search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[XFS] replace some large xfs_log_priv.h macros by proper functions
[linux-2.6/kvm.git] / security / selinux / ss / policydb.c
blobf05f97a2bc3a1343e5960f1c409a8ae0e7e565f4
1 /*
2 * Implementation of the policy database.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6
7 /*
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
9 *
10 * Support for enhanced MLS infrastructure.
11 *
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
13 *
14 * Added conditional policy language extensions
15 *
16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, version 2.
21 */
22
23 #include <linux/kernel.h>
24 #include <linux/sched.h>
25 #include <linux/slab.h>
26 #include <linux/string.h>
27 #include <linux/errno.h>
28 #include "security.h"
29
30 #include "policydb.h"
31 #include "conditional.h"
32 #include "mls.h"
33
34 #define _DEBUG_HASHES
35
36 #ifdef DEBUG_HASHES
37 static char *symtab_name[SYM_NUM] = {
38 "common prefixes",
39 "classes",
40 "roles",
41 "types",
42 "users",
43 "bools",
44 "levels",
45 "categories",
46 };
47 #endif
48
49 int selinux_mls_enabled = 0;
50
51 static unsigned int symtab_sizes[SYM_NUM] = {
52 2,
53 32,
54 16,
55 512,
56 128,
57 16,
58 16,
59 16,
60 };
61
62 struct policydb_compat_info {
63 int version;
64 int sym_num;
65 int ocon_num;
66 };
67
68 /* These need to be updated if SYM_NUM or OCON_NUM changes */
69 static struct policydb_compat_info policydb_compat[] = {
70 {
71 .version = POLICYDB_VERSION_BASE,
72 .sym_num = SYM_NUM - 3,
73 .ocon_num = OCON_NUM - 1,
74 },
75 {
76 .version = POLICYDB_VERSION_BOOL,
77 .sym_num = SYM_NUM - 2,
78 .ocon_num = OCON_NUM - 1,
79 },
80 {
81 .version = POLICYDB_VERSION_IPV6,
82 .sym_num = SYM_NUM - 2,
83 .ocon_num = OCON_NUM,
84 },
85 {
86 .version = POLICYDB_VERSION_NLCLASS,
87 .sym_num = SYM_NUM - 2,
88 .ocon_num = OCON_NUM,
89 },
90 {
91 .version = POLICYDB_VERSION_MLS,
92 .sym_num = SYM_NUM,
93 .ocon_num = OCON_NUM,
94 },
95 {
96 .version = POLICYDB_VERSION_AVTAB,
97 .sym_num = SYM_NUM,
98 .ocon_num = OCON_NUM,
99 },
100 {
101 .version = POLICYDB_VERSION_RANGETRANS,
102 .sym_num = SYM_NUM,
103 .ocon_num = OCON_NUM,
104 },
105 };
106
107 static struct policydb_compat_info *policydb_lookup_compat(int version)
108 {
109 int i;
110 struct policydb_compat_info *info = NULL;
111
112 for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
113 if (policydb_compat[i].version == version) {
114 info = &policydb_compat[i];
115 break;
116 }
117 }
118 return info;
119 }
120
121 /*
122 * Initialize the role table.
123 */
124 static int roles_init(struct policydb *p)
125 {
126 char *key = NULL;
127 int rc;
128 struct role_datum *role;
129
130 role = kzalloc(sizeof(*role), GFP_KERNEL);
131 if (!role) {
132 rc = -ENOMEM;
133 goto out;
134 }
135 role->value = ++p->p_roles.nprim;
136 if (role->value != OBJECT_R_VAL) {
137 rc = -EINVAL;
138 goto out_free_role;
139 }
140 key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
141 if (!key) {
142 rc = -ENOMEM;
143 goto out_free_role;
144 }
145 strcpy(key, OBJECT_R);
146 rc = hashtab_insert(p->p_roles.table, key, role);
147 if (rc)
148 goto out_free_key;
149 out:
150 return rc;
151
152 out_free_key:
153 kfree(key);
154 out_free_role:
155 kfree(role);
156 goto out;
157 }
158
159 /*
160 * Initialize a policy database structure.
161 */
162 static int policydb_init(struct policydb *p)
163 {
164 int i, rc;
165
166 memset(p, 0, sizeof(*p));
167
168 for (i = 0; i < SYM_NUM; i++) {
169 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
170 if (rc)
171 goto out_free_symtab;
172 }
173
174 rc = avtab_init(&p->te_avtab);
175 if (rc)
176 goto out_free_symtab;
177
178 rc = roles_init(p);
179 if (rc)
180 goto out_free_avtab;
181
182 rc = cond_policydb_init(p);
183 if (rc)
184 goto out_free_avtab;
185
186 out:
187 return rc;
188
189 out_free_avtab:
190 avtab_destroy(&p->te_avtab);
191
192 out_free_symtab:
193 for (i = 0; i < SYM_NUM; i++)
194 hashtab_destroy(p->symtab[i].table);
195 goto out;
196 }
197
198 /*
199 * The following *_index functions are used to
200 * define the val_to_name and val_to_struct arrays
201 * in a policy database structure. The val_to_name
202 * arrays are used when converting security context
203 * structures into string representations. The
204 * val_to_struct arrays are used when the attributes
205 * of a class, role, or user are needed.
206 */
207
208 static int common_index(void *key, void *datum, void *datap)
209 {
210 struct policydb *p;
211 struct common_datum *comdatum;
212
213 comdatum = datum;
214 p = datap;
215 if (!comdatum->value || comdatum->value > p->p_commons.nprim)
216 return -EINVAL;
217 p->p_common_val_to_name[comdatum->value - 1] = key;
218 return 0;
219 }
220
221 static int class_index(void *key, void *datum, void *datap)
222 {
223 struct policydb *p;
224 struct class_datum *cladatum;
225
226 cladatum = datum;
227 p = datap;
228 if (!cladatum->value || cladatum->value > p->p_classes.nprim)
229 return -EINVAL;
230 p->p_class_val_to_name[cladatum->value - 1] = key;
231 p->class_val_to_struct[cladatum->value - 1] = cladatum;
232 return 0;
233 }
234
235 static int role_index(void *key, void *datum, void *datap)
236 {
237 struct policydb *p;
238 struct role_datum *role;
239
240 role = datum;
241 p = datap;
242 if (!role->value || role->value > p->p_roles.nprim)
243 return -EINVAL;
244 p->p_role_val_to_name[role->value - 1] = key;
245 p->role_val_to_struct[role->value - 1] = role;
246 return 0;
247 }
248
249 static int type_index(void *key, void *datum, void *datap)
250 {
251 struct policydb *p;
252 struct type_datum *typdatum;
253
254 typdatum = datum;
255 p = datap;
256
257 if (typdatum->primary) {
258 if (!typdatum->value || typdatum->value > p->p_types.nprim)
259 return -EINVAL;
260 p->p_type_val_to_name[typdatum->value - 1] = key;
261 }
262
263 return 0;
264 }
265
266 static int user_index(void *key, void *datum, void *datap)
267 {
268 struct policydb *p;
269 struct user_datum *usrdatum;
270
271 usrdatum = datum;
272 p = datap;
273 if (!usrdatum->value || usrdatum->value > p->p_users.nprim)
274 return -EINVAL;
275 p->p_user_val_to_name[usrdatum->value - 1] = key;
276 p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
277 return 0;
278 }
279
280 static int sens_index(void *key, void *datum, void *datap)
281 {
282 struct policydb *p;
283 struct level_datum *levdatum;
284
285 levdatum = datum;
286 p = datap;
287
288 if (!levdatum->isalias) {
289 if (!levdatum->level->sens ||
290 levdatum->level->sens > p->p_levels.nprim)
291 return -EINVAL;
292 p->p_sens_val_to_name[levdatum->level->sens - 1] = key;
293 }
294
295 return 0;
296 }
297
298 static int cat_index(void *key, void *datum, void *datap)
299 {
300 struct policydb *p;
301 struct cat_datum *catdatum;
302
303 catdatum = datum;
304 p = datap;
305
306 if (!catdatum->isalias) {
307 if (!catdatum->value || catdatum->value > p->p_cats.nprim)
308 return -EINVAL;
309 p->p_cat_val_to_name[catdatum->value - 1] = key;
310 }
311
312 return 0;
313 }
314
315 static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) =
316 {
317 common_index,
318 class_index,
319 role_index,
320 type_index,
321 user_index,
322 cond_index_bool,
323 sens_index,
324 cat_index,
325 };
326
327 /*
328 * Define the common val_to_name array and the class
329 * val_to_name and val_to_struct arrays in a policy
330 * database structure.
331 *
332 * Caller must clean up upon failure.
333 */
334 static int policydb_index_classes(struct policydb *p)
335 {
336 int rc;
337
338 p->p_common_val_to_name =
339 kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL);
340 if (!p->p_common_val_to_name) {
341 rc = -ENOMEM;
342 goto out;
343 }
344
345 rc = hashtab_map(p->p_commons.table, common_index, p);
346 if (rc)
347 goto out;
348
349 p->class_val_to_struct =
350 kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL);
351 if (!p->class_val_to_struct) {
352 rc = -ENOMEM;
353 goto out;
354 }
355
356 p->p_class_val_to_name =
357 kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL);
358 if (!p->p_class_val_to_name) {
359 rc = -ENOMEM;
360 goto out;
361 }
362
363 rc = hashtab_map(p->p_classes.table, class_index, p);
364 out:
365 return rc;
366 }
367
368 #ifdef DEBUG_HASHES
369 static void symtab_hash_eval(struct symtab *s)
370 {
371 int i;
372
373 for (i = 0; i < SYM_NUM; i++) {
374 struct hashtab *h = s[i].table;
375 struct hashtab_info info;
376
377 hashtab_stat(h, &info);
378 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, "
379 "longest chain length %d\n", symtab_name[i], h->nel,
380 info.slots_used, h->size, info.max_chain_len);
381 }
382 }
383 #endif
384
385 /*
386 * Define the other val_to_name and val_to_struct arrays
387 * in a policy database structure.
388 *
389 * Caller must clean up on failure.
390 */
391 static int policydb_index_others(struct policydb *p)
392 {
393 int i, rc = 0;
394
395 printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools",
396 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
397 if (selinux_mls_enabled)
398 printk(", %d sens, %d cats", p->p_levels.nprim,
399 p->p_cats.nprim);
400 printk("\n");
401
402 printk(KERN_DEBUG "security: %d classes, %d rules\n",
403 p->p_classes.nprim, p->te_avtab.nel);
404
405 #ifdef DEBUG_HASHES
406 avtab_hash_eval(&p->te_avtab, "rules");
407 symtab_hash_eval(p->symtab);
408 #endif
409
410 p->role_val_to_struct =
411 kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
412 GFP_KERNEL);
413 if (!p->role_val_to_struct) {
414 rc = -ENOMEM;
415 goto out;
416 }
417
418 p->user_val_to_struct =
419 kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
420 GFP_KERNEL);
421 if (!p->user_val_to_struct) {
422 rc = -ENOMEM;
423 goto out;
424 }
425
426 if (cond_init_bool_indexes(p)) {
427 rc = -ENOMEM;
428 goto out;
429 }
430
431 for (i = SYM_ROLES; i < SYM_NUM; i++) {
432 p->sym_val_to_name[i] =
433 kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL);
434 if (!p->sym_val_to_name[i]) {
435 rc = -ENOMEM;
436 goto out;
437 }
438 rc = hashtab_map(p->symtab[i].table, index_f[i], p);
439 if (rc)
440 goto out;
441 }
442
443 out:
444 return rc;
445 }
446
447 /*
448 * The following *_destroy functions are used to
449 * free any memory allocated for each kind of
450 * symbol data in the policy database.
451 */
452
453 static int perm_destroy(void *key, void *datum, void *p)
454 {
455 kfree(key);
456 kfree(datum);
457 return 0;
458 }
459
460 static int common_destroy(void *key, void *datum, void *p)
461 {
462 struct common_datum *comdatum;
463
464 kfree(key);
465 comdatum = datum;
466 hashtab_map(comdatum->permissions.table, perm_destroy, NULL);
467 hashtab_destroy(comdatum->permissions.table);
468 kfree(datum);
469 return 0;
470 }
471
472 static int cls_destroy(void *key, void *datum, void *p)
473 {
474 struct class_datum *cladatum;
475 struct constraint_node *constraint, *ctemp;
476 struct constraint_expr *e, *etmp;
477
478 kfree(key);
479 cladatum = datum;
480 hashtab_map(cladatum->permissions.table, perm_destroy, NULL);
481 hashtab_destroy(cladatum->permissions.table);
482 constraint = cladatum->constraints;
483 while (constraint) {
484 e = constraint->expr;
485 while (e) {
486 ebitmap_destroy(&e->names);
487 etmp = e;
488 e = e->next;
489 kfree(etmp);
490 }
491 ctemp = constraint;
492 constraint = constraint->next;
493 kfree(ctemp);
494 }
495
496 constraint = cladatum->validatetrans;
497 while (constraint) {
498 e = constraint->expr;
499 while (e) {
500 ebitmap_destroy(&e->names);
501 etmp = e;
502 e = e->next;
503 kfree(etmp);
504 }
505 ctemp = constraint;
506 constraint = constraint->next;
507 kfree(ctemp);
508 }
509
510 kfree(cladatum->comkey);
511 kfree(datum);
512 return 0;
513 }
514
515 static int role_destroy(void *key, void *datum, void *p)
516 {
517 struct role_datum *role;
518
519 kfree(key);
520 role = datum;
521 ebitmap_destroy(&role->dominates);
522 ebitmap_destroy(&role->types);
523 kfree(datum);
524 return 0;
525 }
526
527 static int type_destroy(void *key, void *datum, void *p)
528 {
529 kfree(key);
530 kfree(datum);
531 return 0;
532 }
533
534 static int user_destroy(void *key, void *datum, void *p)
535 {
536 struct user_datum *usrdatum;
537
538 kfree(key);
539 usrdatum = datum;
540 ebitmap_destroy(&usrdatum->roles);
541 ebitmap_destroy(&usrdatum->range.level[0].cat);
542 ebitmap_destroy(&usrdatum->range.level[1].cat);
543 ebitmap_destroy(&usrdatum->dfltlevel.cat);
544 kfree(datum);
545 return 0;
546 }
547
548 static int sens_destroy(void *key, void *datum, void *p)
549 {
550 struct level_datum *levdatum;
551
552 kfree(key);
553 levdatum = datum;
554 ebitmap_destroy(&levdatum->level->cat);
555 kfree(levdatum->level);
556 kfree(datum);
557 return 0;
558 }
559
560 static int cat_destroy(void *key, void *datum, void *p)
561 {
562 kfree(key);
563 kfree(datum);
564 return 0;
565 }
566
567 static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) =
568 {
569 common_destroy,
570 cls_destroy,
571 role_destroy,
572 type_destroy,
573 user_destroy,
574 cond_destroy_bool,
575 sens_destroy,
576 cat_destroy,
577 };
578
579 static void ocontext_destroy(struct ocontext *c, int i)
580 {
581 context_destroy(&c->context[0]);
582 context_destroy(&c->context[1]);
583 if (i == OCON_ISID || i == OCON_FS ||
584 i == OCON_NETIF || i == OCON_FSUSE)
585 kfree(c->u.name);
586 kfree(c);
587 }
588
589 /*
590 * Free any memory allocated by a policy database structure.
591 */
592 void policydb_destroy(struct policydb *p)
593 {
594 struct ocontext *c, *ctmp;
595 struct genfs *g, *gtmp;
596 int i;
597 struct role_allow *ra, *lra = NULL;
598 struct role_trans *tr, *ltr = NULL;
599 struct range_trans *rt, *lrt = NULL;
600
601 for (i = 0; i < SYM_NUM; i++) {
602 cond_resched();
603 hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
604 hashtab_destroy(p->symtab[i].table);
605 }
606
607 for (i = 0; i < SYM_NUM; i++)
608 kfree(p->sym_val_to_name[i]);
609
610 kfree(p->class_val_to_struct);
611 kfree(p->role_val_to_struct);
612 kfree(p->user_val_to_struct);
613
614 avtab_destroy(&p->te_avtab);
615
616 for (i = 0; i < OCON_NUM; i++) {
617 cond_resched();
618 c = p->ocontexts[i];
619 while (c) {
620 ctmp = c;
621 c = c->next;
622 ocontext_destroy(ctmp,i);
623 }
624 p->ocontexts[i] = NULL;
625 }
626
627 g = p->genfs;
628 while (g) {
629 cond_resched();
630 kfree(g->fstype);
631 c = g->head;
632 while (c) {
633 ctmp = c;
634 c = c->next;
635 ocontext_destroy(ctmp,OCON_FSUSE);
636 }
637 gtmp = g;
638 g = g->next;
639 kfree(gtmp);
640 }
641 p->genfs = NULL;
642
643 cond_policydb_destroy(p);
644
645 for (tr = p->role_tr; tr; tr = tr->next) {
646 cond_resched();
647 kfree(ltr);
648 ltr = tr;
649 }
650 kfree(ltr);
651
652 for (ra = p->role_allow; ra; ra = ra -> next) {
653 cond_resched();
654 kfree(lra);
655 lra = ra;
656 }
657 kfree(lra);
658
659 for (rt = p->range_tr; rt; rt = rt -> next) {
660 cond_resched();
661 if (lrt) {
662 ebitmap_destroy(&lrt->target_range.level[0].cat);
663 ebitmap_destroy(&lrt->target_range.level[1].cat);
664 kfree(lrt);
665 }
666 lrt = rt;
667 }
668 if (lrt) {
669 ebitmap_destroy(&lrt->target_range.level[0].cat);
670 ebitmap_destroy(&lrt->target_range.level[1].cat);
671 kfree(lrt);
672 }
673
674 if (p->type_attr_map) {
675 for (i = 0; i < p->p_types.nprim; i++)
676 ebitmap_destroy(&p->type_attr_map[i]);
677 }
678 kfree(p->type_attr_map);
679
680 return;
681 }
682
683 /*
684 * Load the initial SIDs specified in a policy database
685 * structure into a SID table.
686 */
687 int policydb_load_isids(struct policydb *p, struct sidtab *s)
688 {
689 struct ocontext *head, *c;
690 int rc;
691
692 rc = sidtab_init(s);
693 if (rc) {
694 printk(KERN_ERR "security: out of memory on SID table init\n");
695 goto out;
696 }
697
698 head = p->ocontexts[OCON_ISID];
699 for (c = head; c; c = c->next) {
700 if (!c->context[0].user) {
701 printk(KERN_ERR "security: SID %s was never "
702 "defined.\n", c->u.name);
703 rc = -EINVAL;
704 goto out;
705 }
706 if (sidtab_insert(s, c->sid[0], &c->context[0])) {
707 printk(KERN_ERR "security: unable to load initial "
708 "SID %s.\n", c->u.name);
709 rc = -EINVAL;
710 goto out;
711 }
712 }
713 out:
714 return rc;
715 }
716
717 /*
718 * Return 1 if the fields in the security context
719 * structure `c' are valid. Return 0 otherwise.
720 */
721 int policydb_context_isvalid(struct policydb *p, struct context *c)
722 {
723 struct role_datum *role;
724 struct user_datum *usrdatum;
725
726 if (!c->role || c->role > p->p_roles.nprim)
727 return 0;
728
729 if (!c->user || c->user > p->p_users.nprim)
730 return 0;
731
732 if (!c->type || c->type > p->p_types.nprim)
733 return 0;
734
735 if (c->role != OBJECT_R_VAL) {
736 /*
737 * Role must be authorized for the type.
738 */
739 role = p->role_val_to_struct[c->role - 1];
740 if (!ebitmap_get_bit(&role->types,
741 c->type - 1))
742 /* role may not be associated with type */
743 return 0;
744
745 /*
746 * User must be authorized for the role.
747 */
748 usrdatum = p->user_val_to_struct[c->user - 1];
749 if (!usrdatum)
750 return 0;
751
752 if (!ebitmap_get_bit(&usrdatum->roles,
753 c->role - 1))
754 /* user may not be associated with role */
755 return 0;
756 }
757
758 if (!mls_context_isvalid(p, c))
759 return 0;
760
761 return 1;
762 }
763
764 /*
765 * Read a MLS range structure from a policydb binary
766 * representation file.
767 */
768 static int mls_read_range_helper(struct mls_range *r, void *fp)
769 {
770 __le32 buf[2];
771 u32 items;
772 int rc;
773
774 rc = next_entry(buf, fp, sizeof(u32));
775 if (rc < 0)
776 goto out;
777
778 items = le32_to_cpu(buf[0]);
779 if (items > ARRAY_SIZE(buf)) {
780 printk(KERN_ERR "security: mls: range overflow\n");
781 rc = -EINVAL;
782 goto out;
783 }
784 rc = next_entry(buf, fp, sizeof(u32) * items);
785 if (rc < 0) {
786 printk(KERN_ERR "security: mls: truncated range\n");
787 goto out;
788 }
789 r->level[0].sens = le32_to_cpu(buf[0]);
790 if (items > 1)
791 r->level[1].sens = le32_to_cpu(buf[1]);
792 else
793 r->level[1].sens = r->level[0].sens;
794
795 rc = ebitmap_read(&r->level[0].cat, fp);
796 if (rc) {
797 printk(KERN_ERR "security: mls: error reading low "
798 "categories\n");
799 goto out;
800 }
801 if (items > 1) {
802 rc = ebitmap_read(&r->level[1].cat, fp);
803 if (rc) {
804 printk(KERN_ERR "security: mls: error reading high "
805 "categories\n");
806 goto bad_high;
807 }
808 } else {
809 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
810 if (rc) {
811 printk(KERN_ERR "security: mls: out of memory\n");
812 goto bad_high;
813 }
814 }
815
816 rc = 0;
817 out:
818 return rc;
819 bad_high:
820 ebitmap_destroy(&r->level[0].cat);
821 goto out;
822 }
823
824 /*
825 * Read and validate a security context structure
826 * from a policydb binary representation file.
827 */
828 static int context_read_and_validate(struct context *c,
829 struct policydb *p,
830 void *fp)
831 {
832 __le32 buf[3];
833 int rc;
834
835 rc = next_entry(buf, fp, sizeof buf);
836 if (rc < 0) {
837 printk(KERN_ERR "security: context truncated\n");
838 goto out;
839 }
840 c->user = le32_to_cpu(buf[0]);
841 c->role = le32_to_cpu(buf[1]);
842 c->type = le32_to_cpu(buf[2]);
843 if (p->policyvers >= POLICYDB_VERSION_MLS) {
844 if (mls_read_range_helper(&c->range, fp)) {
845 printk(KERN_ERR "security: error reading MLS range of "
846 "context\n");
847 rc = -EINVAL;
848 goto out;
849 }
850 }
851
852 if (!policydb_context_isvalid(p, c)) {
853 printk(KERN_ERR "security: invalid security context\n");
854 context_destroy(c);
855 rc = -EINVAL;
856 }
857 out:
858 return rc;
859 }
860
861 /*
862 * The following *_read functions are used to
863 * read the symbol data from a policy database
864 * binary representation file.
865 */
866
867 static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
868 {
869 char *key = NULL;
870 struct perm_datum *perdatum;
871 int rc;
872 __le32 buf[2];
873 u32 len;
874
875 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
876 if (!perdatum) {
877 rc = -ENOMEM;
878 goto out;
879 }
880
881 rc = next_entry(buf, fp, sizeof buf);
882 if (rc < 0)
883 goto bad;
884
885 len = le32_to_cpu(buf[0]);
886 perdatum->value = le32_to_cpu(buf[1]);
887
888 key = kmalloc(len + 1,GFP_KERNEL);
889 if (!key) {
890 rc = -ENOMEM;
891 goto bad;
892 }
893 rc = next_entry(key, fp, len);
894 if (rc < 0)
895 goto bad;
896 key[len] = 0;
897
898 rc = hashtab_insert(h, key, perdatum);
899 if (rc)
900 goto bad;
901 out:
902 return rc;
903 bad:
904 perm_destroy(key, perdatum, NULL);
905 goto out;
906 }
907
908 static int common_read(struct policydb *p, struct hashtab *h, void *fp)
909 {
910 char *key = NULL;
911 struct common_datum *comdatum;
912 __le32 buf[4];
913 u32 len, nel;
914 int i, rc;
915
916 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
917 if (!comdatum) {
918 rc = -ENOMEM;
919 goto out;
920 }
921
922 rc = next_entry(buf, fp, sizeof buf);
923 if (rc < 0)
924 goto bad;
925
926 len = le32_to_cpu(buf[0]);
927 comdatum->value = le32_to_cpu(buf[1]);
928
929 rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE);
930 if (rc)
931 goto bad;
932 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
933 nel = le32_to_cpu(buf[3]);
934
935 key = kmalloc(len + 1,GFP_KERNEL);
936 if (!key) {
937 rc = -ENOMEM;
938 goto bad;
939 }
940 rc = next_entry(key, fp, len);
941 if (rc < 0)
942 goto bad;
943 key[len] = 0;
944
945 for (i = 0; i < nel; i++) {
946 rc = perm_read(p, comdatum->permissions.table, fp);
947 if (rc)
948 goto bad;
949 }
950
951 rc = hashtab_insert(h, key, comdatum);
952 if (rc)
953 goto bad;
954 out:
955 return rc;
956 bad:
957 common_destroy(key, comdatum, NULL);
958 goto out;
959 }
960
961 static int read_cons_helper(struct constraint_node **nodep, int ncons,
962 int allowxtarget, void *fp)
963 {
964 struct constraint_node *c, *lc;
965 struct constraint_expr *e, *le;
966 __le32 buf[3];
967 u32 nexpr;
968 int rc, i, j, depth;
969
970 lc = NULL;
971 for (i = 0; i < ncons; i++) {
972 c = kzalloc(sizeof(*c), GFP_KERNEL);
973 if (!c)
974 return -ENOMEM;
975
976 if (lc) {
977 lc->next = c;
978 } else {
979 *nodep = c;
980 }
981
982 rc = next_entry(buf, fp, (sizeof(u32) * 2));
983 if (rc < 0)
984 return rc;
985 c->permissions = le32_to_cpu(buf[0]);
986 nexpr = le32_to_cpu(buf[1]);
987 le = NULL;
988 depth = -1;
989 for (j = 0; j < nexpr; j++) {
990 e = kzalloc(sizeof(*e), GFP_KERNEL);
991 if (!e)
992 return -ENOMEM;
993
994 if (le) {
995 le->next = e;
996 } else {
997 c->expr = e;
998 }
999
1000 rc = next_entry(buf, fp, (sizeof(u32) * 3));
1001 if (rc < 0)
1002 return rc;
1003 e->expr_type = le32_to_cpu(buf[0]);
1004 e->attr = le32_to_cpu(buf[1]);
1005 e->op = le32_to_cpu(buf[2]);
1006
1007 switch (e->expr_type) {
1008 case CEXPR_NOT:
1009 if (depth < 0)
1010 return -EINVAL;
1011 break;
1012 case CEXPR_AND:
1013 case CEXPR_OR:
1014 if (depth < 1)
1015 return -EINVAL;
1016 depth--;
1017 break;
1018 case CEXPR_ATTR:
1019 if (depth == (CEXPR_MAXDEPTH - 1))
1020 return -EINVAL;
1021 depth++;
1022 break;
1023 case CEXPR_NAMES:
1024 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
1025 return -EINVAL;
1026 if (depth == (CEXPR_MAXDEPTH - 1))
1027 return -EINVAL;
1028 depth++;
1029 if (ebitmap_read(&e->names, fp))
1030 return -EINVAL;
1031 break;
1032 default:
1033 return -EINVAL;
1034 }
1035 le = e;
1036 }
1037 if (depth != 0)
1038 return -EINVAL;
1039 lc = c;
1040 }
1041
1042 return 0;
1043 }
1044
1045 static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1046 {
1047 char *key = NULL;
1048 struct class_datum *cladatum;
1049 __le32 buf[6];
1050 u32 len, len2, ncons, nel;
1051 int i, rc;
1052
1053 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1054 if (!cladatum) {
1055 rc = -ENOMEM;
1056 goto out;
1057 }
1058
1059 rc = next_entry(buf, fp, sizeof(u32)*6);
1060 if (rc < 0)
1061 goto bad;
1062
1063 len = le32_to_cpu(buf[0]);
1064 len2 = le32_to_cpu(buf[1]);
1065 cladatum->value = le32_to_cpu(buf[2]);
1066
1067 rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE);
1068 if (rc)
1069 goto bad;
1070 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
1071 nel = le32_to_cpu(buf[4]);
1072
1073 ncons = le32_to_cpu(buf[5]);
1074
1075 key = kmalloc(len + 1,GFP_KERNEL);
1076 if (!key) {
1077 rc = -ENOMEM;
1078 goto bad;
1079 }
1080 rc = next_entry(key, fp, len);
1081 if (rc < 0)
1082 goto bad;
1083 key[len] = 0;
1084
1085 if (len2) {
1086 cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
1087 if (!cladatum->comkey) {
1088 rc = -ENOMEM;
1089 goto bad;
1090 }
1091 rc = next_entry(cladatum->comkey, fp, len2);
1092 if (rc < 0)
1093 goto bad;
1094 cladatum->comkey[len2] = 0;
1095
1096 cladatum->comdatum = hashtab_search(p->p_commons.table,
1097 cladatum->comkey);
1098 if (!cladatum->comdatum) {
1099 printk(KERN_ERR "security: unknown common %s\n",
1100 cladatum->comkey);
1101 rc = -EINVAL;
1102 goto bad;
1103 }
1104 }
1105 for (i = 0; i < nel; i++) {
1106 rc = perm_read(p, cladatum->permissions.table, fp);
1107 if (rc)
1108 goto bad;
1109 }
1110
1111 rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp);
1112 if (rc)
1113 goto bad;
1114
1115 if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) {
1116 /* grab the validatetrans rules */
1117 rc = next_entry(buf, fp, sizeof(u32));
1118 if (rc < 0)
1119 goto bad;
1120 ncons = le32_to_cpu(buf[0]);
1121 rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp);
1122 if (rc)
1123 goto bad;
1124 }
1125
1126 rc = hashtab_insert(h, key, cladatum);
1127 if (rc)
1128 goto bad;
1129
1130 rc = 0;
1131 out:
1132 return rc;
1133 bad:
1134 cls_destroy(key, cladatum, NULL);
1135 goto out;
1136 }
1137
1138 static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1139 {
1140 char *key = NULL;
1141 struct role_datum *role;
1142 int rc;
1143 __le32 buf[2];
1144 u32 len;
1145
1146 role = kzalloc(sizeof(*role), GFP_KERNEL);
1147 if (!role) {
1148 rc = -ENOMEM;
1149 goto out;
1150 }
1151
1152 rc = next_entry(buf, fp, sizeof buf);
1153 if (rc < 0)
1154 goto bad;
1155
1156 len = le32_to_cpu(buf[0]);
1157 role->value = le32_to_cpu(buf[1]);
1158
1159 key = kmalloc(len + 1,GFP_KERNEL);
1160 if (!key) {
1161 rc = -ENOMEM;
1162 goto bad;
1163 }
1164 rc = next_entry(key, fp, len);
1165 if (rc < 0)
1166 goto bad;
1167 key[len] = 0;
1168
1169 rc = ebitmap_read(&role->dominates, fp);
1170 if (rc)
1171 goto bad;
1172
1173 rc = ebitmap_read(&role->types, fp);
1174 if (rc)
1175 goto bad;
1176
1177 if (strcmp(key, OBJECT_R) == 0) {
1178 if (role->value != OBJECT_R_VAL) {
1179 printk(KERN_ERR "Role %s has wrong value %d\n",
1180 OBJECT_R, role->value);
1181 rc = -EINVAL;
1182 goto bad;
1183 }
1184 rc = 0;
1185 goto bad;
1186 }
1187
1188 rc = hashtab_insert(h, key, role);
1189 if (rc)
1190 goto bad;
1191 out:
1192 return rc;
1193 bad:
1194 role_destroy(key, role, NULL);
1195 goto out;
1196 }
1197
1198 static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1199 {
1200 char *key = NULL;
1201 struct type_datum *typdatum;
1202 int rc;
1203 __le32 buf[3];
1204 u32 len;
1205
1206 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
1207 if (!typdatum) {
1208 rc = -ENOMEM;
1209 return rc;
1210 }
1211
1212 rc = next_entry(buf, fp, sizeof buf);
1213 if (rc < 0)
1214 goto bad;
1215
1216 len = le32_to_cpu(buf[0]);
1217 typdatum->value = le32_to_cpu(buf[1]);
1218 typdatum->primary = le32_to_cpu(buf[2]);
1219
1220 key = kmalloc(len + 1,GFP_KERNEL);
1221 if (!key) {
1222 rc = -ENOMEM;
1223 goto bad;
1224 }
1225 rc = next_entry(key, fp, len);
1226 if (rc < 0)
1227 goto bad;
1228 key[len] = 0;
1229
1230 rc = hashtab_insert(h, key, typdatum);
1231 if (rc)
1232 goto bad;
1233 out:
1234 return rc;
1235 bad:
1236 type_destroy(key, typdatum, NULL);
1237 goto out;
1238 }
1239
1240
1241 /*
1242 * Read a MLS level structure from a policydb binary
1243 * representation file.
1244 */
1245 static int mls_read_level(struct mls_level *lp, void *fp)
1246 {
1247 __le32 buf[1];
1248 int rc;
1249
1250 memset(lp, 0, sizeof(*lp));
1251
1252 rc = next_entry(buf, fp, sizeof buf);
1253 if (rc < 0) {
1254 printk(KERN_ERR "security: mls: truncated level\n");
1255 goto bad;
1256 }
1257 lp->sens = le32_to_cpu(buf[0]);
1258
1259 if (ebitmap_read(&lp->cat, fp)) {
1260 printk(KERN_ERR "security: mls: error reading level "
1261 "categories\n");
1262 goto bad;
1263 }
1264 return 0;
1265
1266 bad:
1267 return -EINVAL;
1268 }
1269
1270 static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1271 {
1272 char *key = NULL;
1273 struct user_datum *usrdatum;
1274 int rc;
1275 __le32 buf[2];
1276 u32 len;
1277
1278 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1279 if (!usrdatum) {
1280 rc = -ENOMEM;
1281 goto out;
1282 }
1283
1284 rc = next_entry(buf, fp, sizeof buf);
1285 if (rc < 0)
1286 goto bad;
1287
1288 len = le32_to_cpu(buf[0]);
1289 usrdatum->value = le32_to_cpu(buf[1]);
1290
1291 key = kmalloc(len + 1,GFP_KERNEL);
1292 if (!key) {
1293 rc = -ENOMEM;
1294 goto bad;
1295 }
1296 rc = next_entry(key, fp, len);
1297 if (rc < 0)
1298 goto bad;
1299 key[len] = 0;
1300
1301 rc = ebitmap_read(&usrdatum->roles, fp);
1302 if (rc)
1303 goto bad;
1304
1305 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1306 rc = mls_read_range_helper(&usrdatum->range, fp);
1307 if (rc)
1308 goto bad;
1309 rc = mls_read_level(&usrdatum->dfltlevel, fp);
1310 if (rc)
1311 goto bad;
1312 }
1313
1314 rc = hashtab_insert(h, key, usrdatum);
1315 if (rc)
1316 goto bad;
1317 out:
1318 return rc;
1319 bad:
1320 user_destroy(key, usrdatum, NULL);
1321 goto out;
1322 }
1323
1324 static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1325 {
1326 char *key = NULL;
1327 struct level_datum *levdatum;
1328 int rc;
1329 __le32 buf[2];
1330 u32 len;
1331
1332 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1333 if (!levdatum) {
1334 rc = -ENOMEM;
1335 goto out;
1336 }
1337
1338 rc = next_entry(buf, fp, sizeof buf);
1339 if (rc < 0)
1340 goto bad;
1341
1342 len = le32_to_cpu(buf[0]);
1343 levdatum->isalias = le32_to_cpu(buf[1]);
1344
1345 key = kmalloc(len + 1,GFP_ATOMIC);
1346 if (!key) {
1347 rc = -ENOMEM;
1348 goto bad;
1349 }
1350 rc = next_entry(key, fp, len);
1351 if (rc < 0)
1352 goto bad;
1353 key[len] = 0;
1354
1355 levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
1356 if (!levdatum->level) {
1357 rc = -ENOMEM;
1358 goto bad;
1359 }
1360 if (mls_read_level(levdatum->level, fp)) {
1361 rc = -EINVAL;
1362 goto bad;
1363 }
1364
1365 rc = hashtab_insert(h, key, levdatum);
1366 if (rc)
1367 goto bad;
1368 out:
1369 return rc;
1370 bad:
1371 sens_destroy(key, levdatum, NULL);
1372 goto out;
1373 }
1374
1375 static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1376 {
1377 char *key = NULL;
1378 struct cat_datum *catdatum;
1379 int rc;
1380 __le32 buf[3];
1381 u32 len;
1382
1383 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1384 if (!catdatum) {
1385 rc = -ENOMEM;
1386 goto out;
1387 }
1388
1389 rc = next_entry(buf, fp, sizeof buf);
1390 if (rc < 0)
1391 goto bad;
1392
1393 len = le32_to_cpu(buf[0]);
1394 catdatum->value = le32_to_cpu(buf[1]);
1395 catdatum->isalias = le32_to_cpu(buf[2]);
1396
1397 key = kmalloc(len + 1,GFP_ATOMIC);
1398 if (!key) {
1399 rc = -ENOMEM;
1400 goto bad;
1401 }
1402 rc = next_entry(key, fp, len);
1403 if (rc < 0)
1404 goto bad;
1405 key[len] = 0;
1406
1407 rc = hashtab_insert(h, key, catdatum);
1408 if (rc)
1409 goto bad;
1410 out:
1411 return rc;
1412
1413 bad:
1414 cat_destroy(key, catdatum, NULL);
1415 goto out;
1416 }
1417
1418 static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) =
1419 {
1420 common_read,
1421 class_read,
1422 role_read,
1423 type_read,
1424 user_read,
1425 cond_read_bool,
1426 sens_read,
1427 cat_read,
1428 };
1429
1430 extern int ss_initialized;
1431
1432 /*
1433 * Read the configuration data from a policy database binary
1434 * representation file into a policy database structure.
1435 */
1436 int policydb_read(struct policydb *p, void *fp)
1437 {
1438 struct role_allow *ra, *lra;
1439 struct role_trans *tr, *ltr;
1440 struct ocontext *l, *c, *newc;
1441 struct genfs *genfs_p, *genfs, *newgenfs;
1442 int i, j, rc;
1443 __le32 buf[8];
1444 u32 len, len2, config, nprim, nel, nel2;
1445 char *policydb_str;
1446 struct policydb_compat_info *info;
1447 struct range_trans *rt, *lrt;
1448
1449 config = 0;
1450
1451 rc = policydb_init(p);
1452 if (rc)
1453 goto out;
1454
1455 /* Read the magic number and string length. */
1456 rc = next_entry(buf, fp, sizeof(u32)* 2);
1457 if (rc < 0)
1458 goto bad;
1459
1460 if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
1461 printk(KERN_ERR "security: policydb magic number 0x%x does "
1462 "not match expected magic number 0x%x\n",
1463 le32_to_cpu(buf[0]), POLICYDB_MAGIC);
1464 goto bad;
1465 }
1466
1467 len = le32_to_cpu(buf[1]);
1468 if (len != strlen(POLICYDB_STRING)) {
1469 printk(KERN_ERR "security: policydb string length %d does not "
1470 "match expected length %Zu\n",
1471 len, strlen(POLICYDB_STRING));
1472 goto bad;
1473 }
1474 policydb_str = kmalloc(len + 1,GFP_KERNEL);
1475 if (!policydb_str) {
1476 printk(KERN_ERR "security: unable to allocate memory for policydb "
1477 "string of length %d\n", len);
1478 rc = -ENOMEM;
1479 goto bad;
1480 }
1481 rc = next_entry(policydb_str, fp, len);
1482 if (rc < 0) {
1483 printk(KERN_ERR "security: truncated policydb string identifier\n");
1484 kfree(policydb_str);
1485 goto bad;
1486 }
1487 policydb_str[len] = 0;
1488 if (strcmp(policydb_str, POLICYDB_STRING)) {
1489 printk(KERN_ERR "security: policydb string %s does not match "
1490 "my string %s\n", policydb_str, POLICYDB_STRING);
1491 kfree(policydb_str);
1492 goto bad;
1493 }
1494 /* Done with policydb_str. */
1495 kfree(policydb_str);
1496 policydb_str = NULL;
1497
1498 /* Read the version, config, and table sizes. */
1499 rc = next_entry(buf, fp, sizeof(u32)*4);
1500 if (rc < 0)
1501 goto bad;
1502
1503 p->policyvers = le32_to_cpu(buf[0]);
1504 if (p->policyvers < POLICYDB_VERSION_MIN ||
1505 p->policyvers > POLICYDB_VERSION_MAX) {
1506 printk(KERN_ERR "security: policydb version %d does not match "
1507 "my version range %d-%d\n",
1508 le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
1509 goto bad;
1510 }
1511
1512 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1513 if (ss_initialized && !selinux_mls_enabled) {
1514 printk(KERN_ERR "Cannot switch between non-MLS and MLS "
1515 "policies\n");
1516 goto bad;
1517 }
1518 selinux_mls_enabled = 1;
1519 config |= POLICYDB_CONFIG_MLS;
1520
1521 if (p->policyvers < POLICYDB_VERSION_MLS) {
1522 printk(KERN_ERR "security policydb version %d (MLS) "
1523 "not backwards compatible\n", p->policyvers);
1524 goto bad;
1525 }
1526 } else {
1527 if (ss_initialized && selinux_mls_enabled) {
1528 printk(KERN_ERR "Cannot switch between MLS and non-MLS "
1529 "policies\n");
1530 goto bad;
1531 }
1532 }
1533
1534 info = policydb_lookup_compat(p->policyvers);
1535 if (!info) {
1536 printk(KERN_ERR "security: unable to find policy compat info "
1537 "for version %d\n", p->policyvers);
1538 goto bad;
1539 }
1540
1541 if (le32_to_cpu(buf[2]) != info->sym_num ||
1542 le32_to_cpu(buf[3]) != info->ocon_num) {
1543 printk(KERN_ERR "security: policydb table sizes (%d,%d) do "
1544 "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
1545 le32_to_cpu(buf[3]),
1546 info->sym_num, info->ocon_num);
1547 goto bad;
1548 }
1549
1550 for (i = 0; i < info->sym_num; i++) {
1551 rc = next_entry(buf, fp, sizeof(u32)*2);
1552 if (rc < 0)
1553 goto bad;
1554 nprim = le32_to_cpu(buf[0]);
1555 nel = le32_to_cpu(buf[1]);
1556 for (j = 0; j < nel; j++) {
1557 rc = read_f[i](p, p->symtab[i].table, fp);
1558 if (rc)
1559 goto bad;
1560 }
1561
1562 p->symtab[i].nprim = nprim;
1563 }
1564
1565 rc = avtab_read(&p->te_avtab, fp, p->policyvers);
1566 if (rc)
1567 goto bad;
1568
1569 if (p->policyvers >= POLICYDB_VERSION_BOOL) {
1570 rc = cond_read_list(p, fp);
1571 if (rc)
1572 goto bad;
1573 }
1574
1575 rc = next_entry(buf, fp, sizeof(u32));
1576 if (rc < 0)
1577 goto bad;
1578 nel = le32_to_cpu(buf[0]);
1579 ltr = NULL;
1580 for (i = 0; i < nel; i++) {
1581 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1582 if (!tr) {
1583 rc = -ENOMEM;
1584 goto bad;
1585 }
1586 if (ltr) {
1587 ltr->next = tr;
1588 } else {
1589 p->role_tr = tr;
1590 }
1591 rc = next_entry(buf, fp, sizeof(u32)*3);
1592 if (rc < 0)
1593 goto bad;
1594 tr->role = le32_to_cpu(buf[0]);
1595 tr->type = le32_to_cpu(buf[1]);
1596 tr->new_role = le32_to_cpu(buf[2]);
1597 ltr = tr;
1598 }
1599
1600 rc = next_entry(buf, fp, sizeof(u32));
1601 if (rc < 0)
1602 goto bad;
1603 nel = le32_to_cpu(buf[0]);
1604 lra = NULL;
1605 for (i = 0; i < nel; i++) {
1606 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1607 if (!ra) {
1608 rc = -ENOMEM;
1609 goto bad;
1610 }
1611 if (lra) {
1612 lra->next = ra;
1613 } else {
1614 p->role_allow = ra;
1615 }
1616 rc = next_entry(buf, fp, sizeof(u32)*2);
1617 if (rc < 0)
1618 goto bad;
1619 ra->role = le32_to_cpu(buf[0]);
1620 ra->new_role = le32_to_cpu(buf[1]);
1621 lra = ra;
1622 }
1623
1624 rc = policydb_index_classes(p);
1625 if (rc)
1626 goto bad;
1627
1628 rc = policydb_index_others(p);
1629 if (rc)
1630 goto bad;
1631
1632 for (i = 0; i < info->ocon_num; i++) {
1633 rc = next_entry(buf, fp, sizeof(u32));
1634 if (rc < 0)
1635 goto bad;
1636 nel = le32_to_cpu(buf[0]);
1637 l = NULL;
1638 for (j = 0; j < nel; j++) {
1639 c = kzalloc(sizeof(*c), GFP_KERNEL);
1640 if (!c) {
1641 rc = -ENOMEM;
1642 goto bad;
1643 }
1644 if (l) {
1645 l->next = c;
1646 } else {
1647 p->ocontexts[i] = c;
1648 }
1649 l = c;
1650 rc = -EINVAL;
1651 switch (i) {
1652 case OCON_ISID:
1653 rc = next_entry(buf, fp, sizeof(u32));
1654 if (rc < 0)
1655 goto bad;
1656 c->sid[0] = le32_to_cpu(buf[0]);
1657 rc = context_read_and_validate(&c->context[0], p, fp);
1658 if (rc)
1659 goto bad;
1660 break;
1661 case OCON_FS:
1662 case OCON_NETIF:
1663 rc = next_entry(buf, fp, sizeof(u32));
1664 if (rc < 0)
1665 goto bad;
1666 len = le32_to_cpu(buf[0]);
1667 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1668 if (!c->u.name) {
1669 rc = -ENOMEM;
1670 goto bad;
1671 }
1672 rc = next_entry(c->u.name, fp, len);
1673 if (rc < 0)
1674 goto bad;
1675 c->u.name[len] = 0;
1676 rc = context_read_and_validate(&c->context[0], p, fp);
1677 if (rc)
1678 goto bad;
1679 rc = context_read_and_validate(&c->context[1], p, fp);
1680 if (rc)
1681 goto bad;
1682 break;
1683 case OCON_PORT:
1684 rc = next_entry(buf, fp, sizeof(u32)*3);
1685 if (rc < 0)
1686 goto bad;
1687 c->u.port.protocol = le32_to_cpu(buf[0]);
1688 c->u.port.low_port = le32_to_cpu(buf[1]);
1689 c->u.port.high_port = le32_to_cpu(buf[2]);
1690 rc = context_read_and_validate(&c->context[0], p, fp);
1691 if (rc)
1692 goto bad;
1693 break;
1694 case OCON_NODE:
1695 rc = next_entry(buf, fp, sizeof(u32)* 2);
1696 if (rc < 0)
1697 goto bad;
1698 c->u.node.addr = le32_to_cpu(buf[0]);
1699 c->u.node.mask = le32_to_cpu(buf[1]);
1700 rc = context_read_and_validate(&c->context[0], p, fp);
1701 if (rc)
1702 goto bad;
1703 break;
1704 case OCON_FSUSE:
1705 rc = next_entry(buf, fp, sizeof(u32)*2);
1706 if (rc < 0)
1707 goto bad;
1708 c->v.behavior = le32_to_cpu(buf[0]);
1709 if (c->v.behavior > SECURITY_FS_USE_NONE)
1710 goto bad;
1711 len = le32_to_cpu(buf[1]);
1712 c->u.name = kmalloc(len + 1,GFP_KERNEL);
1713 if (!c->u.name) {
1714 rc = -ENOMEM;
1715 goto bad;
1716 }
1717 rc = next_entry(c->u.name, fp, len);
1718 if (rc < 0)
1719 goto bad;
1720 c->u.name[len] = 0;
1721 rc = context_read_and_validate(&c->context[0], p, fp);
1722 if (rc)
1723 goto bad;
1724 break;
1725 case OCON_NODE6: {
1726 int k;
1727
1728 rc = next_entry(buf, fp, sizeof(u32) * 8);
1729 if (rc < 0)
1730 goto bad;
1731 for (k = 0; k < 4; k++)
1732 c->u.node6.addr[k] = le32_to_cpu(buf[k]);
1733 for (k = 0; k < 4; k++)
1734 c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
1735 if (context_read_and_validate(&c->context[0], p, fp))
1736 goto bad;
1737 break;
1738 }
1739 }
1740 }
1741 }
1742
1743 rc = next_entry(buf, fp, sizeof(u32));
1744 if (rc < 0)
1745 goto bad;
1746 nel = le32_to_cpu(buf[0]);
1747 genfs_p = NULL;
1748 rc = -EINVAL;
1749 for (i = 0; i < nel; i++) {
1750 rc = next_entry(buf, fp, sizeof(u32));
1751 if (rc < 0)
1752 goto bad;
1753 len = le32_to_cpu(buf[0]);
1754 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1755 if (!newgenfs) {
1756 rc = -ENOMEM;
1757 goto bad;
1758 }
1759
1760 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1761 if (!newgenfs->fstype) {
1762 rc = -ENOMEM;
1763 kfree(newgenfs);
1764 goto bad;
1765 }
1766 rc = next_entry(newgenfs->fstype, fp, len);
1767 if (rc < 0) {
1768 kfree(newgenfs->fstype);
1769 kfree(newgenfs);
1770 goto bad;
1771 }
1772 newgenfs->fstype[len] = 0;
1773 for (genfs_p = NULL, genfs = p->genfs; genfs;
1774 genfs_p = genfs, genfs = genfs->next) {
1775 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
1776 printk(KERN_ERR "security: dup genfs "
1777 "fstype %s\n", newgenfs->fstype);
1778 kfree(newgenfs->fstype);
1779 kfree(newgenfs);
1780 goto bad;
1781 }
1782 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
1783 break;
1784 }
1785 newgenfs->next = genfs;
1786 if (genfs_p)
1787 genfs_p->next = newgenfs;
1788 else
1789 p->genfs = newgenfs;
1790 rc = next_entry(buf, fp, sizeof(u32));
1791 if (rc < 0)
1792 goto bad;
1793 nel2 = le32_to_cpu(buf[0]);
1794 for (j = 0; j < nel2; j++) {
1795 rc = next_entry(buf, fp, sizeof(u32));
1796 if (rc < 0)
1797 goto bad;
1798 len = le32_to_cpu(buf[0]);
1799
1800 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1801 if (!newc) {
1802 rc = -ENOMEM;
1803 goto bad;
1804 }
1805
1806 newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1807 if (!newc->u.name) {
1808 rc = -ENOMEM;
1809 goto bad_newc;
1810 }
1811 rc = next_entry(newc->u.name, fp, len);
1812 if (rc < 0)
1813 goto bad_newc;
1814 newc->u.name[len] = 0;
1815 rc = next_entry(buf, fp, sizeof(u32));
1816 if (rc < 0)
1817 goto bad_newc;
1818 newc->v.sclass = le32_to_cpu(buf[0]);
1819 if (context_read_and_validate(&newc->context[0], p, fp))
1820 goto bad_newc;
1821 for (l = NULL, c = newgenfs->head; c;
1822 l = c, c = c->next) {
1823 if (!strcmp(newc->u.name, c->u.name) &&
1824 (!c->v.sclass || !newc->v.sclass ||
1825 newc->v.sclass == c->v.sclass)) {
1826 printk(KERN_ERR "security: dup genfs "
1827 "entry (%s,%s)\n",
1828 newgenfs->fstype, c->u.name);
1829 goto bad_newc;
1830 }
1831 len = strlen(newc->u.name);
1832 len2 = strlen(c->u.name);
1833 if (len > len2)
1834 break;
1835 }
1836
1837 newc->next = c;
1838 if (l)
1839 l->next = newc;
1840 else
1841 newgenfs->head = newc;
1842 }
1843 }
1844
1845 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1846 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
1847 rc = next_entry(buf, fp, sizeof(u32));
1848 if (rc < 0)
1849 goto bad;
1850 nel = le32_to_cpu(buf[0]);
1851 lrt = NULL;
1852 for (i = 0; i < nel; i++) {
1853 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1854 if (!rt) {
1855 rc = -ENOMEM;
1856 goto bad;
1857 }
1858 if (lrt)
1859 lrt->next = rt;
1860 else
1861 p->range_tr = rt;
1862 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1863 if (rc < 0)
1864 goto bad;
1865 rt->source_type = le32_to_cpu(buf[0]);
1866 rt->target_type = le32_to_cpu(buf[1]);
1867 if (new_rangetr) {
1868 rc = next_entry(buf, fp, sizeof(u32));
1869 if (rc < 0)
1870 goto bad;
1871 rt->target_class = le32_to_cpu(buf[0]);
1872 } else
1873 rt->target_class = SECCLASS_PROCESS;
1874 rc = mls_read_range_helper(&rt->target_range, fp);
1875 if (rc)
1876 goto bad;
1877 lrt = rt;
1878 }
1879 }
1880
1881 p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
1882 if (!p->type_attr_map)
1883 goto bad;
1884
1885 for (i = 0; i < p->p_types.nprim; i++) {
1886 ebitmap_init(&p->type_attr_map[i]);
1887 if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
1888 if (ebitmap_read(&p->type_attr_map[i], fp))
1889 goto bad;
1890 }
1891 /* add the type itself as the degenerate case */
1892 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
1893 goto bad;
1894 }
1895
1896 rc = 0;
1897 out:
1898 return rc;
1899 bad_newc:
1900 ocontext_destroy(newc,OCON_FSUSE);
1901 bad:
1902 if (!rc)
1903 rc = -EINVAL;
1904 policydb_destroy(p);
1905 goto out;
1906 }
kernel-based virtual machine