]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Implementation of the policy database. | |
3 | * | |
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | |
5 | */ | |
6 | ||
7 | /* | |
8 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | |
9 | * | |
10 | * Support for enhanced MLS infrastructure. | |
11 | * | |
12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | |
13 | * | |
14 | * Added conditional policy language extensions | |
15 | * | |
3bb56b25 PM |
16 | * Updated: Hewlett-Packard <paul.moore@hp.com> |
17 | * | |
18 | * Added support for the policy capability bitmap | |
19 | * | |
20 | * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. | |
1da177e4 LT |
21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | |
23 | * This program is free software; you can redistribute it and/or modify | |
24 | * it under the terms of the GNU General Public License as published by | |
25 | * the Free Software Foundation, version 2. | |
26 | */ | |
27 | ||
28 | #include <linux/kernel.h> | |
9dc99780 | 29 | #include <linux/sched.h> |
1da177e4 LT |
30 | #include <linux/slab.h> |
31 | #include <linux/string.h> | |
32 | #include <linux/errno.h> | |
33 | #include "security.h" | |
34 | ||
35 | #include "policydb.h" | |
36 | #include "conditional.h" | |
37 | #include "mls.h" | |
38 | ||
39 | #define _DEBUG_HASHES | |
40 | ||
41 | #ifdef DEBUG_HASHES | |
42 | static char *symtab_name[SYM_NUM] = { | |
43 | "common prefixes", | |
44 | "classes", | |
45 | "roles", | |
46 | "types", | |
47 | "users", | |
48 | "bools", | |
49 | "levels", | |
50 | "categories", | |
51 | }; | |
52 | #endif | |
53 | ||
54 | int selinux_mls_enabled = 0; | |
55 | ||
56 | static unsigned int symtab_sizes[SYM_NUM] = { | |
57 | 2, | |
58 | 32, | |
59 | 16, | |
60 | 512, | |
61 | 128, | |
62 | 16, | |
63 | 16, | |
64 | 16, | |
65 | }; | |
66 | ||
67 | struct policydb_compat_info { | |
68 | int version; | |
69 | int sym_num; | |
70 | int ocon_num; | |
71 | }; | |
72 | ||
73 | /* These need to be updated if SYM_NUM or OCON_NUM changes */ | |
74 | static struct policydb_compat_info policydb_compat[] = { | |
75 | { | |
76 | .version = POLICYDB_VERSION_BASE, | |
77 | .sym_num = SYM_NUM - 3, | |
78 | .ocon_num = OCON_NUM - 1, | |
79 | }, | |
80 | { | |
81 | .version = POLICYDB_VERSION_BOOL, | |
82 | .sym_num = SYM_NUM - 2, | |
83 | .ocon_num = OCON_NUM - 1, | |
84 | }, | |
85 | { | |
86 | .version = POLICYDB_VERSION_IPV6, | |
87 | .sym_num = SYM_NUM - 2, | |
88 | .ocon_num = OCON_NUM, | |
89 | }, | |
90 | { | |
91 | .version = POLICYDB_VERSION_NLCLASS, | |
92 | .sym_num = SYM_NUM - 2, | |
93 | .ocon_num = OCON_NUM, | |
94 | }, | |
95 | { | |
96 | .version = POLICYDB_VERSION_MLS, | |
97 | .sym_num = SYM_NUM, | |
98 | .ocon_num = OCON_NUM, | |
99 | }, | |
782ebb99 SS |
100 | { |
101 | .version = POLICYDB_VERSION_AVTAB, | |
102 | .sym_num = SYM_NUM, | |
103 | .ocon_num = OCON_NUM, | |
104 | }, | |
f3f87714 DG |
105 | { |
106 | .version = POLICYDB_VERSION_RANGETRANS, | |
107 | .sym_num = SYM_NUM, | |
108 | .ocon_num = OCON_NUM, | |
109 | }, | |
3bb56b25 PM |
110 | { |
111 | .version = POLICYDB_VERSION_POLCAP, | |
112 | .sym_num = SYM_NUM, | |
113 | .ocon_num = OCON_NUM, | |
114 | } | |
1da177e4 LT |
115 | }; |
116 | ||
117 | static struct policydb_compat_info *policydb_lookup_compat(int version) | |
118 | { | |
119 | int i; | |
120 | struct policydb_compat_info *info = NULL; | |
121 | ||
32725ad8 | 122 | for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { |
1da177e4 LT |
123 | if (policydb_compat[i].version == version) { |
124 | info = &policydb_compat[i]; | |
125 | break; | |
126 | } | |
127 | } | |
128 | return info; | |
129 | } | |
130 | ||
131 | /* | |
132 | * Initialize the role table. | |
133 | */ | |
134 | static int roles_init(struct policydb *p) | |
135 | { | |
136 | char *key = NULL; | |
137 | int rc; | |
138 | struct role_datum *role; | |
139 | ||
89d155ef | 140 | role = kzalloc(sizeof(*role), GFP_KERNEL); |
1da177e4 LT |
141 | if (!role) { |
142 | rc = -ENOMEM; | |
143 | goto out; | |
144 | } | |
1da177e4 LT |
145 | role->value = ++p->p_roles.nprim; |
146 | if (role->value != OBJECT_R_VAL) { | |
147 | rc = -EINVAL; | |
148 | goto out_free_role; | |
149 | } | |
150 | key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); | |
151 | if (!key) { | |
152 | rc = -ENOMEM; | |
153 | goto out_free_role; | |
154 | } | |
155 | strcpy(key, OBJECT_R); | |
156 | rc = hashtab_insert(p->p_roles.table, key, role); | |
157 | if (rc) | |
158 | goto out_free_key; | |
159 | out: | |
160 | return rc; | |
161 | ||
162 | out_free_key: | |
163 | kfree(key); | |
164 | out_free_role: | |
165 | kfree(role); | |
166 | goto out; | |
167 | } | |
168 | ||
169 | /* | |
170 | * Initialize a policy database structure. | |
171 | */ | |
172 | static int policydb_init(struct policydb *p) | |
173 | { | |
174 | int i, rc; | |
175 | ||
176 | memset(p, 0, sizeof(*p)); | |
177 | ||
178 | for (i = 0; i < SYM_NUM; i++) { | |
179 | rc = symtab_init(&p->symtab[i], symtab_sizes[i]); | |
180 | if (rc) | |
181 | goto out_free_symtab; | |
182 | } | |
183 | ||
184 | rc = avtab_init(&p->te_avtab); | |
185 | if (rc) | |
186 | goto out_free_symtab; | |
187 | ||
188 | rc = roles_init(p); | |
189 | if (rc) | |
3232c110 | 190 | goto out_free_symtab; |
1da177e4 LT |
191 | |
192 | rc = cond_policydb_init(p); | |
193 | if (rc) | |
3232c110 | 194 | goto out_free_symtab; |
1da177e4 | 195 | |
3bb56b25 PM |
196 | ebitmap_init(&p->policycaps); |
197 | ||
1da177e4 LT |
198 | out: |
199 | return rc; | |
200 | ||
1da177e4 LT |
201 | out_free_symtab: |
202 | for (i = 0; i < SYM_NUM; i++) | |
203 | hashtab_destroy(p->symtab[i].table); | |
204 | goto out; | |
205 | } | |
206 | ||
207 | /* | |
208 | * The following *_index functions are used to | |
209 | * define the val_to_name and val_to_struct arrays | |
210 | * in a policy database structure. The val_to_name | |
211 | * arrays are used when converting security context | |
212 | * structures into string representations. The | |
213 | * val_to_struct arrays are used when the attributes | |
214 | * of a class, role, or user are needed. | |
215 | */ | |
216 | ||
217 | static int common_index(void *key, void *datum, void *datap) | |
218 | { | |
219 | struct policydb *p; | |
220 | struct common_datum *comdatum; | |
221 | ||
222 | comdatum = datum; | |
223 | p = datap; | |
224 | if (!comdatum->value || comdatum->value > p->p_commons.nprim) | |
225 | return -EINVAL; | |
226 | p->p_common_val_to_name[comdatum->value - 1] = key; | |
227 | return 0; | |
228 | } | |
229 | ||
230 | static int class_index(void *key, void *datum, void *datap) | |
231 | { | |
232 | struct policydb *p; | |
233 | struct class_datum *cladatum; | |
234 | ||
235 | cladatum = datum; | |
236 | p = datap; | |
237 | if (!cladatum->value || cladatum->value > p->p_classes.nprim) | |
238 | return -EINVAL; | |
239 | p->p_class_val_to_name[cladatum->value - 1] = key; | |
240 | p->class_val_to_struct[cladatum->value - 1] = cladatum; | |
241 | return 0; | |
242 | } | |
243 | ||
244 | static int role_index(void *key, void *datum, void *datap) | |
245 | { | |
246 | struct policydb *p; | |
247 | struct role_datum *role; | |
248 | ||
249 | role = datum; | |
250 | p = datap; | |
251 | if (!role->value || role->value > p->p_roles.nprim) | |
252 | return -EINVAL; | |
253 | p->p_role_val_to_name[role->value - 1] = key; | |
254 | p->role_val_to_struct[role->value - 1] = role; | |
255 | return 0; | |
256 | } | |
257 | ||
258 | static int type_index(void *key, void *datum, void *datap) | |
259 | { | |
260 | struct policydb *p; | |
261 | struct type_datum *typdatum; | |
262 | ||
263 | typdatum = datum; | |
264 | p = datap; | |
265 | ||
266 | if (typdatum->primary) { | |
267 | if (!typdatum->value || typdatum->value > p->p_types.nprim) | |
268 | return -EINVAL; | |
269 | p->p_type_val_to_name[typdatum->value - 1] = key; | |
270 | } | |
271 | ||
272 | return 0; | |
273 | } | |
274 | ||
275 | static int user_index(void *key, void *datum, void *datap) | |
276 | { | |
277 | struct policydb *p; | |
278 | struct user_datum *usrdatum; | |
279 | ||
280 | usrdatum = datum; | |
281 | p = datap; | |
282 | if (!usrdatum->value || usrdatum->value > p->p_users.nprim) | |
283 | return -EINVAL; | |
284 | p->p_user_val_to_name[usrdatum->value - 1] = key; | |
285 | p->user_val_to_struct[usrdatum->value - 1] = usrdatum; | |
286 | return 0; | |
287 | } | |
288 | ||
289 | static int sens_index(void *key, void *datum, void *datap) | |
290 | { | |
291 | struct policydb *p; | |
292 | struct level_datum *levdatum; | |
293 | ||
294 | levdatum = datum; | |
295 | p = datap; | |
296 | ||
297 | if (!levdatum->isalias) { | |
298 | if (!levdatum->level->sens || | |
299 | levdatum->level->sens > p->p_levels.nprim) | |
300 | return -EINVAL; | |
301 | p->p_sens_val_to_name[levdatum->level->sens - 1] = key; | |
302 | } | |
303 | ||
304 | return 0; | |
305 | } | |
306 | ||
307 | static int cat_index(void *key, void *datum, void *datap) | |
308 | { | |
309 | struct policydb *p; | |
310 | struct cat_datum *catdatum; | |
311 | ||
312 | catdatum = datum; | |
313 | p = datap; | |
314 | ||
315 | if (!catdatum->isalias) { | |
316 | if (!catdatum->value || catdatum->value > p->p_cats.nprim) | |
317 | return -EINVAL; | |
318 | p->p_cat_val_to_name[catdatum->value - 1] = key; | |
319 | } | |
320 | ||
321 | return 0; | |
322 | } | |
323 | ||
324 | static int (*index_f[SYM_NUM]) (void *key, void *datum, void *datap) = | |
325 | { | |
326 | common_index, | |
327 | class_index, | |
328 | role_index, | |
329 | type_index, | |
330 | user_index, | |
331 | cond_index_bool, | |
332 | sens_index, | |
333 | cat_index, | |
334 | }; | |
335 | ||
336 | /* | |
337 | * Define the common val_to_name array and the class | |
338 | * val_to_name and val_to_struct arrays in a policy | |
339 | * database structure. | |
340 | * | |
341 | * Caller must clean up upon failure. | |
342 | */ | |
343 | static int policydb_index_classes(struct policydb *p) | |
344 | { | |
345 | int rc; | |
346 | ||
347 | p->p_common_val_to_name = | |
348 | kmalloc(p->p_commons.nprim * sizeof(char *), GFP_KERNEL); | |
349 | if (!p->p_common_val_to_name) { | |
350 | rc = -ENOMEM; | |
351 | goto out; | |
352 | } | |
353 | ||
354 | rc = hashtab_map(p->p_commons.table, common_index, p); | |
355 | if (rc) | |
356 | goto out; | |
357 | ||
358 | p->class_val_to_struct = | |
359 | kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), GFP_KERNEL); | |
360 | if (!p->class_val_to_struct) { | |
361 | rc = -ENOMEM; | |
362 | goto out; | |
363 | } | |
364 | ||
365 | p->p_class_val_to_name = | |
366 | kmalloc(p->p_classes.nprim * sizeof(char *), GFP_KERNEL); | |
367 | if (!p->p_class_val_to_name) { | |
368 | rc = -ENOMEM; | |
369 | goto out; | |
370 | } | |
371 | ||
372 | rc = hashtab_map(p->p_classes.table, class_index, p); | |
373 | out: | |
374 | return rc; | |
375 | } | |
376 | ||
377 | #ifdef DEBUG_HASHES | |
378 | static void symtab_hash_eval(struct symtab *s) | |
379 | { | |
380 | int i; | |
381 | ||
382 | for (i = 0; i < SYM_NUM; i++) { | |
383 | struct hashtab *h = s[i].table; | |
384 | struct hashtab_info info; | |
385 | ||
386 | hashtab_stat(h, &info); | |
fadcdb45 | 387 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " |
1da177e4 LT |
388 | "longest chain length %d\n", symtab_name[i], h->nel, |
389 | info.slots_used, h->size, info.max_chain_len); | |
390 | } | |
391 | } | |
392 | #endif | |
393 | ||
394 | /* | |
395 | * Define the other val_to_name and val_to_struct arrays | |
396 | * in a policy database structure. | |
397 | * | |
398 | * Caller must clean up on failure. | |
399 | */ | |
400 | static int policydb_index_others(struct policydb *p) | |
401 | { | |
402 | int i, rc = 0; | |
403 | ||
fadcdb45 | 404 | printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", |
1da177e4 LT |
405 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); |
406 | if (selinux_mls_enabled) | |
407 | printk(", %d sens, %d cats", p->p_levels.nprim, | |
408 | p->p_cats.nprim); | |
409 | printk("\n"); | |
410 | ||
fadcdb45 | 411 | printk(KERN_DEBUG "security: %d classes, %d rules\n", |
1da177e4 LT |
412 | p->p_classes.nprim, p->te_avtab.nel); |
413 | ||
414 | #ifdef DEBUG_HASHES | |
415 | avtab_hash_eval(&p->te_avtab, "rules"); | |
416 | symtab_hash_eval(p->symtab); | |
417 | #endif | |
418 | ||
419 | p->role_val_to_struct = | |
420 | kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), | |
421 | GFP_KERNEL); | |
422 | if (!p->role_val_to_struct) { | |
423 | rc = -ENOMEM; | |
424 | goto out; | |
425 | } | |
426 | ||
427 | p->user_val_to_struct = | |
428 | kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), | |
429 | GFP_KERNEL); | |
430 | if (!p->user_val_to_struct) { | |
431 | rc = -ENOMEM; | |
432 | goto out; | |
433 | } | |
434 | ||
435 | if (cond_init_bool_indexes(p)) { | |
436 | rc = -ENOMEM; | |
437 | goto out; | |
438 | } | |
439 | ||
440 | for (i = SYM_ROLES; i < SYM_NUM; i++) { | |
441 | p->sym_val_to_name[i] = | |
442 | kmalloc(p->symtab[i].nprim * sizeof(char *), GFP_KERNEL); | |
443 | if (!p->sym_val_to_name[i]) { | |
444 | rc = -ENOMEM; | |
445 | goto out; | |
446 | } | |
447 | rc = hashtab_map(p->symtab[i].table, index_f[i], p); | |
448 | if (rc) | |
449 | goto out; | |
450 | } | |
451 | ||
452 | out: | |
453 | return rc; | |
454 | } | |
455 | ||
456 | /* | |
457 | * The following *_destroy functions are used to | |
458 | * free any memory allocated for each kind of | |
459 | * symbol data in the policy database. | |
460 | */ | |
461 | ||
462 | static int perm_destroy(void *key, void *datum, void *p) | |
463 | { | |
464 | kfree(key); | |
465 | kfree(datum); | |
466 | return 0; | |
467 | } | |
468 | ||
469 | static int common_destroy(void *key, void *datum, void *p) | |
470 | { | |
471 | struct common_datum *comdatum; | |
472 | ||
473 | kfree(key); | |
474 | comdatum = datum; | |
475 | hashtab_map(comdatum->permissions.table, perm_destroy, NULL); | |
476 | hashtab_destroy(comdatum->permissions.table); | |
477 | kfree(datum); | |
478 | return 0; | |
479 | } | |
480 | ||
6cbda6b6 | 481 | static int cls_destroy(void *key, void *datum, void *p) |
1da177e4 LT |
482 | { |
483 | struct class_datum *cladatum; | |
484 | struct constraint_node *constraint, *ctemp; | |
485 | struct constraint_expr *e, *etmp; | |
486 | ||
487 | kfree(key); | |
488 | cladatum = datum; | |
489 | hashtab_map(cladatum->permissions.table, perm_destroy, NULL); | |
490 | hashtab_destroy(cladatum->permissions.table); | |
491 | constraint = cladatum->constraints; | |
492 | while (constraint) { | |
493 | e = constraint->expr; | |
494 | while (e) { | |
495 | ebitmap_destroy(&e->names); | |
496 | etmp = e; | |
497 | e = e->next; | |
498 | kfree(etmp); | |
499 | } | |
500 | ctemp = constraint; | |
501 | constraint = constraint->next; | |
502 | kfree(ctemp); | |
503 | } | |
504 | ||
505 | constraint = cladatum->validatetrans; | |
506 | while (constraint) { | |
507 | e = constraint->expr; | |
508 | while (e) { | |
509 | ebitmap_destroy(&e->names); | |
510 | etmp = e; | |
511 | e = e->next; | |
512 | kfree(etmp); | |
513 | } | |
514 | ctemp = constraint; | |
515 | constraint = constraint->next; | |
516 | kfree(ctemp); | |
517 | } | |
518 | ||
519 | kfree(cladatum->comkey); | |
520 | kfree(datum); | |
521 | return 0; | |
522 | } | |
523 | ||
524 | static int role_destroy(void *key, void *datum, void *p) | |
525 | { | |
526 | struct role_datum *role; | |
527 | ||
528 | kfree(key); | |
529 | role = datum; | |
530 | ebitmap_destroy(&role->dominates); | |
531 | ebitmap_destroy(&role->types); | |
532 | kfree(datum); | |
533 | return 0; | |
534 | } | |
535 | ||
536 | static int type_destroy(void *key, void *datum, void *p) | |
537 | { | |
538 | kfree(key); | |
539 | kfree(datum); | |
540 | return 0; | |
541 | } | |
542 | ||
543 | static int user_destroy(void *key, void *datum, void *p) | |
544 | { | |
545 | struct user_datum *usrdatum; | |
546 | ||
547 | kfree(key); | |
548 | usrdatum = datum; | |
549 | ebitmap_destroy(&usrdatum->roles); | |
550 | ebitmap_destroy(&usrdatum->range.level[0].cat); | |
551 | ebitmap_destroy(&usrdatum->range.level[1].cat); | |
552 | ebitmap_destroy(&usrdatum->dfltlevel.cat); | |
553 | kfree(datum); | |
554 | return 0; | |
555 | } | |
556 | ||
557 | static int sens_destroy(void *key, void *datum, void *p) | |
558 | { | |
559 | struct level_datum *levdatum; | |
560 | ||
561 | kfree(key); | |
562 | levdatum = datum; | |
563 | ebitmap_destroy(&levdatum->level->cat); | |
564 | kfree(levdatum->level); | |
565 | kfree(datum); | |
566 | return 0; | |
567 | } | |
568 | ||
569 | static int cat_destroy(void *key, void *datum, void *p) | |
570 | { | |
571 | kfree(key); | |
572 | kfree(datum); | |
573 | return 0; | |
574 | } | |
575 | ||
576 | static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap) = | |
577 | { | |
578 | common_destroy, | |
6cbda6b6 | 579 | cls_destroy, |
1da177e4 LT |
580 | role_destroy, |
581 | type_destroy, | |
582 | user_destroy, | |
583 | cond_destroy_bool, | |
584 | sens_destroy, | |
585 | cat_destroy, | |
586 | }; | |
587 | ||
588 | static void ocontext_destroy(struct ocontext *c, int i) | |
589 | { | |
590 | context_destroy(&c->context[0]); | |
591 | context_destroy(&c->context[1]); | |
592 | if (i == OCON_ISID || i == OCON_FS || | |
593 | i == OCON_NETIF || i == OCON_FSUSE) | |
594 | kfree(c->u.name); | |
595 | kfree(c); | |
596 | } | |
597 | ||
598 | /* | |
599 | * Free any memory allocated by a policy database structure. | |
600 | */ | |
601 | void policydb_destroy(struct policydb *p) | |
602 | { | |
603 | struct ocontext *c, *ctmp; | |
604 | struct genfs *g, *gtmp; | |
605 | int i; | |
782ebb99 SS |
606 | struct role_allow *ra, *lra = NULL; |
607 | struct role_trans *tr, *ltr = NULL; | |
608 | struct range_trans *rt, *lrt = NULL; | |
1da177e4 LT |
609 | |
610 | for (i = 0; i < SYM_NUM; i++) { | |
9dc99780 | 611 | cond_resched(); |
1da177e4 LT |
612 | hashtab_map(p->symtab[i].table, destroy_f[i], NULL); |
613 | hashtab_destroy(p->symtab[i].table); | |
614 | } | |
615 | ||
9a5f04bf JJ |
616 | for (i = 0; i < SYM_NUM; i++) |
617 | kfree(p->sym_val_to_name[i]); | |
1da177e4 | 618 | |
9a5f04bf JJ |
619 | kfree(p->class_val_to_struct); |
620 | kfree(p->role_val_to_struct); | |
621 | kfree(p->user_val_to_struct); | |
1da177e4 LT |
622 | |
623 | avtab_destroy(&p->te_avtab); | |
624 | ||
625 | for (i = 0; i < OCON_NUM; i++) { | |
9dc99780 | 626 | cond_resched(); |
1da177e4 LT |
627 | c = p->ocontexts[i]; |
628 | while (c) { | |
629 | ctmp = c; | |
630 | c = c->next; | |
631 | ocontext_destroy(ctmp,i); | |
632 | } | |
6e8c751e | 633 | p->ocontexts[i] = NULL; |
1da177e4 LT |
634 | } |
635 | ||
636 | g = p->genfs; | |
637 | while (g) { | |
9dc99780 | 638 | cond_resched(); |
1da177e4 LT |
639 | kfree(g->fstype); |
640 | c = g->head; | |
641 | while (c) { | |
642 | ctmp = c; | |
643 | c = c->next; | |
644 | ocontext_destroy(ctmp,OCON_FSUSE); | |
645 | } | |
646 | gtmp = g; | |
647 | g = g->next; | |
648 | kfree(gtmp); | |
649 | } | |
6e8c751e | 650 | p->genfs = NULL; |
1da177e4 LT |
651 | |
652 | cond_policydb_destroy(p); | |
653 | ||
782ebb99 | 654 | for (tr = p->role_tr; tr; tr = tr->next) { |
9dc99780 | 655 | cond_resched(); |
a7f988ba | 656 | kfree(ltr); |
782ebb99 SS |
657 | ltr = tr; |
658 | } | |
a7f988ba | 659 | kfree(ltr); |
782ebb99 SS |
660 | |
661 | for (ra = p->role_allow; ra; ra = ra -> next) { | |
9dc99780 | 662 | cond_resched(); |
a7f988ba | 663 | kfree(lra); |
782ebb99 SS |
664 | lra = ra; |
665 | } | |
a7f988ba | 666 | kfree(lra); |
782ebb99 SS |
667 | |
668 | for (rt = p->range_tr; rt; rt = rt -> next) { | |
9dc99780 | 669 | cond_resched(); |
ddccef3b | 670 | if (lrt) { |
f3f87714 DG |
671 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
672 | ebitmap_destroy(&lrt->target_range.level[1].cat); | |
ddccef3b DG |
673 | kfree(lrt); |
674 | } | |
782ebb99 SS |
675 | lrt = rt; |
676 | } | |
ddccef3b | 677 | if (lrt) { |
f3f87714 DG |
678 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
679 | ebitmap_destroy(&lrt->target_range.level[1].cat); | |
ddccef3b DG |
680 | kfree(lrt); |
681 | } | |
782ebb99 | 682 | |
282c1f5e SS |
683 | if (p->type_attr_map) { |
684 | for (i = 0; i < p->p_types.nprim; i++) | |
685 | ebitmap_destroy(&p->type_attr_map[i]); | |
686 | } | |
782ebb99 | 687 | kfree(p->type_attr_map); |
3f12070e | 688 | kfree(p->undefined_perms); |
3bb56b25 | 689 | ebitmap_destroy(&p->policycaps); |
3f12070e | 690 | |
1da177e4 LT |
691 | return; |
692 | } | |
693 | ||
694 | /* | |
695 | * Load the initial SIDs specified in a policy database | |
696 | * structure into a SID table. | |
697 | */ | |
698 | int policydb_load_isids(struct policydb *p, struct sidtab *s) | |
699 | { | |
700 | struct ocontext *head, *c; | |
701 | int rc; | |
702 | ||
703 | rc = sidtab_init(s); | |
704 | if (rc) { | |
705 | printk(KERN_ERR "security: out of memory on SID table init\n"); | |
706 | goto out; | |
707 | } | |
708 | ||
709 | head = p->ocontexts[OCON_ISID]; | |
710 | for (c = head; c; c = c->next) { | |
711 | if (!c->context[0].user) { | |
712 | printk(KERN_ERR "security: SID %s was never " | |
713 | "defined.\n", c->u.name); | |
714 | rc = -EINVAL; | |
715 | goto out; | |
716 | } | |
717 | if (sidtab_insert(s, c->sid[0], &c->context[0])) { | |
718 | printk(KERN_ERR "security: unable to load initial " | |
719 | "SID %s.\n", c->u.name); | |
720 | rc = -EINVAL; | |
721 | goto out; | |
722 | } | |
723 | } | |
724 | out: | |
725 | return rc; | |
726 | } | |
727 | ||
45e5421e SS |
728 | int policydb_class_isvalid(struct policydb *p, unsigned int class) |
729 | { | |
730 | if (!class || class > p->p_classes.nprim) | |
731 | return 0; | |
732 | return 1; | |
733 | } | |
734 | ||
735 | int policydb_role_isvalid(struct policydb *p, unsigned int role) | |
736 | { | |
737 | if (!role || role > p->p_roles.nprim) | |
738 | return 0; | |
739 | return 1; | |
740 | } | |
741 | ||
742 | int policydb_type_isvalid(struct policydb *p, unsigned int type) | |
743 | { | |
744 | if (!type || type > p->p_types.nprim) | |
745 | return 0; | |
746 | return 1; | |
747 | } | |
748 | ||
1da177e4 LT |
749 | /* |
750 | * Return 1 if the fields in the security context | |
751 | * structure `c' are valid. Return 0 otherwise. | |
752 | */ | |
753 | int policydb_context_isvalid(struct policydb *p, struct context *c) | |
754 | { | |
755 | struct role_datum *role; | |
756 | struct user_datum *usrdatum; | |
757 | ||
758 | if (!c->role || c->role > p->p_roles.nprim) | |
759 | return 0; | |
760 | ||
761 | if (!c->user || c->user > p->p_users.nprim) | |
762 | return 0; | |
763 | ||
764 | if (!c->type || c->type > p->p_types.nprim) | |
765 | return 0; | |
766 | ||
767 | if (c->role != OBJECT_R_VAL) { | |
768 | /* | |
769 | * Role must be authorized for the type. | |
770 | */ | |
771 | role = p->role_val_to_struct[c->role - 1]; | |
772 | if (!ebitmap_get_bit(&role->types, | |
773 | c->type - 1)) | |
774 | /* role may not be associated with type */ | |
775 | return 0; | |
776 | ||
777 | /* | |
778 | * User must be authorized for the role. | |
779 | */ | |
780 | usrdatum = p->user_val_to_struct[c->user - 1]; | |
781 | if (!usrdatum) | |
782 | return 0; | |
783 | ||
784 | if (!ebitmap_get_bit(&usrdatum->roles, | |
785 | c->role - 1)) | |
786 | /* user may not be associated with role */ | |
787 | return 0; | |
788 | } | |
789 | ||
790 | if (!mls_context_isvalid(p, c)) | |
791 | return 0; | |
792 | ||
793 | return 1; | |
794 | } | |
795 | ||
796 | /* | |
797 | * Read a MLS range structure from a policydb binary | |
798 | * representation file. | |
799 | */ | |
800 | static int mls_read_range_helper(struct mls_range *r, void *fp) | |
801 | { | |
b5bf6c55 AD |
802 | __le32 buf[2]; |
803 | u32 items; | |
1da177e4 LT |
804 | int rc; |
805 | ||
806 | rc = next_entry(buf, fp, sizeof(u32)); | |
807 | if (rc < 0) | |
808 | goto out; | |
809 | ||
810 | items = le32_to_cpu(buf[0]); | |
811 | if (items > ARRAY_SIZE(buf)) { | |
812 | printk(KERN_ERR "security: mls: range overflow\n"); | |
813 | rc = -EINVAL; | |
814 | goto out; | |
815 | } | |
816 | rc = next_entry(buf, fp, sizeof(u32) * items); | |
817 | if (rc < 0) { | |
818 | printk(KERN_ERR "security: mls: truncated range\n"); | |
819 | goto out; | |
820 | } | |
821 | r->level[0].sens = le32_to_cpu(buf[0]); | |
822 | if (items > 1) | |
823 | r->level[1].sens = le32_to_cpu(buf[1]); | |
824 | else | |
825 | r->level[1].sens = r->level[0].sens; | |
826 | ||
827 | rc = ebitmap_read(&r->level[0].cat, fp); | |
828 | if (rc) { | |
829 | printk(KERN_ERR "security: mls: error reading low " | |
830 | "categories\n"); | |
831 | goto out; | |
832 | } | |
833 | if (items > 1) { | |
834 | rc = ebitmap_read(&r->level[1].cat, fp); | |
835 | if (rc) { | |
836 | printk(KERN_ERR "security: mls: error reading high " | |
837 | "categories\n"); | |
838 | goto bad_high; | |
839 | } | |
840 | } else { | |
841 | rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); | |
842 | if (rc) { | |
843 | printk(KERN_ERR "security: mls: out of memory\n"); | |
844 | goto bad_high; | |
845 | } | |
846 | } | |
847 | ||
848 | rc = 0; | |
849 | out: | |
850 | return rc; | |
851 | bad_high: | |
852 | ebitmap_destroy(&r->level[0].cat); | |
853 | goto out; | |
854 | } | |
855 | ||
856 | /* | |
857 | * Read and validate a security context structure | |
858 | * from a policydb binary representation file. | |
859 | */ | |
860 | static int context_read_and_validate(struct context *c, | |
861 | struct policydb *p, | |
862 | void *fp) | |
863 | { | |
b5bf6c55 | 864 | __le32 buf[3]; |
1da177e4 LT |
865 | int rc; |
866 | ||
867 | rc = next_entry(buf, fp, sizeof buf); | |
868 | if (rc < 0) { | |
869 | printk(KERN_ERR "security: context truncated\n"); | |
870 | goto out; | |
871 | } | |
872 | c->user = le32_to_cpu(buf[0]); | |
873 | c->role = le32_to_cpu(buf[1]); | |
874 | c->type = le32_to_cpu(buf[2]); | |
875 | if (p->policyvers >= POLICYDB_VERSION_MLS) { | |
876 | if (mls_read_range_helper(&c->range, fp)) { | |
877 | printk(KERN_ERR "security: error reading MLS range of " | |
878 | "context\n"); | |
879 | rc = -EINVAL; | |
880 | goto out; | |
881 | } | |
882 | } | |
883 | ||
884 | if (!policydb_context_isvalid(p, c)) { | |
885 | printk(KERN_ERR "security: invalid security context\n"); | |
886 | context_destroy(c); | |
887 | rc = -EINVAL; | |
888 | } | |
889 | out: | |
890 | return rc; | |
891 | } | |
892 | ||
893 | /* | |
894 | * The following *_read functions are used to | |
895 | * read the symbol data from a policy database | |
896 | * binary representation file. | |
897 | */ | |
898 | ||
899 | static int perm_read(struct policydb *p, struct hashtab *h, void *fp) | |
900 | { | |
901 | char *key = NULL; | |
902 | struct perm_datum *perdatum; | |
903 | int rc; | |
b5bf6c55 AD |
904 | __le32 buf[2]; |
905 | u32 len; | |
1da177e4 | 906 | |
89d155ef | 907 | perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); |
1da177e4 LT |
908 | if (!perdatum) { |
909 | rc = -ENOMEM; | |
910 | goto out; | |
911 | } | |
1da177e4 LT |
912 | |
913 | rc = next_entry(buf, fp, sizeof buf); | |
914 | if (rc < 0) | |
915 | goto bad; | |
916 | ||
917 | len = le32_to_cpu(buf[0]); | |
918 | perdatum->value = le32_to_cpu(buf[1]); | |
919 | ||
920 | key = kmalloc(len + 1,GFP_KERNEL); | |
921 | if (!key) { | |
922 | rc = -ENOMEM; | |
923 | goto bad; | |
924 | } | |
925 | rc = next_entry(key, fp, len); | |
926 | if (rc < 0) | |
927 | goto bad; | |
928 | key[len] = 0; | |
929 | ||
930 | rc = hashtab_insert(h, key, perdatum); | |
931 | if (rc) | |
932 | goto bad; | |
933 | out: | |
934 | return rc; | |
935 | bad: | |
936 | perm_destroy(key, perdatum, NULL); | |
937 | goto out; | |
938 | } | |
939 | ||
940 | static int common_read(struct policydb *p, struct hashtab *h, void *fp) | |
941 | { | |
942 | char *key = NULL; | |
943 | struct common_datum *comdatum; | |
b5bf6c55 AD |
944 | __le32 buf[4]; |
945 | u32 len, nel; | |
1da177e4 LT |
946 | int i, rc; |
947 | ||
89d155ef | 948 | comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); |
1da177e4 LT |
949 | if (!comdatum) { |
950 | rc = -ENOMEM; | |
951 | goto out; | |
952 | } | |
1da177e4 LT |
953 | |
954 | rc = next_entry(buf, fp, sizeof buf); | |
955 | if (rc < 0) | |
956 | goto bad; | |
957 | ||
958 | len = le32_to_cpu(buf[0]); | |
959 | comdatum->value = le32_to_cpu(buf[1]); | |
960 | ||
961 | rc = symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE); | |
962 | if (rc) | |
963 | goto bad; | |
964 | comdatum->permissions.nprim = le32_to_cpu(buf[2]); | |
965 | nel = le32_to_cpu(buf[3]); | |
966 | ||
967 | key = kmalloc(len + 1,GFP_KERNEL); | |
968 | if (!key) { | |
969 | rc = -ENOMEM; | |
970 | goto bad; | |
971 | } | |
972 | rc = next_entry(key, fp, len); | |
973 | if (rc < 0) | |
974 | goto bad; | |
975 | key[len] = 0; | |
976 | ||
977 | for (i = 0; i < nel; i++) { | |
978 | rc = perm_read(p, comdatum->permissions.table, fp); | |
979 | if (rc) | |
980 | goto bad; | |
981 | } | |
982 | ||
983 | rc = hashtab_insert(h, key, comdatum); | |
984 | if (rc) | |
985 | goto bad; | |
986 | out: | |
987 | return rc; | |
988 | bad: | |
989 | common_destroy(key, comdatum, NULL); | |
990 | goto out; | |
991 | } | |
992 | ||
993 | static int read_cons_helper(struct constraint_node **nodep, int ncons, | |
994 | int allowxtarget, void *fp) | |
995 | { | |
996 | struct constraint_node *c, *lc; | |
997 | struct constraint_expr *e, *le; | |
b5bf6c55 AD |
998 | __le32 buf[3]; |
999 | u32 nexpr; | |
1da177e4 LT |
1000 | int rc, i, j, depth; |
1001 | ||
1002 | lc = NULL; | |
1003 | for (i = 0; i < ncons; i++) { | |
89d155ef | 1004 | c = kzalloc(sizeof(*c), GFP_KERNEL); |
1da177e4 LT |
1005 | if (!c) |
1006 | return -ENOMEM; | |
1da177e4 LT |
1007 | |
1008 | if (lc) { | |
1009 | lc->next = c; | |
1010 | } else { | |
1011 | *nodep = c; | |
1012 | } | |
1013 | ||
1014 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | |
1015 | if (rc < 0) | |
1016 | return rc; | |
1017 | c->permissions = le32_to_cpu(buf[0]); | |
1018 | nexpr = le32_to_cpu(buf[1]); | |
1019 | le = NULL; | |
1020 | depth = -1; | |
1021 | for (j = 0; j < nexpr; j++) { | |
89d155ef | 1022 | e = kzalloc(sizeof(*e), GFP_KERNEL); |
1da177e4 LT |
1023 | if (!e) |
1024 | return -ENOMEM; | |
1da177e4 LT |
1025 | |
1026 | if (le) { | |
1027 | le->next = e; | |
1028 | } else { | |
1029 | c->expr = e; | |
1030 | } | |
1031 | ||
1032 | rc = next_entry(buf, fp, (sizeof(u32) * 3)); | |
1033 | if (rc < 0) | |
1034 | return rc; | |
1035 | e->expr_type = le32_to_cpu(buf[0]); | |
1036 | e->attr = le32_to_cpu(buf[1]); | |
1037 | e->op = le32_to_cpu(buf[2]); | |
1038 | ||
1039 | switch (e->expr_type) { | |
1040 | case CEXPR_NOT: | |
1041 | if (depth < 0) | |
1042 | return -EINVAL; | |
1043 | break; | |
1044 | case CEXPR_AND: | |
1045 | case CEXPR_OR: | |
1046 | if (depth < 1) | |
1047 | return -EINVAL; | |
1048 | depth--; | |
1049 | break; | |
1050 | case CEXPR_ATTR: | |
1051 | if (depth == (CEXPR_MAXDEPTH - 1)) | |
1052 | return -EINVAL; | |
1053 | depth++; | |
1054 | break; | |
1055 | case CEXPR_NAMES: | |
1056 | if (!allowxtarget && (e->attr & CEXPR_XTARGET)) | |
1057 | return -EINVAL; | |
1058 | if (depth == (CEXPR_MAXDEPTH - 1)) | |
1059 | return -EINVAL; | |
1060 | depth++; | |
1061 | if (ebitmap_read(&e->names, fp)) | |
1062 | return -EINVAL; | |
1063 | break; | |
1064 | default: | |
1065 | return -EINVAL; | |
1066 | } | |
1067 | le = e; | |
1068 | } | |
1069 | if (depth != 0) | |
1070 | return -EINVAL; | |
1071 | lc = c; | |
1072 | } | |
1073 | ||
1074 | return 0; | |
1075 | } | |
1076 | ||
1077 | static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |
1078 | { | |
1079 | char *key = NULL; | |
1080 | struct class_datum *cladatum; | |
b5bf6c55 AD |
1081 | __le32 buf[6]; |
1082 | u32 len, len2, ncons, nel; | |
1da177e4 LT |
1083 | int i, rc; |
1084 | ||
89d155ef | 1085 | cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); |
1da177e4 LT |
1086 | if (!cladatum) { |
1087 | rc = -ENOMEM; | |
1088 | goto out; | |
1089 | } | |
1da177e4 LT |
1090 | |
1091 | rc = next_entry(buf, fp, sizeof(u32)*6); | |
1092 | if (rc < 0) | |
1093 | goto bad; | |
1094 | ||
1095 | len = le32_to_cpu(buf[0]); | |
1096 | len2 = le32_to_cpu(buf[1]); | |
1097 | cladatum->value = le32_to_cpu(buf[2]); | |
1098 | ||
1099 | rc = symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE); | |
1100 | if (rc) | |
1101 | goto bad; | |
1102 | cladatum->permissions.nprim = le32_to_cpu(buf[3]); | |
1103 | nel = le32_to_cpu(buf[4]); | |
1104 | ||
1105 | ncons = le32_to_cpu(buf[5]); | |
1106 | ||
1107 | key = kmalloc(len + 1,GFP_KERNEL); | |
1108 | if (!key) { | |
1109 | rc = -ENOMEM; | |
1110 | goto bad; | |
1111 | } | |
1112 | rc = next_entry(key, fp, len); | |
1113 | if (rc < 0) | |
1114 | goto bad; | |
1115 | key[len] = 0; | |
1116 | ||
1117 | if (len2) { | |
1118 | cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); | |
1119 | if (!cladatum->comkey) { | |
1120 | rc = -ENOMEM; | |
1121 | goto bad; | |
1122 | } | |
1123 | rc = next_entry(cladatum->comkey, fp, len2); | |
1124 | if (rc < 0) | |
1125 | goto bad; | |
1126 | cladatum->comkey[len2] = 0; | |
1127 | ||
1128 | cladatum->comdatum = hashtab_search(p->p_commons.table, | |
1129 | cladatum->comkey); | |
1130 | if (!cladatum->comdatum) { | |
1131 | printk(KERN_ERR "security: unknown common %s\n", | |
1132 | cladatum->comkey); | |
1133 | rc = -EINVAL; | |
1134 | goto bad; | |
1135 | } | |
1136 | } | |
1137 | for (i = 0; i < nel; i++) { | |
1138 | rc = perm_read(p, cladatum->permissions.table, fp); | |
1139 | if (rc) | |
1140 | goto bad; | |
1141 | } | |
1142 | ||
1143 | rc = read_cons_helper(&cladatum->constraints, ncons, 0, fp); | |
1144 | if (rc) | |
1145 | goto bad; | |
1146 | ||
1147 | if (p->policyvers >= POLICYDB_VERSION_VALIDATETRANS) { | |
1148 | /* grab the validatetrans rules */ | |
1149 | rc = next_entry(buf, fp, sizeof(u32)); | |
1150 | if (rc < 0) | |
1151 | goto bad; | |
1152 | ncons = le32_to_cpu(buf[0]); | |
1153 | rc = read_cons_helper(&cladatum->validatetrans, ncons, 1, fp); | |
1154 | if (rc) | |
1155 | goto bad; | |
1156 | } | |
1157 | ||
1158 | rc = hashtab_insert(h, key, cladatum); | |
1159 | if (rc) | |
1160 | goto bad; | |
1161 | ||
1162 | rc = 0; | |
1163 | out: | |
1164 | return rc; | |
1165 | bad: | |
6cbda6b6 | 1166 | cls_destroy(key, cladatum, NULL); |
1da177e4 LT |
1167 | goto out; |
1168 | } | |
1169 | ||
1170 | static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |
1171 | { | |
1172 | char *key = NULL; | |
1173 | struct role_datum *role; | |
1174 | int rc; | |
b5bf6c55 AD |
1175 | __le32 buf[2]; |
1176 | u32 len; | |
1da177e4 | 1177 | |
89d155ef | 1178 | role = kzalloc(sizeof(*role), GFP_KERNEL); |
1da177e4 LT |
1179 | if (!role) { |
1180 | rc = -ENOMEM; | |
1181 | goto out; | |
1182 | } | |
1da177e4 LT |
1183 | |
1184 | rc = next_entry(buf, fp, sizeof buf); | |
1185 | if (rc < 0) | |
1186 | goto bad; | |
1187 | ||
1188 | len = le32_to_cpu(buf[0]); | |
1189 | role->value = le32_to_cpu(buf[1]); | |
1190 | ||
1191 | key = kmalloc(len + 1,GFP_KERNEL); | |
1192 | if (!key) { | |
1193 | rc = -ENOMEM; | |
1194 | goto bad; | |
1195 | } | |
1196 | rc = next_entry(key, fp, len); | |
1197 | if (rc < 0) | |
1198 | goto bad; | |
1199 | key[len] = 0; | |
1200 | ||
1201 | rc = ebitmap_read(&role->dominates, fp); | |
1202 | if (rc) | |
1203 | goto bad; | |
1204 | ||
1205 | rc = ebitmap_read(&role->types, fp); | |
1206 | if (rc) | |
1207 | goto bad; | |
1208 | ||
1209 | if (strcmp(key, OBJECT_R) == 0) { | |
1210 | if (role->value != OBJECT_R_VAL) { | |
1211 | printk(KERN_ERR "Role %s has wrong value %d\n", | |
1212 | OBJECT_R, role->value); | |
1213 | rc = -EINVAL; | |
1214 | goto bad; | |
1215 | } | |
1216 | rc = 0; | |
1217 | goto bad; | |
1218 | } | |
1219 | ||
1220 | rc = hashtab_insert(h, key, role); | |
1221 | if (rc) | |
1222 | goto bad; | |
1223 | out: | |
1224 | return rc; | |
1225 | bad: | |
1226 | role_destroy(key, role, NULL); | |
1227 | goto out; | |
1228 | } | |
1229 | ||
1230 | static int type_read(struct policydb *p, struct hashtab *h, void *fp) | |
1231 | { | |
1232 | char *key = NULL; | |
1233 | struct type_datum *typdatum; | |
1234 | int rc; | |
b5bf6c55 AD |
1235 | __le32 buf[3]; |
1236 | u32 len; | |
1da177e4 | 1237 | |
89d155ef | 1238 | typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); |
1da177e4 LT |
1239 | if (!typdatum) { |
1240 | rc = -ENOMEM; | |
1241 | return rc; | |
1242 | } | |
1da177e4 LT |
1243 | |
1244 | rc = next_entry(buf, fp, sizeof buf); | |
1245 | if (rc < 0) | |
1246 | goto bad; | |
1247 | ||
1248 | len = le32_to_cpu(buf[0]); | |
1249 | typdatum->value = le32_to_cpu(buf[1]); | |
1250 | typdatum->primary = le32_to_cpu(buf[2]); | |
1251 | ||
1252 | key = kmalloc(len + 1,GFP_KERNEL); | |
1253 | if (!key) { | |
1254 | rc = -ENOMEM; | |
1255 | goto bad; | |
1256 | } | |
1257 | rc = next_entry(key, fp, len); | |
1258 | if (rc < 0) | |
1259 | goto bad; | |
1260 | key[len] = 0; | |
1261 | ||
1262 | rc = hashtab_insert(h, key, typdatum); | |
1263 | if (rc) | |
1264 | goto bad; | |
1265 | out: | |
1266 | return rc; | |
1267 | bad: | |
1268 | type_destroy(key, typdatum, NULL); | |
1269 | goto out; | |
1270 | } | |
1271 | ||
1272 | ||
1273 | /* | |
1274 | * Read a MLS level structure from a policydb binary | |
1275 | * representation file. | |
1276 | */ | |
1277 | static int mls_read_level(struct mls_level *lp, void *fp) | |
1278 | { | |
b5bf6c55 | 1279 | __le32 buf[1]; |
1da177e4 LT |
1280 | int rc; |
1281 | ||
1282 | memset(lp, 0, sizeof(*lp)); | |
1283 | ||
1284 | rc = next_entry(buf, fp, sizeof buf); | |
1285 | if (rc < 0) { | |
1286 | printk(KERN_ERR "security: mls: truncated level\n"); | |
1287 | goto bad; | |
1288 | } | |
1289 | lp->sens = le32_to_cpu(buf[0]); | |
1290 | ||
1291 | if (ebitmap_read(&lp->cat, fp)) { | |
1292 | printk(KERN_ERR "security: mls: error reading level " | |
1293 | "categories\n"); | |
1294 | goto bad; | |
1295 | } | |
45e5421e | 1296 | |
1da177e4 LT |
1297 | return 0; |
1298 | ||
1299 | bad: | |
1300 | return -EINVAL; | |
1301 | } | |
1302 | ||
1303 | static int user_read(struct policydb *p, struct hashtab *h, void *fp) | |
1304 | { | |
1305 | char *key = NULL; | |
1306 | struct user_datum *usrdatum; | |
1307 | int rc; | |
b5bf6c55 AD |
1308 | __le32 buf[2]; |
1309 | u32 len; | |
1da177e4 | 1310 | |
89d155ef | 1311 | usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); |
1da177e4 LT |
1312 | if (!usrdatum) { |
1313 | rc = -ENOMEM; | |
1314 | goto out; | |
1315 | } | |
1da177e4 LT |
1316 | |
1317 | rc = next_entry(buf, fp, sizeof buf); | |
1318 | if (rc < 0) | |
1319 | goto bad; | |
1320 | ||
1321 | len = le32_to_cpu(buf[0]); | |
1322 | usrdatum->value = le32_to_cpu(buf[1]); | |
1323 | ||
1324 | key = kmalloc(len + 1,GFP_KERNEL); | |
1325 | if (!key) { | |
1326 | rc = -ENOMEM; | |
1327 | goto bad; | |
1328 | } | |
1329 | rc = next_entry(key, fp, len); | |
1330 | if (rc < 0) | |
1331 | goto bad; | |
1332 | key[len] = 0; | |
1333 | ||
1334 | rc = ebitmap_read(&usrdatum->roles, fp); | |
1335 | if (rc) | |
1336 | goto bad; | |
1337 | ||
1338 | if (p->policyvers >= POLICYDB_VERSION_MLS) { | |
1339 | rc = mls_read_range_helper(&usrdatum->range, fp); | |
1340 | if (rc) | |
1341 | goto bad; | |
1342 | rc = mls_read_level(&usrdatum->dfltlevel, fp); | |
1343 | if (rc) | |
1344 | goto bad; | |
1345 | } | |
1346 | ||
1347 | rc = hashtab_insert(h, key, usrdatum); | |
1348 | if (rc) | |
1349 | goto bad; | |
1350 | out: | |
1351 | return rc; | |
1352 | bad: | |
1353 | user_destroy(key, usrdatum, NULL); | |
1354 | goto out; | |
1355 | } | |
1356 | ||
1357 | static int sens_read(struct policydb *p, struct hashtab *h, void *fp) | |
1358 | { | |
1359 | char *key = NULL; | |
1360 | struct level_datum *levdatum; | |
1361 | int rc; | |
b5bf6c55 AD |
1362 | __le32 buf[2]; |
1363 | u32 len; | |
1da177e4 | 1364 | |
89d155ef | 1365 | levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC); |
1da177e4 LT |
1366 | if (!levdatum) { |
1367 | rc = -ENOMEM; | |
1368 | goto out; | |
1369 | } | |
1da177e4 LT |
1370 | |
1371 | rc = next_entry(buf, fp, sizeof buf); | |
1372 | if (rc < 0) | |
1373 | goto bad; | |
1374 | ||
1375 | len = le32_to_cpu(buf[0]); | |
1376 | levdatum->isalias = le32_to_cpu(buf[1]); | |
1377 | ||
1378 | key = kmalloc(len + 1,GFP_ATOMIC); | |
1379 | if (!key) { | |
1380 | rc = -ENOMEM; | |
1381 | goto bad; | |
1382 | } | |
1383 | rc = next_entry(key, fp, len); | |
1384 | if (rc < 0) | |
1385 | goto bad; | |
1386 | key[len] = 0; | |
1387 | ||
1388 | levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC); | |
1389 | if (!levdatum->level) { | |
1390 | rc = -ENOMEM; | |
1391 | goto bad; | |
1392 | } | |
1393 | if (mls_read_level(levdatum->level, fp)) { | |
1394 | rc = -EINVAL; | |
1395 | goto bad; | |
1396 | } | |
1397 | ||
1398 | rc = hashtab_insert(h, key, levdatum); | |
1399 | if (rc) | |
1400 | goto bad; | |
1401 | out: | |
1402 | return rc; | |
1403 | bad: | |
1404 | sens_destroy(key, levdatum, NULL); | |
1405 | goto out; | |
1406 | } | |
1407 | ||
1408 | static int cat_read(struct policydb *p, struct hashtab *h, void *fp) | |
1409 | { | |
1410 | char *key = NULL; | |
1411 | struct cat_datum *catdatum; | |
1412 | int rc; | |
b5bf6c55 AD |
1413 | __le32 buf[3]; |
1414 | u32 len; | |
1da177e4 | 1415 | |
89d155ef | 1416 | catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC); |
1da177e4 LT |
1417 | if (!catdatum) { |
1418 | rc = -ENOMEM; | |
1419 | goto out; | |
1420 | } | |
1da177e4 LT |
1421 | |
1422 | rc = next_entry(buf, fp, sizeof buf); | |
1423 | if (rc < 0) | |
1424 | goto bad; | |
1425 | ||
1426 | len = le32_to_cpu(buf[0]); | |
1427 | catdatum->value = le32_to_cpu(buf[1]); | |
1428 | catdatum->isalias = le32_to_cpu(buf[2]); | |
1429 | ||
1430 | key = kmalloc(len + 1,GFP_ATOMIC); | |
1431 | if (!key) { | |
1432 | rc = -ENOMEM; | |
1433 | goto bad; | |
1434 | } | |
1435 | rc = next_entry(key, fp, len); | |
1436 | if (rc < 0) | |
1437 | goto bad; | |
1438 | key[len] = 0; | |
1439 | ||
1440 | rc = hashtab_insert(h, key, catdatum); | |
1441 | if (rc) | |
1442 | goto bad; | |
1443 | out: | |
1444 | return rc; | |
1445 | ||
1446 | bad: | |
1447 | cat_destroy(key, catdatum, NULL); | |
1448 | goto out; | |
1449 | } | |
1450 | ||
1451 | static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) = | |
1452 | { | |
1453 | common_read, | |
1454 | class_read, | |
1455 | role_read, | |
1456 | type_read, | |
1457 | user_read, | |
1458 | cond_read_bool, | |
1459 | sens_read, | |
1460 | cat_read, | |
1461 | }; | |
1462 | ||
1463 | extern int ss_initialized; | |
1464 | ||
1465 | /* | |
1466 | * Read the configuration data from a policy database binary | |
1467 | * representation file into a policy database structure. | |
1468 | */ | |
1469 | int policydb_read(struct policydb *p, void *fp) | |
1470 | { | |
1471 | struct role_allow *ra, *lra; | |
1472 | struct role_trans *tr, *ltr; | |
1473 | struct ocontext *l, *c, *newc; | |
1474 | struct genfs *genfs_p, *genfs, *newgenfs; | |
1475 | int i, j, rc; | |
b5bf6c55 AD |
1476 | __le32 buf[8]; |
1477 | u32 len, len2, config, nprim, nel, nel2; | |
1da177e4 LT |
1478 | char *policydb_str; |
1479 | struct policydb_compat_info *info; | |
1480 | struct range_trans *rt, *lrt; | |
1481 | ||
1482 | config = 0; | |
1483 | ||
1484 | rc = policydb_init(p); | |
1485 | if (rc) | |
1486 | goto out; | |
1487 | ||
1488 | /* Read the magic number and string length. */ | |
1489 | rc = next_entry(buf, fp, sizeof(u32)* 2); | |
1490 | if (rc < 0) | |
1491 | goto bad; | |
1492 | ||
b5bf6c55 | 1493 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
1da177e4 LT |
1494 | printk(KERN_ERR "security: policydb magic number 0x%x does " |
1495 | "not match expected magic number 0x%x\n", | |
b5bf6c55 | 1496 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
1da177e4 LT |
1497 | goto bad; |
1498 | } | |
1499 | ||
b5bf6c55 | 1500 | len = le32_to_cpu(buf[1]); |
1da177e4 LT |
1501 | if (len != strlen(POLICYDB_STRING)) { |
1502 | printk(KERN_ERR "security: policydb string length %d does not " | |
1503 | "match expected length %Zu\n", | |
1504 | len, strlen(POLICYDB_STRING)); | |
1505 | goto bad; | |
1506 | } | |
1507 | policydb_str = kmalloc(len + 1,GFP_KERNEL); | |
1508 | if (!policydb_str) { | |
1509 | printk(KERN_ERR "security: unable to allocate memory for policydb " | |
1510 | "string of length %d\n", len); | |
1511 | rc = -ENOMEM; | |
1512 | goto bad; | |
1513 | } | |
1514 | rc = next_entry(policydb_str, fp, len); | |
1515 | if (rc < 0) { | |
1516 | printk(KERN_ERR "security: truncated policydb string identifier\n"); | |
1517 | kfree(policydb_str); | |
1518 | goto bad; | |
1519 | } | |
1520 | policydb_str[len] = 0; | |
1521 | if (strcmp(policydb_str, POLICYDB_STRING)) { | |
1522 | printk(KERN_ERR "security: policydb string %s does not match " | |
1523 | "my string %s\n", policydb_str, POLICYDB_STRING); | |
1524 | kfree(policydb_str); | |
1525 | goto bad; | |
1526 | } | |
1527 | /* Done with policydb_str. */ | |
1528 | kfree(policydb_str); | |
1529 | policydb_str = NULL; | |
1530 | ||
1531 | /* Read the version, config, and table sizes. */ | |
1532 | rc = next_entry(buf, fp, sizeof(u32)*4); | |
1533 | if (rc < 0) | |
1534 | goto bad; | |
1da177e4 | 1535 | |
b5bf6c55 | 1536 | p->policyvers = le32_to_cpu(buf[0]); |
1da177e4 LT |
1537 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1538 | p->policyvers > POLICYDB_VERSION_MAX) { | |
1539 | printk(KERN_ERR "security: policydb version %d does not match " | |
1540 | "my version range %d-%d\n", | |
b5bf6c55 | 1541 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1da177e4 LT |
1542 | goto bad; |
1543 | } | |
1544 | ||
b5bf6c55 | 1545 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
1da177e4 LT |
1546 | if (ss_initialized && !selinux_mls_enabled) { |
1547 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | |
1548 | "policies\n"); | |
1549 | goto bad; | |
1550 | } | |
1551 | selinux_mls_enabled = 1; | |
1552 | config |= POLICYDB_CONFIG_MLS; | |
1553 | ||
1554 | if (p->policyvers < POLICYDB_VERSION_MLS) { | |
1555 | printk(KERN_ERR "security policydb version %d (MLS) " | |
1556 | "not backwards compatible\n", p->policyvers); | |
1557 | goto bad; | |
1558 | } | |
1559 | } else { | |
1560 | if (ss_initialized && selinux_mls_enabled) { | |
1561 | printk(KERN_ERR "Cannot switch between MLS and non-MLS " | |
1562 | "policies\n"); | |
1563 | goto bad; | |
1564 | } | |
1565 | } | |
3f12070e EP |
1566 | p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); |
1567 | p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); | |
1da177e4 | 1568 | |
3bb56b25 PM |
1569 | if (p->policyvers >= POLICYDB_VERSION_POLCAP && |
1570 | ebitmap_read(&p->policycaps, fp) != 0) | |
1571 | goto bad; | |
1572 | ||
1da177e4 LT |
1573 | info = policydb_lookup_compat(p->policyvers); |
1574 | if (!info) { | |
1575 | printk(KERN_ERR "security: unable to find policy compat info " | |
1576 | "for version %d\n", p->policyvers); | |
1577 | goto bad; | |
1578 | } | |
1579 | ||
b5bf6c55 AD |
1580 | if (le32_to_cpu(buf[2]) != info->sym_num || |
1581 | le32_to_cpu(buf[3]) != info->ocon_num) { | |
1da177e4 | 1582 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " |
b5bf6c55 AD |
1583 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), |
1584 | le32_to_cpu(buf[3]), | |
1da177e4 LT |
1585 | info->sym_num, info->ocon_num); |
1586 | goto bad; | |
1587 | } | |
1588 | ||
1589 | for (i = 0; i < info->sym_num; i++) { | |
1590 | rc = next_entry(buf, fp, sizeof(u32)*2); | |
1591 | if (rc < 0) | |
1592 | goto bad; | |
1593 | nprim = le32_to_cpu(buf[0]); | |
1594 | nel = le32_to_cpu(buf[1]); | |
1595 | for (j = 0; j < nel; j++) { | |
1596 | rc = read_f[i](p, p->symtab[i].table, fp); | |
1597 | if (rc) | |
1598 | goto bad; | |
1599 | } | |
1600 | ||
1601 | p->symtab[i].nprim = nprim; | |
1602 | } | |
1603 | ||
45e5421e | 1604 | rc = avtab_read(&p->te_avtab, fp, p); |
1da177e4 LT |
1605 | if (rc) |
1606 | goto bad; | |
1607 | ||
1608 | if (p->policyvers >= POLICYDB_VERSION_BOOL) { | |
1609 | rc = cond_read_list(p, fp); | |
1610 | if (rc) | |
1611 | goto bad; | |
1612 | } | |
1613 | ||
1614 | rc = next_entry(buf, fp, sizeof(u32)); | |
1615 | if (rc < 0) | |
1616 | goto bad; | |
1617 | nel = le32_to_cpu(buf[0]); | |
1618 | ltr = NULL; | |
1619 | for (i = 0; i < nel; i++) { | |
89d155ef | 1620 | tr = kzalloc(sizeof(*tr), GFP_KERNEL); |
1da177e4 LT |
1621 | if (!tr) { |
1622 | rc = -ENOMEM; | |
1623 | goto bad; | |
1624 | } | |
1da177e4 LT |
1625 | if (ltr) { |
1626 | ltr->next = tr; | |
1627 | } else { | |
1628 | p->role_tr = tr; | |
1629 | } | |
1630 | rc = next_entry(buf, fp, sizeof(u32)*3); | |
1631 | if (rc < 0) | |
1632 | goto bad; | |
1633 | tr->role = le32_to_cpu(buf[0]); | |
1634 | tr->type = le32_to_cpu(buf[1]); | |
1635 | tr->new_role = le32_to_cpu(buf[2]); | |
45e5421e SS |
1636 | if (!policydb_role_isvalid(p, tr->role) || |
1637 | !policydb_type_isvalid(p, tr->type) || | |
1638 | !policydb_role_isvalid(p, tr->new_role)) { | |
1639 | rc = -EINVAL; | |
1640 | goto bad; | |
1641 | } | |
1da177e4 LT |
1642 | ltr = tr; |
1643 | } | |
1644 | ||
1645 | rc = next_entry(buf, fp, sizeof(u32)); | |
1646 | if (rc < 0) | |
1647 | goto bad; | |
1648 | nel = le32_to_cpu(buf[0]); | |
1649 | lra = NULL; | |
1650 | for (i = 0; i < nel; i++) { | |
89d155ef | 1651 | ra = kzalloc(sizeof(*ra), GFP_KERNEL); |
1da177e4 LT |
1652 | if (!ra) { |
1653 | rc = -ENOMEM; | |
1654 | goto bad; | |
1655 | } | |
1da177e4 LT |
1656 | if (lra) { |
1657 | lra->next = ra; | |
1658 | } else { | |
1659 | p->role_allow = ra; | |
1660 | } | |
1661 | rc = next_entry(buf, fp, sizeof(u32)*2); | |
1662 | if (rc < 0) | |
1663 | goto bad; | |
1664 | ra->role = le32_to_cpu(buf[0]); | |
1665 | ra->new_role = le32_to_cpu(buf[1]); | |
45e5421e SS |
1666 | if (!policydb_role_isvalid(p, ra->role) || |
1667 | !policydb_role_isvalid(p, ra->new_role)) { | |
1668 | rc = -EINVAL; | |
1669 | goto bad; | |
1670 | } | |
1da177e4 LT |
1671 | lra = ra; |
1672 | } | |
1673 | ||
1674 | rc = policydb_index_classes(p); | |
1675 | if (rc) | |
1676 | goto bad; | |
1677 | ||
1678 | rc = policydb_index_others(p); | |
1679 | if (rc) | |
1680 | goto bad; | |
1681 | ||
1682 | for (i = 0; i < info->ocon_num; i++) { | |
1683 | rc = next_entry(buf, fp, sizeof(u32)); | |
1684 | if (rc < 0) | |
1685 | goto bad; | |
1686 | nel = le32_to_cpu(buf[0]); | |
1687 | l = NULL; | |
1688 | for (j = 0; j < nel; j++) { | |
89d155ef | 1689 | c = kzalloc(sizeof(*c), GFP_KERNEL); |
1da177e4 LT |
1690 | if (!c) { |
1691 | rc = -ENOMEM; | |
1692 | goto bad; | |
1693 | } | |
1da177e4 LT |
1694 | if (l) { |
1695 | l->next = c; | |
1696 | } else { | |
1697 | p->ocontexts[i] = c; | |
1698 | } | |
1699 | l = c; | |
1700 | rc = -EINVAL; | |
1701 | switch (i) { | |
1702 | case OCON_ISID: | |
1703 | rc = next_entry(buf, fp, sizeof(u32)); | |
1704 | if (rc < 0) | |
1705 | goto bad; | |
1706 | c->sid[0] = le32_to_cpu(buf[0]); | |
1707 | rc = context_read_and_validate(&c->context[0], p, fp); | |
1708 | if (rc) | |
1709 | goto bad; | |
1710 | break; | |
1711 | case OCON_FS: | |
1712 | case OCON_NETIF: | |
1713 | rc = next_entry(buf, fp, sizeof(u32)); | |
1714 | if (rc < 0) | |
1715 | goto bad; | |
1716 | len = le32_to_cpu(buf[0]); | |
1717 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | |
1718 | if (!c->u.name) { | |
1719 | rc = -ENOMEM; | |
1720 | goto bad; | |
1721 | } | |
1722 | rc = next_entry(c->u.name, fp, len); | |
1723 | if (rc < 0) | |
1724 | goto bad; | |
1725 | c->u.name[len] = 0; | |
1726 | rc = context_read_and_validate(&c->context[0], p, fp); | |
1727 | if (rc) | |
1728 | goto bad; | |
1729 | rc = context_read_and_validate(&c->context[1], p, fp); | |
1730 | if (rc) | |
1731 | goto bad; | |
1732 | break; | |
1733 | case OCON_PORT: | |
1734 | rc = next_entry(buf, fp, sizeof(u32)*3); | |
1735 | if (rc < 0) | |
1736 | goto bad; | |
1737 | c->u.port.protocol = le32_to_cpu(buf[0]); | |
1738 | c->u.port.low_port = le32_to_cpu(buf[1]); | |
1739 | c->u.port.high_port = le32_to_cpu(buf[2]); | |
1740 | rc = context_read_and_validate(&c->context[0], p, fp); | |
1741 | if (rc) | |
1742 | goto bad; | |
1743 | break; | |
1744 | case OCON_NODE: | |
1745 | rc = next_entry(buf, fp, sizeof(u32)* 2); | |
1746 | if (rc < 0) | |
1747 | goto bad; | |
1748 | c->u.node.addr = le32_to_cpu(buf[0]); | |
1749 | c->u.node.mask = le32_to_cpu(buf[1]); | |
1750 | rc = context_read_and_validate(&c->context[0], p, fp); | |
1751 | if (rc) | |
1752 | goto bad; | |
1753 | break; | |
1754 | case OCON_FSUSE: | |
1755 | rc = next_entry(buf, fp, sizeof(u32)*2); | |
1756 | if (rc < 0) | |
1757 | goto bad; | |
1758 | c->v.behavior = le32_to_cpu(buf[0]); | |
1759 | if (c->v.behavior > SECURITY_FS_USE_NONE) | |
1760 | goto bad; | |
1761 | len = le32_to_cpu(buf[1]); | |
1762 | c->u.name = kmalloc(len + 1,GFP_KERNEL); | |
1763 | if (!c->u.name) { | |
1764 | rc = -ENOMEM; | |
1765 | goto bad; | |
1766 | } | |
1767 | rc = next_entry(c->u.name, fp, len); | |
1768 | if (rc < 0) | |
1769 | goto bad; | |
1770 | c->u.name[len] = 0; | |
1771 | rc = context_read_and_validate(&c->context[0], p, fp); | |
1772 | if (rc) | |
1773 | goto bad; | |
1774 | break; | |
1775 | case OCON_NODE6: { | |
1776 | int k; | |
1777 | ||
1778 | rc = next_entry(buf, fp, sizeof(u32) * 8); | |
1779 | if (rc < 0) | |
1780 | goto bad; | |
1781 | for (k = 0; k < 4; k++) | |
1782 | c->u.node6.addr[k] = le32_to_cpu(buf[k]); | |
1783 | for (k = 0; k < 4; k++) | |
1784 | c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); | |
1785 | if (context_read_and_validate(&c->context[0], p, fp)) | |
1786 | goto bad; | |
1787 | break; | |
1788 | } | |
1789 | } | |
1790 | } | |
1791 | } | |
1792 | ||
1793 | rc = next_entry(buf, fp, sizeof(u32)); | |
1794 | if (rc < 0) | |
1795 | goto bad; | |
1796 | nel = le32_to_cpu(buf[0]); | |
1797 | genfs_p = NULL; | |
1798 | rc = -EINVAL; | |
1799 | for (i = 0; i < nel; i++) { | |
1800 | rc = next_entry(buf, fp, sizeof(u32)); | |
1801 | if (rc < 0) | |
1802 | goto bad; | |
1803 | len = le32_to_cpu(buf[0]); | |
89d155ef | 1804 | newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); |
1da177e4 LT |
1805 | if (!newgenfs) { |
1806 | rc = -ENOMEM; | |
1807 | goto bad; | |
1808 | } | |
1da177e4 LT |
1809 | |
1810 | newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); | |
1811 | if (!newgenfs->fstype) { | |
1812 | rc = -ENOMEM; | |
1813 | kfree(newgenfs); | |
1814 | goto bad; | |
1815 | } | |
1816 | rc = next_entry(newgenfs->fstype, fp, len); | |
1817 | if (rc < 0) { | |
1818 | kfree(newgenfs->fstype); | |
1819 | kfree(newgenfs); | |
1820 | goto bad; | |
1821 | } | |
1822 | newgenfs->fstype[len] = 0; | |
1823 | for (genfs_p = NULL, genfs = p->genfs; genfs; | |
1824 | genfs_p = genfs, genfs = genfs->next) { | |
1825 | if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { | |
1826 | printk(KERN_ERR "security: dup genfs " | |
1827 | "fstype %s\n", newgenfs->fstype); | |
1828 | kfree(newgenfs->fstype); | |
1829 | kfree(newgenfs); | |
1830 | goto bad; | |
1831 | } | |
1832 | if (strcmp(newgenfs->fstype, genfs->fstype) < 0) | |
1833 | break; | |
1834 | } | |
1835 | newgenfs->next = genfs; | |
1836 | if (genfs_p) | |
1837 | genfs_p->next = newgenfs; | |
1838 | else | |
1839 | p->genfs = newgenfs; | |
1840 | rc = next_entry(buf, fp, sizeof(u32)); | |
1841 | if (rc < 0) | |
1842 | goto bad; | |
1843 | nel2 = le32_to_cpu(buf[0]); | |
1844 | for (j = 0; j < nel2; j++) { | |
1845 | rc = next_entry(buf, fp, sizeof(u32)); | |
1846 | if (rc < 0) | |
1847 | goto bad; | |
1848 | len = le32_to_cpu(buf[0]); | |
1849 | ||
89d155ef | 1850 | newc = kzalloc(sizeof(*newc), GFP_KERNEL); |
1da177e4 LT |
1851 | if (!newc) { |
1852 | rc = -ENOMEM; | |
1853 | goto bad; | |
1854 | } | |
1da177e4 LT |
1855 | |
1856 | newc->u.name = kmalloc(len + 1,GFP_KERNEL); | |
1857 | if (!newc->u.name) { | |
1858 | rc = -ENOMEM; | |
1859 | goto bad_newc; | |
1860 | } | |
1861 | rc = next_entry(newc->u.name, fp, len); | |
1862 | if (rc < 0) | |
1863 | goto bad_newc; | |
1864 | newc->u.name[len] = 0; | |
1865 | rc = next_entry(buf, fp, sizeof(u32)); | |
1866 | if (rc < 0) | |
1867 | goto bad_newc; | |
1868 | newc->v.sclass = le32_to_cpu(buf[0]); | |
1869 | if (context_read_and_validate(&newc->context[0], p, fp)) | |
1870 | goto bad_newc; | |
1871 | for (l = NULL, c = newgenfs->head; c; | |
1872 | l = c, c = c->next) { | |
1873 | if (!strcmp(newc->u.name, c->u.name) && | |
1874 | (!c->v.sclass || !newc->v.sclass || | |
1875 | newc->v.sclass == c->v.sclass)) { | |
1876 | printk(KERN_ERR "security: dup genfs " | |
1877 | "entry (%s,%s)\n", | |
1878 | newgenfs->fstype, c->u.name); | |
1879 | goto bad_newc; | |
1880 | } | |
1881 | len = strlen(newc->u.name); | |
1882 | len2 = strlen(c->u.name); | |
1883 | if (len > len2) | |
1884 | break; | |
1885 | } | |
1886 | ||
1887 | newc->next = c; | |
1888 | if (l) | |
1889 | l->next = newc; | |
1890 | else | |
1891 | newgenfs->head = newc; | |
1892 | } | |
1893 | } | |
1894 | ||
1895 | if (p->policyvers >= POLICYDB_VERSION_MLS) { | |
f3f87714 | 1896 | int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; |
1da177e4 LT |
1897 | rc = next_entry(buf, fp, sizeof(u32)); |
1898 | if (rc < 0) | |
1899 | goto bad; | |
1900 | nel = le32_to_cpu(buf[0]); | |
1901 | lrt = NULL; | |
1902 | for (i = 0; i < nel; i++) { | |
89d155ef | 1903 | rt = kzalloc(sizeof(*rt), GFP_KERNEL); |
1da177e4 LT |
1904 | if (!rt) { |
1905 | rc = -ENOMEM; | |
1906 | goto bad; | |
1907 | } | |
1da177e4 LT |
1908 | if (lrt) |
1909 | lrt->next = rt; | |
1910 | else | |
1911 | p->range_tr = rt; | |
1912 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | |
1913 | if (rc < 0) | |
1914 | goto bad; | |
f3f87714 DG |
1915 | rt->source_type = le32_to_cpu(buf[0]); |
1916 | rt->target_type = le32_to_cpu(buf[1]); | |
1917 | if (new_rangetr) { | |
1918 | rc = next_entry(buf, fp, sizeof(u32)); | |
1919 | if (rc < 0) | |
1920 | goto bad; | |
1921 | rt->target_class = le32_to_cpu(buf[0]); | |
1922 | } else | |
1923 | rt->target_class = SECCLASS_PROCESS; | |
45e5421e SS |
1924 | if (!policydb_type_isvalid(p, rt->source_type) || |
1925 | !policydb_type_isvalid(p, rt->target_type) || | |
1926 | !policydb_class_isvalid(p, rt->target_class)) { | |
1927 | rc = -EINVAL; | |
1928 | goto bad; | |
1929 | } | |
f3f87714 | 1930 | rc = mls_read_range_helper(&rt->target_range, fp); |
1da177e4 LT |
1931 | if (rc) |
1932 | goto bad; | |
45e5421e SS |
1933 | if (!mls_range_isvalid(p, &rt->target_range)) { |
1934 | printk(KERN_WARNING "security: rangetrans: invalid range\n"); | |
1935 | goto bad; | |
1936 | } | |
1da177e4 LT |
1937 | lrt = rt; |
1938 | } | |
1939 | } | |
1940 | ||
782ebb99 SS |
1941 | p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL); |
1942 | if (!p->type_attr_map) | |
1943 | goto bad; | |
1944 | ||
1945 | for (i = 0; i < p->p_types.nprim; i++) { | |
1946 | ebitmap_init(&p->type_attr_map[i]); | |
1947 | if (p->policyvers >= POLICYDB_VERSION_AVTAB) { | |
1948 | if (ebitmap_read(&p->type_attr_map[i], fp)) | |
1949 | goto bad; | |
1950 | } | |
1951 | /* add the type itself as the degenerate case */ | |
1952 | if (ebitmap_set_bit(&p->type_attr_map[i], i, 1)) | |
1953 | goto bad; | |
1954 | } | |
1955 | ||
1da177e4 LT |
1956 | rc = 0; |
1957 | out: | |
1958 | return rc; | |
1959 | bad_newc: | |
1960 | ocontext_destroy(newc,OCON_FSUSE); | |
1961 | bad: | |
1962 | if (!rc) | |
1963 | rc = -EINVAL; | |
1964 | policydb_destroy(p); | |
1965 | goto out; | |
1966 | } |