2 * Implementation of the policy database.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10 * Support for enhanced MLS infrastructure.
12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 * Added conditional policy language extensions
16 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation, version 2.
23 #include <linux/kernel.h>
24 #include <linux/slab.h>
25 #include <linux/string.h>
26 #include <linux/errno.h>
30 #include "conditional.h"
36 static char *symtab_name
[SYM_NUM
] = {
48 int selinux_mls_enabled
= 0;
50 static unsigned int symtab_sizes
[SYM_NUM
] = {
61 struct policydb_compat_info
{
67 /* These need to be updated if SYM_NUM or OCON_NUM changes */
68 static struct policydb_compat_info policydb_compat
[] = {
70 .version
= POLICYDB_VERSION_BASE
,
71 .sym_num
= SYM_NUM
- 3,
72 .ocon_num
= OCON_NUM
- 1,
75 .version
= POLICYDB_VERSION_BOOL
,
76 .sym_num
= SYM_NUM
- 2,
77 .ocon_num
= OCON_NUM
- 1,
80 .version
= POLICYDB_VERSION_IPV6
,
81 .sym_num
= SYM_NUM
- 2,
85 .version
= POLICYDB_VERSION_NLCLASS
,
86 .sym_num
= SYM_NUM
- 2,
90 .version
= POLICYDB_VERSION_MLS
,
95 .version
= POLICYDB_VERSION_AVTAB
,
101 static struct policydb_compat_info
*policydb_lookup_compat(int version
)
104 struct policydb_compat_info
*info
= NULL
;
106 for (i
= 0; i
< ARRAY_SIZE(policydb_compat
); i
++) {
107 if (policydb_compat
[i
].version
== version
) {
108 info
= &policydb_compat
[i
];
116 * Initialize the role table.
118 static int roles_init(struct policydb
*p
)
122 struct role_datum
*role
;
124 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
129 role
->value
= ++p
->p_roles
.nprim
;
130 if (role
->value
!= OBJECT_R_VAL
) {
134 key
= kmalloc(strlen(OBJECT_R
)+1,GFP_KERNEL
);
139 strcpy(key
, OBJECT_R
);
140 rc
= hashtab_insert(p
->p_roles
.table
, key
, role
);
154 * Initialize a policy database structure.
156 static int policydb_init(struct policydb
*p
)
160 memset(p
, 0, sizeof(*p
));
162 for (i
= 0; i
< SYM_NUM
; i
++) {
163 rc
= symtab_init(&p
->symtab
[i
], symtab_sizes
[i
]);
165 goto out_free_symtab
;
168 rc
= avtab_init(&p
->te_avtab
);
170 goto out_free_symtab
;
176 rc
= cond_policydb_init(p
);
184 avtab_destroy(&p
->te_avtab
);
187 for (i
= 0; i
< SYM_NUM
; i
++)
188 hashtab_destroy(p
->symtab
[i
].table
);
193 * The following *_index functions are used to
194 * define the val_to_name and val_to_struct arrays
195 * in a policy database structure. The val_to_name
196 * arrays are used when converting security context
197 * structures into string representations. The
198 * val_to_struct arrays are used when the attributes
199 * of a class, role, or user are needed.
202 static int common_index(void *key
, void *datum
, void *datap
)
205 struct common_datum
*comdatum
;
209 if (!comdatum
->value
|| comdatum
->value
> p
->p_commons
.nprim
)
211 p
->p_common_val_to_name
[comdatum
->value
- 1] = key
;
215 static int class_index(void *key
, void *datum
, void *datap
)
218 struct class_datum
*cladatum
;
222 if (!cladatum
->value
|| cladatum
->value
> p
->p_classes
.nprim
)
224 p
->p_class_val_to_name
[cladatum
->value
- 1] = key
;
225 p
->class_val_to_struct
[cladatum
->value
- 1] = cladatum
;
229 static int role_index(void *key
, void *datum
, void *datap
)
232 struct role_datum
*role
;
236 if (!role
->value
|| role
->value
> p
->p_roles
.nprim
)
238 p
->p_role_val_to_name
[role
->value
- 1] = key
;
239 p
->role_val_to_struct
[role
->value
- 1] = role
;
243 static int type_index(void *key
, void *datum
, void *datap
)
246 struct type_datum
*typdatum
;
251 if (typdatum
->primary
) {
252 if (!typdatum
->value
|| typdatum
->value
> p
->p_types
.nprim
)
254 p
->p_type_val_to_name
[typdatum
->value
- 1] = key
;
260 static int user_index(void *key
, void *datum
, void *datap
)
263 struct user_datum
*usrdatum
;
267 if (!usrdatum
->value
|| usrdatum
->value
> p
->p_users
.nprim
)
269 p
->p_user_val_to_name
[usrdatum
->value
- 1] = key
;
270 p
->user_val_to_struct
[usrdatum
->value
- 1] = usrdatum
;
274 static int sens_index(void *key
, void *datum
, void *datap
)
277 struct level_datum
*levdatum
;
282 if (!levdatum
->isalias
) {
283 if (!levdatum
->level
->sens
||
284 levdatum
->level
->sens
> p
->p_levels
.nprim
)
286 p
->p_sens_val_to_name
[levdatum
->level
->sens
- 1] = key
;
292 static int cat_index(void *key
, void *datum
, void *datap
)
295 struct cat_datum
*catdatum
;
300 if (!catdatum
->isalias
) {
301 if (!catdatum
->value
|| catdatum
->value
> p
->p_cats
.nprim
)
303 p
->p_cat_val_to_name
[catdatum
->value
- 1] = key
;
309 static int (*index_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
322 * Define the common val_to_name array and the class
323 * val_to_name and val_to_struct arrays in a policy
324 * database structure.
326 * Caller must clean up upon failure.
328 static int policydb_index_classes(struct policydb
*p
)
332 p
->p_common_val_to_name
=
333 kmalloc(p
->p_commons
.nprim
* sizeof(char *), GFP_KERNEL
);
334 if (!p
->p_common_val_to_name
) {
339 rc
= hashtab_map(p
->p_commons
.table
, common_index
, p
);
343 p
->class_val_to_struct
=
344 kmalloc(p
->p_classes
.nprim
* sizeof(*(p
->class_val_to_struct
)), GFP_KERNEL
);
345 if (!p
->class_val_to_struct
) {
350 p
->p_class_val_to_name
=
351 kmalloc(p
->p_classes
.nprim
* sizeof(char *), GFP_KERNEL
);
352 if (!p
->p_class_val_to_name
) {
357 rc
= hashtab_map(p
->p_classes
.table
, class_index
, p
);
363 static void symtab_hash_eval(struct symtab
*s
)
367 for (i
= 0; i
< SYM_NUM
; i
++) {
368 struct hashtab
*h
= s
[i
].table
;
369 struct hashtab_info info
;
371 hashtab_stat(h
, &info
);
372 printk(KERN_INFO
"%s: %d entries and %d/%d buckets used, "
373 "longest chain length %d\n", symtab_name
[i
], h
->nel
,
374 info
.slots_used
, h
->size
, info
.max_chain_len
);
380 * Define the other val_to_name and val_to_struct arrays
381 * in a policy database structure.
383 * Caller must clean up on failure.
385 static int policydb_index_others(struct policydb
*p
)
389 printk(KERN_INFO
"security: %d users, %d roles, %d types, %d bools",
390 p
->p_users
.nprim
, p
->p_roles
.nprim
, p
->p_types
.nprim
, p
->p_bools
.nprim
);
391 if (selinux_mls_enabled
)
392 printk(", %d sens, %d cats", p
->p_levels
.nprim
,
396 printk(KERN_INFO
"security: %d classes, %d rules\n",
397 p
->p_classes
.nprim
, p
->te_avtab
.nel
);
400 avtab_hash_eval(&p
->te_avtab
, "rules");
401 symtab_hash_eval(p
->symtab
);
404 p
->role_val_to_struct
=
405 kmalloc(p
->p_roles
.nprim
* sizeof(*(p
->role_val_to_struct
)),
407 if (!p
->role_val_to_struct
) {
412 p
->user_val_to_struct
=
413 kmalloc(p
->p_users
.nprim
* sizeof(*(p
->user_val_to_struct
)),
415 if (!p
->user_val_to_struct
) {
420 if (cond_init_bool_indexes(p
)) {
425 for (i
= SYM_ROLES
; i
< SYM_NUM
; i
++) {
426 p
->sym_val_to_name
[i
] =
427 kmalloc(p
->symtab
[i
].nprim
* sizeof(char *), GFP_KERNEL
);
428 if (!p
->sym_val_to_name
[i
]) {
432 rc
= hashtab_map(p
->symtab
[i
].table
, index_f
[i
], p
);
442 * The following *_destroy functions are used to
443 * free any memory allocated for each kind of
444 * symbol data in the policy database.
447 static int perm_destroy(void *key
, void *datum
, void *p
)
454 static int common_destroy(void *key
, void *datum
, void *p
)
456 struct common_datum
*comdatum
;
460 hashtab_map(comdatum
->permissions
.table
, perm_destroy
, NULL
);
461 hashtab_destroy(comdatum
->permissions
.table
);
466 static int class_destroy(void *key
, void *datum
, void *p
)
468 struct class_datum
*cladatum
;
469 struct constraint_node
*constraint
, *ctemp
;
470 struct constraint_expr
*e
, *etmp
;
474 hashtab_map(cladatum
->permissions
.table
, perm_destroy
, NULL
);
475 hashtab_destroy(cladatum
->permissions
.table
);
476 constraint
= cladatum
->constraints
;
478 e
= constraint
->expr
;
480 ebitmap_destroy(&e
->names
);
486 constraint
= constraint
->next
;
490 constraint
= cladatum
->validatetrans
;
492 e
= constraint
->expr
;
494 ebitmap_destroy(&e
->names
);
500 constraint
= constraint
->next
;
504 kfree(cladatum
->comkey
);
509 static int role_destroy(void *key
, void *datum
, void *p
)
511 struct role_datum
*role
;
515 ebitmap_destroy(&role
->dominates
);
516 ebitmap_destroy(&role
->types
);
521 static int type_destroy(void *key
, void *datum
, void *p
)
528 static int user_destroy(void *key
, void *datum
, void *p
)
530 struct user_datum
*usrdatum
;
534 ebitmap_destroy(&usrdatum
->roles
);
535 ebitmap_destroy(&usrdatum
->range
.level
[0].cat
);
536 ebitmap_destroy(&usrdatum
->range
.level
[1].cat
);
537 ebitmap_destroy(&usrdatum
->dfltlevel
.cat
);
542 static int sens_destroy(void *key
, void *datum
, void *p
)
544 struct level_datum
*levdatum
;
548 ebitmap_destroy(&levdatum
->level
->cat
);
549 kfree(levdatum
->level
);
554 static int cat_destroy(void *key
, void *datum
, void *p
)
561 static int (*destroy_f
[SYM_NUM
]) (void *key
, void *datum
, void *datap
) =
573 static void ocontext_destroy(struct ocontext
*c
, int i
)
575 context_destroy(&c
->context
[0]);
576 context_destroy(&c
->context
[1]);
577 if (i
== OCON_ISID
|| i
== OCON_FS
||
578 i
== OCON_NETIF
|| i
== OCON_FSUSE
)
584 * Free any memory allocated by a policy database structure.
586 void policydb_destroy(struct policydb
*p
)
588 struct ocontext
*c
, *ctmp
;
589 struct genfs
*g
, *gtmp
;
591 struct role_allow
*ra
, *lra
= NULL
;
592 struct role_trans
*tr
, *ltr
= NULL
;
593 struct range_trans
*rt
, *lrt
= NULL
;
595 for (i
= 0; i
< SYM_NUM
; i
++) {
596 hashtab_map(p
->symtab
[i
].table
, destroy_f
[i
], NULL
);
597 hashtab_destroy(p
->symtab
[i
].table
);
600 for (i
= 0; i
< SYM_NUM
; i
++)
601 kfree(p
->sym_val_to_name
[i
]);
603 kfree(p
->class_val_to_struct
);
604 kfree(p
->role_val_to_struct
);
605 kfree(p
->user_val_to_struct
);
607 avtab_destroy(&p
->te_avtab
);
609 for (i
= 0; i
< OCON_NUM
; i
++) {
614 ocontext_destroy(ctmp
,i
);
625 ocontext_destroy(ctmp
,OCON_FSUSE
);
632 cond_policydb_destroy(p
);
634 for (tr
= p
->role_tr
; tr
; tr
= tr
->next
) {
640 for (ra
= p
->role_allow
; ra
; ra
= ra
-> next
) {
646 for (rt
= p
->range_tr
; rt
; rt
= rt
-> next
) {
648 ebitmap_destroy(&lrt
->range
.level
[0].cat
);
649 ebitmap_destroy(&lrt
->range
.level
[1].cat
);
655 ebitmap_destroy(&lrt
->range
.level
[0].cat
);
656 ebitmap_destroy(&lrt
->range
.level
[1].cat
);
660 if (p
->type_attr_map
) {
661 for (i
= 0; i
< p
->p_types
.nprim
; i
++)
662 ebitmap_destroy(&p
->type_attr_map
[i
]);
664 kfree(p
->type_attr_map
);
670 * Load the initial SIDs specified in a policy database
671 * structure into a SID table.
673 int policydb_load_isids(struct policydb
*p
, struct sidtab
*s
)
675 struct ocontext
*head
, *c
;
680 printk(KERN_ERR
"security: out of memory on SID table init\n");
684 head
= p
->ocontexts
[OCON_ISID
];
685 for (c
= head
; c
; c
= c
->next
) {
686 if (!c
->context
[0].user
) {
687 printk(KERN_ERR
"security: SID %s was never "
688 "defined.\n", c
->u
.name
);
692 if (sidtab_insert(s
, c
->sid
[0], &c
->context
[0])) {
693 printk(KERN_ERR
"security: unable to load initial "
694 "SID %s.\n", c
->u
.name
);
704 * Return 1 if the fields in the security context
705 * structure `c' are valid. Return 0 otherwise.
707 int policydb_context_isvalid(struct policydb
*p
, struct context
*c
)
709 struct role_datum
*role
;
710 struct user_datum
*usrdatum
;
712 if (!c
->role
|| c
->role
> p
->p_roles
.nprim
)
715 if (!c
->user
|| c
->user
> p
->p_users
.nprim
)
718 if (!c
->type
|| c
->type
> p
->p_types
.nprim
)
721 if (c
->role
!= OBJECT_R_VAL
) {
723 * Role must be authorized for the type.
725 role
= p
->role_val_to_struct
[c
->role
- 1];
726 if (!ebitmap_get_bit(&role
->types
,
728 /* role may not be associated with type */
732 * User must be authorized for the role.
734 usrdatum
= p
->user_val_to_struct
[c
->user
- 1];
738 if (!ebitmap_get_bit(&usrdatum
->roles
,
740 /* user may not be associated with role */
744 if (!mls_context_isvalid(p
, c
))
751 * Read a MLS range structure from a policydb binary
752 * representation file.
754 static int mls_read_range_helper(struct mls_range
*r
, void *fp
)
760 rc
= next_entry(buf
, fp
, sizeof(u32
));
764 items
= le32_to_cpu(buf
[0]);
765 if (items
> ARRAY_SIZE(buf
)) {
766 printk(KERN_ERR
"security: mls: range overflow\n");
770 rc
= next_entry(buf
, fp
, sizeof(u32
) * items
);
772 printk(KERN_ERR
"security: mls: truncated range\n");
775 r
->level
[0].sens
= le32_to_cpu(buf
[0]);
777 r
->level
[1].sens
= le32_to_cpu(buf
[1]);
779 r
->level
[1].sens
= r
->level
[0].sens
;
781 rc
= ebitmap_read(&r
->level
[0].cat
, fp
);
783 printk(KERN_ERR
"security: mls: error reading low "
788 rc
= ebitmap_read(&r
->level
[1].cat
, fp
);
790 printk(KERN_ERR
"security: mls: error reading high "
795 rc
= ebitmap_cpy(&r
->level
[1].cat
, &r
->level
[0].cat
);
797 printk(KERN_ERR
"security: mls: out of memory\n");
806 ebitmap_destroy(&r
->level
[0].cat
);
811 * Read and validate a security context structure
812 * from a policydb binary representation file.
814 static int context_read_and_validate(struct context
*c
,
821 rc
= next_entry(buf
, fp
, sizeof buf
);
823 printk(KERN_ERR
"security: context truncated\n");
826 c
->user
= le32_to_cpu(buf
[0]);
827 c
->role
= le32_to_cpu(buf
[1]);
828 c
->type
= le32_to_cpu(buf
[2]);
829 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
830 if (mls_read_range_helper(&c
->range
, fp
)) {
831 printk(KERN_ERR
"security: error reading MLS range of "
838 if (!policydb_context_isvalid(p
, c
)) {
839 printk(KERN_ERR
"security: invalid security context\n");
848 * The following *_read functions are used to
849 * read the symbol data from a policy database
850 * binary representation file.
853 static int perm_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
856 struct perm_datum
*perdatum
;
861 perdatum
= kzalloc(sizeof(*perdatum
), GFP_KERNEL
);
867 rc
= next_entry(buf
, fp
, sizeof buf
);
871 len
= le32_to_cpu(buf
[0]);
872 perdatum
->value
= le32_to_cpu(buf
[1]);
874 key
= kmalloc(len
+ 1,GFP_KERNEL
);
879 rc
= next_entry(key
, fp
, len
);
884 rc
= hashtab_insert(h
, key
, perdatum
);
890 perm_destroy(key
, perdatum
, NULL
);
894 static int common_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
897 struct common_datum
*comdatum
;
902 comdatum
= kzalloc(sizeof(*comdatum
), GFP_KERNEL
);
908 rc
= next_entry(buf
, fp
, sizeof buf
);
912 len
= le32_to_cpu(buf
[0]);
913 comdatum
->value
= le32_to_cpu(buf
[1]);
915 rc
= symtab_init(&comdatum
->permissions
, PERM_SYMTAB_SIZE
);
918 comdatum
->permissions
.nprim
= le32_to_cpu(buf
[2]);
919 nel
= le32_to_cpu(buf
[3]);
921 key
= kmalloc(len
+ 1,GFP_KERNEL
);
926 rc
= next_entry(key
, fp
, len
);
931 for (i
= 0; i
< nel
; i
++) {
932 rc
= perm_read(p
, comdatum
->permissions
.table
, fp
);
937 rc
= hashtab_insert(h
, key
, comdatum
);
943 common_destroy(key
, comdatum
, NULL
);
947 static int read_cons_helper(struct constraint_node
**nodep
, int ncons
,
948 int allowxtarget
, void *fp
)
950 struct constraint_node
*c
, *lc
;
951 struct constraint_expr
*e
, *le
;
957 for (i
= 0; i
< ncons
; i
++) {
958 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
968 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
971 c
->permissions
= le32_to_cpu(buf
[0]);
972 nexpr
= le32_to_cpu(buf
[1]);
975 for (j
= 0; j
< nexpr
; j
++) {
976 e
= kzalloc(sizeof(*e
), GFP_KERNEL
);
986 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 3));
989 e
->expr_type
= le32_to_cpu(buf
[0]);
990 e
->attr
= le32_to_cpu(buf
[1]);
991 e
->op
= le32_to_cpu(buf
[2]);
993 switch (e
->expr_type
) {
1005 if (depth
== (CEXPR_MAXDEPTH
- 1))
1010 if (!allowxtarget
&& (e
->attr
& CEXPR_XTARGET
))
1012 if (depth
== (CEXPR_MAXDEPTH
- 1))
1015 if (ebitmap_read(&e
->names
, fp
))
1031 static int class_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1034 struct class_datum
*cladatum
;
1036 u32 len
, len2
, ncons
, nel
;
1039 cladatum
= kzalloc(sizeof(*cladatum
), GFP_KERNEL
);
1045 rc
= next_entry(buf
, fp
, sizeof(u32
)*6);
1049 len
= le32_to_cpu(buf
[0]);
1050 len2
= le32_to_cpu(buf
[1]);
1051 cladatum
->value
= le32_to_cpu(buf
[2]);
1053 rc
= symtab_init(&cladatum
->permissions
, PERM_SYMTAB_SIZE
);
1056 cladatum
->permissions
.nprim
= le32_to_cpu(buf
[3]);
1057 nel
= le32_to_cpu(buf
[4]);
1059 ncons
= le32_to_cpu(buf
[5]);
1061 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1066 rc
= next_entry(key
, fp
, len
);
1072 cladatum
->comkey
= kmalloc(len2
+ 1,GFP_KERNEL
);
1073 if (!cladatum
->comkey
) {
1077 rc
= next_entry(cladatum
->comkey
, fp
, len2
);
1080 cladatum
->comkey
[len2
] = 0;
1082 cladatum
->comdatum
= hashtab_search(p
->p_commons
.table
,
1084 if (!cladatum
->comdatum
) {
1085 printk(KERN_ERR
"security: unknown common %s\n",
1091 for (i
= 0; i
< nel
; i
++) {
1092 rc
= perm_read(p
, cladatum
->permissions
.table
, fp
);
1097 rc
= read_cons_helper(&cladatum
->constraints
, ncons
, 0, fp
);
1101 if (p
->policyvers
>= POLICYDB_VERSION_VALIDATETRANS
) {
1102 /* grab the validatetrans rules */
1103 rc
= next_entry(buf
, fp
, sizeof(u32
));
1106 ncons
= le32_to_cpu(buf
[0]);
1107 rc
= read_cons_helper(&cladatum
->validatetrans
, ncons
, 1, fp
);
1112 rc
= hashtab_insert(h
, key
, cladatum
);
1120 class_destroy(key
, cladatum
, NULL
);
1124 static int role_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1127 struct role_datum
*role
;
1132 role
= kzalloc(sizeof(*role
), GFP_KERNEL
);
1138 rc
= next_entry(buf
, fp
, sizeof buf
);
1142 len
= le32_to_cpu(buf
[0]);
1143 role
->value
= le32_to_cpu(buf
[1]);
1145 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1150 rc
= next_entry(key
, fp
, len
);
1155 rc
= ebitmap_read(&role
->dominates
, fp
);
1159 rc
= ebitmap_read(&role
->types
, fp
);
1163 if (strcmp(key
, OBJECT_R
) == 0) {
1164 if (role
->value
!= OBJECT_R_VAL
) {
1165 printk(KERN_ERR
"Role %s has wrong value %d\n",
1166 OBJECT_R
, role
->value
);
1174 rc
= hashtab_insert(h
, key
, role
);
1180 role_destroy(key
, role
, NULL
);
1184 static int type_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1187 struct type_datum
*typdatum
;
1192 typdatum
= kzalloc(sizeof(*typdatum
),GFP_KERNEL
);
1198 rc
= next_entry(buf
, fp
, sizeof buf
);
1202 len
= le32_to_cpu(buf
[0]);
1203 typdatum
->value
= le32_to_cpu(buf
[1]);
1204 typdatum
->primary
= le32_to_cpu(buf
[2]);
1206 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1211 rc
= next_entry(key
, fp
, len
);
1216 rc
= hashtab_insert(h
, key
, typdatum
);
1222 type_destroy(key
, typdatum
, NULL
);
1228 * Read a MLS level structure from a policydb binary
1229 * representation file.
1231 static int mls_read_level(struct mls_level
*lp
, void *fp
)
1236 memset(lp
, 0, sizeof(*lp
));
1238 rc
= next_entry(buf
, fp
, sizeof buf
);
1240 printk(KERN_ERR
"security: mls: truncated level\n");
1243 lp
->sens
= le32_to_cpu(buf
[0]);
1245 if (ebitmap_read(&lp
->cat
, fp
)) {
1246 printk(KERN_ERR
"security: mls: error reading level "
1256 static int user_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1259 struct user_datum
*usrdatum
;
1264 usrdatum
= kzalloc(sizeof(*usrdatum
), GFP_KERNEL
);
1270 rc
= next_entry(buf
, fp
, sizeof buf
);
1274 len
= le32_to_cpu(buf
[0]);
1275 usrdatum
->value
= le32_to_cpu(buf
[1]);
1277 key
= kmalloc(len
+ 1,GFP_KERNEL
);
1282 rc
= next_entry(key
, fp
, len
);
1287 rc
= ebitmap_read(&usrdatum
->roles
, fp
);
1291 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1292 rc
= mls_read_range_helper(&usrdatum
->range
, fp
);
1295 rc
= mls_read_level(&usrdatum
->dfltlevel
, fp
);
1300 rc
= hashtab_insert(h
, key
, usrdatum
);
1306 user_destroy(key
, usrdatum
, NULL
);
1310 static int sens_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1313 struct level_datum
*levdatum
;
1318 levdatum
= kzalloc(sizeof(*levdatum
), GFP_ATOMIC
);
1324 rc
= next_entry(buf
, fp
, sizeof buf
);
1328 len
= le32_to_cpu(buf
[0]);
1329 levdatum
->isalias
= le32_to_cpu(buf
[1]);
1331 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1336 rc
= next_entry(key
, fp
, len
);
1341 levdatum
->level
= kmalloc(sizeof(struct mls_level
), GFP_ATOMIC
);
1342 if (!levdatum
->level
) {
1346 if (mls_read_level(levdatum
->level
, fp
)) {
1351 rc
= hashtab_insert(h
, key
, levdatum
);
1357 sens_destroy(key
, levdatum
, NULL
);
1361 static int cat_read(struct policydb
*p
, struct hashtab
*h
, void *fp
)
1364 struct cat_datum
*catdatum
;
1369 catdatum
= kzalloc(sizeof(*catdatum
), GFP_ATOMIC
);
1375 rc
= next_entry(buf
, fp
, sizeof buf
);
1379 len
= le32_to_cpu(buf
[0]);
1380 catdatum
->value
= le32_to_cpu(buf
[1]);
1381 catdatum
->isalias
= le32_to_cpu(buf
[2]);
1383 key
= kmalloc(len
+ 1,GFP_ATOMIC
);
1388 rc
= next_entry(key
, fp
, len
);
1393 rc
= hashtab_insert(h
, key
, catdatum
);
1400 cat_destroy(key
, catdatum
, NULL
);
1404 static int (*read_f
[SYM_NUM
]) (struct policydb
*p
, struct hashtab
*h
, void *fp
) =
1416 extern int ss_initialized
;
1419 * Read the configuration data from a policy database binary
1420 * representation file into a policy database structure.
1422 int policydb_read(struct policydb
*p
, void *fp
)
1424 struct role_allow
*ra
, *lra
;
1425 struct role_trans
*tr
, *ltr
;
1426 struct ocontext
*l
, *c
, *newc
;
1427 struct genfs
*genfs_p
, *genfs
, *newgenfs
;
1430 u32 len
, len2
, config
, nprim
, nel
, nel2
;
1432 struct policydb_compat_info
*info
;
1433 struct range_trans
*rt
, *lrt
;
1437 rc
= policydb_init(p
);
1441 /* Read the magic number and string length. */
1442 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1446 if (le32_to_cpu(buf
[0]) != POLICYDB_MAGIC
) {
1447 printk(KERN_ERR
"security: policydb magic number 0x%x does "
1448 "not match expected magic number 0x%x\n",
1449 le32_to_cpu(buf
[0]), POLICYDB_MAGIC
);
1453 len
= le32_to_cpu(buf
[1]);
1454 if (len
!= strlen(POLICYDB_STRING
)) {
1455 printk(KERN_ERR
"security: policydb string length %d does not "
1456 "match expected length %Zu\n",
1457 len
, strlen(POLICYDB_STRING
));
1460 policydb_str
= kmalloc(len
+ 1,GFP_KERNEL
);
1461 if (!policydb_str
) {
1462 printk(KERN_ERR
"security: unable to allocate memory for policydb "
1463 "string of length %d\n", len
);
1467 rc
= next_entry(policydb_str
, fp
, len
);
1469 printk(KERN_ERR
"security: truncated policydb string identifier\n");
1470 kfree(policydb_str
);
1473 policydb_str
[len
] = 0;
1474 if (strcmp(policydb_str
, POLICYDB_STRING
)) {
1475 printk(KERN_ERR
"security: policydb string %s does not match "
1476 "my string %s\n", policydb_str
, POLICYDB_STRING
);
1477 kfree(policydb_str
);
1480 /* Done with policydb_str. */
1481 kfree(policydb_str
);
1482 policydb_str
= NULL
;
1484 /* Read the version, config, and table sizes. */
1485 rc
= next_entry(buf
, fp
, sizeof(u32
)*4);
1489 p
->policyvers
= le32_to_cpu(buf
[0]);
1490 if (p
->policyvers
< POLICYDB_VERSION_MIN
||
1491 p
->policyvers
> POLICYDB_VERSION_MAX
) {
1492 printk(KERN_ERR
"security: policydb version %d does not match "
1493 "my version range %d-%d\n",
1494 le32_to_cpu(buf
[0]), POLICYDB_VERSION_MIN
, POLICYDB_VERSION_MAX
);
1498 if ((le32_to_cpu(buf
[1]) & POLICYDB_CONFIG_MLS
)) {
1499 if (ss_initialized
&& !selinux_mls_enabled
) {
1500 printk(KERN_ERR
"Cannot switch between non-MLS and MLS "
1504 selinux_mls_enabled
= 1;
1505 config
|= POLICYDB_CONFIG_MLS
;
1507 if (p
->policyvers
< POLICYDB_VERSION_MLS
) {
1508 printk(KERN_ERR
"security policydb version %d (MLS) "
1509 "not backwards compatible\n", p
->policyvers
);
1513 if (ss_initialized
&& selinux_mls_enabled
) {
1514 printk(KERN_ERR
"Cannot switch between MLS and non-MLS "
1520 info
= policydb_lookup_compat(p
->policyvers
);
1522 printk(KERN_ERR
"security: unable to find policy compat info "
1523 "for version %d\n", p
->policyvers
);
1527 if (le32_to_cpu(buf
[2]) != info
->sym_num
||
1528 le32_to_cpu(buf
[3]) != info
->ocon_num
) {
1529 printk(KERN_ERR
"security: policydb table sizes (%d,%d) do "
1530 "not match mine (%d,%d)\n", le32_to_cpu(buf
[2]),
1531 le32_to_cpu(buf
[3]),
1532 info
->sym_num
, info
->ocon_num
);
1536 for (i
= 0; i
< info
->sym_num
; i
++) {
1537 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1540 nprim
= le32_to_cpu(buf
[0]);
1541 nel
= le32_to_cpu(buf
[1]);
1542 for (j
= 0; j
< nel
; j
++) {
1543 rc
= read_f
[i
](p
, p
->symtab
[i
].table
, fp
);
1548 p
->symtab
[i
].nprim
= nprim
;
1551 rc
= avtab_read(&p
->te_avtab
, fp
, p
->policyvers
);
1555 if (p
->policyvers
>= POLICYDB_VERSION_BOOL
) {
1556 rc
= cond_read_list(p
, fp
);
1561 rc
= next_entry(buf
, fp
, sizeof(u32
));
1564 nel
= le32_to_cpu(buf
[0]);
1566 for (i
= 0; i
< nel
; i
++) {
1567 tr
= kzalloc(sizeof(*tr
), GFP_KERNEL
);
1577 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1580 tr
->role
= le32_to_cpu(buf
[0]);
1581 tr
->type
= le32_to_cpu(buf
[1]);
1582 tr
->new_role
= le32_to_cpu(buf
[2]);
1586 rc
= next_entry(buf
, fp
, sizeof(u32
));
1589 nel
= le32_to_cpu(buf
[0]);
1591 for (i
= 0; i
< nel
; i
++) {
1592 ra
= kzalloc(sizeof(*ra
), GFP_KERNEL
);
1602 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1605 ra
->role
= le32_to_cpu(buf
[0]);
1606 ra
->new_role
= le32_to_cpu(buf
[1]);
1610 rc
= policydb_index_classes(p
);
1614 rc
= policydb_index_others(p
);
1618 for (i
= 0; i
< info
->ocon_num
; i
++) {
1619 rc
= next_entry(buf
, fp
, sizeof(u32
));
1622 nel
= le32_to_cpu(buf
[0]);
1624 for (j
= 0; j
< nel
; j
++) {
1625 c
= kzalloc(sizeof(*c
), GFP_KERNEL
);
1633 p
->ocontexts
[i
] = c
;
1639 rc
= next_entry(buf
, fp
, sizeof(u32
));
1642 c
->sid
[0] = le32_to_cpu(buf
[0]);
1643 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1649 rc
= next_entry(buf
, fp
, sizeof(u32
));
1652 len
= le32_to_cpu(buf
[0]);
1653 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1658 rc
= next_entry(c
->u
.name
, fp
, len
);
1662 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1665 rc
= context_read_and_validate(&c
->context
[1], p
, fp
);
1670 rc
= next_entry(buf
, fp
, sizeof(u32
)*3);
1673 c
->u
.port
.protocol
= le32_to_cpu(buf
[0]);
1674 c
->u
.port
.low_port
= le32_to_cpu(buf
[1]);
1675 c
->u
.port
.high_port
= le32_to_cpu(buf
[2]);
1676 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1681 rc
= next_entry(buf
, fp
, sizeof(u32
)* 2);
1684 c
->u
.node
.addr
= le32_to_cpu(buf
[0]);
1685 c
->u
.node
.mask
= le32_to_cpu(buf
[1]);
1686 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1691 rc
= next_entry(buf
, fp
, sizeof(u32
)*2);
1694 c
->v
.behavior
= le32_to_cpu(buf
[0]);
1695 if (c
->v
.behavior
> SECURITY_FS_USE_NONE
)
1697 len
= le32_to_cpu(buf
[1]);
1698 c
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1703 rc
= next_entry(c
->u
.name
, fp
, len
);
1707 rc
= context_read_and_validate(&c
->context
[0], p
, fp
);
1714 rc
= next_entry(buf
, fp
, sizeof(u32
) * 8);
1717 for (k
= 0; k
< 4; k
++)
1718 c
->u
.node6
.addr
[k
] = le32_to_cpu(buf
[k
]);
1719 for (k
= 0; k
< 4; k
++)
1720 c
->u
.node6
.mask
[k
] = le32_to_cpu(buf
[k
+4]);
1721 if (context_read_and_validate(&c
->context
[0], p
, fp
))
1729 rc
= next_entry(buf
, fp
, sizeof(u32
));
1732 nel
= le32_to_cpu(buf
[0]);
1735 for (i
= 0; i
< nel
; i
++) {
1736 rc
= next_entry(buf
, fp
, sizeof(u32
));
1739 len
= le32_to_cpu(buf
[0]);
1740 newgenfs
= kzalloc(sizeof(*newgenfs
), GFP_KERNEL
);
1746 newgenfs
->fstype
= kmalloc(len
+ 1,GFP_KERNEL
);
1747 if (!newgenfs
->fstype
) {
1752 rc
= next_entry(newgenfs
->fstype
, fp
, len
);
1754 kfree(newgenfs
->fstype
);
1758 newgenfs
->fstype
[len
] = 0;
1759 for (genfs_p
= NULL
, genfs
= p
->genfs
; genfs
;
1760 genfs_p
= genfs
, genfs
= genfs
->next
) {
1761 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) == 0) {
1762 printk(KERN_ERR
"security: dup genfs "
1763 "fstype %s\n", newgenfs
->fstype
);
1764 kfree(newgenfs
->fstype
);
1768 if (strcmp(newgenfs
->fstype
, genfs
->fstype
) < 0)
1771 newgenfs
->next
= genfs
;
1773 genfs_p
->next
= newgenfs
;
1775 p
->genfs
= newgenfs
;
1776 rc
= next_entry(buf
, fp
, sizeof(u32
));
1779 nel2
= le32_to_cpu(buf
[0]);
1780 for (j
= 0; j
< nel2
; j
++) {
1781 rc
= next_entry(buf
, fp
, sizeof(u32
));
1784 len
= le32_to_cpu(buf
[0]);
1786 newc
= kzalloc(sizeof(*newc
), GFP_KERNEL
);
1792 newc
->u
.name
= kmalloc(len
+ 1,GFP_KERNEL
);
1793 if (!newc
->u
.name
) {
1797 rc
= next_entry(newc
->u
.name
, fp
, len
);
1800 newc
->u
.name
[len
] = 0;
1801 rc
= next_entry(buf
, fp
, sizeof(u32
));
1804 newc
->v
.sclass
= le32_to_cpu(buf
[0]);
1805 if (context_read_and_validate(&newc
->context
[0], p
, fp
))
1807 for (l
= NULL
, c
= newgenfs
->head
; c
;
1808 l
= c
, c
= c
->next
) {
1809 if (!strcmp(newc
->u
.name
, c
->u
.name
) &&
1810 (!c
->v
.sclass
|| !newc
->v
.sclass
||
1811 newc
->v
.sclass
== c
->v
.sclass
)) {
1812 printk(KERN_ERR
"security: dup genfs "
1814 newgenfs
->fstype
, c
->u
.name
);
1817 len
= strlen(newc
->u
.name
);
1818 len2
= strlen(c
->u
.name
);
1827 newgenfs
->head
= newc
;
1831 if (p
->policyvers
>= POLICYDB_VERSION_MLS
) {
1832 rc
= next_entry(buf
, fp
, sizeof(u32
));
1835 nel
= le32_to_cpu(buf
[0]);
1837 for (i
= 0; i
< nel
; i
++) {
1838 rt
= kzalloc(sizeof(*rt
), GFP_KERNEL
);
1847 rc
= next_entry(buf
, fp
, (sizeof(u32
) * 2));
1850 rt
->dom
= le32_to_cpu(buf
[0]);
1851 rt
->type
= le32_to_cpu(buf
[1]);
1852 rc
= mls_read_range_helper(&rt
->range
, fp
);
1859 p
->type_attr_map
= kmalloc(p
->p_types
.nprim
*sizeof(struct ebitmap
), GFP_KERNEL
);
1860 if (!p
->type_attr_map
)
1863 for (i
= 0; i
< p
->p_types
.nprim
; i
++) {
1864 ebitmap_init(&p
->type_attr_map
[i
]);
1865 if (p
->policyvers
>= POLICYDB_VERSION_AVTAB
) {
1866 if (ebitmap_read(&p
->type_attr_map
[i
], fp
))
1869 /* add the type itself as the degenerate case */
1870 if (ebitmap_set_bit(&p
->type_attr_map
[i
], i
, 1))
1878 ocontext_destroy(newc
,OCON_FSUSE
);
1882 policydb_destroy(p
);