1
2 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 * Copyright (C) 2017 Mellanox Technologies Inc.
22 *
23 * This library is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU Lesser General Public
25 * License as published by the Free Software Foundation; either
26 * version 2.1 of the License, or (at your option) any later version.
27 *
28 * This library is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
31 * Lesser General Public License for more details.
32 *
33 * You should have received a copy of the GNU Lesser General Public
34 * License along with this library; if not, write to the Free Software
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
36 */
37
38 /* FLASK */
39
40 /*
41 * Implementation of the policy database.
42 */
43
44 #include <assert.h>
45 #include <stdlib.h>
46
47 #include <sepol/policydb/policydb.h>
48 #include <sepol/policydb/expand.h>
49 #include <sepol/policydb/conditional.h>
50 #include <sepol/policydb/avrule_block.h>
51 #include <sepol/policydb/util.h>
52 #include <sepol/policydb/flask.h>
53
54 #include "kernel_to_common.h"
55 #include "private.h"
56 #include "debug.h"
57 #include "mls.h"
58
59 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
60 const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
61
62 /* These need to be updated if SYM_NUM or OCON_NUM changes */
63 static struct policydb_compat_info policydb_compat[] = {
64 {
65 .type = POLICY_KERN,
66 .version = POLICYDB_VERSION_BOUNDARY,
67 .sym_num = SYM_NUM,
68 .ocon_num = OCON_XEN_PCIDEVICE + 1,
69 .target_platform = SEPOL_TARGET_XEN,
70 },
71 {
72 .type = POLICY_KERN,
73 .version = POLICYDB_VERSION_XEN_DEVICETREE,
74 .sym_num = SYM_NUM,
75 .ocon_num = OCON_XEN_DEVICETREE + 1,
76 .target_platform = SEPOL_TARGET_XEN,
77 },
78 {
79 .type = POLICY_KERN,
80 .version = POLICYDB_VERSION_BASE,
81 .sym_num = SYM_NUM - 3,
82 .ocon_num = OCON_FSUSE + 1,
83 .target_platform = SEPOL_TARGET_SELINUX,
84 },
85 {
86 .type = POLICY_KERN,
87 .version = POLICYDB_VERSION_BOOL,
88 .sym_num = SYM_NUM - 2,
89 .ocon_num = OCON_FSUSE + 1,
90 .target_platform = SEPOL_TARGET_SELINUX,
91 },
92 {
93 .type = POLICY_KERN,
94 .version = POLICYDB_VERSION_IPV6,
95 .sym_num = SYM_NUM - 2,
96 .ocon_num = OCON_NODE6 + 1,
97 .target_platform = SEPOL_TARGET_SELINUX,
98 },
99 {
100 .type = POLICY_KERN,
101 .version = POLICYDB_VERSION_NLCLASS,
102 .sym_num = SYM_NUM - 2,
103 .ocon_num = OCON_NODE6 + 1,
104 .target_platform = SEPOL_TARGET_SELINUX,
105 },
106 {
107 .type = POLICY_KERN,
108 .version = POLICYDB_VERSION_MLS,
109 .sym_num = SYM_NUM,
110 .ocon_num = OCON_NODE6 + 1,
111 .target_platform = SEPOL_TARGET_SELINUX,
112 },
113 {
114 .type = POLICY_KERN,
115 .version = POLICYDB_VERSION_AVTAB,
116 .sym_num = SYM_NUM,
117 .ocon_num = OCON_NODE6 + 1,
118 .target_platform = SEPOL_TARGET_SELINUX,
119 },
120 {
121 .type = POLICY_KERN,
122 .version = POLICYDB_VERSION_RANGETRANS,
123 .sym_num = SYM_NUM,
124 .ocon_num = OCON_NODE6 + 1,
125 .target_platform = SEPOL_TARGET_SELINUX,
126 },
127 {
128 .type = POLICY_KERN,
129 .version = POLICYDB_VERSION_POLCAP,
130 .sym_num = SYM_NUM,
131 .ocon_num = OCON_NODE6 + 1,
132 .target_platform = SEPOL_TARGET_SELINUX,
133 },
134 {
135 .type = POLICY_KERN,
136 .version = POLICYDB_VERSION_PERMISSIVE,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NODE6 + 1,
139 .target_platform = SEPOL_TARGET_SELINUX,
140 },
141 {
142 .type = POLICY_KERN,
143 .version = POLICYDB_VERSION_BOUNDARY,
144 .sym_num = SYM_NUM,
145 .ocon_num = OCON_NODE6 + 1,
146 .target_platform = SEPOL_TARGET_SELINUX,
147 },
148 {
149 .type = POLICY_KERN,
150 .version = POLICYDB_VERSION_FILENAME_TRANS,
151 .sym_num = SYM_NUM,
152 .ocon_num = OCON_NODE6 + 1,
153 .target_platform = SEPOL_TARGET_SELINUX,
154 },
155 {
156 .type = POLICY_KERN,
157 .version = POLICYDB_VERSION_ROLETRANS,
158 .sym_num = SYM_NUM,
159 .ocon_num = OCON_NODE6 + 1,
160 .target_platform = SEPOL_TARGET_SELINUX,
161 },
162 {
163 .type = POLICY_KERN,
164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
165 .sym_num = SYM_NUM,
166 .ocon_num = OCON_NODE6 + 1,
167 .target_platform = SEPOL_TARGET_SELINUX,
168 },
169 {
170 .type = POLICY_KERN,
171 .version = POLICYDB_VERSION_DEFAULT_TYPE,
172 .sym_num = SYM_NUM,
173 .ocon_num = OCON_NODE6 + 1,
174 .target_platform = SEPOL_TARGET_SELINUX,
175 },
176 {
177 .type = POLICY_KERN,
178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
179 .sym_num = SYM_NUM,
180 .ocon_num = OCON_NODE6 + 1,
181 .target_platform = SEPOL_TARGET_SELINUX,
182 },
183 {
184 .type = POLICY_KERN,
185 .version = POLICYDB_VERSION_XPERMS_IOCTL,
186 .sym_num = SYM_NUM,
187 .ocon_num = OCON_NODE6 + 1,
188 .target_platform = SEPOL_TARGET_SELINUX,
189 },
190 {
191 .type = POLICY_KERN,
192 .version = POLICYDB_VERSION_INFINIBAND,
193 .sym_num = SYM_NUM,
194 .ocon_num = OCON_IBENDPORT + 1,
195 .target_platform = SEPOL_TARGET_SELINUX,
196 },
197 {
198 .type = POLICY_BASE,
199 .version = MOD_POLICYDB_VERSION_BASE,
200 .sym_num = SYM_NUM,
201 .ocon_num = OCON_NODE6 + 1,
202 .target_platform = SEPOL_TARGET_SELINUX,
203 },
204 {
205 .type = POLICY_BASE,
206 .version = MOD_POLICYDB_VERSION_MLS,
207 .sym_num = SYM_NUM,
208 .ocon_num = OCON_NODE6 + 1,
209 .target_platform = SEPOL_TARGET_SELINUX,
210 },
211 {
212 .type = POLICY_BASE,
213 .version = MOD_POLICYDB_VERSION_MLS_USERS,
214 .sym_num = SYM_NUM,
215 .ocon_num = OCON_NODE6 + 1,
216 .target_platform = SEPOL_TARGET_SELINUX,
217 },
218 {
219 .type = POLICY_BASE,
220 .version = MOD_POLICYDB_VERSION_POLCAP,
221 .sym_num = SYM_NUM,
222 .ocon_num = OCON_NODE6 + 1,
223 .target_platform = SEPOL_TARGET_SELINUX,
224 },
225 {
226 .type = POLICY_BASE,
227 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
228 .sym_num = SYM_NUM,
229 .ocon_num = OCON_NODE6 + 1,
230 .target_platform = SEPOL_TARGET_SELINUX,
231 },
232 {
233 .type = POLICY_BASE,
234 .version = MOD_POLICYDB_VERSION_BOUNDARY,
235 .sym_num = SYM_NUM,
236 .ocon_num = OCON_NODE6 + 1,
237 .target_platform = SEPOL_TARGET_SELINUX,
238 },
239 {
240 .type = POLICY_BASE,
241 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
242 .sym_num = SYM_NUM,
243 .ocon_num = OCON_NODE6 + 1,
244 .target_platform = SEPOL_TARGET_SELINUX,
245 },
246 {
247 .type = POLICY_BASE,
248 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
249 .sym_num = SYM_NUM,
250 .ocon_num = OCON_NODE6 + 1,
251 .target_platform = SEPOL_TARGET_SELINUX,
252 },
253 {
254 .type = POLICY_BASE,
255 .version = MOD_POLICYDB_VERSION_ROLETRANS,
256 .sym_num = SYM_NUM,
257 .ocon_num = OCON_NODE6 + 1,
258 .target_platform = SEPOL_TARGET_SELINUX,
259 },
260 {
261 .type = POLICY_BASE,
262 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
263 .sym_num = SYM_NUM,
264 .ocon_num = OCON_NODE6 + 1,
265 .target_platform = SEPOL_TARGET_SELINUX,
266 },
267 {
268 .type = POLICY_BASE,
269 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
270 .sym_num = SYM_NUM,
271 .ocon_num = OCON_NODE6 + 1,
272 .target_platform = SEPOL_TARGET_SELINUX,
273 },
274 {
275 .type = POLICY_BASE,
276 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
277 .sym_num = SYM_NUM,
278 .ocon_num = OCON_NODE6 + 1,
279 .target_platform = SEPOL_TARGET_SELINUX,
280 },
281 {
282 .type = POLICY_BASE,
283 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
284 .sym_num = SYM_NUM,
285 .ocon_num = OCON_NODE6 + 1,
286 .target_platform = SEPOL_TARGET_SELINUX,
287 },
288 {
289 .type = POLICY_BASE,
290 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
291 .sym_num = SYM_NUM,
292 .ocon_num = OCON_NODE6 + 1,
293 .target_platform = SEPOL_TARGET_SELINUX,
294 },
295 {
296 .type = POLICY_BASE,
297 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
298 .sym_num = SYM_NUM,
299 .ocon_num = OCON_NODE6 + 1,
300 .target_platform = SEPOL_TARGET_SELINUX,
301 },
302 {
303 .type = POLICY_BASE,
304 .version = MOD_POLICYDB_VERSION_INFINIBAND,
305 .sym_num = SYM_NUM,
306 .ocon_num = OCON_IBENDPORT + 1,
307 .target_platform = SEPOL_TARGET_SELINUX,
308 },
309 {
310 .type = POLICY_MOD,
311 .version = MOD_POLICYDB_VERSION_BASE,
312 .sym_num = SYM_NUM,
313 .ocon_num = 0,
314 .target_platform = SEPOL_TARGET_SELINUX,
315 },
316 {
317 .type = POLICY_MOD,
318 .version = MOD_POLICYDB_VERSION_MLS,
319 .sym_num = SYM_NUM,
320 .ocon_num = 0,
321 .target_platform = SEPOL_TARGET_SELINUX,
322 },
323 {
324 .type = POLICY_MOD,
325 .version = MOD_POLICYDB_VERSION_MLS_USERS,
326 .sym_num = SYM_NUM,
327 .ocon_num = 0,
328 .target_platform = SEPOL_TARGET_SELINUX,
329 },
330 {
331 .type = POLICY_MOD,
332 .version = MOD_POLICYDB_VERSION_POLCAP,
333 .sym_num = SYM_NUM,
334 .ocon_num = 0,
335 .target_platform = SEPOL_TARGET_SELINUX,
336 },
337 {
338 .type = POLICY_MOD,
339 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
340 .sym_num = SYM_NUM,
341 .ocon_num = 0,
342 .target_platform = SEPOL_TARGET_SELINUX,
343 },
344 {
345 .type = POLICY_MOD,
346 .version = MOD_POLICYDB_VERSION_BOUNDARY,
347 .sym_num = SYM_NUM,
348 .ocon_num = 0,
349 .target_platform = SEPOL_TARGET_SELINUX,
350 },
351 {
352 .type = POLICY_MOD,
353 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
354 .sym_num = SYM_NUM,
355 .ocon_num = 0,
356 .target_platform = SEPOL_TARGET_SELINUX,
357 },
358 {
359 .type = POLICY_MOD,
360 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
361 .sym_num = SYM_NUM,
362 .ocon_num = 0,
363 .target_platform = SEPOL_TARGET_SELINUX,
364 },
365 {
366 .type = POLICY_MOD,
367 .version = MOD_POLICYDB_VERSION_ROLETRANS,
368 .sym_num = SYM_NUM,
369 .ocon_num = 0,
370 .target_platform = SEPOL_TARGET_SELINUX,
371 },
372 {
373 .type = POLICY_MOD,
374 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
375 .sym_num = SYM_NUM,
376 .ocon_num = 0,
377 .target_platform = SEPOL_TARGET_SELINUX,
378 },
379 {
380 .type = POLICY_MOD,
381 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
382 .sym_num = SYM_NUM,
383 .ocon_num = 0,
384 .target_platform = SEPOL_TARGET_SELINUX,
385 },
386 {
387 .type = POLICY_MOD,
388 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
389 .sym_num = SYM_NUM,
390 .ocon_num = 0,
391 .target_platform = SEPOL_TARGET_SELINUX,
392 },
393 {
394 .type = POLICY_MOD,
395 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
396 .sym_num = SYM_NUM,
397 .ocon_num = 0,
398 .target_platform = SEPOL_TARGET_SELINUX,
399 },
400 {
401 .type = POLICY_MOD,
402 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
403 .sym_num = SYM_NUM,
404 .ocon_num = 0,
405 .target_platform = SEPOL_TARGET_SELINUX,
406 },
407 {
408 .type = POLICY_MOD,
409 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
410 .sym_num = SYM_NUM,
411 .ocon_num = 0,
412 .target_platform = SEPOL_TARGET_SELINUX,
413 },
414 {
415 .type = POLICY_MOD,
416 .version = MOD_POLICYDB_VERSION_INFINIBAND,
417 .sym_num = SYM_NUM,
418 .ocon_num = 0,
419 .target_platform = SEPOL_TARGET_SELINUX,
420 },
421 };
422
423 #if 0
424 static char *symtab_name[SYM_NUM] = {
425 "common prefixes",
426 "classes",
427 "roles",
428 "types",
429 "users",
430 "bools" mls_symtab_names cond_symtab_names
431 };
432 #endif
433
434 static unsigned int symtab_sizes[SYM_NUM] = {
435 2,
436 32,
437 16,
438 512,
439 128,
440 16,
441 16,
442 16,
443 };
444
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)445 struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
446 unsigned int type,
447 unsigned int target_platform)
448 {
449 unsigned int i;
450 struct policydb_compat_info *info = NULL;
451
452 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
453 if (policydb_compat[i].version == version &&
454 policydb_compat[i].type == type &&
455 policydb_compat[i].target_platform == target_platform) {
456 info = &policydb_compat[i];
457 break;
458 }
459 }
460 return info;
461 }
462
type_set_init(type_set_t * x)463 void type_set_init(type_set_t * x)
464 {
465 memset(x, 0, sizeof(type_set_t));
466 ebitmap_init(&x->types);
467 ebitmap_init(&x->negset);
468 }
469
type_set_destroy(type_set_t * x)470 void type_set_destroy(type_set_t * x)
471 {
472 if (x != NULL) {
473 ebitmap_destroy(&x->types);
474 ebitmap_destroy(&x->negset);
475 }
476 }
477
role_set_init(role_set_t * x)478 void role_set_init(role_set_t * x)
479 {
480 memset(x, 0, sizeof(role_set_t));
481 ebitmap_init(&x->roles);
482 }
483
role_set_destroy(role_set_t * x)484 void role_set_destroy(role_set_t * x)
485 {
486 ebitmap_destroy(&x->roles);
487 }
488
role_datum_init(role_datum_t * x)489 void role_datum_init(role_datum_t * x)
490 {
491 memset(x, 0, sizeof(role_datum_t));
492 ebitmap_init(&x->dominates);
493 type_set_init(&x->types);
494 ebitmap_init(&x->cache);
495 ebitmap_init(&x->roles);
496 }
497
role_datum_destroy(role_datum_t * x)498 void role_datum_destroy(role_datum_t * x)
499 {
500 if (x != NULL) {
501 ebitmap_destroy(&x->dominates);
502 type_set_destroy(&x->types);
503 ebitmap_destroy(&x->cache);
504 ebitmap_destroy(&x->roles);
505 }
506 }
507
type_datum_init(type_datum_t * x)508 void type_datum_init(type_datum_t * x)
509 {
510 memset(x, 0, sizeof(*x));
511 ebitmap_init(&x->types);
512 }
513
type_datum_destroy(type_datum_t * x)514 void type_datum_destroy(type_datum_t * x)
515 {
516 if (x != NULL) {
517 ebitmap_destroy(&x->types);
518 }
519 }
520
user_datum_init(user_datum_t * x)521 void user_datum_init(user_datum_t * x)
522 {
523 memset(x, 0, sizeof(user_datum_t));
524 role_set_init(&x->roles);
525 mls_semantic_range_init(&x->range);
526 mls_semantic_level_init(&x->dfltlevel);
527 ebitmap_init(&x->cache);
528 mls_range_init(&x->exp_range);
529 mls_level_init(&x->exp_dfltlevel);
530 }
531
user_datum_destroy(user_datum_t * x)532 void user_datum_destroy(user_datum_t * x)
533 {
534 if (x != NULL) {
535 role_set_destroy(&x->roles);
536 mls_semantic_range_destroy(&x->range);
537 mls_semantic_level_destroy(&x->dfltlevel);
538 ebitmap_destroy(&x->cache);
539 mls_range_destroy(&x->exp_range);
540 mls_level_destroy(&x->exp_dfltlevel);
541 }
542 }
543
level_datum_init(level_datum_t * x)544 void level_datum_init(level_datum_t * x)
545 {
546 memset(x, 0, sizeof(level_datum_t));
547 }
548
level_datum_destroy(level_datum_t * x)549 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
550 {
551 /* the mls_level_t referenced by the level_datum is managed
552 * separately for now, so there is nothing to destroy */
553 return;
554 }
555
cat_datum_init(cat_datum_t * x)556 void cat_datum_init(cat_datum_t * x)
557 {
558 memset(x, 0, sizeof(cat_datum_t));
559 }
560
cat_datum_destroy(cat_datum_t * x)561 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
562 {
563 /* it's currently a simple struct - really nothing to destroy */
564 return;
565 }
566
class_perm_node_init(class_perm_node_t * x)567 void class_perm_node_init(class_perm_node_t * x)
568 {
569 memset(x, 0, sizeof(class_perm_node_t));
570 }
571
avrule_init(avrule_t * x)572 void avrule_init(avrule_t * x)
573 {
574 memset(x, 0, sizeof(avrule_t));
575 type_set_init(&x->stypes);
576 type_set_init(&x->ttypes);
577 }
578
avrule_destroy(avrule_t * x)579 void avrule_destroy(avrule_t * x)
580 {
581 class_perm_node_t *cur, *next;
582
583 if (x == NULL) {
584 return;
585 }
586 type_set_destroy(&x->stypes);
587 type_set_destroy(&x->ttypes);
588
589 free(x->source_filename);
590
591 next = x->perms;
592 while (next) {
593 cur = next;
594 next = cur->next;
595 free(cur);
596 }
597
598 free(x->xperms);
599 }
600
role_trans_rule_init(role_trans_rule_t * x)601 void role_trans_rule_init(role_trans_rule_t * x)
602 {
603 memset(x, 0, sizeof(*x));
604 role_set_init(&x->roles);
605 type_set_init(&x->types);
606 ebitmap_init(&x->classes);
607 }
608
role_trans_rule_destroy(role_trans_rule_t * x)609 void role_trans_rule_destroy(role_trans_rule_t * x)
610 {
611 if (x != NULL) {
612 role_set_destroy(&x->roles);
613 type_set_destroy(&x->types);
614 ebitmap_destroy(&x->classes);
615 }
616 }
617
role_trans_rule_list_destroy(role_trans_rule_t * x)618 void role_trans_rule_list_destroy(role_trans_rule_t * x)
619 {
620 while (x != NULL) {
621 role_trans_rule_t *next = x->next;
622 role_trans_rule_destroy(x);
623 free(x);
624 x = next;
625 }
626 }
627
filename_trans_rule_init(filename_trans_rule_t * x)628 void filename_trans_rule_init(filename_trans_rule_t * x)
629 {
630 memset(x, 0, sizeof(*x));
631 type_set_init(&x->stypes);
632 type_set_init(&x->ttypes);
633 }
634
filename_trans_rule_destroy(filename_trans_rule_t * x)635 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
636 {
637 if (!x)
638 return;
639 type_set_destroy(&x->stypes);
640 type_set_destroy(&x->ttypes);
641 free(x->name);
642 }
643
filename_trans_rule_list_destroy(filename_trans_rule_t * x)644 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
645 {
646 filename_trans_rule_t *next;
647 while (x) {
648 next = x->next;
649 filename_trans_rule_destroy(x);
650 free(x);
651 x = next;
652 }
653 }
654
role_allow_rule_init(role_allow_rule_t * x)655 void role_allow_rule_init(role_allow_rule_t * x)
656 {
657 memset(x, 0, sizeof(role_allow_rule_t));
658 role_set_init(&x->roles);
659 role_set_init(&x->new_roles);
660 }
661
role_allow_rule_destroy(role_allow_rule_t * x)662 void role_allow_rule_destroy(role_allow_rule_t * x)
663 {
664 role_set_destroy(&x->roles);
665 role_set_destroy(&x->new_roles);
666 }
667
role_allow_rule_list_destroy(role_allow_rule_t * x)668 void role_allow_rule_list_destroy(role_allow_rule_t * x)
669 {
670 while (x != NULL) {
671 role_allow_rule_t *next = x->next;
672 role_allow_rule_destroy(x);
673 free(x);
674 x = next;
675 }
676 }
677
range_trans_rule_init(range_trans_rule_t * x)678 void range_trans_rule_init(range_trans_rule_t * x)
679 {
680 type_set_init(&x->stypes);
681 type_set_init(&x->ttypes);
682 ebitmap_init(&x->tclasses);
683 mls_semantic_range_init(&x->trange);
684 x->next = NULL;
685 }
686
range_trans_rule_destroy(range_trans_rule_t * x)687 void range_trans_rule_destroy(range_trans_rule_t * x)
688 {
689 type_set_destroy(&x->stypes);
690 type_set_destroy(&x->ttypes);
691 ebitmap_destroy(&x->tclasses);
692 mls_semantic_range_destroy(&x->trange);
693 }
694
range_trans_rule_list_destroy(range_trans_rule_t * x)695 void range_trans_rule_list_destroy(range_trans_rule_t * x)
696 {
697 while (x != NULL) {
698 range_trans_rule_t *next = x->next;
699 range_trans_rule_destroy(x);
700 free(x);
701 x = next;
702 }
703 }
704
avrule_list_destroy(avrule_t * x)705 void avrule_list_destroy(avrule_t * x)
706 {
707 avrule_t *next, *cur;
708
709 if (!x)
710 return;
711
712 next = x;
713 while (next) {
714 cur = next;
715 next = next->next;
716 avrule_destroy(cur);
717 free(cur);
718 }
719 }
720
721 /*
722 * Initialize the role table by implicitly adding role 'object_r'. If
723 * the policy is a module, set object_r's scope to be SCOPE_REQ,
724 * otherwise set it to SCOPE_DECL.
725 */
roles_init(policydb_t * p)726 static int roles_init(policydb_t * p)
727 {
728 char *key = 0;
729 int rc;
730 role_datum_t *role;
731
732 role = calloc(1, sizeof(role_datum_t));
733 if (!role) {
734 rc = -ENOMEM;
735 goto out;
736 }
737 key = malloc(strlen(OBJECT_R) + 1);
738 if (!key) {
739 rc = -ENOMEM;
740 goto out_free_role;
741 }
742 strcpy(key, OBJECT_R);
743 rc = symtab_insert(p, SYM_ROLES, key, role,
744 (p->policy_type ==
745 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
746 &role->s.value);
747 if (rc)
748 goto out_free_key;
749 if (role->s.value != OBJECT_R_VAL) {
750 rc = -EINVAL;
751 goto out_free_role;
752 }
753 out:
754 return rc;
755
756 out_free_key:
757 free(key);
758 out_free_role:
759 free(role);
760 goto out;
761 }
762
763 static inline unsigned long
partial_name_hash(unsigned long c,unsigned long prevhash)764 partial_name_hash(unsigned long c, unsigned long prevhash)
765 {
766 return (prevhash + (c << 4) + (c >> 4)) * 11;
767 }
768
filenametr_hash(hashtab_t h,const_hashtab_key_t k)769 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
770 {
771 const struct filename_trans *ft = (const struct filename_trans *)k;
772 unsigned long hash;
773 unsigned int byte_num;
774 unsigned char focus;
775
776 hash = ft->stype ^ ft->ttype ^ ft->tclass;
777
778 byte_num = 0;
779 while ((focus = ft->name[byte_num++]))
780 hash = partial_name_hash(focus, hash);
781 return hash & (h->size - 1);
782 }
783
filenametr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)784 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
785 const_hashtab_key_t k1, const_hashtab_key_t k2)
786 {
787 const struct filename_trans *ft1 = (const struct filename_trans *)k1;
788 const struct filename_trans *ft2 = (const struct filename_trans *)k2;
789 int v;
790
791 v = ft1->stype - ft2->stype;
792 if (v)
793 return v;
794
795 v = ft1->ttype - ft2->ttype;
796 if (v)
797 return v;
798
799 v = ft1->tclass - ft2->tclass;
800 if (v)
801 return v;
802
803 return strcmp(ft1->name, ft2->name);
804
805 }
806
rangetr_hash(hashtab_t h,const_hashtab_key_t k)807 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
808 {
809 const struct range_trans *key = (const struct range_trans *)k;
810 return (key->source_type + (key->target_type << 3) +
811 (key->target_class << 5)) & (h->size - 1);
812 }
813
rangetr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)814 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
815 const_hashtab_key_t k1, const_hashtab_key_t k2)
816 {
817 const struct range_trans *key1 = (const struct range_trans *)k1;
818 const struct range_trans *key2 = (const struct range_trans *)k2;
819 int v;
820
821 v = key1->source_type - key2->source_type;
822 if (v)
823 return v;
824
825 v = key1->target_type - key2->target_type;
826 if (v)
827 return v;
828
829 v = key1->target_class - key2->target_class;
830
831 return v;
832 }
833
834 /*
835 * Initialize a policy database structure.
836 */
policydb_init(policydb_t * p)837 int policydb_init(policydb_t * p)
838 {
839 int i, rc;
840
841 memset(p, 0, sizeof(policydb_t));
842
843 for (i = 0; i < SYM_NUM; i++) {
844 p->sym_val_to_name[i] = NULL;
845 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
846 if (rc)
847 goto err;
848 }
849
850 /* initialize the module stuff */
851 for (i = 0; i < SYM_NUM; i++) {
852 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
853 goto err;
854 }
855 }
856 if ((p->global = avrule_block_create()) == NULL ||
857 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
858 goto err;
859 }
860 p->decl_val_to_struct = NULL;
861
862 rc = avtab_init(&p->te_avtab);
863 if (rc)
864 goto err;
865
866 rc = roles_init(p);
867 if (rc)
868 goto err;
869
870 rc = cond_policydb_init(p);
871 if (rc)
872 goto err;
873
874 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
875 if (!p->filename_trans) {
876 rc = -ENOMEM;
877 goto err;
878 }
879
880 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
881 if (!p->range_tr) {
882 rc = -ENOMEM;
883 goto err;
884 }
885
886 ebitmap_init(&p->policycaps);
887 ebitmap_init(&p->permissive_map);
888
889 return 0;
890 err:
891 hashtab_destroy(p->filename_trans);
892 hashtab_destroy(p->range_tr);
893 for (i = 0; i < SYM_NUM; i++) {
894 hashtab_destroy(p->symtab[i].table);
895 hashtab_destroy(p->scope[i].table);
896 }
897 avrule_block_list_destroy(p->global);
898 return rc;
899 }
900
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)901 int policydb_role_cache(hashtab_key_t key
902 __attribute__ ((unused)), hashtab_datum_t datum,
903 void *arg)
904 {
905 policydb_t *p;
906 role_datum_t *role;
907
908 role = (role_datum_t *) datum;
909 p = (policydb_t *) arg;
910
911 ebitmap_destroy(&role->cache);
912 if (type_set_expand(&role->types, &role->cache, p, 1)) {
913 return -1;
914 }
915
916 return 0;
917 }
918
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)919 int policydb_user_cache(hashtab_key_t key
920 __attribute__ ((unused)), hashtab_datum_t datum,
921 void *arg)
922 {
923 policydb_t *p;
924 user_datum_t *user;
925
926 user = (user_datum_t *) datum;
927 p = (policydb_t *) arg;
928
929 ebitmap_destroy(&user->cache);
930 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
931 return -1;
932 }
933
934 /* we do not expand user's MLS info in kernel policies because the
935 * semantic representation is not present and we do not expand user's
936 * MLS info in module policies because all of the necessary mls
937 * information is not present */
938 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
939 mls_range_destroy(&user->exp_range);
940 if (mls_semantic_range_expand(&user->range,
941 &user->exp_range, p, NULL)) {
942 return -1;
943 }
944
945 mls_level_destroy(&user->exp_dfltlevel);
946 if (mls_semantic_level_expand(&user->dfltlevel,
947 &user->exp_dfltlevel, p, NULL)) {
948 return -1;
949 }
950 }
951
952 return 0;
953 }
954
955 /*
956 * The following *_index functions are used to
957 * define the val_to_name and val_to_struct arrays
958 * in a policy database structure. The val_to_name
959 * arrays are used when converting security context
960 * structures into string representations. The
961 * val_to_struct arrays are used when the attributes
962 * of a class, role, or user are needed.
963 */
964
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)965 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
966 {
967 policydb_t *p;
968 common_datum_t *comdatum;
969
970 comdatum = (common_datum_t *) datum;
971 p = (policydb_t *) datap;
972 if (!comdatum->s.value || comdatum->s.value > p->p_commons.nprim)
973 return -EINVAL;
974 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
975 return -EINVAL;
976 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
977
978 return 0;
979 }
980
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)981 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
982 {
983 policydb_t *p;
984 class_datum_t *cladatum;
985
986 cladatum = (class_datum_t *) datum;
987 p = (policydb_t *) datap;
988 if (!cladatum->s.value || cladatum->s.value > p->p_classes.nprim)
989 return -EINVAL;
990 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
991 return -EINVAL;
992 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
993 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
994
995 return 0;
996 }
997
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)998 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
999 {
1000 policydb_t *p;
1001 role_datum_t *role;
1002
1003 role = (role_datum_t *) datum;
1004 p = (policydb_t *) datap;
1005 if (!role->s.value || role->s.value > p->p_roles.nprim)
1006 return -EINVAL;
1007 if (p->p_role_val_to_name[role->s.value - 1] != NULL)
1008 return -EINVAL;
1009 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
1010 p->role_val_to_struct[role->s.value - 1] = role;
1011
1012 return 0;
1013 }
1014
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1015 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1016 {
1017 policydb_t *p;
1018 type_datum_t *typdatum;
1019
1020 typdatum = (type_datum_t *) datum;
1021 p = (policydb_t *) datap;
1022
1023 if (typdatum->primary) {
1024 if (!typdatum->s.value || typdatum->s.value > p->p_types.nprim)
1025 return -EINVAL;
1026 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
1027 return -EINVAL;
1028 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
1029 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
1030 }
1031
1032 return 0;
1033 }
1034
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1035 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1036 {
1037 policydb_t *p;
1038 user_datum_t *usrdatum;
1039
1040 usrdatum = (user_datum_t *) datum;
1041 p = (policydb_t *) datap;
1042
1043 if (!usrdatum->s.value || usrdatum->s.value > p->p_users.nprim)
1044 return -EINVAL;
1045 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
1046 return -EINVAL;
1047 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
1048 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
1049
1050 return 0;
1051 }
1052
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1053 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1054 {
1055 policydb_t *p;
1056 level_datum_t *levdatum;
1057
1058 levdatum = (level_datum_t *) datum;
1059 p = (policydb_t *) datap;
1060
1061 if (!levdatum->isalias) {
1062 if (!levdatum->level->sens ||
1063 levdatum->level->sens > p->p_levels.nprim)
1064 return -EINVAL;
1065 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
1066 return -EINVAL;
1067 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
1068 }
1069
1070 return 0;
1071 }
1072
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1073 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1074 {
1075 policydb_t *p;
1076 cat_datum_t *catdatum;
1077
1078 catdatum = (cat_datum_t *) datum;
1079 p = (policydb_t *) datap;
1080
1081 if (!catdatum->isalias) {
1082 if (!catdatum->s.value || catdatum->s.value > p->p_cats.nprim)
1083 return -EINVAL;
1084 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
1085 return -EINVAL;
1086 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
1087 }
1088
1089 return 0;
1090 }
1091
1092 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1093 void *datap) = {
1094 common_index, class_index, role_index, type_index, user_index,
1095 cond_index_bool, sens_index, cat_index,};
1096
1097 /*
1098 * Define the common val_to_name array and the class
1099 * val_to_name and val_to_struct arrays in a policy
1100 * database structure.
1101 */
policydb_index_classes(policydb_t * p)1102 int policydb_index_classes(policydb_t * p)
1103 {
1104 free(p->p_common_val_to_name);
1105 p->p_common_val_to_name = (char **)
1106 calloc(p->p_commons.nprim, sizeof(char *));
1107 if (!p->p_common_val_to_name)
1108 return -1;
1109
1110 if (hashtab_map(p->p_commons.table, common_index, p))
1111 return -1;
1112
1113 free(p->class_val_to_struct);
1114 p->class_val_to_struct = (class_datum_t **)
1115 calloc(p->p_classes.nprim, sizeof(class_datum_t *));
1116 if (!p->class_val_to_struct)
1117 return -1;
1118
1119 free(p->p_class_val_to_name);
1120 p->p_class_val_to_name = (char **)
1121 calloc(p->p_classes.nprim, sizeof(char *));
1122 if (!p->p_class_val_to_name)
1123 return -1;
1124
1125 if (hashtab_map(p->p_classes.table, class_index, p))
1126 return -1;
1127
1128 return 0;
1129 }
1130
policydb_index_bools(policydb_t * p)1131 int policydb_index_bools(policydb_t * p)
1132 {
1133
1134 if (cond_init_bool_indexes(p) == -1)
1135 return -1;
1136 p->p_bool_val_to_name = (char **)
1137 calloc(p->p_bools.nprim, sizeof(char *));
1138 if (!p->p_bool_val_to_name)
1139 return -1;
1140 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
1141 return -1;
1142 return 0;
1143 }
1144
policydb_index_decls(sepol_handle_t * handle,policydb_t * p)1145 int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
1146 {
1147 avrule_block_t *curblock;
1148 avrule_decl_t *decl;
1149 unsigned int num_decls = 0;
1150
1151 free(p->decl_val_to_struct);
1152
1153 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1154 for (decl = curblock->branch_list; decl != NULL;
1155 decl = decl->next) {
1156 num_decls++;
1157 }
1158 }
1159
1160 p->decl_val_to_struct =
1161 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1162 if (!p->decl_val_to_struct) {
1163 return -1;
1164 }
1165
1166 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1167 for (decl = curblock->branch_list; decl != NULL;
1168 decl = decl->next) {
1169 if (decl->decl_id < 1 || decl->decl_id > num_decls) {
1170 ERR(handle, "invalid decl ID %u", decl->decl_id);
1171 return -1;
1172 }
1173 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
1174 ERR(handle, "duplicated decl ID %u", decl->decl_id);
1175 return -1;
1176 }
1177 p->decl_val_to_struct[decl->decl_id - 1] = decl;
1178 }
1179 }
1180
1181 return 0;
1182 }
1183
1184 /*
1185 * Define the other val_to_name and val_to_struct arrays
1186 * in a policy database structure.
1187 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1188 int policydb_index_others(sepol_handle_t * handle,
1189 policydb_t * p, unsigned verbose)
1190 {
1191 int i;
1192
1193 if (verbose) {
1194 INFO(handle,
1195 "security: %d users, %d roles, %d types, %d bools",
1196 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1197 p->p_bools.nprim);
1198
1199 if (p->mls)
1200 INFO(handle, "security: %d sens, %d cats",
1201 p->p_levels.nprim, p->p_cats.nprim);
1202
1203 INFO(handle, "security: %d classes, %d rules, %d cond rules",
1204 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1205 }
1206 #if 0
1207 avtab_hash_eval(&p->te_avtab, "rules");
1208 for (i = 0; i < SYM_NUM; i++)
1209 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1210 #endif
1211
1212 free(p->role_val_to_struct);
1213 p->role_val_to_struct = (role_datum_t **)
1214 calloc(p->p_roles.nprim, sizeof(role_datum_t *));
1215 if (!p->role_val_to_struct)
1216 return -1;
1217
1218 free(p->user_val_to_struct);
1219 p->user_val_to_struct = (user_datum_t **)
1220 calloc(p->p_users.nprim, sizeof(user_datum_t *));
1221 if (!p->user_val_to_struct)
1222 return -1;
1223
1224 free(p->type_val_to_struct);
1225 p->type_val_to_struct = (type_datum_t **)
1226 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1227 if (!p->type_val_to_struct)
1228 return -1;
1229
1230 cond_init_bool_indexes(p);
1231
1232 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1233 free(p->sym_val_to_name[i]);
1234 p->sym_val_to_name[i] = NULL;
1235 if (p->symtab[i].nprim) {
1236 p->sym_val_to_name[i] = (char **)
1237 calloc(p->symtab[i].nprim, sizeof(char *));
1238 if (!p->sym_val_to_name[i])
1239 return -1;
1240 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1241 return -1;
1242 }
1243 }
1244
1245 /* This pre-expands the roles and users for context validity checking */
1246 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1247 return -1;
1248
1249 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1250 return -1;
1251
1252 return 0;
1253 }
1254
1255 /*
1256 * The following *_destroy functions are used to
1257 * free any memory allocated for each kind of
1258 * symbol data in the policy database.
1259 */
1260
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1261 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1262 __attribute__ ((unused)))
1263 {
1264 if (key)
1265 free(key);
1266 free(datum);
1267 return 0;
1268 }
1269
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1270 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1271 __attribute__ ((unused)))
1272 {
1273 common_datum_t *comdatum;
1274
1275 if (key)
1276 free(key);
1277 comdatum = (common_datum_t *) datum;
1278 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1279 hashtab_destroy(comdatum->permissions.table);
1280 free(datum);
1281 return 0;
1282 }
1283
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1284 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1285 __attribute__ ((unused)))
1286 {
1287 class_datum_t *cladatum;
1288 constraint_node_t *constraint, *ctemp;
1289 constraint_expr_t *e, *etmp;
1290
1291 if (key)
1292 free(key);
1293 cladatum = (class_datum_t *) datum;
1294 if (cladatum == NULL) {
1295 return 0;
1296 }
1297 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1298 hashtab_destroy(cladatum->permissions.table);
1299 constraint = cladatum->constraints;
1300 while (constraint) {
1301 e = constraint->expr;
1302 while (e) {
1303 etmp = e;
1304 e = e->next;
1305 constraint_expr_destroy(etmp);
1306 }
1307 ctemp = constraint;
1308 constraint = constraint->next;
1309 free(ctemp);
1310 }
1311
1312 constraint = cladatum->validatetrans;
1313 while (constraint) {
1314 e = constraint->expr;
1315 while (e) {
1316 etmp = e;
1317 e = e->next;
1318 constraint_expr_destroy(etmp);
1319 }
1320 ctemp = constraint;
1321 constraint = constraint->next;
1322 free(ctemp);
1323 }
1324
1325 if (cladatum->comkey)
1326 free(cladatum->comkey);
1327 free(datum);
1328 return 0;
1329 }
1330
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1331 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1332 __attribute__ ((unused)))
1333 {
1334 free(key);
1335 role_datum_destroy((role_datum_t *) datum);
1336 free(datum);
1337 return 0;
1338 }
1339
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1340 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1341 __attribute__ ((unused)))
1342 {
1343 free(key);
1344 type_datum_destroy((type_datum_t *) datum);
1345 free(datum);
1346 return 0;
1347 }
1348
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1349 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1350 __attribute__ ((unused)))
1351 {
1352 free(key);
1353 user_datum_destroy((user_datum_t *) datum);
1354 free(datum);
1355 return 0;
1356 }
1357
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1358 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1359 __attribute__ ((unused)))
1360 {
1361 level_datum_t *levdatum;
1362
1363 if (key)
1364 free(key);
1365 levdatum = (level_datum_t *) datum;
1366 mls_level_destroy(levdatum->level);
1367 free(levdatum->level);
1368 level_datum_destroy(levdatum);
1369 free(levdatum);
1370 return 0;
1371 }
1372
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1373 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1374 __attribute__ ((unused)))
1375 {
1376 if (key)
1377 free(key);
1378 cat_datum_destroy((cat_datum_t *) datum);
1379 free(datum);
1380 return 0;
1381 }
1382
1383 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1384 void *datap) = {
1385 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1386 cond_destroy_bool, sens_destroy, cat_destroy,};
1387
filenametr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1388 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1389 void *p __attribute__ ((unused)))
1390 {
1391 struct filename_trans *ft = (struct filename_trans *)key;
1392 free(ft->name);
1393 free(key);
1394 free(datum);
1395 return 0;
1396 }
1397
range_tr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1398 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1399 void *p __attribute__ ((unused)))
1400 {
1401 struct mls_range *rt = (struct mls_range *)datum;
1402 free(key);
1403 ebitmap_destroy(&rt->level[0].cat);
1404 ebitmap_destroy(&rt->level[1].cat);
1405 free(datum);
1406 return 0;
1407 }
1408
ocontext_selinux_free(ocontext_t ** ocontexts)1409 void ocontext_selinux_free(ocontext_t **ocontexts)
1410 {
1411 ocontext_t *c, *ctmp;
1412 int i;
1413
1414 for (i = 0; i < OCON_NUM; i++) {
1415 c = ocontexts[i];
1416 while (c) {
1417 ctmp = c;
1418 c = c->next;
1419 context_destroy(&ctmp->context[0]);
1420 context_destroy(&ctmp->context[1]);
1421 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1422 || i == OCON_FSUSE)
1423 free(ctmp->u.name);
1424 else if (i == OCON_IBENDPORT)
1425 free(ctmp->u.ibendport.dev_name);
1426 free(ctmp);
1427 }
1428 }
1429 }
1430
ocontext_xen_free(ocontext_t ** ocontexts)1431 void ocontext_xen_free(ocontext_t **ocontexts)
1432 {
1433 ocontext_t *c, *ctmp;
1434 int i;
1435
1436 for (i = 0; i < OCON_NUM; i++) {
1437 c = ocontexts[i];
1438 while (c) {
1439 ctmp = c;
1440 c = c->next;
1441 context_destroy(&ctmp->context[0]);
1442 context_destroy(&ctmp->context[1]);
1443 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
1444 free(ctmp->u.name);
1445 free(ctmp);
1446 }
1447 }
1448 }
1449
1450 /*
1451 * Free any memory allocated by a policy database structure.
1452 */
policydb_destroy(policydb_t * p)1453 void policydb_destroy(policydb_t * p)
1454 {
1455 ocontext_t *c, *ctmp;
1456 genfs_t *g, *gtmp;
1457 unsigned int i;
1458 role_allow_t *ra, *lra = NULL;
1459 role_trans_t *tr, *ltr = NULL;
1460
1461 if (!p)
1462 return;
1463
1464 ebitmap_destroy(&p->policycaps);
1465
1466 ebitmap_destroy(&p->permissive_map);
1467
1468 symtabs_destroy(p->symtab);
1469
1470 for (i = 0; i < SYM_NUM; i++) {
1471 if (p->sym_val_to_name[i])
1472 free(p->sym_val_to_name[i]);
1473 }
1474
1475 if (p->class_val_to_struct)
1476 free(p->class_val_to_struct);
1477 if (p->role_val_to_struct)
1478 free(p->role_val_to_struct);
1479 if (p->user_val_to_struct)
1480 free(p->user_val_to_struct);
1481 if (p->type_val_to_struct)
1482 free(p->type_val_to_struct);
1483 free(p->decl_val_to_struct);
1484
1485 for (i = 0; i < SYM_NUM; i++) {
1486 (void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1487 hashtab_destroy(p->scope[i].table);
1488 }
1489 avrule_block_list_destroy(p->global);
1490 free(p->name);
1491 free(p->version);
1492
1493 avtab_destroy(&p->te_avtab);
1494
1495 if (p->target_platform == SEPOL_TARGET_SELINUX)
1496 ocontext_selinux_free(p->ocontexts);
1497 else if (p->target_platform == SEPOL_TARGET_XEN)
1498 ocontext_xen_free(p->ocontexts);
1499
1500 g = p->genfs;
1501 while (g) {
1502 free(g->fstype);
1503 c = g->head;
1504 while (c) {
1505 ctmp = c;
1506 c = c->next;
1507 context_destroy(&ctmp->context[0]);
1508 free(ctmp->u.name);
1509 free(ctmp);
1510 }
1511 gtmp = g;
1512 g = g->next;
1513 free(gtmp);
1514 }
1515 cond_policydb_destroy(p);
1516
1517 for (tr = p->role_tr; tr; tr = tr->next) {
1518 if (ltr)
1519 free(ltr);
1520 ltr = tr;
1521 }
1522 if (ltr)
1523 free(ltr);
1524
1525 for (ra = p->role_allow; ra; ra = ra->next) {
1526 if (lra)
1527 free(lra);
1528 lra = ra;
1529 }
1530 if (lra)
1531 free(lra);
1532
1533 hashtab_map(p->filename_trans, filenametr_destroy, NULL);
1534 hashtab_destroy(p->filename_trans);
1535
1536 hashtab_map(p->range_tr, range_tr_destroy, NULL);
1537 hashtab_destroy(p->range_tr);
1538
1539 if (p->type_attr_map) {
1540 for (i = 0; i < p->p_types.nprim; i++) {
1541 ebitmap_destroy(&p->type_attr_map[i]);
1542 }
1543 free(p->type_attr_map);
1544 }
1545
1546 if (p->attr_type_map) {
1547 for (i = 0; i < p->p_types.nprim; i++) {
1548 ebitmap_destroy(&p->attr_type_map[i]);
1549 }
1550 free(p->attr_type_map);
1551 }
1552
1553 return;
1554 }
1555
symtabs_destroy(symtab_t * symtab)1556 void symtabs_destroy(symtab_t * symtab)
1557 {
1558 int i;
1559 for (i = 0; i < SYM_NUM; i++) {
1560 (void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1561 hashtab_destroy(symtab[i].table);
1562 }
1563 }
1564
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1565 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1566 __attribute__ ((unused)))
1567 {
1568 scope_datum_t *cur = (scope_datum_t *) datum;
1569 free(key);
1570 if (cur != NULL) {
1571 free(cur->decl_ids);
1572 }
1573 free(cur);
1574 return 0;
1575 }
1576
1577 /*
1578 * Load the initial SIDs specified in a policy database
1579 * structure into a SID table.
1580 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1581 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1582 {
1583 ocontext_t *head, *c;
1584
1585 if (sepol_sidtab_init(s)) {
1586 ERR(NULL, "out of memory on SID table init");
1587 return -1;
1588 }
1589
1590 head = p->ocontexts[OCON_ISID];
1591 for (c = head; c; c = c->next) {
1592 if (!c->context[0].user) {
1593 ERR(NULL, "SID %s was never defined", c->u.name);
1594 return -1;
1595 }
1596 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1597 ERR(NULL, "unable to load initial SID %s", c->u.name);
1598 return -1;
1599 }
1600 }
1601
1602 return 0;
1603 }
1604
1605 /* Declare a symbol for a certain avrule_block context. Insert it
1606 * into a symbol table for a policy. This function will handle
1607 * inserting the appropriate scope information in addition to
1608 * inserting the symbol into the hash table.
1609 *
1610 * arguments:
1611 * policydb_t *pol module policy to modify
1612 * uint32_t sym the symbole table for insertion (SYM_*)
1613 * hashtab_key_t key the key for the symbol - not cloned
1614 * hashtab_datum_t data the data for the symbol - not cloned
1615 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1616 * avrule_decl_id identifier for this symbol's encapsulating declaration
1617 * value (out) assigned value to the symbol (if value is not NULL)
1618 *
1619 * returns:
1620 * 0 success
1621 * 1 success, but symbol already existed as a requirement
1622 * (datum was not inserted and needs to be free()d)
1623 * -1 general error
1624 * -2 scope conflicted
1625 * -ENOMEM memory error
1626 * error codes from hashtab_insert
1627 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1628 int symtab_insert(policydb_t * pol, uint32_t sym,
1629 hashtab_key_t key, hashtab_datum_t datum,
1630 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1631 {
1632 int rc, retval = 0;
1633 unsigned int i;
1634 scope_datum_t *scope_datum;
1635
1636 /* check if the symbol is already there. multiple
1637 * declarations of non-roles/non-users are illegal, but
1638 * multiple requires are allowed. */
1639
1640 /* FIX ME - the failures after the hashtab_insert will leave
1641 * the policy in a inconsistent state. */
1642 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1643 if (rc == SEPOL_OK) {
1644 /* if no value is passed in the symbol is not primary
1645 * (i.e. aliases) */
1646 if (value)
1647 *value = ++pol->symtab[sym].nprim;
1648 } else if (rc == SEPOL_EEXIST) {
1649 retval = 1; /* symbol not added -- need to free() later */
1650 } else {
1651 return rc;
1652 }
1653
1654 /* get existing scope information; if there is not one then
1655 * create it */
1656 scope_datum =
1657 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1658 if (scope_datum == NULL) {
1659 hashtab_key_t key2 = strdup((char *)key);
1660 if (!key2)
1661 return -ENOMEM;
1662 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1663 free(key2);
1664 return -ENOMEM;
1665 }
1666 scope_datum->scope = scope;
1667 scope_datum->decl_ids = NULL;
1668 scope_datum->decl_ids_len = 0;
1669 if ((rc =
1670 hashtab_insert(pol->scope[sym].table, key2,
1671 scope_datum)) != 0) {
1672 free(key2);
1673 free(scope_datum);
1674 return rc;
1675 }
1676 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1677 /* disallow multiple declarations for non-roles/users */
1678 if (sym != SYM_ROLES && sym != SYM_USERS) {
1679 return -2;
1680 }
1681 /* Further confine that a role attribute can't have the same
1682 * name as another regular role, and a role attribute can't
1683 * be declared more than once. */
1684 if (sym == SYM_ROLES) {
1685 role_datum_t *base_role;
1686 role_datum_t *cur_role = (role_datum_t *)datum;
1687
1688 base_role = (role_datum_t *)
1689 hashtab_search(pol->symtab[sym].table,
1690 key);
1691 assert(base_role != NULL);
1692
1693 if (!((base_role->flavor == ROLE_ROLE) &&
1694 (cur_role->flavor == ROLE_ROLE))) {
1695 /* Only regular roles are allowed to have
1696 * multiple declarations. */
1697 return -2;
1698 }
1699 }
1700 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1701 scope_datum->scope = SCOPE_DECL;
1702 }
1703
1704 /* search through the pre-existing list to avoid adding duplicates */
1705 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1706 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1707 /* already there, so don't modify its scope */
1708 return retval;
1709 }
1710 }
1711
1712 if (add_i_to_a(avrule_decl_id,
1713 &scope_datum->decl_ids_len,
1714 &scope_datum->decl_ids) == -1) {
1715 return -ENOMEM;
1716 }
1717
1718 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
1719 /* Need to keep the decl at the end of the list */
1720 uint32_t len, tmp;
1721 len = scope_datum->decl_ids_len;
1722 if (len < 2) {
1723 /* This should be impossible here */
1724 return -1;
1725 }
1726 tmp = scope_datum->decl_ids[len-2];
1727 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
1728 scope_datum->decl_ids[len-1] = tmp;
1729 }
1730
1731 return retval;
1732 }
1733
type_set_or(type_set_t * dst,type_set_t * a,type_set_t * b)1734 int type_set_or(type_set_t * dst, type_set_t * a, type_set_t * b)
1735 {
1736 type_set_init(dst);
1737
1738 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1739 return -1;
1740 }
1741 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1742 return -1;
1743 }
1744
1745 dst->flags |= a->flags;
1746 dst->flags |= b->flags;
1747
1748 return 0;
1749 }
1750
type_set_cpy(type_set_t * dst,type_set_t * src)1751 int type_set_cpy(type_set_t * dst, type_set_t * src)
1752 {
1753 type_set_init(dst);
1754
1755 dst->flags = src->flags;
1756 if (ebitmap_cpy(&dst->types, &src->types))
1757 return -1;
1758 if (ebitmap_cpy(&dst->negset, &src->negset))
1759 return -1;
1760
1761 return 0;
1762 }
1763
type_set_or_eq(type_set_t * dst,type_set_t * other)1764 int type_set_or_eq(type_set_t * dst, type_set_t * other)
1765 {
1766 int ret;
1767 type_set_t tmp;
1768
1769 if (type_set_or(&tmp, dst, other))
1770 return -1;
1771 type_set_destroy(dst);
1772 ret = type_set_cpy(dst, &tmp);
1773 type_set_destroy(&tmp);
1774
1775 return ret;
1776 }
1777
role_set_get_role(role_set_t * x,uint32_t role)1778 int role_set_get_role(role_set_t * x, uint32_t role)
1779 {
1780 if (x->flags & ROLE_STAR)
1781 return 1;
1782
1783 if (ebitmap_get_bit(&x->roles, role - 1)) {
1784 if (x->flags & ROLE_COMP)
1785 return 0;
1786 else
1787 return 1;
1788 } else {
1789 if (x->flags & ROLE_COMP)
1790 return 1;
1791 else
1792 return 0;
1793 }
1794 }
1795
1796 /***********************************************************************/
1797 /* everything below is for policy reads */
1798
1799 /* The following are read functions for module structures */
1800
role_set_read(role_set_t * r,struct policy_file * fp)1801 static int role_set_read(role_set_t * r, struct policy_file *fp)
1802 {
1803 uint32_t buf[1];
1804 int rc;
1805
1806 if (ebitmap_read(&r->roles, fp))
1807 return -1;
1808 rc = next_entry(buf, fp, sizeof(uint32_t));
1809 if (rc < 0)
1810 return -1;
1811 r->flags = le32_to_cpu(buf[0]);
1812
1813 return 0;
1814 }
1815
type_set_read(type_set_t * t,struct policy_file * fp)1816 static int type_set_read(type_set_t * t, struct policy_file *fp)
1817 {
1818 uint32_t buf[1];
1819 int rc;
1820
1821 if (ebitmap_read(&t->types, fp))
1822 return -1;
1823 if (ebitmap_read(&t->negset, fp))
1824 return -1;
1825
1826 rc = next_entry(buf, fp, sizeof(uint32_t));
1827 if (rc < 0)
1828 return -1;
1829 t->flags = le32_to_cpu(buf[0]);
1830
1831 return 0;
1832 }
1833
1834 /*
1835 * Read a MLS range structure from a policydb binary
1836 * representation file.
1837 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1838 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1839 {
1840 uint32_t buf[2], items;
1841 int rc;
1842
1843 rc = next_entry(buf, fp, sizeof(uint32_t));
1844 if (rc < 0)
1845 goto out;
1846
1847 items = le32_to_cpu(buf[0]);
1848 if (items > ARRAY_SIZE(buf)) {
1849 ERR(fp->handle, "range overflow");
1850 rc = -EINVAL;
1851 goto out;
1852 }
1853 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1854 if (rc < 0) {
1855 ERR(fp->handle, "truncated range");
1856 goto out;
1857 }
1858 r->level[0].sens = le32_to_cpu(buf[0]);
1859 if (items > 1)
1860 r->level[1].sens = le32_to_cpu(buf[1]);
1861 else
1862 r->level[1].sens = r->level[0].sens;
1863
1864 rc = ebitmap_read(&r->level[0].cat, fp);
1865 if (rc) {
1866 ERR(fp->handle, "error reading low categories");
1867 goto out;
1868 }
1869 if (items > 1) {
1870 rc = ebitmap_read(&r->level[1].cat, fp);
1871 if (rc) {
1872 ERR(fp->handle, "error reading high categories");
1873 goto bad_high;
1874 }
1875 } else {
1876 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1877 if (rc) {
1878 ERR(fp->handle, "out of memory");
1879 goto bad_high;
1880 }
1881 }
1882
1883 rc = 0;
1884 out:
1885 return rc;
1886 bad_high:
1887 ebitmap_destroy(&r->level[0].cat);
1888 goto out;
1889 }
1890
1891 /*
1892 * Read a semantic MLS level structure from a policydb binary
1893 * representation file.
1894 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1895 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1896 struct policy_file *fp)
1897 {
1898 uint32_t buf[2], ncat;
1899 unsigned int i;
1900 mls_semantic_cat_t *cat;
1901 int rc;
1902
1903 mls_semantic_level_init(l);
1904
1905 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1906 if (rc < 0) {
1907 ERR(fp->handle, "truncated level");
1908 goto bad;
1909 }
1910 l->sens = le32_to_cpu(buf[0]);
1911
1912 ncat = le32_to_cpu(buf[1]);
1913 for (i = 0; i < ncat; i++) {
1914 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1915 if (!cat) {
1916 ERR(fp->handle, "out of memory");
1917 goto bad;
1918 }
1919
1920 mls_semantic_cat_init(cat);
1921 cat->next = l->cat;
1922 l->cat = cat;
1923
1924 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1925 if (rc < 0) {
1926 ERR(fp->handle, "error reading level categories");
1927 goto bad;
1928 }
1929 cat->low = le32_to_cpu(buf[0]);
1930 cat->high = le32_to_cpu(buf[1]);
1931 }
1932
1933 return 0;
1934
1935 bad:
1936 return -EINVAL;
1937 }
1938
1939 /*
1940 * Read a semantic MLS range structure from a policydb binary
1941 * representation file.
1942 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1943 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1944 struct policy_file *fp)
1945 {
1946 int rc;
1947
1948 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1949 if (rc)
1950 return rc;
1951
1952 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1953
1954 return rc;
1955 }
1956
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1957 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1958 {
1959 unsigned int i;
1960 ebitmap_node_t *cnode;
1961 mls_semantic_cat_t *open_cat = NULL;
1962
1963 mls_semantic_level_init(sl);
1964 sl->sens = l->sens;
1965 ebitmap_for_each_bit(&l->cat, cnode, i) {
1966 if (ebitmap_node_get_bit(cnode, i)) {
1967 if (open_cat)
1968 continue;
1969 open_cat = (mls_semantic_cat_t *)
1970 malloc(sizeof(mls_semantic_cat_t));
1971 if (!open_cat)
1972 return -1;
1973
1974 mls_semantic_cat_init(open_cat);
1975 open_cat->low = i + 1;
1976 open_cat->next = sl->cat;
1977 sl->cat = open_cat;
1978 } else {
1979 if (!open_cat)
1980 continue;
1981 open_cat->high = i;
1982 open_cat = NULL;
1983 }
1984 }
1985 if (open_cat)
1986 open_cat->high = i;
1987
1988 return 0;
1989 }
1990
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)1991 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1992 {
1993 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1994 return -1;
1995
1996 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1997 return -1;
1998
1999 return 0;
2000 }
2001
2002 /*
2003 * Read and validate a security context structure
2004 * from a policydb binary representation file.
2005 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)2006 static int context_read_and_validate(context_struct_t * c,
2007 policydb_t * p, struct policy_file *fp)
2008 {
2009 uint32_t buf[3];
2010 int rc;
2011
2012 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2013 if (rc < 0) {
2014 ERR(fp->handle, "context truncated");
2015 return -1;
2016 }
2017 c->user = le32_to_cpu(buf[0]);
2018 c->role = le32_to_cpu(buf[1]);
2019 c->type = le32_to_cpu(buf[2]);
2020 if ((p->policy_type == POLICY_KERN
2021 && p->policyvers >= POLICYDB_VERSION_MLS)
2022 || (p->policy_type == POLICY_BASE
2023 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
2024 if (mls_read_range_helper(&c->range, fp)) {
2025 ERR(fp->handle, "error reading MLS range "
2026 "of context");
2027 return -1;
2028 }
2029 }
2030
2031 if (!policydb_context_isvalid(p, c)) {
2032 ERR(fp->handle, "invalid security context");
2033 context_destroy(c);
2034 return -1;
2035 }
2036 return 0;
2037 }
2038
2039 /*
2040 * The following *_read functions are used to
2041 * read the symbol data from a policy database
2042 * binary representation file.
2043 */
2044
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2045 static int perm_read(policydb_t * p
2046 __attribute__ ((unused)), hashtab_t h,
2047 struct policy_file *fp)
2048 {
2049 char *key = 0;
2050 perm_datum_t *perdatum;
2051 uint32_t buf[2];
2052 size_t len;
2053 int rc;
2054
2055 perdatum = calloc(1, sizeof(perm_datum_t));
2056 if (!perdatum)
2057 return -1;
2058
2059 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2060 if (rc < 0)
2061 goto bad;
2062
2063 len = le32_to_cpu(buf[0]);
2064 if(str_read(&key, fp, len))
2065 goto bad;
2066
2067 perdatum->s.value = le32_to_cpu(buf[1]);
2068
2069 if (hashtab_insert(h, key, perdatum))
2070 goto bad;
2071
2072 return 0;
2073
2074 bad:
2075 perm_destroy(key, perdatum, NULL);
2076 return -1;
2077 }
2078
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2079 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2080 {
2081 char *key = 0;
2082 common_datum_t *comdatum;
2083 uint32_t buf[4];
2084 size_t len, nel;
2085 unsigned int i;
2086 int rc;
2087
2088 comdatum = calloc(1, sizeof(common_datum_t));
2089 if (!comdatum)
2090 return -1;
2091
2092 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2093 if (rc < 0)
2094 goto bad;
2095
2096 len = le32_to_cpu(buf[0]);
2097 if (zero_or_saturated(len))
2098 goto bad;
2099
2100 comdatum->s.value = le32_to_cpu(buf[1]);
2101
2102 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
2103 goto bad;
2104 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
2105 nel = le32_to_cpu(buf[3]);
2106
2107 key = malloc(len + 1);
2108 if (!key)
2109 goto bad;
2110 rc = next_entry(key, fp, len);
2111 if (rc < 0)
2112 goto bad;
2113 key[len] = 0;
2114
2115 for (i = 0; i < nel; i++) {
2116 if (perm_read(p, comdatum->permissions.table, fp))
2117 goto bad;
2118 }
2119
2120 if (hashtab_insert(h, key, comdatum))
2121 goto bad;
2122
2123 return 0;
2124
2125 bad:
2126 common_destroy(key, comdatum, NULL);
2127 return -1;
2128 }
2129
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)2130 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
2131 unsigned int ncons,
2132 int allowxtarget, struct policy_file *fp)
2133 {
2134 constraint_node_t *c, *lc;
2135 constraint_expr_t *e, *le;
2136 uint32_t buf[3];
2137 size_t nexpr;
2138 unsigned int i, j;
2139 int rc, depth;
2140
2141 lc = NULL;
2142 for (i = 0; i < ncons; i++) {
2143 c = calloc(1, sizeof(constraint_node_t));
2144 if (!c)
2145 return -1;
2146
2147 if (lc)
2148 lc->next = c;
2149 else
2150 *nodep = c;
2151
2152 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2153 if (rc < 0)
2154 return -1;
2155 c->permissions = le32_to_cpu(buf[0]);
2156 nexpr = le32_to_cpu(buf[1]);
2157 le = NULL;
2158 depth = -1;
2159 for (j = 0; j < nexpr; j++) {
2160 e = malloc(sizeof(constraint_expr_t));
2161 if (!e)
2162 return -1;
2163 if (constraint_expr_init(e) == -1) {
2164 free(e);
2165 return -1;
2166 }
2167 if (le) {
2168 le->next = e;
2169 } else {
2170 c->expr = e;
2171 }
2172
2173 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2174 if (rc < 0)
2175 return -1;
2176 e->expr_type = le32_to_cpu(buf[0]);
2177 e->attr = le32_to_cpu(buf[1]);
2178 e->op = le32_to_cpu(buf[2]);
2179
2180 switch (e->expr_type) {
2181 case CEXPR_NOT:
2182 if (depth < 0)
2183 return -1;
2184 break;
2185 case CEXPR_AND:
2186 case CEXPR_OR:
2187 if (depth < 1)
2188 return -1;
2189 depth--;
2190 break;
2191 case CEXPR_ATTR:
2192 if (depth == (CEXPR_MAXDEPTH - 1))
2193 return -1;
2194 depth++;
2195 break;
2196 case CEXPR_NAMES:
2197 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2198 return -1;
2199 if (depth == (CEXPR_MAXDEPTH - 1))
2200 return -1;
2201 depth++;
2202 if (ebitmap_read(&e->names, fp))
2203 return -1;
2204 if (p->policy_type != POLICY_KERN &&
2205 type_set_read(e->type_names, fp))
2206 return -1;
2207 else if (p->policy_type == POLICY_KERN &&
2208 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2209 type_set_read(e->type_names, fp))
2210 return -1;
2211 break;
2212 default:
2213 return -1;
2214 }
2215 le = e;
2216 }
2217 if (depth != 0)
2218 return -1;
2219 lc = c;
2220 }
2221
2222 return 0;
2223 }
2224
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2225 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2226 {
2227 char *key = 0;
2228 class_datum_t *cladatum;
2229 uint32_t buf[6];
2230 size_t len, len2, ncons, nel;
2231 unsigned int i;
2232 int rc;
2233
2234 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2235 if (!cladatum)
2236 return -1;
2237
2238 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2239 if (rc < 0)
2240 goto bad;
2241
2242 len = le32_to_cpu(buf[0]);
2243 if (zero_or_saturated(len))
2244 goto bad;
2245 len2 = le32_to_cpu(buf[1]);
2246 if (is_saturated(len2))
2247 goto bad;
2248 cladatum->s.value = le32_to_cpu(buf[2]);
2249
2250 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2251 goto bad;
2252 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2253 nel = le32_to_cpu(buf[4]);
2254
2255 ncons = le32_to_cpu(buf[5]);
2256
2257 key = malloc(len + 1);
2258 if (!key)
2259 goto bad;
2260 rc = next_entry(key, fp, len);
2261 if (rc < 0)
2262 goto bad;
2263 key[len] = 0;
2264
2265 if (len2) {
2266 cladatum->comkey = malloc(len2 + 1);
2267 if (!cladatum->comkey)
2268 goto bad;
2269 rc = next_entry(cladatum->comkey, fp, len2);
2270 if (rc < 0)
2271 goto bad;
2272 cladatum->comkey[len2] = 0;
2273
2274 cladatum->comdatum = hashtab_search(p->p_commons.table,
2275 cladatum->comkey);
2276 if (!cladatum->comdatum) {
2277 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2278 goto bad;
2279 }
2280 }
2281 for (i = 0; i < nel; i++) {
2282 if (perm_read(p, cladatum->permissions.table, fp))
2283 goto bad;
2284 }
2285
2286 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2287 goto bad;
2288
2289 if ((p->policy_type == POLICY_KERN
2290 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2291 || (p->policy_type == POLICY_BASE
2292 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2293 /* grab the validatetrans rules */
2294 rc = next_entry(buf, fp, sizeof(uint32_t));
2295 if (rc < 0)
2296 goto bad;
2297 ncons = le32_to_cpu(buf[0]);
2298 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2299 goto bad;
2300 }
2301
2302 if ((p->policy_type == POLICY_KERN &&
2303 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2304 (p->policy_type == POLICY_BASE &&
2305 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2306 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2307 if (rc < 0)
2308 goto bad;
2309 cladatum->default_user = le32_to_cpu(buf[0]);
2310 cladatum->default_role = le32_to_cpu(buf[1]);
2311 cladatum->default_range = le32_to_cpu(buf[2]);
2312 }
2313
2314 if ((p->policy_type == POLICY_KERN &&
2315 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2316 (p->policy_type == POLICY_BASE &&
2317 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2318 rc = next_entry(buf, fp, sizeof(uint32_t));
2319 if (rc < 0)
2320 goto bad;
2321 cladatum->default_type = le32_to_cpu(buf[0]);
2322 }
2323
2324 if (hashtab_insert(h, key, cladatum))
2325 goto bad;
2326
2327 return 0;
2328
2329 bad:
2330 class_destroy(key, cladatum, NULL);
2331 return -1;
2332 }
2333
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2334 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2335 {
2336 char *key = 0;
2337 role_datum_t *role;
2338 uint32_t buf[3];
2339 size_t len;
2340 int rc, to_read = 2;
2341
2342 role = calloc(1, sizeof(role_datum_t));
2343 if (!role)
2344 return -1;
2345
2346 if (policydb_has_boundary_feature(p))
2347 to_read = 3;
2348
2349 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2350 if (rc < 0)
2351 goto bad;
2352
2353 len = le32_to_cpu(buf[0]);
2354 if (zero_or_saturated(len))
2355 goto bad;
2356
2357 role->s.value = le32_to_cpu(buf[1]);
2358 if (policydb_has_boundary_feature(p))
2359 role->bounds = le32_to_cpu(buf[2]);
2360
2361 key = malloc(len + 1);
2362 if (!key)
2363 goto bad;
2364 rc = next_entry(key, fp, len);
2365 if (rc < 0)
2366 goto bad;
2367 key[len] = 0;
2368
2369 if (ebitmap_read(&role->dominates, fp))
2370 goto bad;
2371
2372 if (p->policy_type == POLICY_KERN) {
2373 if (ebitmap_read(&role->types.types, fp))
2374 goto bad;
2375 } else {
2376 if (type_set_read(&role->types, fp))
2377 goto bad;
2378 }
2379
2380 if (p->policy_type != POLICY_KERN &&
2381 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2382 rc = next_entry(buf, fp, sizeof(uint32_t));
2383 if (rc < 0)
2384 goto bad;
2385
2386 role->flavor = le32_to_cpu(buf[0]);
2387
2388 if (ebitmap_read(&role->roles, fp))
2389 goto bad;
2390 }
2391
2392 if (strcmp(key, OBJECT_R) == 0) {
2393 if (role->s.value != OBJECT_R_VAL) {
2394 ERR(fp->handle, "role %s has wrong value %d",
2395 OBJECT_R, role->s.value);
2396 role_destroy(key, role, NULL);
2397 return -1;
2398 }
2399 role_destroy(key, role, NULL);
2400 return 0;
2401 }
2402
2403 if (hashtab_insert(h, key, role))
2404 goto bad;
2405
2406 return 0;
2407
2408 bad:
2409 role_destroy(key, role, NULL);
2410 return -1;
2411 }
2412
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2413 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2414 {
2415 char *key = 0;
2416 type_datum_t *typdatum;
2417 uint32_t buf[5];
2418 size_t len;
2419 int rc, to_read;
2420 int pos = 0;
2421
2422 typdatum = calloc(1, sizeof(type_datum_t));
2423 if (!typdatum)
2424 return -1;
2425
2426 if (policydb_has_boundary_feature(p)) {
2427 if (p->policy_type != POLICY_KERN
2428 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2429 to_read = 5;
2430 else
2431 to_read = 4;
2432 }
2433 else if (p->policy_type == POLICY_KERN)
2434 to_read = 3;
2435 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2436 to_read = 5;
2437 else
2438 to_read = 4;
2439
2440 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2441 if (rc < 0)
2442 goto bad;
2443
2444 len = le32_to_cpu(buf[pos]);
2445 if (zero_or_saturated(len))
2446 goto bad;
2447
2448 typdatum->s.value = le32_to_cpu(buf[++pos]);
2449 if (policydb_has_boundary_feature(p)) {
2450 uint32_t properties;
2451
2452 if (p->policy_type != POLICY_KERN
2453 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2454 typdatum->primary = le32_to_cpu(buf[++pos]);
2455 properties = le32_to_cpu(buf[++pos]);
2456 }
2457 else {
2458 properties = le32_to_cpu(buf[++pos]);
2459
2460 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2461 typdatum->primary = 1;
2462 }
2463
2464 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2465 typdatum->flavor = TYPE_ATTRIB;
2466 if (properties & TYPEDATUM_PROPERTY_ALIAS
2467 && p->policy_type != POLICY_KERN)
2468 typdatum->flavor = TYPE_ALIAS;
2469 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2470 && p->policy_type != POLICY_KERN)
2471 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2472
2473 typdatum->bounds = le32_to_cpu(buf[++pos]);
2474 } else {
2475 typdatum->primary = le32_to_cpu(buf[++pos]);
2476 if (p->policy_type != POLICY_KERN) {
2477 typdatum->flavor = le32_to_cpu(buf[++pos]);
2478 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2479 typdatum->flags = le32_to_cpu(buf[++pos]);
2480 }
2481 }
2482
2483 if (p->policy_type != POLICY_KERN) {
2484 if (ebitmap_read(&typdatum->types, fp))
2485 goto bad;
2486 }
2487
2488 key = malloc(len + 1);
2489 if (!key)
2490 goto bad;
2491 rc = next_entry(key, fp, len);
2492 if (rc < 0)
2493 goto bad;
2494 key[len] = 0;
2495
2496 if (hashtab_insert(h, key, typdatum))
2497 goto bad;
2498
2499 return 0;
2500
2501 bad:
2502 type_destroy(key, typdatum, NULL);
2503 return -1;
2504 }
2505
role_trans_read(policydb_t * p,struct policy_file * fp)2506 int role_trans_read(policydb_t *p, struct policy_file *fp)
2507 {
2508 role_trans_t **t = &p->role_tr;
2509 unsigned int i;
2510 uint32_t buf[3], nel;
2511 role_trans_t *tr, *ltr;
2512 int rc;
2513 int new_roletr = (p->policy_type == POLICY_KERN &&
2514 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2515
2516 rc = next_entry(buf, fp, sizeof(uint32_t));
2517 if (rc < 0)
2518 return -1;
2519 nel = le32_to_cpu(buf[0]);
2520 ltr = NULL;
2521 for (i = 0; i < nel; i++) {
2522 tr = calloc(1, sizeof(struct role_trans));
2523 if (!tr) {
2524 return -1;
2525 }
2526 if (ltr) {
2527 ltr->next = tr;
2528 } else {
2529 *t = tr;
2530 }
2531 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2532 if (rc < 0)
2533 return -1;
2534 tr->role = le32_to_cpu(buf[0]);
2535 tr->type = le32_to_cpu(buf[1]);
2536 tr->new_role = le32_to_cpu(buf[2]);
2537 if (new_roletr) {
2538 rc = next_entry(buf, fp, sizeof(uint32_t));
2539 if (rc < 0)
2540 return -1;
2541 tr->tclass = le32_to_cpu(buf[0]);
2542 } else
2543 tr->tclass = SECCLASS_PROCESS;
2544 ltr = tr;
2545 }
2546 return 0;
2547 }
2548
role_allow_read(role_allow_t ** r,struct policy_file * fp)2549 int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2550 {
2551 unsigned int i;
2552 uint32_t buf[2], nel;
2553 role_allow_t *ra, *lra;
2554 int rc;
2555
2556 rc = next_entry(buf, fp, sizeof(uint32_t));
2557 if (rc < 0)
2558 return -1;
2559 nel = le32_to_cpu(buf[0]);
2560 lra = NULL;
2561 for (i = 0; i < nel; i++) {
2562 ra = calloc(1, sizeof(struct role_allow));
2563 if (!ra) {
2564 return -1;
2565 }
2566 if (lra) {
2567 lra->next = ra;
2568 } else {
2569 *r = ra;
2570 }
2571 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2572 if (rc < 0)
2573 return -1;
2574 ra->role = le32_to_cpu(buf[0]);
2575 ra->new_role = le32_to_cpu(buf[1]);
2576 lra = ra;
2577 }
2578 return 0;
2579 }
2580
filename_trans_read(policydb_t * p,struct policy_file * fp)2581 int filename_trans_read(policydb_t *p, struct policy_file *fp)
2582 {
2583 unsigned int i;
2584 uint32_t buf[4], nel, len;
2585 filename_trans_t *ft;
2586 filename_trans_datum_t *otype;
2587 int rc;
2588 char *name;
2589
2590 rc = next_entry(buf, fp, sizeof(uint32_t));
2591 if (rc < 0)
2592 return -1;
2593 nel = le32_to_cpu(buf[0]);
2594
2595 for (i = 0; i < nel; i++) {
2596 ft = NULL;
2597 otype = NULL;
2598 name = NULL;
2599
2600 ft = calloc(1, sizeof(*ft));
2601 if (!ft)
2602 goto err;
2603 otype = calloc(1, sizeof(*otype));
2604 if (!otype)
2605 goto err;
2606 rc = next_entry(buf, fp, sizeof(uint32_t));
2607 if (rc < 0)
2608 goto err;
2609 len = le32_to_cpu(buf[0]);
2610 if (zero_or_saturated(len))
2611 goto err;
2612
2613 name = calloc(len + 1, sizeof(*name));
2614 if (!name)
2615 goto err;
2616
2617 ft->name = name;
2618
2619 rc = next_entry(name, fp, len);
2620 if (rc < 0)
2621 goto err;
2622
2623 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2624 if (rc < 0)
2625 goto err;
2626
2627 ft->stype = le32_to_cpu(buf[0]);
2628 ft->ttype = le32_to_cpu(buf[1]);
2629 ft->tclass = le32_to_cpu(buf[2]);
2630 otype->otype = le32_to_cpu(buf[3]);
2631
2632 rc = hashtab_insert(p->filename_trans, (hashtab_key_t) ft,
2633 otype);
2634 if (rc) {
2635 if (rc != SEPOL_EEXIST)
2636 goto err;
2637 /*
2638 * Some old policies were wrongly generated with
2639 * duplicate filename transition rules. For backward
2640 * compatibility, do not reject such policies, just
2641 * issue a warning and ignore the duplicate.
2642 */
2643 WARN(fp->handle,
2644 "Duplicate name-based type_transition %s %s:%s \"%s\": %s, ignoring",
2645 p->p_type_val_to_name[ft->stype - 1],
2646 p->p_type_val_to_name[ft->ttype - 1],
2647 p->p_class_val_to_name[ft->tclass - 1],
2648 ft->name,
2649 p->p_type_val_to_name[otype->otype - 1]);
2650 free(ft);
2651 free(name);
2652 free(otype);
2653 /* continue, ignoring this one */
2654 }
2655 }
2656 return 0;
2657 err:
2658 free(ft);
2659 free(otype);
2660 free(name);
2661 return -1;
2662 }
2663
ocontext_read_xen(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2664 static int ocontext_read_xen(struct policydb_compat_info *info,
2665 policydb_t *p, struct policy_file *fp)
2666 {
2667 unsigned int i, j;
2668 size_t nel, len;
2669 ocontext_t *l, *c;
2670 uint32_t buf[8];
2671 int rc;
2672
2673 for (i = 0; i < info->ocon_num; i++) {
2674 rc = next_entry(buf, fp, sizeof(uint32_t));
2675 if (rc < 0)
2676 return -1;
2677 nel = le32_to_cpu(buf[0]);
2678 l = NULL;
2679 for (j = 0; j < nel; j++) {
2680 c = calloc(1, sizeof(ocontext_t));
2681 if (!c)
2682 return -1;
2683 if (l)
2684 l->next = c;
2685 else
2686 p->ocontexts[i] = c;
2687 l = c;
2688 switch (i) {
2689 case OCON_XEN_ISID:
2690 rc = next_entry(buf, fp, sizeof(uint32_t));
2691 if (rc < 0)
2692 return -1;
2693 c->sid[0] = le32_to_cpu(buf[0]);
2694 if (context_read_and_validate
2695 (&c->context[0], p, fp))
2696 return -1;
2697 break;
2698 case OCON_XEN_PIRQ:
2699 rc = next_entry(buf, fp, sizeof(uint32_t));
2700 if (rc < 0)
2701 return -1;
2702 c->u.pirq = le32_to_cpu(buf[0]);
2703 if (context_read_and_validate
2704 (&c->context[0], p, fp))
2705 return -1;
2706 break;
2707 case OCON_XEN_IOPORT:
2708 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2709 if (rc < 0)
2710 return -1;
2711 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2712 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2713 if (context_read_and_validate
2714 (&c->context[0], p, fp))
2715 return -1;
2716 break;
2717 case OCON_XEN_IOMEM:
2718 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
2719 uint64_t b64[2];
2720 rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
2721 if (rc < 0)
2722 return -1;
2723 c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
2724 c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
2725 } else {
2726 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2727 if (rc < 0)
2728 return -1;
2729 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2730 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2731 }
2732 if (context_read_and_validate
2733 (&c->context[0], p, fp))
2734 return -1;
2735 break;
2736 case OCON_XEN_PCIDEVICE:
2737 rc = next_entry(buf, fp, sizeof(uint32_t));
2738 if (rc < 0)
2739 return -1;
2740 c->u.device = le32_to_cpu(buf[0]);
2741 if (context_read_and_validate
2742 (&c->context[0], p, fp))
2743 return -1;
2744 break;
2745 case OCON_XEN_DEVICETREE:
2746 rc = next_entry(buf, fp, sizeof(uint32_t));
2747 if (rc < 0)
2748 return -1;
2749 len = le32_to_cpu(buf[0]);
2750 if (zero_or_saturated(len))
2751 return -1;
2752
2753 c->u.name = malloc(len + 1);
2754 if (!c->u.name)
2755 return -1;
2756 rc = next_entry(c->u.name, fp, len);
2757 if (rc < 0)
2758 return -1;
2759 c->u.name[len] = 0;
2760 if (context_read_and_validate
2761 (&c->context[0], p, fp))
2762 return -1;
2763 break;
2764 default:
2765 /* should never get here */
2766 ERR(fp->handle, "Unknown Xen ocontext");
2767 return -1;
2768 }
2769 }
2770 }
2771 return 0;
2772 }
ocontext_read_selinux(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2773 static int ocontext_read_selinux(struct policydb_compat_info *info,
2774 policydb_t * p, struct policy_file *fp)
2775 {
2776 unsigned int i, j;
2777 size_t nel, len;
2778 ocontext_t *l, *c;
2779 uint32_t buf[8];
2780 int rc;
2781
2782 for (i = 0; i < info->ocon_num; i++) {
2783 rc = next_entry(buf, fp, sizeof(uint32_t));
2784 if (rc < 0)
2785 return -1;
2786 nel = le32_to_cpu(buf[0]);
2787 l = NULL;
2788 for (j = 0; j < nel; j++) {
2789 c = calloc(1, sizeof(ocontext_t));
2790 if (!c) {
2791 return -1;
2792 }
2793 if (l) {
2794 l->next = c;
2795 } else {
2796 p->ocontexts[i] = c;
2797 }
2798 l = c;
2799 switch (i) {
2800 case OCON_ISID:
2801 rc = next_entry(buf, fp, sizeof(uint32_t));
2802 if (rc < 0)
2803 return -1;
2804 c->sid[0] = le32_to_cpu(buf[0]);
2805 if (context_read_and_validate
2806 (&c->context[0], p, fp))
2807 return -1;
2808 break;
2809 case OCON_FS:
2810 case OCON_NETIF:
2811 rc = next_entry(buf, fp, sizeof(uint32_t));
2812 if (rc < 0)
2813 return -1;
2814 len = le32_to_cpu(buf[0]);
2815 if (zero_or_saturated(len) || len > 63)
2816 return -1;
2817 c->u.name = malloc(len + 1);
2818 if (!c->u.name)
2819 return -1;
2820 rc = next_entry(c->u.name, fp, len);
2821 if (rc < 0)
2822 return -1;
2823 c->u.name[len] = 0;
2824 if (context_read_and_validate
2825 (&c->context[0], p, fp))
2826 return -1;
2827 if (context_read_and_validate
2828 (&c->context[1], p, fp))
2829 return -1;
2830 break;
2831 case OCON_IBPKEY: {
2832 uint32_t pkey_lo, pkey_hi;
2833
2834 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2835 if (rc < 0)
2836 return -1;
2837
2838 pkey_lo = le32_to_cpu(buf[2]);
2839 pkey_hi = le32_to_cpu(buf[3]);
2840
2841 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
2842 return -1;
2843
2844 c->u.ibpkey.low_pkey = pkey_lo;
2845 c->u.ibpkey.high_pkey = pkey_hi;
2846
2847 /* we want c->u.ibpkey.subnet_prefix in network
2848 * (big-endian) order, just memcpy it */
2849 memcpy(&c->u.ibpkey.subnet_prefix, buf,
2850 sizeof(c->u.ibpkey.subnet_prefix));
2851
2852 if (context_read_and_validate
2853 (&c->context[0], p, fp))
2854 return -1;
2855 break;
2856 }
2857 case OCON_IBENDPORT: {
2858 uint32_t port;
2859
2860 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2861 if (rc < 0)
2862 return -1;
2863 len = le32_to_cpu(buf[0]);
2864 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
2865 return -1;
2866
2867 port = le32_to_cpu(buf[1]);
2868 if (port > UINT8_MAX || port == 0)
2869 return -1;
2870
2871 c->u.ibendport.dev_name = malloc(len + 1);
2872 if (!c->u.ibendport.dev_name)
2873 return -1;
2874 rc = next_entry(c->u.ibendport.dev_name, fp, len);
2875 if (rc < 0)
2876 return -1;
2877 c->u.ibendport.dev_name[len] = 0;
2878 c->u.ibendport.port = port;
2879 if (context_read_and_validate
2880 (&c->context[0], p, fp))
2881 return -1;
2882 break;
2883 }
2884 case OCON_PORT:
2885 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2886 if (rc < 0)
2887 return -1;
2888 c->u.port.protocol = le32_to_cpu(buf[0]);
2889 c->u.port.low_port = le32_to_cpu(buf[1]);
2890 c->u.port.high_port = le32_to_cpu(buf[2]);
2891 if (context_read_and_validate
2892 (&c->context[0], p, fp))
2893 return -1;
2894 break;
2895 case OCON_NODE:
2896 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2897 if (rc < 0)
2898 return -1;
2899 c->u.node.addr = buf[0]; /* network order */
2900 c->u.node.mask = buf[1]; /* network order */
2901 if (context_read_and_validate
2902 (&c->context[0], p, fp))
2903 return -1;
2904 break;
2905 case OCON_FSUSE:
2906 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2907 if (rc < 0)
2908 return -1;
2909 c->v.behavior = le32_to_cpu(buf[0]);
2910 len = le32_to_cpu(buf[1]);
2911 if (zero_or_saturated(len))
2912 return -1;
2913 c->u.name = malloc(len + 1);
2914 if (!c->u.name)
2915 return -1;
2916 rc = next_entry(c->u.name, fp, len);
2917 if (rc < 0)
2918 return -1;
2919 c->u.name[len] = 0;
2920 if (context_read_and_validate
2921 (&c->context[0], p, fp))
2922 return -1;
2923 break;
2924 case OCON_NODE6:{
2925 int k;
2926
2927 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
2928 if (rc < 0)
2929 return -1;
2930 for (k = 0; k < 4; k++)
2931 /* network order */
2932 c->u.node6.addr[k] = buf[k];
2933 for (k = 0; k < 4; k++)
2934 /* network order */
2935 c->u.node6.mask[k] = buf[k + 4];
2936 if (context_read_and_validate
2937 (&c->context[0], p, fp))
2938 return -1;
2939 break;
2940 }
2941 default:{
2942 ERR(fp->handle, "Unknown SELinux ocontext");
2943 return -1;
2944 }
2945 }
2946 }
2947 }
2948 return 0;
2949 }
2950
ocontext_read(struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2951 static int ocontext_read(struct policydb_compat_info *info,
2952 policydb_t *p, struct policy_file *fp)
2953 {
2954 int rc = -1;
2955 switch (p->target_platform) {
2956 case SEPOL_TARGET_SELINUX:
2957 rc = ocontext_read_selinux(info, p, fp);
2958 break;
2959 case SEPOL_TARGET_XEN:
2960 rc = ocontext_read_xen(info, p, fp);
2961 break;
2962 default:
2963 ERR(fp->handle, "Unknown target");
2964 }
2965 return rc;
2966 }
2967
genfs_read(policydb_t * p,struct policy_file * fp)2968 static int genfs_read(policydb_t * p, struct policy_file *fp)
2969 {
2970 uint32_t buf[1];
2971 size_t nel, nel2, len, len2;
2972 genfs_t *genfs_p, *newgenfs, *genfs;
2973 size_t i, j;
2974 ocontext_t *l, *c, *newc = NULL;
2975 int rc;
2976
2977 rc = next_entry(buf, fp, sizeof(uint32_t));
2978 if (rc < 0)
2979 goto bad;
2980 nel = le32_to_cpu(buf[0]);
2981 genfs_p = NULL;
2982 for (i = 0; i < nel; i++) {
2983 rc = next_entry(buf, fp, sizeof(uint32_t));
2984 if (rc < 0)
2985 goto bad;
2986 len = le32_to_cpu(buf[0]);
2987 if (zero_or_saturated(len))
2988 goto bad;
2989 newgenfs = calloc(1, sizeof(genfs_t));
2990 if (!newgenfs)
2991 goto bad;
2992 newgenfs->fstype = malloc(len + 1);
2993 if (!newgenfs->fstype) {
2994 free(newgenfs);
2995 goto bad;
2996 }
2997 rc = next_entry(newgenfs->fstype, fp, len);
2998 if (rc < 0) {
2999 free(newgenfs->fstype);
3000 free(newgenfs);
3001 goto bad;
3002 }
3003 newgenfs->fstype[len] = 0;
3004 for (genfs_p = NULL, genfs = p->genfs; genfs;
3005 genfs_p = genfs, genfs = genfs->next) {
3006 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
3007 ERR(fp->handle, "dup genfs fstype %s",
3008 newgenfs->fstype);
3009 free(newgenfs->fstype);
3010 free(newgenfs);
3011 goto bad;
3012 }
3013 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
3014 break;
3015 }
3016 newgenfs->next = genfs;
3017 if (genfs_p)
3018 genfs_p->next = newgenfs;
3019 else
3020 p->genfs = newgenfs;
3021 rc = next_entry(buf, fp, sizeof(uint32_t));
3022 if (rc < 0)
3023 goto bad;
3024 nel2 = le32_to_cpu(buf[0]);
3025 for (j = 0; j < nel2; j++) {
3026 newc = calloc(1, sizeof(ocontext_t));
3027 if (!newc) {
3028 goto bad;
3029 }
3030 rc = next_entry(buf, fp, sizeof(uint32_t));
3031 if (rc < 0)
3032 goto bad;
3033 len = le32_to_cpu(buf[0]);
3034 if (zero_or_saturated(len))
3035 goto bad;
3036 newc->u.name = malloc(len + 1);
3037 if (!newc->u.name) {
3038 goto bad;
3039 }
3040 rc = next_entry(newc->u.name, fp, len);
3041 if (rc < 0)
3042 goto bad;
3043 newc->u.name[len] = 0;
3044 rc = next_entry(buf, fp, sizeof(uint32_t));
3045 if (rc < 0)
3046 goto bad;
3047 newc->v.sclass = le32_to_cpu(buf[0]);
3048 if (context_read_and_validate(&newc->context[0], p, fp))
3049 goto bad;
3050 for (l = NULL, c = newgenfs->head; c;
3051 l = c, c = c->next) {
3052 if (!strcmp(newc->u.name, c->u.name) &&
3053 (!c->v.sclass || !newc->v.sclass ||
3054 newc->v.sclass == c->v.sclass)) {
3055 ERR(fp->handle, "dup genfs entry "
3056 "(%s,%s)", newgenfs->fstype,
3057 c->u.name);
3058 goto bad;
3059 }
3060 len = strlen(newc->u.name);
3061 len2 = strlen(c->u.name);
3062 if (len > len2)
3063 break;
3064 }
3065 newc->next = c;
3066 if (l)
3067 l->next = newc;
3068 else
3069 newgenfs->head = newc;
3070 /* clear newc after a new owner has the pointer */
3071 newc = NULL;
3072 }
3073 }
3074
3075 return 0;
3076
3077 bad:
3078 if (newc) {
3079 context_destroy(&newc->context[0]);
3080 context_destroy(&newc->context[1]);
3081 free(newc->u.name);
3082 free(newc);
3083 }
3084 return -1;
3085 }
3086
3087 /*
3088 * Read a MLS level structure from a policydb binary
3089 * representation file.
3090 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)3091 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
3092 {
3093 uint32_t buf[1];
3094 int rc;
3095
3096 mls_level_init(lp);
3097
3098 rc = next_entry(buf, fp, sizeof(uint32_t));
3099 if (rc < 0) {
3100 ERR(fp->handle, "truncated level");
3101 goto bad;
3102 }
3103 lp->sens = le32_to_cpu(buf[0]);
3104
3105 if (ebitmap_read(&lp->cat, fp)) {
3106 ERR(fp->handle, "error reading level categories");
3107 goto bad;
3108 }
3109 return 0;
3110
3111 bad:
3112 return -EINVAL;
3113 }
3114
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3115 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
3116 {
3117 char *key = 0;
3118 user_datum_t *usrdatum;
3119 uint32_t buf[3];
3120 size_t len;
3121 int rc, to_read = 2;
3122
3123 usrdatum = calloc(1, sizeof(user_datum_t));
3124 if (!usrdatum)
3125 return -1;
3126
3127 if (policydb_has_boundary_feature(p))
3128 to_read = 3;
3129
3130 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
3131 if (rc < 0)
3132 goto bad;
3133
3134 len = le32_to_cpu(buf[0]);
3135 if (zero_or_saturated(len))
3136 goto bad;
3137
3138 usrdatum->s.value = le32_to_cpu(buf[1]);
3139 if (policydb_has_boundary_feature(p))
3140 usrdatum->bounds = le32_to_cpu(buf[2]);
3141
3142 key = malloc(len + 1);
3143 if (!key)
3144 goto bad;
3145 rc = next_entry(key, fp, len);
3146 if (rc < 0)
3147 goto bad;
3148 key[len] = 0;
3149
3150 if (p->policy_type == POLICY_KERN) {
3151 if (ebitmap_read(&usrdatum->roles.roles, fp))
3152 goto bad;
3153 } else {
3154 if (role_set_read(&usrdatum->roles, fp))
3155 goto bad;
3156 }
3157
3158 /* users were not allowed in mls modules before version
3159 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
3160 * required - the mls fields will be empty. user declarations in
3161 * non-mls modules will also have empty mls fields */
3162 if ((p->policy_type == POLICY_KERN
3163 && p->policyvers >= POLICYDB_VERSION_MLS)
3164 || (p->policy_type == POLICY_MOD
3165 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3166 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
3167 || (p->policy_type == POLICY_BASE
3168 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3169 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
3170 if (mls_read_range_helper(&usrdatum->exp_range, fp))
3171 goto bad;
3172 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
3173 goto bad;
3174 if (p->policy_type != POLICY_KERN) {
3175 if (mls_range_to_semantic(&usrdatum->exp_range,
3176 &usrdatum->range))
3177 goto bad;
3178 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
3179 &usrdatum->dfltlevel))
3180 goto bad;
3181 }
3182 } else if ((p->policy_type == POLICY_MOD
3183 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
3184 || (p->policy_type == POLICY_BASE
3185 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
3186 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
3187 goto bad;
3188 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
3189 goto bad;
3190 }
3191
3192 if (hashtab_insert(h, key, usrdatum))
3193 goto bad;
3194
3195 return 0;
3196
3197 bad:
3198 user_destroy(key, usrdatum, NULL);
3199 return -1;
3200 }
3201
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3202 static int sens_read(policydb_t * p
3203 __attribute__ ((unused)), hashtab_t h,
3204 struct policy_file *fp)
3205 {
3206 char *key = 0;
3207 level_datum_t *levdatum;
3208 uint32_t buf[2], len;
3209 int rc;
3210
3211 levdatum = malloc(sizeof(level_datum_t));
3212 if (!levdatum)
3213 return -1;
3214 level_datum_init(levdatum);
3215
3216 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3217 if (rc < 0)
3218 goto bad;
3219
3220 len = le32_to_cpu(buf[0]);
3221 if (zero_or_saturated(len))
3222 goto bad;
3223
3224 levdatum->isalias = le32_to_cpu(buf[1]);
3225
3226 key = malloc(len + 1);
3227 if (!key)
3228 goto bad;
3229 rc = next_entry(key, fp, len);
3230 if (rc < 0)
3231 goto bad;
3232 key[len] = 0;
3233
3234 levdatum->level = malloc(sizeof(mls_level_t));
3235 if (!levdatum->level || mls_read_level(levdatum->level, fp))
3236 goto bad;
3237
3238 if (hashtab_insert(h, key, levdatum))
3239 goto bad;
3240
3241 return 0;
3242
3243 bad:
3244 sens_destroy(key, levdatum, NULL);
3245 return -1;
3246 }
3247
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3248 static int cat_read(policydb_t * p
3249 __attribute__ ((unused)), hashtab_t h,
3250 struct policy_file *fp)
3251 {
3252 char *key = 0;
3253 cat_datum_t *catdatum;
3254 uint32_t buf[3], len;
3255 int rc;
3256
3257 catdatum = malloc(sizeof(cat_datum_t));
3258 if (!catdatum)
3259 return -1;
3260 cat_datum_init(catdatum);
3261
3262 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
3263 if (rc < 0)
3264 goto bad;
3265
3266 len = le32_to_cpu(buf[0]);
3267 if(zero_or_saturated(len))
3268 goto bad;
3269
3270 catdatum->s.value = le32_to_cpu(buf[1]);
3271 catdatum->isalias = le32_to_cpu(buf[2]);
3272
3273 key = malloc(len + 1);
3274 if (!key)
3275 goto bad;
3276 rc = next_entry(key, fp, len);
3277 if (rc < 0)
3278 goto bad;
3279 key[len] = 0;
3280
3281 if (hashtab_insert(h, key, catdatum))
3282 goto bad;
3283
3284 return 0;
3285
3286 bad:
3287 cat_destroy(key, catdatum, NULL);
3288 return -1;
3289 }
3290
3291 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
3292 struct policy_file * fp) = {
3293 common_read, class_read, role_read, type_read, user_read,
3294 cond_read_bool, sens_read, cat_read,};
3295
3296 /************** module reading functions below **************/
3297
avrule_read(policydb_t * p,struct policy_file * fp)3298 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
3299 {
3300 unsigned int i;
3301 uint32_t buf[2], len;
3302 class_perm_node_t *cur, *tail = NULL;
3303 avrule_t *avrule;
3304 int rc;
3305
3306 avrule = (avrule_t *) malloc(sizeof(avrule_t));
3307 if (!avrule)
3308 return NULL;
3309
3310 avrule_init(avrule);
3311
3312 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3313 if (rc < 0)
3314 goto bad;
3315
3316 avrule->specified = le32_to_cpu(buf[0]);
3317 avrule->flags = le32_to_cpu(buf[1]);
3318
3319 if (type_set_read(&avrule->stypes, fp))
3320 goto bad;
3321
3322 if (type_set_read(&avrule->ttypes, fp))
3323 goto bad;
3324
3325 rc = next_entry(buf, fp, sizeof(uint32_t));
3326 if (rc < 0)
3327 goto bad;
3328 len = le32_to_cpu(buf[0]);
3329
3330 for (i = 0; i < len; i++) {
3331 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3332 if (!cur)
3333 goto bad;
3334 class_perm_node_init(cur);
3335
3336 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3337 if (rc < 0) {
3338 free(cur);
3339 goto bad;
3340 }
3341
3342 cur->tclass = le32_to_cpu(buf[0]);
3343 cur->data = le32_to_cpu(buf[1]);
3344
3345 if (!tail) {
3346 avrule->perms = cur;
3347 } else {
3348 tail->next = cur;
3349 }
3350 tail = cur;
3351 }
3352
3353 if (avrule->specified & AVRULE_XPERMS) {
3354 uint8_t buf8;
3355 size_t nel = ARRAY_SIZE(avrule->xperms->perms);
3356 uint32_t buf32[nel];
3357
3358 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
3359 ERR(fp->handle,
3360 "module policy version %u does not support ioctl"
3361 " extended permissions rules and one was specified",
3362 p->policyvers);
3363 goto bad;
3364 }
3365
3366 if (p->target_platform != SEPOL_TARGET_SELINUX) {
3367 ERR(fp->handle,
3368 "Target platform %s does not support ioctl"
3369 " extended permissions rules and one was specified",
3370 policydb_target_strings[p->target_platform]);
3371 goto bad;
3372 }
3373
3374 avrule->xperms = calloc(1, sizeof(*avrule->xperms));
3375 if (!avrule->xperms)
3376 goto bad;
3377
3378 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3379 if (rc < 0) {
3380 ERR(fp->handle, "truncated entry");
3381 goto bad;
3382 }
3383 avrule->xperms->specified = buf8;
3384 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3385 if (rc < 0) {
3386 ERR(fp->handle, "truncated entry");
3387 goto bad;
3388 }
3389 avrule->xperms->driver = buf8;
3390 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
3391 if (rc < 0) {
3392 ERR(fp->handle, "truncated entry");
3393 goto bad;
3394 }
3395 for (i = 0; i < nel; i++)
3396 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
3397 }
3398
3399 return avrule;
3400 bad:
3401 if (avrule) {
3402 avrule_destroy(avrule);
3403 free(avrule);
3404 }
3405 return NULL;
3406 }
3407
range_read(policydb_t * p,struct policy_file * fp)3408 static int range_read(policydb_t * p, struct policy_file *fp)
3409 {
3410 uint32_t buf[2], nel;
3411 range_trans_t *rt = NULL;
3412 struct mls_range *r = NULL;
3413 range_trans_rule_t *rtr = NULL, *lrtr = NULL;
3414 unsigned int i;
3415 int new_rangetr = (p->policy_type == POLICY_KERN &&
3416 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3417 int rc;
3418
3419 rc = next_entry(buf, fp, sizeof(uint32_t));
3420 if (rc < 0)
3421 return -1;
3422 nel = le32_to_cpu(buf[0]);
3423 for (i = 0; i < nel; i++) {
3424 rt = calloc(1, sizeof(range_trans_t));
3425 if (!rt)
3426 return -1;
3427 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3428 if (rc < 0)
3429 goto err;
3430 rt->source_type = le32_to_cpu(buf[0]);
3431 rt->target_type = le32_to_cpu(buf[1]);
3432 if (new_rangetr) {
3433 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3434 if (rc < 0)
3435 goto err;
3436 rt->target_class = le32_to_cpu(buf[0]);
3437 } else
3438 rt->target_class = SECCLASS_PROCESS;
3439 r = calloc(1, sizeof(*r));
3440 if (!r)
3441 goto err;
3442 if (mls_read_range_helper(r, fp))
3443 goto err;
3444
3445 if (p->policy_type == POLICY_KERN) {
3446 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
3447 if (rc)
3448 goto err;
3449 rt = NULL;
3450 r = NULL;
3451 continue;
3452 }
3453
3454 /* Module policy: convert to range_trans_rule and discard. */
3455 rtr = malloc(sizeof(range_trans_rule_t));
3456 if (!rtr)
3457 goto err;
3458 range_trans_rule_init(rtr);
3459
3460 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3461 goto err;
3462
3463 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3464 goto err;
3465
3466 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3467 goto err;
3468
3469 if (mls_range_to_semantic(r, &rtr->trange))
3470 goto err;
3471
3472 if (lrtr)
3473 lrtr->next = rtr;
3474 else
3475 p->global->enabled->range_tr_rules = rtr;
3476
3477 free(rt);
3478 rt = NULL;
3479 free(r);
3480 r = NULL;
3481 lrtr = rtr;
3482 }
3483
3484 return 0;
3485 err:
3486 free(rt);
3487 if (r) {
3488 mls_range_destroy(r);
3489 free(r);
3490 }
3491 if (rtr) {
3492 range_trans_rule_destroy(rtr);
3493 free(rtr);
3494 }
3495 return -1;
3496 }
3497
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3498 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3499 struct policy_file *fp)
3500 {
3501 unsigned int i;
3502 avrule_t *cur, *tail;
3503 uint32_t buf[1], len;
3504 int rc;
3505
3506 *avrules = tail = NULL;
3507
3508 rc = next_entry(buf, fp, sizeof(uint32_t));
3509 if (rc < 0) {
3510 return -1;
3511 }
3512 len = le32_to_cpu(buf[0]);
3513
3514 for (i = 0; i < len; i++) {
3515 cur = avrule_read(p, fp);
3516 if (!cur) {
3517 return -1;
3518 }
3519
3520 if (!tail) {
3521 *avrules = cur;
3522 } else {
3523 tail->next = cur;
3524 }
3525 tail = cur;
3526 }
3527
3528 return 0;
3529 }
3530
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3531 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3532 struct policy_file *fp)
3533 {
3534 uint32_t buf[1], nel;
3535 unsigned int i;
3536 role_trans_rule_t *tr, *ltr;
3537 int rc;
3538
3539 rc = next_entry(buf, fp, sizeof(uint32_t));
3540 if (rc < 0)
3541 return -1;
3542 nel = le32_to_cpu(buf[0]);
3543 ltr = NULL;
3544 for (i = 0; i < nel; i++) {
3545 tr = malloc(sizeof(role_trans_rule_t));
3546 if (!tr) {
3547 return -1;
3548 }
3549 role_trans_rule_init(tr);
3550
3551 if (ltr) {
3552 ltr->next = tr;
3553 } else {
3554 *r = tr;
3555 }
3556
3557 if (role_set_read(&tr->roles, fp))
3558 return -1;
3559
3560 if (type_set_read(&tr->types, fp))
3561 return -1;
3562
3563 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3564 if (ebitmap_read(&tr->classes, fp))
3565 return -1;
3566 } else {
3567 if (ebitmap_set_bit(&tr->classes, SECCLASS_PROCESS - 1, 1))
3568 return -1;
3569 }
3570
3571 rc = next_entry(buf, fp, sizeof(uint32_t));
3572 if (rc < 0)
3573 return -1;
3574 tr->new_role = le32_to_cpu(buf[0]);
3575 ltr = tr;
3576 }
3577
3578 return 0;
3579 }
3580
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3581 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3582 {
3583 unsigned int i;
3584 uint32_t buf[1], nel;
3585 role_allow_rule_t *ra, *lra;
3586 int rc;
3587
3588 rc = next_entry(buf, fp, sizeof(uint32_t));
3589 if (rc < 0)
3590 return -1;
3591 nel = le32_to_cpu(buf[0]);
3592 lra = NULL;
3593 for (i = 0; i < nel; i++) {
3594 ra = malloc(sizeof(role_allow_rule_t));
3595 if (!ra) {
3596 return -1;
3597 }
3598 role_allow_rule_init(ra);
3599
3600 if (lra) {
3601 lra->next = ra;
3602 } else {
3603 *r = ra;
3604 }
3605
3606 if (role_set_read(&ra->roles, fp))
3607 return -1;
3608
3609 if (role_set_read(&ra->new_roles, fp))
3610 return -1;
3611
3612 lra = ra;
3613 }
3614 return 0;
3615 }
3616
filename_trans_rule_read(filename_trans_rule_t ** r,struct policy_file * fp)3617 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3618 {
3619 uint32_t buf[2], nel;
3620 unsigned int i, len;
3621 filename_trans_rule_t *ftr, *lftr;
3622 int rc;
3623
3624 rc = next_entry(buf, fp, sizeof(uint32_t));
3625 if (rc < 0)
3626 return -1;
3627 nel = le32_to_cpu(buf[0]);
3628 lftr = NULL;
3629 for (i = 0; i < nel; i++) {
3630 ftr = malloc(sizeof(*ftr));
3631 if (!ftr)
3632 return -1;
3633
3634 filename_trans_rule_init(ftr);
3635
3636 if (lftr)
3637 lftr->next = ftr;
3638 else
3639 *r = ftr;
3640 lftr = ftr;
3641
3642 rc = next_entry(buf, fp, sizeof(uint32_t));
3643 if (rc < 0)
3644 return -1;
3645
3646 len = le32_to_cpu(buf[0]);
3647 if (zero_or_saturated(len))
3648 return -1;
3649
3650 ftr->name = malloc(len + 1);
3651 if (!ftr->name)
3652 return -1;
3653
3654 rc = next_entry(ftr->name, fp, len);
3655 if (rc)
3656 return -1;
3657 ftr->name[len] = 0;
3658
3659 if (type_set_read(&ftr->stypes, fp))
3660 return -1;
3661
3662 if (type_set_read(&ftr->ttypes, fp))
3663 return -1;
3664
3665 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3666 if (rc < 0)
3667 return -1;
3668 ftr->tclass = le32_to_cpu(buf[0]);
3669 ftr->otype = le32_to_cpu(buf[1]);
3670 }
3671
3672 return 0;
3673 }
3674
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3675 static int range_trans_rule_read(range_trans_rule_t ** r,
3676 struct policy_file *fp)
3677 {
3678 uint32_t buf[1], nel;
3679 unsigned int i;
3680 range_trans_rule_t *rt, *lrt = NULL;
3681 int rc;
3682
3683 rc = next_entry(buf, fp, sizeof(uint32_t));
3684 if (rc < 0)
3685 return -1;
3686 nel = le32_to_cpu(buf[0]);
3687 for (i = 0; i < nel; i++) {
3688 rt = malloc(sizeof(range_trans_rule_t));
3689 if (!rt) {
3690 return -1;
3691 }
3692 range_trans_rule_init(rt);
3693
3694 if (lrt)
3695 lrt->next = rt;
3696 else
3697 *r = rt;
3698
3699 if (type_set_read(&rt->stypes, fp))
3700 return -1;
3701
3702 if (type_set_read(&rt->ttypes, fp))
3703 return -1;
3704
3705 if (ebitmap_read(&rt->tclasses, fp))
3706 return -1;
3707
3708 if (mls_read_semantic_range_helper(&rt->trange, fp))
3709 return -1;
3710
3711 lrt = rt;
3712 }
3713
3714 return 0;
3715 }
3716
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3717 static int scope_index_read(scope_index_t * scope_index,
3718 unsigned int num_scope_syms, struct policy_file *fp)
3719 {
3720 unsigned int i;
3721 uint32_t buf[1];
3722 int rc;
3723
3724 for (i = 0; i < num_scope_syms; i++) {
3725 if (ebitmap_read(scope_index->scope + i, fp) < 0) {
3726 return -1;
3727 }
3728 }
3729 rc = next_entry(buf, fp, sizeof(uint32_t));
3730 if (rc < 0)
3731 return -1;
3732 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3733 if (scope_index->class_perms_len == 0) {
3734 scope_index->class_perms_map = NULL;
3735 return 0;
3736 }
3737 if ((scope_index->class_perms_map =
3738 calloc(scope_index->class_perms_len,
3739 sizeof(*scope_index->class_perms_map))) == NULL) {
3740 return -1;
3741 }
3742 for (i = 0; i < scope_index->class_perms_len; i++) {
3743 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
3744 return -1;
3745 }
3746 }
3747 return 0;
3748 }
3749
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3750 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3751 unsigned int num_scope_syms, struct policy_file *fp)
3752 {
3753 uint32_t buf[2], nprim, nel;
3754 unsigned int i, j;
3755 int rc;
3756
3757 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3758 if (rc < 0)
3759 return -1;
3760 decl->decl_id = le32_to_cpu(buf[0]);
3761 decl->enabled = le32_to_cpu(buf[1]);
3762 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3763 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3764 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3765 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3766 return -1;
3767 }
3768
3769 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3770 filename_trans_rule_read(&decl->filename_trans_rules, fp))
3771 return -1;
3772
3773 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3774 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3775 return -1;
3776 }
3777 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3778 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3779 return -1;
3780 }
3781
3782 for (i = 0; i < num_scope_syms; i++) {
3783 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3784 if (rc < 0)
3785 return -1;
3786 nprim = le32_to_cpu(buf[0]);
3787 nel = le32_to_cpu(buf[1]);
3788 for (j = 0; j < nel; j++) {
3789 if (read_f[i] (p, decl->symtab[i].table, fp)) {
3790 return -1;
3791 }
3792 }
3793 decl->symtab[i].nprim = nprim;
3794 }
3795 return 0;
3796 }
3797
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)3798 static int avrule_block_read(policydb_t * p,
3799 avrule_block_t ** block,
3800 unsigned int num_scope_syms,
3801 struct policy_file *fp)
3802 {
3803 avrule_block_t *last_block = NULL, *curblock;
3804 uint32_t buf[1], num_blocks, nel;
3805 int rc;
3806
3807 assert(*block == NULL);
3808
3809 rc = next_entry(buf, fp, sizeof(uint32_t));
3810 if (rc < 0)
3811 return -1;
3812 num_blocks = le32_to_cpu(buf[0]);
3813 nel = num_blocks;
3814 while (num_blocks > 0) {
3815 avrule_decl_t *last_decl = NULL, *curdecl;
3816 uint32_t num_decls;
3817 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
3818 return -1;
3819 }
3820 rc = next_entry(buf, fp, sizeof(uint32_t));
3821 if (rc < 0) {
3822 free(curblock);
3823 return -1;
3824 }
3825 /* if this is the first block its non-optional, else its optional */
3826 if (num_blocks != nel)
3827 curblock->flags |= AVRULE_OPTIONAL;
3828
3829 num_decls = le32_to_cpu(buf[0]);
3830 while (num_decls > 0) {
3831 if ((curdecl = avrule_decl_create(0)) == NULL) {
3832 avrule_block_destroy(curblock);
3833 return -1;
3834 }
3835 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
3836 -1) {
3837 avrule_decl_destroy(curdecl);
3838 avrule_block_destroy(curblock);
3839 return -1;
3840 }
3841 if (curdecl->enabled) {
3842 if (curblock->enabled != NULL) {
3843 /* probably a corrupt file */
3844 avrule_decl_destroy(curdecl);
3845 avrule_block_destroy(curblock);
3846 return -1;
3847 }
3848 curblock->enabled = curdecl;
3849 }
3850 /* one must be careful to reconstruct the
3851 * decl chain in its correct order */
3852 if (curblock->branch_list == NULL) {
3853 curblock->branch_list = curdecl;
3854 } else {
3855 assert(last_decl);
3856 last_decl->next = curdecl;
3857 }
3858 last_decl = curdecl;
3859 num_decls--;
3860 }
3861
3862 if (*block == NULL) {
3863 *block = curblock;
3864 } else {
3865 assert(last_block);
3866 last_block->next = curblock;
3867 }
3868 last_block = curblock;
3869
3870 num_blocks--;
3871 }
3872
3873 return 0;
3874 }
3875
scope_read(policydb_t * p,int symnum,struct policy_file * fp)3876 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
3877 {
3878 scope_datum_t *scope = NULL;
3879 uint32_t buf[2];
3880 char *key = NULL;
3881 size_t key_len;
3882 unsigned int i;
3883 hashtab_t h = p->scope[symnum].table;
3884 int rc;
3885
3886 rc = next_entry(buf, fp, sizeof(uint32_t));
3887 if (rc < 0)
3888 goto cleanup;
3889 key_len = le32_to_cpu(buf[0]);
3890 if (zero_or_saturated(key_len))
3891 goto cleanup;
3892 key = malloc(key_len + 1);
3893 if (!key)
3894 goto cleanup;
3895 rc = next_entry(key, fp, key_len);
3896 if (rc < 0)
3897 goto cleanup;
3898 key[key_len] = '\0';
3899
3900 /* ensure that there already exists a symbol with this key */
3901 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
3902 goto cleanup;
3903 }
3904
3905 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
3906 goto cleanup;
3907 }
3908 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3909 if (rc < 0)
3910 goto cleanup;
3911 scope->scope = le32_to_cpu(buf[0]);
3912 scope->decl_ids_len = le32_to_cpu(buf[1]);
3913 if (scope->decl_ids_len == 0) {
3914 ERR(fp->handle, "invalid scope with no declaration");
3915 goto cleanup;
3916 }
3917 if ((scope->decl_ids =
3918 malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
3919 goto cleanup;
3920 }
3921 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
3922 if (rc < 0)
3923 goto cleanup;
3924 for (i = 0; i < scope->decl_ids_len; i++) {
3925 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
3926 }
3927
3928 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
3929 /* object_r was already added to this table in roles_init() */
3930 scope_destroy(key, scope, NULL);
3931 } else {
3932 if (hashtab_insert(h, key, scope)) {
3933 goto cleanup;
3934 }
3935 }
3936
3937 return 0;
3938
3939 cleanup:
3940 scope_destroy(key, scope, NULL);
3941 return -1;
3942 }
3943
3944 /*
3945 * Read the configuration data from a policy database binary
3946 * representation file into a policy database structure.
3947 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)3948 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
3949 {
3950
3951 unsigned int i, j, r_policyvers;
3952 uint32_t buf[5];
3953 size_t len, nprim, nel;
3954 char *policydb_str;
3955 struct policydb_compat_info *info;
3956 unsigned int policy_type, bufindex;
3957 ebitmap_node_t *tnode;
3958 int rc;
3959
3960 /* Read the magic number and string length. */
3961 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3962 if (rc < 0)
3963 return POLICYDB_ERROR;
3964 for (i = 0; i < 2; i++)
3965 buf[i] = le32_to_cpu(buf[i]);
3966
3967 if (buf[0] == POLICYDB_MAGIC) {
3968 policy_type = POLICY_KERN;
3969 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
3970 policy_type = POLICY_MOD;
3971 } else {
3972 ERR(fp->handle, "policydb magic number %#08x does not "
3973 "match expected magic number %#08x or %#08x",
3974 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
3975 return POLICYDB_ERROR;
3976 }
3977
3978 len = buf[1];
3979 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
3980 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
3981 return POLICYDB_ERROR;
3982 }
3983
3984 policydb_str = malloc(len + 1);
3985 if (!policydb_str) {
3986 ERR(fp->handle, "unable to allocate memory for policydb "
3987 "string of length %zu", len);
3988 return POLICYDB_ERROR;
3989 }
3990 rc = next_entry(policydb_str, fp, len);
3991 if (rc < 0) {
3992 ERR(fp->handle, "truncated policydb string identifier");
3993 free(policydb_str);
3994 return POLICYDB_ERROR;
3995 }
3996 policydb_str[len] = 0;
3997
3998 if (policy_type == POLICY_KERN) {
3999 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
4000 if ((strcmp(policydb_str, policydb_target_strings[i])
4001 == 0)) {
4002 policydb_set_target_platform(p, i);
4003 break;
4004 }
4005 }
4006
4007 if (i == POLICYDB_TARGET_SZ) {
4008 ERR(fp->handle, "cannot find a valid target for policy "
4009 "string %s", policydb_str);
4010 free(policydb_str);
4011 return POLICYDB_ERROR;
4012 }
4013 } else {
4014 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
4015 ERR(fp->handle, "invalid string identifier %s",
4016 policydb_str);
4017 free(policydb_str);
4018 return POLICYDB_ERROR;
4019 }
4020 }
4021
4022 /* Done with policydb_str. */
4023 free(policydb_str);
4024 policydb_str = NULL;
4025
4026 /* Read the version, config, and table sizes (and policy type if it's a module). */
4027 if (policy_type == POLICY_KERN)
4028 nel = 4;
4029 else
4030 nel = 5;
4031
4032 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
4033 if (rc < 0)
4034 return POLICYDB_ERROR;
4035 for (i = 0; i < nel; i++)
4036 buf[i] = le32_to_cpu(buf[i]);
4037
4038 bufindex = 0;
4039
4040 if (policy_type == POLICY_MOD) {
4041 /* We know it's a module but not whether it's a base
4042 module or regular binary policy module. buf[0]
4043 tells us which. */
4044 policy_type = buf[bufindex];
4045 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
4046 ERR(fp->handle, "unknown module type: %#08x",
4047 policy_type);
4048 return POLICYDB_ERROR;
4049 }
4050 bufindex++;
4051 }
4052
4053 r_policyvers = buf[bufindex];
4054 if (policy_type == POLICY_KERN) {
4055 if (r_policyvers < POLICYDB_VERSION_MIN ||
4056 r_policyvers > POLICYDB_VERSION_MAX) {
4057 ERR(fp->handle, "policydb version %d does not match "
4058 "my version range %d-%d", buf[bufindex],
4059 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
4060 return POLICYDB_ERROR;
4061 }
4062 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
4063 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
4064 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
4065 ERR(fp->handle, "policydb module version %d does "
4066 "not match my version range %d-%d",
4067 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
4068 MOD_POLICYDB_VERSION_MAX);
4069 return POLICYDB_ERROR;
4070 }
4071 } else {
4072 assert(0);
4073 }
4074 bufindex++;
4075
4076 /* Set the policy type and version from the read values. */
4077 p->policy_type = policy_type;
4078 p->policyvers = r_policyvers;
4079
4080 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
4081 p->mls = 1;
4082 } else {
4083 p->mls = 0;
4084 }
4085
4086 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
4087
4088 bufindex++;
4089
4090 info = policydb_lookup_compat(r_policyvers, policy_type,
4091 p->target_platform);
4092 if (!info) {
4093 ERR(fp->handle, "unable to find policy compat info "
4094 "for version %d", r_policyvers);
4095 goto bad;
4096 }
4097
4098 if (buf[bufindex] != info->sym_num
4099 || buf[bufindex + 1] != info->ocon_num) {
4100 ERR(fp->handle,
4101 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
4102 buf[bufindex], buf[bufindex + 1], info->sym_num,
4103 info->ocon_num);
4104 goto bad;
4105 }
4106
4107 if (p->policy_type == POLICY_MOD) {
4108 /* Get the module name and version */
4109 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4110 goto bad;
4111 }
4112 len = le32_to_cpu(buf[0]);
4113 if (zero_or_saturated(len))
4114 goto bad;
4115 if ((p->name = malloc(len + 1)) == NULL) {
4116 goto bad;
4117 }
4118 if ((rc = next_entry(p->name, fp, len)) < 0) {
4119 goto bad;
4120 }
4121 p->name[len] = '\0';
4122 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4123 goto bad;
4124 }
4125 len = le32_to_cpu(buf[0]);
4126 if (zero_or_saturated(len))
4127 goto bad;
4128 if ((p->version = malloc(len + 1)) == NULL) {
4129 goto bad;
4130 }
4131 if ((rc = next_entry(p->version, fp, len)) < 0) {
4132 goto bad;
4133 }
4134 p->version[len] = '\0';
4135 }
4136
4137 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
4138 p->policy_type == POLICY_KERN) ||
4139 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4140 p->policy_type == POLICY_BASE) ||
4141 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4142 p->policy_type == POLICY_MOD)) {
4143 if (ebitmap_read(&p->policycaps, fp))
4144 goto bad;
4145 }
4146
4147 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
4148 p->policy_type == POLICY_KERN) {
4149 if (ebitmap_read(&p->permissive_map, fp))
4150 goto bad;
4151 }
4152
4153 for (i = 0; i < info->sym_num; i++) {
4154 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4155 if (rc < 0)
4156 goto bad;
4157 nprim = le32_to_cpu(buf[0]);
4158 nel = le32_to_cpu(buf[1]);
4159 if (nel && !nprim) {
4160 ERR(fp->handle, "unexpected items in symbol table with no symbol");
4161 goto bad;
4162 }
4163 for (j = 0; j < nel; j++) {
4164 if (read_f[i] (p, p->symtab[i].table, fp))
4165 goto bad;
4166 }
4167
4168 p->symtab[i].nprim = nprim;
4169 }
4170
4171 if (policy_type == POLICY_KERN) {
4172 if (avtab_read(&p->te_avtab, fp, r_policyvers))
4173 goto bad;
4174 if (r_policyvers >= POLICYDB_VERSION_BOOL)
4175 if (cond_read_list(p, &p->cond_list, fp))
4176 goto bad;
4177 if (role_trans_read(p, fp))
4178 goto bad;
4179 if (role_allow_read(&p->role_allow, fp))
4180 goto bad;
4181 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
4182 filename_trans_read(p, fp))
4183 goto bad;
4184 } else {
4185 /* first read the AV rule blocks, then the scope tables */
4186 avrule_block_destroy(p->global);
4187 p->global = NULL;
4188 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
4189 goto bad;
4190 }
4191 if (p->global == NULL) {
4192 ERR(fp->handle, "no avrule block in policy");
4193 goto bad;
4194 }
4195 for (i = 0; i < info->sym_num; i++) {
4196 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4197 goto bad;
4198 }
4199 nel = le32_to_cpu(buf[0]);
4200 for (j = 0; j < nel; j++) {
4201 if (scope_read(p, i, fp))
4202 goto bad;
4203 }
4204 }
4205
4206 }
4207
4208 if (policydb_index_decls(fp->handle, p))
4209 goto bad;
4210
4211 if (policydb_index_classes(p))
4212 goto bad;
4213
4214 if (policydb_index_others(fp->handle, p, verbose))
4215 goto bad;
4216
4217 if (ocontext_read(info, p, fp) == -1) {
4218 goto bad;
4219 }
4220
4221 if (genfs_read(p, fp) == -1) {
4222 goto bad;
4223 }
4224
4225 if ((p->policy_type == POLICY_KERN
4226 && p->policyvers >= POLICYDB_VERSION_MLS)
4227 || (p->policy_type == POLICY_BASE
4228 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
4229 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
4230 if (range_read(p, fp)) {
4231 goto bad;
4232 }
4233 }
4234
4235 if (policy_type == POLICY_KERN) {
4236 p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
4237 p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
4238 if (!p->type_attr_map || !p->attr_type_map)
4239 goto bad;
4240 for (i = 0; i < p->p_types.nprim; i++) {
4241 ebitmap_init(&p->type_attr_map[i]);
4242 ebitmap_init(&p->attr_type_map[i]);
4243 }
4244 for (i = 0; i < p->p_types.nprim; i++) {
4245 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
4246 if (ebitmap_read(&p->type_attr_map[i], fp))
4247 goto bad;
4248 ebitmap_for_each_bit(&p->type_attr_map[i],
4249 tnode, j) {
4250 if (!ebitmap_node_get_bit(tnode, j)
4251 || i == j)
4252 continue;
4253
4254 if (j >= p->p_types.nprim)
4255 goto bad;
4256
4257 if (ebitmap_set_bit
4258 (&p->attr_type_map[j], i, 1))
4259 goto bad;
4260 }
4261 }
4262 /* add the type itself as the degenerate case */
4263 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
4264 goto bad;
4265 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
4266 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
4267 goto bad;
4268 }
4269 }
4270 }
4271
4272 return POLICYDB_SUCCESS;
4273 bad:
4274 return POLICYDB_ERROR;
4275 }
4276
policydb_reindex_users(policydb_t * p)4277 int policydb_reindex_users(policydb_t * p)
4278 {
4279 unsigned int i = SYM_USERS;
4280
4281 if (p->user_val_to_struct)
4282 free(p->user_val_to_struct);
4283 if (p->sym_val_to_name[i])
4284 free(p->sym_val_to_name[i]);
4285
4286 p->user_val_to_struct = (user_datum_t **)
4287 calloc(p->p_users.nprim, sizeof(user_datum_t *));
4288 if (!p->user_val_to_struct)
4289 return -1;
4290
4291 p->sym_val_to_name[i] = (char **)
4292 calloc(p->symtab[i].nprim, sizeof(char *));
4293 if (!p->sym_val_to_name[i])
4294 return -1;
4295
4296 if (hashtab_map(p->symtab[i].table, index_f[i], p))
4297 return -1;
4298
4299 /* Expand user roles for context validity checking */
4300 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
4301 return -1;
4302
4303 return 0;
4304 }
4305
policy_file_init(policy_file_t * pf)4306 void policy_file_init(policy_file_t *pf)
4307 {
4308 memset(pf, 0, sizeof(policy_file_t));
4309 }
4310
policydb_set_target_platform(policydb_t * p,int platform)4311 int policydb_set_target_platform(policydb_t *p, int platform)
4312 {
4313 if (platform == SEPOL_TARGET_SELINUX)
4314 p->target_platform = SEPOL_TARGET_SELINUX;
4315 else if (platform == SEPOL_TARGET_XEN)
4316 p->target_platform = SEPOL_TARGET_XEN;
4317 else
4318 return -1;
4319
4320 return 0;
4321 }
4322
policydb_sort_ocontexts(policydb_t * p)4323 int policydb_sort_ocontexts(policydb_t *p)
4324 {
4325 return sort_ocontexts(p);
4326 }
4327