2 * Implementation of the policy database.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 * Added conditional policy language extensions
16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, version 2.
23 #include <linux/kernel.h>
24 #include <linux/sched.h>
25 #include <linux/slab.h>
26 #include <linux/string.h>
27 #include <linux/errno.h>
31 #include "conditional.h"
37 static char *symtab_name
[SYM_NUM
] = {
49 int selinux_mls_enabled
= 0;
51 static unsigned int symtab_sizes
[SYM_NUM
] = {
62 struct policydb_compat_info
{
68 /* These need to be updated if SYM_NUM or OCON_NUM changes */
69 static struct policydb_compat_info policydb_compat
[] = {
71 .version
= POLICYDB_VERSION_BASE
,
72 .sym_num
= SYM_NUM
- 3,
73 .ocon_num
= OCON_NUM
- 1,
76 .version
= POLICYDB_VERSION_BOOL
,
77 .sym_num
= SYM_NUM
- 2,
78 .ocon_num
= OCON_NUM
- 1,
81 .version
= POLICYDB_VERSION_IPV6
,
82 .sym_num
= SYM_NUM
- 2,
86 .version
= POLICYDB_VERSION_NLCLASS
,
87 .sym_num
= SYM_NUM
- 2,
91 .version
= POLICYDB_VERSION_MLS
,
96 .version
= POLICYDB_VERSION_AVTAB
,
101 .version
= POLICYDB_VERSION_RANGETRANS
,
103 .ocon_num
= OCON_NUM
,
107 static struct policydb_compat_info
*policydb_lookup_compat(int version
)
110 struct policydb_compat_info
*info
= NULL
;
112 for (i
= 0; i
< ARRAY_SIZE(policydb_compat
); i
++) {
113 if (policydb_compat
[i
].version
== version
) {
114 info
= &policydb_compat
[i
];
122 * Initialize the role table.
124 static int roles_init(struct policydb
*p
)
128 struct role_datum
*role
;
130 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
135 role
->value
= ++p
->p_roles
.nprim
;
136 if (role
->value
!= OBJECT_R_VAL
) {
140 key
= kmalloc(strlen(OBJECT_R
)+1,GFP_KERNEL
);
145 strcpy(key
, OBJECT_R
);
146 rc
= hashtab_insert(p
->p_roles
.table
, key
, role
);
160 * Initialize a policy database structure.
162 static int policydb_init(struct policydb
*p
)
166 memset(p
, 0, sizeof(*p
));
168 for (i
= 0; i
< SYM_NUM
; i
++) {
169 rc
= symtab_init(&p
->symtab
[i
], symtab_sizes
[i
]);
171 goto out_free_symtab
;
174 rc
= avtab_init(&p
->te_avtab
);
176 goto out_free_symtab
;
182 rc
= cond_policydb_init(p
);
190 avtab_destroy(&p
->te_avtab
);
193 for (i
= 0; i
< SYM_NUM
; i
++)
194 hashtab_destroy(p
->symtab
[i
].table
);
199 * The following *_index functions are used to
200 * define the val_to_name and val_to_struct arrays
201 * in a policy database structure. The val_to_name
202 * arrays are used when converting security context
203 * structures into string representations. The
204 * val_to_struct arrays are used when the attributes
205 * of a class, role, or user are needed.
208 static int common_index(void *key
, void *datum
, void *datap
)
211 struct common_datum
*comdatum
;
215 if (!comdatum
->value
|| comdatum
->value
> p
->p_commons
.nprim
)
217 p
->p_common_val_to_name
[comdatum
->value
- 1] = key
;
221 static int class_index(void *key
, void *datum
, void *datap
)
224 struct class_datum
*cladatum
;
228 if (!cladatum
->value
|| cladatum
->value
> p
->p_classes
.nprim
)
230 p
->p_class_val_to_name
[cladatum
->value
- 1] = key
;
231 p
->class_val_to_struct
[cladatum
->value
- 1] = cladatum
;
235 static int role_index(void *key
, void *datum
, void *datap
)
238 struct role_datum
*role
;
242 if (!role
->value
|| role
->value
> p
->p_roles
.nprim
)
244 p
->p_role_val_to_name
[role
->value
- 1] = key
;
245 p
->role_val_to_struct
[role
->value
- 1] = role
;
249 static int type_index(void *key
, void *datum
, void *datap
)
252 struct type_datum
*typdatum
;
257 if (typdatum
->primary
) {
258 if (!typdatum
->value
|| typdatum
->value
> p
->p_types
.nprim
)
260 p
->p_type_val_to_name
[typdatum
->value
- 1] = key
;
266 static int user_index(void *key
, void *datum
, void *datap
)
269 struct user_datum
*usrdatum
;
273 if (!usrdatum
->value
|| usrdatum
->value
> p
->p_users
.nprim
)
275 p
->p_user_val_to_name
[usrdatum
->value
- 1] = key
;
276 p
->user_val_to_struct
[usrdatum
->value
- 1] = usrdatum
;
280 static int sens_index(void *key
, void *datum
, void *datap
)
283 struct level_datum
*levdatum
;
288 if (!levdatum
->isalias
) {
289 if (!levdatum
->level
->sens
||
290 levdatum
->level
->sens
> p
->p_levels
.nprim
)
292 p
->p_sens_val_to_name
[levdatum
->level
->sens
- 1] = key
;
298 static int cat_index(void *key
, void *datum
, void *datap
)
301 struct cat_datum
*catdatum
;
306 if (!catdatum
->isalias
) {
307 if (!catdatum
->value
|| catdatum
->value
> p
->p_cats
.nprim
)
309 p
->p_cat_val_to_name
[catdatum
->value
- 1] = key
;
315 static int (*index_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
328 * Define the common val_to_name array and the class
329 * val_to_name and val_to_struct arrays in a policy
330 * database structure.
332 * Caller must clean up upon failure.
334 static int policydb_index_classes(struct policydb
*p
)
338 p
->p_common_val_to_name
=
339 kmalloc(p
->p_commons
.nprim
* sizeof(char *), GFP_KERNEL
);
340 if (!p
->p_common_val_to_name
) {
345 rc
= hashtab_map(p
->p_commons
.table
, common_index
, p
);
349 p
->class_val_to_struct
=
350 kmalloc(p
->p_classes
.nprim
* sizeof(*(p
->class_val_to_struct
)), GFP_KERNEL
);
351 if (!p
->class_val_to_struct
) {
356 p
->p_class_val_to_name
=
357 kmalloc(p
->p_classes
.nprim
* sizeof(char *), GFP_KERNEL
);
358 if (!p
->p_class_val_to_name
) {
363 rc
= hashtab_map(p
->p_classes
.table
, class_index
, p
);
369 static void symtab_hash_eval(struct symtab
*s
)
373 for (i
= 0; i
< SYM_NUM
; i
++) {
374 struct hashtab
*h
= s
[i
].table
;
375 struct hashtab_info info
;
377 hashtab_stat(h
, &info
);
378 printk(KERN_DEBUG
"%s: %d entries and %d/%d buckets used, "
379 "longest chain length %d\n", symtab_name
[i
], h
->nel
,
380 info
.slots_used
, h
->size
, info
.max_chain_len
);
386 * Define the other val_to_name and val_to_struct arrays
387 * in a policy database structure.
389 * Caller must clean up on failure.
391 static int policydb_index_others(struct policydb
*p
)
395 printk(KERN_DEBUG
"security: %d users, %d roles, %d types, %d bools",
396 p
->p_users
.nprim
, p
->p_roles
.nprim
, p
->p_types
.nprim
, p
->p_bools
.nprim
);
397 if (selinux_mls_enabled
)
398 printk(", %d sens, %d cats", p
->p_levels
.nprim
,
402 printk(KERN_DEBUG
"security: %d classes, %d rules\n",
403 p
->p_classes
.nprim
, p
->te_avtab
.nel
);
406 avtab_hash_eval(&p
->te_avtab
, "rules");
407 symtab_hash_eval(p
->symtab
);
410 p
->role_val_to_struct
=
411 kmalloc(p
->p_roles
.nprim
* sizeof(*(p
->role_val_to_struct
)),
413 if (!p
->role_val_to_struct
) {
418 p
->user_val_to_struct
=
419 kmalloc(p
->p_users
.nprim
* sizeof(*(p
->user_val_to_struct
)),
421 if (!p
->user_val_to_struct
) {
426 if (cond_init_bool_indexes(p
)) {
431 for (i
= SYM_ROLES
; i
< SYM_NUM
; i
++) {
432 p
->sym_val_to_name
[i
] =
433 kmalloc(p
->symtab
[i
].nprim
* sizeof(char *), GFP_KERNEL
);
434 if (!p
->sym_val_to_name
[i
]) {
438 rc
= hashtab_map(p
->symtab
[i
].table
, index_f
[i
], p
);
448 * The following *_destroy functions are used to
449 * free any memory allocated for each kind of
450 * symbol data in the policy database.
453 static int perm_destroy(void *key
, void *datum
, void *p
)
460 static int common_destroy(void *key
, void *datum
, void *p
)
462 struct common_datum
*comdatum
;
466 hashtab_map(comdatum
->permissions
.table
, perm_destroy
, NULL
);
467 hashtab_destroy(comdatum
->permissions
.table
);
472 static int cls_destroy(void *key
, void *datum
, void *p
)
474 struct class_datum
*cladatum
;
475 struct constraint_node
*constraint
, *ctemp
;
476 struct constraint_expr
*e
, *etmp
;
480 hashtab_map(cladatum
->permissions
.table
, perm_destroy
, NULL
);
481 hashtab_destroy(cladatum
->permissions
.table
);
482 constraint
= cladatum
->constraints
;
484 e
= constraint
->expr
;
486 ebitmap_destroy(&e
->names
);
492 constraint
= constraint
->next
;
496 constraint
= cladatum
->validatetrans
;
498 e
= constraint
->expr
;
500 ebitmap_destroy(&e
->names
);
506 constraint
= constraint
->next
;
510 kfree(cladatum
->comkey
);
515 static int role_destroy(void *key
, void *datum
, void *p
)
517 struct role_datum
*role
;
521 ebitmap_destroy(&role
->dominates
);
522 ebitmap_destroy(&role
->types
);
527 static int type_destroy(void *key
, void *datum
, void *p
)
534 static int user_destroy(void *key
, void *datum
, void *p
)
536 struct user_datum
*usrdatum
;
540 ebitmap_destroy(&usrdatum
->roles
);
541 ebitmap_destroy(&usrdatum
->range
.level
[0].cat
);
542 ebitmap_destroy(&usrdatum
->range
.level
[1].cat
);
543 ebitmap_destroy(&usrdatum
->dfltlevel
.cat
);
548 static int sens_destroy(void *key
, void *datum
, void *p
)
550 struct level_datum
*levdatum
;
554 ebitmap_destroy(&levdatum
->level
->cat
);
555 kfree(levdatum
->level
);
560 static int cat_destroy(void *key
, void *datum
, void *p
)
567 static int (*destroy_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
579 static void ocontext_destroy(struct ocontext
*c
, int i
)
581 context_destroy(&c
->context
[0]);
582 context_destroy(&c
->context
[1]);
583 if (i
== OCON_ISID
|| i
== OCON_FS
||
584 i
== OCON_NETIF
|| i
== OCON_FSUSE
)
590 * Free any memory allocated by a policy database structure.
592 void policydb_destroy(struct policydb
*p
)
594 struct ocontext
*c
, *ctmp
;
595 struct genfs
*g
, *gtmp
;
597 struct role_allow
*ra
, *lra
= NULL
;
598 struct role_trans
*tr
, *ltr
= NULL
;
599 struct range_trans
*rt
, *lrt
= NULL
;
601 for (i
= 0; i
< SYM_NUM
; i
++) {
603 hashtab_map(p
->symtab
[i
].table
, destroy_f
[i
], NULL
);
604 hashtab_destroy(p
->symtab
[i
].table
);
607 for (i
= 0; i
< SYM_NUM
; i
++)
608 kfree(p
->sym_val_to_name
[i
]);
610 kfree(p
->class_val_to_struct
);
611 kfree(p
->role_val_to_struct
);
612 kfree(p
->user_val_to_struct
);
614 avtab_destroy(&p
->te_avtab
);
616 for (i
= 0; i
< OCON_NUM
; i
++) {
622 ocontext_destroy(ctmp
,i
);
624 p
->ocontexts
[i
] = NULL
;
635 ocontext_destroy(ctmp
,OCON_FSUSE
);
643 cond_policydb_destroy(p
);
645 for (tr
= p
->role_tr
; tr
; tr
= tr
->next
) {
652 for (ra
= p
->role_allow
; ra
; ra
= ra
-> next
) {
659 for (rt
= p
->range_tr
; rt
; rt
= rt
-> next
) {
662 ebitmap_destroy(&lrt
->target_range
.level
[0].cat
);
663 ebitmap_destroy(&lrt
->target_range
.level
[1].cat
);
669 ebitmap_destroy(&lrt
->target_range
.level
[0].cat
);
670 ebitmap_destroy(&lrt
->target_range
.level
[1].cat
);
674 if (p
->type_attr_map
) {
675 for (i
= 0; i
< p
->p_types
.nprim
; i
++)
676 ebitmap_destroy(&p
->type_attr_map
[i
]);
678 kfree(p
->type_attr_map
);
684 * Load the initial SIDs specified in a policy database
685 * structure into a SID table.
687 int policydb_load_isids(struct policydb
*p
, struct sidtab
*s
)
689 struct ocontext
*head
, *c
;
694 printk(KERN_ERR
"security: out of memory on SID table init\n");
698 head
= p
->ocontexts
[OCON_ISID
];
699 for (c
= head
; c
; c
= c
->next
) {
700 if (!c
->context
[0].user
) {
701 printk(KERN_ERR
"security: SID %s was never "
702 "defined.\n", c
->u
.name
);
706 if (sidtab_insert(s
, c
->sid
[0], &c
->context
[0])) {
707 printk(KERN_ERR
"security: unable to load initial "
708 "SID %s.\n", c
->u
.name
);
718 * Return 1 if the fields in the security context
719 * structure `c' are valid. Return 0 otherwise.
721 int policydb_context_isvalid(struct policydb
*p
, struct context
*c
)
723 struct role_datum
*role
;
724 struct user_datum
*usrdatum
;
726 if (!c
->role
|| c
->role
> p
->p_roles
.nprim
)
729 if (!c
->user
|| c
->user
> p
->p_users
.nprim
)
732 if (!c
->type
|| c
->type
> p
->p_types
.nprim
)
735 if (c
->role
!= OBJECT_R_VAL
) {
737 * Role must be authorized for the type.
739 role
= p
->role_val_to_struct
[c
->role
- 1];
740 if (!ebitmap_get_bit(&role
->types
,
742 /* role may not be associated with type */
746 * User must be authorized for the role.
748 usrdatum
= p
->user_val_to_struct
[c
->user
- 1];
752 if (!ebitmap_get_bit(&usrdatum
->roles
,
754 /* user may not be associated with role */
758 if (!mls_context_isvalid(p
, c
))
765 * Read a MLS range structure from a policydb binary
766 * representation file.
768 static int mls_read_range_helper(struct mls_range
*r
, void *fp
)
774 rc
= next_entry(buf
, fp
, sizeof(u32
));
778 items
= le32_to_cpu(buf
[0]);
779 if (items
> ARRAY_SIZE(buf
)) {
780 printk(KERN_ERR
"security: mls: range overflow\n");
784 rc
= next_entry(buf
, fp
, sizeof(u32
) * items
);
786 printk(KERN_ERR
"security: mls: truncated range\n");
789 r
->level
[0].sens
= le32_to_cpu(buf
[0]);
791 r
->level
[1].sens
= le32_to_cpu(buf
[1]);
793 r
->level
[1].sens
= r
->level
[0].sens
;
795 rc
= ebitmap_read(&r
->level
[0].cat
, fp
);
797 printk(KERN_ERR
"security: mls: error reading low "
802 rc
= ebitmap_read(&r
->level
[1].cat
, fp
);
804 printk(KERN_ERR
"security: mls: error reading high "
809 rc
= ebitmap_cpy(&r
->level
[1].cat
, &r
->level
[0].cat
);
811 printk(KERN_ERR
"security: mls: out of memory\n");
820 ebitmap_destroy(&r
->level
[0].cat
);
825 * Read and validate a security context structure
826 * from a policydb binary representation file.
828 static int context_read_and_validate(struct context
*c
,
835 rc
= next_entry(buf
, fp
, sizeof buf
);
837 printk(KERN_ERR
"security: context truncated\n");
840 c
->user
= le32_to_cpu(buf
[0]);
841 c
->role
= le32_to_cpu(buf
[1]);
842 c
->type
= le32_to_cpu(buf
[2]);
843 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
844 if (mls_read_range_helper(&c
->range
, fp
)) {
845 printk(KERN_ERR
"security: error reading MLS range of "
852 if (!policydb_context_isvalid(p
, c
)) {
853 printk(KERN_ERR
"security: invalid security context\n");
862 * The following *_read functions are used to
863 * read the symbol data from a policy database
864 * binary representation file.
867 static int perm_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
870 struct perm_datum
*perdatum
;
875 perdatum
= kzalloc(sizeof(*perdatum
), GFP_KERNEL
);
881 rc
= next_entry(buf
, fp
, sizeof buf
);
885 len
= le32_to_cpu(buf
[0]);
886 perdatum
->value
= le32_to_cpu(buf
[1]);
888 key
= kmalloc(len
+ 1,GFP_KERNEL
);
893 rc
= next_entry(key
, fp
, len
);
898 rc
= hashtab_insert(h
, key
, perdatum
);
904 perm_destroy(key
, perdatum
, NULL
);
908 static int common_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
911 struct common_datum
*comdatum
;
916 comdatum
= kzalloc(sizeof(*comdatum
), GFP_KERNEL
);
922 rc
= next_entry(buf
, fp
, sizeof buf
);
926 len
= le32_to_cpu(buf
[0]);
927 comdatum
->value
= le32_to_cpu(buf
[1]);
929 rc
= symtab_init(&comdatum
->permissions
, PERM_SYMTAB_SIZE
);
932 comdatum
->permissions
.nprim
= le32_to_cpu(buf
[2]);
933 nel
= le32_to_cpu(buf
[3]);
935 key
= kmalloc(len
+ 1,GFP_KERNEL
);
940 rc
= next_entry(key
, fp
, len
);
945 for (i
= 0; i
< nel
; i
++) {
946 rc
= perm_read(p
, comdatum
->permissions
.table
, fp
);
951 rc
= hashtab_insert(h
, key
, comdatum
);
957 common_destroy(key
, comdatum
, NULL
);
961 static int read_cons_helper(struct constraint_node
**nodep
, int ncons
,
962 int allowxtarget
, void *fp
)
964 struct constraint_node
*c
, *lc
;
965 struct constraint_expr
*e
, *le
;
971 for (i
= 0; i
< ncons
; i
++) {
972 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
982 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
985 c
->permissions
= le32_to_cpu(buf
[0]);
986 nexpr
= le32_to_cpu(buf
[1]);
989 for (j
= 0; j
< nexpr
; j
++) {
990 e
= kzalloc(sizeof(*e
), GFP_KERNEL
);
1000 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 3));
1003 e
->expr_type
= le32_to_cpu(buf
[0]);
1004 e
->attr
= le32_to_cpu(buf
[1]);
1005 e
->op
= le32_to_cpu(buf
[2]);
1007 switch (e
->expr_type
) {
1019 if (depth
== (CEXPR_MAXDEPTH
- 1))
1024 if (!allowxtarget
&& (e
->attr
& CEXPR_XTARGET
))
1026 if (depth
== (CEXPR_MAXDEPTH
- 1))
1029 if (ebitmap_read(&e
->names
, fp
))
1045 static int class_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1048 struct class_datum
*cladatum
;
1050 u32 len
, len2
, ncons
, nel
;
1053 cladatum
= kzalloc(sizeof(*cladatum
), GFP_KERNEL
);
1059 rc
= next_entry(buf
, fp
, sizeof(u32
)*6);
1063 len
= le32_to_cpu(buf
[0]);
1064 len2
= le32_to_cpu(buf
[1]);
1065 cladatum
->value
= le32_to_cpu(buf
[2]);
1067 rc
= symtab_init(&cladatum
->permissions
, PERM_SYMTAB_SIZE
);
1070 cladatum
->permissions
.nprim
= le32_to_cpu(buf
[3]);
1071 nel
= le32_to_cpu(buf
[4]);
1073 ncons
= le32_to_cpu(buf
[5]);
1075 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1080 rc
= next_entry(key
, fp
, len
);
1086 cladatum
->comkey
= kmalloc(len2
+ 1,GFP_KERNEL
);
1087 if (!cladatum
->comkey
) {
1091 rc
= next_entry(cladatum
->comkey
, fp
, len2
);
1094 cladatum
->comkey
[len2
] = 0;
1096 cladatum
->comdatum
= hashtab_search(p
->p_commons
.table
,
1098 if (!cladatum
->comdatum
) {
1099 printk(KERN_ERR
"security: unknown common %s\n",
1105 for (i
= 0; i
< nel
; i
++) {
1106 rc
= perm_read(p
, cladatum
->permissions
.table
, fp
);
1111 rc
= read_cons_helper(&cladatum
->constraints
, ncons
, 0, fp
);
1115 if (p
->policyvers
>= POLICYDB_VERSION_VALIDATETRANS
) {
1116 /* grab the validatetrans rules */
1117 rc
= next_entry(buf
, fp
, sizeof(u32
));
1120 ncons
= le32_to_cpu(buf
[0]);
1121 rc
= read_cons_helper(&cladatum
->validatetrans
, ncons
, 1, fp
);
1126 rc
= hashtab_insert(h
, key
, cladatum
);
1134 cls_destroy(key
, cladatum
, NULL
);
1138 static int role_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1141 struct role_datum
*role
;
1146 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
1152 rc
= next_entry(buf
, fp
, sizeof buf
);
1156 len
= le32_to_cpu(buf
[0]);
1157 role
->value
= le32_to_cpu(buf
[1]);
1159 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1164 rc
= next_entry(key
, fp
, len
);
1169 rc
= ebitmap_read(&role
->dominates
, fp
);
1173 rc
= ebitmap_read(&role
->types
, fp
);
1177 if (strcmp(key
, OBJECT_R
) == 0) {
1178 if (role
->value
!= OBJECT_R_VAL
) {
1179 printk(KERN_ERR
"Role %s has wrong value %d\n",
1180 OBJECT_R
, role
->value
);
1188 rc
= hashtab_insert(h
, key
, role
);
1194 role_destroy(key
, role
, NULL
);
1198 static int type_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1201 struct type_datum
*typdatum
;
1206 typdatum
= kzalloc(sizeof(*typdatum
),GFP_KERNEL
);
1212 rc
= next_entry(buf
, fp
, sizeof buf
);
1216 len
= le32_to_cpu(buf
[0]);
1217 typdatum
->value
= le32_to_cpu(buf
[1]);
1218 typdatum
->primary
= le32_to_cpu(buf
[2]);
1220 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1225 rc
= next_entry(key
, fp
, len
);
1230 rc
= hashtab_insert(h
, key
, typdatum
);
1236 type_destroy(key
, typdatum
, NULL
);
1242 * Read a MLS level structure from a policydb binary
1243 * representation file.
1245 static int mls_read_level(struct mls_level
*lp
, void *fp
)
1250 memset(lp
, 0, sizeof(*lp
));
1252 rc
= next_entry(buf
, fp
, sizeof buf
);
1254 printk(KERN_ERR
"security: mls: truncated level\n");
1257 lp
->sens
= le32_to_cpu(buf
[0]);
1259 if (ebitmap_read(&lp
->cat
, fp
)) {
1260 printk(KERN_ERR
"security: mls: error reading level "
1270 static int user_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1273 struct user_datum
*usrdatum
;
1278 usrdatum
= kzalloc(sizeof(*usrdatum
), GFP_KERNEL
);
1284 rc
= next_entry(buf
, fp
, sizeof buf
);
1288 len
= le32_to_cpu(buf
[0]);
1289 usrdatum
->value
= le32_to_cpu(buf
[1]);
1291 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1296 rc
= next_entry(key
, fp
, len
);
1301 rc
= ebitmap_read(&usrdatum
->roles
, fp
);
1305 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1306 rc
= mls_read_range_helper(&usrdatum
->range
, fp
);
1309 rc
= mls_read_level(&usrdatum
->dfltlevel
, fp
);
1314 rc
= hashtab_insert(h
, key
, usrdatum
);
1320 user_destroy(key
, usrdatum
, NULL
);
1324 static int sens_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1327 struct level_datum
*levdatum
;
1332 levdatum
= kzalloc(sizeof(*levdatum
), GFP_ATOMIC
);
1338 rc
= next_entry(buf
, fp
, sizeof buf
);
1342 len
= le32_to_cpu(buf
[0]);
1343 levdatum
->isalias
= le32_to_cpu(buf
[1]);
1345 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1350 rc
= next_entry(key
, fp
, len
);
1355 levdatum
->level
= kmalloc(sizeof(struct mls_level
), GFP_ATOMIC
);
1356 if (!levdatum
->level
) {
1360 if (mls_read_level(levdatum
->level
, fp
)) {
1365 rc
= hashtab_insert(h
, key
, levdatum
);
1371 sens_destroy(key
, levdatum
, NULL
);
1375 static int cat_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1378 struct cat_datum
*catdatum
;
1383 catdatum
= kzalloc(sizeof(*catdatum
), GFP_ATOMIC
);
1389 rc
= next_entry(buf
, fp
, sizeof buf
);
1393 len
= le32_to_cpu(buf
[0]);
1394 catdatum
->value
= le32_to_cpu(buf
[1]);
1395 catdatum
->isalias
= le32_to_cpu(buf
[2]);
1397 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1402 rc
= next_entry(key
, fp
, len
);
1407 rc
= hashtab_insert(h
, key
, catdatum
);
1414 cat_destroy(key
, catdatum
, NULL
);
1418 static int (*read_f
[SYM_NUM
]) (struct policydb
*p
, struct hashtab
*h
, void *fp
) =
1430 extern int ss_initialized
;
1433 * Read the configuration data from a policy database binary
1434 * representation file into a policy database structure.
1436 int policydb_read(struct policydb
*p
, void *fp
)
1438 struct role_allow
*ra
, *lra
;
1439 struct role_trans
*tr
, *ltr
;
1440 struct ocontext
*l
, *c
, *newc
;
1441 struct genfs
*genfs_p
, *genfs
, *newgenfs
;
1444 u32 len
, len2
, config
, nprim
, nel
, nel2
;
1446 struct policydb_compat_info
*info
;
1447 struct range_trans
*rt
, *lrt
;
1451 rc
= policydb_init(p
);
1455 /* Read the magic number and string length. */
1456 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1460 if (le32_to_cpu(buf
[0]) != POLICYDB_MAGIC
) {
1461 printk(KERN_ERR
"security: policydb magic number 0x%x does "
1462 "not match expected magic number 0x%x\n",
1463 le32_to_cpu(buf
[0]), POLICYDB_MAGIC
);
1467 len
= le32_to_cpu(buf
[1]);
1468 if (len
!= strlen(POLICYDB_STRING
)) {
1469 printk(KERN_ERR
"security: policydb string length %d does not "
1470 "match expected length %Zu\n",
1471 len
, strlen(POLICYDB_STRING
));
1474 policydb_str
= kmalloc(len
+ 1,GFP_KERNEL
);
1475 if (!policydb_str
) {
1476 printk(KERN_ERR
"security: unable to allocate memory for policydb "
1477 "string of length %d\n", len
);
1481 rc
= next_entry(policydb_str
, fp
, len
);
1483 printk(KERN_ERR
"security: truncated policydb string identifier\n");
1484 kfree(policydb_str
);
1487 policydb_str
[len
] = 0;
1488 if (strcmp(policydb_str
, POLICYDB_STRING
)) {
1489 printk(KERN_ERR
"security: policydb string %s does not match "
1490 "my string %s\n", policydb_str
, POLICYDB_STRING
);
1491 kfree(policydb_str
);
1494 /* Done with policydb_str. */
1495 kfree(policydb_str
);
1496 policydb_str
= NULL
;
1498 /* Read the version, config, and table sizes. */
1499 rc
= next_entry(buf
, fp
, sizeof(u32
)*4);
1503 p
->policyvers
= le32_to_cpu(buf
[0]);
1504 if (p
->policyvers
< POLICYDB_VERSION_MIN
||
1505 p
->policyvers
> POLICYDB_VERSION_MAX
) {
1506 printk(KERN_ERR
"security: policydb version %d does not match "
1507 "my version range %d-%d\n",
1508 le32_to_cpu(buf
[0]), POLICYDB_VERSION_MIN
, POLICYDB_VERSION_MAX
);
1512 if ((le32_to_cpu(buf
[1]) & POLICYDB_CONFIG_MLS
)) {
1513 if (ss_initialized
&& !selinux_mls_enabled
) {
1514 printk(KERN_ERR
"Cannot switch between non-MLS and MLS "
1518 selinux_mls_enabled
= 1;
1519 config
|= POLICYDB_CONFIG_MLS
;
1521 if (p
->policyvers
< POLICYDB_VERSION_MLS
) {
1522 printk(KERN_ERR
"security policydb version %d (MLS) "
1523 "not backwards compatible\n", p
->policyvers
);
1527 if (ss_initialized
&& selinux_mls_enabled
) {
1528 printk(KERN_ERR
"Cannot switch between MLS and non-MLS "
1534 info
= policydb_lookup_compat(p
->policyvers
);
1536 printk(KERN_ERR
"security: unable to find policy compat info "
1537 "for version %d\n", p
->policyvers
);
1541 if (le32_to_cpu(buf
[2]) != info
->sym_num
||
1542 le32_to_cpu(buf
[3]) != info
->ocon_num
) {
1543 printk(KERN_ERR
"security: policydb table sizes (%d,%d) do "
1544 "not match mine (%d,%d)\n", le32_to_cpu(buf
[2]),
1545 le32_to_cpu(buf
[3]),
1546 info
->sym_num
, info
->ocon_num
);
1550 for (i
= 0; i
< info
->sym_num
; i
++) {
1551 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1554 nprim
= le32_to_cpu(buf
[0]);
1555 nel
= le32_to_cpu(buf
[1]);
1556 for (j
= 0; j
< nel
; j
++) {
1557 rc
= read_f
[i
](p
, p
->symtab
[i
].table
, fp
);
1562 p
->symtab
[i
].nprim
= nprim
;
1565 rc
= avtab_read(&p
->te_avtab
, fp
, p
->policyvers
);
1569 if (p
->policyvers
>= POLICYDB_VERSION_BOOL
) {
1570 rc
= cond_read_list(p
, fp
);
1575 rc
= next_entry(buf
, fp
, sizeof(u32
));
1578 nel
= le32_to_cpu(buf
[0]);
1580 for (i
= 0; i
< nel
; i
++) {
1581 tr
= kzalloc(sizeof(*tr
), GFP_KERNEL
);
1591 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1594 tr
->role
= le32_to_cpu(buf
[0]);
1595 tr
->type
= le32_to_cpu(buf
[1]);
1596 tr
->new_role
= le32_to_cpu(buf
[2]);
1600 rc
= next_entry(buf
, fp
, sizeof(u32
));
1603 nel
= le32_to_cpu(buf
[0]);
1605 for (i
= 0; i
< nel
; i
++) {
1606 ra
= kzalloc(sizeof(*ra
), GFP_KERNEL
);
1616 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1619 ra
->role
= le32_to_cpu(buf
[0]);
1620 ra
->new_role
= le32_to_cpu(buf
[1]);
1624 rc
= policydb_index_classes(p
);
1628 rc
= policydb_index_others(p
);
1632 for (i
= 0; i
< info
->ocon_num
; i
++) {
1633 rc
= next_entry(buf
, fp
, sizeof(u32
));
1636 nel
= le32_to_cpu(buf
[0]);
1638 for (j
= 0; j
< nel
; j
++) {
1639 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
1647 p
->ocontexts
[i
] = c
;
1653 rc
= next_entry(buf
, fp
, sizeof(u32
));
1656 c
->sid
[0] = le32_to_cpu(buf
[0]);
1657 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1663 rc
= next_entry(buf
, fp
, sizeof(u32
));
1666 len
= le32_to_cpu(buf
[0]);
1667 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1672 rc
= next_entry(c
->u
.name
, fp
, len
);
1676 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1679 rc
= context_read_and_validate(&c
->context
[1], p
, fp
);
1684 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1687 c
->u
.port
.protocol
= le32_to_cpu(buf
[0]);
1688 c
->u
.port
.low_port
= le32_to_cpu(buf
[1]);
1689 c
->u
.port
.high_port
= le32_to_cpu(buf
[2]);
1690 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1695 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1698 c
->u
.node
.addr
= le32_to_cpu(buf
[0]);
1699 c
->u
.node
.mask
= le32_to_cpu(buf
[1]);
1700 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1705 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1708 c
->v
.behavior
= le32_to_cpu(buf
[0]);
1709 if (c
->v
.behavior
> SECURITY_FS_USE_NONE
)
1711 len
= le32_to_cpu(buf
[1]);
1712 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1717 rc
= next_entry(c
->u
.name
, fp
, len
);
1721 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1728 rc
= next_entry(buf
, fp
, sizeof(u32
) * 8);
1731 for (k
= 0; k
< 4; k
++)
1732 c
->u
.node6
.addr
[k
] = le32_to_cpu(buf
[k
]);
1733 for (k
= 0; k
< 4; k
++)
1734 c
->u
.node6
.mask
[k
] = le32_to_cpu(buf
[k
+4]);
1735 if (context_read_and_validate(&c
->context
[0], p
, fp
))
1743 rc
= next_entry(buf
, fp
, sizeof(u32
));
1746 nel
= le32_to_cpu(buf
[0]);
1749 for (i
= 0; i
< nel
; i
++) {
1750 rc
= next_entry(buf
, fp
, sizeof(u32
));
1753 len
= le32_to_cpu(buf
[0]);
1754 newgenfs
= kzalloc(sizeof(*newgenfs
), GFP_KERNEL
);
1760 newgenfs
->fstype
= kmalloc(len
+ 1,GFP_KERNEL
);
1761 if (!newgenfs
->fstype
) {
1766 rc
= next_entry(newgenfs
->fstype
, fp
, len
);
1768 kfree(newgenfs
->fstype
);
1772 newgenfs
->fstype
[len
] = 0;
1773 for (genfs_p
= NULL
, genfs
= p
->genfs
; genfs
;
1774 genfs_p
= genfs
, genfs
= genfs
->next
) {
1775 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) == 0) {
1776 printk(KERN_ERR
"security: dup genfs "
1777 "fstype %s\n", newgenfs
->fstype
);
1778 kfree(newgenfs
->fstype
);
1782 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) < 0)
1785 newgenfs
->next
= genfs
;
1787 genfs_p
->next
= newgenfs
;
1789 p
->genfs
= newgenfs
;
1790 rc
= next_entry(buf
, fp
, sizeof(u32
));
1793 nel2
= le32_to_cpu(buf
[0]);
1794 for (j
= 0; j
< nel2
; j
++) {
1795 rc
= next_entry(buf
, fp
, sizeof(u32
));
1798 len
= le32_to_cpu(buf
[0]);
1800 newc
= kzalloc(sizeof(*newc
), GFP_KERNEL
);
1806 newc
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1807 if (!newc
->u
.name
) {
1811 rc
= next_entry(newc
->u
.name
, fp
, len
);
1814 newc
->u
.name
[len
] = 0;
1815 rc
= next_entry(buf
, fp
, sizeof(u32
));
1818 newc
->v
.sclass
= le32_to_cpu(buf
[0]);
1819 if (context_read_and_validate(&newc
->context
[0], p
, fp
))
1821 for (l
= NULL
, c
= newgenfs
->head
; c
;
1822 l
= c
, c
= c
->next
) {
1823 if (!strcmp(newc
->u
.name
, c
->u
.name
) &&
1824 (!c
->v
.sclass
|| !newc
->v
.sclass
||
1825 newc
->v
.sclass
== c
->v
.sclass
)) {
1826 printk(KERN_ERR
"security: dup genfs "
1828 newgenfs
->fstype
, c
->u
.name
);
1831 len
= strlen(newc
->u
.name
);
1832 len2
= strlen(c
->u
.name
);
1841 newgenfs
->head
= newc
;
1845 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1846 int new_rangetr
= p
->policyvers
>= POLICYDB_VERSION_RANGETRANS
;
1847 rc
= next_entry(buf
, fp
, sizeof(u32
));
1850 nel
= le32_to_cpu(buf
[0]);
1852 for (i
= 0; i
< nel
; i
++) {
1853 rt
= kzalloc(sizeof(*rt
), GFP_KERNEL
);
1862 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
1865 rt
->source_type
= le32_to_cpu(buf
[0]);
1866 rt
->target_type
= le32_to_cpu(buf
[1]);
1868 rc
= next_entry(buf
, fp
, sizeof(u32
));
1871 rt
->target_class
= le32_to_cpu(buf
[0]);
1873 rt
->target_class
= SECCLASS_PROCESS
;
1874 rc
= mls_read_range_helper(&rt
->target_range
, fp
);
1881 p
->type_attr_map
= kmalloc(p
->p_types
.nprim
*sizeof(struct ebitmap
), GFP_KERNEL
);
1882 if (!p
->type_attr_map
)
1885 for (i
= 0; i
< p
->p_types
.nprim
; i
++) {
1886 ebitmap_init(&p
->type_attr_map
[i
]);
1887 if (p
->policyvers
>= POLICYDB_VERSION_AVTAB
) {
1888 if (ebitmap_read(&p
->type_attr_map
[i
], fp
))
1891 /* add the type itself as the degenerate case */
1892 if (ebitmap_set_bit(&p
->type_attr_map
[i
], i
, 1))
1900 ocontext_destroy(newc
,OCON_FSUSE
);
1904 policydb_destroy(p
);