sr->level[1])) 195113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 195213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 195313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 195413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 195513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 195613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 195713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read and validate a security context structure 195813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * from a policydb binary representation file. 195913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 196013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int context_read_and_validate(context_struct_t * c, 196113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * p, struct policy_file *fp) 196213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 196313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[3]; 196413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 196513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 196613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 196713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 196813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "context truncated"); 196913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 197013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 197113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->user = le32_to_cpu(buf[0]); 197213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->role = le32_to_cpu(buf[1]); 197313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->type = le32_to_cpu(buf[2]); 197413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->policy_type == POLICY_KERN 197513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= POLICYDB_VERSION_MLS) 197613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_BASE 197713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) { 197813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_range_helper(&c->range, fp)) { 197913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "error reading MLS range " 198013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "of context"); 198113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 198213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 198313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 198413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 198513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!policydb_context_isvalid(p, c)) { 198613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "invalid security context"); 198713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_destroy(c); 198813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 198913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 199013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 199113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 199213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 199313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 199413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * The following *_read functions are used to 199513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * read the symbol data from a policy database 199613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * binary representation file. 199713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 199813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 199913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int perm_read(policydb_t * p 200013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), hashtab_t h, 200113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 200213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 200313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 200413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm_datum_t *perdatum; 200513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2]; 200613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len; 200713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 200813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 200913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perdatum = calloc(1, sizeof(perm_datum_t)); 201013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!perdatum) 201113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 201213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 201313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 201413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 201513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 201613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 201713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 2018fbf77104c30f51ed927de2493730c8f1fbd4cb33William Roberts if(str_read(&key, fp, len)) 20198673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 20208673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 202113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perdatum->s.value = le32_to_cpu(buf[1]); 202213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 202313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, perdatum)) 202413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 202513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 202613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 202713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 202813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 202913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle perm_destroy(key, perdatum, NULL); 203013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 203113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 203213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 203313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 203413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 203513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 203613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle common_datum_t *comdatum; 203713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[4]; 203813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len, nel; 203913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 204013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 204113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 204213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle comdatum = calloc(1, sizeof(common_datum_t)); 204313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!comdatum) 204413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 204513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 204613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 204713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 204813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 204913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 205013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 20518673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 20528673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 20538673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 205413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle comdatum->s.value = le32_to_cpu(buf[1]); 205513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 205613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) 205713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 205813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle comdatum->permissions.nprim = le32_to_cpu(buf[2]); 205913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[3]); 206013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 206113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 206213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 206313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 206413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 206513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 206613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 206713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 206813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 206913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 207013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm_read(p, comdatum->permissions.table, fp)) 207113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 207213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 207313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 207413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, comdatum)) 207513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 207613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 207713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 207813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 207913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 208013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle common_destroy(key, comdatum, NULL); 208113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 208213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 208313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 208413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int read_cons_helper(policydb_t * p, constraint_node_t ** nodep, 208513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int ncons, 208613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int allowxtarget, struct policy_file *fp) 208713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 208813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_node_t *c, *lc; 208913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle constraint_expr_t *e, *le; 209013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[3]; 209113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t nexpr; 209213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i, j; 209313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, depth; 209413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 209513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lc = NULL; 209613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < ncons; i++) { 209713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = calloc(1, sizeof(constraint_node_t)); 209813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!c) 209913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 210013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 210113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lc) 210213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lc->next = c; 210313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 210413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *nodep = c; 210513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 210613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 210713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 210813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 210913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->permissions = le32_to_cpu(buf[0]); 211013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nexpr = le32_to_cpu(buf[1]); 211113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle le = NULL; 211213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle depth = -1; 211313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nexpr; j++) { 211413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e = malloc(sizeof(constraint_expr_t)); 211513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!e) 211613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 211713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (constraint_expr_init(e) == -1) { 211813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(e); 211913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 212013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 212113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (le) { 212213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle le->next = e; 212313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 212413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->expr = e; 212513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 212613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 212713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 212813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 212913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 213013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e->expr_type = le32_to_cpu(buf[0]); 213113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e->attr = le32_to_cpu(buf[1]); 213213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle e->op = le32_to_cpu(buf[2]); 213313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (e->expr_type) { 213513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case CEXPR_NOT: 213613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (depth < 0) 213713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 213813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 213913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case CEXPR_AND: 214013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case CEXPR_OR: 214113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (depth < 1) 214213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 214313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle depth--; 214413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 214513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case CEXPR_ATTR: 214613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (depth == (CEXPR_MAXDEPTH - 1)) 214713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 214813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle depth++; 214913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 215013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case CEXPR_NAMES: 215113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!allowxtarget && (e->attr & CEXPR_XTARGET)) 215213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 215313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (depth == (CEXPR_MAXDEPTH - 1)) 215413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 215513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle depth++; 215613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&e->names, fp)) 215713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 215813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type != POLICY_KERN && 215913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_set_read(e->type_names, fp)) 216013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 21619eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines else if (p->policy_type == POLICY_KERN && 21629eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES && 21639eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines type_set_read(e->type_names, fp)) 21649eefe11b3a94307a3f5432316a59d1f8e3268429Richard Haines return -1; 216513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 216613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default: 216713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 216813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 216913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle le = e; 217013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 217113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (depth != 0) 217213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 217313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lc = c; 217413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 217513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 217613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 217713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 217813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 217913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 218013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 218113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 218213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_datum_t *cladatum; 218313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[6]; 218413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len, len2, ncons, nel; 218513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 218613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 218713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 218813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t)); 218913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cladatum) 219013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 219113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 219213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 6); 219313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 219413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 219513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 219613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 21978673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 21988673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 219913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len2 = le32_to_cpu(buf[1]); 22008673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (is_saturated(len2)) 22018673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 220213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->s.value = le32_to_cpu(buf[2]); 220313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 220413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) 220513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 220613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->permissions.nprim = le32_to_cpu(buf[3]); 220713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[4]); 220813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 220913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ncons = le32_to_cpu(buf[5]); 221013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 221113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 221213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 221313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 221413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 221513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 221613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 221713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 221813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 221913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (len2) { 222013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->comkey = malloc(len2 + 1); 222113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cladatum->comkey) 222213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 222313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(cladatum->comkey, fp, len2); 222413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 222513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 222613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->comkey[len2] = 0; 222713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 222813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->comdatum = hashtab_search(p->p_commons.table, 222913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cladatum->comkey); 223013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cladatum->comdatum) { 223113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "unknown common %s", cladatum->comkey); 223213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 223313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 223413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 223513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 223613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (perm_read(p, cladatum->permissions.table, fp)) 223713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 223813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 223913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 224013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp)) 224113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 224213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 224313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->policy_type == POLICY_KERN 224413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) 224513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_BASE 224613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) { 224713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* grab the validatetrans rules */ 224813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 224913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 225013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 225113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ncons = le32_to_cpu(buf[0]); 225213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp)) 225313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 225413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 225513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 225609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris if ((p->policy_type == POLICY_KERN && 225709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) || 225809c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris (p->policy_type == POLICY_BASE && 225909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) { 226009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 226109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris if (rc < 0) 226209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris goto bad; 226309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris cladatum->default_user = le32_to_cpu(buf[0]); 226409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris cladatum->default_role = le32_to_cpu(buf[1]); 226509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris cladatum->default_range = le32_to_cpu(buf[2]); 226609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris } 226709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris 2268693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris if ((p->policy_type == POLICY_KERN && 2269693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) || 2270693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris (p->policy_type == POLICY_BASE && 2271693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) { 2272693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris rc = next_entry(buf, fp, sizeof(uint32_t)); 2273693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris if (rc < 0) 2274693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris goto bad; 2275693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris cladatum->default_type = le32_to_cpu(buf[0]); 2276693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris } 2277693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris 227813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, cladatum)) 227913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 228013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 228113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 228213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 228313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 228413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_destroy(key, cladatum, NULL); 228513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 228613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 228713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2288172ce53ffa793e69632923b5323fc8c2220b3294Nicolas Ioossstatic int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 228913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 229013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 229113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_datum_t *role; 2292f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle uint32_t buf[3]; 229313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len; 2294f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle int rc, to_read = 2; 229513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 229613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role = calloc(1, sizeof(role_datum_t)); 229713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!role) 229813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 229913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2300f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (policydb_has_boundary_feature(p)) 2301f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle to_read = 3; 2302f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle 2303f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 230413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 230513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 230613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 230713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 23088673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 23098673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 23108673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 231113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role->s.value = le32_to_cpu(buf[1]); 2312f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (policydb_has_boundary_feature(p)) 2313f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle role->bounds = le32_to_cpu(buf[2]); 231413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 231513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 231613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 231713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 231813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 231913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 232013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 232113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 232213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 232313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&role->dominates, fp)) 232413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 232513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 232613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type == POLICY_KERN) { 232713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&role->types.types, fp)) 232813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 232913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 233013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&role->types, fp)) 233113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 233213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23338072dba146b213a3f12a394596537e73f1b9339cHarry Ciao 23348072dba146b213a3f12a394596537e73f1b9339cHarry Ciao if (p->policy_type != POLICY_KERN && 23358072dba146b213a3f12a394596537e73f1b9339cHarry Ciao p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) { 23368072dba146b213a3f12a394596537e73f1b9339cHarry Ciao rc = next_entry(buf, fp, sizeof(uint32_t)); 23378072dba146b213a3f12a394596537e73f1b9339cHarry Ciao if (rc < 0) 23388072dba146b213a3f12a394596537e73f1b9339cHarry Ciao goto bad; 23398072dba146b213a3f12a394596537e73f1b9339cHarry Ciao 23408072dba146b213a3f12a394596537e73f1b9339cHarry Ciao role->flavor = le32_to_cpu(buf[0]); 23418072dba146b213a3f12a394596537e73f1b9339cHarry Ciao 23428072dba146b213a3f12a394596537e73f1b9339cHarry Ciao if (ebitmap_read(&role->roles, fp)) 23438072dba146b213a3f12a394596537e73f1b9339cHarry Ciao goto bad; 23448072dba146b213a3f12a394596537e73f1b9339cHarry Ciao } 234513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 234613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strcmp(key, OBJECT_R) == 0) { 234713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role->s.value != OBJECT_R_VAL) { 234813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "role %s has wrong value %d", 234913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle OBJECT_R, role->s.value); 235013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_destroy(key, role, NULL); 235113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 235213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 235313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_destroy(key, role, NULL); 235413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 235513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 235613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 235713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, role)) 235813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 235913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 236013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 236113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 236213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 236313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_destroy(key, role, NULL); 236413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 236513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 236613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2367172ce53ffa793e69632923b5323fc8c2220b3294Nicolas Ioossstatic int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 236813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 236913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 237013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_datum_t *typdatum; 237113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[5]; 237213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len; 237313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc, to_read; 2374f7917ea9cf6af752de98a1e742152d813028c669Caleb Case int pos = 0; 237513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 237613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle typdatum = calloc(1, sizeof(type_datum_t)); 237713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!typdatum) 237813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 237913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2380f7917ea9cf6af752de98a1e742152d813028c669Caleb Case if (policydb_has_boundary_feature(p)) { 2381f7917ea9cf6af752de98a1e742152d813028c669Caleb Case if (p->policy_type != POLICY_KERN 2382f7917ea9cf6af752de98a1e742152d813028c669Caleb Case && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) 2383f7917ea9cf6af752de98a1e742152d813028c669Caleb Case to_read = 5; 2384f7917ea9cf6af752de98a1e742152d813028c669Caleb Case else 2385f7917ea9cf6af752de98a1e742152d813028c669Caleb Case to_read = 4; 2386f7917ea9cf6af752de98a1e742152d813028c669Caleb Case } 2387f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle else if (p->policy_type == POLICY_KERN) 238813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle to_read = 3; 238913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 239013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle to_read = 5; 239113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 239213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle to_read = 4; 239313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 239413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 239513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 239613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 239713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2398f7917ea9cf6af752de98a1e742152d813028c669Caleb Case len = le32_to_cpu(buf[pos]); 23998673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 24008673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 24018673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 2402f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->s.value = le32_to_cpu(buf[++pos]); 2403f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (policydb_has_boundary_feature(p)) { 2404f7917ea9cf6af752de98a1e742152d813028c669Caleb Case uint32_t properties; 2405f7917ea9cf6af752de98a1e742152d813028c669Caleb Case 2406f7917ea9cf6af752de98a1e742152d813028c669Caleb Case if (p->policy_type != POLICY_KERN 2407f7917ea9cf6af752de98a1e742152d813028c669Caleb Case && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) { 2408f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->primary = le32_to_cpu(buf[++pos]); 2409f7917ea9cf6af752de98a1e742152d813028c669Caleb Case properties = le32_to_cpu(buf[++pos]); 2410f7917ea9cf6af752de98a1e742152d813028c669Caleb Case } 2411f7917ea9cf6af752de98a1e742152d813028c669Caleb Case else { 2412f7917ea9cf6af752de98a1e742152d813028c669Caleb Case properties = le32_to_cpu(buf[++pos]); 2413f7917ea9cf6af752de98a1e742152d813028c669Caleb Case 2414f7917ea9cf6af752de98a1e742152d813028c669Caleb Case if (properties & TYPEDATUM_PROPERTY_PRIMARY) 2415f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->primary = 1; 2416f7917ea9cf6af752de98a1e742152d813028c669Caleb Case } 2417f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle 2418f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE) 2419f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle typdatum->flavor = TYPE_ATTRIB; 2420f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (properties & TYPEDATUM_PROPERTY_ALIAS 2421f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle && p->policy_type != POLICY_KERN) 2422f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle typdatum->flavor = TYPE_ALIAS; 2423f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (properties & TYPEDATUM_PROPERTY_PERMISSIVE 2424f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle && p->policy_type != POLICY_KERN) 2425f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle typdatum->flags |= TYPE_FLAGS_PERMISSIVE; 2426f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle 2427f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->bounds = le32_to_cpu(buf[++pos]); 2428f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle } else { 2429f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->primary = le32_to_cpu(buf[++pos]); 2430f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (p->policy_type != POLICY_KERN) { 2431f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->flavor = le32_to_cpu(buf[++pos]); 2432f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE) 2433f7917ea9cf6af752de98a1e742152d813028c669Caleb Case typdatum->flags = le32_to_cpu(buf[++pos]); 2434f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle } 2435f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle } 2436f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle 243713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type != POLICY_KERN) { 243813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&typdatum->types, fp)) 243913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 244013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 244113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 244213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 244313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 244413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 244513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 244613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 244713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 244813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 244913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 245013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, typdatum)) 245113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 245213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 245313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 245413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 245513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 245613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle type_destroy(key, typdatum, NULL); 245713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 245813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 245913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 246093417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciaoint role_trans_read(policydb_t *p, struct policy_file *fp) 246113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 246293417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao role_trans_t **t = &p->role_tr; 246313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 246413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[3], nel; 246513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_t *tr, *ltr; 246613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 246793417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao int new_roletr = (p->policy_type == POLICY_KERN && 246893417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao p->policyvers >= POLICYDB_VERSION_ROLETRANS); 246913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 247013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 247113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 247213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 247313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 247413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr = NULL; 247513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 247613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr = calloc(1, sizeof(struct role_trans)); 247713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tr) { 247813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 247913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 248013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ltr) { 248113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr->next = tr; 248213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 248313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *t = tr; 248413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 248513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 248613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 248713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 248813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr->role = le32_to_cpu(buf[0]); 248913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr->type = le32_to_cpu(buf[1]); 249013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr->new_role = le32_to_cpu(buf[2]); 249193417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao if (new_roletr) { 249293417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao rc = next_entry(buf, fp, sizeof(uint32_t)); 249393417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao if (rc < 0) 249493417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao return -1; 249593417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao tr->tclass = le32_to_cpu(buf[0]); 249693417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao } else 249793417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao tr->tclass = SECCLASS_PROCESS; 249813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr = tr; 249913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 250013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 250113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 250213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 250313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint role_allow_read(role_allow_t ** r, struct policy_file *fp) 250413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 250513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 250613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], nel; 250713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_t *ra, *lra; 250813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 250913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 251013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 251113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 251213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 251313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 251413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra = NULL; 251513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 251613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ra = calloc(1, sizeof(struct role_allow)); 251713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ra) { 251813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 251913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 252013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lra) { 252113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra->next = ra; 252213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 252313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r = ra; 252413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 252513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 252613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 252713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 252813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ra->role = le32_to_cpu(buf[0]); 252913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ra->new_role = le32_to_cpu(buf[1]); 253013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra = ra; 253113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 253213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 253313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 253413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25358fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleyint filename_trans_read(policydb_t *p, struct policy_file *fp) 25366eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris{ 25376eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris unsigned int i; 25386eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris uint32_t buf[4], nel, len; 25398fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley filename_trans_t *ft; 25408fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley filename_trans_datum_t *otype; 25416eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris int rc; 25426eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris char *name; 25436eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25446eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t)); 25456eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 25466eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 25476eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris nel = le32_to_cpu(buf[0]); 25486eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25496eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris for (i = 0; i < nel; i++) { 25508fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ft = NULL; 25518fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley otype = NULL; 25528fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley name = NULL; 25538fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 25548fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ft = calloc(1, sizeof(*ft)); 25556eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (!ft) 25568fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25578fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley otype = calloc(1, sizeof(*otype)); 2558ebe24ad20bfd5b071f0ea4c0802608f9c2392ccfNicolas Iooss if (!otype) 25598fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25606eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t)); 25616eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 25628fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25636eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris len = le32_to_cpu(buf[0]); 25648673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 25658fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25666eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25678720c8e576671c7b7c1d65392fcb7fc3cdbc3fbdEric Paris name = calloc(len + 1, sizeof(*name)); 25686eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (!name) 25698fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25706eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25716eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ft->name = name; 25726eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25736eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(name, fp, len); 25746eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 25758fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25766eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25776eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t) * 4); 25786eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 25798fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25806eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 25816eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ft->stype = le32_to_cpu(buf[0]); 25826eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ft->ttype = le32_to_cpu(buf[1]); 25836eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ft->tclass = le32_to_cpu(buf[2]); 25848fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley otype->otype = le32_to_cpu(buf[3]); 25858fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 25868fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rc = hashtab_insert(p->filename_trans, (hashtab_key_t) ft, 25878fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley otype); 25888fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (rc) { 25898fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (rc != SEPOL_EEXIST) 25908fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 25918fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley /* 25928fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley * Some old policies were wrongly generated with 25938fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley * duplicate filename transition rules. For backward 25948fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley * compatibility, do not reject such policies, just 25958fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley * issue a warning and ignore the duplicate. 25968fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley */ 25978fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley WARN(fp->handle, 25988fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley "Duplicate name-based type_transition %s %s:%s \"%s\": %s, ignoring", 25998fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->p_type_val_to_name[ft->stype - 1], 26008fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->p_type_val_to_name[ft->ttype - 1], 26018fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->p_class_val_to_name[ft->tclass - 1], 26028fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley ft->name, 26038fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->p_type_val_to_name[otype->otype - 1]); 26048fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(ft); 26058fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(name); 26068fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(otype); 26078fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley /* continue, ignoring this one */ 26088fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley } 26096eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris } 26106eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return 0; 26118fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleyerr: 26128fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(ft); 26138fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(otype); 26148fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(name); 26158fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return -1; 26166eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris} 26176eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 2618505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzistatic int ocontext_read_xen(struct policydb_compat_info *info, 2619505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_t *p, struct policy_file *fp) 2620505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi{ 2621505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi unsigned int i, j; 2622f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf size_t nel, len; 2623505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ocontext_t *l, *c; 2624505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi uint32_t buf[8]; 2625505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi int rc; 2626505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 2627505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (i = 0; i < info->ocon_num; i++) { 2628505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t)); 2629505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2630505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2631505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi nel = le32_to_cpu(buf[0]); 2632505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi l = NULL; 2633505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (j = 0; j < nel; j++) { 2634505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c = calloc(1, sizeof(ocontext_t)); 2635505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (!c) 2636505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2637505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (l) 2638505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi l->next = c; 2639505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi else 2640505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi p->ocontexts[i] = c; 2641505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi l = c; 2642505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi switch (i) { 2643505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case OCON_XEN_ISID: 2644505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t)); 2645505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2646505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2647505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->sid[0] = le32_to_cpu(buf[0]); 2648505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2649505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2650505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2651505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2652505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case OCON_XEN_PIRQ: 2653505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t)); 2654505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2655505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2656505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.pirq = le32_to_cpu(buf[0]); 2657505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2658505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2659505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2660505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2661505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case OCON_XEN_IOPORT: 2662505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 2663505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2664505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2665505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.ioport.low_ioport = le32_to_cpu(buf[0]); 2666505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.ioport.high_ioport = le32_to_cpu(buf[1]); 2667505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2668505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2669505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2670505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2671505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case OCON_XEN_IOMEM: 267282030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) { 267382030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf uint64_t b64[2]; 267482030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf rc = next_entry(b64, fp, sizeof(uint64_t) * 2); 267582030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf if (rc < 0) 267682030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf return -1; 267782030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf c->u.iomem.low_iomem = le64_to_cpu(b64[0]); 267882030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf c->u.iomem.high_iomem = le64_to_cpu(b64[1]); 267982030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf } else { 268082030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 268182030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf if (rc < 0) 268282030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf return -1; 268382030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf c->u.iomem.low_iomem = le32_to_cpu(buf[0]); 268482030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf c->u.iomem.high_iomem = le32_to_cpu(buf[1]); 268582030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf } 2686505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2687505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2688505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2689505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2690505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case OCON_XEN_PCIDEVICE: 2691505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t)); 2692505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2693505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2694505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.device = le32_to_cpu(buf[0]); 2695505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2696505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2697505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2698505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2699f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf case OCON_XEN_DEVICETREE: 2700f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf rc = next_entry(buf, fp, sizeof(uint32_t)); 2701f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf if (rc < 0) 2702f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf return -1; 2703d03e9373e82d143c396401adf4912ed0ea490ecfRichard Haines len = le32_to_cpu(buf[0]); 27048673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 27058673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts return -1; 27068673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 2707f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf c->u.name = malloc(len + 1); 2708f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf if (!c->u.name) 2709f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf return -1; 2710f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf rc = next_entry(c->u.name, fp, len); 2711d03e9373e82d143c396401adf4912ed0ea490ecfRichard Haines if (rc < 0) 2712d03e9373e82d143c396401adf4912ed0ea490ecfRichard Haines return -1; 2713f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf c->u.name[len] = 0; 2714f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf if (context_read_and_validate 2715f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf (&c->context[0], p, fp)) 2716f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf return -1; 2717f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf break; 2718505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi default: 2719505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi /* should never get here */ 2720505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ERR(fp->handle, "Unknown Xen ocontext"); 2721505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2722505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 2723505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 2724505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 2725505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return 0; 2726505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi} 2727505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzistatic int ocontext_read_selinux(struct policydb_compat_info *info, 272813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_t * p, struct policy_file *fp) 272913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 273013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i, j; 273113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t nel, len; 273213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *l, *c; 273313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[8]; 273413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 273513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 273613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < info->ocon_num; i++) { 273713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 273813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 273913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 274013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 274113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l = NULL; 274213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nel; j++) { 274313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = calloc(1, sizeof(ocontext_t)); 274413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!c) { 274513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 274613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 274713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (l) { 274813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l->next = c; 274913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 275013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->ocontexts[i] = c; 275113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 275213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l = c; 275313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle switch (i) { 275413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_ISID: 275513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 275613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 275713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 275813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->sid[0] = le32_to_cpu(buf[0]); 275913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 276013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[0], p, fp)) 276113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 276213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 276313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_FS: 276413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_NETIF: 276513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 276613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 276713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 276813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 27698673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 27708673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts return -1; 277113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.name = malloc(len + 1); 277213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!c->u.name) 277313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 277413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(c->u.name, fp, len); 277513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 277613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 277713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.name[len] = 0; 277813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 277913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[0], p, fp)) 278013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 278113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 278213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[1], p, fp)) 278313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 278413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 278513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_PORT: 278613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 3); 278713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 278813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 278913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.port.protocol = le32_to_cpu(buf[0]); 279013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.port.low_port = le32_to_cpu(buf[1]); 279113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.port.high_port = le32_to_cpu(buf[2]); 279213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 279313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[0], p, fp)) 279413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 279513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 279613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_NODE: 279713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 279813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 279913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 280013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.node.addr = buf[0]; /* network order */ 280113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.node.mask = buf[1]; /* network order */ 280213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 280313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[0], p, fp)) 280413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 280513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 280613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_FSUSE: 280713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 280813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 280913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 281013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->v.behavior = le32_to_cpu(buf[0]); 281113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[1]); 28128673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 28138673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts return -1; 281413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.name = malloc(len + 1); 281513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!c->u.name) 281613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 281713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(c->u.name, fp, len); 281813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 281913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 282013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.name[len] = 0; 282113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate 282213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&c->context[0], p, fp)) 282313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 282413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 282513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle case OCON_NODE6:{ 2826505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi int k; 2827505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 2828505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = next_entry(buf, fp, sizeof(uint32_t) * 8); 2829505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (rc < 0) 2830505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2831505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (k = 0; k < 4; k++) 2832505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi /* network order */ 2833505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.node6.addr[k] = buf[k]; 2834505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (k = 0; k < 4; k++) 2835505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi /* network order */ 2836505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi c->u.node6.mask[k] = buf[k + 4]; 2837505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (context_read_and_validate 2838505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi (&c->context[0], p, fp)) 2839505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 2840505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 284113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 284213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle default:{ 2843505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ERR(fp->handle, "Unknown SELinux ocontext"); 2844505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 284513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 284613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 284713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 284813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 284913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 285013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 285113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2852505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzistatic int ocontext_read(struct policydb_compat_info *info, 2853505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_t *p, struct policy_file *fp) 2854505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi{ 2855505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi int rc = -1; 2856505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi switch (p->target_platform) { 2857505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case SEPOL_TARGET_SELINUX: 2858505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = ocontext_read_selinux(info, p, fp); 2859505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2860505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi case SEPOL_TARGET_XEN: 2861505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi rc = ocontext_read_xen(info, p, fp); 2862505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 2863505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi default: 2864505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ERR(fp->handle, "Unknown target"); 2865505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 2866505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return rc; 2867505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi} 2868505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 286913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int genfs_read(policydb_t * p, struct policy_file *fp) 287013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 287113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 287213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t nel, nel2, len, len2; 287313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle genfs_t *genfs_p, *newgenfs, *genfs; 28748673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts size_t i, j; 287513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ocontext_t *l, *c, *newc = NULL; 287613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 287713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 287813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 287913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 288013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 288113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 288213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle genfs_p = NULL; 288313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 288413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 288513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 288613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 288713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 28888673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 28898673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 289013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs = calloc(1, sizeof(genfs_t)); 289113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!newgenfs) 289213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 289313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs->fstype = malloc(len + 1); 289413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!newgenfs->fstype) { 289513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newgenfs); 289613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 289713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 289813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(newgenfs->fstype, fp, len); 289913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 290013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newgenfs->fstype); 290113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newgenfs); 290213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 290313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 290413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs->fstype[len] = 0; 290513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (genfs_p = NULL, genfs = p->genfs; genfs; 290613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle genfs_p = genfs, genfs = genfs->next) { 290713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { 290813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "dup genfs fstype %s", 290913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs->fstype); 291013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newgenfs->fstype); 291113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newgenfs); 291213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 291313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 291413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strcmp(newgenfs->fstype, genfs->fstype) < 0) 291513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 291613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 291713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs->next = genfs; 291813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (genfs_p) 291913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle genfs_p->next = newgenfs; 292013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 292113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->genfs = newgenfs; 292213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 292313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 292413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 292513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel2 = le32_to_cpu(buf[0]); 292613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nel2; j++) { 292713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc = calloc(1, sizeof(ocontext_t)); 292813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!newc) { 292913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 293013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 293113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 293213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 293313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 293413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 29358673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 29368673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 293713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc->u.name = malloc(len + 1); 293813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!newc->u.name) { 293913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 294013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 294113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(newc->u.name, fp, len); 294213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 294313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 294413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc->u.name[len] = 0; 294513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 294613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 294713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 294813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc->v.sclass = le32_to_cpu(buf[0]); 294913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (context_read_and_validate(&newc->context[0], p, fp)) 295013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 295113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (l = NULL, c = newgenfs->head; c; 295213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l = c, c = c->next) { 295313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!strcmp(newc->u.name, c->u.name) && 295413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (!c->v.sclass || !newc->v.sclass || 295513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc->v.sclass == c->v.sclass)) { 295613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "dup genfs entry " 295713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "(%s,%s)", newgenfs->fstype, 295813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c->u.name); 295913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 296013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 296113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = strlen(newc->u.name); 296213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len2 = strlen(c->u.name); 296313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (len > len2) 296413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 296513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 296613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newc->next = c; 296713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (l) 296813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l->next = newc; 296913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 297013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle newgenfs->head = newc; 2971305986f58c23941243f75fa0ff9e6733695451aaWilliam Roberts /* clear newc after a new owner has the pointer */ 2972305986f58c23941243f75fa0ff9e6733695451aaWilliam Roberts newc = NULL; 297313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 297413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 297513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 297613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 297713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 297813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 297913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (newc) { 298013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_destroy(&newc->context[0]); 298113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle context_destroy(&newc->context[1]); 298213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newc->u.name); 298313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newc); 298413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 298513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 298613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 298713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 298813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 298913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read a MLS level structure from a policydb binary 299013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * representation file. 299113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 299213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int mls_read_level(mls_level_t * lp, struct policy_file *fp) 299313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 299413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 299513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 299613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 299713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_level_init(lp); 299813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 299913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 300013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 300113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "truncated level"); 300213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 300313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 300413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lp->sens = le32_to_cpu(buf[0]); 300513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 300613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&lp->cat, fp)) { 300713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "error reading level categories"); 300813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 300913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 301013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 301113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 301213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 301313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -EINVAL; 301413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 301513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 301613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp) 301713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 301813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 301913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user_datum_t *usrdatum; 3020f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle uint32_t buf[3]; 302113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len; 3022f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle int rc, to_read = 2; 302313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 302413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usrdatum = calloc(1, sizeof(user_datum_t)); 302513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!usrdatum) 302613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 302713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3028f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (policydb_has_boundary_feature(p)) 3029f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle to_read = 3; 3030f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle 3031f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * to_read); 303213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 303313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 303413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 303513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 30368673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 30378673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 30388673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 303913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle usrdatum->s.value = le32_to_cpu(buf[1]); 3040f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle if (policydb_has_boundary_feature(p)) 3041f470207454f5f6ce539aa543e5168a07d667254bJoshua Brindle usrdatum->bounds = le32_to_cpu(buf[2]); 304213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 304313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 304413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 304513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 304613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 304713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 304813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 304913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 305013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 305113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type == POLICY_KERN) { 305213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&usrdatum->roles.roles, fp)) 305313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 305413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 305513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role_set_read(&usrdatum->roles, fp)) 305613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 305713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 305813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 305913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* users were not allowed in mls modules before version 306013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been 306113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * required - the mls fields will be empty. user declarations in 306213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * non-mls modules will also have empty mls fields */ 306313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->policy_type == POLICY_KERN 306413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= POLICYDB_VERSION_MLS) 306513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_MOD 306613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS 306713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS) 306813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_BASE 306913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS 307013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) { 307113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_range_helper(&usrdatum->exp_range, fp)) 307213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 307313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_level(&usrdatum->exp_dfltlevel, fp)) 307413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 307513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type != POLICY_KERN) { 307613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_range_to_semantic(&usrdatum->exp_range, 307713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &usrdatum->range)) 307813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 307913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_level_to_semantic(&usrdatum->exp_dfltlevel, 308013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &usrdatum->dfltlevel)) 308113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 308213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 308313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if ((p->policy_type == POLICY_MOD 308413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS) 308513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_BASE 308613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) { 308713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_semantic_range_helper(&usrdatum->range, fp)) 308813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 308913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp)) 309013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 309113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 309213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 309313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, usrdatum)) 309413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 309513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 309613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 309713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 309813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 309913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle user_destroy(key, usrdatum, NULL); 310013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 310113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 310213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 310313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int sens_read(policydb_t * p 310413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), hashtab_t h, 310513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 310613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 310713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 310813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level_datum_t *levdatum; 310913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], len; 311013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 311113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 311213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum = malloc(sizeof(level_datum_t)); 311313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!levdatum) 311413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 311513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level_datum_init(levdatum); 311613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 311713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 311813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 311913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 312013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 312113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 31228673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 31238673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 31248673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 312513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum->isalias = le32_to_cpu(buf[1]); 312613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 312713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 312813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 312913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 313013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 313113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 313213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 313313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 313413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 313513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle levdatum->level = malloc(sizeof(mls_level_t)); 313613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!levdatum->level || mls_read_level(levdatum->level, fp)) 313713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 313813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 313913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, levdatum)) 314013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 314113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 314213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 314313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 314413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 314513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sens_destroy(key, levdatum, NULL); 314613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 314713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 314813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 314913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int cat_read(policydb_t * p 315013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), hashtab_t h, 315113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 315213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 315313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = 0; 315413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat_datum_t *catdatum; 315513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[3], len; 315613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 315713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 315813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle catdatum = malloc(sizeof(cat_datum_t)); 315913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!catdatum) 316013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 316113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat_datum_init(catdatum); 316213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 316313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t) * 3)); 316413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 316513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 316613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 316713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 31688673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if(zero_or_saturated(len)) 31698673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 31708673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts 317113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle catdatum->s.value = le32_to_cpu(buf[1]); 317213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle catdatum->isalias = le32_to_cpu(buf[2]); 317313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 317413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(len + 1); 317513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 317613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 317713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, len); 317813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 317913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 318013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[len] = 0; 318113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 318213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, catdatum)) 318313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 318413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 318513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 318613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 318713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 318813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cat_destroy(key, catdatum, NULL); 318913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 319013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 319113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 319213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h, 319313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file * fp) = { 319413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommon_read, class_read, role_read, type_read, user_read, 319513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cond_read_bool, sens_read, cat_read,}; 319613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 319713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/************** module reading functions below **************/ 319813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 319913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic avrule_t *avrule_read(policydb_t * p 320013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __attribute__ ((unused)), struct policy_file *fp) 320113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 320213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 320313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], len; 320413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perm_node_t *cur, *tail = NULL; 320513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *avrule; 320613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 320713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 320813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule = (avrule_t *) malloc(sizeof(avrule_t)); 320913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!avrule) 321013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return NULL; 321113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 321213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_init(avrule); 321313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 321413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 321513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 321613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 321713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 321813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (avrule)->specified = le32_to_cpu(buf[0]); 321913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (avrule)->flags = le32_to_cpu(buf[1]); 322013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 322113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&avrule->stypes, fp)) 322213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 322313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 322413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&avrule->ttypes, fp)) 322513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 322613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 322713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 322813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 322913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 323013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 323113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 323213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < len; i++) { 323313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t)); 323413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cur) 323513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 323613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle class_perm_node_init(cur); 323713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 323813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 323913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 324013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(cur); 324113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 324213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 324313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3244ed7a6ba24ad3241e696fa7bc9bb56bb4f373147bdcashman cur->tclass = le32_to_cpu(buf[0]); 324513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur->data = le32_to_cpu(buf[1]); 324613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 324713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tail) { 324813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule->perms = cur; 324913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 325013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tail->next = cur; 325113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 325213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tail = cur; 325313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 325413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 325513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return avrule; 325613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 325713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule) { 325813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_destroy(avrule); 325913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(avrule); 326013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 326113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return NULL; 326213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 326313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 326413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int range_read(policydb_t * p, struct policy_file *fp) 326513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 326613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], nel; 32678fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley range_trans_t *rt = NULL; 32688fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley struct mls_range *r = NULL; 32698fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley range_trans_rule_t *rtr = NULL, *lrtr = NULL; 327013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 327113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int new_rangetr = (p->policy_type == POLICY_KERN && 327213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policyvers >= POLICYDB_VERSION_RANGETRANS); 327313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 327413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 327513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 327613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 327713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 327813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 327913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 328013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt = calloc(1, sizeof(range_trans_t)); 328113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!rt) 328213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 328313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t) * 2)); 328413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 32858fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 328613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt->source_type = le32_to_cpu(buf[0]); 328713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt->target_type = le32_to_cpu(buf[1]); 328813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (new_rangetr) { 328913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, (sizeof(uint32_t))); 329013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 32918fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 329213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt->target_class = le32_to_cpu(buf[0]); 329313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else 329413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt->target_class = SECCLASS_PROCESS; 32958fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley r = calloc(1, sizeof(*r)); 32968fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (!r) 32978fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 32988fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (mls_read_range_helper(r, fp)) 32998fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 33008fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 33018fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (p->policy_type == POLICY_KERN) { 33028fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r); 33038fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (rc) 33048fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 33058fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rt = NULL; 33068fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley r = NULL; 33078fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley continue; 33088fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley } 33098fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 33108fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley /* Module policy: convert to range_trans_rule and discard. */ 331113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rtr = malloc(sizeof(range_trans_rule_t)); 33128fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (!rtr) 33138fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 331413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_init(rtr); 331513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 331613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1)) 33178fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 331813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 331913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1)) 33208fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 332113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 332213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) 33238fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 332413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33258fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (mls_range_to_semantic(r, &rtr->trange)) 33268fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley goto err; 33278fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley 33288fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (lrtr) 33298fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley lrtr->next = rtr; 33308fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley else 33318fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley p->global->enabled->range_tr_rules = rtr; 333213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33338fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(rt); 33348fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley rt = NULL; 33358fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(r); 33368fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley r = NULL; 333713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lrtr = rtr; 333813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 333913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33408fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return 0; 33418fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalleyerr: 33428fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(rt); 33438fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (r) { 33448fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley mls_range_destroy(r); 33458fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(r); 334613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 33478fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley if (rtr) { 33488fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley range_trans_rule_destroy(rtr); 33498fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley free(rtr); 335013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 33518fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley return -1; 335213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 335313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 335413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint avrule_read_list(policydb_t * p, avrule_t ** avrules, 335513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 335613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 335713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 335813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_t *cur, *tail; 335913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1], len; 336013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 336113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 336213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *avrules = tail = NULL; 336313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 336413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 336513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 336613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 336713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 336813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 336913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 337013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < len; i++) { 337113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cur = avrule_read(p, fp); 337213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cur) { 337313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 337413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 337513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 337613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tail) { 337713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *avrules = cur; 337813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 337913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tail->next = cur; 338013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 338113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tail = cur; 338213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 338313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 338413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 338513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 338613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 338734df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Parisstatic int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r, 338834df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris struct policy_file *fp) 338913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 339013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1], nel; 339113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 339213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_rule_t *tr, *ltr; 339313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 339413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 339513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 339613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 339713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 339813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 339913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr = NULL; 340013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 340113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr = malloc(sizeof(role_trans_rule_t)); 340213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tr) { 340313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 340413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 340513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_trans_rule_init(tr); 340613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 340713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ltr) { 340813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr->next = tr; 340913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 341013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r = tr; 341113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 341213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 341313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role_set_read(&tr->roles, fp)) 341413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 341513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 341613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&tr->types, fp)) 341713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 341813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 341934df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) { 342034df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris if (ebitmap_read(&tr->classes, fp)) 342134df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris return -1; 342234df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris } else { 342334df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1)) 342434df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris return -1; 342534df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris } 34266db9b74210197f792a52038abbd10e946e99e49dHarry Ciao 342713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 342813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 342913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 343013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tr->new_role = le32_to_cpu(buf[0]); 343113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ltr = tr; 343213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 343313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 343413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 343513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 343613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 343713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp) 343813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 343913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 344013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1], nel; 344113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_rule_t *ra, *lra; 344213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 344313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 344413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 344513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 344613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 344713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 344813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra = NULL; 344913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 345013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ra = malloc(sizeof(role_allow_rule_t)); 345113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ra) { 345213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 345313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 345413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_rule_init(ra); 345513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 345613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lra) { 345713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra->next = ra; 345813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 345913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r = ra; 346013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 346113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 346213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role_set_read(&ra->roles, fp)) 346313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 346413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 346513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role_set_read(&ra->new_roles, fp)) 346613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 346713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 346813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lra = ra; 346913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 347013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 347113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 347213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34736eeb71538ea29b639ac7549831cd1aa4da32722aEric Parisstatic int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp) 34746eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris{ 34756eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris uint32_t buf[2], nel; 34766eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris unsigned int i, len; 34776eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris filename_trans_rule_t *ftr, *lftr; 34786eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris int rc; 34796eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 34806eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t)); 34816eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 34826eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 34836eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris nel = le32_to_cpu(buf[0]); 34846eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris lftr = NULL; 34856eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris for (i = 0; i < nel; i++) { 34866eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ftr = malloc(sizeof(*ftr)); 34876eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (!ftr) 34886eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 34896eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 34906eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris filename_trans_rule_init(ftr); 34916eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 34926eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (lftr) 34936eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris lftr->next = ftr; 34946eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris else 34956eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris *r = ftr; 34966eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris lftr = ftr; 34976eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 34986eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t)); 34996eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 35006eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35016eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35026eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris len = le32_to_cpu(buf[0]); 35038673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 35048673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts return -1; 35056eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35066eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ftr->name = malloc(len + 1); 35076eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (!ftr->name) 35086eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35096eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35106eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(ftr->name, fp, len); 35116eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc) 35126eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35136eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ftr->name[len] = 0; 35146eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35156eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (type_set_read(&ftr->stypes, fp)) 35166eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35176eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35186eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (type_set_read(&ftr->ttypes, fp)) 35196eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35206eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35216eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 35226eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (rc < 0) 35236eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 35246eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ftr->tclass = le32_to_cpu(buf[0]); 35256eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris ftr->otype = le32_to_cpu(buf[1]); 35266eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris } 35276eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 35286eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return 0; 35296eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris} 35306eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 353113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int range_trans_rule_read(range_trans_rule_t ** r, 353213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 353313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 353413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1], nel; 353513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 353613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_t *rt, *lrt = NULL; 353713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 353813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 353913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 354013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 354113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 354213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 354313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) { 354413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rt = malloc(sizeof(range_trans_rule_t)); 354513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!rt) { 354613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 354713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 354813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_init(rt); 354913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 355013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (lrt) 355113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lrt->next = rt; 355213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 355313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r = rt; 355413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 355513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&rt->stypes, fp)) 355613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 355713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 355813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (type_set_read(&rt->ttypes, fp)) 355913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 356013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 356113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&rt->tclasses, fp)) 356213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 356313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 356413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (mls_read_semantic_range_helper(&rt->trange, fp)) 356513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 356613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 356713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lrt = rt; 356813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 356913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 357013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 357113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 357213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 357313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int scope_index_read(scope_index_t * scope_index, 357413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int num_scope_syms, struct policy_file *fp) 357513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 357613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 357713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1]; 357813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 357913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 358013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < num_scope_syms; i++) { 35810a32f3b169d7fd8ae3d569cbd21cb67f6f019f98Nicolas Iooss if (ebitmap_read(scope_index->scope + i, fp) < 0) { 358213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 358313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 358413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 358513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 358613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 358713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 358813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_index->class_perms_len = le32_to_cpu(buf[0]); 358913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope_index->class_perms_len == 0) { 359013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_index->class_perms_map = NULL; 359113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 359213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 359313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((scope_index->class_perms_map = 359413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle calloc(scope_index->class_perms_len, 359513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sizeof(*scope_index->class_perms_map))) == NULL) { 359613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 359713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 359813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < scope_index->class_perms_len; i++) { 35990a32f3b169d7fd8ae3d569cbd21cb67f6f019f98Nicolas Iooss if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) { 360013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 360113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 360213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 360313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 360413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 360513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 360613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, 360713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int num_scope_syms, struct policy_file *fp) 360813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 360913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2], nprim, nel; 361013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i, j; 361113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 361213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 361313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 361413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 361513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 361613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl->decl_id = le32_to_cpu(buf[0]); 361713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl->enabled = le32_to_cpu(buf[1]); 361813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cond_read_list(p, &decl->cond_list, fp) == -1 || 361913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_read_list(p, &decl->avrules, fp) == -1 || 362034df32ab85a914c2bb7430e40716be7cbfa0a6bbEric Paris role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 || 362113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle role_allow_rule_read(&decl->role_allow_rules, fp) == -1) { 362213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 362313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 36246eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 36256eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && 36266eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris filename_trans_rule_read(&decl->filename_trans_rules, fp)) 36276eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris return -1; 36286eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris 362913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS && 363013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle range_trans_rule_read(&decl->range_tr_rules, fp) == -1) { 363113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 363213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 363313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 || 363413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_index_read(&decl->declared, num_scope_syms, fp) == -1) { 363513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 363613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 363713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 363813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < num_scope_syms; i++) { 363913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 364013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 364113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 364213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nprim = le32_to_cpu(buf[0]); 364313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[1]); 364413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nel; j++) { 364513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_f[i] (p, decl->symtab[i].table, fp)) { 364613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 364713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 364813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 364913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle decl->symtab[i].nprim = nprim; 365013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 365113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 365213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 365313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 365413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int avrule_block_read(policydb_t * p, 365513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_t ** block, 365613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int num_scope_syms, 365713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policy_file *fp) 365813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 365913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_t *last_block = NULL, *curblock; 366013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[1], num_blocks, nel; 366113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 366213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 366392788715dc793f805b0ae56844216b844a34ea22Alice Chu assert(*block == NULL); 366492788715dc793f805b0ae56844216b844a34ea22Alice Chu 366513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 366613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 366713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 366813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_blocks = le32_to_cpu(buf[0]); 366913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = num_blocks; 367013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (num_blocks > 0) { 367113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_t *last_decl = NULL, *curdecl; 367213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t num_decls; 367313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((curblock = calloc(1, sizeof(*curblock))) == NULL) { 367413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 367513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 367613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 367713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 367813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(curblock); 367913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 368013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 368113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* if this is the first block its non-optional, else its optional */ 368213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (num_blocks != nel) 368313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle curblock->flags |= AVRULE_OPTIONAL; 368413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 368513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_decls = le32_to_cpu(buf[0]); 368613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (num_decls > 0) { 368713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((curdecl = avrule_decl_create(0)) == NULL) { 368813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_destroy(curblock); 368913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 369013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 369113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == 369213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle -1) { 369313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_destroy(curdecl); 369413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_destroy(curblock); 369513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 369613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 369713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (curdecl->enabled) { 369813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (curblock->enabled != NULL) { 369913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* probably a corrupt file */ 370013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_decl_destroy(curdecl); 370113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_destroy(curblock); 370213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 370313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 370413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle curblock->enabled = curdecl; 370513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 370613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* one must be careful to reconstruct the 370713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * decl chain in its correct order */ 370813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (curblock->branch_list == NULL) { 370913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle curblock->branch_list = curdecl; 371013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 371192788715dc793f805b0ae56844216b844a34ea22Alice Chu assert(last_decl); 371213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle last_decl->next = curdecl; 371313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 371413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle last_decl = curdecl; 371513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_decls--; 371613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 371713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 371813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (*block == NULL) { 371913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *block = curblock; 372013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 372192788715dc793f805b0ae56844216b844a34ea22Alice Chu assert(last_block); 372213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle last_block->next = curblock; 372313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 372413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle last_block = curblock; 372513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 372613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle num_blocks--; 372713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 372813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 372913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 373013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 373113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 373213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int scope_read(policydb_t * p, int symnum, struct policy_file *fp) 373313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 373413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_datum_t *scope = NULL; 373513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t buf[2]; 373613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *key = NULL; 373713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t key_len; 373813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i; 373913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle hashtab_t h = p->scope[symnum].table; 374013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 374113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 374213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t)); 374313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 374413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 374513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key_len = le32_to_cpu(buf[0]); 37468673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(key_len)) 37478673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto cleanup; 374813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = malloc(key_len + 1); 374913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!key) 375013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 375113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(key, fp, key_len); 375213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 375313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 375413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key[key_len] = '\0'; 375513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 375613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* ensure that there already exists a symbol with this key */ 375713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_search(p->symtab[symnum].table, key) == NULL) { 375813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 375913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 376013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 376113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((scope = calloc(1, sizeof(*scope))) == NULL) { 376213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 376313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 376413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 376513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 376613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 376713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope->scope = le32_to_cpu(buf[0]); 376813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope->decl_ids_len = le32_to_cpu(buf[1]); 3769784b43b2ae04bbd8a689f6c32086d4c43bc2c89eNicolas Iooss if (scope->decl_ids_len == 0) { 3770784b43b2ae04bbd8a689f6c32086d4c43bc2c89eNicolas Iooss ERR(fp->handle, "invalid scope with no declaration"); 3771784b43b2ae04bbd8a689f6c32086d4c43bc2c89eNicolas Iooss goto cleanup; 3772784b43b2ae04bbd8a689f6c32086d4c43bc2c89eNicolas Iooss } 377313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((scope->decl_ids = 377413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { 377513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 377613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 377713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); 377813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 377913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 378013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < scope->decl_ids_len; i++) { 378113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]); 378213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 378313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 378413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) { 378513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* object_r was already added to this table in roles_init() */ 378613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_destroy(key, scope, NULL); 378713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 378813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_insert(h, key, scope)) { 378913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto cleanup; 379013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 379113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 379213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 379313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 379413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 379513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cleanup: 379613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle scope_destroy(key, scope, NULL); 379713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 379813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 379913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 380013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 380113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Read the configuration data from a policy database binary 380213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * representation file into a policy database structure. 380313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 380413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) 380513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 380613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 380713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i, j, r_policyvers; 3808033959726bf32ab59a52201e0696f269c0810609Justin P. Mattock uint32_t buf[5]; 380913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t len, nprim, nel; 3810505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi char *policydb_str; 381113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct policydb_compat_info *info; 381213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int policy_type, bufindex; 381313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_node_t *tnode; 381413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 381513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 381613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Read the magic number and string length. */ 381713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 381813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 381913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 382013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < 2; i++) 382113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle buf[i] = le32_to_cpu(buf[i]); 382213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 382313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (buf[0] == POLICYDB_MAGIC) { 382413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_type = POLICY_KERN; 382513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (buf[0] == POLICYDB_MOD_MAGIC) { 382613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_type = POLICY_MOD; 382713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 382813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "policydb magic number %#08x does not " 382913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "match expected magic number %#08x or %#08x", 383013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC); 383113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 383213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 383313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 383413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = buf[1]; 38358673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) { 38368673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero"); 383713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 383813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 383913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 384013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_str = malloc(len + 1); 384113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!policydb_str) { 384213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "unable to allocate memory for policydb " 384313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "string of length %zu", len); 384413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 384513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 384613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(policydb_str, fp, len); 384713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) { 384813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "truncated policydb string identifier"); 384913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(policydb_str); 385013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 385113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 385213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_str[len] = 0; 3853505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 3854505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (policy_type == POLICY_KERN) { 3855505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi for (i = 0; i < POLICYDB_TARGET_SZ; i++) { 3856505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if ((strcmp(policydb_str, policydb_target_strings[i]) 3857505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi == 0)) { 3858505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_set_target_platform(p, i); 3859505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi break; 3860505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 3861505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 3862505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 3863505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (i == POLICYDB_TARGET_SZ) { 3864505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ERR(fp->handle, "cannot find a valid target for policy " 3865505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi "string %s", policydb_str); 3866505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(policydb_str); 3867505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return POLICYDB_ERROR; 3868505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 3869505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } else { 3870505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (strcmp(policydb_str, POLICYDB_MOD_STRING)) { 3871505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi ERR(fp->handle, "invalid string identifier %s", 3872505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi policydb_str); 3873505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi free(policydb_str); 3874505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return POLICYDB_ERROR; 3875505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi } 387613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 3877505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 387813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Done with policydb_str. */ 387913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(policydb_str); 388013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policydb_str = NULL; 388113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 388213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Read the version, config, and table sizes (and policy type if it's a module). */ 388313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type == POLICY_KERN) 388413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = 4; 388513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else 388613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = 5; 388713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 388813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * nel); 388913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 389013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 389113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < nel; i++) 389213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle buf[i] = le32_to_cpu(buf[i]); 389313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 389413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bufindex = 0; 389513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 389613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type == POLICY_MOD) { 389713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* We know it's a module but not whether it's a base 389813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle module or regular binary policy module. buf[0] 389913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tells us which. */ 390013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_type = buf[bufindex]; 390113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) { 390213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "unknown module type: %#08x", 390313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle policy_type); 390413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 390513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 390613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bufindex++; 390713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 390813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 390913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r_policyvers = buf[bufindex]; 391013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type == POLICY_KERN) { 391113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (r_policyvers < POLICYDB_VERSION_MIN || 391213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r_policyvers > POLICYDB_VERSION_MAX) { 391313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "policydb version %d does not match " 391413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "my version range %d-%d", buf[bufindex], 391513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); 391613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 391713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 391813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) { 391913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (r_policyvers < MOD_POLICYDB_VERSION_MIN || 392013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r_policyvers > MOD_POLICYDB_VERSION_MAX) { 392113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "policydb module version %d does " 392213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "not match my version range %d-%d", 392313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle buf[bufindex], MOD_POLICYDB_VERSION_MIN, 392413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle MOD_POLICYDB_VERSION_MAX); 392513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 392613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 392713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 392813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle assert(0); 392913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 393013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bufindex++; 393113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 393213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Set the policy type and version from the read values. */ 393313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policy_type = policy_type; 393413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policyvers = r_policyvers; 393513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 393613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (buf[bufindex] & POLICYDB_CONFIG_MLS) { 393713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->mls = 1; 393813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 393913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->mls = 0; 394013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 394113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 394213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK; 394313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 394413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bufindex++; 394513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3946505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi info = policydb_lookup_compat(r_policyvers, policy_type, 3947505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi p->target_platform); 394813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!info) { 394913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, "unable to find policy compat info " 395013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "for version %d", r_policyvers); 395113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 395213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 395313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 395413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (buf[bufindex] != info->sym_num 395513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || buf[bufindex + 1] != info->ocon_num) { 395613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(fp->handle, 395713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "policydb table sizes (%d,%d) do not " "match mine (%d,%d)", 395813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle buf[bufindex], buf[bufindex + 1], info->sym_num, 395913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle info->ocon_num); 396013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 396113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 396213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 396313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policy_type == POLICY_MOD) { 396413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Get the module name and version */ 396513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 396613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 396713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 396813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 39698673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 39708673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 397113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->name = malloc(len + 1)) == NULL) { 397213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 397313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 397413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = next_entry(p->name, fp, len)) < 0) { 397513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 397613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 397713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->name[len] = '\0'; 397813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 397913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 398013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 398113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle len = le32_to_cpu(buf[0]); 39828673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts if (zero_or_saturated(len)) 39838673854fb8b7006e92a4b1ce338ed229b0e1a9f6William Roberts goto bad; 398413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->version = malloc(len + 1)) == NULL) { 398513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 398613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 398713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = next_entry(p->version, fp, len)) < 0) { 398813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 398913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 399013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->version[len] = '\0'; 399113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 399213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 399313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->policyvers >= POLICYDB_VERSION_POLCAP && 399413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policy_type == POLICY_KERN) || 399513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 399613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policy_type == POLICY_BASE) || 399713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP && 399813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policy_type == POLICY_MOD)) { 399913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&p->policycaps, fp)) 400013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 400113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 400213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 400313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE && 400413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->policy_type == POLICY_KERN) { 400513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&p->permissive_map, fp)) 400613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 400713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 400813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 400913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < info->sym_num; i++) { 401013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = next_entry(buf, fp, sizeof(uint32_t) * 2); 401113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc < 0) 401213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 401313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nprim = le32_to_cpu(buf[0]); 401413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[1]); 401502a7d77ef2bf8e9be5df04d647b39e2ddbf6af6eNicolas Iooss if (nel && !nprim) { 401602a7d77ef2bf8e9be5df04d647b39e2ddbf6af6eNicolas Iooss ERR(fp->handle, "unexpected items in symbol table with no symbol"); 401702a7d77ef2bf8e9be5df04d647b39e2ddbf6af6eNicolas Iooss goto bad; 401802a7d77ef2bf8e9be5df04d647b39e2ddbf6af6eNicolas Iooss } 401913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nel; j++) { 402013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (read_f[i] (p, p->symtab[i].table, fp)) 402113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 402213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 402313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 402413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->symtab[i].nprim = nprim; 402513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 402613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 402713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type == POLICY_KERN) { 402813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avtab_read(&p->te_avtab, fp, r_policyvers)) 402913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 403013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (r_policyvers >= POLICYDB_VERSION_BOOL) 403113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cond_read_list(p, &p->cond_list, fp)) 403213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 403393417dfa28606d48dc3e37e05d5a3aeaa1488870Harry Ciao if (role_trans_read(p, fp)) 403413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 403513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (role_allow_read(&p->role_allow, fp)) 403613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 40376eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS && 40388fdb2255215a1f1488b613737b5fbffb873d8376Stephen Smalley filename_trans_read(p, fp)) 40396eeb71538ea29b639ac7549831cd1aa4da32722aEric Paris goto bad; 404013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 404113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* first read the AV rule blocks, then the scope tables */ 404213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle avrule_block_destroy(p->global); 404313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->global = NULL; 404413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) { 404513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 404613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 404713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < info->sym_num; i++) { 404813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) { 404913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 405013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 405113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nel = le32_to_cpu(buf[0]); 405213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (j = 0; j < nel; j++) { 405313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (scope_read(p, i, fp)) 405413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 405513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 405613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 405713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 405813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 405913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40609872b04a8020417664143e35925f81d4ecc5ee96Nicolas Iooss if (policydb_index_decls(fp->handle, p)) 406113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 406213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 406313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_classes(p)) 406413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 406513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 406613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_others(fp->handle, p, verbose)) 406713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 406813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 406913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ocontext_read(info, p, fp) == -1) { 407013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 407113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 407213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 407313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (genfs_read(p, fp) == -1) { 407413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 407513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 407613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 407713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ((p->policy_type == POLICY_KERN 407813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= POLICYDB_VERSION_MLS) 407913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || (p->policy_type == POLICY_BASE 408013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers >= MOD_POLICYDB_VERSION_MLS 408113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) { 408213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (range_read(p, fp)) { 408313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 408413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 408513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 408613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 408713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policy_type == POLICY_KERN) { 408813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 408913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); 409013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->type_attr_map || !p->attr_type_map) 409113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 409213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_types.nprim; i++) { 409313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&p->type_attr_map[i]); 409413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_init(&p->attr_type_map[i]); 409513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 409613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < p->p_types.nprim; i++) { 409713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (r_policyvers >= POLICYDB_VERSION_AVTAB) { 409813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_read(&p->type_attr_map[i], fp)) 409913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 410013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ebitmap_for_each_bit(&p->type_attr_map[i], 410113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tnode, j) { 410213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!ebitmap_node_get_bit(tnode, j) 410313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle || i == j) 410413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 4105d13bff623b8cee1dd299c224ab3ba367be978076William Roberts 4106d13bff623b8cee1dd299c224ab3ba367be978076William Roberts if (j >= p->p_types.nprim) 4107d13bff623b8cee1dd299c224ab3ba367be978076William Roberts goto bad; 4108d13bff623b8cee1dd299c224ab3ba367be978076William Roberts 410913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_set_bit 411013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (&p->attr_type_map[j], i, 1)) 411113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 411213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 411313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 411413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* add the type itself as the degenerate case */ 411513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) 411613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto bad; 411714eb8acb1a9779002f258f04016c1eba7369b229Stephen Smalley if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) { 411888d09b69795de11401355d2fcc6459bdc3f8a8a6James Carter if (ebitmap_set_bit(&p->attr_type_map[i], i, 1)) 411988d09b69795de11401355d2fcc6459bdc3f8a8a6James Carter goto bad; 412088d09b69795de11401355d2fcc6459bdc3f8a8a6James Carter } 412113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 412213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 412313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 412413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_SUCCESS; 412513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle bad: 412613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return POLICYDB_ERROR; 412713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 412813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 412913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint policydb_reindex_users(policydb_t * p) 413013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 413113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int i = SYM_USERS; 413213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 413313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->user_val_to_struct) 413413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->user_val_to_struct); 413513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (p->sym_val_to_name[i]) 413613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(p->sym_val_to_name[i]); 413713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 413813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->user_val_to_struct = (user_datum_t **) 4139fb0cc0cc649a12edf1dc846841a5d026b1cc20ecWilliam Roberts calloc(p->p_users.nprim, sizeof(user_datum_t *)); 414013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->user_val_to_struct) 414113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 414213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 414313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p->sym_val_to_name[i] = (char **) 4144fb0cc0cc649a12edf1dc846841a5d026b1cc20ecWilliam Roberts calloc(p->symtab[i].nprim, sizeof(char *)); 414513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!p->sym_val_to_name[i]) 414613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 414713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 414813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->symtab[i].table, index_f[i], p)) 414913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 415013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 415113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Expand user roles for context validity checking */ 415213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (hashtab_map(p->p_users.table, policydb_user_cache, p)) 415313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 415413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 415513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 415613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 415713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 415813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid policy_file_init(policy_file_t *pf) 415913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 416013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle memset(pf, 0, sizeof(policy_file_t)); 416113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 4162505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 4163505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzziint policydb_set_target_platform(policydb_t *p, int platform) 4164505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi{ 4165505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi if (platform == SEPOL_TARGET_SELINUX) 4166505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi p->target_platform = SEPOL_TARGET_SELINUX; 4167505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi else if (platform == SEPOL_TARGET_XEN) 4168505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi p->target_platform = SEPOL_TARGET_XEN; 4169505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi else 4170505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return -1; 4171505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 4172505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi return 0; 4173505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi} 4174505c75aad7f16e0db9ccfeb04eaa70f242e6b060Paul Nuzzi 4175