1
2 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 * Copyright (C) 2017 Mellanox Technologies Inc.
22 *
23 * This library is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU Lesser General Public
25 * License as published by the Free Software Foundation; either
26 * version 2.1 of the License, or (at your option) any later version.
27 *
28 * This library is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
31 * Lesser General Public License for more details.
32 *
33 * You should have received a copy of the GNU Lesser General Public
34 * License along with this library; if not, write to the Free Software
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
36 */
37
38 /* FLASK */
39
40 /*
41 * Implementation of the policy database.
42 */
43
44 #include <assert.h>
45 #include <stdlib.h>
46
47 #include <sepol/policydb/policydb.h>
48 #include <sepol/policydb/expand.h>
49 #include <sepol/policydb/conditional.h>
50 #include <sepol/policydb/avrule_block.h>
51 #include <sepol/policydb/util.h>
52
53 #include "kernel_to_common.h"
54 #include "private.h"
55 #include "debug.h"
56 #include "mls.h"
57 #include "policydb_validate.h"
58
59 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
60 const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
61
62 /* These need to be updated if SYM_NUM or OCON_NUM changes */
63 static const struct policydb_compat_info policydb_compat[] = {
64 {
65 .type = POLICY_KERN,
66 .version = POLICYDB_VERSION_BOUNDARY,
67 .sym_num = SYM_NUM,
68 .ocon_num = OCON_XEN_PCIDEVICE + 1,
69 .target_platform = SEPOL_TARGET_XEN,
70 },
71 {
72 .type = POLICY_KERN,
73 .version = POLICYDB_VERSION_XEN_DEVICETREE,
74 .sym_num = SYM_NUM,
75 .ocon_num = OCON_XEN_DEVICETREE + 1,
76 .target_platform = SEPOL_TARGET_XEN,
77 },
78 {
79 .type = POLICY_KERN,
80 .version = POLICYDB_VERSION_BASE,
81 .sym_num = SYM_NUM - 3,
82 .ocon_num = OCON_FSUSE + 1,
83 .target_platform = SEPOL_TARGET_SELINUX,
84 },
85 {
86 .type = POLICY_KERN,
87 .version = POLICYDB_VERSION_BOOL,
88 .sym_num = SYM_NUM - 2,
89 .ocon_num = OCON_FSUSE + 1,
90 .target_platform = SEPOL_TARGET_SELINUX,
91 },
92 {
93 .type = POLICY_KERN,
94 .version = POLICYDB_VERSION_IPV6,
95 .sym_num = SYM_NUM - 2,
96 .ocon_num = OCON_NODE6 + 1,
97 .target_platform = SEPOL_TARGET_SELINUX,
98 },
99 {
100 .type = POLICY_KERN,
101 .version = POLICYDB_VERSION_NLCLASS,
102 .sym_num = SYM_NUM - 2,
103 .ocon_num = OCON_NODE6 + 1,
104 .target_platform = SEPOL_TARGET_SELINUX,
105 },
106 {
107 .type = POLICY_KERN,
108 .version = POLICYDB_VERSION_MLS,
109 .sym_num = SYM_NUM,
110 .ocon_num = OCON_NODE6 + 1,
111 .target_platform = SEPOL_TARGET_SELINUX,
112 },
113 {
114 .type = POLICY_KERN,
115 .version = POLICYDB_VERSION_AVTAB,
116 .sym_num = SYM_NUM,
117 .ocon_num = OCON_NODE6 + 1,
118 .target_platform = SEPOL_TARGET_SELINUX,
119 },
120 {
121 .type = POLICY_KERN,
122 .version = POLICYDB_VERSION_RANGETRANS,
123 .sym_num = SYM_NUM,
124 .ocon_num = OCON_NODE6 + 1,
125 .target_platform = SEPOL_TARGET_SELINUX,
126 },
127 {
128 .type = POLICY_KERN,
129 .version = POLICYDB_VERSION_POLCAP,
130 .sym_num = SYM_NUM,
131 .ocon_num = OCON_NODE6 + 1,
132 .target_platform = SEPOL_TARGET_SELINUX,
133 },
134 {
135 .type = POLICY_KERN,
136 .version = POLICYDB_VERSION_PERMISSIVE,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NODE6 + 1,
139 .target_platform = SEPOL_TARGET_SELINUX,
140 },
141 {
142 .type = POLICY_KERN,
143 .version = POLICYDB_VERSION_BOUNDARY,
144 .sym_num = SYM_NUM,
145 .ocon_num = OCON_NODE6 + 1,
146 .target_platform = SEPOL_TARGET_SELINUX,
147 },
148 {
149 .type = POLICY_KERN,
150 .version = POLICYDB_VERSION_FILENAME_TRANS,
151 .sym_num = SYM_NUM,
152 .ocon_num = OCON_NODE6 + 1,
153 .target_platform = SEPOL_TARGET_SELINUX,
154 },
155 {
156 .type = POLICY_KERN,
157 .version = POLICYDB_VERSION_ROLETRANS,
158 .sym_num = SYM_NUM,
159 .ocon_num = OCON_NODE6 + 1,
160 .target_platform = SEPOL_TARGET_SELINUX,
161 },
162 {
163 .type = POLICY_KERN,
164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
165 .sym_num = SYM_NUM,
166 .ocon_num = OCON_NODE6 + 1,
167 .target_platform = SEPOL_TARGET_SELINUX,
168 },
169 {
170 .type = POLICY_KERN,
171 .version = POLICYDB_VERSION_DEFAULT_TYPE,
172 .sym_num = SYM_NUM,
173 .ocon_num = OCON_NODE6 + 1,
174 .target_platform = SEPOL_TARGET_SELINUX,
175 },
176 {
177 .type = POLICY_KERN,
178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
179 .sym_num = SYM_NUM,
180 .ocon_num = OCON_NODE6 + 1,
181 .target_platform = SEPOL_TARGET_SELINUX,
182 },
183 {
184 .type = POLICY_KERN,
185 .version = POLICYDB_VERSION_XPERMS_IOCTL,
186 .sym_num = SYM_NUM,
187 .ocon_num = OCON_NODE6 + 1,
188 .target_platform = SEPOL_TARGET_SELINUX,
189 },
190 {
191 .type = POLICY_KERN,
192 .version = POLICYDB_VERSION_INFINIBAND,
193 .sym_num = SYM_NUM,
194 .ocon_num = OCON_IBENDPORT + 1,
195 .target_platform = SEPOL_TARGET_SELINUX,
196 },
197 {
198 .type = POLICY_KERN,
199 .version = POLICYDB_VERSION_GLBLUB,
200 .sym_num = SYM_NUM,
201 .ocon_num = OCON_IBENDPORT + 1,
202 .target_platform = SEPOL_TARGET_SELINUX,
203 },
204 {
205 .type = POLICY_KERN,
206 .version = POLICYDB_VERSION_COMP_FTRANS,
207 .sym_num = SYM_NUM,
208 .ocon_num = OCON_IBENDPORT + 1,
209 .target_platform = SEPOL_TARGET_SELINUX,
210 },
211 {
212 .type = POLICY_BASE,
213 .version = MOD_POLICYDB_VERSION_BASE,
214 .sym_num = SYM_NUM,
215 .ocon_num = OCON_NODE6 + 1,
216 .target_platform = SEPOL_TARGET_SELINUX,
217 },
218 {
219 .type = POLICY_BASE,
220 .version = MOD_POLICYDB_VERSION_MLS,
221 .sym_num = SYM_NUM,
222 .ocon_num = OCON_NODE6 + 1,
223 .target_platform = SEPOL_TARGET_SELINUX,
224 },
225 {
226 .type = POLICY_BASE,
227 .version = MOD_POLICYDB_VERSION_MLS_USERS,
228 .sym_num = SYM_NUM,
229 .ocon_num = OCON_NODE6 + 1,
230 .target_platform = SEPOL_TARGET_SELINUX,
231 },
232 {
233 .type = POLICY_BASE,
234 .version = MOD_POLICYDB_VERSION_POLCAP,
235 .sym_num = SYM_NUM,
236 .ocon_num = OCON_NODE6 + 1,
237 .target_platform = SEPOL_TARGET_SELINUX,
238 },
239 {
240 .type = POLICY_BASE,
241 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
242 .sym_num = SYM_NUM,
243 .ocon_num = OCON_NODE6 + 1,
244 .target_platform = SEPOL_TARGET_SELINUX,
245 },
246 {
247 .type = POLICY_BASE,
248 .version = MOD_POLICYDB_VERSION_BOUNDARY,
249 .sym_num = SYM_NUM,
250 .ocon_num = OCON_NODE6 + 1,
251 .target_platform = SEPOL_TARGET_SELINUX,
252 },
253 {
254 .type = POLICY_BASE,
255 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
256 .sym_num = SYM_NUM,
257 .ocon_num = OCON_NODE6 + 1,
258 .target_platform = SEPOL_TARGET_SELINUX,
259 },
260 {
261 .type = POLICY_BASE,
262 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
263 .sym_num = SYM_NUM,
264 .ocon_num = OCON_NODE6 + 1,
265 .target_platform = SEPOL_TARGET_SELINUX,
266 },
267 {
268 .type = POLICY_BASE,
269 .version = MOD_POLICYDB_VERSION_ROLETRANS,
270 .sym_num = SYM_NUM,
271 .ocon_num = OCON_NODE6 + 1,
272 .target_platform = SEPOL_TARGET_SELINUX,
273 },
274 {
275 .type = POLICY_BASE,
276 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
277 .sym_num = SYM_NUM,
278 .ocon_num = OCON_NODE6 + 1,
279 .target_platform = SEPOL_TARGET_SELINUX,
280 },
281 {
282 .type = POLICY_BASE,
283 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
284 .sym_num = SYM_NUM,
285 .ocon_num = OCON_NODE6 + 1,
286 .target_platform = SEPOL_TARGET_SELINUX,
287 },
288 {
289 .type = POLICY_BASE,
290 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
291 .sym_num = SYM_NUM,
292 .ocon_num = OCON_NODE6 + 1,
293 .target_platform = SEPOL_TARGET_SELINUX,
294 },
295 {
296 .type = POLICY_BASE,
297 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
298 .sym_num = SYM_NUM,
299 .ocon_num = OCON_NODE6 + 1,
300 .target_platform = SEPOL_TARGET_SELINUX,
301 },
302 {
303 .type = POLICY_BASE,
304 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
305 .sym_num = SYM_NUM,
306 .ocon_num = OCON_NODE6 + 1,
307 .target_platform = SEPOL_TARGET_SELINUX,
308 },
309 {
310 .type = POLICY_BASE,
311 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
312 .sym_num = SYM_NUM,
313 .ocon_num = OCON_NODE6 + 1,
314 .target_platform = SEPOL_TARGET_SELINUX,
315 },
316 {
317 .type = POLICY_BASE,
318 .version = MOD_POLICYDB_VERSION_INFINIBAND,
319 .sym_num = SYM_NUM,
320 .ocon_num = OCON_IBENDPORT + 1,
321 .target_platform = SEPOL_TARGET_SELINUX,
322 },
323 {
324 .type = POLICY_BASE,
325 .version = MOD_POLICYDB_VERSION_GLBLUB,
326 .sym_num = SYM_NUM,
327 .ocon_num = OCON_IBENDPORT + 1,
328 .target_platform = SEPOL_TARGET_SELINUX,
329 },
330 {
331 .type = POLICY_BASE,
332 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
333 .sym_num = SYM_NUM,
334 .ocon_num = OCON_IBENDPORT + 1,
335 .target_platform = SEPOL_TARGET_SELINUX,
336 },
337 {
338 .type = POLICY_MOD,
339 .version = MOD_POLICYDB_VERSION_BASE,
340 .sym_num = SYM_NUM,
341 .ocon_num = 0,
342 .target_platform = SEPOL_TARGET_SELINUX,
343 },
344 {
345 .type = POLICY_MOD,
346 .version = MOD_POLICYDB_VERSION_MLS,
347 .sym_num = SYM_NUM,
348 .ocon_num = 0,
349 .target_platform = SEPOL_TARGET_SELINUX,
350 },
351 {
352 .type = POLICY_MOD,
353 .version = MOD_POLICYDB_VERSION_MLS_USERS,
354 .sym_num = SYM_NUM,
355 .ocon_num = 0,
356 .target_platform = SEPOL_TARGET_SELINUX,
357 },
358 {
359 .type = POLICY_MOD,
360 .version = MOD_POLICYDB_VERSION_POLCAP,
361 .sym_num = SYM_NUM,
362 .ocon_num = 0,
363 .target_platform = SEPOL_TARGET_SELINUX,
364 },
365 {
366 .type = POLICY_MOD,
367 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
368 .sym_num = SYM_NUM,
369 .ocon_num = 0,
370 .target_platform = SEPOL_TARGET_SELINUX,
371 },
372 {
373 .type = POLICY_MOD,
374 .version = MOD_POLICYDB_VERSION_BOUNDARY,
375 .sym_num = SYM_NUM,
376 .ocon_num = 0,
377 .target_platform = SEPOL_TARGET_SELINUX,
378 },
379 {
380 .type = POLICY_MOD,
381 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
382 .sym_num = SYM_NUM,
383 .ocon_num = 0,
384 .target_platform = SEPOL_TARGET_SELINUX,
385 },
386 {
387 .type = POLICY_MOD,
388 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
389 .sym_num = SYM_NUM,
390 .ocon_num = 0,
391 .target_platform = SEPOL_TARGET_SELINUX,
392 },
393 {
394 .type = POLICY_MOD,
395 .version = MOD_POLICYDB_VERSION_ROLETRANS,
396 .sym_num = SYM_NUM,
397 .ocon_num = 0,
398 .target_platform = SEPOL_TARGET_SELINUX,
399 },
400 {
401 .type = POLICY_MOD,
402 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
403 .sym_num = SYM_NUM,
404 .ocon_num = 0,
405 .target_platform = SEPOL_TARGET_SELINUX,
406 },
407 {
408 .type = POLICY_MOD,
409 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
410 .sym_num = SYM_NUM,
411 .ocon_num = 0,
412 .target_platform = SEPOL_TARGET_SELINUX,
413 },
414 {
415 .type = POLICY_MOD,
416 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
417 .sym_num = SYM_NUM,
418 .ocon_num = 0,
419 .target_platform = SEPOL_TARGET_SELINUX,
420 },
421 {
422 .type = POLICY_MOD,
423 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
424 .sym_num = SYM_NUM,
425 .ocon_num = 0,
426 .target_platform = SEPOL_TARGET_SELINUX,
427 },
428 {
429 .type = POLICY_MOD,
430 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
431 .sym_num = SYM_NUM,
432 .ocon_num = 0,
433 .target_platform = SEPOL_TARGET_SELINUX,
434 },
435 {
436 .type = POLICY_MOD,
437 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
438 .sym_num = SYM_NUM,
439 .ocon_num = 0,
440 .target_platform = SEPOL_TARGET_SELINUX,
441 },
442 {
443 .type = POLICY_MOD,
444 .version = MOD_POLICYDB_VERSION_INFINIBAND,
445 .sym_num = SYM_NUM,
446 .ocon_num = 0,
447 .target_platform = SEPOL_TARGET_SELINUX,
448 },
449 {
450 .type = POLICY_MOD,
451 .version = MOD_POLICYDB_VERSION_GLBLUB,
452 .sym_num = SYM_NUM,
453 .ocon_num = 0,
454 .target_platform = SEPOL_TARGET_SELINUX,
455 },
456 {
457 .type = POLICY_MOD,
458 .version = MOD_POLICYDB_VERSION_SELF_TYPETRANS,
459 .sym_num = SYM_NUM,
460 .ocon_num = 0,
461 .target_platform = SEPOL_TARGET_SELINUX,
462 },
463 };
464
465 #if 0
466 static char *symtab_name[SYM_NUM] = {
467 "common prefixes",
468 "classes",
469 "roles",
470 "types",
471 "users",
472 "bools" mls_symtab_names cond_symtab_names
473 };
474 #endif
475
476 static const unsigned int symtab_sizes[SYM_NUM] = {
477 2,
478 32,
479 16,
480 512,
481 128,
482 16,
483 16,
484 16,
485 };
486
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)487 const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
488 unsigned int type,
489 unsigned int target_platform)
490 {
491 unsigned int i;
492 const struct policydb_compat_info *info = NULL;
493
494 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
495 if (policydb_compat[i].version == version &&
496 policydb_compat[i].type == type &&
497 policydb_compat[i].target_platform == target_platform) {
498 info = &policydb_compat[i];
499 break;
500 }
501 }
502 return info;
503 }
504
type_set_init(type_set_t * x)505 void type_set_init(type_set_t * x)
506 {
507 memset(x, 0, sizeof(type_set_t));
508 ebitmap_init(&x->types);
509 ebitmap_init(&x->negset);
510 }
511
type_set_destroy(type_set_t * x)512 void type_set_destroy(type_set_t * x)
513 {
514 if (x != NULL) {
515 ebitmap_destroy(&x->types);
516 ebitmap_destroy(&x->negset);
517 }
518 }
519
role_set_init(role_set_t * x)520 void role_set_init(role_set_t * x)
521 {
522 memset(x, 0, sizeof(role_set_t));
523 ebitmap_init(&x->roles);
524 }
525
role_set_destroy(role_set_t * x)526 void role_set_destroy(role_set_t * x)
527 {
528 ebitmap_destroy(&x->roles);
529 }
530
role_datum_init(role_datum_t * x)531 void role_datum_init(role_datum_t * x)
532 {
533 memset(x, 0, sizeof(role_datum_t));
534 ebitmap_init(&x->dominates);
535 type_set_init(&x->types);
536 ebitmap_init(&x->cache);
537 ebitmap_init(&x->roles);
538 }
539
role_datum_destroy(role_datum_t * x)540 void role_datum_destroy(role_datum_t * x)
541 {
542 if (x != NULL) {
543 ebitmap_destroy(&x->dominates);
544 type_set_destroy(&x->types);
545 ebitmap_destroy(&x->cache);
546 ebitmap_destroy(&x->roles);
547 }
548 }
549
type_datum_init(type_datum_t * x)550 void type_datum_init(type_datum_t * x)
551 {
552 memset(x, 0, sizeof(*x));
553 ebitmap_init(&x->types);
554 }
555
type_datum_destroy(type_datum_t * x)556 void type_datum_destroy(type_datum_t * x)
557 {
558 if (x != NULL) {
559 ebitmap_destroy(&x->types);
560 }
561 }
562
user_datum_init(user_datum_t * x)563 void user_datum_init(user_datum_t * x)
564 {
565 memset(x, 0, sizeof(user_datum_t));
566 role_set_init(&x->roles);
567 mls_semantic_range_init(&x->range);
568 mls_semantic_level_init(&x->dfltlevel);
569 ebitmap_init(&x->cache);
570 mls_range_init(&x->exp_range);
571 mls_level_init(&x->exp_dfltlevel);
572 }
573
user_datum_destroy(user_datum_t * x)574 void user_datum_destroy(user_datum_t * x)
575 {
576 if (x != NULL) {
577 role_set_destroy(&x->roles);
578 mls_semantic_range_destroy(&x->range);
579 mls_semantic_level_destroy(&x->dfltlevel);
580 ebitmap_destroy(&x->cache);
581 mls_range_destroy(&x->exp_range);
582 mls_level_destroy(&x->exp_dfltlevel);
583 }
584 }
585
level_datum_init(level_datum_t * x)586 void level_datum_init(level_datum_t * x)
587 {
588 memset(x, 0, sizeof(level_datum_t));
589 }
590
level_datum_destroy(level_datum_t * x)591 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
592 {
593 /* the mls_level_t referenced by the level_datum is managed
594 * separately for now, so there is nothing to destroy */
595 return;
596 }
597
cat_datum_init(cat_datum_t * x)598 void cat_datum_init(cat_datum_t * x)
599 {
600 memset(x, 0, sizeof(cat_datum_t));
601 }
602
cat_datum_destroy(cat_datum_t * x)603 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
604 {
605 /* it's currently a simple struct - really nothing to destroy */
606 return;
607 }
608
class_perm_node_init(class_perm_node_t * x)609 void class_perm_node_init(class_perm_node_t * x)
610 {
611 memset(x, 0, sizeof(class_perm_node_t));
612 }
613
avrule_init(avrule_t * x)614 void avrule_init(avrule_t * x)
615 {
616 memset(x, 0, sizeof(avrule_t));
617 type_set_init(&x->stypes);
618 type_set_init(&x->ttypes);
619 }
620
avrule_destroy(avrule_t * x)621 void avrule_destroy(avrule_t * x)
622 {
623 class_perm_node_t *cur, *next;
624
625 if (x == NULL) {
626 return;
627 }
628 type_set_destroy(&x->stypes);
629 type_set_destroy(&x->ttypes);
630
631 free(x->source_filename);
632
633 next = x->perms;
634 while (next) {
635 cur = next;
636 next = cur->next;
637 free(cur);
638 }
639
640 free(x->xperms);
641 }
642
role_trans_rule_init(role_trans_rule_t * x)643 void role_trans_rule_init(role_trans_rule_t * x)
644 {
645 memset(x, 0, sizeof(*x));
646 role_set_init(&x->roles);
647 type_set_init(&x->types);
648 ebitmap_init(&x->classes);
649 }
650
role_trans_rule_destroy(role_trans_rule_t * x)651 static void role_trans_rule_destroy(role_trans_rule_t * x)
652 {
653 if (x != NULL) {
654 role_set_destroy(&x->roles);
655 type_set_destroy(&x->types);
656 ebitmap_destroy(&x->classes);
657 }
658 }
659
role_trans_rule_list_destroy(role_trans_rule_t * x)660 void role_trans_rule_list_destroy(role_trans_rule_t * x)
661 {
662 while (x != NULL) {
663 role_trans_rule_t *next = x->next;
664 role_trans_rule_destroy(x);
665 free(x);
666 x = next;
667 }
668 }
669
filename_trans_rule_init(filename_trans_rule_t * x)670 void filename_trans_rule_init(filename_trans_rule_t * x)
671 {
672 memset(x, 0, sizeof(*x));
673 type_set_init(&x->stypes);
674 type_set_init(&x->ttypes);
675 }
676
filename_trans_rule_destroy(filename_trans_rule_t * x)677 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
678 {
679 if (!x)
680 return;
681 type_set_destroy(&x->stypes);
682 type_set_destroy(&x->ttypes);
683 free(x->name);
684 }
685
filename_trans_rule_list_destroy(filename_trans_rule_t * x)686 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
687 {
688 filename_trans_rule_t *next;
689 while (x) {
690 next = x->next;
691 filename_trans_rule_destroy(x);
692 free(x);
693 x = next;
694 }
695 }
696
role_allow_rule_init(role_allow_rule_t * x)697 void role_allow_rule_init(role_allow_rule_t * x)
698 {
699 memset(x, 0, sizeof(role_allow_rule_t));
700 role_set_init(&x->roles);
701 role_set_init(&x->new_roles);
702 }
703
role_allow_rule_destroy(role_allow_rule_t * x)704 void role_allow_rule_destroy(role_allow_rule_t * x)
705 {
706 role_set_destroy(&x->roles);
707 role_set_destroy(&x->new_roles);
708 }
709
role_allow_rule_list_destroy(role_allow_rule_t * x)710 void role_allow_rule_list_destroy(role_allow_rule_t * x)
711 {
712 while (x != NULL) {
713 role_allow_rule_t *next = x->next;
714 role_allow_rule_destroy(x);
715 free(x);
716 x = next;
717 }
718 }
719
range_trans_rule_init(range_trans_rule_t * x)720 void range_trans_rule_init(range_trans_rule_t * x)
721 {
722 type_set_init(&x->stypes);
723 type_set_init(&x->ttypes);
724 ebitmap_init(&x->tclasses);
725 mls_semantic_range_init(&x->trange);
726 x->next = NULL;
727 }
728
range_trans_rule_destroy(range_trans_rule_t * x)729 void range_trans_rule_destroy(range_trans_rule_t * x)
730 {
731 type_set_destroy(&x->stypes);
732 type_set_destroy(&x->ttypes);
733 ebitmap_destroy(&x->tclasses);
734 mls_semantic_range_destroy(&x->trange);
735 }
736
range_trans_rule_list_destroy(range_trans_rule_t * x)737 void range_trans_rule_list_destroy(range_trans_rule_t * x)
738 {
739 while (x != NULL) {
740 range_trans_rule_t *next = x->next;
741 range_trans_rule_destroy(x);
742 free(x);
743 x = next;
744 }
745 }
746
avrule_list_destroy(avrule_t * x)747 void avrule_list_destroy(avrule_t * x)
748 {
749 avrule_t *next, *cur;
750
751 if (!x)
752 return;
753
754 next = x;
755 while (next) {
756 cur = next;
757 next = next->next;
758 avrule_destroy(cur);
759 free(cur);
760 }
761 }
762
763 /*
764 * Initialize the role table by implicitly adding role 'object_r'. If
765 * the policy is a module, set object_r's scope to be SCOPE_REQ,
766 * otherwise set it to SCOPE_DECL.
767 */
roles_init(policydb_t * p)768 static int roles_init(policydb_t * p)
769 {
770 char *key = 0;
771 int rc;
772 role_datum_t *role;
773
774 role = calloc(1, sizeof(role_datum_t));
775 if (!role) {
776 rc = -ENOMEM;
777 goto out;
778 }
779 key = malloc(strlen(OBJECT_R) + 1);
780 if (!key) {
781 rc = -ENOMEM;
782 goto out_free_role;
783 }
784 strcpy(key, OBJECT_R);
785 rc = symtab_insert(p, SYM_ROLES, key, role,
786 (p->policy_type ==
787 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
788 &role->s.value);
789 if (rc)
790 goto out_free_key;
791 if (role->s.value != OBJECT_R_VAL) {
792 rc = -EINVAL;
793 goto out_free_role;
794 }
795 out:
796 return rc;
797
798 out_free_key:
799 free(key);
800 out_free_role:
801 free(role);
802 goto out;
803 }
804
805 ignore_unsigned_overflow_
806 static inline unsigned long
partial_name_hash(unsigned long c,unsigned long prevhash)807 partial_name_hash(unsigned long c, unsigned long prevhash)
808 {
809 return (prevhash + (c << 4) + (c >> 4)) * 11;
810 }
811
filenametr_hash(hashtab_t h,const_hashtab_key_t k)812 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
813 {
814 const filename_trans_key_t *ft = (const filename_trans_key_t *)k;
815 unsigned long hash;
816 unsigned int byte_num;
817 unsigned char focus;
818
819 hash = ft->ttype ^ ft->tclass;
820
821 byte_num = 0;
822 while ((focus = ft->name[byte_num++]))
823 hash = partial_name_hash(focus, hash);
824 return hash & (h->size - 1);
825 }
826
filenametr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)827 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
828 const_hashtab_key_t k1, const_hashtab_key_t k2)
829 {
830 const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1;
831 const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
832 int v;
833
834 v = spaceship_cmp(ft1->ttype, ft2->ttype);
835 if (v)
836 return v;
837
838 v = spaceship_cmp(ft1->tclass, ft2->tclass);
839 if (v)
840 return v;
841
842 return strcmp(ft1->name, ft2->name);
843
844 }
845
rangetr_hash(hashtab_t h,const_hashtab_key_t k)846 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
847 {
848 const struct range_trans *key = (const struct range_trans *)k;
849 return (key->source_type + (key->target_type << 3) +
850 (key->target_class << 5)) & (h->size - 1);
851 }
852
rangetr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)853 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
854 const_hashtab_key_t k1, const_hashtab_key_t k2)
855 {
856 const struct range_trans *key1 = (const struct range_trans *)k1;
857 const struct range_trans *key2 = (const struct range_trans *)k2;
858 int v;
859
860 v = spaceship_cmp(key1->source_type, key2->source_type);
861 if (v)
862 return v;
863
864 v = spaceship_cmp(key1->target_type, key2->target_type);
865 if (v)
866 return v;
867
868 v = spaceship_cmp(key1->target_class, key2->target_class);
869
870 return v;
871 }
872
873 /*
874 * Initialize a policy database structure.
875 */
policydb_init(policydb_t * p)876 int policydb_init(policydb_t * p)
877 {
878 int i, rc;
879
880 memset(p, 0, sizeof(policydb_t));
881
882 for (i = 0; i < SYM_NUM; i++) {
883 p->sym_val_to_name[i] = NULL;
884 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
885 if (rc)
886 goto err;
887 }
888
889 /* initialize the module stuff */
890 for (i = 0; i < SYM_NUM; i++) {
891 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
892 goto err;
893 }
894 }
895 if ((p->global = avrule_block_create()) == NULL ||
896 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
897 goto err;
898 }
899 p->decl_val_to_struct = NULL;
900
901 rc = avtab_init(&p->te_avtab);
902 if (rc)
903 goto err;
904
905 rc = roles_init(p);
906 if (rc)
907 goto err;
908
909 rc = cond_policydb_init(p);
910 if (rc)
911 goto err;
912
913 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
914 if (!p->filename_trans) {
915 rc = -ENOMEM;
916 goto err;
917 }
918
919 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
920 if (!p->range_tr) {
921 rc = -ENOMEM;
922 goto err;
923 }
924
925 ebitmap_init(&p->policycaps);
926 ebitmap_init(&p->permissive_map);
927
928 return 0;
929 err:
930 hashtab_destroy(p->filename_trans);
931 hashtab_destroy(p->range_tr);
932 for (i = 0; i < SYM_NUM; i++) {
933 hashtab_destroy(p->symtab[i].table);
934 hashtab_destroy(p->scope[i].table);
935 }
936 avrule_block_list_destroy(p->global);
937 return rc;
938 }
939
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)940 int policydb_role_cache(hashtab_key_t key
941 __attribute__ ((unused)), hashtab_datum_t datum,
942 void *arg)
943 {
944 policydb_t *p;
945 role_datum_t *role;
946
947 role = (role_datum_t *) datum;
948 p = (policydb_t *) arg;
949
950 ebitmap_destroy(&role->cache);
951 if (type_set_expand(&role->types, &role->cache, p, 1)) {
952 return -1;
953 }
954
955 return 0;
956 }
957
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)958 int policydb_user_cache(hashtab_key_t key
959 __attribute__ ((unused)), hashtab_datum_t datum,
960 void *arg)
961 {
962 policydb_t *p;
963 user_datum_t *user;
964
965 user = (user_datum_t *) datum;
966 p = (policydb_t *) arg;
967
968 ebitmap_destroy(&user->cache);
969 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
970 return -1;
971 }
972
973 /* we do not expand user's MLS info in kernel policies because the
974 * semantic representation is not present and we do not expand user's
975 * MLS info in module policies because all of the necessary mls
976 * information is not present */
977 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
978 mls_range_destroy(&user->exp_range);
979 if (mls_semantic_range_expand(&user->range,
980 &user->exp_range, p, NULL)) {
981 return -1;
982 }
983
984 mls_level_destroy(&user->exp_dfltlevel);
985 if (mls_semantic_level_expand(&user->dfltlevel,
986 &user->exp_dfltlevel, p, NULL)) {
987 return -1;
988 }
989 }
990
991 return 0;
992 }
993
994 /*
995 * The following *_index functions are used to
996 * define the val_to_name and val_to_struct arrays
997 * in a policy database structure. The val_to_name
998 * arrays are used when converting security context
999 * structures into string representations. The
1000 * val_to_struct arrays are used when the attributes
1001 * of a class, role, or user are needed.
1002 */
1003
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1004 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1005 {
1006 policydb_t *p;
1007 common_datum_t *comdatum;
1008
1009 comdatum = (common_datum_t *) datum;
1010 p = (policydb_t *) datap;
1011 if (!value_isvalid(comdatum->s.value, p->p_commons.nprim))
1012 return -EINVAL;
1013 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
1014 return -EINVAL;
1015 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
1016
1017 return 0;
1018 }
1019
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1020 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1021 {
1022 policydb_t *p;
1023 class_datum_t *cladatum;
1024
1025 cladatum = (class_datum_t *) datum;
1026 p = (policydb_t *) datap;
1027 if (!value_isvalid(cladatum->s.value, p->p_classes.nprim))
1028 return -EINVAL;
1029 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
1030 return -EINVAL;
1031 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
1032 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
1033
1034 return 0;
1035 }
1036
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1037 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1038 {
1039 policydb_t *p;
1040 role_datum_t *role;
1041
1042 role = (role_datum_t *) datum;
1043 p = (policydb_t *) datap;
1044 if (!value_isvalid(role->s.value, p->p_roles.nprim))
1045 return -EINVAL;
1046 if (p->p_role_val_to_name[role->s.value - 1] != NULL)
1047 return -EINVAL;
1048 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
1049 p->role_val_to_struct[role->s.value - 1] = role;
1050
1051 return 0;
1052 }
1053
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1054 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1055 {
1056 policydb_t *p;
1057 type_datum_t *typdatum;
1058
1059 typdatum = (type_datum_t *) datum;
1060 p = (policydb_t *) datap;
1061
1062 if (typdatum->primary) {
1063 if (!value_isvalid(typdatum->s.value, p->p_types.nprim))
1064 return -EINVAL;
1065 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
1066 return -EINVAL;
1067 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
1068 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
1069 }
1070
1071 return 0;
1072 }
1073
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1074 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1075 {
1076 policydb_t *p;
1077 user_datum_t *usrdatum;
1078
1079 usrdatum = (user_datum_t *) datum;
1080 p = (policydb_t *) datap;
1081
1082 if (!value_isvalid(usrdatum->s.value, p->p_users.nprim))
1083 return -EINVAL;
1084 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
1085 return -EINVAL;
1086 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
1087 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
1088
1089 return 0;
1090 }
1091
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1092 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1093 {
1094 policydb_t *p;
1095 level_datum_t *levdatum;
1096
1097 levdatum = (level_datum_t *) datum;
1098 p = (policydb_t *) datap;
1099
1100 if (!levdatum->isalias) {
1101 if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim))
1102 return -EINVAL;
1103 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
1104 return -EINVAL;
1105 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
1106 }
1107
1108 return 0;
1109 }
1110
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1111 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1112 {
1113 policydb_t *p;
1114 cat_datum_t *catdatum;
1115
1116 catdatum = (cat_datum_t *) datum;
1117 p = (policydb_t *) datap;
1118
1119 if (!catdatum->isalias) {
1120 if (!value_isvalid(catdatum->s.value, p->p_cats.nprim))
1121 return -EINVAL;
1122 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
1123 return -EINVAL;
1124 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
1125 }
1126
1127 return 0;
1128 }
1129
1130 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1131 void *datap) = {
1132 common_index, class_index, role_index, type_index, user_index,
1133 cond_index_bool, sens_index, cat_index,};
1134
1135 /*
1136 * Define the common val_to_name array and the class
1137 * val_to_name and val_to_struct arrays in a policy
1138 * database structure.
1139 */
policydb_index_classes(policydb_t * p)1140 int policydb_index_classes(policydb_t * p)
1141 {
1142 free(p->p_common_val_to_name);
1143 p->p_common_val_to_name = (char **)
1144 calloc(p->p_commons.nprim, sizeof(char *));
1145 if (!p->p_common_val_to_name)
1146 return -1;
1147
1148 if (hashtab_map(p->p_commons.table, common_index, p))
1149 return -1;
1150
1151 free(p->class_val_to_struct);
1152 p->class_val_to_struct = (class_datum_t **)
1153 calloc(p->p_classes.nprim, sizeof(class_datum_t *));
1154 if (!p->class_val_to_struct)
1155 return -1;
1156
1157 free(p->p_class_val_to_name);
1158 p->p_class_val_to_name = (char **)
1159 calloc(p->p_classes.nprim, sizeof(char *));
1160 if (!p->p_class_val_to_name)
1161 return -1;
1162
1163 if (hashtab_map(p->p_classes.table, class_index, p))
1164 return -1;
1165
1166 return 0;
1167 }
1168
policydb_index_bools(policydb_t * p)1169 int policydb_index_bools(policydb_t * p)
1170 {
1171
1172 if (cond_init_bool_indexes(p) == -1)
1173 return -1;
1174 p->p_bool_val_to_name = (char **)
1175 calloc(p->p_bools.nprim, sizeof(char *));
1176 if (!p->p_bool_val_to_name)
1177 return -1;
1178 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
1179 return -1;
1180 return 0;
1181 }
1182
policydb_index_decls(sepol_handle_t * handle,policydb_t * p)1183 static int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
1184 {
1185 avrule_block_t *curblock;
1186 avrule_decl_t *decl;
1187 unsigned int num_decls = 0;
1188
1189 free(p->decl_val_to_struct);
1190
1191 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1192 for (decl = curblock->branch_list; decl != NULL;
1193 decl = decl->next) {
1194 num_decls++;
1195 }
1196 }
1197
1198 p->decl_val_to_struct =
1199 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1200 if (!p->decl_val_to_struct) {
1201 return -1;
1202 }
1203
1204 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1205 for (decl = curblock->branch_list; decl != NULL;
1206 decl = decl->next) {
1207 if (!value_isvalid(decl->decl_id, num_decls)) {
1208 ERR(handle, "invalid decl ID %u", decl->decl_id);
1209 return -1;
1210 }
1211 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
1212 ERR(handle, "duplicated decl ID %u", decl->decl_id);
1213 return -1;
1214 }
1215 p->decl_val_to_struct[decl->decl_id - 1] = decl;
1216 }
1217 }
1218
1219 return 0;
1220 }
1221
1222 /*
1223 * Define the other val_to_name and val_to_struct arrays
1224 * in a policy database structure.
1225 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1226 int policydb_index_others(sepol_handle_t * handle,
1227 policydb_t * p, unsigned verbose)
1228 {
1229 int i;
1230
1231 if (verbose) {
1232 INFO(handle,
1233 "security: %d users, %d roles, %d types, %d bools",
1234 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1235 p->p_bools.nprim);
1236
1237 if (p->mls)
1238 INFO(handle, "security: %d sens, %d cats",
1239 p->p_levels.nprim, p->p_cats.nprim);
1240
1241 INFO(handle, "security: %d classes, %d rules, %d cond rules",
1242 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1243 }
1244 #if 0
1245 avtab_hash_eval(&p->te_avtab, "rules");
1246 for (i = 0; i < SYM_NUM; i++)
1247 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1248 #endif
1249
1250 free(p->role_val_to_struct);
1251 p->role_val_to_struct = (role_datum_t **)
1252 calloc(p->p_roles.nprim, sizeof(role_datum_t *));
1253 if (!p->role_val_to_struct)
1254 return -1;
1255
1256 free(p->user_val_to_struct);
1257 p->user_val_to_struct = (user_datum_t **)
1258 calloc(p->p_users.nprim, sizeof(user_datum_t *));
1259 if (!p->user_val_to_struct)
1260 return -1;
1261
1262 free(p->type_val_to_struct);
1263 p->type_val_to_struct = (type_datum_t **)
1264 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1265 if (!p->type_val_to_struct)
1266 return -1;
1267
1268 if (cond_init_bool_indexes(p))
1269 return -1;
1270
1271 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1272 free(p->sym_val_to_name[i]);
1273 p->sym_val_to_name[i] = NULL;
1274 if (p->symtab[i].nprim) {
1275 p->sym_val_to_name[i] = (char **)
1276 calloc(p->symtab[i].nprim, sizeof(char *));
1277 if (!p->sym_val_to_name[i])
1278 return -1;
1279 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1280 return -1;
1281 }
1282 }
1283
1284 /* This pre-expands the roles and users for context validity checking */
1285 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1286 return -1;
1287
1288 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1289 return -1;
1290
1291 return 0;
1292 }
1293
1294 /*
1295 * The following *_destroy functions are used to
1296 * free any memory allocated for each kind of
1297 * symbol data in the policy database.
1298 */
1299
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1300 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1301 __attribute__ ((unused)))
1302 {
1303 if (key)
1304 free(key);
1305 free(datum);
1306 return 0;
1307 }
1308
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1309 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1310 __attribute__ ((unused)))
1311 {
1312 common_datum_t *comdatum;
1313
1314 if (key)
1315 free(key);
1316 comdatum = (common_datum_t *) datum;
1317 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1318 hashtab_destroy(comdatum->permissions.table);
1319 free(datum);
1320 return 0;
1321 }
1322
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1323 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1324 __attribute__ ((unused)))
1325 {
1326 class_datum_t *cladatum;
1327 constraint_node_t *constraint, *ctemp;
1328
1329 if (key)
1330 free(key);
1331 cladatum = (class_datum_t *) datum;
1332 if (cladatum == NULL) {
1333 return 0;
1334 }
1335 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1336 hashtab_destroy(cladatum->permissions.table);
1337 constraint = cladatum->constraints;
1338 while (constraint) {
1339 constraint_expr_destroy(constraint->expr);
1340 ctemp = constraint;
1341 constraint = constraint->next;
1342 free(ctemp);
1343 }
1344
1345 constraint = cladatum->validatetrans;
1346 while (constraint) {
1347 constraint_expr_destroy(constraint->expr);
1348 ctemp = constraint;
1349 constraint = constraint->next;
1350 free(ctemp);
1351 }
1352
1353 if (cladatum->comkey)
1354 free(cladatum->comkey);
1355 free(datum);
1356 return 0;
1357 }
1358
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1359 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1360 __attribute__ ((unused)))
1361 {
1362 free(key);
1363 role_datum_destroy((role_datum_t *) datum);
1364 free(datum);
1365 return 0;
1366 }
1367
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1368 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1369 __attribute__ ((unused)))
1370 {
1371 free(key);
1372 type_datum_destroy((type_datum_t *) datum);
1373 free(datum);
1374 return 0;
1375 }
1376
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1377 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1378 __attribute__ ((unused)))
1379 {
1380 free(key);
1381 user_datum_destroy((user_datum_t *) datum);
1382 free(datum);
1383 return 0;
1384 }
1385
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1386 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1387 __attribute__ ((unused)))
1388 {
1389 level_datum_t *levdatum;
1390
1391 if (key)
1392 free(key);
1393 levdatum = (level_datum_t *) datum;
1394 mls_level_destroy(levdatum->level);
1395 free(levdatum->level);
1396 level_datum_destroy(levdatum);
1397 free(levdatum);
1398 return 0;
1399 }
1400
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1401 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1402 __attribute__ ((unused)))
1403 {
1404 if (key)
1405 free(key);
1406 cat_datum_destroy((cat_datum_t *) datum);
1407 free(datum);
1408 return 0;
1409 }
1410
1411 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1412 void *datap) = {
1413 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1414 cond_destroy_bool, sens_destroy, cat_destroy,};
1415
filenametr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1416 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1417 void *p __attribute__ ((unused)))
1418 {
1419 filename_trans_key_t *ft = (filename_trans_key_t *)key;
1420 filename_trans_datum_t *fd = datum, *next;
1421
1422 free(ft->name);
1423 free(key);
1424 do {
1425 next = fd->next;
1426 ebitmap_destroy(&fd->stypes);
1427 free(fd);
1428 fd = next;
1429 } while (fd);
1430 return 0;
1431 }
1432
range_tr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1433 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1434 void *p __attribute__ ((unused)))
1435 {
1436 struct mls_range *rt = (struct mls_range *)datum;
1437 free(key);
1438 ebitmap_destroy(&rt->level[0].cat);
1439 ebitmap_destroy(&rt->level[1].cat);
1440 free(datum);
1441 return 0;
1442 }
1443
ocontext_selinux_free(ocontext_t ** ocontexts)1444 static void ocontext_selinux_free(ocontext_t **ocontexts)
1445 {
1446 ocontext_t *c, *ctmp;
1447 int i;
1448
1449 for (i = 0; i < OCON_NUM; i++) {
1450 c = ocontexts[i];
1451 while (c) {
1452 ctmp = c;
1453 c = c->next;
1454 context_destroy(&ctmp->context[0]);
1455 context_destroy(&ctmp->context[1]);
1456 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1457 || i == OCON_FSUSE)
1458 free(ctmp->u.name);
1459 else if (i == OCON_IBENDPORT)
1460 free(ctmp->u.ibendport.dev_name);
1461 free(ctmp);
1462 }
1463 }
1464 }
1465
ocontext_xen_free(ocontext_t ** ocontexts)1466 static void ocontext_xen_free(ocontext_t **ocontexts)
1467 {
1468 ocontext_t *c, *ctmp;
1469 int i;
1470
1471 for (i = 0; i < OCON_NUM; i++) {
1472 c = ocontexts[i];
1473 while (c) {
1474 ctmp = c;
1475 c = c->next;
1476 context_destroy(&ctmp->context[0]);
1477 context_destroy(&ctmp->context[1]);
1478 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
1479 free(ctmp->u.name);
1480 free(ctmp);
1481 }
1482 }
1483 }
1484
1485 /*
1486 * Free any memory allocated by a policy database structure.
1487 */
policydb_destroy(policydb_t * p)1488 void policydb_destroy(policydb_t * p)
1489 {
1490 ocontext_t *c, *ctmp;
1491 genfs_t *g, *gtmp;
1492 unsigned int i;
1493 role_allow_t *ra, *lra = NULL;
1494 role_trans_t *tr, *ltr = NULL;
1495
1496 if (!p)
1497 return;
1498
1499 ebitmap_destroy(&p->policycaps);
1500
1501 ebitmap_destroy(&p->permissive_map);
1502
1503 symtabs_destroy(p->symtab);
1504
1505 for (i = 0; i < SYM_NUM; i++) {
1506 if (p->sym_val_to_name[i])
1507 free(p->sym_val_to_name[i]);
1508 }
1509
1510 if (p->class_val_to_struct)
1511 free(p->class_val_to_struct);
1512 if (p->role_val_to_struct)
1513 free(p->role_val_to_struct);
1514 if (p->user_val_to_struct)
1515 free(p->user_val_to_struct);
1516 if (p->type_val_to_struct)
1517 free(p->type_val_to_struct);
1518 free(p->decl_val_to_struct);
1519
1520 for (i = 0; i < SYM_NUM; i++) {
1521 (void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1522 hashtab_destroy(p->scope[i].table);
1523 }
1524 avrule_block_list_destroy(p->global);
1525 free(p->name);
1526 free(p->version);
1527
1528 avtab_destroy(&p->te_avtab);
1529
1530 if (p->target_platform == SEPOL_TARGET_SELINUX)
1531 ocontext_selinux_free(p->ocontexts);
1532 else if (p->target_platform == SEPOL_TARGET_XEN)
1533 ocontext_xen_free(p->ocontexts);
1534
1535 g = p->genfs;
1536 while (g) {
1537 free(g->fstype);
1538 c = g->head;
1539 while (c) {
1540 ctmp = c;
1541 c = c->next;
1542 context_destroy(&ctmp->context[0]);
1543 free(ctmp->u.name);
1544 free(ctmp);
1545 }
1546 gtmp = g;
1547 g = g->next;
1548 free(gtmp);
1549 }
1550 cond_policydb_destroy(p);
1551
1552 for (tr = p->role_tr; tr; tr = tr->next) {
1553 if (ltr)
1554 free(ltr);
1555 ltr = tr;
1556 }
1557 if (ltr)
1558 free(ltr);
1559
1560 for (ra = p->role_allow; ra; ra = ra->next) {
1561 if (lra)
1562 free(lra);
1563 lra = ra;
1564 }
1565 if (lra)
1566 free(lra);
1567
1568 hashtab_map(p->filename_trans, filenametr_destroy, NULL);
1569 hashtab_destroy(p->filename_trans);
1570
1571 hashtab_map(p->range_tr, range_tr_destroy, NULL);
1572 hashtab_destroy(p->range_tr);
1573
1574 if (p->type_attr_map) {
1575 for (i = 0; i < p->p_types.nprim; i++) {
1576 ebitmap_destroy(&p->type_attr_map[i]);
1577 }
1578 free(p->type_attr_map);
1579 }
1580
1581 if (p->attr_type_map) {
1582 for (i = 0; i < p->p_types.nprim; i++) {
1583 ebitmap_destroy(&p->attr_type_map[i]);
1584 }
1585 free(p->attr_type_map);
1586 }
1587
1588 return;
1589 }
1590
symtabs_destroy(symtab_t * symtab)1591 void symtabs_destroy(symtab_t * symtab)
1592 {
1593 int i;
1594 for (i = 0; i < SYM_NUM; i++) {
1595 (void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1596 hashtab_destroy(symtab[i].table);
1597 }
1598 }
1599
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1600 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1601 __attribute__ ((unused)))
1602 {
1603 scope_datum_t *cur = (scope_datum_t *) datum;
1604 free(key);
1605 if (cur != NULL) {
1606 free(cur->decl_ids);
1607 }
1608 free(cur);
1609 return 0;
1610 }
1611
1612 /*
1613 * Load the initial SIDs specified in a policy database
1614 * structure into a SID table.
1615 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1616 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1617 {
1618 ocontext_t *head, *c;
1619
1620 if (sepol_sidtab_init(s)) {
1621 ERR(NULL, "out of memory on SID table init");
1622 return -1;
1623 }
1624
1625 head = p->ocontexts[OCON_ISID];
1626 for (c = head; c; c = c->next) {
1627 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1628 ERR(NULL, "unable to load initial SID %s", c->u.name);
1629 return -1;
1630 }
1631 }
1632
1633 return 0;
1634 }
1635
1636 /* Declare a symbol for a certain avrule_block context. Insert it
1637 * into a symbol table for a policy. This function will handle
1638 * inserting the appropriate scope information in addition to
1639 * inserting the symbol into the hash table.
1640 *
1641 * arguments:
1642 * policydb_t *pol module policy to modify
1643 * uint32_t sym the symbole table for insertion (SYM_*)
1644 * hashtab_key_t key the key for the symbol - not cloned
1645 * hashtab_datum_t data the data for the symbol - not cloned
1646 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1647 * avrule_decl_id identifier for this symbol's encapsulating declaration
1648 * value (out) assigned value to the symbol (if value is not NULL)
1649 *
1650 * returns:
1651 * 0 success
1652 * 1 success, but symbol already existed as a requirement
1653 * (datum was not inserted and needs to be free()d)
1654 * -1 general error
1655 * -2 scope conflicted
1656 * -ENOMEM memory error
1657 * error codes from hashtab_insert
1658 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1659 int symtab_insert(policydb_t * pol, uint32_t sym,
1660 hashtab_key_t key, hashtab_datum_t datum,
1661 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1662 {
1663 int rc, retval = 0;
1664 unsigned int i;
1665 scope_datum_t *scope_datum;
1666
1667 /* check if the symbol is already there. multiple
1668 * declarations of non-roles/non-users are illegal, but
1669 * multiple requires are allowed. */
1670
1671 /* FIX ME - the failures after the hashtab_insert will leave
1672 * the policy in a inconsistent state. */
1673 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1674 if (rc == SEPOL_OK) {
1675 /* if no value is passed in the symbol is not primary
1676 * (i.e. aliases) */
1677 if (value)
1678 *value = ++pol->symtab[sym].nprim;
1679 } else if (rc == SEPOL_EEXIST) {
1680 retval = 1; /* symbol not added -- need to free() later */
1681 } else {
1682 return rc;
1683 }
1684
1685 /* get existing scope information; if there is not one then
1686 * create it */
1687 scope_datum =
1688 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1689 if (scope_datum == NULL) {
1690 hashtab_key_t key2 = strdup((char *)key);
1691 if (!key2)
1692 return -ENOMEM;
1693 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1694 free(key2);
1695 return -ENOMEM;
1696 }
1697 scope_datum->scope = scope;
1698 scope_datum->decl_ids = NULL;
1699 scope_datum->decl_ids_len = 0;
1700 if ((rc =
1701 hashtab_insert(pol->scope[sym].table, key2,
1702 scope_datum)) != 0) {
1703 free(key2);
1704 free(scope_datum);
1705 return rc;
1706 }
1707 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1708 /* disallow multiple declarations for non-roles/users */
1709 if (sym != SYM_ROLES && sym != SYM_USERS) {
1710 return -2;
1711 }
1712 /* Further confine that a role attribute can't have the same
1713 * name as another regular role, and a role attribute can't
1714 * be declared more than once. */
1715 if (sym == SYM_ROLES) {
1716 role_datum_t *base_role;
1717 role_datum_t *cur_role = (role_datum_t *)datum;
1718
1719 base_role = (role_datum_t *)
1720 hashtab_search(pol->symtab[sym].table,
1721 key);
1722 assert(base_role != NULL);
1723
1724 if (!((base_role->flavor == ROLE_ROLE) &&
1725 (cur_role->flavor == ROLE_ROLE))) {
1726 /* Only regular roles are allowed to have
1727 * multiple declarations. */
1728 return -2;
1729 }
1730 }
1731 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1732 scope_datum->scope = SCOPE_DECL;
1733 }
1734
1735 /* search through the pre-existing list to avoid adding duplicates */
1736 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1737 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1738 /* already there, so don't modify its scope */
1739 return retval;
1740 }
1741 }
1742
1743 if (add_i_to_a(avrule_decl_id,
1744 &scope_datum->decl_ids_len,
1745 &scope_datum->decl_ids) == -1) {
1746 return -ENOMEM;
1747 }
1748
1749 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
1750 /* Need to keep the decl at the end of the list */
1751 uint32_t len, tmp;
1752 len = scope_datum->decl_ids_len;
1753 if (len < 2) {
1754 /* This should be impossible here */
1755 return -1;
1756 }
1757 tmp = scope_datum->decl_ids[len-2];
1758 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
1759 scope_datum->decl_ids[len-1] = tmp;
1760 }
1761
1762 return retval;
1763 }
1764
type_set_or(type_set_t * dst,const type_set_t * a,const type_set_t * b)1765 static int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b)
1766 {
1767 type_set_init(dst);
1768
1769 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1770 return -1;
1771 }
1772 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1773 return -1;
1774 }
1775
1776 dst->flags |= a->flags;
1777 dst->flags |= b->flags;
1778
1779 return 0;
1780 }
1781
type_set_cpy(type_set_t * dst,const type_set_t * src)1782 int type_set_cpy(type_set_t * dst, const type_set_t * src)
1783 {
1784 type_set_init(dst);
1785
1786 dst->flags = src->flags;
1787 if (ebitmap_cpy(&dst->types, &src->types))
1788 return -1;
1789 if (ebitmap_cpy(&dst->negset, &src->negset))
1790 return -1;
1791
1792 return 0;
1793 }
1794
type_set_or_eq(type_set_t * dst,const type_set_t * other)1795 int type_set_or_eq(type_set_t * dst, const type_set_t * other)
1796 {
1797 int ret;
1798 type_set_t tmp;
1799
1800 if (type_set_or(&tmp, dst, other))
1801 return -1;
1802 type_set_destroy(dst);
1803 ret = type_set_cpy(dst, &tmp);
1804 type_set_destroy(&tmp);
1805
1806 return ret;
1807 }
1808
1809 /***********************************************************************/
1810 /* everything below is for policy reads */
1811
1812 /* The following are read functions for module structures */
1813
role_set_read(role_set_t * r,struct policy_file * fp)1814 static int role_set_read(role_set_t * r, struct policy_file *fp)
1815 {
1816 uint32_t buf[1];
1817 int rc;
1818
1819 if (ebitmap_read(&r->roles, fp))
1820 return -1;
1821 rc = next_entry(buf, fp, sizeof(uint32_t));
1822 if (rc < 0)
1823 return -1;
1824 r->flags = le32_to_cpu(buf[0]);
1825
1826 return 0;
1827 }
1828
type_set_read(type_set_t * t,struct policy_file * fp)1829 static int type_set_read(type_set_t * t, struct policy_file *fp)
1830 {
1831 uint32_t buf[1];
1832 int rc;
1833
1834 if (ebitmap_read(&t->types, fp))
1835 return -1;
1836 if (ebitmap_read(&t->negset, fp))
1837 return -1;
1838
1839 rc = next_entry(buf, fp, sizeof(uint32_t));
1840 if (rc < 0)
1841 return -1;
1842 t->flags = le32_to_cpu(buf[0]);
1843
1844 return 0;
1845 }
1846
1847 /*
1848 * Read a MLS range structure from a policydb binary
1849 * representation file.
1850 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1851 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1852 {
1853 uint32_t buf[2], items;
1854 int rc;
1855
1856 rc = next_entry(buf, fp, sizeof(uint32_t));
1857 if (rc < 0)
1858 goto out;
1859
1860 items = le32_to_cpu(buf[0]);
1861 if (items > ARRAY_SIZE(buf)) {
1862 ERR(fp->handle, "range overflow");
1863 rc = -EINVAL;
1864 goto out;
1865 }
1866 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1867 if (rc < 0) {
1868 ERR(fp->handle, "truncated range");
1869 goto out;
1870 }
1871 r->level[0].sens = le32_to_cpu(buf[0]);
1872 if (items > 1)
1873 r->level[1].sens = le32_to_cpu(buf[1]);
1874 else
1875 r->level[1].sens = r->level[0].sens;
1876
1877 rc = ebitmap_read(&r->level[0].cat, fp);
1878 if (rc) {
1879 ERR(fp->handle, "error reading low categories");
1880 goto out;
1881 }
1882 if (items > 1) {
1883 rc = ebitmap_read(&r->level[1].cat, fp);
1884 if (rc) {
1885 ERR(fp->handle, "error reading high categories");
1886 goto bad_high;
1887 }
1888 } else {
1889 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1890 if (rc) {
1891 ERR(fp->handle, "out of memory");
1892 goto bad_high;
1893 }
1894 }
1895
1896 rc = 0;
1897 out:
1898 return rc;
1899 bad_high:
1900 ebitmap_destroy(&r->level[0].cat);
1901 goto out;
1902 }
1903
1904 /*
1905 * Read a semantic MLS level structure from a policydb binary
1906 * representation file.
1907 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1908 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1909 struct policy_file *fp)
1910 {
1911 uint32_t buf[2], ncat;
1912 unsigned int i;
1913 mls_semantic_cat_t *cat;
1914 int rc;
1915
1916 mls_semantic_level_init(l);
1917
1918 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1919 if (rc < 0) {
1920 ERR(fp->handle, "truncated level");
1921 goto bad;
1922 }
1923 l->sens = le32_to_cpu(buf[0]);
1924
1925 ncat = le32_to_cpu(buf[1]);
1926 for (i = 0; i < ncat; i++) {
1927 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1928 if (!cat) {
1929 ERR(fp->handle, "out of memory");
1930 goto bad;
1931 }
1932
1933 mls_semantic_cat_init(cat);
1934 cat->next = l->cat;
1935 l->cat = cat;
1936
1937 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1938 if (rc < 0) {
1939 ERR(fp->handle, "error reading level categories");
1940 goto bad;
1941 }
1942 cat->low = le32_to_cpu(buf[0]);
1943 cat->high = le32_to_cpu(buf[1]);
1944 }
1945
1946 return 0;
1947
1948 bad:
1949 return -EINVAL;
1950 }
1951
1952 /*
1953 * Read a semantic MLS range structure from a policydb binary
1954 * representation file.
1955 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1956 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1957 struct policy_file *fp)
1958 {
1959 int rc;
1960
1961 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1962 if (rc)
1963 return rc;
1964
1965 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1966
1967 return rc;
1968 }
1969
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1970 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1971 {
1972 unsigned int i;
1973 ebitmap_node_t *cnode;
1974 mls_semantic_cat_t *open_cat = NULL;
1975
1976 mls_semantic_level_init(sl);
1977 sl->sens = l->sens;
1978 ebitmap_for_each_bit(&l->cat, cnode, i) {
1979 if (ebitmap_node_get_bit(cnode, i)) {
1980 if (open_cat)
1981 continue;
1982 open_cat = (mls_semantic_cat_t *)
1983 malloc(sizeof(mls_semantic_cat_t));
1984 if (!open_cat)
1985 return -1;
1986
1987 mls_semantic_cat_init(open_cat);
1988 open_cat->low = i + 1;
1989 open_cat->next = sl->cat;
1990 sl->cat = open_cat;
1991 } else {
1992 if (!open_cat)
1993 continue;
1994 open_cat->high = i;
1995 open_cat = NULL;
1996 }
1997 }
1998 if (open_cat)
1999 open_cat->high = i;
2000
2001 return 0;
2002 }
2003
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)2004 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
2005 {
2006 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
2007 return -1;
2008
2009 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
2010 return -1;
2011
2012 return 0;
2013 }
2014
2015 /*
2016 * Read and validate a security context structure
2017 * from a policydb binary representation file.
2018 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)2019 static int context_read_and_validate(context_struct_t * c,
2020 policydb_t * p, struct policy_file *fp)
2021 {
2022 uint32_t buf[3];
2023 int rc;
2024
2025 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2026 if (rc < 0) {
2027 ERR(fp->handle, "context truncated");
2028 return -1;
2029 }
2030 c->user = le32_to_cpu(buf[0]);
2031 c->role = le32_to_cpu(buf[1]);
2032 c->type = le32_to_cpu(buf[2]);
2033 if ((p->policy_type == POLICY_KERN
2034 && p->policyvers >= POLICYDB_VERSION_MLS)
2035 || (p->policy_type == POLICY_BASE
2036 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
2037 if (mls_read_range_helper(&c->range, fp)) {
2038 ERR(fp->handle, "error reading MLS range "
2039 "of context");
2040 return -1;
2041 }
2042 }
2043
2044 if (!policydb_context_isvalid(p, c)) {
2045 ERR(fp->handle, "invalid security context");
2046 context_destroy(c);
2047 return -1;
2048 }
2049 return 0;
2050 }
2051
2052 /*
2053 * The following *_read functions are used to
2054 * read the symbol data from a policy database
2055 * binary representation file.
2056 */
2057
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp,uint32_t nprim)2058 static int perm_read(policydb_t * p
2059 __attribute__ ((unused)), hashtab_t h,
2060 struct policy_file *fp, uint32_t nprim)
2061 {
2062 char *key = 0;
2063 perm_datum_t *perdatum;
2064 uint32_t buf[2];
2065 size_t len;
2066 int rc;
2067
2068 perdatum = calloc(1, sizeof(perm_datum_t));
2069 if (!perdatum)
2070 return -1;
2071
2072 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2073 if (rc < 0)
2074 goto bad;
2075
2076 len = le32_to_cpu(buf[0]);
2077 if(str_read(&key, fp, len))
2078 goto bad;
2079
2080 perdatum->s.value = le32_to_cpu(buf[1]);
2081 if (!value_isvalid(perdatum->s.value, nprim))
2082 goto bad;
2083
2084 if (hashtab_insert(h, key, perdatum))
2085 goto bad;
2086
2087 return 0;
2088
2089 bad:
2090 perm_destroy(key, perdatum, NULL);
2091 return -1;
2092 }
2093
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2094 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2095 {
2096 char *key = 0;
2097 common_datum_t *comdatum;
2098 uint32_t buf[4];
2099 size_t len, nel;
2100 unsigned int i;
2101 int rc;
2102
2103 comdatum = calloc(1, sizeof(common_datum_t));
2104 if (!comdatum)
2105 return -1;
2106
2107 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2108 if (rc < 0)
2109 goto bad;
2110
2111 len = le32_to_cpu(buf[0]);
2112 if (zero_or_saturated(len))
2113 goto bad;
2114
2115 comdatum->s.value = le32_to_cpu(buf[1]);
2116
2117 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
2118 goto bad;
2119 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
2120 if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
2121 goto bad;
2122 nel = le32_to_cpu(buf[3]);
2123
2124 key = malloc(len + 1);
2125 if (!key)
2126 goto bad;
2127 rc = next_entry(key, fp, len);
2128 if (rc < 0)
2129 goto bad;
2130 key[len] = 0;
2131
2132 for (i = 0; i < nel; i++) {
2133 if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim))
2134 goto bad;
2135 }
2136
2137 if (hashtab_insert(h, key, comdatum))
2138 goto bad;
2139
2140 return 0;
2141
2142 bad:
2143 common_destroy(key, comdatum, NULL);
2144 return -1;
2145 }
2146
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)2147 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
2148 unsigned int ncons,
2149 int allowxtarget, struct policy_file *fp)
2150 {
2151 constraint_node_t *c, *lc;
2152 constraint_expr_t *e, *le;
2153 uint32_t buf[3];
2154 size_t nexpr;
2155 unsigned int i, j;
2156 int rc, depth;
2157
2158 lc = NULL;
2159 for (i = 0; i < ncons; i++) {
2160 c = calloc(1, sizeof(constraint_node_t));
2161 if (!c)
2162 return -1;
2163
2164 if (lc)
2165 lc->next = c;
2166 else
2167 *nodep = c;
2168
2169 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2170 if (rc < 0)
2171 return -1;
2172 c->permissions = le32_to_cpu(buf[0]);
2173 nexpr = le32_to_cpu(buf[1]);
2174 le = NULL;
2175 depth = -1;
2176 for (j = 0; j < nexpr; j++) {
2177 e = malloc(sizeof(constraint_expr_t));
2178 if (!e)
2179 return -1;
2180 if (constraint_expr_init(e) == -1) {
2181 free(e);
2182 return -1;
2183 }
2184 if (le) {
2185 le->next = e;
2186 } else {
2187 c->expr = e;
2188 }
2189
2190 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2191 if (rc < 0)
2192 return -1;
2193 e->expr_type = le32_to_cpu(buf[0]);
2194 e->attr = le32_to_cpu(buf[1]);
2195 e->op = le32_to_cpu(buf[2]);
2196
2197 switch (e->expr_type) {
2198 case CEXPR_NOT:
2199 if (depth < 0)
2200 return -1;
2201 break;
2202 case CEXPR_AND:
2203 case CEXPR_OR:
2204 if (depth < 1)
2205 return -1;
2206 depth--;
2207 break;
2208 case CEXPR_ATTR:
2209 if (depth == (CEXPR_MAXDEPTH - 1))
2210 return -1;
2211 depth++;
2212 break;
2213 case CEXPR_NAMES:
2214 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2215 return -1;
2216 if (depth == (CEXPR_MAXDEPTH - 1))
2217 return -1;
2218 depth++;
2219 if (ebitmap_read(&e->names, fp))
2220 return -1;
2221 if (p->policy_type != POLICY_KERN &&
2222 type_set_read(e->type_names, fp))
2223 return -1;
2224 else if (p->policy_type == POLICY_KERN &&
2225 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2226 type_set_read(e->type_names, fp))
2227 return -1;
2228 break;
2229 default:
2230 return -1;
2231 }
2232 le = e;
2233 }
2234 if (depth != 0)
2235 return -1;
2236 lc = c;
2237 }
2238
2239 return 0;
2240 }
2241
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2242 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2243 {
2244 char *key = 0;
2245 class_datum_t *cladatum;
2246 uint32_t buf[6];
2247 size_t len, len2, ncons, nel;
2248 unsigned int i;
2249 int rc;
2250
2251 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2252 if (!cladatum)
2253 return -1;
2254
2255 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2256 if (rc < 0)
2257 goto bad;
2258
2259 len = le32_to_cpu(buf[0]);
2260 if (zero_or_saturated(len))
2261 goto bad;
2262 len2 = le32_to_cpu(buf[1]);
2263 if (is_saturated(len2))
2264 goto bad;
2265 cladatum->s.value = le32_to_cpu(buf[2]);
2266
2267 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2268 goto bad;
2269 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2270 if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
2271 goto bad;
2272 nel = le32_to_cpu(buf[4]);
2273
2274 ncons = le32_to_cpu(buf[5]);
2275
2276 key = malloc(len + 1);
2277 if (!key)
2278 goto bad;
2279 rc = next_entry(key, fp, len);
2280 if (rc < 0)
2281 goto bad;
2282 key[len] = 0;
2283
2284 if (len2) {
2285 cladatum->comkey = malloc(len2 + 1);
2286 if (!cladatum->comkey)
2287 goto bad;
2288 rc = next_entry(cladatum->comkey, fp, len2);
2289 if (rc < 0)
2290 goto bad;
2291 cladatum->comkey[len2] = 0;
2292
2293 cladatum->comdatum = hashtab_search(p->p_commons.table,
2294 cladatum->comkey);
2295 if (!cladatum->comdatum) {
2296 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2297 goto bad;
2298 }
2299 }
2300 for (i = 0; i < nel; i++) {
2301 if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim))
2302 goto bad;
2303 }
2304
2305 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2306 goto bad;
2307
2308 if ((p->policy_type == POLICY_KERN
2309 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2310 || (p->policy_type == POLICY_BASE
2311 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2312 /* grab the validatetrans rules */
2313 rc = next_entry(buf, fp, sizeof(uint32_t));
2314 if (rc < 0)
2315 goto bad;
2316 ncons = le32_to_cpu(buf[0]);
2317 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2318 goto bad;
2319 }
2320
2321 if ((p->policy_type == POLICY_KERN &&
2322 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2323 (p->policy_type == POLICY_BASE &&
2324 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2325 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2326 if (rc < 0)
2327 goto bad;
2328 cladatum->default_user = le32_to_cpu(buf[0]);
2329 cladatum->default_role = le32_to_cpu(buf[1]);
2330 cladatum->default_range = le32_to_cpu(buf[2]);
2331 }
2332
2333 if ((p->policy_type == POLICY_KERN &&
2334 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2335 (p->policy_type == POLICY_BASE &&
2336 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2337 rc = next_entry(buf, fp, sizeof(uint32_t));
2338 if (rc < 0)
2339 goto bad;
2340 cladatum->default_type = le32_to_cpu(buf[0]);
2341 }
2342
2343 if (hashtab_insert(h, key, cladatum))
2344 goto bad;
2345
2346 return 0;
2347
2348 bad:
2349 class_destroy(key, cladatum, NULL);
2350 return -1;
2351 }
2352
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2353 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2354 {
2355 char *key = 0;
2356 role_datum_t *role;
2357 uint32_t buf[3];
2358 size_t len;
2359 int rc, to_read = 2;
2360
2361 role = calloc(1, sizeof(role_datum_t));
2362 if (!role)
2363 return -1;
2364
2365 if (policydb_has_boundary_feature(p))
2366 to_read = 3;
2367
2368 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2369 if (rc < 0)
2370 goto bad;
2371
2372 len = le32_to_cpu(buf[0]);
2373 if (zero_or_saturated(len))
2374 goto bad;
2375
2376 role->s.value = le32_to_cpu(buf[1]);
2377 if (policydb_has_boundary_feature(p))
2378 role->bounds = le32_to_cpu(buf[2]);
2379
2380 key = malloc(len + 1);
2381 if (!key)
2382 goto bad;
2383 rc = next_entry(key, fp, len);
2384 if (rc < 0)
2385 goto bad;
2386 key[len] = 0;
2387
2388 if (ebitmap_read(&role->dominates, fp))
2389 goto bad;
2390
2391 if (p->policy_type == POLICY_KERN) {
2392 if (ebitmap_read(&role->types.types, fp))
2393 goto bad;
2394 } else {
2395 if (type_set_read(&role->types, fp))
2396 goto bad;
2397 }
2398
2399 if (p->policy_type != POLICY_KERN &&
2400 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2401 rc = next_entry(buf, fp, sizeof(uint32_t));
2402 if (rc < 0)
2403 goto bad;
2404
2405 role->flavor = le32_to_cpu(buf[0]);
2406
2407 if (ebitmap_read(&role->roles, fp))
2408 goto bad;
2409 }
2410
2411 if (strcmp(key, OBJECT_R) == 0) {
2412 if (role->s.value != OBJECT_R_VAL) {
2413 ERR(fp->handle, "role %s has wrong value %d",
2414 OBJECT_R, role->s.value);
2415 role_destroy(key, role, NULL);
2416 return -1;
2417 }
2418 role_destroy(key, role, NULL);
2419 return 0;
2420 }
2421
2422 if (hashtab_insert(h, key, role))
2423 goto bad;
2424
2425 return 0;
2426
2427 bad:
2428 role_destroy(key, role, NULL);
2429 return -1;
2430 }
2431
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2432 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2433 {
2434 char *key = 0;
2435 type_datum_t *typdatum;
2436 uint32_t buf[5];
2437 size_t len;
2438 int rc, to_read;
2439 int pos = 0;
2440
2441 typdatum = calloc(1, sizeof(type_datum_t));
2442 if (!typdatum)
2443 return -1;
2444
2445 if (policydb_has_boundary_feature(p)) {
2446 if (p->policy_type != POLICY_KERN
2447 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2448 to_read = 5;
2449 else
2450 to_read = 4;
2451 }
2452 else if (p->policy_type == POLICY_KERN)
2453 to_read = 3;
2454 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2455 to_read = 5;
2456 else
2457 to_read = 4;
2458
2459 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2460 if (rc < 0)
2461 goto bad;
2462
2463 len = le32_to_cpu(buf[pos]);
2464 if (zero_or_saturated(len))
2465 goto bad;
2466
2467 typdatum->s.value = le32_to_cpu(buf[++pos]);
2468 if (policydb_has_boundary_feature(p)) {
2469 uint32_t properties;
2470
2471 if (p->policy_type != POLICY_KERN
2472 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2473 typdatum->primary = le32_to_cpu(buf[++pos]);
2474 properties = le32_to_cpu(buf[++pos]);
2475 }
2476 else {
2477 properties = le32_to_cpu(buf[++pos]);
2478
2479 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2480 typdatum->primary = 1;
2481 }
2482
2483 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2484 typdatum->flavor = TYPE_ATTRIB;
2485 if (properties & TYPEDATUM_PROPERTY_ALIAS
2486 && p->policy_type != POLICY_KERN)
2487 typdatum->flavor = TYPE_ALIAS;
2488 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2489 && p->policy_type != POLICY_KERN)
2490 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2491
2492 typdatum->bounds = le32_to_cpu(buf[++pos]);
2493 } else {
2494 typdatum->primary = le32_to_cpu(buf[++pos]);
2495 if (p->policy_type != POLICY_KERN) {
2496 typdatum->flavor = le32_to_cpu(buf[++pos]);
2497 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2498 typdatum->flags = le32_to_cpu(buf[++pos]);
2499 }
2500 }
2501
2502 if (p->policy_type != POLICY_KERN) {
2503 if (ebitmap_read(&typdatum->types, fp))
2504 goto bad;
2505 }
2506
2507 key = malloc(len + 1);
2508 if (!key)
2509 goto bad;
2510 rc = next_entry(key, fp, len);
2511 if (rc < 0)
2512 goto bad;
2513 key[len] = 0;
2514
2515 if (hashtab_insert(h, key, typdatum))
2516 goto bad;
2517
2518 return 0;
2519
2520 bad:
2521 type_destroy(key, typdatum, NULL);
2522 return -1;
2523 }
2524
role_trans_read(policydb_t * p,struct policy_file * fp)2525 static int role_trans_read(policydb_t *p, struct policy_file *fp)
2526 {
2527 role_trans_t **t = &p->role_tr;
2528 unsigned int i;
2529 uint32_t buf[3], nel;
2530 role_trans_t *tr, *ltr;
2531 int rc;
2532 int new_roletr = (p->policy_type == POLICY_KERN &&
2533 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2534
2535 rc = next_entry(buf, fp, sizeof(uint32_t));
2536 if (rc < 0)
2537 return -1;
2538 nel = le32_to_cpu(buf[0]);
2539 ltr = NULL;
2540 for (i = 0; i < nel; i++) {
2541 tr = calloc(1, sizeof(struct role_trans));
2542 if (!tr) {
2543 return -1;
2544 }
2545 if (ltr) {
2546 ltr->next = tr;
2547 } else {
2548 *t = tr;
2549 }
2550 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2551 if (rc < 0)
2552 return -1;
2553 tr->role = le32_to_cpu(buf[0]);
2554 tr->type = le32_to_cpu(buf[1]);
2555 tr->new_role = le32_to_cpu(buf[2]);
2556 if (new_roletr) {
2557 rc = next_entry(buf, fp, sizeof(uint32_t));
2558 if (rc < 0)
2559 return -1;
2560 tr->tclass = le32_to_cpu(buf[0]);
2561 } else
2562 tr->tclass = p->process_class;
2563 ltr = tr;
2564 }
2565 return 0;
2566 }
2567
role_allow_read(role_allow_t ** r,struct policy_file * fp)2568 static int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2569 {
2570 unsigned int i;
2571 uint32_t buf[2], nel;
2572 role_allow_t *ra, *lra;
2573 int rc;
2574
2575 rc = next_entry(buf, fp, sizeof(uint32_t));
2576 if (rc < 0)
2577 return -1;
2578 nel = le32_to_cpu(buf[0]);
2579 lra = NULL;
2580 for (i = 0; i < nel; i++) {
2581 ra = calloc(1, sizeof(struct role_allow));
2582 if (!ra) {
2583 return -1;
2584 }
2585 if (lra) {
2586 lra->next = ra;
2587 } else {
2588 *r = ra;
2589 }
2590 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2591 if (rc < 0)
2592 return -1;
2593 ra->role = le32_to_cpu(buf[0]);
2594 ra->new_role = le32_to_cpu(buf[1]);
2595 lra = ra;
2596 }
2597 return 0;
2598 }
2599
policydb_filetrans_insert(policydb_t * p,uint32_t stype,uint32_t ttype,uint32_t tclass,const char * name,char ** name_alloc,uint32_t otype,uint32_t * present_otype)2600 int policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype,
2601 uint32_t tclass, const char *name,
2602 char **name_alloc, uint32_t otype,
2603 uint32_t *present_otype)
2604 {
2605 filename_trans_key_t *ft, key;
2606 filename_trans_datum_t *datum, *last;
2607
2608 key.ttype = ttype;
2609 key.tclass = tclass;
2610 key.name = (char *)name;
2611
2612 last = NULL;
2613 datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key);
2614 while (datum) {
2615 if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
2616 if (present_otype)
2617 *present_otype = datum->otype;
2618 return SEPOL_EEXIST;
2619 }
2620 if (datum->otype == otype)
2621 break;
2622 last = datum;
2623 datum = datum->next;
2624 }
2625 if (!datum) {
2626 datum = malloc(sizeof(*datum));
2627 if (!datum)
2628 return SEPOL_ENOMEM;
2629
2630 ebitmap_init(&datum->stypes);
2631 datum->otype = otype;
2632 datum->next = NULL;
2633
2634 if (last) {
2635 last->next = datum;
2636 } else {
2637 char *name_dup;
2638
2639 if (name_alloc) {
2640 name_dup = *name_alloc;
2641 *name_alloc = NULL;
2642 } else {
2643 name_dup = strdup(name);
2644 if (!name_dup) {
2645 free(datum);
2646 return SEPOL_ENOMEM;
2647 }
2648 }
2649
2650 ft = malloc(sizeof(*ft));
2651 if (!ft) {
2652 free(name_dup);
2653 free(datum);
2654 return SEPOL_ENOMEM;
2655 }
2656
2657 ft->ttype = ttype;
2658 ft->tclass = tclass;
2659 ft->name = name_dup;
2660
2661 if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2662 (hashtab_datum_t)datum)) {
2663 free(name_dup);
2664 free(datum);
2665 free(ft);
2666 return SEPOL_ENOMEM;
2667 }
2668 }
2669 }
2670
2671 p->filename_trans_count++;
2672 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
2673 }
2674
filename_trans_read_one_compat(policydb_t * p,struct policy_file * fp)2675 static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
2676 {
2677 uint32_t buf[4], len, stype, ttype, tclass, otype;
2678 char *name = NULL;
2679 int rc;
2680
2681 rc = next_entry(buf, fp, sizeof(uint32_t));
2682 if (rc < 0)
2683 return -1;
2684 len = le32_to_cpu(buf[0]);
2685 if (zero_or_saturated(len))
2686 return -1;
2687
2688 name = calloc(len + 1, sizeof(*name));
2689 if (!name)
2690 return -1;
2691
2692 rc = next_entry(name, fp, len);
2693 if (rc < 0)
2694 goto err;
2695
2696 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2697 if (rc < 0)
2698 goto err;
2699
2700 stype = le32_to_cpu(buf[0]);
2701 if (stype == 0)
2702 goto err;
2703
2704 ttype = le32_to_cpu(buf[1]);
2705 tclass = le32_to_cpu(buf[2]);
2706 otype = le32_to_cpu(buf[3]);
2707
2708 rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name,
2709 otype, NULL);
2710 if (rc) {
2711 if (rc != SEPOL_EEXIST)
2712 goto err;
2713 /*
2714 * Some old policies were wrongly generated with
2715 * duplicate filename transition rules. For backward
2716 * compatibility, do not reject such policies, just
2717 * ignore the duplicate.
2718 */
2719 }
2720 free(name);
2721 return 0;
2722 err:
2723 free(name);
2724 return -1;
2725 }
2726
filename_trans_check_datum(filename_trans_datum_t * datum)2727 static int filename_trans_check_datum(filename_trans_datum_t *datum)
2728 {
2729 ebitmap_t stypes, otypes;
2730 int rc = -1;
2731
2732 ebitmap_init(&stypes);
2733 ebitmap_init(&otypes);
2734
2735 while (datum) {
2736 if (ebitmap_get_bit(&otypes, datum->otype))
2737 goto out;
2738
2739 if (ebitmap_set_bit(&otypes, datum->otype, 1))
2740 goto out;
2741
2742 if (ebitmap_match_any(&stypes, &datum->stypes))
2743 goto out;
2744
2745 if (ebitmap_union(&stypes, &datum->stypes))
2746 goto out;
2747
2748 datum = datum->next;
2749 }
2750 rc = 0;
2751 out:
2752 ebitmap_destroy(&stypes);
2753 ebitmap_destroy(&otypes);
2754 return rc;
2755 }
2756
filename_trans_read_one(policydb_t * p,struct policy_file * fp)2757 static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
2758 {
2759 filename_trans_key_t *ft = NULL;
2760 filename_trans_datum_t **dst, *datum, *first = NULL;
2761 unsigned int i;
2762 uint32_t buf[3], len, ttype, tclass, ndatum;
2763 char *name = NULL;
2764 int rc;
2765
2766 rc = next_entry(buf, fp, sizeof(uint32_t));
2767 if (rc < 0)
2768 return -1;
2769 len = le32_to_cpu(buf[0]);
2770 if (zero_or_saturated(len))
2771 return -1;
2772
2773 name = calloc(len + 1, sizeof(*name));
2774 if (!name)
2775 return -1;
2776
2777 rc = next_entry(name, fp, len);
2778 if (rc < 0)
2779 goto err;
2780
2781 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2782 if (rc < 0)
2783 goto err;
2784
2785 ttype = le32_to_cpu(buf[0]);
2786 tclass = le32_to_cpu(buf[1]);
2787 ndatum = le32_to_cpu(buf[2]);
2788 if (ndatum == 0)
2789 goto err;
2790
2791 dst = &first;
2792 for (i = 0; i < ndatum; i++) {
2793 datum = malloc(sizeof(*datum));
2794 if (!datum)
2795 goto err;
2796
2797 datum->next = NULL;
2798 *dst = datum;
2799
2800 /* ebitmap_read() will at least init the bitmap */
2801 rc = ebitmap_read(&datum->stypes, fp);
2802 if (rc < 0)
2803 goto err;
2804
2805 rc = next_entry(buf, fp, sizeof(uint32_t));
2806 if (rc < 0)
2807 goto err;
2808
2809 datum->otype = le32_to_cpu(buf[0]);
2810
2811 p->filename_trans_count += ebitmap_cardinality(&datum->stypes);
2812
2813 dst = &datum->next;
2814 }
2815
2816 if (ndatum > 1 && filename_trans_check_datum(first))
2817 goto err;
2818
2819 ft = malloc(sizeof(*ft));
2820 if (!ft)
2821 goto err;
2822
2823 ft->ttype = ttype;
2824 ft->tclass = tclass;
2825 ft->name = name;
2826
2827 rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2828 (hashtab_datum_t)first);
2829 if (rc)
2830 goto err;
2831
2832 return 0;
2833 err:
2834 free(ft);
2835 free(name);
2836 while (first) {
2837 datum = first;
2838 first = first->next;
2839
2840 ebitmap_destroy(&datum->stypes);
2841 free(datum);
2842 }
2843 return -1;
2844 }
2845
filename_trans_read(policydb_t * p,struct policy_file * fp)2846 static int filename_trans_read(policydb_t *p, struct policy_file *fp)
2847 {
2848 unsigned int i;
2849 uint32_t buf[1], nel;
2850 int rc;
2851
2852 rc = next_entry(buf, fp, sizeof(uint32_t));
2853 if (rc < 0)
2854 return -1;
2855 nel = le32_to_cpu(buf[0]);
2856
2857 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2858 for (i = 0; i < nel; i++) {
2859 rc = filename_trans_read_one_compat(p, fp);
2860 if (rc < 0)
2861 return -1;
2862 }
2863 } else {
2864 for (i = 0; i < nel; i++) {
2865 rc = filename_trans_read_one(p, fp);
2866 if (rc < 0)
2867 return -1;
2868 }
2869 }
2870 return 0;
2871 }
2872
ocontext_read_xen(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2873 static int ocontext_read_xen(const struct policydb_compat_info *info,
2874 policydb_t *p, struct policy_file *fp)
2875 {
2876 unsigned int i, j;
2877 size_t nel, len;
2878 ocontext_t *l, *c;
2879 uint32_t buf[8];
2880 int rc;
2881
2882 for (i = 0; i < info->ocon_num; i++) {
2883 rc = next_entry(buf, fp, sizeof(uint32_t));
2884 if (rc < 0)
2885 return -1;
2886 nel = le32_to_cpu(buf[0]);
2887 l = NULL;
2888 for (j = 0; j < nel; j++) {
2889 c = calloc(1, sizeof(ocontext_t));
2890 if (!c)
2891 return -1;
2892 if (l)
2893 l->next = c;
2894 else
2895 p->ocontexts[i] = c;
2896 l = c;
2897 switch (i) {
2898 case OCON_XEN_ISID:
2899 rc = next_entry(buf, fp, sizeof(uint32_t));
2900 if (rc < 0)
2901 return -1;
2902 c->sid[0] = le32_to_cpu(buf[0]);
2903 if (is_saturated(c->sid[0]))
2904 return -1;
2905 if (context_read_and_validate
2906 (&c->context[0], p, fp))
2907 return -1;
2908 break;
2909 case OCON_XEN_PIRQ:
2910 rc = next_entry(buf, fp, sizeof(uint32_t));
2911 if (rc < 0)
2912 return -1;
2913 c->u.pirq = le32_to_cpu(buf[0]);
2914 if (context_read_and_validate
2915 (&c->context[0], p, fp))
2916 return -1;
2917 break;
2918 case OCON_XEN_IOPORT:
2919 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2920 if (rc < 0)
2921 return -1;
2922 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2923 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2924 if (context_read_and_validate
2925 (&c->context[0], p, fp))
2926 return -1;
2927 break;
2928 case OCON_XEN_IOMEM:
2929 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
2930 uint64_t b64[2];
2931 rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
2932 if (rc < 0)
2933 return -1;
2934 c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
2935 c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
2936 } else {
2937 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2938 if (rc < 0)
2939 return -1;
2940 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2941 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2942 }
2943 if (context_read_and_validate
2944 (&c->context[0], p, fp))
2945 return -1;
2946 break;
2947 case OCON_XEN_PCIDEVICE:
2948 rc = next_entry(buf, fp, sizeof(uint32_t));
2949 if (rc < 0)
2950 return -1;
2951 c->u.device = le32_to_cpu(buf[0]);
2952 if (context_read_and_validate
2953 (&c->context[0], p, fp))
2954 return -1;
2955 break;
2956 case OCON_XEN_DEVICETREE:
2957 rc = next_entry(buf, fp, sizeof(uint32_t));
2958 if (rc < 0)
2959 return -1;
2960 len = le32_to_cpu(buf[0]);
2961 if (zero_or_saturated(len))
2962 return -1;
2963
2964 c->u.name = malloc(len + 1);
2965 if (!c->u.name)
2966 return -1;
2967 rc = next_entry(c->u.name, fp, len);
2968 if (rc < 0)
2969 return -1;
2970 c->u.name[len] = 0;
2971 if (context_read_and_validate
2972 (&c->context[0], p, fp))
2973 return -1;
2974 break;
2975 default:
2976 /* should never get here */
2977 ERR(fp->handle, "Unknown Xen ocontext");
2978 return -1;
2979 }
2980 }
2981 }
2982 return 0;
2983 }
ocontext_read_selinux(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2984 static int ocontext_read_selinux(const struct policydb_compat_info *info,
2985 policydb_t * p, struct policy_file *fp)
2986 {
2987 unsigned int i, j;
2988 size_t nel, len;
2989 ocontext_t *l, *c;
2990 uint32_t buf[8];
2991 int rc;
2992
2993 for (i = 0; i < info->ocon_num; i++) {
2994 rc = next_entry(buf, fp, sizeof(uint32_t));
2995 if (rc < 0)
2996 return -1;
2997 nel = le32_to_cpu(buf[0]);
2998 l = NULL;
2999 for (j = 0; j < nel; j++) {
3000 c = calloc(1, sizeof(ocontext_t));
3001 if (!c) {
3002 return -1;
3003 }
3004 if (l) {
3005 l->next = c;
3006 } else {
3007 p->ocontexts[i] = c;
3008 }
3009 l = c;
3010 switch (i) {
3011 case OCON_ISID:
3012 rc = next_entry(buf, fp, sizeof(uint32_t));
3013 if (rc < 0)
3014 return -1;
3015 c->sid[0] = le32_to_cpu(buf[0]);
3016 if (is_saturated(c->sid[0]))
3017 return -1;
3018 if (context_read_and_validate
3019 (&c->context[0], p, fp))
3020 return -1;
3021 break;
3022 case OCON_FS:
3023 case OCON_NETIF:
3024 rc = next_entry(buf, fp, sizeof(uint32_t));
3025 if (rc < 0)
3026 return -1;
3027 len = le32_to_cpu(buf[0]);
3028 if (zero_or_saturated(len) || len > 63)
3029 return -1;
3030 c->u.name = malloc(len + 1);
3031 if (!c->u.name)
3032 return -1;
3033 rc = next_entry(c->u.name, fp, len);
3034 if (rc < 0)
3035 return -1;
3036 c->u.name[len] = 0;
3037 if (context_read_and_validate
3038 (&c->context[0], p, fp))
3039 return -1;
3040 if (context_read_and_validate
3041 (&c->context[1], p, fp))
3042 return -1;
3043 break;
3044 case OCON_IBPKEY: {
3045 uint32_t pkey_lo, pkey_hi;
3046
3047 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
3048 if (rc < 0)
3049 return -1;
3050
3051 pkey_lo = le32_to_cpu(buf[2]);
3052 pkey_hi = le32_to_cpu(buf[3]);
3053
3054 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
3055 return -1;
3056
3057 c->u.ibpkey.low_pkey = pkey_lo;
3058 c->u.ibpkey.high_pkey = pkey_hi;
3059
3060 /* we want c->u.ibpkey.subnet_prefix in network
3061 * (big-endian) order, just memcpy it */
3062 memcpy(&c->u.ibpkey.subnet_prefix, buf,
3063 sizeof(c->u.ibpkey.subnet_prefix));
3064
3065 if (context_read_and_validate
3066 (&c->context[0], p, fp))
3067 return -1;
3068 break;
3069 }
3070 case OCON_IBENDPORT: {
3071 uint32_t port;
3072
3073 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3074 if (rc < 0)
3075 return -1;
3076 len = le32_to_cpu(buf[0]);
3077 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
3078 return -1;
3079
3080 port = le32_to_cpu(buf[1]);
3081 if (port > UINT8_MAX || port == 0)
3082 return -1;
3083
3084 c->u.ibendport.dev_name = malloc(len + 1);
3085 if (!c->u.ibendport.dev_name)
3086 return -1;
3087 rc = next_entry(c->u.ibendport.dev_name, fp, len);
3088 if (rc < 0)
3089 return -1;
3090 c->u.ibendport.dev_name[len] = 0;
3091 c->u.ibendport.port = port;
3092 if (context_read_and_validate
3093 (&c->context[0], p, fp))
3094 return -1;
3095 break;
3096 }
3097 case OCON_PORT:
3098 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
3099 if (rc < 0)
3100 return -1;
3101 c->u.port.protocol = le32_to_cpu(buf[0]);
3102 c->u.port.low_port = le32_to_cpu(buf[1]);
3103 c->u.port.high_port = le32_to_cpu(buf[2]);
3104 if (context_read_and_validate
3105 (&c->context[0], p, fp))
3106 return -1;
3107 break;
3108 case OCON_NODE:
3109 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3110 if (rc < 0)
3111 return -1;
3112 c->u.node.addr = buf[0]; /* network order */
3113 c->u.node.mask = buf[1]; /* network order */
3114 if (context_read_and_validate
3115 (&c->context[0], p, fp))
3116 return -1;
3117 break;
3118 case OCON_FSUSE:
3119 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3120 if (rc < 0)
3121 return -1;
3122 c->v.behavior = le32_to_cpu(buf[0]);
3123 len = le32_to_cpu(buf[1]);
3124 if (zero_or_saturated(len))
3125 return -1;
3126 c->u.name = malloc(len + 1);
3127 if (!c->u.name)
3128 return -1;
3129 rc = next_entry(c->u.name, fp, len);
3130 if (rc < 0)
3131 return -1;
3132 c->u.name[len] = 0;
3133 if (context_read_and_validate
3134 (&c->context[0], p, fp))
3135 return -1;
3136 break;
3137 case OCON_NODE6:{
3138 int k;
3139
3140 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
3141 if (rc < 0)
3142 return -1;
3143 for (k = 0; k < 4; k++)
3144 /* network order */
3145 c->u.node6.addr[k] = buf[k];
3146 for (k = 0; k < 4; k++)
3147 /* network order */
3148 c->u.node6.mask[k] = buf[k + 4];
3149 if (context_read_and_validate
3150 (&c->context[0], p, fp))
3151 return -1;
3152 break;
3153 }
3154 default:{
3155 ERR(fp->handle, "Unknown SELinux ocontext");
3156 return -1;
3157 }
3158 }
3159 }
3160 }
3161 return 0;
3162 }
3163
ocontext_read(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)3164 static int ocontext_read(const struct policydb_compat_info *info,
3165 policydb_t *p, struct policy_file *fp)
3166 {
3167 int rc = -1;
3168 switch (p->target_platform) {
3169 case SEPOL_TARGET_SELINUX:
3170 rc = ocontext_read_selinux(info, p, fp);
3171 break;
3172 case SEPOL_TARGET_XEN:
3173 rc = ocontext_read_xen(info, p, fp);
3174 break;
3175 default:
3176 ERR(fp->handle, "Unknown target");
3177 }
3178 return rc;
3179 }
3180
genfs_read(policydb_t * p,struct policy_file * fp)3181 static int genfs_read(policydb_t * p, struct policy_file *fp)
3182 {
3183 uint32_t buf[1];
3184 size_t nel, nel2, len, len2;
3185 genfs_t *genfs_p, *newgenfs, *genfs;
3186 size_t i, j;
3187 ocontext_t *l, *c, *newc = NULL;
3188 int rc;
3189
3190 rc = next_entry(buf, fp, sizeof(uint32_t));
3191 if (rc < 0)
3192 goto bad;
3193 nel = le32_to_cpu(buf[0]);
3194 genfs_p = NULL;
3195 for (i = 0; i < nel; i++) {
3196 rc = next_entry(buf, fp, sizeof(uint32_t));
3197 if (rc < 0)
3198 goto bad;
3199 len = le32_to_cpu(buf[0]);
3200 if (zero_or_saturated(len))
3201 goto bad;
3202 newgenfs = calloc(1, sizeof(genfs_t));
3203 if (!newgenfs)
3204 goto bad;
3205 newgenfs->fstype = malloc(len + 1);
3206 if (!newgenfs->fstype) {
3207 free(newgenfs);
3208 goto bad;
3209 }
3210 rc = next_entry(newgenfs->fstype, fp, len);
3211 if (rc < 0) {
3212 free(newgenfs->fstype);
3213 free(newgenfs);
3214 goto bad;
3215 }
3216 newgenfs->fstype[len] = 0;
3217 for (genfs_p = NULL, genfs = p->genfs; genfs;
3218 genfs_p = genfs, genfs = genfs->next) {
3219 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
3220 ERR(fp->handle, "dup genfs fstype %s",
3221 newgenfs->fstype);
3222 free(newgenfs->fstype);
3223 free(newgenfs);
3224 goto bad;
3225 }
3226 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
3227 break;
3228 }
3229 newgenfs->next = genfs;
3230 if (genfs_p)
3231 genfs_p->next = newgenfs;
3232 else
3233 p->genfs = newgenfs;
3234 rc = next_entry(buf, fp, sizeof(uint32_t));
3235 if (rc < 0)
3236 goto bad;
3237 nel2 = le32_to_cpu(buf[0]);
3238 for (j = 0; j < nel2; j++) {
3239 newc = calloc(1, sizeof(ocontext_t));
3240 if (!newc) {
3241 goto bad;
3242 }
3243 rc = next_entry(buf, fp, sizeof(uint32_t));
3244 if (rc < 0)
3245 goto bad;
3246 len = le32_to_cpu(buf[0]);
3247 if (zero_or_saturated(len))
3248 goto bad;
3249 newc->u.name = malloc(len + 1);
3250 if (!newc->u.name) {
3251 goto bad;
3252 }
3253 rc = next_entry(newc->u.name, fp, len);
3254 if (rc < 0)
3255 goto bad;
3256 newc->u.name[len] = 0;
3257 rc = next_entry(buf, fp, sizeof(uint32_t));
3258 if (rc < 0)
3259 goto bad;
3260 newc->v.sclass = le32_to_cpu(buf[0]);
3261 if (context_read_and_validate(&newc->context[0], p, fp))
3262 goto bad;
3263 for (l = NULL, c = newgenfs->head; c;
3264 l = c, c = c->next) {
3265 if (!strcmp(newc->u.name, c->u.name) &&
3266 (!c->v.sclass || !newc->v.sclass ||
3267 newc->v.sclass == c->v.sclass)) {
3268 ERR(fp->handle, "dup genfs entry "
3269 "(%s,%s)", newgenfs->fstype,
3270 c->u.name);
3271 goto bad;
3272 }
3273 len = strlen(newc->u.name);
3274 len2 = strlen(c->u.name);
3275 if (len > len2)
3276 break;
3277 }
3278 newc->next = c;
3279 if (l)
3280 l->next = newc;
3281 else
3282 newgenfs->head = newc;
3283 /* clear newc after a new owner has the pointer */
3284 newc = NULL;
3285 }
3286 }
3287
3288 return 0;
3289
3290 bad:
3291 if (newc) {
3292 context_destroy(&newc->context[0]);
3293 context_destroy(&newc->context[1]);
3294 free(newc->u.name);
3295 free(newc);
3296 }
3297 return -1;
3298 }
3299
3300 /*
3301 * Read a MLS level structure from a policydb binary
3302 * representation file.
3303 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)3304 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
3305 {
3306 uint32_t buf[1];
3307 int rc;
3308
3309 mls_level_init(lp);
3310
3311 rc = next_entry(buf, fp, sizeof(uint32_t));
3312 if (rc < 0) {
3313 ERR(fp->handle, "truncated level");
3314 goto bad;
3315 }
3316 lp->sens = le32_to_cpu(buf[0]);
3317
3318 if (ebitmap_read(&lp->cat, fp)) {
3319 ERR(fp->handle, "error reading level categories");
3320 goto bad;
3321 }
3322 return 0;
3323
3324 bad:
3325 return -EINVAL;
3326 }
3327
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3328 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
3329 {
3330 char *key = 0;
3331 user_datum_t *usrdatum;
3332 uint32_t buf[3];
3333 size_t len;
3334 int rc, to_read = 2;
3335
3336 usrdatum = calloc(1, sizeof(user_datum_t));
3337 if (!usrdatum)
3338 return -1;
3339
3340 if (policydb_has_boundary_feature(p))
3341 to_read = 3;
3342
3343 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
3344 if (rc < 0)
3345 goto bad;
3346
3347 len = le32_to_cpu(buf[0]);
3348 if (zero_or_saturated(len))
3349 goto bad;
3350
3351 usrdatum->s.value = le32_to_cpu(buf[1]);
3352 if (policydb_has_boundary_feature(p))
3353 usrdatum->bounds = le32_to_cpu(buf[2]);
3354
3355 key = malloc(len + 1);
3356 if (!key)
3357 goto bad;
3358 rc = next_entry(key, fp, len);
3359 if (rc < 0)
3360 goto bad;
3361 key[len] = 0;
3362
3363 if (p->policy_type == POLICY_KERN) {
3364 if (ebitmap_read(&usrdatum->roles.roles, fp))
3365 goto bad;
3366 } else {
3367 if (role_set_read(&usrdatum->roles, fp))
3368 goto bad;
3369 }
3370
3371 /* users were not allowed in mls modules before version
3372 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
3373 * required - the mls fields will be empty. user declarations in
3374 * non-mls modules will also have empty mls fields */
3375 if ((p->policy_type == POLICY_KERN
3376 && p->policyvers >= POLICYDB_VERSION_MLS)
3377 || (p->policy_type == POLICY_MOD
3378 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3379 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
3380 || (p->policy_type == POLICY_BASE
3381 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3382 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
3383 if (mls_read_range_helper(&usrdatum->exp_range, fp))
3384 goto bad;
3385 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
3386 goto bad;
3387 if (p->policy_type != POLICY_KERN) {
3388 if (mls_range_to_semantic(&usrdatum->exp_range,
3389 &usrdatum->range))
3390 goto bad;
3391 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
3392 &usrdatum->dfltlevel))
3393 goto bad;
3394 }
3395 } else if ((p->policy_type == POLICY_MOD
3396 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
3397 || (p->policy_type == POLICY_BASE
3398 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
3399 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
3400 goto bad;
3401 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
3402 goto bad;
3403 }
3404
3405 if (hashtab_insert(h, key, usrdatum))
3406 goto bad;
3407
3408 return 0;
3409
3410 bad:
3411 user_destroy(key, usrdatum, NULL);
3412 return -1;
3413 }
3414
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3415 static int sens_read(policydb_t * p
3416 __attribute__ ((unused)), hashtab_t h,
3417 struct policy_file *fp)
3418 {
3419 char *key = 0;
3420 level_datum_t *levdatum;
3421 uint32_t buf[2], len;
3422 int rc;
3423
3424 levdatum = malloc(sizeof(level_datum_t));
3425 if (!levdatum)
3426 return -1;
3427 level_datum_init(levdatum);
3428
3429 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3430 if (rc < 0)
3431 goto bad;
3432
3433 len = le32_to_cpu(buf[0]);
3434 if (zero_or_saturated(len))
3435 goto bad;
3436
3437 levdatum->isalias = le32_to_cpu(buf[1]);
3438
3439 key = malloc(len + 1);
3440 if (!key)
3441 goto bad;
3442 rc = next_entry(key, fp, len);
3443 if (rc < 0)
3444 goto bad;
3445 key[len] = 0;
3446
3447 levdatum->level = malloc(sizeof(mls_level_t));
3448 if (!levdatum->level || mls_read_level(levdatum->level, fp))
3449 goto bad;
3450
3451 if (hashtab_insert(h, key, levdatum))
3452 goto bad;
3453
3454 return 0;
3455
3456 bad:
3457 sens_destroy(key, levdatum, NULL);
3458 return -1;
3459 }
3460
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3461 static int cat_read(policydb_t * p
3462 __attribute__ ((unused)), hashtab_t h,
3463 struct policy_file *fp)
3464 {
3465 char *key = 0;
3466 cat_datum_t *catdatum;
3467 uint32_t buf[3], len;
3468 int rc;
3469
3470 catdatum = malloc(sizeof(cat_datum_t));
3471 if (!catdatum)
3472 return -1;
3473 cat_datum_init(catdatum);
3474
3475 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
3476 if (rc < 0)
3477 goto bad;
3478
3479 len = le32_to_cpu(buf[0]);
3480 if(zero_or_saturated(len))
3481 goto bad;
3482
3483 catdatum->s.value = le32_to_cpu(buf[1]);
3484 catdatum->isalias = le32_to_cpu(buf[2]);
3485
3486 key = malloc(len + 1);
3487 if (!key)
3488 goto bad;
3489 rc = next_entry(key, fp, len);
3490 if (rc < 0)
3491 goto bad;
3492 key[len] = 0;
3493
3494 if (hashtab_insert(h, key, catdatum))
3495 goto bad;
3496
3497 return 0;
3498
3499 bad:
3500 cat_destroy(key, catdatum, NULL);
3501 return -1;
3502 }
3503
3504 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
3505 struct policy_file * fp) = {
3506 common_read, class_read, role_read, type_read, user_read,
3507 cond_read_bool, sens_read, cat_read,};
3508
3509 /************** module reading functions below **************/
3510
avrule_read(policydb_t * p,struct policy_file * fp)3511 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
3512 {
3513 unsigned int i;
3514 uint32_t buf[2], len;
3515 class_perm_node_t *cur, *tail = NULL;
3516 avrule_t *avrule;
3517 int rc;
3518
3519 avrule = (avrule_t *) malloc(sizeof(avrule_t));
3520 if (!avrule)
3521 return NULL;
3522
3523 avrule_init(avrule);
3524
3525 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3526 if (rc < 0)
3527 goto bad;
3528
3529 avrule->specified = le32_to_cpu(buf[0]);
3530 avrule->flags = le32_to_cpu(buf[1]);
3531
3532 if (type_set_read(&avrule->stypes, fp))
3533 goto bad;
3534
3535 if (type_set_read(&avrule->ttypes, fp))
3536 goto bad;
3537
3538 rc = next_entry(buf, fp, sizeof(uint32_t));
3539 if (rc < 0)
3540 goto bad;
3541 len = le32_to_cpu(buf[0]);
3542
3543 for (i = 0; i < len; i++) {
3544 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3545 if (!cur)
3546 goto bad;
3547 class_perm_node_init(cur);
3548
3549 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3550 if (rc < 0) {
3551 free(cur);
3552 goto bad;
3553 }
3554
3555 cur->tclass = le32_to_cpu(buf[0]);
3556 cur->data = le32_to_cpu(buf[1]);
3557
3558 if (!tail) {
3559 avrule->perms = cur;
3560 } else {
3561 tail->next = cur;
3562 }
3563 tail = cur;
3564 }
3565
3566 if (avrule->specified & AVRULE_XPERMS) {
3567 uint8_t buf8;
3568 size_t nel = ARRAY_SIZE(avrule->xperms->perms);
3569 uint32_t buf32[nel];
3570
3571 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
3572 ERR(fp->handle,
3573 "module policy version %u does not support ioctl"
3574 " extended permissions rules and one was specified",
3575 p->policyvers);
3576 goto bad;
3577 }
3578
3579 if (p->target_platform != SEPOL_TARGET_SELINUX) {
3580 ERR(fp->handle,
3581 "Target platform %s does not support ioctl"
3582 " extended permissions rules and one was specified",
3583 policydb_target_strings[p->target_platform]);
3584 goto bad;
3585 }
3586
3587 avrule->xperms = calloc(1, sizeof(*avrule->xperms));
3588 if (!avrule->xperms)
3589 goto bad;
3590
3591 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3592 if (rc < 0) {
3593 ERR(fp->handle, "truncated entry");
3594 goto bad;
3595 }
3596 avrule->xperms->specified = buf8;
3597 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3598 if (rc < 0) {
3599 ERR(fp->handle, "truncated entry");
3600 goto bad;
3601 }
3602 avrule->xperms->driver = buf8;
3603 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
3604 if (rc < 0) {
3605 ERR(fp->handle, "truncated entry");
3606 goto bad;
3607 }
3608 for (i = 0; i < nel; i++)
3609 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
3610 }
3611
3612 return avrule;
3613 bad:
3614 if (avrule) {
3615 avrule_destroy(avrule);
3616 free(avrule);
3617 }
3618 return NULL;
3619 }
3620
range_read(policydb_t * p,struct policy_file * fp)3621 static int range_read(policydb_t * p, struct policy_file *fp)
3622 {
3623 uint32_t buf[2], nel;
3624 range_trans_t *rt = NULL;
3625 struct mls_range *r = NULL;
3626 range_trans_rule_t *rtr = NULL, *lrtr = NULL;
3627 unsigned int i;
3628 int new_rangetr = (p->policy_type == POLICY_KERN &&
3629 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3630 int rc;
3631
3632 rc = next_entry(buf, fp, sizeof(uint32_t));
3633 if (rc < 0)
3634 return -1;
3635 nel = le32_to_cpu(buf[0]);
3636 for (i = 0; i < nel; i++) {
3637 rt = calloc(1, sizeof(range_trans_t));
3638 if (!rt)
3639 return -1;
3640 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3641 if (rc < 0)
3642 goto err;
3643 rt->source_type = le32_to_cpu(buf[0]);
3644 if (!value_isvalid(rt->source_type, p->p_types.nprim))
3645 goto err;
3646 rt->target_type = le32_to_cpu(buf[1]);
3647 if (!value_isvalid(rt->target_type, p->p_types.nprim))
3648 goto err;
3649 if (new_rangetr) {
3650 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3651 if (rc < 0)
3652 goto err;
3653 rt->target_class = le32_to_cpu(buf[0]);
3654 if (!value_isvalid(rt->target_class, p->p_classes.nprim))
3655 goto err;
3656 } else
3657 rt->target_class = p->process_class;
3658 r = calloc(1, sizeof(*r));
3659 if (!r)
3660 goto err;
3661 if (mls_read_range_helper(r, fp))
3662 goto err;
3663
3664 if (p->policy_type == POLICY_KERN) {
3665 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
3666 if (rc)
3667 goto err;
3668 rt = NULL;
3669 r = NULL;
3670 continue;
3671 }
3672
3673 /* Module policy: convert to range_trans_rule and discard. */
3674 rtr = malloc(sizeof(range_trans_rule_t));
3675 if (!rtr)
3676 goto err;
3677 range_trans_rule_init(rtr);
3678
3679 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3680 goto err;
3681
3682 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3683 goto err;
3684
3685 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3686 goto err;
3687
3688 if (mls_range_to_semantic(r, &rtr->trange))
3689 goto err;
3690
3691 if (lrtr)
3692 lrtr->next = rtr;
3693 else
3694 p->global->enabled->range_tr_rules = rtr;
3695
3696 free(rt);
3697 rt = NULL;
3698 free(r);
3699 r = NULL;
3700 lrtr = rtr;
3701 }
3702
3703 return 0;
3704 err:
3705 free(rt);
3706 if (r) {
3707 mls_range_destroy(r);
3708 free(r);
3709 }
3710 if (rtr) {
3711 range_trans_rule_destroy(rtr);
3712 free(rtr);
3713 }
3714 return -1;
3715 }
3716
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3717 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3718 struct policy_file *fp)
3719 {
3720 unsigned int i;
3721 avrule_t *cur, *tail;
3722 uint32_t buf[1], len;
3723 int rc;
3724
3725 *avrules = tail = NULL;
3726
3727 rc = next_entry(buf, fp, sizeof(uint32_t));
3728 if (rc < 0) {
3729 return -1;
3730 }
3731 len = le32_to_cpu(buf[0]);
3732
3733 for (i = 0; i < len; i++) {
3734 cur = avrule_read(p, fp);
3735 if (!cur) {
3736 return -1;
3737 }
3738
3739 if (!tail) {
3740 *avrules = cur;
3741 } else {
3742 tail->next = cur;
3743 }
3744 tail = cur;
3745 }
3746
3747 return 0;
3748 }
3749
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3750 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3751 struct policy_file *fp)
3752 {
3753 uint32_t buf[1], nel;
3754 unsigned int i;
3755 role_trans_rule_t *tr, *ltr;
3756 int rc;
3757
3758 rc = next_entry(buf, fp, sizeof(uint32_t));
3759 if (rc < 0)
3760 return -1;
3761 nel = le32_to_cpu(buf[0]);
3762 ltr = NULL;
3763 for (i = 0; i < nel; i++) {
3764 tr = malloc(sizeof(role_trans_rule_t));
3765 if (!tr) {
3766 return -1;
3767 }
3768 role_trans_rule_init(tr);
3769
3770 if (ltr) {
3771 ltr->next = tr;
3772 } else {
3773 *r = tr;
3774 }
3775
3776 if (role_set_read(&tr->roles, fp))
3777 return -1;
3778
3779 if (type_set_read(&tr->types, fp))
3780 return -1;
3781
3782 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3783 if (ebitmap_read(&tr->classes, fp))
3784 return -1;
3785 } else {
3786 if (!p->process_class)
3787 return -1;
3788 if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1))
3789 return -1;
3790 }
3791
3792 rc = next_entry(buf, fp, sizeof(uint32_t));
3793 if (rc < 0)
3794 return -1;
3795 tr->new_role = le32_to_cpu(buf[0]);
3796 ltr = tr;
3797 }
3798
3799 return 0;
3800 }
3801
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3802 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3803 {
3804 unsigned int i;
3805 uint32_t buf[1], nel;
3806 role_allow_rule_t *ra, *lra;
3807 int rc;
3808
3809 rc = next_entry(buf, fp, sizeof(uint32_t));
3810 if (rc < 0)
3811 return -1;
3812 nel = le32_to_cpu(buf[0]);
3813 lra = NULL;
3814 for (i = 0; i < nel; i++) {
3815 ra = malloc(sizeof(role_allow_rule_t));
3816 if (!ra) {
3817 return -1;
3818 }
3819 role_allow_rule_init(ra);
3820
3821 if (lra) {
3822 lra->next = ra;
3823 } else {
3824 *r = ra;
3825 }
3826
3827 if (role_set_read(&ra->roles, fp))
3828 return -1;
3829
3830 if (role_set_read(&ra->new_roles, fp))
3831 return -1;
3832
3833 lra = ra;
3834 }
3835 return 0;
3836 }
3837
filename_trans_rule_read(policydb_t * p,filename_trans_rule_t ** r,struct policy_file * fp)3838 static int filename_trans_rule_read(policydb_t *p, filename_trans_rule_t **r,
3839 struct policy_file *fp)
3840 {
3841 uint32_t buf[3], nel, i, len;
3842 unsigned int entries;
3843 filename_trans_rule_t *ftr, *lftr;
3844 int rc;
3845
3846 rc = next_entry(buf, fp, sizeof(uint32_t));
3847 if (rc < 0)
3848 return -1;
3849 nel = le32_to_cpu(buf[0]);
3850 lftr = NULL;
3851 for (i = 0; i < nel; i++) {
3852 ftr = malloc(sizeof(*ftr));
3853 if (!ftr)
3854 return -1;
3855
3856 filename_trans_rule_init(ftr);
3857
3858 if (lftr)
3859 lftr->next = ftr;
3860 else
3861 *r = ftr;
3862 lftr = ftr;
3863
3864 rc = next_entry(buf, fp, sizeof(uint32_t));
3865 if (rc < 0)
3866 return -1;
3867
3868 len = le32_to_cpu(buf[0]);
3869 if (zero_or_saturated(len))
3870 return -1;
3871
3872 ftr->name = malloc(len + 1);
3873 if (!ftr->name)
3874 return -1;
3875
3876 rc = next_entry(ftr->name, fp, len);
3877 if (rc)
3878 return -1;
3879 ftr->name[len] = 0;
3880
3881 if (type_set_read(&ftr->stypes, fp))
3882 return -1;
3883
3884 if (type_set_read(&ftr->ttypes, fp))
3885 return -1;
3886
3887 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
3888 entries = 3;
3889 else
3890 entries = 2;
3891
3892 rc = next_entry(buf, fp, sizeof(uint32_t) * entries);
3893 if (rc < 0)
3894 return -1;
3895 ftr->tclass = le32_to_cpu(buf[0]);
3896 ftr->otype = le32_to_cpu(buf[1]);
3897 if (p->policyvers >= MOD_POLICYDB_VERSION_SELF_TYPETRANS)
3898 ftr->flags = le32_to_cpu(buf[2]);
3899 }
3900
3901 return 0;
3902 }
3903
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3904 static int range_trans_rule_read(range_trans_rule_t ** r,
3905 struct policy_file *fp)
3906 {
3907 uint32_t buf[1], nel;
3908 unsigned int i;
3909 range_trans_rule_t *rt, *lrt = NULL;
3910 int rc;
3911
3912 rc = next_entry(buf, fp, sizeof(uint32_t));
3913 if (rc < 0)
3914 return -1;
3915 nel = le32_to_cpu(buf[0]);
3916 for (i = 0; i < nel; i++) {
3917 rt = malloc(sizeof(range_trans_rule_t));
3918 if (!rt) {
3919 return -1;
3920 }
3921 range_trans_rule_init(rt);
3922
3923 if (lrt)
3924 lrt->next = rt;
3925 else
3926 *r = rt;
3927
3928 if (type_set_read(&rt->stypes, fp))
3929 return -1;
3930
3931 if (type_set_read(&rt->ttypes, fp))
3932 return -1;
3933
3934 if (ebitmap_read(&rt->tclasses, fp))
3935 return -1;
3936
3937 if (mls_read_semantic_range_helper(&rt->trange, fp))
3938 return -1;
3939
3940 lrt = rt;
3941 }
3942
3943 return 0;
3944 }
3945
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3946 static int scope_index_read(scope_index_t * scope_index,
3947 unsigned int num_scope_syms, struct policy_file *fp)
3948 {
3949 unsigned int i;
3950 uint32_t buf[1];
3951 int rc;
3952
3953 for (i = 0; i < num_scope_syms; i++) {
3954 if (ebitmap_read(scope_index->scope + i, fp) < 0) {
3955 return -1;
3956 }
3957 }
3958 rc = next_entry(buf, fp, sizeof(uint32_t));
3959 if (rc < 0)
3960 return -1;
3961 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3962 if (is_saturated(scope_index->class_perms_len))
3963 return -1;
3964 if (scope_index->class_perms_len == 0) {
3965 scope_index->class_perms_map = NULL;
3966 return 0;
3967 }
3968 if ((scope_index->class_perms_map =
3969 calloc(scope_index->class_perms_len,
3970 sizeof(*scope_index->class_perms_map))) == NULL) {
3971 return -1;
3972 }
3973 for (i = 0; i < scope_index->class_perms_len; i++) {
3974 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
3975 return -1;
3976 }
3977 }
3978 return 0;
3979 }
3980
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3981 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3982 unsigned int num_scope_syms, struct policy_file *fp)
3983 {
3984 uint32_t buf[2], nprim, nel;
3985 unsigned int i, j;
3986 int rc;
3987
3988 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3989 if (rc < 0)
3990 return -1;
3991 decl->decl_id = le32_to_cpu(buf[0]);
3992 decl->enabled = le32_to_cpu(buf[1]);
3993 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3994 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3995 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3996 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3997 return -1;
3998 }
3999
4000 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
4001 filename_trans_rule_read(p, &decl->filename_trans_rules, fp))
4002 return -1;
4003
4004 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
4005 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
4006 return -1;
4007 }
4008 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
4009 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
4010 return -1;
4011 }
4012
4013 for (i = 0; i < num_scope_syms; i++) {
4014 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4015 if (rc < 0)
4016 return -1;
4017 nprim = le32_to_cpu(buf[0]);
4018 if (is_saturated(nprim))
4019 return -1;
4020 nel = le32_to_cpu(buf[1]);
4021 for (j = 0; j < nel; j++) {
4022 if (read_f[i] (p, decl->symtab[i].table, fp)) {
4023 return -1;
4024 }
4025 }
4026 decl->symtab[i].nprim = nprim;
4027 }
4028 return 0;
4029 }
4030
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)4031 static int avrule_block_read(policydb_t * p,
4032 avrule_block_t ** block,
4033 unsigned int num_scope_syms,
4034 struct policy_file *fp)
4035 {
4036 avrule_block_t *last_block = NULL, *curblock;
4037 uint32_t buf[1], num_blocks, nel;
4038 int rc;
4039
4040 assert(*block == NULL);
4041
4042 rc = next_entry(buf, fp, sizeof(uint32_t));
4043 if (rc < 0)
4044 return -1;
4045 num_blocks = le32_to_cpu(buf[0]);
4046 nel = num_blocks;
4047 while (num_blocks > 0) {
4048 avrule_decl_t *last_decl = NULL, *curdecl;
4049 uint32_t num_decls;
4050 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
4051 return -1;
4052 }
4053 rc = next_entry(buf, fp, sizeof(uint32_t));
4054 if (rc < 0) {
4055 free(curblock);
4056 return -1;
4057 }
4058 /* if this is the first block its non-optional, else its optional */
4059 if (num_blocks != nel)
4060 curblock->flags |= AVRULE_OPTIONAL;
4061
4062 num_decls = le32_to_cpu(buf[0]);
4063 while (num_decls > 0) {
4064 if ((curdecl = avrule_decl_create(0)) == NULL) {
4065 avrule_block_destroy(curblock);
4066 return -1;
4067 }
4068 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
4069 -1) {
4070 avrule_decl_destroy(curdecl);
4071 avrule_block_destroy(curblock);
4072 return -1;
4073 }
4074 if (curdecl->enabled) {
4075 if (curblock->enabled != NULL) {
4076 /* probably a corrupt file */
4077 avrule_decl_destroy(curdecl);
4078 avrule_block_destroy(curblock);
4079 return -1;
4080 }
4081 curblock->enabled = curdecl;
4082 }
4083 /* one must be careful to reconstruct the
4084 * decl chain in its correct order */
4085 if (curblock->branch_list == NULL) {
4086 curblock->branch_list = curdecl;
4087 } else {
4088 assert(last_decl);
4089 last_decl->next = curdecl;
4090 }
4091 last_decl = curdecl;
4092 num_decls--;
4093 }
4094
4095 if (*block == NULL) {
4096 *block = curblock;
4097 } else {
4098 assert(last_block);
4099 last_block->next = curblock;
4100 }
4101 last_block = curblock;
4102
4103 num_blocks--;
4104 }
4105
4106 return 0;
4107 }
4108
scope_read(policydb_t * p,int symnum,struct policy_file * fp)4109 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
4110 {
4111 scope_datum_t *scope = NULL;
4112 uint32_t buf[2];
4113 char *key = NULL;
4114 size_t key_len;
4115 unsigned int i;
4116 hashtab_t h = p->scope[symnum].table;
4117 int rc;
4118
4119 rc = next_entry(buf, fp, sizeof(uint32_t));
4120 if (rc < 0)
4121 goto cleanup;
4122 key_len = le32_to_cpu(buf[0]);
4123 if (zero_or_saturated(key_len))
4124 goto cleanup;
4125 key = malloc(key_len + 1);
4126 if (!key)
4127 goto cleanup;
4128 rc = next_entry(key, fp, key_len);
4129 if (rc < 0)
4130 goto cleanup;
4131 key[key_len] = '\0';
4132
4133 /* ensure that there already exists a symbol with this key */
4134 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
4135 goto cleanup;
4136 }
4137
4138 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
4139 goto cleanup;
4140 }
4141 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4142 if (rc < 0)
4143 goto cleanup;
4144 scope->scope = le32_to_cpu(buf[0]);
4145 scope->decl_ids_len = le32_to_cpu(buf[1]);
4146 if (zero_or_saturated(scope->decl_ids_len)) {
4147 ERR(fp->handle, "invalid scope with no declaration");
4148 goto cleanup;
4149 }
4150 if ((scope->decl_ids =
4151 calloc(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
4152 goto cleanup;
4153 }
4154 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
4155 if (rc < 0)
4156 goto cleanup;
4157 for (i = 0; i < scope->decl_ids_len; i++) {
4158 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
4159 }
4160
4161 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
4162 /* object_r was already added to this table in roles_init() */
4163 scope_destroy(key, scope, NULL);
4164 } else {
4165 if (hashtab_insert(h, key, scope)) {
4166 goto cleanup;
4167 }
4168 }
4169
4170 return 0;
4171
4172 cleanup:
4173 scope_destroy(key, scope, NULL);
4174 return -1;
4175 }
4176
policydb_string_to_security_class(struct policydb * policydb,const char * class_name)4177 static sepol_security_class_t policydb_string_to_security_class(
4178 struct policydb *policydb,
4179 const char *class_name)
4180 {
4181 class_datum_t *tclass_datum;
4182
4183 tclass_datum = hashtab_search(policydb->p_classes.table,
4184 class_name);
4185 if (!tclass_datum)
4186 return 0;
4187 return tclass_datum->s.value;
4188 }
4189
policydb_string_to_av_perm(struct policydb * policydb,sepol_security_class_t tclass,const char * perm_name)4190 static sepol_access_vector_t policydb_string_to_av_perm(
4191 struct policydb *policydb,
4192 sepol_security_class_t tclass,
4193 const char *perm_name)
4194 {
4195 class_datum_t *tclass_datum;
4196 perm_datum_t *perm_datum;
4197
4198 if (!tclass || tclass > policydb->p_classes.nprim)
4199 return 0;
4200 tclass_datum = policydb->class_val_to_struct[tclass - 1];
4201
4202 perm_datum = (perm_datum_t *)
4203 hashtab_search(tclass_datum->permissions.table,
4204 perm_name);
4205 if (perm_datum != NULL)
4206 return UINT32_C(1) << (perm_datum->s.value - 1);
4207
4208 if (tclass_datum->comdatum == NULL)
4209 return 0;
4210
4211 perm_datum = (perm_datum_t *)
4212 hashtab_search(tclass_datum->comdatum->permissions.table,
4213 perm_name);
4214
4215 if (perm_datum != NULL)
4216 return UINT32_C(1) << (perm_datum->s.value - 1);
4217
4218 return 0;
4219 }
4220
4221
4222 /*
4223 * Read the configuration data from a policy database binary
4224 * representation file into a policy database structure.
4225 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)4226 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
4227 {
4228
4229 unsigned int i, j, r_policyvers;
4230 uint32_t buf[5];
4231 size_t len, nprim, nel;
4232 char *policydb_str;
4233 const struct policydb_compat_info *info;
4234 unsigned int policy_type, bufindex;
4235 ebitmap_node_t *tnode;
4236 int rc;
4237
4238 /* Read the magic number and string length. */
4239 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4240 if (rc < 0)
4241 return POLICYDB_ERROR;
4242 for (i = 0; i < 2; i++)
4243 buf[i] = le32_to_cpu(buf[i]);
4244
4245 if (buf[0] == POLICYDB_MAGIC) {
4246 policy_type = POLICY_KERN;
4247 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
4248 policy_type = POLICY_MOD;
4249 } else {
4250 ERR(fp->handle, "policydb magic number %#08x does not "
4251 "match expected magic number %#08x or %#08x",
4252 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
4253 return POLICYDB_ERROR;
4254 }
4255
4256 len = buf[1];
4257 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
4258 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
4259 return POLICYDB_ERROR;
4260 }
4261
4262 policydb_str = malloc(len + 1);
4263 if (!policydb_str) {
4264 ERR(fp->handle, "unable to allocate memory for policydb "
4265 "string of length %zu", len);
4266 return POLICYDB_ERROR;
4267 }
4268 rc = next_entry(policydb_str, fp, len);
4269 if (rc < 0) {
4270 ERR(fp->handle, "truncated policydb string identifier");
4271 free(policydb_str);
4272 return POLICYDB_ERROR;
4273 }
4274 policydb_str[len] = 0;
4275
4276 if (policy_type == POLICY_KERN) {
4277 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
4278 if ((strcmp(policydb_str, policydb_target_strings[i])
4279 == 0)) {
4280 policydb_set_target_platform(p, i);
4281 break;
4282 }
4283 }
4284
4285 if (i == POLICYDB_TARGET_SZ) {
4286 ERR(fp->handle, "cannot find a valid target for policy "
4287 "string %s", policydb_str);
4288 free(policydb_str);
4289 return POLICYDB_ERROR;
4290 }
4291 } else {
4292 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
4293 ERR(fp->handle, "invalid string identifier %s",
4294 policydb_str);
4295 free(policydb_str);
4296 return POLICYDB_ERROR;
4297 }
4298 }
4299
4300 /* Done with policydb_str. */
4301 free(policydb_str);
4302 policydb_str = NULL;
4303
4304 /* Read the version, config, and table sizes (and policy type if it's a module). */
4305 if (policy_type == POLICY_KERN)
4306 nel = 4;
4307 else
4308 nel = 5;
4309
4310 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
4311 if (rc < 0)
4312 return POLICYDB_ERROR;
4313 for (i = 0; i < nel; i++)
4314 buf[i] = le32_to_cpu(buf[i]);
4315
4316 bufindex = 0;
4317
4318 if (policy_type == POLICY_MOD) {
4319 /* We know it's a module but not whether it's a base
4320 module or regular binary policy module. buf[0]
4321 tells us which. */
4322 policy_type = buf[bufindex];
4323 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
4324 ERR(fp->handle, "unknown module type: %#08x",
4325 policy_type);
4326 return POLICYDB_ERROR;
4327 }
4328 bufindex++;
4329 }
4330
4331 r_policyvers = buf[bufindex];
4332 if (policy_type == POLICY_KERN) {
4333 if (r_policyvers < POLICYDB_VERSION_MIN ||
4334 r_policyvers > POLICYDB_VERSION_MAX) {
4335 ERR(fp->handle, "policydb version %d does not match "
4336 "my version range %d-%d", buf[bufindex],
4337 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
4338 return POLICYDB_ERROR;
4339 }
4340 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
4341 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
4342 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
4343 ERR(fp->handle, "policydb module version %d does "
4344 "not match my version range %d-%d",
4345 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
4346 MOD_POLICYDB_VERSION_MAX);
4347 return POLICYDB_ERROR;
4348 }
4349 } else {
4350 assert(0);
4351 }
4352 bufindex++;
4353
4354 /* Set the policy type and version from the read values. */
4355 p->policy_type = policy_type;
4356 p->policyvers = r_policyvers;
4357
4358 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
4359 p->mls = 1;
4360 } else {
4361 p->mls = 0;
4362 }
4363
4364 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
4365
4366 bufindex++;
4367
4368 info = policydb_lookup_compat(r_policyvers, policy_type,
4369 p->target_platform);
4370 if (!info) {
4371 ERR(fp->handle, "unable to find policy compat info "
4372 "for version %d", r_policyvers);
4373 goto bad;
4374 }
4375
4376 if (buf[bufindex] != info->sym_num
4377 || buf[bufindex + 1] != info->ocon_num) {
4378 ERR(fp->handle,
4379 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
4380 buf[bufindex], buf[bufindex + 1], info->sym_num,
4381 info->ocon_num);
4382 goto bad;
4383 }
4384
4385 if (p->policy_type == POLICY_MOD) {
4386 /* Get the module name and version */
4387 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4388 goto bad;
4389 }
4390 len = le32_to_cpu(buf[0]);
4391 if (zero_or_saturated(len))
4392 goto bad;
4393 if ((p->name = malloc(len + 1)) == NULL) {
4394 goto bad;
4395 }
4396 if ((rc = next_entry(p->name, fp, len)) < 0) {
4397 goto bad;
4398 }
4399 p->name[len] = '\0';
4400 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4401 goto bad;
4402 }
4403 len = le32_to_cpu(buf[0]);
4404 if (zero_or_saturated(len))
4405 goto bad;
4406 if ((p->version = malloc(len + 1)) == NULL) {
4407 goto bad;
4408 }
4409 if ((rc = next_entry(p->version, fp, len)) < 0) {
4410 goto bad;
4411 }
4412 p->version[len] = '\0';
4413 }
4414
4415 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
4416 p->policy_type == POLICY_KERN) ||
4417 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4418 p->policy_type == POLICY_BASE) ||
4419 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4420 p->policy_type == POLICY_MOD)) {
4421 if (ebitmap_read(&p->policycaps, fp))
4422 goto bad;
4423 }
4424
4425 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
4426 p->policy_type == POLICY_KERN) {
4427 if (ebitmap_read(&p->permissive_map, fp))
4428 goto bad;
4429 }
4430
4431 for (i = 0; i < info->sym_num; i++) {
4432 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4433 if (rc < 0)
4434 goto bad;
4435 nprim = le32_to_cpu(buf[0]);
4436 if (is_saturated(nprim))
4437 goto bad;
4438 nel = le32_to_cpu(buf[1]);
4439 if (nel && !nprim) {
4440 ERR(fp->handle, "unexpected items in symbol table with no symbol");
4441 goto bad;
4442 }
4443 for (j = 0; j < nel; j++) {
4444 if (read_f[i] (p, p->symtab[i].table, fp))
4445 goto bad;
4446 }
4447
4448 p->symtab[i].nprim = nprim;
4449 }
4450
4451 switch (p->target_platform) {
4452 case SEPOL_TARGET_SELINUX:
4453 p->process_class = policydb_string_to_security_class(p, "process");
4454 p->dir_class = policydb_string_to_security_class(p, "dir");
4455 break;
4456 case SEPOL_TARGET_XEN:
4457 p->process_class = policydb_string_to_security_class(p, "domain");
4458 break;
4459 default:
4460 break;
4461 }
4462
4463 if (policy_type == POLICY_KERN) {
4464 if (avtab_read(&p->te_avtab, fp, r_policyvers))
4465 goto bad;
4466 if (r_policyvers >= POLICYDB_VERSION_BOOL)
4467 if (cond_read_list(p, &p->cond_list, fp))
4468 goto bad;
4469 if (role_trans_read(p, fp))
4470 goto bad;
4471 if (role_allow_read(&p->role_allow, fp))
4472 goto bad;
4473 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
4474 filename_trans_read(p, fp))
4475 goto bad;
4476 } else {
4477 /* first read the AV rule blocks, then the scope tables */
4478 avrule_block_destroy(p->global);
4479 p->global = NULL;
4480 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
4481 goto bad;
4482 }
4483 if (p->global == NULL) {
4484 ERR(fp->handle, "no avrule block in policy");
4485 goto bad;
4486 }
4487 for (i = 0; i < info->sym_num; i++) {
4488 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4489 goto bad;
4490 }
4491 nel = le32_to_cpu(buf[0]);
4492 for (j = 0; j < nel; j++) {
4493 if (scope_read(p, i, fp))
4494 goto bad;
4495 }
4496 }
4497
4498 }
4499
4500 if (policydb_index_decls(fp->handle, p))
4501 goto bad;
4502
4503 if (policydb_index_classes(p))
4504 goto bad;
4505
4506 switch (p->target_platform) {
4507 case SEPOL_TARGET_SELINUX:
4508 /* fall through */
4509 case SEPOL_TARGET_XEN:
4510 p->process_trans = policydb_string_to_av_perm(p, p->process_class,
4511 "transition");
4512 p->process_trans_dyntrans = p->process_trans |
4513 policydb_string_to_av_perm(p, p->process_class,
4514 "dyntransition");
4515 break;
4516 default:
4517 break;
4518 }
4519
4520 if (policydb_index_others(fp->handle, p, verbose))
4521 goto bad;
4522
4523 if (ocontext_read(info, p, fp) == -1) {
4524 goto bad;
4525 }
4526
4527 if (genfs_read(p, fp) == -1) {
4528 goto bad;
4529 }
4530
4531 if ((p->policy_type == POLICY_KERN
4532 && p->policyvers >= POLICYDB_VERSION_MLS)
4533 || (p->policy_type == POLICY_BASE
4534 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
4535 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
4536 if (range_read(p, fp)) {
4537 goto bad;
4538 }
4539 }
4540
4541 if (policy_type == POLICY_KERN) {
4542 p->type_attr_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
4543 p->attr_type_map = calloc(p->p_types.nprim, sizeof(ebitmap_t));
4544 if (!p->type_attr_map || !p->attr_type_map)
4545 goto bad;
4546 for (i = 0; i < p->p_types.nprim; i++) {
4547 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
4548 if (ebitmap_read(&p->type_attr_map[i], fp))
4549 goto bad;
4550 ebitmap_for_each_positive_bit(&p->type_attr_map[i],
4551 tnode, j) {
4552 if (i == j)
4553 continue;
4554
4555 if (j >= p->p_types.nprim)
4556 goto bad;
4557
4558 if (ebitmap_set_bit
4559 (&p->attr_type_map[j], i, 1))
4560 goto bad;
4561 }
4562 }
4563 /* add the type itself as the degenerate case */
4564 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
4565 goto bad;
4566 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
4567 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
4568 goto bad;
4569 }
4570 }
4571 }
4572
4573 if (validate_policydb(fp->handle, p))
4574 goto bad;
4575
4576 return POLICYDB_SUCCESS;
4577 bad:
4578 return POLICYDB_ERROR;
4579 }
4580
policydb_reindex_users(policydb_t * p)4581 int policydb_reindex_users(policydb_t * p)
4582 {
4583 unsigned int i = SYM_USERS;
4584
4585 if (p->user_val_to_struct)
4586 free(p->user_val_to_struct);
4587 if (p->sym_val_to_name[i])
4588 free(p->sym_val_to_name[i]);
4589
4590 p->user_val_to_struct = (user_datum_t **)
4591 calloc(p->p_users.nprim, sizeof(user_datum_t *));
4592 if (!p->user_val_to_struct)
4593 return -1;
4594
4595 p->sym_val_to_name[i] = (char **)
4596 calloc(p->symtab[i].nprim, sizeof(char *));
4597 if (!p->sym_val_to_name[i])
4598 return -1;
4599
4600 if (hashtab_map(p->symtab[i].table, index_f[i], p))
4601 return -1;
4602
4603 /* Expand user roles for context validity checking */
4604 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
4605 return -1;
4606
4607 return 0;
4608 }
4609
policy_file_init(policy_file_t * pf)4610 void policy_file_init(policy_file_t *pf)
4611 {
4612 memset(pf, 0, sizeof(policy_file_t));
4613 }
4614
policydb_set_target_platform(policydb_t * p,int platform)4615 int policydb_set_target_platform(policydb_t *p, int platform)
4616 {
4617 if (platform == SEPOL_TARGET_SELINUX)
4618 p->target_platform = SEPOL_TARGET_SELINUX;
4619 else if (platform == SEPOL_TARGET_XEN)
4620 p->target_platform = SEPOL_TARGET_XEN;
4621 else
4622 return -1;
4623
4624 return 0;
4625 }
4626
policydb_sort_ocontexts(policydb_t * p)4627 int policydb_sort_ocontexts(policydb_t *p)
4628 {
4629 return sort_ocontexts(p);
4630 }
4631