1 
2 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
3 
4 /*
5  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6  *
7  *	Support for enhanced MLS infrastructure.
8  *
9  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10  *
11  * 	Added conditional policy language extensions
12  *
13  * Updated: Red Hat, Inc.  James Morris <jmorris@redhat.com>
14  *      Fine-grained netlink support
15  *      IPv6 support
16  *      Code cleanup
17  *
18  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19  * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20  * Copyright (C) 2003 - 2007 Red Hat, Inc.
21  * Copyright (C) 2017 Mellanox Technologies Inc.
22  *
23  *  This library is free software; you can redistribute it and/or
24  *  modify it under the terms of the GNU Lesser General Public
25  *  License as published by the Free Software Foundation; either
26  *  version 2.1 of the License, or (at your option) any later version.
27  *
28  *  This library is distributed in the hope that it will be useful,
29  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
30  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
31  *  Lesser General Public License for more details.
32  *
33  *  You should have received a copy of the GNU Lesser General Public
34  *  License along with this library; if not, write to the Free Software
35  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
36  */
37 
38 /* FLASK */
39 
40 /*
41  * Implementation of the policy database.
42  */
43 
44 #include <assert.h>
45 #include <stdlib.h>
46 
47 #include <sepol/policydb/policydb.h>
48 #include <sepol/policydb/expand.h>
49 #include <sepol/policydb/conditional.h>
50 #include <sepol/policydb/avrule_block.h>
51 #include <sepol/policydb/util.h>
52 
53 #include "kernel_to_common.h"
54 #include "private.h"
55 #include "debug.h"
56 #include "mls.h"
57 #include "policydb_validate.h"
58 
59 #define POLICYDB_TARGET_SZ   ARRAY_SIZE(policydb_target_strings)
60 const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
61 
62 /* These need to be updated if SYM_NUM or OCON_NUM changes */
63 static const struct policydb_compat_info policydb_compat[] = {
64 	{
65 	 .type = POLICY_KERN,
66 	 .version = POLICYDB_VERSION_BOUNDARY,
67 	 .sym_num = SYM_NUM,
68 	 .ocon_num = OCON_XEN_PCIDEVICE + 1,
69 	 .target_platform = SEPOL_TARGET_XEN,
70 	 },
71 	{
72 	 .type = POLICY_KERN,
73 	 .version = POLICYDB_VERSION_XEN_DEVICETREE,
74 	 .sym_num = SYM_NUM,
75 	 .ocon_num = OCON_XEN_DEVICETREE + 1,
76 	 .target_platform = SEPOL_TARGET_XEN,
77 	 },
78 	{
79 	 .type = POLICY_KERN,
80 	 .version = POLICYDB_VERSION_BASE,
81 	 .sym_num = SYM_NUM - 3,
82 	 .ocon_num = OCON_FSUSE + 1,
83 	 .target_platform = SEPOL_TARGET_SELINUX,
84 	 },
85 	{
86 	 .type = POLICY_KERN,
87 	 .version = POLICYDB_VERSION_BOOL,
88 	 .sym_num = SYM_NUM - 2,
89 	 .ocon_num = OCON_FSUSE + 1,
90 	 .target_platform = SEPOL_TARGET_SELINUX,
91 	 },
92 	{
93 	 .type = POLICY_KERN,
94 	 .version = POLICYDB_VERSION_IPV6,
95 	 .sym_num = SYM_NUM - 2,
96 	 .ocon_num = OCON_NODE6 + 1,
97 	 .target_platform = SEPOL_TARGET_SELINUX,
98 	 },
99 	{
100 	 .type = POLICY_KERN,
101 	 .version = POLICYDB_VERSION_NLCLASS,
102 	 .sym_num = SYM_NUM - 2,
103 	 .ocon_num = OCON_NODE6 + 1,
104 	 .target_platform = SEPOL_TARGET_SELINUX,
105 	 },
106 	{
107 	 .type = POLICY_KERN,
108 	 .version = POLICYDB_VERSION_MLS,
109 	 .sym_num = SYM_NUM,
110 	 .ocon_num = OCON_NODE6 + 1,
111 	 .target_platform = SEPOL_TARGET_SELINUX,
112 	 },
113 	{
114 	 .type = POLICY_KERN,
115 	 .version = POLICYDB_VERSION_AVTAB,
116 	 .sym_num = SYM_NUM,
117 	 .ocon_num = OCON_NODE6 + 1,
118 	 .target_platform = SEPOL_TARGET_SELINUX,
119 	 },
120 	{
121 	 .type = POLICY_KERN,
122 	 .version = POLICYDB_VERSION_RANGETRANS,
123 	 .sym_num = SYM_NUM,
124 	 .ocon_num = OCON_NODE6 + 1,
125 	 .target_platform = SEPOL_TARGET_SELINUX,
126 	 },
127 	{
128 	 .type = POLICY_KERN,
129 	 .version = POLICYDB_VERSION_POLCAP,
130 	 .sym_num = SYM_NUM,
131 	 .ocon_num = OCON_NODE6 + 1,
132 	 .target_platform = SEPOL_TARGET_SELINUX,
133 	 },
134 	{
135 	 .type = POLICY_KERN,
136 	 .version = POLICYDB_VERSION_PERMISSIVE,
137 	 .sym_num = SYM_NUM,
138 	 .ocon_num = OCON_NODE6 + 1,
139 	 .target_platform = SEPOL_TARGET_SELINUX,
140 	 },
141         {
142 	 .type = POLICY_KERN,
143 	 .version = POLICYDB_VERSION_BOUNDARY,
144 	 .sym_num = SYM_NUM,
145 	 .ocon_num = OCON_NODE6 + 1,
146 	 .target_platform = SEPOL_TARGET_SELINUX,
147 	},
148 	{
149 	 .type = POLICY_KERN,
150 	 .version = POLICYDB_VERSION_FILENAME_TRANS,
151 	 .sym_num = SYM_NUM,
152 	 .ocon_num = OCON_NODE6 + 1,
153 	 .target_platform = SEPOL_TARGET_SELINUX,
154 	},
155 	{
156 	 .type = POLICY_KERN,
157 	 .version = POLICYDB_VERSION_ROLETRANS,
158 	 .sym_num = SYM_NUM,
159 	 .ocon_num = OCON_NODE6 + 1,
160 	 .target_platform = SEPOL_TARGET_SELINUX,
161 	},
162 	{
163 	 .type = POLICY_KERN,
164 	 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
165 	 .sym_num = SYM_NUM,
166 	 .ocon_num = OCON_NODE6 + 1,
167 	 .target_platform = SEPOL_TARGET_SELINUX,
168 	},
169 	{
170 	 .type = POLICY_KERN,
171 	 .version = POLICYDB_VERSION_DEFAULT_TYPE,
172 	 .sym_num = SYM_NUM,
173 	 .ocon_num = OCON_NODE6 + 1,
174 	 .target_platform = SEPOL_TARGET_SELINUX,
175 	},
176 	{
177 	 .type = POLICY_KERN,
178 	 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
179 	 .sym_num = SYM_NUM,
180 	 .ocon_num = OCON_NODE6 + 1,
181 	 .target_platform = SEPOL_TARGET_SELINUX,
182 	},
183 	{
184 	 .type = POLICY_KERN,
185 	 .version = POLICYDB_VERSION_XPERMS_IOCTL,
186 	 .sym_num = SYM_NUM,
187 	 .ocon_num = OCON_NODE6 + 1,
188 	 .target_platform = SEPOL_TARGET_SELINUX,
189 	},
190 	{
191 	 .type = POLICY_KERN,
192 	 .version = POLICYDB_VERSION_INFINIBAND,
193 	 .sym_num = SYM_NUM,
194 	 .ocon_num = OCON_IBENDPORT + 1,
195 	 .target_platform = SEPOL_TARGET_SELINUX,
196 	},
197 	{
198 	 .type = POLICY_KERN,
199 	 .version = POLICYDB_VERSION_GLBLUB,
200 	 .sym_num = SYM_NUM,
201 	 .ocon_num = OCON_IBENDPORT + 1,
202 	 .target_platform = SEPOL_TARGET_SELINUX,
203 	},
204 	{
205 	 .type = POLICY_KERN,
206 	 .version = POLICYDB_VERSION_COMP_FTRANS,
207 	 .sym_num = SYM_NUM,
208 	 .ocon_num = OCON_IBENDPORT + 1,
209 	 .target_platform = SEPOL_TARGET_SELINUX,
210 	},
211 	{
212 	 .type = POLICY_BASE,
213 	 .version = MOD_POLICYDB_VERSION_BASE,
214 	 .sym_num = SYM_NUM,
215 	 .ocon_num = OCON_NODE6 + 1,
216 	 .target_platform = SEPOL_TARGET_SELINUX,
217 	 },
218 	{
219 	 .type = POLICY_BASE,
220 	 .version = MOD_POLICYDB_VERSION_MLS,
221 	 .sym_num = SYM_NUM,
222 	 .ocon_num = OCON_NODE6 + 1,
223 	 .target_platform = SEPOL_TARGET_SELINUX,
224 	 },
225 	{
226 	 .type = POLICY_BASE,
227 	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
228 	 .sym_num = SYM_NUM,
229 	 .ocon_num = OCON_NODE6 + 1,
230 	 .target_platform = SEPOL_TARGET_SELINUX,
231 	 },
232 	{
233 	 .type = POLICY_BASE,
234 	 .version = MOD_POLICYDB_VERSION_POLCAP,
235 	 .sym_num = SYM_NUM,
236 	 .ocon_num = OCON_NODE6 + 1,
237 	 .target_platform = SEPOL_TARGET_SELINUX,
238 	 },
239 	{
240 	 .type = POLICY_BASE,
241 	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
242 	 .sym_num = SYM_NUM,
243 	 .ocon_num = OCON_NODE6 + 1,
244 	 .target_platform = SEPOL_TARGET_SELINUX,
245 	 },
246 	{
247 	 .type = POLICY_BASE,
248 	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
249 	 .sym_num = SYM_NUM,
250 	 .ocon_num = OCON_NODE6 + 1,
251 	 .target_platform = SEPOL_TARGET_SELINUX,
252 	},
253 	{
254 	 .type = POLICY_BASE,
255 	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
256 	 .sym_num = SYM_NUM,
257 	 .ocon_num = OCON_NODE6 + 1,
258 	 .target_platform = SEPOL_TARGET_SELINUX,
259 	},
260 	{
261 	 .type = POLICY_BASE,
262 	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
263 	 .sym_num = SYM_NUM,
264 	 .ocon_num = OCON_NODE6 + 1,
265 	 .target_platform = SEPOL_TARGET_SELINUX,
266 	},
267 	{
268 	 .type = POLICY_BASE,
269 	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
270 	 .sym_num = SYM_NUM,
271 	 .ocon_num = OCON_NODE6 + 1,
272 	 .target_platform = SEPOL_TARGET_SELINUX,
273 	},
274 	{
275 	 .type = POLICY_BASE,
276 	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
277 	 .sym_num = SYM_NUM,
278 	 .ocon_num = OCON_NODE6 + 1,
279 	 .target_platform = SEPOL_TARGET_SELINUX,
280 	},
281 	{
282 	 .type = POLICY_BASE,
283 	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
284 	 .sym_num = SYM_NUM,
285 	 .ocon_num = OCON_NODE6 + 1,
286 	 .target_platform = SEPOL_TARGET_SELINUX,
287 	},
288 	{
289 	 .type = POLICY_BASE,
290 	 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
291 	 .sym_num = SYM_NUM,
292 	 .ocon_num = OCON_NODE6 + 1,
293 	 .target_platform = SEPOL_TARGET_SELINUX,
294 	},
295 	{
296 	 .type = POLICY_BASE,
297 	 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
298 	 .sym_num = SYM_NUM,
299 	 .ocon_num = OCON_NODE6 + 1,
300 	 .target_platform = SEPOL_TARGET_SELINUX,
301 	},
302 	{
303 	 .type = POLICY_BASE,
304 	 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
305 	 .sym_num = SYM_NUM,
306 	 .ocon_num = OCON_NODE6 + 1,
307 	 .target_platform = SEPOL_TARGET_SELINUX,
308 	},
309 	{
310 	 .type = POLICY_BASE,
311 	 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
312 	 .sym_num = SYM_NUM,
313 	 .ocon_num = OCON_NODE6 + 1,
314 	 .target_platform = SEPOL_TARGET_SELINUX,
315 	},
316 	{
317 	 .type = POLICY_BASE,
318 	 .version = MOD_POLICYDB_VERSION_INFINIBAND,
319 	 .sym_num = SYM_NUM,
320 	 .ocon_num = OCON_IBENDPORT + 1,
321 	 .target_platform = SEPOL_TARGET_SELINUX,
322 	},
323 	{
324 	 .type = POLICY_BASE,
325 	 .version = MOD_POLICYDB_VERSION_GLBLUB,
326 	 .sym_num = SYM_NUM,
327 	 .ocon_num = OCON_IBENDPORT + 1,
328 	 .target_platform = SEPOL_TARGET_SELINUX,
329 	},
330 	{
331 	 .type = POLICY_MOD,
332 	 .version = MOD_POLICYDB_VERSION_BASE,
333 	 .sym_num = SYM_NUM,
334 	 .ocon_num = 0,
335 	 .target_platform = SEPOL_TARGET_SELINUX,
336 	 },
337 	{
338 	 .type = POLICY_MOD,
339 	 .version = MOD_POLICYDB_VERSION_MLS,
340 	 .sym_num = SYM_NUM,
341 	 .ocon_num = 0,
342 	 .target_platform = SEPOL_TARGET_SELINUX,
343 	 },
344 	{
345 	 .type = POLICY_MOD,
346 	 .version = MOD_POLICYDB_VERSION_MLS_USERS,
347 	 .sym_num = SYM_NUM,
348 	 .ocon_num = 0,
349 	 .target_platform = SEPOL_TARGET_SELINUX,
350 	 },
351 	{
352 	 .type = POLICY_MOD,
353 	 .version = MOD_POLICYDB_VERSION_POLCAP,
354 	 .sym_num = SYM_NUM,
355 	 .ocon_num = 0,
356 	 .target_platform = SEPOL_TARGET_SELINUX,
357 	 },
358 	{
359 	 .type = POLICY_MOD,
360 	 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
361 	 .sym_num = SYM_NUM,
362 	 .ocon_num = 0,
363 	 .target_platform = SEPOL_TARGET_SELINUX,
364 	 },
365 	{
366 	 .type = POLICY_MOD,
367 	 .version = MOD_POLICYDB_VERSION_BOUNDARY,
368 	 .sym_num = SYM_NUM,
369 	 .ocon_num = 0,
370 	 .target_platform = SEPOL_TARGET_SELINUX,
371 	},
372 	{
373 	 .type = POLICY_MOD,
374 	 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
375 	 .sym_num = SYM_NUM,
376 	 .ocon_num = 0,
377 	 .target_platform = SEPOL_TARGET_SELINUX,
378 	},
379 	{
380 	 .type = POLICY_MOD,
381 	 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
382 	 .sym_num = SYM_NUM,
383 	 .ocon_num = 0,
384 	 .target_platform = SEPOL_TARGET_SELINUX,
385 	},
386 	{
387 	 .type = POLICY_MOD,
388 	 .version = MOD_POLICYDB_VERSION_ROLETRANS,
389 	 .sym_num = SYM_NUM,
390 	 .ocon_num = 0,
391 	 .target_platform = SEPOL_TARGET_SELINUX,
392 	},
393 	{
394 	 .type = POLICY_MOD,
395 	 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
396 	 .sym_num = SYM_NUM,
397 	 .ocon_num = 0,
398 	 .target_platform = SEPOL_TARGET_SELINUX,
399 	},
400 	{
401 	 .type = POLICY_MOD,
402 	 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
403 	 .sym_num = SYM_NUM,
404 	 .ocon_num = 0,
405 	 .target_platform = SEPOL_TARGET_SELINUX,
406 	},
407 	{
408 	 .type = POLICY_MOD,
409 	 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
410 	 .sym_num = SYM_NUM,
411 	 .ocon_num = 0,
412 	 .target_platform = SEPOL_TARGET_SELINUX,
413 	},
414 	{
415 	 .type = POLICY_MOD,
416 	 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
417 	 .sym_num = SYM_NUM,
418 	 .ocon_num = 0,
419 	 .target_platform = SEPOL_TARGET_SELINUX,
420 	},
421 	{
422 	 .type = POLICY_MOD,
423 	 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
424 	 .sym_num = SYM_NUM,
425 	 .ocon_num = 0,
426 	 .target_platform = SEPOL_TARGET_SELINUX,
427 	},
428 	{
429 	 .type = POLICY_MOD,
430 	 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
431 	 .sym_num = SYM_NUM,
432 	 .ocon_num = 0,
433 	 .target_platform = SEPOL_TARGET_SELINUX,
434 	},
435 	{
436 	 .type = POLICY_MOD,
437 	 .version = MOD_POLICYDB_VERSION_INFINIBAND,
438 	 .sym_num = SYM_NUM,
439 	 .ocon_num = 0,
440 	 .target_platform = SEPOL_TARGET_SELINUX,
441 	},
442 	{
443 	 .type = POLICY_MOD,
444 	 .version = MOD_POLICYDB_VERSION_GLBLUB,
445 	 .sym_num = SYM_NUM,
446 	 .ocon_num = 0,
447 	 .target_platform = SEPOL_TARGET_SELINUX,
448 	},
449 
450 };
451 
452 #if 0
453 static char *symtab_name[SYM_NUM] = {
454 	"common prefixes",
455 	"classes",
456 	"roles",
457 	"types",
458 	"users",
459 	"bools" mls_symtab_names cond_symtab_names
460 };
461 #endif
462 
463 static const unsigned int symtab_sizes[SYM_NUM] = {
464 	2,
465 	32,
466 	16,
467 	512,
468 	128,
469 	16,
470 	16,
471 	16,
472 };
473 
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)474 const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
475 						          unsigned int type,
476 						          unsigned int target_platform)
477 {
478 	unsigned int i;
479 	const struct policydb_compat_info *info = NULL;
480 
481 	for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
482 		if (policydb_compat[i].version == version &&
483 		    policydb_compat[i].type == type &&
484 		    policydb_compat[i].target_platform == target_platform) {
485 			info = &policydb_compat[i];
486 			break;
487 		}
488 	}
489 	return info;
490 }
491 
type_set_init(type_set_t * x)492 void type_set_init(type_set_t * x)
493 {
494 	memset(x, 0, sizeof(type_set_t));
495 	ebitmap_init(&x->types);
496 	ebitmap_init(&x->negset);
497 }
498 
type_set_destroy(type_set_t * x)499 void type_set_destroy(type_set_t * x)
500 {
501 	if (x != NULL) {
502 		ebitmap_destroy(&x->types);
503 		ebitmap_destroy(&x->negset);
504 	}
505 }
506 
role_set_init(role_set_t * x)507 void role_set_init(role_set_t * x)
508 {
509 	memset(x, 0, sizeof(role_set_t));
510 	ebitmap_init(&x->roles);
511 }
512 
role_set_destroy(role_set_t * x)513 void role_set_destroy(role_set_t * x)
514 {
515 	ebitmap_destroy(&x->roles);
516 }
517 
role_datum_init(role_datum_t * x)518 void role_datum_init(role_datum_t * x)
519 {
520 	memset(x, 0, sizeof(role_datum_t));
521 	ebitmap_init(&x->dominates);
522 	type_set_init(&x->types);
523 	ebitmap_init(&x->cache);
524 	ebitmap_init(&x->roles);
525 }
526 
role_datum_destroy(role_datum_t * x)527 void role_datum_destroy(role_datum_t * x)
528 {
529 	if (x != NULL) {
530 		ebitmap_destroy(&x->dominates);
531 		type_set_destroy(&x->types);
532 		ebitmap_destroy(&x->cache);
533 		ebitmap_destroy(&x->roles);
534 	}
535 }
536 
type_datum_init(type_datum_t * x)537 void type_datum_init(type_datum_t * x)
538 {
539 	memset(x, 0, sizeof(*x));
540 	ebitmap_init(&x->types);
541 }
542 
type_datum_destroy(type_datum_t * x)543 void type_datum_destroy(type_datum_t * x)
544 {
545 	if (x != NULL) {
546 		ebitmap_destroy(&x->types);
547 	}
548 }
549 
user_datum_init(user_datum_t * x)550 void user_datum_init(user_datum_t * x)
551 {
552 	memset(x, 0, sizeof(user_datum_t));
553 	role_set_init(&x->roles);
554 	mls_semantic_range_init(&x->range);
555 	mls_semantic_level_init(&x->dfltlevel);
556 	ebitmap_init(&x->cache);
557 	mls_range_init(&x->exp_range);
558 	mls_level_init(&x->exp_dfltlevel);
559 }
560 
user_datum_destroy(user_datum_t * x)561 void user_datum_destroy(user_datum_t * x)
562 {
563 	if (x != NULL) {
564 		role_set_destroy(&x->roles);
565 		mls_semantic_range_destroy(&x->range);
566 		mls_semantic_level_destroy(&x->dfltlevel);
567 		ebitmap_destroy(&x->cache);
568 		mls_range_destroy(&x->exp_range);
569 		mls_level_destroy(&x->exp_dfltlevel);
570 	}
571 }
572 
level_datum_init(level_datum_t * x)573 void level_datum_init(level_datum_t * x)
574 {
575 	memset(x, 0, sizeof(level_datum_t));
576 }
577 
level_datum_destroy(level_datum_t * x)578 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
579 {
580 	/* the mls_level_t referenced by the level_datum is managed
581 	 * separately for now, so there is nothing to destroy */
582 	return;
583 }
584 
cat_datum_init(cat_datum_t * x)585 void cat_datum_init(cat_datum_t * x)
586 {
587 	memset(x, 0, sizeof(cat_datum_t));
588 }
589 
cat_datum_destroy(cat_datum_t * x)590 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
591 {
592 	/* it's currently a simple struct - really nothing to destroy */
593 	return;
594 }
595 
class_perm_node_init(class_perm_node_t * x)596 void class_perm_node_init(class_perm_node_t * x)
597 {
598 	memset(x, 0, sizeof(class_perm_node_t));
599 }
600 
avrule_init(avrule_t * x)601 void avrule_init(avrule_t * x)
602 {
603 	memset(x, 0, sizeof(avrule_t));
604 	type_set_init(&x->stypes);
605 	type_set_init(&x->ttypes);
606 }
607 
avrule_destroy(avrule_t * x)608 void avrule_destroy(avrule_t * x)
609 {
610 	class_perm_node_t *cur, *next;
611 
612 	if (x == NULL) {
613 		return;
614 	}
615 	type_set_destroy(&x->stypes);
616 	type_set_destroy(&x->ttypes);
617 
618 	free(x->source_filename);
619 
620 	next = x->perms;
621 	while (next) {
622 		cur = next;
623 		next = cur->next;
624 		free(cur);
625 	}
626 
627 	free(x->xperms);
628 }
629 
role_trans_rule_init(role_trans_rule_t * x)630 void role_trans_rule_init(role_trans_rule_t * x)
631 {
632 	memset(x, 0, sizeof(*x));
633 	role_set_init(&x->roles);
634 	type_set_init(&x->types);
635 	ebitmap_init(&x->classes);
636 }
637 
role_trans_rule_destroy(role_trans_rule_t * x)638 static void role_trans_rule_destroy(role_trans_rule_t * x)
639 {
640 	if (x != NULL) {
641 		role_set_destroy(&x->roles);
642 		type_set_destroy(&x->types);
643 		ebitmap_destroy(&x->classes);
644 	}
645 }
646 
role_trans_rule_list_destroy(role_trans_rule_t * x)647 void role_trans_rule_list_destroy(role_trans_rule_t * x)
648 {
649 	while (x != NULL) {
650 		role_trans_rule_t *next = x->next;
651 		role_trans_rule_destroy(x);
652 		free(x);
653 		x = next;
654 	}
655 }
656 
filename_trans_rule_init(filename_trans_rule_t * x)657 void filename_trans_rule_init(filename_trans_rule_t * x)
658 {
659 	memset(x, 0, sizeof(*x));
660 	type_set_init(&x->stypes);
661 	type_set_init(&x->ttypes);
662 }
663 
filename_trans_rule_destroy(filename_trans_rule_t * x)664 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
665 {
666 	if (!x)
667 		return;
668 	type_set_destroy(&x->stypes);
669 	type_set_destroy(&x->ttypes);
670 	free(x->name);
671 }
672 
filename_trans_rule_list_destroy(filename_trans_rule_t * x)673 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
674 {
675 	filename_trans_rule_t *next;
676 	while (x) {
677 		next = x->next;
678 		filename_trans_rule_destroy(x);
679 		free(x);
680 		x = next;
681 	}
682 }
683 
role_allow_rule_init(role_allow_rule_t * x)684 void role_allow_rule_init(role_allow_rule_t * x)
685 {
686 	memset(x, 0, sizeof(role_allow_rule_t));
687 	role_set_init(&x->roles);
688 	role_set_init(&x->new_roles);
689 }
690 
role_allow_rule_destroy(role_allow_rule_t * x)691 void role_allow_rule_destroy(role_allow_rule_t * x)
692 {
693 	role_set_destroy(&x->roles);
694 	role_set_destroy(&x->new_roles);
695 }
696 
role_allow_rule_list_destroy(role_allow_rule_t * x)697 void role_allow_rule_list_destroy(role_allow_rule_t * x)
698 {
699 	while (x != NULL) {
700 		role_allow_rule_t *next = x->next;
701 		role_allow_rule_destroy(x);
702 		free(x);
703 		x = next;
704 	}
705 }
706 
range_trans_rule_init(range_trans_rule_t * x)707 void range_trans_rule_init(range_trans_rule_t * x)
708 {
709 	type_set_init(&x->stypes);
710 	type_set_init(&x->ttypes);
711 	ebitmap_init(&x->tclasses);
712 	mls_semantic_range_init(&x->trange);
713 	x->next = NULL;
714 }
715 
range_trans_rule_destroy(range_trans_rule_t * x)716 void range_trans_rule_destroy(range_trans_rule_t * x)
717 {
718 	type_set_destroy(&x->stypes);
719 	type_set_destroy(&x->ttypes);
720 	ebitmap_destroy(&x->tclasses);
721 	mls_semantic_range_destroy(&x->trange);
722 }
723 
range_trans_rule_list_destroy(range_trans_rule_t * x)724 void range_trans_rule_list_destroy(range_trans_rule_t * x)
725 {
726 	while (x != NULL) {
727 		range_trans_rule_t *next = x->next;
728 		range_trans_rule_destroy(x);
729 		free(x);
730 		x = next;
731 	}
732 }
733 
avrule_list_destroy(avrule_t * x)734 void avrule_list_destroy(avrule_t * x)
735 {
736 	avrule_t *next, *cur;
737 
738 	if (!x)
739 		return;
740 
741 	next = x;
742 	while (next) {
743 		cur = next;
744 		next = next->next;
745 		avrule_destroy(cur);
746 		free(cur);
747 	}
748 }
749 
750 /*
751  * Initialize the role table by implicitly adding role 'object_r'.  If
752  * the policy is a module, set object_r's scope to be SCOPE_REQ,
753  * otherwise set it to SCOPE_DECL.
754  */
roles_init(policydb_t * p)755 static int roles_init(policydb_t * p)
756 {
757 	char *key = 0;
758 	int rc;
759 	role_datum_t *role;
760 
761 	role = calloc(1, sizeof(role_datum_t));
762 	if (!role) {
763 		rc = -ENOMEM;
764 		goto out;
765 	}
766 	key = malloc(strlen(OBJECT_R) + 1);
767 	if (!key) {
768 		rc = -ENOMEM;
769 		goto out_free_role;
770 	}
771 	strcpy(key, OBJECT_R);
772 	rc = symtab_insert(p, SYM_ROLES, key, role,
773 			   (p->policy_type ==
774 			    POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
775 			   &role->s.value);
776 	if (rc)
777 		goto out_free_key;
778 	if (role->s.value != OBJECT_R_VAL) {
779 		rc = -EINVAL;
780 		goto out_free_role;
781 	}
782       out:
783 	return rc;
784 
785       out_free_key:
786 	free(key);
787       out_free_role:
788 	free(role);
789 	goto out;
790 }
791 
792 ignore_unsigned_overflow_
793 static inline unsigned long
partial_name_hash(unsigned long c,unsigned long prevhash)794 partial_name_hash(unsigned long c, unsigned long prevhash)
795 {
796 	return (prevhash + (c << 4) + (c >> 4)) * 11;
797 }
798 
filenametr_hash(hashtab_t h,const_hashtab_key_t k)799 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
800 {
801 	const filename_trans_key_t *ft = (const filename_trans_key_t *)k;
802 	unsigned long hash;
803 	unsigned int byte_num;
804 	unsigned char focus;
805 
806 	hash = ft->ttype ^ ft->tclass;
807 
808 	byte_num = 0;
809 	while ((focus = ft->name[byte_num++]))
810 		hash = partial_name_hash(focus, hash);
811 	return hash & (h->size - 1);
812 }
813 
filenametr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)814 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
815 			  const_hashtab_key_t k1, const_hashtab_key_t k2)
816 {
817 	const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1;
818 	const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
819 	int v;
820 
821 	v = spaceship_cmp(ft1->ttype, ft2->ttype);
822 	if (v)
823 		return v;
824 
825 	v = spaceship_cmp(ft1->tclass, ft2->tclass);
826 	if (v)
827 		return v;
828 
829 	return strcmp(ft1->name, ft2->name);
830 
831 }
832 
rangetr_hash(hashtab_t h,const_hashtab_key_t k)833 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
834 {
835 	const struct range_trans *key = (const struct range_trans *)k;
836 	return (key->source_type + (key->target_type << 3) +
837 		(key->target_class << 5)) & (h->size - 1);
838 }
839 
rangetr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)840 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
841 		       const_hashtab_key_t k1, const_hashtab_key_t k2)
842 {
843 	const struct range_trans *key1 = (const struct range_trans *)k1;
844 	const struct range_trans *key2 = (const struct range_trans *)k2;
845 	int v;
846 
847 	v = spaceship_cmp(key1->source_type, key2->source_type);
848 	if (v)
849 		return v;
850 
851 	v = spaceship_cmp(key1->target_type, key2->target_type);
852 	if (v)
853 		return v;
854 
855 	v = spaceship_cmp(key1->target_class, key2->target_class);
856 
857 	return v;
858 }
859 
860 /*
861  * Initialize a policy database structure.
862  */
policydb_init(policydb_t * p)863 int policydb_init(policydb_t * p)
864 {
865 	int i, rc;
866 
867 	memset(p, 0, sizeof(policydb_t));
868 
869 	for (i = 0; i < SYM_NUM; i++) {
870 		p->sym_val_to_name[i] = NULL;
871 		rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
872 		if (rc)
873 			goto err;
874 	}
875 
876 	/* initialize the module stuff */
877 	for (i = 0; i < SYM_NUM; i++) {
878 		if (symtab_init(&p->scope[i], symtab_sizes[i])) {
879 			goto err;
880 		}
881 	}
882 	if ((p->global = avrule_block_create()) == NULL ||
883 	    (p->global->branch_list = avrule_decl_create(1)) == NULL) {
884 		goto err;
885 	}
886 	p->decl_val_to_struct = NULL;
887 
888 	rc = avtab_init(&p->te_avtab);
889 	if (rc)
890 		goto err;
891 
892 	rc = roles_init(p);
893 	if (rc)
894 		goto err;
895 
896 	rc = cond_policydb_init(p);
897 	if (rc)
898 		goto err;
899 
900 	p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
901 	if (!p->filename_trans) {
902 		rc = -ENOMEM;
903 		goto err;
904 	}
905 
906 	p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
907 	if (!p->range_tr) {
908 		rc = -ENOMEM;
909 		goto err;
910 	}
911 
912 	ebitmap_init(&p->policycaps);
913 	ebitmap_init(&p->permissive_map);
914 
915 	return 0;
916 err:
917 	hashtab_destroy(p->filename_trans);
918 	hashtab_destroy(p->range_tr);
919 	for (i = 0; i < SYM_NUM; i++) {
920 		hashtab_destroy(p->symtab[i].table);
921 		hashtab_destroy(p->scope[i].table);
922 	}
923 	avrule_block_list_destroy(p->global);
924 	return rc;
925 }
926 
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)927 int policydb_role_cache(hashtab_key_t key
928 			__attribute__ ((unused)), hashtab_datum_t datum,
929 			void *arg)
930 {
931 	policydb_t *p;
932 	role_datum_t *role;
933 
934 	role = (role_datum_t *) datum;
935 	p = (policydb_t *) arg;
936 
937 	ebitmap_destroy(&role->cache);
938 	if (type_set_expand(&role->types, &role->cache, p, 1)) {
939 		return -1;
940 	}
941 
942 	return 0;
943 }
944 
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)945 int policydb_user_cache(hashtab_key_t key
946 			__attribute__ ((unused)), hashtab_datum_t datum,
947 			void *arg)
948 {
949 	policydb_t *p;
950 	user_datum_t *user;
951 
952 	user = (user_datum_t *) datum;
953 	p = (policydb_t *) arg;
954 
955 	ebitmap_destroy(&user->cache);
956 	if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
957 		return -1;
958 	}
959 
960 	/* we do not expand user's MLS info in kernel policies because the
961 	 * semantic representation is not present and we do not expand user's
962 	 * MLS info in module policies because all of the necessary mls
963 	 * information is not present */
964 	if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
965 		mls_range_destroy(&user->exp_range);
966 		if (mls_semantic_range_expand(&user->range,
967 					      &user->exp_range, p, NULL)) {
968 			return -1;
969 		}
970 
971 		mls_level_destroy(&user->exp_dfltlevel);
972 		if (mls_semantic_level_expand(&user->dfltlevel,
973 					      &user->exp_dfltlevel, p, NULL)) {
974 			return -1;
975 		}
976 	}
977 
978 	return 0;
979 }
980 
981 /*
982  * The following *_index functions are used to
983  * define the val_to_name and val_to_struct arrays
984  * in a policy database structure.  The val_to_name
985  * arrays are used when converting security context
986  * structures into string representations.  The
987  * val_to_struct arrays are used when the attributes
988  * of a class, role, or user are needed.
989  */
990 
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)991 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
992 {
993 	policydb_t *p;
994 	common_datum_t *comdatum;
995 
996 	comdatum = (common_datum_t *) datum;
997 	p = (policydb_t *) datap;
998 	if (!value_isvalid(comdatum->s.value, p->p_commons.nprim))
999 		return -EINVAL;
1000 	if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
1001 		return -EINVAL;
1002 	p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
1003 
1004 	return 0;
1005 }
1006 
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1007 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1008 {
1009 	policydb_t *p;
1010 	class_datum_t *cladatum;
1011 
1012 	cladatum = (class_datum_t *) datum;
1013 	p = (policydb_t *) datap;
1014 	if (!value_isvalid(cladatum->s.value, p->p_classes.nprim))
1015 		return -EINVAL;
1016 	if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
1017 		return -EINVAL;
1018 	p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
1019 	p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
1020 
1021 	return 0;
1022 }
1023 
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1024 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1025 {
1026 	policydb_t *p;
1027 	role_datum_t *role;
1028 
1029 	role = (role_datum_t *) datum;
1030 	p = (policydb_t *) datap;
1031 	if (!value_isvalid(role->s.value, p->p_roles.nprim))
1032 		return -EINVAL;
1033 	if (p->p_role_val_to_name[role->s.value - 1] != NULL)
1034 		return -EINVAL;
1035 	p->p_role_val_to_name[role->s.value - 1] = (char *)key;
1036 	p->role_val_to_struct[role->s.value - 1] = role;
1037 
1038 	return 0;
1039 }
1040 
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1041 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1042 {
1043 	policydb_t *p;
1044 	type_datum_t *typdatum;
1045 
1046 	typdatum = (type_datum_t *) datum;
1047 	p = (policydb_t *) datap;
1048 
1049 	if (typdatum->primary) {
1050 		if (!value_isvalid(typdatum->s.value, p->p_types.nprim))
1051 			return -EINVAL;
1052 		if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
1053 			return -EINVAL;
1054 		p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
1055 		p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
1056 	}
1057 
1058 	return 0;
1059 }
1060 
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1061 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1062 {
1063 	policydb_t *p;
1064 	user_datum_t *usrdatum;
1065 
1066 	usrdatum = (user_datum_t *) datum;
1067 	p = (policydb_t *) datap;
1068 
1069 	if (!value_isvalid(usrdatum->s.value, p->p_users.nprim))
1070 		return -EINVAL;
1071 	if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
1072 		return -EINVAL;
1073 	p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
1074 	p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
1075 
1076 	return 0;
1077 }
1078 
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1079 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1080 {
1081 	policydb_t *p;
1082 	level_datum_t *levdatum;
1083 
1084 	levdatum = (level_datum_t *) datum;
1085 	p = (policydb_t *) datap;
1086 
1087 	if (!levdatum->isalias) {
1088 		if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim))
1089 			return -EINVAL;
1090 		if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
1091 			return -EINVAL;
1092 		p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
1093 	}
1094 
1095 	return 0;
1096 }
1097 
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1098 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1099 {
1100 	policydb_t *p;
1101 	cat_datum_t *catdatum;
1102 
1103 	catdatum = (cat_datum_t *) datum;
1104 	p = (policydb_t *) datap;
1105 
1106 	if (!catdatum->isalias) {
1107 		if (!value_isvalid(catdatum->s.value, p->p_cats.nprim))
1108 			return -EINVAL;
1109 		if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
1110 			return -EINVAL;
1111 		p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
1112 	}
1113 
1114 	return 0;
1115 }
1116 
1117 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1118 				void *datap) = {
1119 common_index, class_index, role_index, type_index, user_index,
1120 	    cond_index_bool, sens_index, cat_index,};
1121 
1122 /*
1123  * Define the common val_to_name array and the class
1124  * val_to_name and val_to_struct arrays in a policy
1125  * database structure.
1126  */
policydb_index_classes(policydb_t * p)1127 int policydb_index_classes(policydb_t * p)
1128 {
1129 	free(p->p_common_val_to_name);
1130 	p->p_common_val_to_name = (char **)
1131 	    calloc(p->p_commons.nprim, sizeof(char *));
1132 	if (!p->p_common_val_to_name)
1133 		return -1;
1134 
1135 	if (hashtab_map(p->p_commons.table, common_index, p))
1136 		return -1;
1137 
1138 	free(p->class_val_to_struct);
1139 	p->class_val_to_struct = (class_datum_t **)
1140 	    calloc(p->p_classes.nprim, sizeof(class_datum_t *));
1141 	if (!p->class_val_to_struct)
1142 		return -1;
1143 
1144 	free(p->p_class_val_to_name);
1145 	p->p_class_val_to_name = (char **)
1146 	    calloc(p->p_classes.nprim, sizeof(char *));
1147 	if (!p->p_class_val_to_name)
1148 		return -1;
1149 
1150 	if (hashtab_map(p->p_classes.table, class_index, p))
1151 		return -1;
1152 
1153 	return 0;
1154 }
1155 
policydb_index_bools(policydb_t * p)1156 int policydb_index_bools(policydb_t * p)
1157 {
1158 
1159 	if (cond_init_bool_indexes(p) == -1)
1160 		return -1;
1161 	p->p_bool_val_to_name = (char **)
1162 	    calloc(p->p_bools.nprim, sizeof(char *));
1163 	if (!p->p_bool_val_to_name)
1164 		return -1;
1165 	if (hashtab_map(p->p_bools.table, cond_index_bool, p))
1166 		return -1;
1167 	return 0;
1168 }
1169 
policydb_index_decls(sepol_handle_t * handle,policydb_t * p)1170 static int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
1171 {
1172 	avrule_block_t *curblock;
1173 	avrule_decl_t *decl;
1174 	unsigned int num_decls = 0;
1175 
1176 	free(p->decl_val_to_struct);
1177 
1178 	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1179 		for (decl = curblock->branch_list; decl != NULL;
1180 		     decl = decl->next) {
1181 			num_decls++;
1182 		}
1183 	}
1184 
1185 	p->decl_val_to_struct =
1186 	    calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1187 	if (!p->decl_val_to_struct) {
1188 		return -1;
1189 	}
1190 
1191 	for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1192 		for (decl = curblock->branch_list; decl != NULL;
1193 		     decl = decl->next) {
1194 			if (!value_isvalid(decl->decl_id, num_decls)) {
1195 				ERR(handle, "invalid decl ID %u", decl->decl_id);
1196 				return -1;
1197 			}
1198 			if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
1199 				ERR(handle, "duplicated decl ID %u", decl->decl_id);
1200 				return -1;
1201 			}
1202 			p->decl_val_to_struct[decl->decl_id - 1] = decl;
1203 		}
1204 	}
1205 
1206 	return 0;
1207 }
1208 
1209 /*
1210  * Define the other val_to_name and val_to_struct arrays
1211  * in a policy database structure.
1212  */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1213 int policydb_index_others(sepol_handle_t * handle,
1214 			  policydb_t * p, unsigned verbose)
1215 {
1216 	int i;
1217 
1218 	if (verbose) {
1219 		INFO(handle,
1220 		     "security:  %d users, %d roles, %d types, %d bools",
1221 		     p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1222 		     p->p_bools.nprim);
1223 
1224 		if (p->mls)
1225 			INFO(handle, "security: %d sens, %d cats",
1226 			     p->p_levels.nprim, p->p_cats.nprim);
1227 
1228 		INFO(handle, "security:  %d classes, %d rules, %d cond rules",
1229 		     p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1230 	}
1231 #if 0
1232 	avtab_hash_eval(&p->te_avtab, "rules");
1233 	for (i = 0; i < SYM_NUM; i++)
1234 		hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1235 #endif
1236 
1237 	free(p->role_val_to_struct);
1238 	p->role_val_to_struct = (role_datum_t **)
1239 	    calloc(p->p_roles.nprim, sizeof(role_datum_t *));
1240 	if (!p->role_val_to_struct)
1241 		return -1;
1242 
1243 	free(p->user_val_to_struct);
1244 	p->user_val_to_struct = (user_datum_t **)
1245 	    calloc(p->p_users.nprim, sizeof(user_datum_t *));
1246 	if (!p->user_val_to_struct)
1247 		return -1;
1248 
1249 	free(p->type_val_to_struct);
1250 	p->type_val_to_struct = (type_datum_t **)
1251 	    calloc(p->p_types.nprim, sizeof(type_datum_t *));
1252 	if (!p->type_val_to_struct)
1253 		return -1;
1254 
1255 	cond_init_bool_indexes(p);
1256 
1257 	for (i = SYM_ROLES; i < SYM_NUM; i++) {
1258 		free(p->sym_val_to_name[i]);
1259 		p->sym_val_to_name[i] = NULL;
1260 		if (p->symtab[i].nprim) {
1261 			p->sym_val_to_name[i] = (char **)
1262 			    calloc(p->symtab[i].nprim, sizeof(char *));
1263 			if (!p->sym_val_to_name[i])
1264 				return -1;
1265 			if (hashtab_map(p->symtab[i].table, index_f[i], p))
1266 				return -1;
1267 		}
1268 	}
1269 
1270 	/* This pre-expands the roles and users for context validity checking */
1271 	if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1272 		return -1;
1273 
1274 	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1275 		return -1;
1276 
1277 	return 0;
1278 }
1279 
1280 /*
1281  * The following *_destroy functions are used to
1282  * free any memory allocated for each kind of
1283  * symbol data in the policy database.
1284  */
1285 
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1286 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1287 			__attribute__ ((unused)))
1288 {
1289 	if (key)
1290 		free(key);
1291 	free(datum);
1292 	return 0;
1293 }
1294 
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1295 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1296 			  __attribute__ ((unused)))
1297 {
1298 	common_datum_t *comdatum;
1299 
1300 	if (key)
1301 		free(key);
1302 	comdatum = (common_datum_t *) datum;
1303 	(void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1304 	hashtab_destroy(comdatum->permissions.table);
1305 	free(datum);
1306 	return 0;
1307 }
1308 
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1309 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1310 			 __attribute__ ((unused)))
1311 {
1312 	class_datum_t *cladatum;
1313 	constraint_node_t *constraint, *ctemp;
1314 
1315 	if (key)
1316 		free(key);
1317 	cladatum = (class_datum_t *) datum;
1318 	if (cladatum == NULL) {
1319 		return 0;
1320 	}
1321 	(void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1322 	hashtab_destroy(cladatum->permissions.table);
1323 	constraint = cladatum->constraints;
1324 	while (constraint) {
1325 		constraint_expr_destroy(constraint->expr);
1326 		ctemp = constraint;
1327 		constraint = constraint->next;
1328 		free(ctemp);
1329 	}
1330 
1331 	constraint = cladatum->validatetrans;
1332 	while (constraint) {
1333 		constraint_expr_destroy(constraint->expr);
1334 		ctemp = constraint;
1335 		constraint = constraint->next;
1336 		free(ctemp);
1337 	}
1338 
1339 	if (cladatum->comkey)
1340 		free(cladatum->comkey);
1341 	free(datum);
1342 	return 0;
1343 }
1344 
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1345 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1346 			__attribute__ ((unused)))
1347 {
1348 	free(key);
1349 	role_datum_destroy((role_datum_t *) datum);
1350 	free(datum);
1351 	return 0;
1352 }
1353 
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1354 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1355 			__attribute__ ((unused)))
1356 {
1357 	free(key);
1358 	type_datum_destroy((type_datum_t *) datum);
1359 	free(datum);
1360 	return 0;
1361 }
1362 
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1363 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1364 			__attribute__ ((unused)))
1365 {
1366 	free(key);
1367 	user_datum_destroy((user_datum_t *) datum);
1368 	free(datum);
1369 	return 0;
1370 }
1371 
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1372 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1373 			__attribute__ ((unused)))
1374 {
1375 	level_datum_t *levdatum;
1376 
1377 	if (key)
1378 		free(key);
1379 	levdatum = (level_datum_t *) datum;
1380 	mls_level_destroy(levdatum->level);
1381 	free(levdatum->level);
1382 	level_datum_destroy(levdatum);
1383 	free(levdatum);
1384 	return 0;
1385 }
1386 
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1387 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1388 		       __attribute__ ((unused)))
1389 {
1390 	if (key)
1391 		free(key);
1392 	cat_datum_destroy((cat_datum_t *) datum);
1393 	free(datum);
1394 	return 0;
1395 }
1396 
1397 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1398 				  void *datap) = {
1399 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1400 	    cond_destroy_bool, sens_destroy, cat_destroy,};
1401 
filenametr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1402 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1403 			      void *p __attribute__ ((unused)))
1404 {
1405 	filename_trans_key_t *ft = (filename_trans_key_t *)key;
1406 	filename_trans_datum_t *fd = datum, *next;
1407 
1408 	free(ft->name);
1409 	free(key);
1410 	do {
1411 		next = fd->next;
1412 		ebitmap_destroy(&fd->stypes);
1413 		free(fd);
1414 		fd = next;
1415 	} while (fd);
1416 	return 0;
1417 }
1418 
range_tr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1419 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1420 			    void *p __attribute__ ((unused)))
1421 {
1422 	struct mls_range *rt = (struct mls_range *)datum;
1423 	free(key);
1424 	ebitmap_destroy(&rt->level[0].cat);
1425 	ebitmap_destroy(&rt->level[1].cat);
1426 	free(datum);
1427 	return 0;
1428 }
1429 
ocontext_selinux_free(ocontext_t ** ocontexts)1430 static void ocontext_selinux_free(ocontext_t **ocontexts)
1431 {
1432 	ocontext_t *c, *ctmp;
1433 	int i;
1434 
1435 	for (i = 0; i < OCON_NUM; i++) {
1436 		c = ocontexts[i];
1437 		while (c) {
1438 			ctmp = c;
1439 			c = c->next;
1440 			context_destroy(&ctmp->context[0]);
1441 			context_destroy(&ctmp->context[1]);
1442 			if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1443 				|| i == OCON_FSUSE)
1444 				free(ctmp->u.name);
1445 			else if (i == OCON_IBENDPORT)
1446 				free(ctmp->u.ibendport.dev_name);
1447 			free(ctmp);
1448 		}
1449 	}
1450 }
1451 
ocontext_xen_free(ocontext_t ** ocontexts)1452 static void ocontext_xen_free(ocontext_t **ocontexts)
1453 {
1454 	ocontext_t *c, *ctmp;
1455 	int i;
1456 
1457 	for (i = 0; i < OCON_NUM; i++) {
1458 		c = ocontexts[i];
1459 		while (c) {
1460 			ctmp = c;
1461 			c = c->next;
1462 			context_destroy(&ctmp->context[0]);
1463 			context_destroy(&ctmp->context[1]);
1464 			if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
1465 				free(ctmp->u.name);
1466 			free(ctmp);
1467 		}
1468 	}
1469 }
1470 
1471 /*
1472  * Free any memory allocated by a policy database structure.
1473  */
policydb_destroy(policydb_t * p)1474 void policydb_destroy(policydb_t * p)
1475 {
1476 	ocontext_t *c, *ctmp;
1477 	genfs_t *g, *gtmp;
1478 	unsigned int i;
1479 	role_allow_t *ra, *lra = NULL;
1480 	role_trans_t *tr, *ltr = NULL;
1481 
1482 	if (!p)
1483 		return;
1484 
1485 	ebitmap_destroy(&p->policycaps);
1486 
1487 	ebitmap_destroy(&p->permissive_map);
1488 
1489 	symtabs_destroy(p->symtab);
1490 
1491 	for (i = 0; i < SYM_NUM; i++) {
1492 		if (p->sym_val_to_name[i])
1493 			free(p->sym_val_to_name[i]);
1494 	}
1495 
1496 	if (p->class_val_to_struct)
1497 		free(p->class_val_to_struct);
1498 	if (p->role_val_to_struct)
1499 		free(p->role_val_to_struct);
1500 	if (p->user_val_to_struct)
1501 		free(p->user_val_to_struct);
1502 	if (p->type_val_to_struct)
1503 		free(p->type_val_to_struct);
1504 	free(p->decl_val_to_struct);
1505 
1506 	for (i = 0; i < SYM_NUM; i++) {
1507 		(void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1508 		hashtab_destroy(p->scope[i].table);
1509 	}
1510 	avrule_block_list_destroy(p->global);
1511 	free(p->name);
1512 	free(p->version);
1513 
1514 	avtab_destroy(&p->te_avtab);
1515 
1516 	if (p->target_platform == SEPOL_TARGET_SELINUX)
1517 		ocontext_selinux_free(p->ocontexts);
1518 	else if (p->target_platform == SEPOL_TARGET_XEN)
1519 		ocontext_xen_free(p->ocontexts);
1520 
1521 	g = p->genfs;
1522 	while (g) {
1523 		free(g->fstype);
1524 		c = g->head;
1525 		while (c) {
1526 			ctmp = c;
1527 			c = c->next;
1528 			context_destroy(&ctmp->context[0]);
1529 			free(ctmp->u.name);
1530 			free(ctmp);
1531 		}
1532 		gtmp = g;
1533 		g = g->next;
1534 		free(gtmp);
1535 	}
1536 	cond_policydb_destroy(p);
1537 
1538 	for (tr = p->role_tr; tr; tr = tr->next) {
1539 		if (ltr)
1540 			free(ltr);
1541 		ltr = tr;
1542 	}
1543 	if (ltr)
1544 		free(ltr);
1545 
1546 	for (ra = p->role_allow; ra; ra = ra->next) {
1547 		if (lra)
1548 			free(lra);
1549 		lra = ra;
1550 	}
1551 	if (lra)
1552 		free(lra);
1553 
1554 	hashtab_map(p->filename_trans, filenametr_destroy, NULL);
1555 	hashtab_destroy(p->filename_trans);
1556 
1557 	hashtab_map(p->range_tr, range_tr_destroy, NULL);
1558 	hashtab_destroy(p->range_tr);
1559 
1560 	if (p->type_attr_map) {
1561 		for (i = 0; i < p->p_types.nprim; i++) {
1562 			ebitmap_destroy(&p->type_attr_map[i]);
1563 		}
1564 		free(p->type_attr_map);
1565 	}
1566 
1567 	if (p->attr_type_map) {
1568 		for (i = 0; i < p->p_types.nprim; i++) {
1569 			ebitmap_destroy(&p->attr_type_map[i]);
1570 		}
1571 		free(p->attr_type_map);
1572 	}
1573 
1574 	return;
1575 }
1576 
symtabs_destroy(symtab_t * symtab)1577 void symtabs_destroy(symtab_t * symtab)
1578 {
1579 	int i;
1580 	for (i = 0; i < SYM_NUM; i++) {
1581 		(void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1582 		hashtab_destroy(symtab[i].table);
1583 	}
1584 }
1585 
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1586 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1587 		  __attribute__ ((unused)))
1588 {
1589 	scope_datum_t *cur = (scope_datum_t *) datum;
1590 	free(key);
1591 	if (cur != NULL) {
1592 		free(cur->decl_ids);
1593 	}
1594 	free(cur);
1595 	return 0;
1596 }
1597 
1598 /*
1599  * Load the initial SIDs specified in a policy database
1600  * structure into a SID table.
1601  */
policydb_load_isids(policydb_t * p,sidtab_t * s)1602 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1603 {
1604 	ocontext_t *head, *c;
1605 
1606 	if (sepol_sidtab_init(s)) {
1607 		ERR(NULL, "out of memory on SID table init");
1608 		return -1;
1609 	}
1610 
1611 	head = p->ocontexts[OCON_ISID];
1612 	for (c = head; c; c = c->next) {
1613 		if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1614 			ERR(NULL, "unable to load initial SID %s", c->u.name);
1615 			return -1;
1616 		}
1617 	}
1618 
1619 	return 0;
1620 }
1621 
1622 /* Declare a symbol for a certain avrule_block context.  Insert it
1623  * into a symbol table for a policy.  This function will handle
1624  * inserting the appropriate scope information in addition to
1625  * inserting the symbol into the hash table.
1626  *
1627  * arguments:
1628  *   policydb_t *pol       module policy to modify
1629  *   uint32_t sym          the symbole table for insertion (SYM_*)
1630  *   hashtab_key_t key     the key for the symbol - not cloned
1631  *   hashtab_datum_t data  the data for the symbol - not cloned
1632  *   scope                 scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1633  *   avrule_decl_id        identifier for this symbol's encapsulating declaration
1634  *   value (out)           assigned value to the symbol (if value is not NULL)
1635  *
1636  * returns:
1637  *   0                     success
1638  *   1                     success, but symbol already existed as a requirement
1639  *                         (datum was not inserted and needs to be free()d)
1640  *   -1                    general error
1641  *   -2                    scope conflicted
1642  *   -ENOMEM               memory error
1643  *   error codes from hashtab_insert
1644  */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1645 int symtab_insert(policydb_t * pol, uint32_t sym,
1646 		  hashtab_key_t key, hashtab_datum_t datum,
1647 		  uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1648 {
1649 	int rc, retval = 0;
1650 	unsigned int i;
1651 	scope_datum_t *scope_datum;
1652 
1653 	/* check if the symbol is already there.  multiple
1654 	 * declarations of non-roles/non-users are illegal, but
1655 	 * multiple requires are allowed. */
1656 
1657 	/* FIX ME - the failures after the hashtab_insert will leave
1658 	 * the policy in a inconsistent state. */
1659 	rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1660 	if (rc == SEPOL_OK) {
1661 		/* if no value is passed in the symbol is not primary
1662 		 * (i.e. aliases) */
1663 		if (value)
1664 			*value = ++pol->symtab[sym].nprim;
1665 	} else if (rc == SEPOL_EEXIST) {
1666 		retval = 1;	/* symbol not added -- need to free() later */
1667 	} else {
1668 		return rc;
1669 	}
1670 
1671 	/* get existing scope information; if there is not one then
1672 	 * create it */
1673 	scope_datum =
1674 	    (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1675 	if (scope_datum == NULL) {
1676 		hashtab_key_t key2 = strdup((char *)key);
1677 		if (!key2)
1678 			return -ENOMEM;
1679 		if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1680 			free(key2);
1681 			return -ENOMEM;
1682 		}
1683 		scope_datum->scope = scope;
1684 		scope_datum->decl_ids = NULL;
1685 		scope_datum->decl_ids_len = 0;
1686 		if ((rc =
1687 		     hashtab_insert(pol->scope[sym].table, key2,
1688 				    scope_datum)) != 0) {
1689 			free(key2);
1690 			free(scope_datum);
1691 			return rc;
1692 		}
1693 	} else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1694 		/* disallow multiple declarations for non-roles/users */
1695 		if (sym != SYM_ROLES && sym != SYM_USERS) {
1696 			return -2;
1697 		}
1698 		/* Further confine that a role attribute can't have the same
1699 		 * name as another regular role, and a role attribute can't
1700 		 * be declared more than once. */
1701 		if (sym == SYM_ROLES) {
1702 			role_datum_t *base_role;
1703 			role_datum_t *cur_role = (role_datum_t *)datum;
1704 
1705 			base_role = (role_datum_t *)
1706 					hashtab_search(pol->symtab[sym].table,
1707 						       key);
1708 			assert(base_role != NULL);
1709 
1710 			if (!((base_role->flavor == ROLE_ROLE) &&
1711 			    (cur_role->flavor == ROLE_ROLE))) {
1712 				/* Only regular roles are allowed to have
1713 				 * multiple declarations. */
1714 				return -2;
1715 			}
1716 		}
1717 	} else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1718 		scope_datum->scope = SCOPE_DECL;
1719 	}
1720 
1721 	/* search through the pre-existing list to avoid adding duplicates */
1722 	for (i = 0; i < scope_datum->decl_ids_len; i++) {
1723 		if (scope_datum->decl_ids[i] == avrule_decl_id) {
1724 			/* already there, so don't modify its scope */
1725 			return retval;
1726 		}
1727 	}
1728 
1729 	if (add_i_to_a(avrule_decl_id,
1730 		       &scope_datum->decl_ids_len,
1731 		       &scope_datum->decl_ids) == -1) {
1732 		return -ENOMEM;
1733 	}
1734 
1735 	if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
1736 		/* Need to keep the decl at the end of the list */
1737 		uint32_t len, tmp;
1738 		len = scope_datum->decl_ids_len;
1739 		if (len < 2) {
1740 			/* This should be impossible here */
1741 			return -1;
1742 		}
1743 		tmp = scope_datum->decl_ids[len-2];
1744 		scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
1745 		scope_datum->decl_ids[len-1] = tmp;
1746 	}
1747 
1748 	return retval;
1749 }
1750 
type_set_or(type_set_t * dst,const type_set_t * a,const type_set_t * b)1751 static int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b)
1752 {
1753 	type_set_init(dst);
1754 
1755 	if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1756 		return -1;
1757 	}
1758 	if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1759 		return -1;
1760 	}
1761 
1762 	dst->flags |= a->flags;
1763 	dst->flags |= b->flags;
1764 
1765 	return 0;
1766 }
1767 
type_set_cpy(type_set_t * dst,const type_set_t * src)1768 int type_set_cpy(type_set_t * dst, const type_set_t * src)
1769 {
1770 	type_set_init(dst);
1771 
1772 	dst->flags = src->flags;
1773 	if (ebitmap_cpy(&dst->types, &src->types))
1774 		return -1;
1775 	if (ebitmap_cpy(&dst->negset, &src->negset))
1776 		return -1;
1777 
1778 	return 0;
1779 }
1780 
type_set_or_eq(type_set_t * dst,const type_set_t * other)1781 int type_set_or_eq(type_set_t * dst, const type_set_t * other)
1782 {
1783 	int ret;
1784 	type_set_t tmp;
1785 
1786 	if (type_set_or(&tmp, dst, other))
1787 		return -1;
1788 	type_set_destroy(dst);
1789 	ret = type_set_cpy(dst, &tmp);
1790 	type_set_destroy(&tmp);
1791 
1792 	return ret;
1793 }
1794 
1795 /***********************************************************************/
1796 /* everything below is for policy reads */
1797 
1798 /* The following are read functions for module structures */
1799 
role_set_read(role_set_t * r,struct policy_file * fp)1800 static int role_set_read(role_set_t * r, struct policy_file *fp)
1801 {
1802 	uint32_t buf[1];
1803 	int rc;
1804 
1805 	if (ebitmap_read(&r->roles, fp))
1806 		return -1;
1807 	rc = next_entry(buf, fp, sizeof(uint32_t));
1808 	if (rc < 0)
1809 		return -1;
1810 	r->flags = le32_to_cpu(buf[0]);
1811 
1812 	return 0;
1813 }
1814 
type_set_read(type_set_t * t,struct policy_file * fp)1815 static int type_set_read(type_set_t * t, struct policy_file *fp)
1816 {
1817 	uint32_t buf[1];
1818 	int rc;
1819 
1820 	if (ebitmap_read(&t->types, fp))
1821 		return -1;
1822 	if (ebitmap_read(&t->negset, fp))
1823 		return -1;
1824 
1825 	rc = next_entry(buf, fp, sizeof(uint32_t));
1826 	if (rc < 0)
1827 		return -1;
1828 	t->flags = le32_to_cpu(buf[0]);
1829 
1830 	return 0;
1831 }
1832 
1833 /*
1834  * Read a MLS range structure from a policydb binary
1835  * representation file.
1836  */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1837 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1838 {
1839 	uint32_t buf[2], items;
1840 	int rc;
1841 
1842 	rc = next_entry(buf, fp, sizeof(uint32_t));
1843 	if (rc < 0)
1844 		goto out;
1845 
1846 	items = le32_to_cpu(buf[0]);
1847 	if (items > ARRAY_SIZE(buf)) {
1848 		ERR(fp->handle, "range overflow");
1849 		rc = -EINVAL;
1850 		goto out;
1851 	}
1852 	rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1853 	if (rc < 0) {
1854 		ERR(fp->handle, "truncated range");
1855 		goto out;
1856 	}
1857 	r->level[0].sens = le32_to_cpu(buf[0]);
1858 	if (items > 1)
1859 		r->level[1].sens = le32_to_cpu(buf[1]);
1860 	else
1861 		r->level[1].sens = r->level[0].sens;
1862 
1863 	rc = ebitmap_read(&r->level[0].cat, fp);
1864 	if (rc) {
1865 		ERR(fp->handle, "error reading low categories");
1866 		goto out;
1867 	}
1868 	if (items > 1) {
1869 		rc = ebitmap_read(&r->level[1].cat, fp);
1870 		if (rc) {
1871 			ERR(fp->handle, "error reading high categories");
1872 			goto bad_high;
1873 		}
1874 	} else {
1875 		rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1876 		if (rc) {
1877 			ERR(fp->handle, "out of memory");
1878 			goto bad_high;
1879 		}
1880 	}
1881 
1882 	rc = 0;
1883       out:
1884 	return rc;
1885       bad_high:
1886 	ebitmap_destroy(&r->level[0].cat);
1887 	goto out;
1888 }
1889 
1890 /*
1891  * Read a semantic MLS level structure from a policydb binary
1892  * representation file.
1893  */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1894 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1895 					  struct policy_file *fp)
1896 {
1897 	uint32_t buf[2], ncat;
1898 	unsigned int i;
1899 	mls_semantic_cat_t *cat;
1900 	int rc;
1901 
1902 	mls_semantic_level_init(l);
1903 
1904 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1905 	if (rc < 0) {
1906 		ERR(fp->handle, "truncated level");
1907 		goto bad;
1908 	}
1909 	l->sens = le32_to_cpu(buf[0]);
1910 
1911 	ncat = le32_to_cpu(buf[1]);
1912 	for (i = 0; i < ncat; i++) {
1913 		cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1914 		if (!cat) {
1915 			ERR(fp->handle, "out of memory");
1916 			goto bad;
1917 		}
1918 
1919 		mls_semantic_cat_init(cat);
1920 		cat->next = l->cat;
1921 		l->cat = cat;
1922 
1923 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1924 		if (rc < 0) {
1925 			ERR(fp->handle, "error reading level categories");
1926 			goto bad;
1927 		}
1928 		cat->low = le32_to_cpu(buf[0]);
1929 		cat->high = le32_to_cpu(buf[1]);
1930 	}
1931 
1932 	return 0;
1933 
1934       bad:
1935 	return -EINVAL;
1936 }
1937 
1938 /*
1939  * Read a semantic MLS range structure from a policydb binary
1940  * representation file.
1941  */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1942 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1943 					  struct policy_file *fp)
1944 {
1945 	int rc;
1946 
1947 	rc = mls_read_semantic_level_helper(&r->level[0], fp);
1948 	if (rc)
1949 		return rc;
1950 
1951 	rc = mls_read_semantic_level_helper(&r->level[1], fp);
1952 
1953 	return rc;
1954 }
1955 
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1956 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1957 {
1958 	unsigned int i;
1959 	ebitmap_node_t *cnode;
1960 	mls_semantic_cat_t *open_cat = NULL;
1961 
1962 	mls_semantic_level_init(sl);
1963 	sl->sens = l->sens;
1964 	ebitmap_for_each_bit(&l->cat, cnode, i) {
1965 		if (ebitmap_node_get_bit(cnode, i)) {
1966 			if (open_cat)
1967 				continue;
1968 			open_cat = (mls_semantic_cat_t *)
1969 			    malloc(sizeof(mls_semantic_cat_t));
1970 			if (!open_cat)
1971 				return -1;
1972 
1973 			mls_semantic_cat_init(open_cat);
1974 			open_cat->low = i + 1;
1975 			open_cat->next = sl->cat;
1976 			sl->cat = open_cat;
1977 		} else {
1978 			if (!open_cat)
1979 				continue;
1980 			open_cat->high = i;
1981 			open_cat = NULL;
1982 		}
1983 	}
1984 	if (open_cat)
1985 		open_cat->high = i;
1986 
1987 	return 0;
1988 }
1989 
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)1990 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1991 {
1992 	if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1993 		return -1;
1994 
1995 	if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1996 		return -1;
1997 
1998 	return 0;
1999 }
2000 
2001 /*
2002  * Read and validate a security context structure
2003  * from a policydb binary representation file.
2004  */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)2005 static int context_read_and_validate(context_struct_t * c,
2006 				     policydb_t * p, struct policy_file *fp)
2007 {
2008 	uint32_t buf[3];
2009 	int rc;
2010 
2011 	rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2012 	if (rc < 0) {
2013 		ERR(fp->handle, "context truncated");
2014 		return -1;
2015 	}
2016 	c->user = le32_to_cpu(buf[0]);
2017 	c->role = le32_to_cpu(buf[1]);
2018 	c->type = le32_to_cpu(buf[2]);
2019 	if ((p->policy_type == POLICY_KERN
2020 	     && p->policyvers >= POLICYDB_VERSION_MLS)
2021 	    || (p->policy_type == POLICY_BASE
2022 		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
2023 		if (mls_read_range_helper(&c->range, fp)) {
2024 			ERR(fp->handle, "error reading MLS range "
2025 			    "of context");
2026 			return -1;
2027 		}
2028 	}
2029 
2030 	if (!policydb_context_isvalid(p, c)) {
2031 		ERR(fp->handle, "invalid security context");
2032 		context_destroy(c);
2033 		return -1;
2034 	}
2035 	return 0;
2036 }
2037 
2038 /*
2039  * The following *_read functions are used to
2040  * read the symbol data from a policy database
2041  * binary representation file.
2042  */
2043 
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp,uint32_t nprim)2044 static int perm_read(policydb_t * p
2045 		     __attribute__ ((unused)), hashtab_t h,
2046 		     struct policy_file *fp, uint32_t nprim)
2047 {
2048 	char *key = 0;
2049 	perm_datum_t *perdatum;
2050 	uint32_t buf[2];
2051 	size_t len;
2052 	int rc;
2053 
2054 	perdatum = calloc(1, sizeof(perm_datum_t));
2055 	if (!perdatum)
2056 		return -1;
2057 
2058 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2059 	if (rc < 0)
2060 		goto bad;
2061 
2062 	len = le32_to_cpu(buf[0]);
2063 	if(str_read(&key, fp, len))
2064 		goto bad;
2065 
2066 	perdatum->s.value = le32_to_cpu(buf[1]);
2067 	if (!value_isvalid(perdatum->s.value, nprim))
2068 		goto bad;
2069 
2070 	if (hashtab_insert(h, key, perdatum))
2071 		goto bad;
2072 
2073 	return 0;
2074 
2075       bad:
2076 	perm_destroy(key, perdatum, NULL);
2077 	return -1;
2078 }
2079 
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2080 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2081 {
2082 	char *key = 0;
2083 	common_datum_t *comdatum;
2084 	uint32_t buf[4];
2085 	size_t len, nel;
2086 	unsigned int i;
2087 	int rc;
2088 
2089 	comdatum = calloc(1, sizeof(common_datum_t));
2090 	if (!comdatum)
2091 		return -1;
2092 
2093 	rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2094 	if (rc < 0)
2095 		goto bad;
2096 
2097 	len = le32_to_cpu(buf[0]);
2098 	if (zero_or_saturated(len))
2099 		goto bad;
2100 
2101 	comdatum->s.value = le32_to_cpu(buf[1]);
2102 
2103 	if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
2104 		goto bad;
2105 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
2106 	if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
2107 		goto bad;
2108 	nel = le32_to_cpu(buf[3]);
2109 
2110 	key = malloc(len + 1);
2111 	if (!key)
2112 		goto bad;
2113 	rc = next_entry(key, fp, len);
2114 	if (rc < 0)
2115 		goto bad;
2116 	key[len] = 0;
2117 
2118 	for (i = 0; i < nel; i++) {
2119 		if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim))
2120 			goto bad;
2121 	}
2122 
2123 	if (hashtab_insert(h, key, comdatum))
2124 		goto bad;
2125 
2126 	return 0;
2127 
2128       bad:
2129 	common_destroy(key, comdatum, NULL);
2130 	return -1;
2131 }
2132 
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)2133 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
2134 			    unsigned int ncons,
2135 			    int allowxtarget, struct policy_file *fp)
2136 {
2137 	constraint_node_t *c, *lc;
2138 	constraint_expr_t *e, *le;
2139 	uint32_t buf[3];
2140 	size_t nexpr;
2141 	unsigned int i, j;
2142 	int rc, depth;
2143 
2144 	lc = NULL;
2145 	for (i = 0; i < ncons; i++) {
2146 		c = calloc(1, sizeof(constraint_node_t));
2147 		if (!c)
2148 			return -1;
2149 
2150 		if (lc)
2151 			lc->next = c;
2152 		else
2153 			*nodep = c;
2154 
2155 		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2156 		if (rc < 0)
2157 			return -1;
2158 		c->permissions = le32_to_cpu(buf[0]);
2159 		nexpr = le32_to_cpu(buf[1]);
2160 		le = NULL;
2161 		depth = -1;
2162 		for (j = 0; j < nexpr; j++) {
2163 			e = malloc(sizeof(constraint_expr_t));
2164 			if (!e)
2165 				return -1;
2166 			if (constraint_expr_init(e) == -1) {
2167 				free(e);
2168 				return -1;
2169 			}
2170 			if (le) {
2171 				le->next = e;
2172 			} else {
2173 				c->expr = e;
2174 			}
2175 
2176 			rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2177 			if (rc < 0)
2178 				return -1;
2179 			e->expr_type = le32_to_cpu(buf[0]);
2180 			e->attr = le32_to_cpu(buf[1]);
2181 			e->op = le32_to_cpu(buf[2]);
2182 
2183 			switch (e->expr_type) {
2184 			case CEXPR_NOT:
2185 				if (depth < 0)
2186 					return -1;
2187 				break;
2188 			case CEXPR_AND:
2189 			case CEXPR_OR:
2190 				if (depth < 1)
2191 					return -1;
2192 				depth--;
2193 				break;
2194 			case CEXPR_ATTR:
2195 				if (depth == (CEXPR_MAXDEPTH - 1))
2196 					return -1;
2197 				depth++;
2198 				break;
2199 			case CEXPR_NAMES:
2200 				if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2201 					return -1;
2202 				if (depth == (CEXPR_MAXDEPTH - 1))
2203 					return -1;
2204 				depth++;
2205 				if (ebitmap_read(&e->names, fp))
2206 					return -1;
2207 				if (p->policy_type != POLICY_KERN &&
2208 				    type_set_read(e->type_names, fp))
2209 					return -1;
2210 				else if (p->policy_type == POLICY_KERN &&
2211 					 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2212 					 type_set_read(e->type_names, fp))
2213 					return -1;
2214 				break;
2215 			default:
2216 				return -1;
2217 			}
2218 			le = e;
2219 		}
2220 		if (depth != 0)
2221 			return -1;
2222 		lc = c;
2223 	}
2224 
2225 	return 0;
2226 }
2227 
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2228 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2229 {
2230 	char *key = 0;
2231 	class_datum_t *cladatum;
2232 	uint32_t buf[6];
2233 	size_t len, len2, ncons, nel;
2234 	unsigned int i;
2235 	int rc;
2236 
2237 	cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2238 	if (!cladatum)
2239 		return -1;
2240 
2241 	rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2242 	if (rc < 0)
2243 		goto bad;
2244 
2245 	len = le32_to_cpu(buf[0]);
2246 	if (zero_or_saturated(len))
2247 		goto bad;
2248 	len2 = le32_to_cpu(buf[1]);
2249 	if (is_saturated(len2))
2250 		goto bad;
2251 	cladatum->s.value = le32_to_cpu(buf[2]);
2252 
2253 	if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2254 		goto bad;
2255 	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2256 	if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
2257 		goto bad;
2258 	nel = le32_to_cpu(buf[4]);
2259 
2260 	ncons = le32_to_cpu(buf[5]);
2261 
2262 	key = malloc(len + 1);
2263 	if (!key)
2264 		goto bad;
2265 	rc = next_entry(key, fp, len);
2266 	if (rc < 0)
2267 		goto bad;
2268 	key[len] = 0;
2269 
2270 	if (len2) {
2271 		cladatum->comkey = malloc(len2 + 1);
2272 		if (!cladatum->comkey)
2273 			goto bad;
2274 		rc = next_entry(cladatum->comkey, fp, len2);
2275 		if (rc < 0)
2276 			goto bad;
2277 		cladatum->comkey[len2] = 0;
2278 
2279 		cladatum->comdatum = hashtab_search(p->p_commons.table,
2280 						    cladatum->comkey);
2281 		if (!cladatum->comdatum) {
2282 			ERR(fp->handle, "unknown common %s", cladatum->comkey);
2283 			goto bad;
2284 		}
2285 	}
2286 	for (i = 0; i < nel; i++) {
2287 		if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim))
2288 			goto bad;
2289 	}
2290 
2291 	if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2292 		goto bad;
2293 
2294 	if ((p->policy_type == POLICY_KERN
2295 	     && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2296 	    || (p->policy_type == POLICY_BASE
2297 		&& p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2298 		/* grab the validatetrans rules */
2299 		rc = next_entry(buf, fp, sizeof(uint32_t));
2300 		if (rc < 0)
2301 			goto bad;
2302 		ncons = le32_to_cpu(buf[0]);
2303 		if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2304 			goto bad;
2305 	}
2306 
2307 	if ((p->policy_type == POLICY_KERN &&
2308 	     p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2309 	    (p->policy_type == POLICY_BASE &&
2310 	     p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2311 		rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2312 		if (rc < 0)
2313 			goto bad;
2314 		cladatum->default_user = le32_to_cpu(buf[0]);
2315 		cladatum->default_role = le32_to_cpu(buf[1]);
2316 		cladatum->default_range = le32_to_cpu(buf[2]);
2317 	}
2318 
2319 	if ((p->policy_type == POLICY_KERN &&
2320 	     p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2321 	    (p->policy_type == POLICY_BASE &&
2322 	     p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2323 		rc = next_entry(buf, fp, sizeof(uint32_t));
2324 		if (rc < 0)
2325 			goto bad;
2326 		cladatum->default_type = le32_to_cpu(buf[0]);
2327 	}
2328 
2329 	if (hashtab_insert(h, key, cladatum))
2330 		goto bad;
2331 
2332 	return 0;
2333 
2334       bad:
2335 	class_destroy(key, cladatum, NULL);
2336 	return -1;
2337 }
2338 
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2339 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2340 {
2341 	char *key = 0;
2342 	role_datum_t *role;
2343 	uint32_t buf[3];
2344 	size_t len;
2345 	int rc, to_read = 2;
2346 
2347 	role = calloc(1, sizeof(role_datum_t));
2348 	if (!role)
2349 		return -1;
2350 
2351 	if (policydb_has_boundary_feature(p))
2352 		to_read = 3;
2353 
2354 	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2355 	if (rc < 0)
2356 		goto bad;
2357 
2358 	len = le32_to_cpu(buf[0]);
2359 	if (zero_or_saturated(len))
2360 		goto bad;
2361 
2362 	role->s.value = le32_to_cpu(buf[1]);
2363 	if (policydb_has_boundary_feature(p))
2364 		role->bounds = le32_to_cpu(buf[2]);
2365 
2366 	key = malloc(len + 1);
2367 	if (!key)
2368 		goto bad;
2369 	rc = next_entry(key, fp, len);
2370 	if (rc < 0)
2371 		goto bad;
2372 	key[len] = 0;
2373 
2374 	if (ebitmap_read(&role->dominates, fp))
2375 		goto bad;
2376 
2377 	if (p->policy_type == POLICY_KERN) {
2378 		if (ebitmap_read(&role->types.types, fp))
2379 			goto bad;
2380 	} else {
2381 		if (type_set_read(&role->types, fp))
2382 			goto bad;
2383 	}
2384 
2385 	if (p->policy_type != POLICY_KERN &&
2386 	    p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2387 		rc = next_entry(buf, fp, sizeof(uint32_t));
2388 		if (rc < 0)
2389 			goto bad;
2390 
2391 		role->flavor = le32_to_cpu(buf[0]);
2392 
2393 		if (ebitmap_read(&role->roles, fp))
2394 			goto bad;
2395 	}
2396 
2397 	if (strcmp(key, OBJECT_R) == 0) {
2398 		if (role->s.value != OBJECT_R_VAL) {
2399 			ERR(fp->handle, "role %s has wrong value %d",
2400 			    OBJECT_R, role->s.value);
2401 			role_destroy(key, role, NULL);
2402 			return -1;
2403 		}
2404 		role_destroy(key, role, NULL);
2405 		return 0;
2406 	}
2407 
2408 	if (hashtab_insert(h, key, role))
2409 		goto bad;
2410 
2411 	return 0;
2412 
2413       bad:
2414 	role_destroy(key, role, NULL);
2415 	return -1;
2416 }
2417 
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2418 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2419 {
2420 	char *key = 0;
2421 	type_datum_t *typdatum;
2422 	uint32_t buf[5];
2423 	size_t len;
2424 	int rc, to_read;
2425 	int pos = 0;
2426 
2427 	typdatum = calloc(1, sizeof(type_datum_t));
2428 	if (!typdatum)
2429 		return -1;
2430 
2431 	if (policydb_has_boundary_feature(p)) {
2432 		if (p->policy_type != POLICY_KERN
2433 		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2434 			to_read = 5;
2435 		else
2436 			to_read = 4;
2437 	}
2438 	else if (p->policy_type == POLICY_KERN)
2439 		to_read = 3;
2440 	else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2441 		to_read = 5;
2442 	else
2443 		to_read = 4;
2444 
2445 	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2446 	if (rc < 0)
2447 		goto bad;
2448 
2449 	len = le32_to_cpu(buf[pos]);
2450 	if (zero_or_saturated(len))
2451 		goto bad;
2452 
2453 	typdatum->s.value = le32_to_cpu(buf[++pos]);
2454 	if (policydb_has_boundary_feature(p)) {
2455 		uint32_t properties;
2456 
2457 		if (p->policy_type != POLICY_KERN
2458 		    && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2459 			typdatum->primary = le32_to_cpu(buf[++pos]);
2460 			properties = le32_to_cpu(buf[++pos]);
2461 		}
2462 		else {
2463 			properties = le32_to_cpu(buf[++pos]);
2464 
2465 			if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2466 				typdatum->primary = 1;
2467 		}
2468 
2469 		if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2470 			typdatum->flavor = TYPE_ATTRIB;
2471 		if (properties & TYPEDATUM_PROPERTY_ALIAS
2472 		    && p->policy_type != POLICY_KERN)
2473 			typdatum->flavor = TYPE_ALIAS;
2474 		if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2475 		    && p->policy_type != POLICY_KERN)
2476 			typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2477 
2478 		typdatum->bounds = le32_to_cpu(buf[++pos]);
2479 	} else {
2480 		typdatum->primary = le32_to_cpu(buf[++pos]);
2481 		if (p->policy_type != POLICY_KERN) {
2482 			typdatum->flavor = le32_to_cpu(buf[++pos]);
2483 			if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2484 				typdatum->flags = le32_to_cpu(buf[++pos]);
2485 		}
2486 	}
2487 
2488 	if (p->policy_type != POLICY_KERN) {
2489 		if (ebitmap_read(&typdatum->types, fp))
2490 			goto bad;
2491 	}
2492 
2493 	key = malloc(len + 1);
2494 	if (!key)
2495 		goto bad;
2496 	rc = next_entry(key, fp, len);
2497 	if (rc < 0)
2498 		goto bad;
2499 	key[len] = 0;
2500 
2501 	if (hashtab_insert(h, key, typdatum))
2502 		goto bad;
2503 
2504 	return 0;
2505 
2506       bad:
2507 	type_destroy(key, typdatum, NULL);
2508 	return -1;
2509 }
2510 
role_trans_read(policydb_t * p,struct policy_file * fp)2511 static int role_trans_read(policydb_t *p, struct policy_file *fp)
2512 {
2513 	role_trans_t **t = &p->role_tr;
2514 	unsigned int i;
2515 	uint32_t buf[3], nel;
2516 	role_trans_t *tr, *ltr;
2517 	int rc;
2518 	int new_roletr = (p->policy_type == POLICY_KERN &&
2519 			  p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2520 
2521 	rc = next_entry(buf, fp, sizeof(uint32_t));
2522 	if (rc < 0)
2523 		return -1;
2524 	nel = le32_to_cpu(buf[0]);
2525 	ltr = NULL;
2526 	for (i = 0; i < nel; i++) {
2527 		tr = calloc(1, sizeof(struct role_trans));
2528 		if (!tr) {
2529 			return -1;
2530 		}
2531 		if (ltr) {
2532 			ltr->next = tr;
2533 		} else {
2534 			*t = tr;
2535 		}
2536 		rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2537 		if (rc < 0)
2538 			return -1;
2539 		tr->role = le32_to_cpu(buf[0]);
2540 		tr->type = le32_to_cpu(buf[1]);
2541 		tr->new_role = le32_to_cpu(buf[2]);
2542 		if (new_roletr) {
2543 			rc = next_entry(buf, fp, sizeof(uint32_t));
2544 			if (rc < 0)
2545 				return -1;
2546 			tr->tclass = le32_to_cpu(buf[0]);
2547 		} else
2548 			tr->tclass = p->process_class;
2549 		ltr = tr;
2550 	}
2551 	return 0;
2552 }
2553 
role_allow_read(role_allow_t ** r,struct policy_file * fp)2554 static int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2555 {
2556 	unsigned int i;
2557 	uint32_t buf[2], nel;
2558 	role_allow_t *ra, *lra;
2559 	int rc;
2560 
2561 	rc = next_entry(buf, fp, sizeof(uint32_t));
2562 	if (rc < 0)
2563 		return -1;
2564 	nel = le32_to_cpu(buf[0]);
2565 	lra = NULL;
2566 	for (i = 0; i < nel; i++) {
2567 		ra = calloc(1, sizeof(struct role_allow));
2568 		if (!ra) {
2569 			return -1;
2570 		}
2571 		if (lra) {
2572 			lra->next = ra;
2573 		} else {
2574 			*r = ra;
2575 		}
2576 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2577 		if (rc < 0)
2578 			return -1;
2579 		ra->role = le32_to_cpu(buf[0]);
2580 		ra->new_role = le32_to_cpu(buf[1]);
2581 		lra = ra;
2582 	}
2583 	return 0;
2584 }
2585 
policydb_filetrans_insert(policydb_t * p,uint32_t stype,uint32_t ttype,uint32_t tclass,const char * name,char ** name_alloc,uint32_t otype,uint32_t * present_otype)2586 int policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype,
2587 			      uint32_t tclass, const char *name,
2588 			      char **name_alloc, uint32_t otype,
2589 			      uint32_t *present_otype)
2590 {
2591 	filename_trans_key_t *ft, key;
2592 	filename_trans_datum_t *datum, *last;
2593 
2594 	key.ttype = ttype;
2595 	key.tclass = tclass;
2596 	key.name = (char *)name;
2597 
2598 	last = NULL;
2599 	datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key);
2600 	while (datum) {
2601 		if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
2602 			if (present_otype)
2603 				*present_otype = datum->otype;
2604 			return SEPOL_EEXIST;
2605 		}
2606 		if (datum->otype == otype)
2607 			break;
2608 		last = datum;
2609 		datum = datum->next;
2610 	}
2611 	if (!datum) {
2612 		datum = malloc(sizeof(*datum));
2613 		if (!datum)
2614 			return SEPOL_ENOMEM;
2615 
2616 		ebitmap_init(&datum->stypes);
2617 		datum->otype = otype;
2618 		datum->next = NULL;
2619 
2620 		if (last) {
2621 			last->next = datum;
2622 		} else {
2623 			char *name_dup;
2624 
2625 			if (name_alloc) {
2626 				name_dup = *name_alloc;
2627 				*name_alloc = NULL;
2628 			} else {
2629 				name_dup = strdup(name);
2630 				if (!name_dup) {
2631 					free(datum);
2632 					return SEPOL_ENOMEM;
2633 				}
2634 			}
2635 
2636 			ft = malloc(sizeof(*ft));
2637 			if (!ft) {
2638 				free(name_dup);
2639 				free(datum);
2640 				return SEPOL_ENOMEM;
2641 			}
2642 
2643 			ft->ttype = ttype;
2644 			ft->tclass = tclass;
2645 			ft->name = name_dup;
2646 
2647 			if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2648 					   (hashtab_datum_t)datum)) {
2649 				free(name_dup);
2650 				free(datum);
2651 				free(ft);
2652 				return SEPOL_ENOMEM;
2653 			}
2654 		}
2655 	}
2656 
2657 	p->filename_trans_count++;
2658 	return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
2659 }
2660 
filename_trans_read_one_compat(policydb_t * p,struct policy_file * fp)2661 static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
2662 {
2663 	uint32_t buf[4], len, stype, ttype, tclass, otype;
2664 	char *name = NULL;
2665 	int rc;
2666 
2667 	rc = next_entry(buf, fp, sizeof(uint32_t));
2668 	if (rc < 0)
2669 		return -1;
2670 	len = le32_to_cpu(buf[0]);
2671 	if (zero_or_saturated(len))
2672 		return -1;
2673 
2674 	name = calloc(len + 1, sizeof(*name));
2675 	if (!name)
2676 		return -1;
2677 
2678 	rc = next_entry(name, fp, len);
2679 	if (rc < 0)
2680 		goto err;
2681 
2682 	rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2683 	if (rc < 0)
2684 		goto err;
2685 
2686 	stype = le32_to_cpu(buf[0]);
2687 	if (stype == 0)
2688 		goto err;
2689 
2690 	ttype  = le32_to_cpu(buf[1]);
2691 	tclass = le32_to_cpu(buf[2]);
2692 	otype  = le32_to_cpu(buf[3]);
2693 
2694 	rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name,
2695 				       otype, NULL);
2696 	if (rc) {
2697 		if (rc != SEPOL_EEXIST)
2698 			goto err;
2699 		/*
2700 		 * Some old policies were wrongly generated with
2701 		 * duplicate filename transition rules.  For backward
2702 		 * compatibility, do not reject such policies, just
2703 		 * ignore the duplicate.
2704 		 */
2705 	}
2706 	free(name);
2707 	return 0;
2708 err:
2709 	free(name);
2710 	return -1;
2711 }
2712 
filename_trans_check_datum(filename_trans_datum_t * datum)2713 static int filename_trans_check_datum(filename_trans_datum_t *datum)
2714 {
2715 	ebitmap_t stypes, otypes;
2716 	int rc = -1;
2717 
2718 	ebitmap_init(&stypes);
2719 	ebitmap_init(&otypes);
2720 
2721 	while (datum) {
2722 		if (ebitmap_get_bit(&otypes, datum->otype))
2723 			goto out;
2724 
2725 		if (ebitmap_set_bit(&otypes, datum->otype, 1))
2726 			goto out;
2727 
2728 		if (ebitmap_match_any(&stypes, &datum->stypes))
2729 			goto out;
2730 
2731 		if (ebitmap_union(&stypes, &datum->stypes))
2732 			goto out;
2733 
2734 		datum = datum->next;
2735 	}
2736 	rc = 0;
2737 out:
2738 	ebitmap_destroy(&stypes);
2739 	ebitmap_destroy(&otypes);
2740 	return rc;
2741 }
2742 
filename_trans_read_one(policydb_t * p,struct policy_file * fp)2743 static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
2744 {
2745 	filename_trans_key_t *ft = NULL;
2746 	filename_trans_datum_t **dst, *datum, *first = NULL;
2747 	unsigned int i;
2748 	uint32_t buf[3], len, ttype, tclass, ndatum;
2749 	char *name = NULL;
2750 	int rc;
2751 
2752 	rc = next_entry(buf, fp, sizeof(uint32_t));
2753 	if (rc < 0)
2754 		return -1;
2755 	len = le32_to_cpu(buf[0]);
2756 	if (zero_or_saturated(len))
2757 		return -1;
2758 
2759 	name = calloc(len + 1, sizeof(*name));
2760 	if (!name)
2761 		return -1;
2762 
2763 	rc = next_entry(name, fp, len);
2764 	if (rc < 0)
2765 		goto err;
2766 
2767 	rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2768 	if (rc < 0)
2769 		goto err;
2770 
2771 	ttype = le32_to_cpu(buf[0]);
2772 	tclass = le32_to_cpu(buf[1]);
2773 	ndatum = le32_to_cpu(buf[2]);
2774 	if (ndatum == 0)
2775 		goto err;
2776 
2777 	dst = &first;
2778 	for (i = 0; i < ndatum; i++) {
2779 		datum = malloc(sizeof(*datum));
2780 		if (!datum)
2781 			goto err;
2782 
2783 		datum->next = NULL;
2784 		*dst = datum;
2785 
2786 		/* ebitmap_read() will at least init the bitmap */
2787 		rc = ebitmap_read(&datum->stypes, fp);
2788 		if (rc < 0)
2789 			goto err;
2790 
2791 		rc = next_entry(buf, fp, sizeof(uint32_t));
2792 		if (rc < 0)
2793 			goto err;
2794 
2795 		datum->otype = le32_to_cpu(buf[0]);
2796 
2797 		p->filename_trans_count += ebitmap_cardinality(&datum->stypes);
2798 
2799 		dst = &datum->next;
2800 	}
2801 
2802 	if (ndatum > 1 && filename_trans_check_datum(first))
2803 		goto err;
2804 
2805 	ft = malloc(sizeof(*ft));
2806 	if (!ft)
2807 		goto err;
2808 
2809 	ft->ttype = ttype;
2810 	ft->tclass = tclass;
2811 	ft->name = name;
2812 
2813 	rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2814 			    (hashtab_datum_t)first);
2815 	if (rc)
2816 		goto err;
2817 
2818 	return 0;
2819 err:
2820 	free(ft);
2821 	free(name);
2822 	while (first) {
2823 		datum = first;
2824 		first = first->next;
2825 
2826 		ebitmap_destroy(&datum->stypes);
2827 		free(datum);
2828 	}
2829 	return -1;
2830 }
2831 
filename_trans_read(policydb_t * p,struct policy_file * fp)2832 static int filename_trans_read(policydb_t *p, struct policy_file *fp)
2833 {
2834 	unsigned int i;
2835 	uint32_t buf[1], nel;
2836 	int rc;
2837 
2838 	rc = next_entry(buf, fp, sizeof(uint32_t));
2839 	if (rc < 0)
2840 		return -1;
2841 	nel = le32_to_cpu(buf[0]);
2842 
2843 	if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2844 		for (i = 0; i < nel; i++) {
2845 			rc = filename_trans_read_one_compat(p, fp);
2846 			if (rc < 0)
2847 				return -1;
2848 		}
2849 	} else {
2850 		for (i = 0; i < nel; i++) {
2851 			rc = filename_trans_read_one(p, fp);
2852 			if (rc < 0)
2853 				return -1;
2854 		}
2855 	}
2856 	return 0;
2857 }
2858 
ocontext_read_xen(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2859 static int ocontext_read_xen(const struct policydb_compat_info *info,
2860 	policydb_t *p, struct policy_file *fp)
2861 {
2862 	unsigned int i, j;
2863 	size_t nel, len;
2864 	ocontext_t *l, *c;
2865 	uint32_t buf[8];
2866 	int rc;
2867 
2868 	for (i = 0; i < info->ocon_num; i++) {
2869 		rc = next_entry(buf, fp, sizeof(uint32_t));
2870 		if (rc < 0)
2871 			return -1;
2872 		nel = le32_to_cpu(buf[0]);
2873 		l = NULL;
2874 		for (j = 0; j < nel; j++) {
2875 			c = calloc(1, sizeof(ocontext_t));
2876 			if (!c)
2877 				return -1;
2878 			if (l)
2879 				l->next = c;
2880 			else
2881 				p->ocontexts[i] = c;
2882 			l = c;
2883 			switch (i) {
2884 			case OCON_XEN_ISID:
2885 				rc = next_entry(buf, fp, sizeof(uint32_t));
2886 				if (rc < 0)
2887 					return -1;
2888 				c->sid[0] = le32_to_cpu(buf[0]);
2889 				if (is_saturated(c->sid[0]))
2890 					return -1;
2891 				if (context_read_and_validate
2892 				    (&c->context[0], p, fp))
2893 					return -1;
2894 				break;
2895 			case OCON_XEN_PIRQ:
2896 				rc = next_entry(buf, fp, sizeof(uint32_t));
2897 				if (rc < 0)
2898 					return -1;
2899 				c->u.pirq = le32_to_cpu(buf[0]);
2900 				if (context_read_and_validate
2901 				    (&c->context[0], p, fp))
2902 					return -1;
2903 				break;
2904 			case OCON_XEN_IOPORT:
2905 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2906 				if (rc < 0)
2907 					return -1;
2908 				c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2909 				c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2910 				if (context_read_and_validate
2911 				    (&c->context[0], p, fp))
2912 					return -1;
2913 				break;
2914 			case OCON_XEN_IOMEM:
2915 				if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
2916 					uint64_t b64[2];
2917 					rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
2918 					if (rc < 0)
2919 						return -1;
2920 					c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
2921 					c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
2922 				} else {
2923 					rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2924 					if (rc < 0)
2925 						return -1;
2926 					c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2927 					c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2928 				}
2929 				if (context_read_and_validate
2930 				    (&c->context[0], p, fp))
2931 					return -1;
2932 				break;
2933 			case OCON_XEN_PCIDEVICE:
2934 				rc = next_entry(buf, fp, sizeof(uint32_t));
2935 				if (rc < 0)
2936 					return -1;
2937 				c->u.device = le32_to_cpu(buf[0]);
2938 				if (context_read_and_validate
2939 				    (&c->context[0], p, fp))
2940 					return -1;
2941 				break;
2942 			case OCON_XEN_DEVICETREE:
2943 				rc = next_entry(buf, fp, sizeof(uint32_t));
2944 				if (rc < 0)
2945 					return -1;
2946 				len = le32_to_cpu(buf[0]);
2947 				if (zero_or_saturated(len))
2948 					return -1;
2949 
2950 				c->u.name = malloc(len + 1);
2951 				if (!c->u.name)
2952 					return -1;
2953 				rc = next_entry(c->u.name, fp, len);
2954 				if (rc < 0)
2955 					return -1;
2956 				c->u.name[len] = 0;
2957 				if (context_read_and_validate
2958 				    (&c->context[0], p, fp))
2959 					return -1;
2960 				break;
2961 			default:
2962 				/* should never get here */
2963 				ERR(fp->handle, "Unknown Xen ocontext");
2964 				return -1;
2965 			}
2966 		}
2967 	}
2968 	return 0;
2969 }
ocontext_read_selinux(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2970 static int ocontext_read_selinux(const struct policydb_compat_info *info,
2971 			 policydb_t * p, struct policy_file *fp)
2972 {
2973 	unsigned int i, j;
2974 	size_t nel, len;
2975 	ocontext_t *l, *c;
2976 	uint32_t buf[8];
2977 	int rc;
2978 
2979 	for (i = 0; i < info->ocon_num; i++) {
2980 		rc = next_entry(buf, fp, sizeof(uint32_t));
2981 		if (rc < 0)
2982 			return -1;
2983 		nel = le32_to_cpu(buf[0]);
2984 		l = NULL;
2985 		for (j = 0; j < nel; j++) {
2986 			c = calloc(1, sizeof(ocontext_t));
2987 			if (!c) {
2988 				return -1;
2989 			}
2990 			if (l) {
2991 				l->next = c;
2992 			} else {
2993 				p->ocontexts[i] = c;
2994 			}
2995 			l = c;
2996 			switch (i) {
2997 			case OCON_ISID:
2998 				rc = next_entry(buf, fp, sizeof(uint32_t));
2999 				if (rc < 0)
3000 					return -1;
3001 				c->sid[0] = le32_to_cpu(buf[0]);
3002 				if (is_saturated(c->sid[0]))
3003 					return -1;
3004 				if (context_read_and_validate
3005 				    (&c->context[0], p, fp))
3006 					return -1;
3007 				break;
3008 			case OCON_FS:
3009 			case OCON_NETIF:
3010 				rc = next_entry(buf, fp, sizeof(uint32_t));
3011 				if (rc < 0)
3012 					return -1;
3013 				len = le32_to_cpu(buf[0]);
3014 				if (zero_or_saturated(len) || len > 63)
3015 					return -1;
3016 				c->u.name = malloc(len + 1);
3017 				if (!c->u.name)
3018 					return -1;
3019 				rc = next_entry(c->u.name, fp, len);
3020 				if (rc < 0)
3021 					return -1;
3022 				c->u.name[len] = 0;
3023 				if (context_read_and_validate
3024 				    (&c->context[0], p, fp))
3025 					return -1;
3026 				if (context_read_and_validate
3027 				    (&c->context[1], p, fp))
3028 					return -1;
3029 				break;
3030 			case OCON_IBPKEY: {
3031 				uint32_t pkey_lo, pkey_hi;
3032 
3033 				rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
3034 				if (rc < 0)
3035 					return -1;
3036 
3037 				pkey_lo = le32_to_cpu(buf[2]);
3038 				pkey_hi = le32_to_cpu(buf[3]);
3039 
3040 				if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
3041 					return -1;
3042 
3043 				c->u.ibpkey.low_pkey  = pkey_lo;
3044 				c->u.ibpkey.high_pkey = pkey_hi;
3045 
3046 				/* we want c->u.ibpkey.subnet_prefix in network
3047 				 * (big-endian) order, just memcpy it */
3048 				memcpy(&c->u.ibpkey.subnet_prefix, buf,
3049 				       sizeof(c->u.ibpkey.subnet_prefix));
3050 
3051 				if (context_read_and_validate
3052 				    (&c->context[0], p, fp))
3053 					return -1;
3054 				break;
3055 			}
3056 			case OCON_IBENDPORT: {
3057 				uint32_t port;
3058 
3059 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3060 				if (rc < 0)
3061 					return -1;
3062 				len = le32_to_cpu(buf[0]);
3063 				if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
3064 					return -1;
3065 
3066 				port = le32_to_cpu(buf[1]);
3067 				if (port > UINT8_MAX || port == 0)
3068 					return -1;
3069 
3070 				c->u.ibendport.dev_name = malloc(len + 1);
3071 				if (!c->u.ibendport.dev_name)
3072 					return -1;
3073 				rc = next_entry(c->u.ibendport.dev_name, fp, len);
3074 				if (rc < 0)
3075 					return -1;
3076 				c->u.ibendport.dev_name[len] = 0;
3077 				c->u.ibendport.port = port;
3078 				if (context_read_and_validate
3079 				    (&c->context[0], p, fp))
3080 					return -1;
3081 				break;
3082 			}
3083 			case OCON_PORT:
3084 				rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
3085 				if (rc < 0)
3086 					return -1;
3087 				c->u.port.protocol = le32_to_cpu(buf[0]);
3088 				c->u.port.low_port = le32_to_cpu(buf[1]);
3089 				c->u.port.high_port = le32_to_cpu(buf[2]);
3090 				if (context_read_and_validate
3091 				    (&c->context[0], p, fp))
3092 					return -1;
3093 				break;
3094 			case OCON_NODE:
3095 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3096 				if (rc < 0)
3097 					return -1;
3098 				c->u.node.addr = buf[0]; /* network order */
3099 				c->u.node.mask = buf[1]; /* network order */
3100 				if (context_read_and_validate
3101 				    (&c->context[0], p, fp))
3102 					return -1;
3103 				break;
3104 			case OCON_FSUSE:
3105 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3106 				if (rc < 0)
3107 					return -1;
3108 				c->v.behavior = le32_to_cpu(buf[0]);
3109 				len = le32_to_cpu(buf[1]);
3110 				if (zero_or_saturated(len))
3111 					return -1;
3112 				c->u.name = malloc(len + 1);
3113 				if (!c->u.name)
3114 					return -1;
3115 				rc = next_entry(c->u.name, fp, len);
3116 				if (rc < 0)
3117 					return -1;
3118 				c->u.name[len] = 0;
3119 				if (context_read_and_validate
3120 				    (&c->context[0], p, fp))
3121 					return -1;
3122 				break;
3123 			case OCON_NODE6:{
3124 				int k;
3125 
3126 				rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
3127 				if (rc < 0)
3128 					return -1;
3129 				for (k = 0; k < 4; k++)
3130 					 /* network order */
3131 					c->u.node6.addr[k] = buf[k];
3132 				for (k = 0; k < 4; k++)
3133 					/* network order */
3134 					c->u.node6.mask[k] = buf[k + 4];
3135 				if (context_read_and_validate
3136 				    (&c->context[0], p, fp))
3137 					return -1;
3138 				break;
3139 				}
3140 			default:{
3141 				ERR(fp->handle, "Unknown SELinux ocontext");
3142 				return -1;
3143 				}
3144 			}
3145 		}
3146 	}
3147 	return 0;
3148 }
3149 
ocontext_read(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)3150 static int ocontext_read(const struct policydb_compat_info *info,
3151 	policydb_t *p, struct policy_file *fp)
3152 {
3153 	int rc = -1;
3154 	switch (p->target_platform) {
3155 	case SEPOL_TARGET_SELINUX:
3156 		rc = ocontext_read_selinux(info, p, fp);
3157 		break;
3158 	case SEPOL_TARGET_XEN:
3159 		rc = ocontext_read_xen(info, p, fp);
3160 		break;
3161 	default:
3162 		ERR(fp->handle, "Unknown target");
3163 	}
3164 	return rc;
3165 }
3166 
genfs_read(policydb_t * p,struct policy_file * fp)3167 static int genfs_read(policydb_t * p, struct policy_file *fp)
3168 {
3169 	uint32_t buf[1];
3170 	size_t nel, nel2, len, len2;
3171 	genfs_t *genfs_p, *newgenfs, *genfs;
3172 	size_t i, j;
3173 	ocontext_t *l, *c, *newc = NULL;
3174 	int rc;
3175 
3176 	rc = next_entry(buf, fp, sizeof(uint32_t));
3177 	if (rc < 0)
3178 		goto bad;
3179 	nel = le32_to_cpu(buf[0]);
3180 	genfs_p = NULL;
3181 	for (i = 0; i < nel; i++) {
3182 		rc = next_entry(buf, fp, sizeof(uint32_t));
3183 		if (rc < 0)
3184 			goto bad;
3185 		len = le32_to_cpu(buf[0]);
3186 		if (zero_or_saturated(len))
3187 			goto bad;
3188 		newgenfs = calloc(1, sizeof(genfs_t));
3189 		if (!newgenfs)
3190 			goto bad;
3191 		newgenfs->fstype = malloc(len + 1);
3192 		if (!newgenfs->fstype) {
3193 			free(newgenfs);
3194 			goto bad;
3195 		}
3196 		rc = next_entry(newgenfs->fstype, fp, len);
3197 		if (rc < 0) {
3198 			free(newgenfs->fstype);
3199 			free(newgenfs);
3200 			goto bad;
3201 		}
3202 		newgenfs->fstype[len] = 0;
3203 		for (genfs_p = NULL, genfs = p->genfs; genfs;
3204 		     genfs_p = genfs, genfs = genfs->next) {
3205 			if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
3206 				ERR(fp->handle, "dup genfs fstype %s",
3207 				    newgenfs->fstype);
3208 				free(newgenfs->fstype);
3209 				free(newgenfs);
3210 				goto bad;
3211 			}
3212 			if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
3213 				break;
3214 		}
3215 		newgenfs->next = genfs;
3216 		if (genfs_p)
3217 			genfs_p->next = newgenfs;
3218 		else
3219 			p->genfs = newgenfs;
3220 		rc = next_entry(buf, fp, sizeof(uint32_t));
3221 		if (rc < 0)
3222 			goto bad;
3223 		nel2 = le32_to_cpu(buf[0]);
3224 		for (j = 0; j < nel2; j++) {
3225 			newc = calloc(1, sizeof(ocontext_t));
3226 			if (!newc) {
3227 				goto bad;
3228 			}
3229 			rc = next_entry(buf, fp, sizeof(uint32_t));
3230 			if (rc < 0)
3231 				goto bad;
3232 			len = le32_to_cpu(buf[0]);
3233 			if (zero_or_saturated(len))
3234 				goto bad;
3235 			newc->u.name = malloc(len + 1);
3236 			if (!newc->u.name) {
3237 				goto bad;
3238 			}
3239 			rc = next_entry(newc->u.name, fp, len);
3240 			if (rc < 0)
3241 				goto bad;
3242 			newc->u.name[len] = 0;
3243 			rc = next_entry(buf, fp, sizeof(uint32_t));
3244 			if (rc < 0)
3245 				goto bad;
3246 			newc->v.sclass = le32_to_cpu(buf[0]);
3247 			if (context_read_and_validate(&newc->context[0], p, fp))
3248 				goto bad;
3249 			for (l = NULL, c = newgenfs->head; c;
3250 			     l = c, c = c->next) {
3251 				if (!strcmp(newc->u.name, c->u.name) &&
3252 				    (!c->v.sclass || !newc->v.sclass ||
3253 				     newc->v.sclass == c->v.sclass)) {
3254 					ERR(fp->handle, "dup genfs entry "
3255 					    "(%s,%s)", newgenfs->fstype,
3256 					    c->u.name);
3257 					goto bad;
3258 				}
3259 				len = strlen(newc->u.name);
3260 				len2 = strlen(c->u.name);
3261 				if (len > len2)
3262 					break;
3263 			}
3264 			newc->next = c;
3265 			if (l)
3266 				l->next = newc;
3267 			else
3268 				newgenfs->head = newc;
3269 			/* clear newc after a new owner has the pointer */
3270 			newc = NULL;
3271 		}
3272 	}
3273 
3274 	return 0;
3275 
3276       bad:
3277 	if (newc) {
3278 		context_destroy(&newc->context[0]);
3279 		context_destroy(&newc->context[1]);
3280 		free(newc->u.name);
3281 		free(newc);
3282 	}
3283 	return -1;
3284 }
3285 
3286 /*
3287  * Read a MLS level structure from a policydb binary
3288  * representation file.
3289  */
mls_read_level(mls_level_t * lp,struct policy_file * fp)3290 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
3291 {
3292 	uint32_t buf[1];
3293 	int rc;
3294 
3295 	mls_level_init(lp);
3296 
3297 	rc = next_entry(buf, fp, sizeof(uint32_t));
3298 	if (rc < 0) {
3299 		ERR(fp->handle, "truncated level");
3300 		goto bad;
3301 	}
3302 	lp->sens = le32_to_cpu(buf[0]);
3303 
3304 	if (ebitmap_read(&lp->cat, fp)) {
3305 		ERR(fp->handle, "error reading level categories");
3306 		goto bad;
3307 	}
3308 	return 0;
3309 
3310       bad:
3311 	return -EINVAL;
3312 }
3313 
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3314 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
3315 {
3316 	char *key = 0;
3317 	user_datum_t *usrdatum;
3318 	uint32_t buf[3];
3319 	size_t len;
3320 	int rc, to_read = 2;
3321 
3322 	usrdatum = calloc(1, sizeof(user_datum_t));
3323 	if (!usrdatum)
3324 		return -1;
3325 
3326 	if (policydb_has_boundary_feature(p))
3327 		to_read = 3;
3328 
3329 	rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
3330 	if (rc < 0)
3331 		goto bad;
3332 
3333 	len = le32_to_cpu(buf[0]);
3334 	if (zero_or_saturated(len))
3335 		goto bad;
3336 
3337 	usrdatum->s.value = le32_to_cpu(buf[1]);
3338 	if (policydb_has_boundary_feature(p))
3339 		usrdatum->bounds = le32_to_cpu(buf[2]);
3340 
3341 	key = malloc(len + 1);
3342 	if (!key)
3343 		goto bad;
3344 	rc = next_entry(key, fp, len);
3345 	if (rc < 0)
3346 		goto bad;
3347 	key[len] = 0;
3348 
3349 	if (p->policy_type == POLICY_KERN) {
3350 		if (ebitmap_read(&usrdatum->roles.roles, fp))
3351 			goto bad;
3352 	} else {
3353 		if (role_set_read(&usrdatum->roles, fp))
3354 			goto bad;
3355 	}
3356 
3357 	/* users were not allowed in mls modules before version
3358 	 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
3359 	 * required - the mls fields will be empty.  user declarations in
3360 	 * non-mls modules will also have empty mls fields */
3361 	if ((p->policy_type == POLICY_KERN
3362 	     && p->policyvers >= POLICYDB_VERSION_MLS)
3363 	    || (p->policy_type == POLICY_MOD
3364 		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
3365 		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
3366 	    || (p->policy_type == POLICY_BASE
3367 		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
3368 		&& p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
3369 		if (mls_read_range_helper(&usrdatum->exp_range, fp))
3370 			goto bad;
3371 		if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
3372 			goto bad;
3373 		if (p->policy_type != POLICY_KERN) {
3374 			if (mls_range_to_semantic(&usrdatum->exp_range,
3375 						  &usrdatum->range))
3376 				goto bad;
3377 			if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
3378 						  &usrdatum->dfltlevel))
3379 				goto bad;
3380 		}
3381 	} else if ((p->policy_type == POLICY_MOD
3382 		    && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
3383 		   || (p->policy_type == POLICY_BASE
3384 		       && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
3385 		if (mls_read_semantic_range_helper(&usrdatum->range, fp))
3386 			goto bad;
3387 		if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
3388 			goto bad;
3389 	}
3390 
3391 	if (hashtab_insert(h, key, usrdatum))
3392 		goto bad;
3393 
3394 	return 0;
3395 
3396       bad:
3397 	user_destroy(key, usrdatum, NULL);
3398 	return -1;
3399 }
3400 
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3401 static int sens_read(policydb_t * p
3402 		     __attribute__ ((unused)), hashtab_t h,
3403 		     struct policy_file *fp)
3404 {
3405 	char *key = 0;
3406 	level_datum_t *levdatum;
3407 	uint32_t buf[2], len;
3408 	int rc;
3409 
3410 	levdatum = malloc(sizeof(level_datum_t));
3411 	if (!levdatum)
3412 		return -1;
3413 	level_datum_init(levdatum);
3414 
3415 	rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3416 	if (rc < 0)
3417 		goto bad;
3418 
3419 	len = le32_to_cpu(buf[0]);
3420 	if (zero_or_saturated(len))
3421 		goto bad;
3422 
3423 	levdatum->isalias = le32_to_cpu(buf[1]);
3424 
3425 	key = malloc(len + 1);
3426 	if (!key)
3427 		goto bad;
3428 	rc = next_entry(key, fp, len);
3429 	if (rc < 0)
3430 		goto bad;
3431 	key[len] = 0;
3432 
3433 	levdatum->level = malloc(sizeof(mls_level_t));
3434 	if (!levdatum->level || mls_read_level(levdatum->level, fp))
3435 		goto bad;
3436 
3437 	if (hashtab_insert(h, key, levdatum))
3438 		goto bad;
3439 
3440 	return 0;
3441 
3442       bad:
3443 	sens_destroy(key, levdatum, NULL);
3444 	return -1;
3445 }
3446 
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3447 static int cat_read(policydb_t * p
3448 		    __attribute__ ((unused)), hashtab_t h,
3449 		    struct policy_file *fp)
3450 {
3451 	char *key = 0;
3452 	cat_datum_t *catdatum;
3453 	uint32_t buf[3], len;
3454 	int rc;
3455 
3456 	catdatum = malloc(sizeof(cat_datum_t));
3457 	if (!catdatum)
3458 		return -1;
3459 	cat_datum_init(catdatum);
3460 
3461 	rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
3462 	if (rc < 0)
3463 		goto bad;
3464 
3465 	len = le32_to_cpu(buf[0]);
3466 	if(zero_or_saturated(len))
3467 		goto bad;
3468 
3469 	catdatum->s.value = le32_to_cpu(buf[1]);
3470 	catdatum->isalias = le32_to_cpu(buf[2]);
3471 
3472 	key = malloc(len + 1);
3473 	if (!key)
3474 		goto bad;
3475 	rc = next_entry(key, fp, len);
3476 	if (rc < 0)
3477 		goto bad;
3478 	key[len] = 0;
3479 
3480 	if (hashtab_insert(h, key, catdatum))
3481 		goto bad;
3482 
3483 	return 0;
3484 
3485       bad:
3486 	cat_destroy(key, catdatum, NULL);
3487 	return -1;
3488 }
3489 
3490 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
3491 			       struct policy_file * fp) = {
3492 common_read, class_read, role_read, type_read, user_read,
3493 	    cond_read_bool, sens_read, cat_read,};
3494 
3495 /************** module reading functions below **************/
3496 
avrule_read(policydb_t * p,struct policy_file * fp)3497 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
3498 {
3499 	unsigned int i;
3500 	uint32_t buf[2], len;
3501 	class_perm_node_t *cur, *tail = NULL;
3502 	avrule_t *avrule;
3503 	int rc;
3504 
3505 	avrule = (avrule_t *) malloc(sizeof(avrule_t));
3506 	if (!avrule)
3507 		return NULL;
3508 
3509 	avrule_init(avrule);
3510 
3511 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3512 	if (rc < 0)
3513 		goto bad;
3514 
3515 	avrule->specified = le32_to_cpu(buf[0]);
3516 	avrule->flags = le32_to_cpu(buf[1]);
3517 
3518 	if (type_set_read(&avrule->stypes, fp))
3519 		goto bad;
3520 
3521 	if (type_set_read(&avrule->ttypes, fp))
3522 		goto bad;
3523 
3524 	rc = next_entry(buf, fp, sizeof(uint32_t));
3525 	if (rc < 0)
3526 		goto bad;
3527 	len = le32_to_cpu(buf[0]);
3528 
3529 	for (i = 0; i < len; i++) {
3530 		cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3531 		if (!cur)
3532 			goto bad;
3533 		class_perm_node_init(cur);
3534 
3535 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3536 		if (rc < 0) {
3537 			free(cur);
3538 			goto bad;
3539 		}
3540 
3541 		cur->tclass = le32_to_cpu(buf[0]);
3542 		cur->data = le32_to_cpu(buf[1]);
3543 
3544 		if (!tail) {
3545 			avrule->perms = cur;
3546 		} else {
3547 			tail->next = cur;
3548 		}
3549 		tail = cur;
3550 	}
3551 
3552 	if (avrule->specified & AVRULE_XPERMS) {
3553 		uint8_t buf8;
3554 		size_t nel = ARRAY_SIZE(avrule->xperms->perms);
3555 		uint32_t buf32[nel];
3556 
3557 		if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
3558 			ERR(fp->handle,
3559 			    "module policy version %u does not support ioctl"
3560 			    " extended permissions rules and one was specified",
3561 			    p->policyvers);
3562 			goto bad;
3563 		}
3564 
3565 		if (p->target_platform != SEPOL_TARGET_SELINUX) {
3566 			ERR(fp->handle,
3567 			    "Target platform %s does not support ioctl"
3568 			    " extended permissions rules and one was specified",
3569 			    policydb_target_strings[p->target_platform]);
3570 			goto bad;
3571 		}
3572 
3573 		avrule->xperms = calloc(1, sizeof(*avrule->xperms));
3574 		if (!avrule->xperms)
3575 			goto bad;
3576 
3577 		rc = next_entry(&buf8, fp, sizeof(uint8_t));
3578 		if (rc < 0) {
3579 			ERR(fp->handle, "truncated entry");
3580 			goto bad;
3581 		}
3582 		avrule->xperms->specified = buf8;
3583 		rc = next_entry(&buf8, fp, sizeof(uint8_t));
3584 		if (rc < 0) {
3585 			ERR(fp->handle, "truncated entry");
3586 			goto bad;
3587 		}
3588 		avrule->xperms->driver = buf8;
3589 		rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
3590 		if (rc < 0) {
3591 			ERR(fp->handle, "truncated entry");
3592 			goto bad;
3593 		}
3594 		for (i = 0; i < nel; i++)
3595 			avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
3596 	}
3597 
3598 	return avrule;
3599       bad:
3600 	if (avrule) {
3601 		avrule_destroy(avrule);
3602 		free(avrule);
3603 	}
3604 	return NULL;
3605 }
3606 
range_read(policydb_t * p,struct policy_file * fp)3607 static int range_read(policydb_t * p, struct policy_file *fp)
3608 {
3609 	uint32_t buf[2], nel;
3610 	range_trans_t *rt = NULL;
3611 	struct mls_range *r = NULL;
3612 	range_trans_rule_t *rtr = NULL, *lrtr = NULL;
3613 	unsigned int i;
3614 	int new_rangetr = (p->policy_type == POLICY_KERN &&
3615 			   p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3616 	int rc;
3617 
3618 	rc = next_entry(buf, fp, sizeof(uint32_t));
3619 	if (rc < 0)
3620 		return -1;
3621 	nel = le32_to_cpu(buf[0]);
3622 	for (i = 0; i < nel; i++) {
3623 		rt = calloc(1, sizeof(range_trans_t));
3624 		if (!rt)
3625 			return -1;
3626 		rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3627 		if (rc < 0)
3628 			goto err;
3629 		rt->source_type = le32_to_cpu(buf[0]);
3630 		if (!value_isvalid(rt->source_type, p->p_types.nprim))
3631 			goto err;
3632 		rt->target_type = le32_to_cpu(buf[1]);
3633 		if (!value_isvalid(rt->target_type, p->p_types.nprim))
3634 			goto err;
3635 		if (new_rangetr) {
3636 			rc = next_entry(buf, fp, (sizeof(uint32_t)));
3637 			if (rc < 0)
3638 				goto err;
3639 			rt->target_class = le32_to_cpu(buf[0]);
3640 			if (!value_isvalid(rt->target_class, p->p_classes.nprim))
3641 				goto err;
3642 		} else
3643 			rt->target_class = p->process_class;
3644 		r = calloc(1, sizeof(*r));
3645 		if (!r)
3646 			goto err;
3647 		if (mls_read_range_helper(r, fp))
3648 			goto err;
3649 
3650 		if (p->policy_type == POLICY_KERN) {
3651 			rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
3652 			if (rc)
3653 				goto err;
3654 			rt = NULL;
3655 			r = NULL;
3656 			continue;
3657 		}
3658 
3659 		/* Module policy: convert to range_trans_rule and discard. */
3660 		rtr = malloc(sizeof(range_trans_rule_t));
3661 		if (!rtr)
3662 			goto err;
3663 		range_trans_rule_init(rtr);
3664 
3665 		if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3666 			goto err;
3667 
3668 		if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3669 			goto err;
3670 
3671 		if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3672 			goto err;
3673 
3674 		if (mls_range_to_semantic(r, &rtr->trange))
3675 			goto err;
3676 
3677 		if (lrtr)
3678 			lrtr->next = rtr;
3679 		else
3680 			p->global->enabled->range_tr_rules = rtr;
3681 
3682 		free(rt);
3683 		rt = NULL;
3684 		free(r);
3685 		r = NULL;
3686 		lrtr = rtr;
3687 	}
3688 
3689 	return 0;
3690 err:
3691 	free(rt);
3692 	if (r) {
3693 		mls_range_destroy(r);
3694 		free(r);
3695 	}
3696 	if (rtr) {
3697 		range_trans_rule_destroy(rtr);
3698 		free(rtr);
3699 	}
3700 	return -1;
3701 }
3702 
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3703 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3704 		     struct policy_file *fp)
3705 {
3706 	unsigned int i;
3707 	avrule_t *cur, *tail;
3708 	uint32_t buf[1], len;
3709 	int rc;
3710 
3711 	*avrules = tail = NULL;
3712 
3713 	rc = next_entry(buf, fp, sizeof(uint32_t));
3714 	if (rc < 0) {
3715 		return -1;
3716 	}
3717 	len = le32_to_cpu(buf[0]);
3718 
3719 	for (i = 0; i < len; i++) {
3720 		cur = avrule_read(p, fp);
3721 		if (!cur) {
3722 			return -1;
3723 		}
3724 
3725 		if (!tail) {
3726 			*avrules = cur;
3727 		} else {
3728 			tail->next = cur;
3729 		}
3730 		tail = cur;
3731 	}
3732 
3733 	return 0;
3734 }
3735 
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3736 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3737 				struct policy_file *fp)
3738 {
3739 	uint32_t buf[1], nel;
3740 	unsigned int i;
3741 	role_trans_rule_t *tr, *ltr;
3742 	int rc;
3743 
3744 	rc = next_entry(buf, fp, sizeof(uint32_t));
3745 	if (rc < 0)
3746 		return -1;
3747 	nel = le32_to_cpu(buf[0]);
3748 	ltr = NULL;
3749 	for (i = 0; i < nel; i++) {
3750 		tr = malloc(sizeof(role_trans_rule_t));
3751 		if (!tr) {
3752 			return -1;
3753 		}
3754 		role_trans_rule_init(tr);
3755 
3756 		if (ltr) {
3757 			ltr->next = tr;
3758 		} else {
3759 			*r = tr;
3760 		}
3761 
3762 		if (role_set_read(&tr->roles, fp))
3763 			return -1;
3764 
3765 		if (type_set_read(&tr->types, fp))
3766 			return -1;
3767 
3768 		if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3769 			if (ebitmap_read(&tr->classes, fp))
3770 				return -1;
3771 		} else {
3772 			if (!p->process_class)
3773 				return -1;
3774 			if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1))
3775 				return -1;
3776 		}
3777 
3778 		rc = next_entry(buf, fp, sizeof(uint32_t));
3779 		if (rc < 0)
3780 			return -1;
3781 		tr->new_role = le32_to_cpu(buf[0]);
3782 		ltr = tr;
3783 	}
3784 
3785 	return 0;
3786 }
3787 
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3788 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3789 {
3790 	unsigned int i;
3791 	uint32_t buf[1], nel;
3792 	role_allow_rule_t *ra, *lra;
3793 	int rc;
3794 
3795 	rc = next_entry(buf, fp, sizeof(uint32_t));
3796 	if (rc < 0)
3797 		return -1;
3798 	nel = le32_to_cpu(buf[0]);
3799 	lra = NULL;
3800 	for (i = 0; i < nel; i++) {
3801 		ra = malloc(sizeof(role_allow_rule_t));
3802 		if (!ra) {
3803 			return -1;
3804 		}
3805 		role_allow_rule_init(ra);
3806 
3807 		if (lra) {
3808 			lra->next = ra;
3809 		} else {
3810 			*r = ra;
3811 		}
3812 
3813 		if (role_set_read(&ra->roles, fp))
3814 			return -1;
3815 
3816 		if (role_set_read(&ra->new_roles, fp))
3817 			return -1;
3818 
3819 		lra = ra;
3820 	}
3821 	return 0;
3822 }
3823 
filename_trans_rule_read(filename_trans_rule_t ** r,struct policy_file * fp)3824 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3825 {
3826 	uint32_t buf[2], nel;
3827 	unsigned int i, len;
3828 	filename_trans_rule_t *ftr, *lftr;
3829 	int rc;
3830 
3831 	rc = next_entry(buf, fp, sizeof(uint32_t));
3832 	if (rc < 0)
3833 		return -1;
3834 	nel = le32_to_cpu(buf[0]);
3835 	lftr = NULL;
3836 	for (i = 0; i < nel; i++) {
3837 		ftr = malloc(sizeof(*ftr));
3838 		if (!ftr)
3839 			return -1;
3840 
3841 		filename_trans_rule_init(ftr);
3842 
3843 		if (lftr)
3844 			lftr->next = ftr;
3845 		else
3846 			*r = ftr;
3847 		lftr = ftr;
3848 
3849 		rc = next_entry(buf, fp, sizeof(uint32_t));
3850 		if (rc < 0)
3851 			return -1;
3852 
3853 		len = le32_to_cpu(buf[0]);
3854 		if (zero_or_saturated(len))
3855 			return -1;
3856 
3857 		ftr->name = malloc(len + 1);
3858 		if (!ftr->name)
3859 			return -1;
3860 
3861 		rc = next_entry(ftr->name, fp, len);
3862 		if (rc)
3863 			return -1;
3864 		ftr->name[len] = 0;
3865 
3866 		if (type_set_read(&ftr->stypes, fp))
3867 			return -1;
3868 
3869 		if (type_set_read(&ftr->ttypes, fp))
3870 			return -1;
3871 
3872 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3873 		if (rc < 0)
3874 			return -1;
3875 		ftr->tclass = le32_to_cpu(buf[0]);
3876 		ftr->otype = le32_to_cpu(buf[1]);
3877 	}
3878 
3879 	return 0;
3880 }
3881 
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3882 static int range_trans_rule_read(range_trans_rule_t ** r,
3883 				 struct policy_file *fp)
3884 {
3885 	uint32_t buf[1], nel;
3886 	unsigned int i;
3887 	range_trans_rule_t *rt, *lrt = NULL;
3888 	int rc;
3889 
3890 	rc = next_entry(buf, fp, sizeof(uint32_t));
3891 	if (rc < 0)
3892 		return -1;
3893 	nel = le32_to_cpu(buf[0]);
3894 	for (i = 0; i < nel; i++) {
3895 		rt = malloc(sizeof(range_trans_rule_t));
3896 		if (!rt) {
3897 			return -1;
3898 		}
3899 		range_trans_rule_init(rt);
3900 
3901 		if (lrt)
3902 			lrt->next = rt;
3903 		else
3904 			*r = rt;
3905 
3906 		if (type_set_read(&rt->stypes, fp))
3907 			return -1;
3908 
3909 		if (type_set_read(&rt->ttypes, fp))
3910 			return -1;
3911 
3912 		if (ebitmap_read(&rt->tclasses, fp))
3913 			return -1;
3914 
3915 		if (mls_read_semantic_range_helper(&rt->trange, fp))
3916 			return -1;
3917 
3918 		lrt = rt;
3919 	}
3920 
3921 	return 0;
3922 }
3923 
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3924 static int scope_index_read(scope_index_t * scope_index,
3925 			    unsigned int num_scope_syms, struct policy_file *fp)
3926 {
3927 	unsigned int i;
3928 	uint32_t buf[1];
3929 	int rc;
3930 
3931 	for (i = 0; i < num_scope_syms; i++) {
3932 		if (ebitmap_read(scope_index->scope + i, fp) < 0) {
3933 			return -1;
3934 		}
3935 	}
3936 	rc = next_entry(buf, fp, sizeof(uint32_t));
3937 	if (rc < 0)
3938 		return -1;
3939 	scope_index->class_perms_len = le32_to_cpu(buf[0]);
3940 	if (is_saturated(scope_index->class_perms_len))
3941 		return -1;
3942 	if (scope_index->class_perms_len == 0) {
3943 		scope_index->class_perms_map = NULL;
3944 		return 0;
3945 	}
3946 	if ((scope_index->class_perms_map =
3947 	     calloc(scope_index->class_perms_len,
3948 		    sizeof(*scope_index->class_perms_map))) == NULL) {
3949 		return -1;
3950 	}
3951 	for (i = 0; i < scope_index->class_perms_len; i++) {
3952 		if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
3953 			return -1;
3954 		}
3955 	}
3956 	return 0;
3957 }
3958 
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3959 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3960 			    unsigned int num_scope_syms, struct policy_file *fp)
3961 {
3962 	uint32_t buf[2], nprim, nel;
3963 	unsigned int i, j;
3964 	int rc;
3965 
3966 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3967 	if (rc < 0)
3968 		return -1;
3969 	decl->decl_id = le32_to_cpu(buf[0]);
3970 	decl->enabled = le32_to_cpu(buf[1]);
3971 	if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3972 	    avrule_read_list(p, &decl->avrules, fp) == -1 ||
3973 	    role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3974 	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3975 		return -1;
3976 	}
3977 
3978 	if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3979 	    filename_trans_rule_read(&decl->filename_trans_rules, fp))
3980 		return -1;
3981 
3982 	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3983 	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3984 		return -1;
3985 	}
3986 	if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3987 	    scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3988 		return -1;
3989 	}
3990 
3991 	for (i = 0; i < num_scope_syms; i++) {
3992 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3993 		if (rc < 0)
3994 			return -1;
3995 		nprim = le32_to_cpu(buf[0]);
3996 		if (is_saturated(nprim))
3997 			return -1;
3998 		nel = le32_to_cpu(buf[1]);
3999 		for (j = 0; j < nel; j++) {
4000 			if (read_f[i] (p, decl->symtab[i].table, fp)) {
4001 				return -1;
4002 			}
4003 		}
4004 		decl->symtab[i].nprim = nprim;
4005 	}
4006 	return 0;
4007 }
4008 
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)4009 static int avrule_block_read(policydb_t * p,
4010 			     avrule_block_t ** block,
4011 			     unsigned int num_scope_syms,
4012 			     struct policy_file *fp)
4013 {
4014 	avrule_block_t *last_block = NULL, *curblock;
4015 	uint32_t buf[1], num_blocks, nel;
4016 	int rc;
4017 
4018 	assert(*block == NULL);
4019 
4020 	rc = next_entry(buf, fp, sizeof(uint32_t));
4021 	if (rc < 0)
4022 		return -1;
4023 	num_blocks = le32_to_cpu(buf[0]);
4024 	nel = num_blocks;
4025 	while (num_blocks > 0) {
4026 		avrule_decl_t *last_decl = NULL, *curdecl;
4027 		uint32_t num_decls;
4028 		if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
4029 			return -1;
4030 		}
4031 		rc = next_entry(buf, fp, sizeof(uint32_t));
4032 		if (rc < 0) {
4033 			free(curblock);
4034 			return -1;
4035 		}
4036 		/* if this is the first block its non-optional, else its optional */
4037 		if (num_blocks != nel)
4038 			curblock->flags |= AVRULE_OPTIONAL;
4039 
4040 		num_decls = le32_to_cpu(buf[0]);
4041 		while (num_decls > 0) {
4042 			if ((curdecl = avrule_decl_create(0)) == NULL) {
4043 				avrule_block_destroy(curblock);
4044 				return -1;
4045 			}
4046 			if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
4047 			    -1) {
4048 				avrule_decl_destroy(curdecl);
4049 				avrule_block_destroy(curblock);
4050 				return -1;
4051 			}
4052 			if (curdecl->enabled) {
4053 				if (curblock->enabled != NULL) {
4054 					/* probably a corrupt file */
4055 					avrule_decl_destroy(curdecl);
4056 					avrule_block_destroy(curblock);
4057 					return -1;
4058 				}
4059 				curblock->enabled = curdecl;
4060 			}
4061 			/* one must be careful to reconstruct the
4062 			 * decl chain in its correct order */
4063 			if (curblock->branch_list == NULL) {
4064 				curblock->branch_list = curdecl;
4065 			} else {
4066 				assert(last_decl);
4067 				last_decl->next = curdecl;
4068 			}
4069 			last_decl = curdecl;
4070 			num_decls--;
4071 		}
4072 
4073 		if (*block == NULL) {
4074 			*block = curblock;
4075 		} else {
4076 			assert(last_block);
4077 			last_block->next = curblock;
4078 		}
4079 		last_block = curblock;
4080 
4081 		num_blocks--;
4082 	}
4083 
4084 	return 0;
4085 }
4086 
scope_read(policydb_t * p,int symnum,struct policy_file * fp)4087 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
4088 {
4089 	scope_datum_t *scope = NULL;
4090 	uint32_t buf[2];
4091 	char *key = NULL;
4092 	size_t key_len;
4093 	unsigned int i;
4094 	hashtab_t h = p->scope[symnum].table;
4095 	int rc;
4096 
4097 	rc = next_entry(buf, fp, sizeof(uint32_t));
4098 	if (rc < 0)
4099 		goto cleanup;
4100 	key_len = le32_to_cpu(buf[0]);
4101 	if (zero_or_saturated(key_len))
4102 		goto cleanup;
4103 	key = malloc(key_len + 1);
4104 	if (!key)
4105 		goto cleanup;
4106 	rc = next_entry(key, fp, key_len);
4107 	if (rc < 0)
4108 		goto cleanup;
4109 	key[key_len] = '\0';
4110 
4111 	/* ensure that there already exists a symbol with this key */
4112 	if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
4113 		goto cleanup;
4114 	}
4115 
4116 	if ((scope = calloc(1, sizeof(*scope))) == NULL) {
4117 		goto cleanup;
4118 	}
4119 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4120 	if (rc < 0)
4121 		goto cleanup;
4122 	scope->scope = le32_to_cpu(buf[0]);
4123 	scope->decl_ids_len = le32_to_cpu(buf[1]);
4124 	if (zero_or_saturated(scope->decl_ids_len)) {
4125 		ERR(fp->handle, "invalid scope with no declaration");
4126 		goto cleanup;
4127 	}
4128 	if ((scope->decl_ids =
4129 	     mallocarray(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
4130 		goto cleanup;
4131 	}
4132 	rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
4133 	if (rc < 0)
4134 		goto cleanup;
4135 	for (i = 0; i < scope->decl_ids_len; i++) {
4136 		scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
4137 	}
4138 
4139 	if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
4140 		/* object_r was already added to this table in roles_init() */
4141 		scope_destroy(key, scope, NULL);
4142 	} else {
4143 		if (hashtab_insert(h, key, scope)) {
4144 			goto cleanup;
4145 		}
4146 	}
4147 
4148 	return 0;
4149 
4150       cleanup:
4151 	scope_destroy(key, scope, NULL);
4152 	return -1;
4153 }
4154 
policydb_string_to_security_class(struct policydb * policydb,const char * class_name)4155 static sepol_security_class_t policydb_string_to_security_class(
4156 	struct policydb *policydb,
4157 	const char *class_name)
4158 {
4159 	class_datum_t *tclass_datum;
4160 
4161 	tclass_datum = hashtab_search(policydb->p_classes.table,
4162 				      (hashtab_key_t) class_name);
4163 	if (!tclass_datum)
4164 		return 0;
4165 	return tclass_datum->s.value;
4166 }
4167 
policydb_string_to_av_perm(struct policydb * policydb,sepol_security_class_t tclass,const char * perm_name)4168 static sepol_access_vector_t policydb_string_to_av_perm(
4169 	struct policydb *policydb,
4170 	sepol_security_class_t tclass,
4171 	const char *perm_name)
4172 {
4173 	class_datum_t *tclass_datum;
4174 	perm_datum_t *perm_datum;
4175 
4176 	if (!tclass || tclass > policydb->p_classes.nprim)
4177 		return 0;
4178 	tclass_datum = policydb->class_val_to_struct[tclass - 1];
4179 
4180 	perm_datum = (perm_datum_t *)
4181 			hashtab_search(tclass_datum->permissions.table,
4182 			(hashtab_key_t)perm_name);
4183 	if (perm_datum != NULL)
4184 		return UINT32_C(1) << (perm_datum->s.value - 1);
4185 
4186 	if (tclass_datum->comdatum == NULL)
4187 		return 0;
4188 
4189 	perm_datum = (perm_datum_t *)
4190 			hashtab_search(tclass_datum->comdatum->permissions.table,
4191 			(hashtab_key_t)perm_name);
4192 
4193 	if (perm_datum != NULL)
4194 		return UINT32_C(1) << (perm_datum->s.value - 1);
4195 
4196 	return 0;
4197 }
4198 
4199 
4200 /*
4201  * Read the configuration data from a policy database binary
4202  * representation file into a policy database structure.
4203  */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)4204 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
4205 {
4206 
4207 	unsigned int i, j, r_policyvers;
4208 	uint32_t buf[5];
4209 	size_t len, nprim, nel;
4210 	char *policydb_str;
4211 	const struct policydb_compat_info *info;
4212 	unsigned int policy_type, bufindex;
4213 	ebitmap_node_t *tnode;
4214 	int rc;
4215 
4216 	/* Read the magic number and string length. */
4217 	rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4218 	if (rc < 0)
4219 		return POLICYDB_ERROR;
4220 	for (i = 0; i < 2; i++)
4221 		buf[i] = le32_to_cpu(buf[i]);
4222 
4223 	if (buf[0] == POLICYDB_MAGIC) {
4224 		policy_type = POLICY_KERN;
4225 	} else if (buf[0] == POLICYDB_MOD_MAGIC) {
4226 		policy_type = POLICY_MOD;
4227 	} else {
4228 		ERR(fp->handle, "policydb magic number %#08x does not "
4229 		    "match expected magic number %#08x or %#08x",
4230 		    buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
4231 		return POLICYDB_ERROR;
4232 	}
4233 
4234 	len = buf[1];
4235 	if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
4236 		ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
4237 		return POLICYDB_ERROR;
4238 	}
4239 
4240 	policydb_str = malloc(len + 1);
4241 	if (!policydb_str) {
4242 		ERR(fp->handle, "unable to allocate memory for policydb "
4243 		    "string of length %zu", len);
4244 		return POLICYDB_ERROR;
4245 	}
4246 	rc = next_entry(policydb_str, fp, len);
4247 	if (rc < 0) {
4248 		ERR(fp->handle, "truncated policydb string identifier");
4249 		free(policydb_str);
4250 		return POLICYDB_ERROR;
4251 	}
4252 	policydb_str[len] = 0;
4253 
4254 	if (policy_type == POLICY_KERN) {
4255 		for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
4256 			if ((strcmp(policydb_str, policydb_target_strings[i])
4257 				== 0)) {
4258 				policydb_set_target_platform(p, i);
4259 				break;
4260 			}
4261 		}
4262 
4263 		if (i == POLICYDB_TARGET_SZ) {
4264 			ERR(fp->handle, "cannot find a valid target for policy "
4265 				"string %s", policydb_str);
4266 			free(policydb_str);
4267 			return POLICYDB_ERROR;
4268 		}
4269 	} else {
4270 		if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
4271 			ERR(fp->handle, "invalid string identifier %s",
4272 				policydb_str);
4273 			free(policydb_str);
4274 			return POLICYDB_ERROR;
4275 		}
4276 	}
4277 
4278 	/* Done with policydb_str. */
4279 	free(policydb_str);
4280 	policydb_str = NULL;
4281 
4282 	/* Read the version, config, and table sizes (and policy type if it's a module). */
4283 	if (policy_type == POLICY_KERN)
4284 		nel = 4;
4285 	else
4286 		nel = 5;
4287 
4288 	rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
4289 	if (rc < 0)
4290 		return POLICYDB_ERROR;
4291 	for (i = 0; i < nel; i++)
4292 		buf[i] = le32_to_cpu(buf[i]);
4293 
4294 	bufindex = 0;
4295 
4296 	if (policy_type == POLICY_MOD) {
4297 		/* We know it's a module but not whether it's a base
4298 		   module or regular binary policy module.  buf[0]
4299 		   tells us which. */
4300 		policy_type = buf[bufindex];
4301 		if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
4302 			ERR(fp->handle, "unknown module type: %#08x",
4303 			    policy_type);
4304 			return POLICYDB_ERROR;
4305 		}
4306 		bufindex++;
4307 	}
4308 
4309 	r_policyvers = buf[bufindex];
4310 	if (policy_type == POLICY_KERN) {
4311 		if (r_policyvers < POLICYDB_VERSION_MIN ||
4312 		    r_policyvers > POLICYDB_VERSION_MAX) {
4313 			ERR(fp->handle, "policydb version %d does not match "
4314 			    "my version range %d-%d", buf[bufindex],
4315 			    POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
4316 			return POLICYDB_ERROR;
4317 		}
4318 	} else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
4319 		if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
4320 		    r_policyvers > MOD_POLICYDB_VERSION_MAX) {
4321 			ERR(fp->handle, "policydb module version %d does "
4322 			    "not match my version range %d-%d",
4323 			    buf[bufindex], MOD_POLICYDB_VERSION_MIN,
4324 			    MOD_POLICYDB_VERSION_MAX);
4325 			return POLICYDB_ERROR;
4326 		}
4327 	} else {
4328 		assert(0);
4329 	}
4330 	bufindex++;
4331 
4332 	/* Set the policy type and version from the read values. */
4333 	p->policy_type = policy_type;
4334 	p->policyvers = r_policyvers;
4335 
4336 	if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
4337 		p->mls = 1;
4338 	} else {
4339 		p->mls = 0;
4340 	}
4341 
4342 	p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
4343 
4344 	bufindex++;
4345 
4346 	info = policydb_lookup_compat(r_policyvers, policy_type,
4347 					p->target_platform);
4348 	if (!info) {
4349 		ERR(fp->handle, "unable to find policy compat info "
4350 		    "for version %d", r_policyvers);
4351 		goto bad;
4352 	}
4353 
4354 	if (buf[bufindex] != info->sym_num
4355 	    || buf[bufindex + 1] != info->ocon_num) {
4356 		ERR(fp->handle,
4357 		    "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
4358 		    buf[bufindex], buf[bufindex + 1], info->sym_num,
4359 		    info->ocon_num);
4360 		goto bad;
4361 	}
4362 
4363 	if (p->policy_type == POLICY_MOD) {
4364 		/* Get the module name and version */
4365 		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4366 			goto bad;
4367 		}
4368 		len = le32_to_cpu(buf[0]);
4369 		if (zero_or_saturated(len))
4370 			goto bad;
4371 		if ((p->name = malloc(len + 1)) == NULL) {
4372 			goto bad;
4373 		}
4374 		if ((rc = next_entry(p->name, fp, len)) < 0) {
4375 			goto bad;
4376 		}
4377 		p->name[len] = '\0';
4378 		if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4379 			goto bad;
4380 		}
4381 		len = le32_to_cpu(buf[0]);
4382 		if (zero_or_saturated(len))
4383 			goto bad;
4384 		if ((p->version = malloc(len + 1)) == NULL) {
4385 			goto bad;
4386 		}
4387 		if ((rc = next_entry(p->version, fp, len)) < 0) {
4388 			goto bad;
4389 		}
4390 		p->version[len] = '\0';
4391 	}
4392 
4393 	if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
4394 	     p->policy_type == POLICY_KERN) ||
4395 	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4396 	     p->policy_type == POLICY_BASE) ||
4397 	    (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4398 	     p->policy_type == POLICY_MOD)) {
4399 		if (ebitmap_read(&p->policycaps, fp))
4400 			goto bad;
4401 	}
4402 
4403 	if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
4404 	    p->policy_type == POLICY_KERN) {
4405 		if (ebitmap_read(&p->permissive_map, fp))
4406 			goto bad;
4407 	}
4408 
4409 	for (i = 0; i < info->sym_num; i++) {
4410 		rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4411 		if (rc < 0)
4412 			goto bad;
4413 		nprim = le32_to_cpu(buf[0]);
4414 		if (is_saturated(nprim))
4415 			goto bad;
4416 		nel = le32_to_cpu(buf[1]);
4417 		if (nel && !nprim) {
4418 			ERR(fp->handle, "unexpected items in symbol table with no symbol");
4419 			goto bad;
4420 		}
4421 		for (j = 0; j < nel; j++) {
4422 			if (read_f[i] (p, p->symtab[i].table, fp))
4423 				goto bad;
4424 		}
4425 
4426 		p->symtab[i].nprim = nprim;
4427 	}
4428 
4429 	switch (p->target_platform) {
4430 	case SEPOL_TARGET_SELINUX:
4431 		p->process_class = policydb_string_to_security_class(p, "process");
4432 		p->dir_class = policydb_string_to_security_class(p, "dir");
4433 		break;
4434 	case SEPOL_TARGET_XEN:
4435 		p->process_class = policydb_string_to_security_class(p, "domain");
4436 		break;
4437 	default:
4438 		break;
4439 	}
4440 
4441 	if (policy_type == POLICY_KERN) {
4442 		if (avtab_read(&p->te_avtab, fp, r_policyvers))
4443 			goto bad;
4444 		if (r_policyvers >= POLICYDB_VERSION_BOOL)
4445 			if (cond_read_list(p, &p->cond_list, fp))
4446 				goto bad;
4447 		if (role_trans_read(p, fp))
4448 			goto bad;
4449 		if (role_allow_read(&p->role_allow, fp))
4450 			goto bad;
4451 		if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
4452 		    filename_trans_read(p, fp))
4453 			goto bad;
4454 	} else {
4455 		/* first read the AV rule blocks, then the scope tables */
4456 		avrule_block_destroy(p->global);
4457 		p->global = NULL;
4458 		if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
4459 			goto bad;
4460 		}
4461 		if (p->global == NULL) {
4462 			ERR(fp->handle, "no avrule block in policy");
4463 			goto bad;
4464 		}
4465 		for (i = 0; i < info->sym_num; i++) {
4466 			if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4467 				goto bad;
4468 			}
4469 			nel = le32_to_cpu(buf[0]);
4470 			for (j = 0; j < nel; j++) {
4471 				if (scope_read(p, i, fp))
4472 					goto bad;
4473 			}
4474 		}
4475 
4476 	}
4477 
4478 	if (policydb_index_decls(fp->handle, p))
4479 		goto bad;
4480 
4481 	if (policydb_index_classes(p))
4482 		goto bad;
4483 
4484 	switch (p->target_platform) {
4485 	case SEPOL_TARGET_SELINUX:
4486 		/* fall through */
4487 	case SEPOL_TARGET_XEN:
4488 		p->process_trans = policydb_string_to_av_perm(p, p->process_class,
4489 							      "transition");
4490 		p->process_trans_dyntrans = p->process_trans |
4491 			policydb_string_to_av_perm(p, p->process_class,
4492 						   "dyntransition");
4493 		break;
4494 	default:
4495 		break;
4496 	}
4497 
4498 	if (policydb_index_others(fp->handle, p, verbose))
4499 		goto bad;
4500 
4501 	if (ocontext_read(info, p, fp) == -1) {
4502 		goto bad;
4503 	}
4504 
4505 	if (genfs_read(p, fp) == -1) {
4506 		goto bad;
4507 	}
4508 
4509 	if ((p->policy_type == POLICY_KERN
4510 	     && p->policyvers >= POLICYDB_VERSION_MLS)
4511 	    || (p->policy_type == POLICY_BASE
4512 		&& p->policyvers >= MOD_POLICYDB_VERSION_MLS
4513 		&& p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
4514 		if (range_read(p, fp)) {
4515 			goto bad;
4516 		}
4517 	}
4518 
4519 	if (policy_type == POLICY_KERN) {
4520 		p->type_attr_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
4521 		p->attr_type_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
4522 		if (!p->type_attr_map || !p->attr_type_map)
4523 			goto bad;
4524 		for (i = 0; i < p->p_types.nprim; i++) {
4525 			ebitmap_init(&p->type_attr_map[i]);
4526 			ebitmap_init(&p->attr_type_map[i]);
4527 		}
4528 		for (i = 0; i < p->p_types.nprim; i++) {
4529 			if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
4530 				if (ebitmap_read(&p->type_attr_map[i], fp))
4531 					goto bad;
4532 				ebitmap_for_each_positive_bit(&p->type_attr_map[i],
4533 							 tnode, j) {
4534 					if (i == j)
4535 						continue;
4536 
4537 					if (j >= p->p_types.nprim)
4538 						goto bad;
4539 
4540 					if (ebitmap_set_bit
4541 					    (&p->attr_type_map[j], i, 1))
4542 						goto bad;
4543 				}
4544 			}
4545 			/* add the type itself as the degenerate case */
4546 			if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
4547 				goto bad;
4548 			if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
4549 				if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
4550 					goto bad;
4551 			}
4552 		}
4553 	}
4554 
4555 	if (validate_policydb(fp->handle, p))
4556 		goto bad;
4557 
4558 	return POLICYDB_SUCCESS;
4559       bad:
4560 	return POLICYDB_ERROR;
4561 }
4562 
policydb_reindex_users(policydb_t * p)4563 int policydb_reindex_users(policydb_t * p)
4564 {
4565 	unsigned int i = SYM_USERS;
4566 
4567 	if (p->user_val_to_struct)
4568 		free(p->user_val_to_struct);
4569 	if (p->sym_val_to_name[i])
4570 		free(p->sym_val_to_name[i]);
4571 
4572 	p->user_val_to_struct = (user_datum_t **)
4573 	    calloc(p->p_users.nprim, sizeof(user_datum_t *));
4574 	if (!p->user_val_to_struct)
4575 		return -1;
4576 
4577 	p->sym_val_to_name[i] = (char **)
4578 	    calloc(p->symtab[i].nprim, sizeof(char *));
4579 	if (!p->sym_val_to_name[i])
4580 		return -1;
4581 
4582 	if (hashtab_map(p->symtab[i].table, index_f[i], p))
4583 		return -1;
4584 
4585 	/* Expand user roles for context validity checking */
4586 	if (hashtab_map(p->p_users.table, policydb_user_cache, p))
4587 		return -1;
4588 
4589 	return 0;
4590 }
4591 
policy_file_init(policy_file_t * pf)4592 void policy_file_init(policy_file_t *pf)
4593 {
4594 	memset(pf, 0, sizeof(policy_file_t));
4595 }
4596 
policydb_set_target_platform(policydb_t * p,int platform)4597 int policydb_set_target_platform(policydb_t *p, int platform)
4598 {
4599 	if (platform == SEPOL_TARGET_SELINUX)
4600 		p->target_platform = SEPOL_TARGET_SELINUX;
4601 	else if (platform == SEPOL_TARGET_XEN)
4602 		p->target_platform = SEPOL_TARGET_XEN;
4603 	else
4604 		return -1;
4605 
4606 	return 0;
4607 }
4608 
policydb_sort_ocontexts(policydb_t * p)4609 int policydb_sort_ocontexts(policydb_t *p)
4610 {
4611 	return sort_ocontexts(p);
4612 }
4613