1
2 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
3
4 /*
5 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
6 *
7 * Support for enhanced MLS infrastructure.
8 *
9 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
10 *
11 * Added conditional policy language extensions
12 *
13 * Updated: Red Hat, Inc. James Morris <jmorris@redhat.com>
14 * Fine-grained netlink support
15 * IPv6 support
16 * Code cleanup
17 *
18 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
19 * Copyright (C) 2003 - 2005 Tresys Technology, LLC
20 * Copyright (C) 2003 - 2007 Red Hat, Inc.
21 * Copyright (C) 2017 Mellanox Technologies Inc.
22 *
23 * This library is free software; you can redistribute it and/or
24 * modify it under the terms of the GNU Lesser General Public
25 * License as published by the Free Software Foundation; either
26 * version 2.1 of the License, or (at your option) any later version.
27 *
28 * This library is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
31 * Lesser General Public License for more details.
32 *
33 * You should have received a copy of the GNU Lesser General Public
34 * License along with this library; if not, write to the Free Software
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
36 */
37
38 /* FLASK */
39
40 /*
41 * Implementation of the policy database.
42 */
43
44 #include <assert.h>
45 #include <stdlib.h>
46
47 #include <sepol/policydb/policydb.h>
48 #include <sepol/policydb/expand.h>
49 #include <sepol/policydb/conditional.h>
50 #include <sepol/policydb/avrule_block.h>
51 #include <sepol/policydb/util.h>
52
53 #include "kernel_to_common.h"
54 #include "private.h"
55 #include "debug.h"
56 #include "mls.h"
57 #include "policydb_validate.h"
58
59 #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
60 const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
61
62 /* These need to be updated if SYM_NUM or OCON_NUM changes */
63 static const struct policydb_compat_info policydb_compat[] = {
64 {
65 .type = POLICY_KERN,
66 .version = POLICYDB_VERSION_BOUNDARY,
67 .sym_num = SYM_NUM,
68 .ocon_num = OCON_XEN_PCIDEVICE + 1,
69 .target_platform = SEPOL_TARGET_XEN,
70 },
71 {
72 .type = POLICY_KERN,
73 .version = POLICYDB_VERSION_XEN_DEVICETREE,
74 .sym_num = SYM_NUM,
75 .ocon_num = OCON_XEN_DEVICETREE + 1,
76 .target_platform = SEPOL_TARGET_XEN,
77 },
78 {
79 .type = POLICY_KERN,
80 .version = POLICYDB_VERSION_BASE,
81 .sym_num = SYM_NUM - 3,
82 .ocon_num = OCON_FSUSE + 1,
83 .target_platform = SEPOL_TARGET_SELINUX,
84 },
85 {
86 .type = POLICY_KERN,
87 .version = POLICYDB_VERSION_BOOL,
88 .sym_num = SYM_NUM - 2,
89 .ocon_num = OCON_FSUSE + 1,
90 .target_platform = SEPOL_TARGET_SELINUX,
91 },
92 {
93 .type = POLICY_KERN,
94 .version = POLICYDB_VERSION_IPV6,
95 .sym_num = SYM_NUM - 2,
96 .ocon_num = OCON_NODE6 + 1,
97 .target_platform = SEPOL_TARGET_SELINUX,
98 },
99 {
100 .type = POLICY_KERN,
101 .version = POLICYDB_VERSION_NLCLASS,
102 .sym_num = SYM_NUM - 2,
103 .ocon_num = OCON_NODE6 + 1,
104 .target_platform = SEPOL_TARGET_SELINUX,
105 },
106 {
107 .type = POLICY_KERN,
108 .version = POLICYDB_VERSION_MLS,
109 .sym_num = SYM_NUM,
110 .ocon_num = OCON_NODE6 + 1,
111 .target_platform = SEPOL_TARGET_SELINUX,
112 },
113 {
114 .type = POLICY_KERN,
115 .version = POLICYDB_VERSION_AVTAB,
116 .sym_num = SYM_NUM,
117 .ocon_num = OCON_NODE6 + 1,
118 .target_platform = SEPOL_TARGET_SELINUX,
119 },
120 {
121 .type = POLICY_KERN,
122 .version = POLICYDB_VERSION_RANGETRANS,
123 .sym_num = SYM_NUM,
124 .ocon_num = OCON_NODE6 + 1,
125 .target_platform = SEPOL_TARGET_SELINUX,
126 },
127 {
128 .type = POLICY_KERN,
129 .version = POLICYDB_VERSION_POLCAP,
130 .sym_num = SYM_NUM,
131 .ocon_num = OCON_NODE6 + 1,
132 .target_platform = SEPOL_TARGET_SELINUX,
133 },
134 {
135 .type = POLICY_KERN,
136 .version = POLICYDB_VERSION_PERMISSIVE,
137 .sym_num = SYM_NUM,
138 .ocon_num = OCON_NODE6 + 1,
139 .target_platform = SEPOL_TARGET_SELINUX,
140 },
141 {
142 .type = POLICY_KERN,
143 .version = POLICYDB_VERSION_BOUNDARY,
144 .sym_num = SYM_NUM,
145 .ocon_num = OCON_NODE6 + 1,
146 .target_platform = SEPOL_TARGET_SELINUX,
147 },
148 {
149 .type = POLICY_KERN,
150 .version = POLICYDB_VERSION_FILENAME_TRANS,
151 .sym_num = SYM_NUM,
152 .ocon_num = OCON_NODE6 + 1,
153 .target_platform = SEPOL_TARGET_SELINUX,
154 },
155 {
156 .type = POLICY_KERN,
157 .version = POLICYDB_VERSION_ROLETRANS,
158 .sym_num = SYM_NUM,
159 .ocon_num = OCON_NODE6 + 1,
160 .target_platform = SEPOL_TARGET_SELINUX,
161 },
162 {
163 .type = POLICY_KERN,
164 .version = POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
165 .sym_num = SYM_NUM,
166 .ocon_num = OCON_NODE6 + 1,
167 .target_platform = SEPOL_TARGET_SELINUX,
168 },
169 {
170 .type = POLICY_KERN,
171 .version = POLICYDB_VERSION_DEFAULT_TYPE,
172 .sym_num = SYM_NUM,
173 .ocon_num = OCON_NODE6 + 1,
174 .target_platform = SEPOL_TARGET_SELINUX,
175 },
176 {
177 .type = POLICY_KERN,
178 .version = POLICYDB_VERSION_CONSTRAINT_NAMES,
179 .sym_num = SYM_NUM,
180 .ocon_num = OCON_NODE6 + 1,
181 .target_platform = SEPOL_TARGET_SELINUX,
182 },
183 {
184 .type = POLICY_KERN,
185 .version = POLICYDB_VERSION_XPERMS_IOCTL,
186 .sym_num = SYM_NUM,
187 .ocon_num = OCON_NODE6 + 1,
188 .target_platform = SEPOL_TARGET_SELINUX,
189 },
190 {
191 .type = POLICY_KERN,
192 .version = POLICYDB_VERSION_INFINIBAND,
193 .sym_num = SYM_NUM,
194 .ocon_num = OCON_IBENDPORT + 1,
195 .target_platform = SEPOL_TARGET_SELINUX,
196 },
197 {
198 .type = POLICY_KERN,
199 .version = POLICYDB_VERSION_GLBLUB,
200 .sym_num = SYM_NUM,
201 .ocon_num = OCON_IBENDPORT + 1,
202 .target_platform = SEPOL_TARGET_SELINUX,
203 },
204 {
205 .type = POLICY_KERN,
206 .version = POLICYDB_VERSION_COMP_FTRANS,
207 .sym_num = SYM_NUM,
208 .ocon_num = OCON_IBENDPORT + 1,
209 .target_platform = SEPOL_TARGET_SELINUX,
210 },
211 {
212 .type = POLICY_BASE,
213 .version = MOD_POLICYDB_VERSION_BASE,
214 .sym_num = SYM_NUM,
215 .ocon_num = OCON_NODE6 + 1,
216 .target_platform = SEPOL_TARGET_SELINUX,
217 },
218 {
219 .type = POLICY_BASE,
220 .version = MOD_POLICYDB_VERSION_MLS,
221 .sym_num = SYM_NUM,
222 .ocon_num = OCON_NODE6 + 1,
223 .target_platform = SEPOL_TARGET_SELINUX,
224 },
225 {
226 .type = POLICY_BASE,
227 .version = MOD_POLICYDB_VERSION_MLS_USERS,
228 .sym_num = SYM_NUM,
229 .ocon_num = OCON_NODE6 + 1,
230 .target_platform = SEPOL_TARGET_SELINUX,
231 },
232 {
233 .type = POLICY_BASE,
234 .version = MOD_POLICYDB_VERSION_POLCAP,
235 .sym_num = SYM_NUM,
236 .ocon_num = OCON_NODE6 + 1,
237 .target_platform = SEPOL_TARGET_SELINUX,
238 },
239 {
240 .type = POLICY_BASE,
241 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
242 .sym_num = SYM_NUM,
243 .ocon_num = OCON_NODE6 + 1,
244 .target_platform = SEPOL_TARGET_SELINUX,
245 },
246 {
247 .type = POLICY_BASE,
248 .version = MOD_POLICYDB_VERSION_BOUNDARY,
249 .sym_num = SYM_NUM,
250 .ocon_num = OCON_NODE6 + 1,
251 .target_platform = SEPOL_TARGET_SELINUX,
252 },
253 {
254 .type = POLICY_BASE,
255 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
256 .sym_num = SYM_NUM,
257 .ocon_num = OCON_NODE6 + 1,
258 .target_platform = SEPOL_TARGET_SELINUX,
259 },
260 {
261 .type = POLICY_BASE,
262 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
263 .sym_num = SYM_NUM,
264 .ocon_num = OCON_NODE6 + 1,
265 .target_platform = SEPOL_TARGET_SELINUX,
266 },
267 {
268 .type = POLICY_BASE,
269 .version = MOD_POLICYDB_VERSION_ROLETRANS,
270 .sym_num = SYM_NUM,
271 .ocon_num = OCON_NODE6 + 1,
272 .target_platform = SEPOL_TARGET_SELINUX,
273 },
274 {
275 .type = POLICY_BASE,
276 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
277 .sym_num = SYM_NUM,
278 .ocon_num = OCON_NODE6 + 1,
279 .target_platform = SEPOL_TARGET_SELINUX,
280 },
281 {
282 .type = POLICY_BASE,
283 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
284 .sym_num = SYM_NUM,
285 .ocon_num = OCON_NODE6 + 1,
286 .target_platform = SEPOL_TARGET_SELINUX,
287 },
288 {
289 .type = POLICY_BASE,
290 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
291 .sym_num = SYM_NUM,
292 .ocon_num = OCON_NODE6 + 1,
293 .target_platform = SEPOL_TARGET_SELINUX,
294 },
295 {
296 .type = POLICY_BASE,
297 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
298 .sym_num = SYM_NUM,
299 .ocon_num = OCON_NODE6 + 1,
300 .target_platform = SEPOL_TARGET_SELINUX,
301 },
302 {
303 .type = POLICY_BASE,
304 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
305 .sym_num = SYM_NUM,
306 .ocon_num = OCON_NODE6 + 1,
307 .target_platform = SEPOL_TARGET_SELINUX,
308 },
309 {
310 .type = POLICY_BASE,
311 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
312 .sym_num = SYM_NUM,
313 .ocon_num = OCON_NODE6 + 1,
314 .target_platform = SEPOL_TARGET_SELINUX,
315 },
316 {
317 .type = POLICY_BASE,
318 .version = MOD_POLICYDB_VERSION_INFINIBAND,
319 .sym_num = SYM_NUM,
320 .ocon_num = OCON_IBENDPORT + 1,
321 .target_platform = SEPOL_TARGET_SELINUX,
322 },
323 {
324 .type = POLICY_BASE,
325 .version = MOD_POLICYDB_VERSION_GLBLUB,
326 .sym_num = SYM_NUM,
327 .ocon_num = OCON_IBENDPORT + 1,
328 .target_platform = SEPOL_TARGET_SELINUX,
329 },
330 {
331 .type = POLICY_MOD,
332 .version = MOD_POLICYDB_VERSION_BASE,
333 .sym_num = SYM_NUM,
334 .ocon_num = 0,
335 .target_platform = SEPOL_TARGET_SELINUX,
336 },
337 {
338 .type = POLICY_MOD,
339 .version = MOD_POLICYDB_VERSION_MLS,
340 .sym_num = SYM_NUM,
341 .ocon_num = 0,
342 .target_platform = SEPOL_TARGET_SELINUX,
343 },
344 {
345 .type = POLICY_MOD,
346 .version = MOD_POLICYDB_VERSION_MLS_USERS,
347 .sym_num = SYM_NUM,
348 .ocon_num = 0,
349 .target_platform = SEPOL_TARGET_SELINUX,
350 },
351 {
352 .type = POLICY_MOD,
353 .version = MOD_POLICYDB_VERSION_POLCAP,
354 .sym_num = SYM_NUM,
355 .ocon_num = 0,
356 .target_platform = SEPOL_TARGET_SELINUX,
357 },
358 {
359 .type = POLICY_MOD,
360 .version = MOD_POLICYDB_VERSION_PERMISSIVE,
361 .sym_num = SYM_NUM,
362 .ocon_num = 0,
363 .target_platform = SEPOL_TARGET_SELINUX,
364 },
365 {
366 .type = POLICY_MOD,
367 .version = MOD_POLICYDB_VERSION_BOUNDARY,
368 .sym_num = SYM_NUM,
369 .ocon_num = 0,
370 .target_platform = SEPOL_TARGET_SELINUX,
371 },
372 {
373 .type = POLICY_MOD,
374 .version = MOD_POLICYDB_VERSION_BOUNDARY_ALIAS,
375 .sym_num = SYM_NUM,
376 .ocon_num = 0,
377 .target_platform = SEPOL_TARGET_SELINUX,
378 },
379 {
380 .type = POLICY_MOD,
381 .version = MOD_POLICYDB_VERSION_FILENAME_TRANS,
382 .sym_num = SYM_NUM,
383 .ocon_num = 0,
384 .target_platform = SEPOL_TARGET_SELINUX,
385 },
386 {
387 .type = POLICY_MOD,
388 .version = MOD_POLICYDB_VERSION_ROLETRANS,
389 .sym_num = SYM_NUM,
390 .ocon_num = 0,
391 .target_platform = SEPOL_TARGET_SELINUX,
392 },
393 {
394 .type = POLICY_MOD,
395 .version = MOD_POLICYDB_VERSION_ROLEATTRIB,
396 .sym_num = SYM_NUM,
397 .ocon_num = 0,
398 .target_platform = SEPOL_TARGET_SELINUX,
399 },
400 {
401 .type = POLICY_MOD,
402 .version = MOD_POLICYDB_VERSION_TUNABLE_SEP,
403 .sym_num = SYM_NUM,
404 .ocon_num = 0,
405 .target_platform = SEPOL_TARGET_SELINUX,
406 },
407 {
408 .type = POLICY_MOD,
409 .version = MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS,
410 .sym_num = SYM_NUM,
411 .ocon_num = 0,
412 .target_platform = SEPOL_TARGET_SELINUX,
413 },
414 {
415 .type = POLICY_MOD,
416 .version = MOD_POLICYDB_VERSION_DEFAULT_TYPE,
417 .sym_num = SYM_NUM,
418 .ocon_num = 0,
419 .target_platform = SEPOL_TARGET_SELINUX,
420 },
421 {
422 .type = POLICY_MOD,
423 .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
424 .sym_num = SYM_NUM,
425 .ocon_num = 0,
426 .target_platform = SEPOL_TARGET_SELINUX,
427 },
428 {
429 .type = POLICY_MOD,
430 .version = MOD_POLICYDB_VERSION_XPERMS_IOCTL,
431 .sym_num = SYM_NUM,
432 .ocon_num = 0,
433 .target_platform = SEPOL_TARGET_SELINUX,
434 },
435 {
436 .type = POLICY_MOD,
437 .version = MOD_POLICYDB_VERSION_INFINIBAND,
438 .sym_num = SYM_NUM,
439 .ocon_num = 0,
440 .target_platform = SEPOL_TARGET_SELINUX,
441 },
442 {
443 .type = POLICY_MOD,
444 .version = MOD_POLICYDB_VERSION_GLBLUB,
445 .sym_num = SYM_NUM,
446 .ocon_num = 0,
447 .target_platform = SEPOL_TARGET_SELINUX,
448 },
449
450 };
451
452 #if 0
453 static char *symtab_name[SYM_NUM] = {
454 "common prefixes",
455 "classes",
456 "roles",
457 "types",
458 "users",
459 "bools" mls_symtab_names cond_symtab_names
460 };
461 #endif
462
463 static const unsigned int symtab_sizes[SYM_NUM] = {
464 2,
465 32,
466 16,
467 512,
468 128,
469 16,
470 16,
471 16,
472 };
473
policydb_lookup_compat(unsigned int version,unsigned int type,unsigned int target_platform)474 const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
475 unsigned int type,
476 unsigned int target_platform)
477 {
478 unsigned int i;
479 const struct policydb_compat_info *info = NULL;
480
481 for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
482 if (policydb_compat[i].version == version &&
483 policydb_compat[i].type == type &&
484 policydb_compat[i].target_platform == target_platform) {
485 info = &policydb_compat[i];
486 break;
487 }
488 }
489 return info;
490 }
491
type_set_init(type_set_t * x)492 void type_set_init(type_set_t * x)
493 {
494 memset(x, 0, sizeof(type_set_t));
495 ebitmap_init(&x->types);
496 ebitmap_init(&x->negset);
497 }
498
type_set_destroy(type_set_t * x)499 void type_set_destroy(type_set_t * x)
500 {
501 if (x != NULL) {
502 ebitmap_destroy(&x->types);
503 ebitmap_destroy(&x->negset);
504 }
505 }
506
role_set_init(role_set_t * x)507 void role_set_init(role_set_t * x)
508 {
509 memset(x, 0, sizeof(role_set_t));
510 ebitmap_init(&x->roles);
511 }
512
role_set_destroy(role_set_t * x)513 void role_set_destroy(role_set_t * x)
514 {
515 ebitmap_destroy(&x->roles);
516 }
517
role_datum_init(role_datum_t * x)518 void role_datum_init(role_datum_t * x)
519 {
520 memset(x, 0, sizeof(role_datum_t));
521 ebitmap_init(&x->dominates);
522 type_set_init(&x->types);
523 ebitmap_init(&x->cache);
524 ebitmap_init(&x->roles);
525 }
526
role_datum_destroy(role_datum_t * x)527 void role_datum_destroy(role_datum_t * x)
528 {
529 if (x != NULL) {
530 ebitmap_destroy(&x->dominates);
531 type_set_destroy(&x->types);
532 ebitmap_destroy(&x->cache);
533 ebitmap_destroy(&x->roles);
534 }
535 }
536
type_datum_init(type_datum_t * x)537 void type_datum_init(type_datum_t * x)
538 {
539 memset(x, 0, sizeof(*x));
540 ebitmap_init(&x->types);
541 }
542
type_datum_destroy(type_datum_t * x)543 void type_datum_destroy(type_datum_t * x)
544 {
545 if (x != NULL) {
546 ebitmap_destroy(&x->types);
547 }
548 }
549
user_datum_init(user_datum_t * x)550 void user_datum_init(user_datum_t * x)
551 {
552 memset(x, 0, sizeof(user_datum_t));
553 role_set_init(&x->roles);
554 mls_semantic_range_init(&x->range);
555 mls_semantic_level_init(&x->dfltlevel);
556 ebitmap_init(&x->cache);
557 mls_range_init(&x->exp_range);
558 mls_level_init(&x->exp_dfltlevel);
559 }
560
user_datum_destroy(user_datum_t * x)561 void user_datum_destroy(user_datum_t * x)
562 {
563 if (x != NULL) {
564 role_set_destroy(&x->roles);
565 mls_semantic_range_destroy(&x->range);
566 mls_semantic_level_destroy(&x->dfltlevel);
567 ebitmap_destroy(&x->cache);
568 mls_range_destroy(&x->exp_range);
569 mls_level_destroy(&x->exp_dfltlevel);
570 }
571 }
572
level_datum_init(level_datum_t * x)573 void level_datum_init(level_datum_t * x)
574 {
575 memset(x, 0, sizeof(level_datum_t));
576 }
577
level_datum_destroy(level_datum_t * x)578 void level_datum_destroy(level_datum_t * x __attribute__ ((unused)))
579 {
580 /* the mls_level_t referenced by the level_datum is managed
581 * separately for now, so there is nothing to destroy */
582 return;
583 }
584
cat_datum_init(cat_datum_t * x)585 void cat_datum_init(cat_datum_t * x)
586 {
587 memset(x, 0, sizeof(cat_datum_t));
588 }
589
cat_datum_destroy(cat_datum_t * x)590 void cat_datum_destroy(cat_datum_t * x __attribute__ ((unused)))
591 {
592 /* it's currently a simple struct - really nothing to destroy */
593 return;
594 }
595
class_perm_node_init(class_perm_node_t * x)596 void class_perm_node_init(class_perm_node_t * x)
597 {
598 memset(x, 0, sizeof(class_perm_node_t));
599 }
600
avrule_init(avrule_t * x)601 void avrule_init(avrule_t * x)
602 {
603 memset(x, 0, sizeof(avrule_t));
604 type_set_init(&x->stypes);
605 type_set_init(&x->ttypes);
606 }
607
avrule_destroy(avrule_t * x)608 void avrule_destroy(avrule_t * x)
609 {
610 class_perm_node_t *cur, *next;
611
612 if (x == NULL) {
613 return;
614 }
615 type_set_destroy(&x->stypes);
616 type_set_destroy(&x->ttypes);
617
618 free(x->source_filename);
619
620 next = x->perms;
621 while (next) {
622 cur = next;
623 next = cur->next;
624 free(cur);
625 }
626
627 free(x->xperms);
628 }
629
role_trans_rule_init(role_trans_rule_t * x)630 void role_trans_rule_init(role_trans_rule_t * x)
631 {
632 memset(x, 0, sizeof(*x));
633 role_set_init(&x->roles);
634 type_set_init(&x->types);
635 ebitmap_init(&x->classes);
636 }
637
role_trans_rule_destroy(role_trans_rule_t * x)638 static void role_trans_rule_destroy(role_trans_rule_t * x)
639 {
640 if (x != NULL) {
641 role_set_destroy(&x->roles);
642 type_set_destroy(&x->types);
643 ebitmap_destroy(&x->classes);
644 }
645 }
646
role_trans_rule_list_destroy(role_trans_rule_t * x)647 void role_trans_rule_list_destroy(role_trans_rule_t * x)
648 {
649 while (x != NULL) {
650 role_trans_rule_t *next = x->next;
651 role_trans_rule_destroy(x);
652 free(x);
653 x = next;
654 }
655 }
656
filename_trans_rule_init(filename_trans_rule_t * x)657 void filename_trans_rule_init(filename_trans_rule_t * x)
658 {
659 memset(x, 0, sizeof(*x));
660 type_set_init(&x->stypes);
661 type_set_init(&x->ttypes);
662 }
663
filename_trans_rule_destroy(filename_trans_rule_t * x)664 static void filename_trans_rule_destroy(filename_trans_rule_t * x)
665 {
666 if (!x)
667 return;
668 type_set_destroy(&x->stypes);
669 type_set_destroy(&x->ttypes);
670 free(x->name);
671 }
672
filename_trans_rule_list_destroy(filename_trans_rule_t * x)673 void filename_trans_rule_list_destroy(filename_trans_rule_t * x)
674 {
675 filename_trans_rule_t *next;
676 while (x) {
677 next = x->next;
678 filename_trans_rule_destroy(x);
679 free(x);
680 x = next;
681 }
682 }
683
role_allow_rule_init(role_allow_rule_t * x)684 void role_allow_rule_init(role_allow_rule_t * x)
685 {
686 memset(x, 0, sizeof(role_allow_rule_t));
687 role_set_init(&x->roles);
688 role_set_init(&x->new_roles);
689 }
690
role_allow_rule_destroy(role_allow_rule_t * x)691 void role_allow_rule_destroy(role_allow_rule_t * x)
692 {
693 role_set_destroy(&x->roles);
694 role_set_destroy(&x->new_roles);
695 }
696
role_allow_rule_list_destroy(role_allow_rule_t * x)697 void role_allow_rule_list_destroy(role_allow_rule_t * x)
698 {
699 while (x != NULL) {
700 role_allow_rule_t *next = x->next;
701 role_allow_rule_destroy(x);
702 free(x);
703 x = next;
704 }
705 }
706
range_trans_rule_init(range_trans_rule_t * x)707 void range_trans_rule_init(range_trans_rule_t * x)
708 {
709 type_set_init(&x->stypes);
710 type_set_init(&x->ttypes);
711 ebitmap_init(&x->tclasses);
712 mls_semantic_range_init(&x->trange);
713 x->next = NULL;
714 }
715
range_trans_rule_destroy(range_trans_rule_t * x)716 void range_trans_rule_destroy(range_trans_rule_t * x)
717 {
718 type_set_destroy(&x->stypes);
719 type_set_destroy(&x->ttypes);
720 ebitmap_destroy(&x->tclasses);
721 mls_semantic_range_destroy(&x->trange);
722 }
723
range_trans_rule_list_destroy(range_trans_rule_t * x)724 void range_trans_rule_list_destroy(range_trans_rule_t * x)
725 {
726 while (x != NULL) {
727 range_trans_rule_t *next = x->next;
728 range_trans_rule_destroy(x);
729 free(x);
730 x = next;
731 }
732 }
733
avrule_list_destroy(avrule_t * x)734 void avrule_list_destroy(avrule_t * x)
735 {
736 avrule_t *next, *cur;
737
738 if (!x)
739 return;
740
741 next = x;
742 while (next) {
743 cur = next;
744 next = next->next;
745 avrule_destroy(cur);
746 free(cur);
747 }
748 }
749
750 /*
751 * Initialize the role table by implicitly adding role 'object_r'. If
752 * the policy is a module, set object_r's scope to be SCOPE_REQ,
753 * otherwise set it to SCOPE_DECL.
754 */
roles_init(policydb_t * p)755 static int roles_init(policydb_t * p)
756 {
757 char *key = 0;
758 int rc;
759 role_datum_t *role;
760
761 role = calloc(1, sizeof(role_datum_t));
762 if (!role) {
763 rc = -ENOMEM;
764 goto out;
765 }
766 key = malloc(strlen(OBJECT_R) + 1);
767 if (!key) {
768 rc = -ENOMEM;
769 goto out_free_role;
770 }
771 strcpy(key, OBJECT_R);
772 rc = symtab_insert(p, SYM_ROLES, key, role,
773 (p->policy_type ==
774 POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1,
775 &role->s.value);
776 if (rc)
777 goto out_free_key;
778 if (role->s.value != OBJECT_R_VAL) {
779 rc = -EINVAL;
780 goto out_free_role;
781 }
782 out:
783 return rc;
784
785 out_free_key:
786 free(key);
787 out_free_role:
788 free(role);
789 goto out;
790 }
791
792 ignore_unsigned_overflow_
793 static inline unsigned long
partial_name_hash(unsigned long c,unsigned long prevhash)794 partial_name_hash(unsigned long c, unsigned long prevhash)
795 {
796 return (prevhash + (c << 4) + (c >> 4)) * 11;
797 }
798
filenametr_hash(hashtab_t h,const_hashtab_key_t k)799 static unsigned int filenametr_hash(hashtab_t h, const_hashtab_key_t k)
800 {
801 const filename_trans_key_t *ft = (const filename_trans_key_t *)k;
802 unsigned long hash;
803 unsigned int byte_num;
804 unsigned char focus;
805
806 hash = ft->ttype ^ ft->tclass;
807
808 byte_num = 0;
809 while ((focus = ft->name[byte_num++]))
810 hash = partial_name_hash(focus, hash);
811 return hash & (h->size - 1);
812 }
813
filenametr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)814 static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
815 const_hashtab_key_t k1, const_hashtab_key_t k2)
816 {
817 const filename_trans_key_t *ft1 = (const filename_trans_key_t *)k1;
818 const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
819 int v;
820
821 v = spaceship_cmp(ft1->ttype, ft2->ttype);
822 if (v)
823 return v;
824
825 v = spaceship_cmp(ft1->tclass, ft2->tclass);
826 if (v)
827 return v;
828
829 return strcmp(ft1->name, ft2->name);
830
831 }
832
rangetr_hash(hashtab_t h,const_hashtab_key_t k)833 static unsigned int rangetr_hash(hashtab_t h, const_hashtab_key_t k)
834 {
835 const struct range_trans *key = (const struct range_trans *)k;
836 return (key->source_type + (key->target_type << 3) +
837 (key->target_class << 5)) & (h->size - 1);
838 }
839
rangetr_cmp(hashtab_t h,const_hashtab_key_t k1,const_hashtab_key_t k2)840 static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
841 const_hashtab_key_t k1, const_hashtab_key_t k2)
842 {
843 const struct range_trans *key1 = (const struct range_trans *)k1;
844 const struct range_trans *key2 = (const struct range_trans *)k2;
845 int v;
846
847 v = spaceship_cmp(key1->source_type, key2->source_type);
848 if (v)
849 return v;
850
851 v = spaceship_cmp(key1->target_type, key2->target_type);
852 if (v)
853 return v;
854
855 v = spaceship_cmp(key1->target_class, key2->target_class);
856
857 return v;
858 }
859
860 /*
861 * Initialize a policy database structure.
862 */
policydb_init(policydb_t * p)863 int policydb_init(policydb_t * p)
864 {
865 int i, rc;
866
867 memset(p, 0, sizeof(policydb_t));
868
869 for (i = 0; i < SYM_NUM; i++) {
870 p->sym_val_to_name[i] = NULL;
871 rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
872 if (rc)
873 goto err;
874 }
875
876 /* initialize the module stuff */
877 for (i = 0; i < SYM_NUM; i++) {
878 if (symtab_init(&p->scope[i], symtab_sizes[i])) {
879 goto err;
880 }
881 }
882 if ((p->global = avrule_block_create()) == NULL ||
883 (p->global->branch_list = avrule_decl_create(1)) == NULL) {
884 goto err;
885 }
886 p->decl_val_to_struct = NULL;
887
888 rc = avtab_init(&p->te_avtab);
889 if (rc)
890 goto err;
891
892 rc = roles_init(p);
893 if (rc)
894 goto err;
895
896 rc = cond_policydb_init(p);
897 if (rc)
898 goto err;
899
900 p->filename_trans = hashtab_create(filenametr_hash, filenametr_cmp, (1 << 10));
901 if (!p->filename_trans) {
902 rc = -ENOMEM;
903 goto err;
904 }
905
906 p->range_tr = hashtab_create(rangetr_hash, rangetr_cmp, 256);
907 if (!p->range_tr) {
908 rc = -ENOMEM;
909 goto err;
910 }
911
912 ebitmap_init(&p->policycaps);
913 ebitmap_init(&p->permissive_map);
914
915 return 0;
916 err:
917 hashtab_destroy(p->filename_trans);
918 hashtab_destroy(p->range_tr);
919 for (i = 0; i < SYM_NUM; i++) {
920 hashtab_destroy(p->symtab[i].table);
921 hashtab_destroy(p->scope[i].table);
922 }
923 avrule_block_list_destroy(p->global);
924 return rc;
925 }
926
policydb_role_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)927 int policydb_role_cache(hashtab_key_t key
928 __attribute__ ((unused)), hashtab_datum_t datum,
929 void *arg)
930 {
931 policydb_t *p;
932 role_datum_t *role;
933
934 role = (role_datum_t *) datum;
935 p = (policydb_t *) arg;
936
937 ebitmap_destroy(&role->cache);
938 if (type_set_expand(&role->types, &role->cache, p, 1)) {
939 return -1;
940 }
941
942 return 0;
943 }
944
policydb_user_cache(hashtab_key_t key,hashtab_datum_t datum,void * arg)945 int policydb_user_cache(hashtab_key_t key
946 __attribute__ ((unused)), hashtab_datum_t datum,
947 void *arg)
948 {
949 policydb_t *p;
950 user_datum_t *user;
951
952 user = (user_datum_t *) datum;
953 p = (policydb_t *) arg;
954
955 ebitmap_destroy(&user->cache);
956 if (role_set_expand(&user->roles, &user->cache, p, NULL, NULL)) {
957 return -1;
958 }
959
960 /* we do not expand user's MLS info in kernel policies because the
961 * semantic representation is not present and we do not expand user's
962 * MLS info in module policies because all of the necessary mls
963 * information is not present */
964 if (p->policy_type != POLICY_KERN && p->policy_type != POLICY_MOD) {
965 mls_range_destroy(&user->exp_range);
966 if (mls_semantic_range_expand(&user->range,
967 &user->exp_range, p, NULL)) {
968 return -1;
969 }
970
971 mls_level_destroy(&user->exp_dfltlevel);
972 if (mls_semantic_level_expand(&user->dfltlevel,
973 &user->exp_dfltlevel, p, NULL)) {
974 return -1;
975 }
976 }
977
978 return 0;
979 }
980
981 /*
982 * The following *_index functions are used to
983 * define the val_to_name and val_to_struct arrays
984 * in a policy database structure. The val_to_name
985 * arrays are used when converting security context
986 * structures into string representations. The
987 * val_to_struct arrays are used when the attributes
988 * of a class, role, or user are needed.
989 */
990
common_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)991 static int common_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
992 {
993 policydb_t *p;
994 common_datum_t *comdatum;
995
996 comdatum = (common_datum_t *) datum;
997 p = (policydb_t *) datap;
998 if (!value_isvalid(comdatum->s.value, p->p_commons.nprim))
999 return -EINVAL;
1000 if (p->p_common_val_to_name[comdatum->s.value - 1] != NULL)
1001 return -EINVAL;
1002 p->p_common_val_to_name[comdatum->s.value - 1] = (char *)key;
1003
1004 return 0;
1005 }
1006
class_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1007 static int class_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1008 {
1009 policydb_t *p;
1010 class_datum_t *cladatum;
1011
1012 cladatum = (class_datum_t *) datum;
1013 p = (policydb_t *) datap;
1014 if (!value_isvalid(cladatum->s.value, p->p_classes.nprim))
1015 return -EINVAL;
1016 if (p->p_class_val_to_name[cladatum->s.value - 1] != NULL)
1017 return -EINVAL;
1018 p->p_class_val_to_name[cladatum->s.value - 1] = (char *)key;
1019 p->class_val_to_struct[cladatum->s.value - 1] = cladatum;
1020
1021 return 0;
1022 }
1023
role_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1024 static int role_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1025 {
1026 policydb_t *p;
1027 role_datum_t *role;
1028
1029 role = (role_datum_t *) datum;
1030 p = (policydb_t *) datap;
1031 if (!value_isvalid(role->s.value, p->p_roles.nprim))
1032 return -EINVAL;
1033 if (p->p_role_val_to_name[role->s.value - 1] != NULL)
1034 return -EINVAL;
1035 p->p_role_val_to_name[role->s.value - 1] = (char *)key;
1036 p->role_val_to_struct[role->s.value - 1] = role;
1037
1038 return 0;
1039 }
1040
type_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1041 static int type_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1042 {
1043 policydb_t *p;
1044 type_datum_t *typdatum;
1045
1046 typdatum = (type_datum_t *) datum;
1047 p = (policydb_t *) datap;
1048
1049 if (typdatum->primary) {
1050 if (!value_isvalid(typdatum->s.value, p->p_types.nprim))
1051 return -EINVAL;
1052 if (p->p_type_val_to_name[typdatum->s.value - 1] != NULL)
1053 return -EINVAL;
1054 p->p_type_val_to_name[typdatum->s.value - 1] = (char *)key;
1055 p->type_val_to_struct[typdatum->s.value - 1] = typdatum;
1056 }
1057
1058 return 0;
1059 }
1060
user_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1061 static int user_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1062 {
1063 policydb_t *p;
1064 user_datum_t *usrdatum;
1065
1066 usrdatum = (user_datum_t *) datum;
1067 p = (policydb_t *) datap;
1068
1069 if (!value_isvalid(usrdatum->s.value, p->p_users.nprim))
1070 return -EINVAL;
1071 if (p->p_user_val_to_name[usrdatum->s.value - 1] != NULL)
1072 return -EINVAL;
1073 p->p_user_val_to_name[usrdatum->s.value - 1] = (char *)key;
1074 p->user_val_to_struct[usrdatum->s.value - 1] = usrdatum;
1075
1076 return 0;
1077 }
1078
sens_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1079 static int sens_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1080 {
1081 policydb_t *p;
1082 level_datum_t *levdatum;
1083
1084 levdatum = (level_datum_t *) datum;
1085 p = (policydb_t *) datap;
1086
1087 if (!levdatum->isalias) {
1088 if (!value_isvalid(levdatum->level->sens, p->p_levels.nprim))
1089 return -EINVAL;
1090 if (p->p_sens_val_to_name[levdatum->level->sens - 1] != NULL)
1091 return -EINVAL;
1092 p->p_sens_val_to_name[levdatum->level->sens - 1] = (char *)key;
1093 }
1094
1095 return 0;
1096 }
1097
cat_index(hashtab_key_t key,hashtab_datum_t datum,void * datap)1098 static int cat_index(hashtab_key_t key, hashtab_datum_t datum, void *datap)
1099 {
1100 policydb_t *p;
1101 cat_datum_t *catdatum;
1102
1103 catdatum = (cat_datum_t *) datum;
1104 p = (policydb_t *) datap;
1105
1106 if (!catdatum->isalias) {
1107 if (!value_isvalid(catdatum->s.value, p->p_cats.nprim))
1108 return -EINVAL;
1109 if (p->p_cat_val_to_name[catdatum->s.value - 1] != NULL)
1110 return -EINVAL;
1111 p->p_cat_val_to_name[catdatum->s.value - 1] = (char *)key;
1112 }
1113
1114 return 0;
1115 }
1116
1117 static int (*index_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1118 void *datap) = {
1119 common_index, class_index, role_index, type_index, user_index,
1120 cond_index_bool, sens_index, cat_index,};
1121
1122 /*
1123 * Define the common val_to_name array and the class
1124 * val_to_name and val_to_struct arrays in a policy
1125 * database structure.
1126 */
policydb_index_classes(policydb_t * p)1127 int policydb_index_classes(policydb_t * p)
1128 {
1129 free(p->p_common_val_to_name);
1130 p->p_common_val_to_name = (char **)
1131 calloc(p->p_commons.nprim, sizeof(char *));
1132 if (!p->p_common_val_to_name)
1133 return -1;
1134
1135 if (hashtab_map(p->p_commons.table, common_index, p))
1136 return -1;
1137
1138 free(p->class_val_to_struct);
1139 p->class_val_to_struct = (class_datum_t **)
1140 calloc(p->p_classes.nprim, sizeof(class_datum_t *));
1141 if (!p->class_val_to_struct)
1142 return -1;
1143
1144 free(p->p_class_val_to_name);
1145 p->p_class_val_to_name = (char **)
1146 calloc(p->p_classes.nprim, sizeof(char *));
1147 if (!p->p_class_val_to_name)
1148 return -1;
1149
1150 if (hashtab_map(p->p_classes.table, class_index, p))
1151 return -1;
1152
1153 return 0;
1154 }
1155
policydb_index_bools(policydb_t * p)1156 int policydb_index_bools(policydb_t * p)
1157 {
1158
1159 if (cond_init_bool_indexes(p) == -1)
1160 return -1;
1161 p->p_bool_val_to_name = (char **)
1162 calloc(p->p_bools.nprim, sizeof(char *));
1163 if (!p->p_bool_val_to_name)
1164 return -1;
1165 if (hashtab_map(p->p_bools.table, cond_index_bool, p))
1166 return -1;
1167 return 0;
1168 }
1169
policydb_index_decls(sepol_handle_t * handle,policydb_t * p)1170 static int policydb_index_decls(sepol_handle_t * handle, policydb_t * p)
1171 {
1172 avrule_block_t *curblock;
1173 avrule_decl_t *decl;
1174 unsigned int num_decls = 0;
1175
1176 free(p->decl_val_to_struct);
1177
1178 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1179 for (decl = curblock->branch_list; decl != NULL;
1180 decl = decl->next) {
1181 num_decls++;
1182 }
1183 }
1184
1185 p->decl_val_to_struct =
1186 calloc(num_decls, sizeof(*(p->decl_val_to_struct)));
1187 if (!p->decl_val_to_struct) {
1188 return -1;
1189 }
1190
1191 for (curblock = p->global; curblock != NULL; curblock = curblock->next) {
1192 for (decl = curblock->branch_list; decl != NULL;
1193 decl = decl->next) {
1194 if (!value_isvalid(decl->decl_id, num_decls)) {
1195 ERR(handle, "invalid decl ID %u", decl->decl_id);
1196 return -1;
1197 }
1198 if (p->decl_val_to_struct[decl->decl_id - 1] != NULL) {
1199 ERR(handle, "duplicated decl ID %u", decl->decl_id);
1200 return -1;
1201 }
1202 p->decl_val_to_struct[decl->decl_id - 1] = decl;
1203 }
1204 }
1205
1206 return 0;
1207 }
1208
1209 /*
1210 * Define the other val_to_name and val_to_struct arrays
1211 * in a policy database structure.
1212 */
policydb_index_others(sepol_handle_t * handle,policydb_t * p,unsigned verbose)1213 int policydb_index_others(sepol_handle_t * handle,
1214 policydb_t * p, unsigned verbose)
1215 {
1216 int i;
1217
1218 if (verbose) {
1219 INFO(handle,
1220 "security: %d users, %d roles, %d types, %d bools",
1221 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
1222 p->p_bools.nprim);
1223
1224 if (p->mls)
1225 INFO(handle, "security: %d sens, %d cats",
1226 p->p_levels.nprim, p->p_cats.nprim);
1227
1228 INFO(handle, "security: %d classes, %d rules, %d cond rules",
1229 p->p_classes.nprim, p->te_avtab.nel, p->te_cond_avtab.nel);
1230 }
1231 #if 0
1232 avtab_hash_eval(&p->te_avtab, "rules");
1233 for (i = 0; i < SYM_NUM; i++)
1234 hashtab_hash_eval(p->symtab[i].table, symtab_name[i]);
1235 #endif
1236
1237 free(p->role_val_to_struct);
1238 p->role_val_to_struct = (role_datum_t **)
1239 calloc(p->p_roles.nprim, sizeof(role_datum_t *));
1240 if (!p->role_val_to_struct)
1241 return -1;
1242
1243 free(p->user_val_to_struct);
1244 p->user_val_to_struct = (user_datum_t **)
1245 calloc(p->p_users.nprim, sizeof(user_datum_t *));
1246 if (!p->user_val_to_struct)
1247 return -1;
1248
1249 free(p->type_val_to_struct);
1250 p->type_val_to_struct = (type_datum_t **)
1251 calloc(p->p_types.nprim, sizeof(type_datum_t *));
1252 if (!p->type_val_to_struct)
1253 return -1;
1254
1255 cond_init_bool_indexes(p);
1256
1257 for (i = SYM_ROLES; i < SYM_NUM; i++) {
1258 free(p->sym_val_to_name[i]);
1259 p->sym_val_to_name[i] = NULL;
1260 if (p->symtab[i].nprim) {
1261 p->sym_val_to_name[i] = (char **)
1262 calloc(p->symtab[i].nprim, sizeof(char *));
1263 if (!p->sym_val_to_name[i])
1264 return -1;
1265 if (hashtab_map(p->symtab[i].table, index_f[i], p))
1266 return -1;
1267 }
1268 }
1269
1270 /* This pre-expands the roles and users for context validity checking */
1271 if (hashtab_map(p->p_roles.table, policydb_role_cache, p))
1272 return -1;
1273
1274 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
1275 return -1;
1276
1277 return 0;
1278 }
1279
1280 /*
1281 * The following *_destroy functions are used to
1282 * free any memory allocated for each kind of
1283 * symbol data in the policy database.
1284 */
1285
perm_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1286 static int perm_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1287 __attribute__ ((unused)))
1288 {
1289 if (key)
1290 free(key);
1291 free(datum);
1292 return 0;
1293 }
1294
common_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1295 static int common_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1296 __attribute__ ((unused)))
1297 {
1298 common_datum_t *comdatum;
1299
1300 if (key)
1301 free(key);
1302 comdatum = (common_datum_t *) datum;
1303 (void)hashtab_map(comdatum->permissions.table, perm_destroy, 0);
1304 hashtab_destroy(comdatum->permissions.table);
1305 free(datum);
1306 return 0;
1307 }
1308
class_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1309 static int class_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1310 __attribute__ ((unused)))
1311 {
1312 class_datum_t *cladatum;
1313 constraint_node_t *constraint, *ctemp;
1314
1315 if (key)
1316 free(key);
1317 cladatum = (class_datum_t *) datum;
1318 if (cladatum == NULL) {
1319 return 0;
1320 }
1321 (void)hashtab_map(cladatum->permissions.table, perm_destroy, 0);
1322 hashtab_destroy(cladatum->permissions.table);
1323 constraint = cladatum->constraints;
1324 while (constraint) {
1325 constraint_expr_destroy(constraint->expr);
1326 ctemp = constraint;
1327 constraint = constraint->next;
1328 free(ctemp);
1329 }
1330
1331 constraint = cladatum->validatetrans;
1332 while (constraint) {
1333 constraint_expr_destroy(constraint->expr);
1334 ctemp = constraint;
1335 constraint = constraint->next;
1336 free(ctemp);
1337 }
1338
1339 if (cladatum->comkey)
1340 free(cladatum->comkey);
1341 free(datum);
1342 return 0;
1343 }
1344
role_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1345 static int role_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1346 __attribute__ ((unused)))
1347 {
1348 free(key);
1349 role_datum_destroy((role_datum_t *) datum);
1350 free(datum);
1351 return 0;
1352 }
1353
type_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1354 static int type_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1355 __attribute__ ((unused)))
1356 {
1357 free(key);
1358 type_datum_destroy((type_datum_t *) datum);
1359 free(datum);
1360 return 0;
1361 }
1362
user_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1363 static int user_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1364 __attribute__ ((unused)))
1365 {
1366 free(key);
1367 user_datum_destroy((user_datum_t *) datum);
1368 free(datum);
1369 return 0;
1370 }
1371
sens_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1372 static int sens_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1373 __attribute__ ((unused)))
1374 {
1375 level_datum_t *levdatum;
1376
1377 if (key)
1378 free(key);
1379 levdatum = (level_datum_t *) datum;
1380 mls_level_destroy(levdatum->level);
1381 free(levdatum->level);
1382 level_datum_destroy(levdatum);
1383 free(levdatum);
1384 return 0;
1385 }
1386
cat_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1387 static int cat_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1388 __attribute__ ((unused)))
1389 {
1390 if (key)
1391 free(key);
1392 cat_datum_destroy((cat_datum_t *) datum);
1393 free(datum);
1394 return 0;
1395 }
1396
1397 static int (*destroy_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
1398 void *datap) = {
1399 common_destroy, class_destroy, role_destroy, type_destroy, user_destroy,
1400 cond_destroy_bool, sens_destroy, cat_destroy,};
1401
filenametr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1402 static int filenametr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1403 void *p __attribute__ ((unused)))
1404 {
1405 filename_trans_key_t *ft = (filename_trans_key_t *)key;
1406 filename_trans_datum_t *fd = datum, *next;
1407
1408 free(ft->name);
1409 free(key);
1410 do {
1411 next = fd->next;
1412 ebitmap_destroy(&fd->stypes);
1413 free(fd);
1414 fd = next;
1415 } while (fd);
1416 return 0;
1417 }
1418
range_tr_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1419 static int range_tr_destroy(hashtab_key_t key, hashtab_datum_t datum,
1420 void *p __attribute__ ((unused)))
1421 {
1422 struct mls_range *rt = (struct mls_range *)datum;
1423 free(key);
1424 ebitmap_destroy(&rt->level[0].cat);
1425 ebitmap_destroy(&rt->level[1].cat);
1426 free(datum);
1427 return 0;
1428 }
1429
ocontext_selinux_free(ocontext_t ** ocontexts)1430 static void ocontext_selinux_free(ocontext_t **ocontexts)
1431 {
1432 ocontext_t *c, *ctmp;
1433 int i;
1434
1435 for (i = 0; i < OCON_NUM; i++) {
1436 c = ocontexts[i];
1437 while (c) {
1438 ctmp = c;
1439 c = c->next;
1440 context_destroy(&ctmp->context[0]);
1441 context_destroy(&ctmp->context[1]);
1442 if (i == OCON_ISID || i == OCON_FS || i == OCON_NETIF
1443 || i == OCON_FSUSE)
1444 free(ctmp->u.name);
1445 else if (i == OCON_IBENDPORT)
1446 free(ctmp->u.ibendport.dev_name);
1447 free(ctmp);
1448 }
1449 }
1450 }
1451
ocontext_xen_free(ocontext_t ** ocontexts)1452 static void ocontext_xen_free(ocontext_t **ocontexts)
1453 {
1454 ocontext_t *c, *ctmp;
1455 int i;
1456
1457 for (i = 0; i < OCON_NUM; i++) {
1458 c = ocontexts[i];
1459 while (c) {
1460 ctmp = c;
1461 c = c->next;
1462 context_destroy(&ctmp->context[0]);
1463 context_destroy(&ctmp->context[1]);
1464 if (i == OCON_ISID || i == OCON_XEN_DEVICETREE)
1465 free(ctmp->u.name);
1466 free(ctmp);
1467 }
1468 }
1469 }
1470
1471 /*
1472 * Free any memory allocated by a policy database structure.
1473 */
policydb_destroy(policydb_t * p)1474 void policydb_destroy(policydb_t * p)
1475 {
1476 ocontext_t *c, *ctmp;
1477 genfs_t *g, *gtmp;
1478 unsigned int i;
1479 role_allow_t *ra, *lra = NULL;
1480 role_trans_t *tr, *ltr = NULL;
1481
1482 if (!p)
1483 return;
1484
1485 ebitmap_destroy(&p->policycaps);
1486
1487 ebitmap_destroy(&p->permissive_map);
1488
1489 symtabs_destroy(p->symtab);
1490
1491 for (i = 0; i < SYM_NUM; i++) {
1492 if (p->sym_val_to_name[i])
1493 free(p->sym_val_to_name[i]);
1494 }
1495
1496 if (p->class_val_to_struct)
1497 free(p->class_val_to_struct);
1498 if (p->role_val_to_struct)
1499 free(p->role_val_to_struct);
1500 if (p->user_val_to_struct)
1501 free(p->user_val_to_struct);
1502 if (p->type_val_to_struct)
1503 free(p->type_val_to_struct);
1504 free(p->decl_val_to_struct);
1505
1506 for (i = 0; i < SYM_NUM; i++) {
1507 (void)hashtab_map(p->scope[i].table, scope_destroy, 0);
1508 hashtab_destroy(p->scope[i].table);
1509 }
1510 avrule_block_list_destroy(p->global);
1511 free(p->name);
1512 free(p->version);
1513
1514 avtab_destroy(&p->te_avtab);
1515
1516 if (p->target_platform == SEPOL_TARGET_SELINUX)
1517 ocontext_selinux_free(p->ocontexts);
1518 else if (p->target_platform == SEPOL_TARGET_XEN)
1519 ocontext_xen_free(p->ocontexts);
1520
1521 g = p->genfs;
1522 while (g) {
1523 free(g->fstype);
1524 c = g->head;
1525 while (c) {
1526 ctmp = c;
1527 c = c->next;
1528 context_destroy(&ctmp->context[0]);
1529 free(ctmp->u.name);
1530 free(ctmp);
1531 }
1532 gtmp = g;
1533 g = g->next;
1534 free(gtmp);
1535 }
1536 cond_policydb_destroy(p);
1537
1538 for (tr = p->role_tr; tr; tr = tr->next) {
1539 if (ltr)
1540 free(ltr);
1541 ltr = tr;
1542 }
1543 if (ltr)
1544 free(ltr);
1545
1546 for (ra = p->role_allow; ra; ra = ra->next) {
1547 if (lra)
1548 free(lra);
1549 lra = ra;
1550 }
1551 if (lra)
1552 free(lra);
1553
1554 hashtab_map(p->filename_trans, filenametr_destroy, NULL);
1555 hashtab_destroy(p->filename_trans);
1556
1557 hashtab_map(p->range_tr, range_tr_destroy, NULL);
1558 hashtab_destroy(p->range_tr);
1559
1560 if (p->type_attr_map) {
1561 for (i = 0; i < p->p_types.nprim; i++) {
1562 ebitmap_destroy(&p->type_attr_map[i]);
1563 }
1564 free(p->type_attr_map);
1565 }
1566
1567 if (p->attr_type_map) {
1568 for (i = 0; i < p->p_types.nprim; i++) {
1569 ebitmap_destroy(&p->attr_type_map[i]);
1570 }
1571 free(p->attr_type_map);
1572 }
1573
1574 return;
1575 }
1576
symtabs_destroy(symtab_t * symtab)1577 void symtabs_destroy(symtab_t * symtab)
1578 {
1579 int i;
1580 for (i = 0; i < SYM_NUM; i++) {
1581 (void)hashtab_map(symtab[i].table, destroy_f[i], 0);
1582 hashtab_destroy(symtab[i].table);
1583 }
1584 }
1585
scope_destroy(hashtab_key_t key,hashtab_datum_t datum,void * p)1586 int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
1587 __attribute__ ((unused)))
1588 {
1589 scope_datum_t *cur = (scope_datum_t *) datum;
1590 free(key);
1591 if (cur != NULL) {
1592 free(cur->decl_ids);
1593 }
1594 free(cur);
1595 return 0;
1596 }
1597
1598 /*
1599 * Load the initial SIDs specified in a policy database
1600 * structure into a SID table.
1601 */
policydb_load_isids(policydb_t * p,sidtab_t * s)1602 int policydb_load_isids(policydb_t * p, sidtab_t * s)
1603 {
1604 ocontext_t *head, *c;
1605
1606 if (sepol_sidtab_init(s)) {
1607 ERR(NULL, "out of memory on SID table init");
1608 return -1;
1609 }
1610
1611 head = p->ocontexts[OCON_ISID];
1612 for (c = head; c; c = c->next) {
1613 if (sepol_sidtab_insert(s, c->sid[0], &c->context[0])) {
1614 ERR(NULL, "unable to load initial SID %s", c->u.name);
1615 return -1;
1616 }
1617 }
1618
1619 return 0;
1620 }
1621
1622 /* Declare a symbol for a certain avrule_block context. Insert it
1623 * into a symbol table for a policy. This function will handle
1624 * inserting the appropriate scope information in addition to
1625 * inserting the symbol into the hash table.
1626 *
1627 * arguments:
1628 * policydb_t *pol module policy to modify
1629 * uint32_t sym the symbole table for insertion (SYM_*)
1630 * hashtab_key_t key the key for the symbol - not cloned
1631 * hashtab_datum_t data the data for the symbol - not cloned
1632 * scope scope of this symbol, either SCOPE_REQ or SCOPE_DECL
1633 * avrule_decl_id identifier for this symbol's encapsulating declaration
1634 * value (out) assigned value to the symbol (if value is not NULL)
1635 *
1636 * returns:
1637 * 0 success
1638 * 1 success, but symbol already existed as a requirement
1639 * (datum was not inserted and needs to be free()d)
1640 * -1 general error
1641 * -2 scope conflicted
1642 * -ENOMEM memory error
1643 * error codes from hashtab_insert
1644 */
symtab_insert(policydb_t * pol,uint32_t sym,hashtab_key_t key,hashtab_datum_t datum,uint32_t scope,uint32_t avrule_decl_id,uint32_t * value)1645 int symtab_insert(policydb_t * pol, uint32_t sym,
1646 hashtab_key_t key, hashtab_datum_t datum,
1647 uint32_t scope, uint32_t avrule_decl_id, uint32_t * value)
1648 {
1649 int rc, retval = 0;
1650 unsigned int i;
1651 scope_datum_t *scope_datum;
1652
1653 /* check if the symbol is already there. multiple
1654 * declarations of non-roles/non-users are illegal, but
1655 * multiple requires are allowed. */
1656
1657 /* FIX ME - the failures after the hashtab_insert will leave
1658 * the policy in a inconsistent state. */
1659 rc = hashtab_insert(pol->symtab[sym].table, key, datum);
1660 if (rc == SEPOL_OK) {
1661 /* if no value is passed in the symbol is not primary
1662 * (i.e. aliases) */
1663 if (value)
1664 *value = ++pol->symtab[sym].nprim;
1665 } else if (rc == SEPOL_EEXIST) {
1666 retval = 1; /* symbol not added -- need to free() later */
1667 } else {
1668 return rc;
1669 }
1670
1671 /* get existing scope information; if there is not one then
1672 * create it */
1673 scope_datum =
1674 (scope_datum_t *) hashtab_search(pol->scope[sym].table, key);
1675 if (scope_datum == NULL) {
1676 hashtab_key_t key2 = strdup((char *)key);
1677 if (!key2)
1678 return -ENOMEM;
1679 if ((scope_datum = malloc(sizeof(*scope_datum))) == NULL) {
1680 free(key2);
1681 return -ENOMEM;
1682 }
1683 scope_datum->scope = scope;
1684 scope_datum->decl_ids = NULL;
1685 scope_datum->decl_ids_len = 0;
1686 if ((rc =
1687 hashtab_insert(pol->scope[sym].table, key2,
1688 scope_datum)) != 0) {
1689 free(key2);
1690 free(scope_datum);
1691 return rc;
1692 }
1693 } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
1694 /* disallow multiple declarations for non-roles/users */
1695 if (sym != SYM_ROLES && sym != SYM_USERS) {
1696 return -2;
1697 }
1698 /* Further confine that a role attribute can't have the same
1699 * name as another regular role, and a role attribute can't
1700 * be declared more than once. */
1701 if (sym == SYM_ROLES) {
1702 role_datum_t *base_role;
1703 role_datum_t *cur_role = (role_datum_t *)datum;
1704
1705 base_role = (role_datum_t *)
1706 hashtab_search(pol->symtab[sym].table,
1707 key);
1708 assert(base_role != NULL);
1709
1710 if (!((base_role->flavor == ROLE_ROLE) &&
1711 (cur_role->flavor == ROLE_ROLE))) {
1712 /* Only regular roles are allowed to have
1713 * multiple declarations. */
1714 return -2;
1715 }
1716 }
1717 } else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
1718 scope_datum->scope = SCOPE_DECL;
1719 }
1720
1721 /* search through the pre-existing list to avoid adding duplicates */
1722 for (i = 0; i < scope_datum->decl_ids_len; i++) {
1723 if (scope_datum->decl_ids[i] == avrule_decl_id) {
1724 /* already there, so don't modify its scope */
1725 return retval;
1726 }
1727 }
1728
1729 if (add_i_to_a(avrule_decl_id,
1730 &scope_datum->decl_ids_len,
1731 &scope_datum->decl_ids) == -1) {
1732 return -ENOMEM;
1733 }
1734
1735 if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_REQ) {
1736 /* Need to keep the decl at the end of the list */
1737 uint32_t len, tmp;
1738 len = scope_datum->decl_ids_len;
1739 if (len < 2) {
1740 /* This should be impossible here */
1741 return -1;
1742 }
1743 tmp = scope_datum->decl_ids[len-2];
1744 scope_datum->decl_ids[len-2] = scope_datum->decl_ids[len-1];
1745 scope_datum->decl_ids[len-1] = tmp;
1746 }
1747
1748 return retval;
1749 }
1750
type_set_or(type_set_t * dst,const type_set_t * a,const type_set_t * b)1751 static int type_set_or(type_set_t * dst, const type_set_t * a, const type_set_t * b)
1752 {
1753 type_set_init(dst);
1754
1755 if (ebitmap_or(&dst->types, &a->types, &b->types)) {
1756 return -1;
1757 }
1758 if (ebitmap_or(&dst->negset, &a->negset, &b->negset)) {
1759 return -1;
1760 }
1761
1762 dst->flags |= a->flags;
1763 dst->flags |= b->flags;
1764
1765 return 0;
1766 }
1767
type_set_cpy(type_set_t * dst,const type_set_t * src)1768 int type_set_cpy(type_set_t * dst, const type_set_t * src)
1769 {
1770 type_set_init(dst);
1771
1772 dst->flags = src->flags;
1773 if (ebitmap_cpy(&dst->types, &src->types))
1774 return -1;
1775 if (ebitmap_cpy(&dst->negset, &src->negset))
1776 return -1;
1777
1778 return 0;
1779 }
1780
type_set_or_eq(type_set_t * dst,const type_set_t * other)1781 int type_set_or_eq(type_set_t * dst, const type_set_t * other)
1782 {
1783 int ret;
1784 type_set_t tmp;
1785
1786 if (type_set_or(&tmp, dst, other))
1787 return -1;
1788 type_set_destroy(dst);
1789 ret = type_set_cpy(dst, &tmp);
1790 type_set_destroy(&tmp);
1791
1792 return ret;
1793 }
1794
1795 /***********************************************************************/
1796 /* everything below is for policy reads */
1797
1798 /* The following are read functions for module structures */
1799
role_set_read(role_set_t * r,struct policy_file * fp)1800 static int role_set_read(role_set_t * r, struct policy_file *fp)
1801 {
1802 uint32_t buf[1];
1803 int rc;
1804
1805 if (ebitmap_read(&r->roles, fp))
1806 return -1;
1807 rc = next_entry(buf, fp, sizeof(uint32_t));
1808 if (rc < 0)
1809 return -1;
1810 r->flags = le32_to_cpu(buf[0]);
1811
1812 return 0;
1813 }
1814
type_set_read(type_set_t * t,struct policy_file * fp)1815 static int type_set_read(type_set_t * t, struct policy_file *fp)
1816 {
1817 uint32_t buf[1];
1818 int rc;
1819
1820 if (ebitmap_read(&t->types, fp))
1821 return -1;
1822 if (ebitmap_read(&t->negset, fp))
1823 return -1;
1824
1825 rc = next_entry(buf, fp, sizeof(uint32_t));
1826 if (rc < 0)
1827 return -1;
1828 t->flags = le32_to_cpu(buf[0]);
1829
1830 return 0;
1831 }
1832
1833 /*
1834 * Read a MLS range structure from a policydb binary
1835 * representation file.
1836 */
mls_read_range_helper(mls_range_t * r,struct policy_file * fp)1837 static int mls_read_range_helper(mls_range_t * r, struct policy_file *fp)
1838 {
1839 uint32_t buf[2], items;
1840 int rc;
1841
1842 rc = next_entry(buf, fp, sizeof(uint32_t));
1843 if (rc < 0)
1844 goto out;
1845
1846 items = le32_to_cpu(buf[0]);
1847 if (items > ARRAY_SIZE(buf)) {
1848 ERR(fp->handle, "range overflow");
1849 rc = -EINVAL;
1850 goto out;
1851 }
1852 rc = next_entry(buf, fp, sizeof(uint32_t) * items);
1853 if (rc < 0) {
1854 ERR(fp->handle, "truncated range");
1855 goto out;
1856 }
1857 r->level[0].sens = le32_to_cpu(buf[0]);
1858 if (items > 1)
1859 r->level[1].sens = le32_to_cpu(buf[1]);
1860 else
1861 r->level[1].sens = r->level[0].sens;
1862
1863 rc = ebitmap_read(&r->level[0].cat, fp);
1864 if (rc) {
1865 ERR(fp->handle, "error reading low categories");
1866 goto out;
1867 }
1868 if (items > 1) {
1869 rc = ebitmap_read(&r->level[1].cat, fp);
1870 if (rc) {
1871 ERR(fp->handle, "error reading high categories");
1872 goto bad_high;
1873 }
1874 } else {
1875 rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
1876 if (rc) {
1877 ERR(fp->handle, "out of memory");
1878 goto bad_high;
1879 }
1880 }
1881
1882 rc = 0;
1883 out:
1884 return rc;
1885 bad_high:
1886 ebitmap_destroy(&r->level[0].cat);
1887 goto out;
1888 }
1889
1890 /*
1891 * Read a semantic MLS level structure from a policydb binary
1892 * representation file.
1893 */
mls_read_semantic_level_helper(mls_semantic_level_t * l,struct policy_file * fp)1894 static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
1895 struct policy_file *fp)
1896 {
1897 uint32_t buf[2], ncat;
1898 unsigned int i;
1899 mls_semantic_cat_t *cat;
1900 int rc;
1901
1902 mls_semantic_level_init(l);
1903
1904 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1905 if (rc < 0) {
1906 ERR(fp->handle, "truncated level");
1907 goto bad;
1908 }
1909 l->sens = le32_to_cpu(buf[0]);
1910
1911 ncat = le32_to_cpu(buf[1]);
1912 for (i = 0; i < ncat; i++) {
1913 cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
1914 if (!cat) {
1915 ERR(fp->handle, "out of memory");
1916 goto bad;
1917 }
1918
1919 mls_semantic_cat_init(cat);
1920 cat->next = l->cat;
1921 l->cat = cat;
1922
1923 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
1924 if (rc < 0) {
1925 ERR(fp->handle, "error reading level categories");
1926 goto bad;
1927 }
1928 cat->low = le32_to_cpu(buf[0]);
1929 cat->high = le32_to_cpu(buf[1]);
1930 }
1931
1932 return 0;
1933
1934 bad:
1935 return -EINVAL;
1936 }
1937
1938 /*
1939 * Read a semantic MLS range structure from a policydb binary
1940 * representation file.
1941 */
mls_read_semantic_range_helper(mls_semantic_range_t * r,struct policy_file * fp)1942 static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
1943 struct policy_file *fp)
1944 {
1945 int rc;
1946
1947 rc = mls_read_semantic_level_helper(&r->level[0], fp);
1948 if (rc)
1949 return rc;
1950
1951 rc = mls_read_semantic_level_helper(&r->level[1], fp);
1952
1953 return rc;
1954 }
1955
mls_level_to_semantic(mls_level_t * l,mls_semantic_level_t * sl)1956 static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
1957 {
1958 unsigned int i;
1959 ebitmap_node_t *cnode;
1960 mls_semantic_cat_t *open_cat = NULL;
1961
1962 mls_semantic_level_init(sl);
1963 sl->sens = l->sens;
1964 ebitmap_for_each_bit(&l->cat, cnode, i) {
1965 if (ebitmap_node_get_bit(cnode, i)) {
1966 if (open_cat)
1967 continue;
1968 open_cat = (mls_semantic_cat_t *)
1969 malloc(sizeof(mls_semantic_cat_t));
1970 if (!open_cat)
1971 return -1;
1972
1973 mls_semantic_cat_init(open_cat);
1974 open_cat->low = i + 1;
1975 open_cat->next = sl->cat;
1976 sl->cat = open_cat;
1977 } else {
1978 if (!open_cat)
1979 continue;
1980 open_cat->high = i;
1981 open_cat = NULL;
1982 }
1983 }
1984 if (open_cat)
1985 open_cat->high = i;
1986
1987 return 0;
1988 }
1989
mls_range_to_semantic(mls_range_t * r,mls_semantic_range_t * sr)1990 static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
1991 {
1992 if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
1993 return -1;
1994
1995 if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
1996 return -1;
1997
1998 return 0;
1999 }
2000
2001 /*
2002 * Read and validate a security context structure
2003 * from a policydb binary representation file.
2004 */
context_read_and_validate(context_struct_t * c,policydb_t * p,struct policy_file * fp)2005 static int context_read_and_validate(context_struct_t * c,
2006 policydb_t * p, struct policy_file *fp)
2007 {
2008 uint32_t buf[3];
2009 int rc;
2010
2011 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2012 if (rc < 0) {
2013 ERR(fp->handle, "context truncated");
2014 return -1;
2015 }
2016 c->user = le32_to_cpu(buf[0]);
2017 c->role = le32_to_cpu(buf[1]);
2018 c->type = le32_to_cpu(buf[2]);
2019 if ((p->policy_type == POLICY_KERN
2020 && p->policyvers >= POLICYDB_VERSION_MLS)
2021 || (p->policy_type == POLICY_BASE
2022 && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
2023 if (mls_read_range_helper(&c->range, fp)) {
2024 ERR(fp->handle, "error reading MLS range "
2025 "of context");
2026 return -1;
2027 }
2028 }
2029
2030 if (!policydb_context_isvalid(p, c)) {
2031 ERR(fp->handle, "invalid security context");
2032 context_destroy(c);
2033 return -1;
2034 }
2035 return 0;
2036 }
2037
2038 /*
2039 * The following *_read functions are used to
2040 * read the symbol data from a policy database
2041 * binary representation file.
2042 */
2043
perm_read(policydb_t * p,hashtab_t h,struct policy_file * fp,uint32_t nprim)2044 static int perm_read(policydb_t * p
2045 __attribute__ ((unused)), hashtab_t h,
2046 struct policy_file *fp, uint32_t nprim)
2047 {
2048 char *key = 0;
2049 perm_datum_t *perdatum;
2050 uint32_t buf[2];
2051 size_t len;
2052 int rc;
2053
2054 perdatum = calloc(1, sizeof(perm_datum_t));
2055 if (!perdatum)
2056 return -1;
2057
2058 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2059 if (rc < 0)
2060 goto bad;
2061
2062 len = le32_to_cpu(buf[0]);
2063 if(str_read(&key, fp, len))
2064 goto bad;
2065
2066 perdatum->s.value = le32_to_cpu(buf[1]);
2067 if (!value_isvalid(perdatum->s.value, nprim))
2068 goto bad;
2069
2070 if (hashtab_insert(h, key, perdatum))
2071 goto bad;
2072
2073 return 0;
2074
2075 bad:
2076 perm_destroy(key, perdatum, NULL);
2077 return -1;
2078 }
2079
common_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2080 static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2081 {
2082 char *key = 0;
2083 common_datum_t *comdatum;
2084 uint32_t buf[4];
2085 size_t len, nel;
2086 unsigned int i;
2087 int rc;
2088
2089 comdatum = calloc(1, sizeof(common_datum_t));
2090 if (!comdatum)
2091 return -1;
2092
2093 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2094 if (rc < 0)
2095 goto bad;
2096
2097 len = le32_to_cpu(buf[0]);
2098 if (zero_or_saturated(len))
2099 goto bad;
2100
2101 comdatum->s.value = le32_to_cpu(buf[1]);
2102
2103 if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
2104 goto bad;
2105 comdatum->permissions.nprim = le32_to_cpu(buf[2]);
2106 if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
2107 goto bad;
2108 nel = le32_to_cpu(buf[3]);
2109
2110 key = malloc(len + 1);
2111 if (!key)
2112 goto bad;
2113 rc = next_entry(key, fp, len);
2114 if (rc < 0)
2115 goto bad;
2116 key[len] = 0;
2117
2118 for (i = 0; i < nel; i++) {
2119 if (perm_read(p, comdatum->permissions.table, fp, comdatum->permissions.nprim))
2120 goto bad;
2121 }
2122
2123 if (hashtab_insert(h, key, comdatum))
2124 goto bad;
2125
2126 return 0;
2127
2128 bad:
2129 common_destroy(key, comdatum, NULL);
2130 return -1;
2131 }
2132
read_cons_helper(policydb_t * p,constraint_node_t ** nodep,unsigned int ncons,int allowxtarget,struct policy_file * fp)2133 static int read_cons_helper(policydb_t * p, constraint_node_t ** nodep,
2134 unsigned int ncons,
2135 int allowxtarget, struct policy_file *fp)
2136 {
2137 constraint_node_t *c, *lc;
2138 constraint_expr_t *e, *le;
2139 uint32_t buf[3];
2140 size_t nexpr;
2141 unsigned int i, j;
2142 int rc, depth;
2143
2144 lc = NULL;
2145 for (i = 0; i < ncons; i++) {
2146 c = calloc(1, sizeof(constraint_node_t));
2147 if (!c)
2148 return -1;
2149
2150 if (lc)
2151 lc->next = c;
2152 else
2153 *nodep = c;
2154
2155 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
2156 if (rc < 0)
2157 return -1;
2158 c->permissions = le32_to_cpu(buf[0]);
2159 nexpr = le32_to_cpu(buf[1]);
2160 le = NULL;
2161 depth = -1;
2162 for (j = 0; j < nexpr; j++) {
2163 e = malloc(sizeof(constraint_expr_t));
2164 if (!e)
2165 return -1;
2166 if (constraint_expr_init(e) == -1) {
2167 free(e);
2168 return -1;
2169 }
2170 if (le) {
2171 le->next = e;
2172 } else {
2173 c->expr = e;
2174 }
2175
2176 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
2177 if (rc < 0)
2178 return -1;
2179 e->expr_type = le32_to_cpu(buf[0]);
2180 e->attr = le32_to_cpu(buf[1]);
2181 e->op = le32_to_cpu(buf[2]);
2182
2183 switch (e->expr_type) {
2184 case CEXPR_NOT:
2185 if (depth < 0)
2186 return -1;
2187 break;
2188 case CEXPR_AND:
2189 case CEXPR_OR:
2190 if (depth < 1)
2191 return -1;
2192 depth--;
2193 break;
2194 case CEXPR_ATTR:
2195 if (depth == (CEXPR_MAXDEPTH - 1))
2196 return -1;
2197 depth++;
2198 break;
2199 case CEXPR_NAMES:
2200 if (!allowxtarget && (e->attr & CEXPR_XTARGET))
2201 return -1;
2202 if (depth == (CEXPR_MAXDEPTH - 1))
2203 return -1;
2204 depth++;
2205 if (ebitmap_read(&e->names, fp))
2206 return -1;
2207 if (p->policy_type != POLICY_KERN &&
2208 type_set_read(e->type_names, fp))
2209 return -1;
2210 else if (p->policy_type == POLICY_KERN &&
2211 p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES &&
2212 type_set_read(e->type_names, fp))
2213 return -1;
2214 break;
2215 default:
2216 return -1;
2217 }
2218 le = e;
2219 }
2220 if (depth != 0)
2221 return -1;
2222 lc = c;
2223 }
2224
2225 return 0;
2226 }
2227
class_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2228 static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2229 {
2230 char *key = 0;
2231 class_datum_t *cladatum;
2232 uint32_t buf[6];
2233 size_t len, len2, ncons, nel;
2234 unsigned int i;
2235 int rc;
2236
2237 cladatum = (class_datum_t *) calloc(1, sizeof(class_datum_t));
2238 if (!cladatum)
2239 return -1;
2240
2241 rc = next_entry(buf, fp, sizeof(uint32_t) * 6);
2242 if (rc < 0)
2243 goto bad;
2244
2245 len = le32_to_cpu(buf[0]);
2246 if (zero_or_saturated(len))
2247 goto bad;
2248 len2 = le32_to_cpu(buf[1]);
2249 if (is_saturated(len2))
2250 goto bad;
2251 cladatum->s.value = le32_to_cpu(buf[2]);
2252
2253 if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
2254 goto bad;
2255 cladatum->permissions.nprim = le32_to_cpu(buf[3]);
2256 if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
2257 goto bad;
2258 nel = le32_to_cpu(buf[4]);
2259
2260 ncons = le32_to_cpu(buf[5]);
2261
2262 key = malloc(len + 1);
2263 if (!key)
2264 goto bad;
2265 rc = next_entry(key, fp, len);
2266 if (rc < 0)
2267 goto bad;
2268 key[len] = 0;
2269
2270 if (len2) {
2271 cladatum->comkey = malloc(len2 + 1);
2272 if (!cladatum->comkey)
2273 goto bad;
2274 rc = next_entry(cladatum->comkey, fp, len2);
2275 if (rc < 0)
2276 goto bad;
2277 cladatum->comkey[len2] = 0;
2278
2279 cladatum->comdatum = hashtab_search(p->p_commons.table,
2280 cladatum->comkey);
2281 if (!cladatum->comdatum) {
2282 ERR(fp->handle, "unknown common %s", cladatum->comkey);
2283 goto bad;
2284 }
2285 }
2286 for (i = 0; i < nel; i++) {
2287 if (perm_read(p, cladatum->permissions.table, fp, cladatum->permissions.nprim))
2288 goto bad;
2289 }
2290
2291 if (read_cons_helper(p, &cladatum->constraints, ncons, 0, fp))
2292 goto bad;
2293
2294 if ((p->policy_type == POLICY_KERN
2295 && p->policyvers >= POLICYDB_VERSION_VALIDATETRANS)
2296 || (p->policy_type == POLICY_BASE
2297 && p->policyvers >= MOD_POLICYDB_VERSION_VALIDATETRANS)) {
2298 /* grab the validatetrans rules */
2299 rc = next_entry(buf, fp, sizeof(uint32_t));
2300 if (rc < 0)
2301 goto bad;
2302 ncons = le32_to_cpu(buf[0]);
2303 if (read_cons_helper(p, &cladatum->validatetrans, ncons, 1, fp))
2304 goto bad;
2305 }
2306
2307 if ((p->policy_type == POLICY_KERN &&
2308 p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
2309 (p->policy_type == POLICY_BASE &&
2310 p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
2311 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2312 if (rc < 0)
2313 goto bad;
2314 cladatum->default_user = le32_to_cpu(buf[0]);
2315 cladatum->default_role = le32_to_cpu(buf[1]);
2316 cladatum->default_range = le32_to_cpu(buf[2]);
2317 }
2318
2319 if ((p->policy_type == POLICY_KERN &&
2320 p->policyvers >= POLICYDB_VERSION_DEFAULT_TYPE) ||
2321 (p->policy_type == POLICY_BASE &&
2322 p->policyvers >= MOD_POLICYDB_VERSION_DEFAULT_TYPE)) {
2323 rc = next_entry(buf, fp, sizeof(uint32_t));
2324 if (rc < 0)
2325 goto bad;
2326 cladatum->default_type = le32_to_cpu(buf[0]);
2327 }
2328
2329 if (hashtab_insert(h, key, cladatum))
2330 goto bad;
2331
2332 return 0;
2333
2334 bad:
2335 class_destroy(key, cladatum, NULL);
2336 return -1;
2337 }
2338
role_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2339 static int role_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2340 {
2341 char *key = 0;
2342 role_datum_t *role;
2343 uint32_t buf[3];
2344 size_t len;
2345 int rc, to_read = 2;
2346
2347 role = calloc(1, sizeof(role_datum_t));
2348 if (!role)
2349 return -1;
2350
2351 if (policydb_has_boundary_feature(p))
2352 to_read = 3;
2353
2354 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2355 if (rc < 0)
2356 goto bad;
2357
2358 len = le32_to_cpu(buf[0]);
2359 if (zero_or_saturated(len))
2360 goto bad;
2361
2362 role->s.value = le32_to_cpu(buf[1]);
2363 if (policydb_has_boundary_feature(p))
2364 role->bounds = le32_to_cpu(buf[2]);
2365
2366 key = malloc(len + 1);
2367 if (!key)
2368 goto bad;
2369 rc = next_entry(key, fp, len);
2370 if (rc < 0)
2371 goto bad;
2372 key[len] = 0;
2373
2374 if (ebitmap_read(&role->dominates, fp))
2375 goto bad;
2376
2377 if (p->policy_type == POLICY_KERN) {
2378 if (ebitmap_read(&role->types.types, fp))
2379 goto bad;
2380 } else {
2381 if (type_set_read(&role->types, fp))
2382 goto bad;
2383 }
2384
2385 if (p->policy_type != POLICY_KERN &&
2386 p->policyvers >= MOD_POLICYDB_VERSION_ROLEATTRIB) {
2387 rc = next_entry(buf, fp, sizeof(uint32_t));
2388 if (rc < 0)
2389 goto bad;
2390
2391 role->flavor = le32_to_cpu(buf[0]);
2392
2393 if (ebitmap_read(&role->roles, fp))
2394 goto bad;
2395 }
2396
2397 if (strcmp(key, OBJECT_R) == 0) {
2398 if (role->s.value != OBJECT_R_VAL) {
2399 ERR(fp->handle, "role %s has wrong value %d",
2400 OBJECT_R, role->s.value);
2401 role_destroy(key, role, NULL);
2402 return -1;
2403 }
2404 role_destroy(key, role, NULL);
2405 return 0;
2406 }
2407
2408 if (hashtab_insert(h, key, role))
2409 goto bad;
2410
2411 return 0;
2412
2413 bad:
2414 role_destroy(key, role, NULL);
2415 return -1;
2416 }
2417
type_read(policydb_t * p,hashtab_t h,struct policy_file * fp)2418 static int type_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
2419 {
2420 char *key = 0;
2421 type_datum_t *typdatum;
2422 uint32_t buf[5];
2423 size_t len;
2424 int rc, to_read;
2425 int pos = 0;
2426
2427 typdatum = calloc(1, sizeof(type_datum_t));
2428 if (!typdatum)
2429 return -1;
2430
2431 if (policydb_has_boundary_feature(p)) {
2432 if (p->policy_type != POLICY_KERN
2433 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS)
2434 to_read = 5;
2435 else
2436 to_read = 4;
2437 }
2438 else if (p->policy_type == POLICY_KERN)
2439 to_read = 3;
2440 else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2441 to_read = 5;
2442 else
2443 to_read = 4;
2444
2445 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
2446 if (rc < 0)
2447 goto bad;
2448
2449 len = le32_to_cpu(buf[pos]);
2450 if (zero_or_saturated(len))
2451 goto bad;
2452
2453 typdatum->s.value = le32_to_cpu(buf[++pos]);
2454 if (policydb_has_boundary_feature(p)) {
2455 uint32_t properties;
2456
2457 if (p->policy_type != POLICY_KERN
2458 && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY_ALIAS) {
2459 typdatum->primary = le32_to_cpu(buf[++pos]);
2460 properties = le32_to_cpu(buf[++pos]);
2461 }
2462 else {
2463 properties = le32_to_cpu(buf[++pos]);
2464
2465 if (properties & TYPEDATUM_PROPERTY_PRIMARY)
2466 typdatum->primary = 1;
2467 }
2468
2469 if (properties & TYPEDATUM_PROPERTY_ATTRIBUTE)
2470 typdatum->flavor = TYPE_ATTRIB;
2471 if (properties & TYPEDATUM_PROPERTY_ALIAS
2472 && p->policy_type != POLICY_KERN)
2473 typdatum->flavor = TYPE_ALIAS;
2474 if (properties & TYPEDATUM_PROPERTY_PERMISSIVE
2475 && p->policy_type != POLICY_KERN)
2476 typdatum->flags |= TYPE_FLAGS_PERMISSIVE;
2477
2478 typdatum->bounds = le32_to_cpu(buf[++pos]);
2479 } else {
2480 typdatum->primary = le32_to_cpu(buf[++pos]);
2481 if (p->policy_type != POLICY_KERN) {
2482 typdatum->flavor = le32_to_cpu(buf[++pos]);
2483 if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
2484 typdatum->flags = le32_to_cpu(buf[++pos]);
2485 }
2486 }
2487
2488 if (p->policy_type != POLICY_KERN) {
2489 if (ebitmap_read(&typdatum->types, fp))
2490 goto bad;
2491 }
2492
2493 key = malloc(len + 1);
2494 if (!key)
2495 goto bad;
2496 rc = next_entry(key, fp, len);
2497 if (rc < 0)
2498 goto bad;
2499 key[len] = 0;
2500
2501 if (hashtab_insert(h, key, typdatum))
2502 goto bad;
2503
2504 return 0;
2505
2506 bad:
2507 type_destroy(key, typdatum, NULL);
2508 return -1;
2509 }
2510
role_trans_read(policydb_t * p,struct policy_file * fp)2511 static int role_trans_read(policydb_t *p, struct policy_file *fp)
2512 {
2513 role_trans_t **t = &p->role_tr;
2514 unsigned int i;
2515 uint32_t buf[3], nel;
2516 role_trans_t *tr, *ltr;
2517 int rc;
2518 int new_roletr = (p->policy_type == POLICY_KERN &&
2519 p->policyvers >= POLICYDB_VERSION_ROLETRANS);
2520
2521 rc = next_entry(buf, fp, sizeof(uint32_t));
2522 if (rc < 0)
2523 return -1;
2524 nel = le32_to_cpu(buf[0]);
2525 ltr = NULL;
2526 for (i = 0; i < nel; i++) {
2527 tr = calloc(1, sizeof(struct role_trans));
2528 if (!tr) {
2529 return -1;
2530 }
2531 if (ltr) {
2532 ltr->next = tr;
2533 } else {
2534 *t = tr;
2535 }
2536 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2537 if (rc < 0)
2538 return -1;
2539 tr->role = le32_to_cpu(buf[0]);
2540 tr->type = le32_to_cpu(buf[1]);
2541 tr->new_role = le32_to_cpu(buf[2]);
2542 if (new_roletr) {
2543 rc = next_entry(buf, fp, sizeof(uint32_t));
2544 if (rc < 0)
2545 return -1;
2546 tr->tclass = le32_to_cpu(buf[0]);
2547 } else
2548 tr->tclass = p->process_class;
2549 ltr = tr;
2550 }
2551 return 0;
2552 }
2553
role_allow_read(role_allow_t ** r,struct policy_file * fp)2554 static int role_allow_read(role_allow_t ** r, struct policy_file *fp)
2555 {
2556 unsigned int i;
2557 uint32_t buf[2], nel;
2558 role_allow_t *ra, *lra;
2559 int rc;
2560
2561 rc = next_entry(buf, fp, sizeof(uint32_t));
2562 if (rc < 0)
2563 return -1;
2564 nel = le32_to_cpu(buf[0]);
2565 lra = NULL;
2566 for (i = 0; i < nel; i++) {
2567 ra = calloc(1, sizeof(struct role_allow));
2568 if (!ra) {
2569 return -1;
2570 }
2571 if (lra) {
2572 lra->next = ra;
2573 } else {
2574 *r = ra;
2575 }
2576 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2577 if (rc < 0)
2578 return -1;
2579 ra->role = le32_to_cpu(buf[0]);
2580 ra->new_role = le32_to_cpu(buf[1]);
2581 lra = ra;
2582 }
2583 return 0;
2584 }
2585
policydb_filetrans_insert(policydb_t * p,uint32_t stype,uint32_t ttype,uint32_t tclass,const char * name,char ** name_alloc,uint32_t otype,uint32_t * present_otype)2586 int policydb_filetrans_insert(policydb_t *p, uint32_t stype, uint32_t ttype,
2587 uint32_t tclass, const char *name,
2588 char **name_alloc, uint32_t otype,
2589 uint32_t *present_otype)
2590 {
2591 filename_trans_key_t *ft, key;
2592 filename_trans_datum_t *datum, *last;
2593
2594 key.ttype = ttype;
2595 key.tclass = tclass;
2596 key.name = (char *)name;
2597
2598 last = NULL;
2599 datum = hashtab_search(p->filename_trans, (hashtab_key_t)&key);
2600 while (datum) {
2601 if (ebitmap_get_bit(&datum->stypes, stype - 1)) {
2602 if (present_otype)
2603 *present_otype = datum->otype;
2604 return SEPOL_EEXIST;
2605 }
2606 if (datum->otype == otype)
2607 break;
2608 last = datum;
2609 datum = datum->next;
2610 }
2611 if (!datum) {
2612 datum = malloc(sizeof(*datum));
2613 if (!datum)
2614 return SEPOL_ENOMEM;
2615
2616 ebitmap_init(&datum->stypes);
2617 datum->otype = otype;
2618 datum->next = NULL;
2619
2620 if (last) {
2621 last->next = datum;
2622 } else {
2623 char *name_dup;
2624
2625 if (name_alloc) {
2626 name_dup = *name_alloc;
2627 *name_alloc = NULL;
2628 } else {
2629 name_dup = strdup(name);
2630 if (!name_dup) {
2631 free(datum);
2632 return SEPOL_ENOMEM;
2633 }
2634 }
2635
2636 ft = malloc(sizeof(*ft));
2637 if (!ft) {
2638 free(name_dup);
2639 free(datum);
2640 return SEPOL_ENOMEM;
2641 }
2642
2643 ft->ttype = ttype;
2644 ft->tclass = tclass;
2645 ft->name = name_dup;
2646
2647 if (hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2648 (hashtab_datum_t)datum)) {
2649 free(name_dup);
2650 free(datum);
2651 free(ft);
2652 return SEPOL_ENOMEM;
2653 }
2654 }
2655 }
2656
2657 p->filename_trans_count++;
2658 return ebitmap_set_bit(&datum->stypes, stype - 1, 1);
2659 }
2660
filename_trans_read_one_compat(policydb_t * p,struct policy_file * fp)2661 static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
2662 {
2663 uint32_t buf[4], len, stype, ttype, tclass, otype;
2664 char *name = NULL;
2665 int rc;
2666
2667 rc = next_entry(buf, fp, sizeof(uint32_t));
2668 if (rc < 0)
2669 return -1;
2670 len = le32_to_cpu(buf[0]);
2671 if (zero_or_saturated(len))
2672 return -1;
2673
2674 name = calloc(len + 1, sizeof(*name));
2675 if (!name)
2676 return -1;
2677
2678 rc = next_entry(name, fp, len);
2679 if (rc < 0)
2680 goto err;
2681
2682 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
2683 if (rc < 0)
2684 goto err;
2685
2686 stype = le32_to_cpu(buf[0]);
2687 if (stype == 0)
2688 goto err;
2689
2690 ttype = le32_to_cpu(buf[1]);
2691 tclass = le32_to_cpu(buf[2]);
2692 otype = le32_to_cpu(buf[3]);
2693
2694 rc = policydb_filetrans_insert(p, stype, ttype, tclass, name, &name,
2695 otype, NULL);
2696 if (rc) {
2697 if (rc != SEPOL_EEXIST)
2698 goto err;
2699 /*
2700 * Some old policies were wrongly generated with
2701 * duplicate filename transition rules. For backward
2702 * compatibility, do not reject such policies, just
2703 * ignore the duplicate.
2704 */
2705 }
2706 free(name);
2707 return 0;
2708 err:
2709 free(name);
2710 return -1;
2711 }
2712
filename_trans_check_datum(filename_trans_datum_t * datum)2713 static int filename_trans_check_datum(filename_trans_datum_t *datum)
2714 {
2715 ebitmap_t stypes, otypes;
2716 int rc = -1;
2717
2718 ebitmap_init(&stypes);
2719 ebitmap_init(&otypes);
2720
2721 while (datum) {
2722 if (ebitmap_get_bit(&otypes, datum->otype))
2723 goto out;
2724
2725 if (ebitmap_set_bit(&otypes, datum->otype, 1))
2726 goto out;
2727
2728 if (ebitmap_match_any(&stypes, &datum->stypes))
2729 goto out;
2730
2731 if (ebitmap_union(&stypes, &datum->stypes))
2732 goto out;
2733
2734 datum = datum->next;
2735 }
2736 rc = 0;
2737 out:
2738 ebitmap_destroy(&stypes);
2739 ebitmap_destroy(&otypes);
2740 return rc;
2741 }
2742
filename_trans_read_one(policydb_t * p,struct policy_file * fp)2743 static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
2744 {
2745 filename_trans_key_t *ft = NULL;
2746 filename_trans_datum_t **dst, *datum, *first = NULL;
2747 unsigned int i;
2748 uint32_t buf[3], len, ttype, tclass, ndatum;
2749 char *name = NULL;
2750 int rc;
2751
2752 rc = next_entry(buf, fp, sizeof(uint32_t));
2753 if (rc < 0)
2754 return -1;
2755 len = le32_to_cpu(buf[0]);
2756 if (zero_or_saturated(len))
2757 return -1;
2758
2759 name = calloc(len + 1, sizeof(*name));
2760 if (!name)
2761 return -1;
2762
2763 rc = next_entry(name, fp, len);
2764 if (rc < 0)
2765 goto err;
2766
2767 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
2768 if (rc < 0)
2769 goto err;
2770
2771 ttype = le32_to_cpu(buf[0]);
2772 tclass = le32_to_cpu(buf[1]);
2773 ndatum = le32_to_cpu(buf[2]);
2774 if (ndatum == 0)
2775 goto err;
2776
2777 dst = &first;
2778 for (i = 0; i < ndatum; i++) {
2779 datum = malloc(sizeof(*datum));
2780 if (!datum)
2781 goto err;
2782
2783 datum->next = NULL;
2784 *dst = datum;
2785
2786 /* ebitmap_read() will at least init the bitmap */
2787 rc = ebitmap_read(&datum->stypes, fp);
2788 if (rc < 0)
2789 goto err;
2790
2791 rc = next_entry(buf, fp, sizeof(uint32_t));
2792 if (rc < 0)
2793 goto err;
2794
2795 datum->otype = le32_to_cpu(buf[0]);
2796
2797 p->filename_trans_count += ebitmap_cardinality(&datum->stypes);
2798
2799 dst = &datum->next;
2800 }
2801
2802 if (ndatum > 1 && filename_trans_check_datum(first))
2803 goto err;
2804
2805 ft = malloc(sizeof(*ft));
2806 if (!ft)
2807 goto err;
2808
2809 ft->ttype = ttype;
2810 ft->tclass = tclass;
2811 ft->name = name;
2812
2813 rc = hashtab_insert(p->filename_trans, (hashtab_key_t)ft,
2814 (hashtab_datum_t)first);
2815 if (rc)
2816 goto err;
2817
2818 return 0;
2819 err:
2820 free(ft);
2821 free(name);
2822 while (first) {
2823 datum = first;
2824 first = first->next;
2825
2826 ebitmap_destroy(&datum->stypes);
2827 free(datum);
2828 }
2829 return -1;
2830 }
2831
filename_trans_read(policydb_t * p,struct policy_file * fp)2832 static int filename_trans_read(policydb_t *p, struct policy_file *fp)
2833 {
2834 unsigned int i;
2835 uint32_t buf[1], nel;
2836 int rc;
2837
2838 rc = next_entry(buf, fp, sizeof(uint32_t));
2839 if (rc < 0)
2840 return -1;
2841 nel = le32_to_cpu(buf[0]);
2842
2843 if (p->policyvers < POLICYDB_VERSION_COMP_FTRANS) {
2844 for (i = 0; i < nel; i++) {
2845 rc = filename_trans_read_one_compat(p, fp);
2846 if (rc < 0)
2847 return -1;
2848 }
2849 } else {
2850 for (i = 0; i < nel; i++) {
2851 rc = filename_trans_read_one(p, fp);
2852 if (rc < 0)
2853 return -1;
2854 }
2855 }
2856 return 0;
2857 }
2858
ocontext_read_xen(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2859 static int ocontext_read_xen(const struct policydb_compat_info *info,
2860 policydb_t *p, struct policy_file *fp)
2861 {
2862 unsigned int i, j;
2863 size_t nel, len;
2864 ocontext_t *l, *c;
2865 uint32_t buf[8];
2866 int rc;
2867
2868 for (i = 0; i < info->ocon_num; i++) {
2869 rc = next_entry(buf, fp, sizeof(uint32_t));
2870 if (rc < 0)
2871 return -1;
2872 nel = le32_to_cpu(buf[0]);
2873 l = NULL;
2874 for (j = 0; j < nel; j++) {
2875 c = calloc(1, sizeof(ocontext_t));
2876 if (!c)
2877 return -1;
2878 if (l)
2879 l->next = c;
2880 else
2881 p->ocontexts[i] = c;
2882 l = c;
2883 switch (i) {
2884 case OCON_XEN_ISID:
2885 rc = next_entry(buf, fp, sizeof(uint32_t));
2886 if (rc < 0)
2887 return -1;
2888 c->sid[0] = le32_to_cpu(buf[0]);
2889 if (is_saturated(c->sid[0]))
2890 return -1;
2891 if (context_read_and_validate
2892 (&c->context[0], p, fp))
2893 return -1;
2894 break;
2895 case OCON_XEN_PIRQ:
2896 rc = next_entry(buf, fp, sizeof(uint32_t));
2897 if (rc < 0)
2898 return -1;
2899 c->u.pirq = le32_to_cpu(buf[0]);
2900 if (context_read_and_validate
2901 (&c->context[0], p, fp))
2902 return -1;
2903 break;
2904 case OCON_XEN_IOPORT:
2905 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2906 if (rc < 0)
2907 return -1;
2908 c->u.ioport.low_ioport = le32_to_cpu(buf[0]);
2909 c->u.ioport.high_ioport = le32_to_cpu(buf[1]);
2910 if (context_read_and_validate
2911 (&c->context[0], p, fp))
2912 return -1;
2913 break;
2914 case OCON_XEN_IOMEM:
2915 if (p->policyvers >= POLICYDB_VERSION_XEN_DEVICETREE) {
2916 uint64_t b64[2];
2917 rc = next_entry(b64, fp, sizeof(uint64_t) * 2);
2918 if (rc < 0)
2919 return -1;
2920 c->u.iomem.low_iomem = le64_to_cpu(b64[0]);
2921 c->u.iomem.high_iomem = le64_to_cpu(b64[1]);
2922 } else {
2923 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
2924 if (rc < 0)
2925 return -1;
2926 c->u.iomem.low_iomem = le32_to_cpu(buf[0]);
2927 c->u.iomem.high_iomem = le32_to_cpu(buf[1]);
2928 }
2929 if (context_read_and_validate
2930 (&c->context[0], p, fp))
2931 return -1;
2932 break;
2933 case OCON_XEN_PCIDEVICE:
2934 rc = next_entry(buf, fp, sizeof(uint32_t));
2935 if (rc < 0)
2936 return -1;
2937 c->u.device = le32_to_cpu(buf[0]);
2938 if (context_read_and_validate
2939 (&c->context[0], p, fp))
2940 return -1;
2941 break;
2942 case OCON_XEN_DEVICETREE:
2943 rc = next_entry(buf, fp, sizeof(uint32_t));
2944 if (rc < 0)
2945 return -1;
2946 len = le32_to_cpu(buf[0]);
2947 if (zero_or_saturated(len))
2948 return -1;
2949
2950 c->u.name = malloc(len + 1);
2951 if (!c->u.name)
2952 return -1;
2953 rc = next_entry(c->u.name, fp, len);
2954 if (rc < 0)
2955 return -1;
2956 c->u.name[len] = 0;
2957 if (context_read_and_validate
2958 (&c->context[0], p, fp))
2959 return -1;
2960 break;
2961 default:
2962 /* should never get here */
2963 ERR(fp->handle, "Unknown Xen ocontext");
2964 return -1;
2965 }
2966 }
2967 }
2968 return 0;
2969 }
ocontext_read_selinux(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)2970 static int ocontext_read_selinux(const struct policydb_compat_info *info,
2971 policydb_t * p, struct policy_file *fp)
2972 {
2973 unsigned int i, j;
2974 size_t nel, len;
2975 ocontext_t *l, *c;
2976 uint32_t buf[8];
2977 int rc;
2978
2979 for (i = 0; i < info->ocon_num; i++) {
2980 rc = next_entry(buf, fp, sizeof(uint32_t));
2981 if (rc < 0)
2982 return -1;
2983 nel = le32_to_cpu(buf[0]);
2984 l = NULL;
2985 for (j = 0; j < nel; j++) {
2986 c = calloc(1, sizeof(ocontext_t));
2987 if (!c) {
2988 return -1;
2989 }
2990 if (l) {
2991 l->next = c;
2992 } else {
2993 p->ocontexts[i] = c;
2994 }
2995 l = c;
2996 switch (i) {
2997 case OCON_ISID:
2998 rc = next_entry(buf, fp, sizeof(uint32_t));
2999 if (rc < 0)
3000 return -1;
3001 c->sid[0] = le32_to_cpu(buf[0]);
3002 if (is_saturated(c->sid[0]))
3003 return -1;
3004 if (context_read_and_validate
3005 (&c->context[0], p, fp))
3006 return -1;
3007 break;
3008 case OCON_FS:
3009 case OCON_NETIF:
3010 rc = next_entry(buf, fp, sizeof(uint32_t));
3011 if (rc < 0)
3012 return -1;
3013 len = le32_to_cpu(buf[0]);
3014 if (zero_or_saturated(len) || len > 63)
3015 return -1;
3016 c->u.name = malloc(len + 1);
3017 if (!c->u.name)
3018 return -1;
3019 rc = next_entry(c->u.name, fp, len);
3020 if (rc < 0)
3021 return -1;
3022 c->u.name[len] = 0;
3023 if (context_read_and_validate
3024 (&c->context[0], p, fp))
3025 return -1;
3026 if (context_read_and_validate
3027 (&c->context[1], p, fp))
3028 return -1;
3029 break;
3030 case OCON_IBPKEY: {
3031 uint32_t pkey_lo, pkey_hi;
3032
3033 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
3034 if (rc < 0)
3035 return -1;
3036
3037 pkey_lo = le32_to_cpu(buf[2]);
3038 pkey_hi = le32_to_cpu(buf[3]);
3039
3040 if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
3041 return -1;
3042
3043 c->u.ibpkey.low_pkey = pkey_lo;
3044 c->u.ibpkey.high_pkey = pkey_hi;
3045
3046 /* we want c->u.ibpkey.subnet_prefix in network
3047 * (big-endian) order, just memcpy it */
3048 memcpy(&c->u.ibpkey.subnet_prefix, buf,
3049 sizeof(c->u.ibpkey.subnet_prefix));
3050
3051 if (context_read_and_validate
3052 (&c->context[0], p, fp))
3053 return -1;
3054 break;
3055 }
3056 case OCON_IBENDPORT: {
3057 uint32_t port;
3058
3059 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3060 if (rc < 0)
3061 return -1;
3062 len = le32_to_cpu(buf[0]);
3063 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
3064 return -1;
3065
3066 port = le32_to_cpu(buf[1]);
3067 if (port > UINT8_MAX || port == 0)
3068 return -1;
3069
3070 c->u.ibendport.dev_name = malloc(len + 1);
3071 if (!c->u.ibendport.dev_name)
3072 return -1;
3073 rc = next_entry(c->u.ibendport.dev_name, fp, len);
3074 if (rc < 0)
3075 return -1;
3076 c->u.ibendport.dev_name[len] = 0;
3077 c->u.ibendport.port = port;
3078 if (context_read_and_validate
3079 (&c->context[0], p, fp))
3080 return -1;
3081 break;
3082 }
3083 case OCON_PORT:
3084 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
3085 if (rc < 0)
3086 return -1;
3087 c->u.port.protocol = le32_to_cpu(buf[0]);
3088 c->u.port.low_port = le32_to_cpu(buf[1]);
3089 c->u.port.high_port = le32_to_cpu(buf[2]);
3090 if (context_read_and_validate
3091 (&c->context[0], p, fp))
3092 return -1;
3093 break;
3094 case OCON_NODE:
3095 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3096 if (rc < 0)
3097 return -1;
3098 c->u.node.addr = buf[0]; /* network order */
3099 c->u.node.mask = buf[1]; /* network order */
3100 if (context_read_and_validate
3101 (&c->context[0], p, fp))
3102 return -1;
3103 break;
3104 case OCON_FSUSE:
3105 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3106 if (rc < 0)
3107 return -1;
3108 c->v.behavior = le32_to_cpu(buf[0]);
3109 len = le32_to_cpu(buf[1]);
3110 if (zero_or_saturated(len))
3111 return -1;
3112 c->u.name = malloc(len + 1);
3113 if (!c->u.name)
3114 return -1;
3115 rc = next_entry(c->u.name, fp, len);
3116 if (rc < 0)
3117 return -1;
3118 c->u.name[len] = 0;
3119 if (context_read_and_validate
3120 (&c->context[0], p, fp))
3121 return -1;
3122 break;
3123 case OCON_NODE6:{
3124 int k;
3125
3126 rc = next_entry(buf, fp, sizeof(uint32_t) * 8);
3127 if (rc < 0)
3128 return -1;
3129 for (k = 0; k < 4; k++)
3130 /* network order */
3131 c->u.node6.addr[k] = buf[k];
3132 for (k = 0; k < 4; k++)
3133 /* network order */
3134 c->u.node6.mask[k] = buf[k + 4];
3135 if (context_read_and_validate
3136 (&c->context[0], p, fp))
3137 return -1;
3138 break;
3139 }
3140 default:{
3141 ERR(fp->handle, "Unknown SELinux ocontext");
3142 return -1;
3143 }
3144 }
3145 }
3146 }
3147 return 0;
3148 }
3149
ocontext_read(const struct policydb_compat_info * info,policydb_t * p,struct policy_file * fp)3150 static int ocontext_read(const struct policydb_compat_info *info,
3151 policydb_t *p, struct policy_file *fp)
3152 {
3153 int rc = -1;
3154 switch (p->target_platform) {
3155 case SEPOL_TARGET_SELINUX:
3156 rc = ocontext_read_selinux(info, p, fp);
3157 break;
3158 case SEPOL_TARGET_XEN:
3159 rc = ocontext_read_xen(info, p, fp);
3160 break;
3161 default:
3162 ERR(fp->handle, "Unknown target");
3163 }
3164 return rc;
3165 }
3166
genfs_read(policydb_t * p,struct policy_file * fp)3167 static int genfs_read(policydb_t * p, struct policy_file *fp)
3168 {
3169 uint32_t buf[1];
3170 size_t nel, nel2, len, len2;
3171 genfs_t *genfs_p, *newgenfs, *genfs;
3172 size_t i, j;
3173 ocontext_t *l, *c, *newc = NULL;
3174 int rc;
3175
3176 rc = next_entry(buf, fp, sizeof(uint32_t));
3177 if (rc < 0)
3178 goto bad;
3179 nel = le32_to_cpu(buf[0]);
3180 genfs_p = NULL;
3181 for (i = 0; i < nel; i++) {
3182 rc = next_entry(buf, fp, sizeof(uint32_t));
3183 if (rc < 0)
3184 goto bad;
3185 len = le32_to_cpu(buf[0]);
3186 if (zero_or_saturated(len))
3187 goto bad;
3188 newgenfs = calloc(1, sizeof(genfs_t));
3189 if (!newgenfs)
3190 goto bad;
3191 newgenfs->fstype = malloc(len + 1);
3192 if (!newgenfs->fstype) {
3193 free(newgenfs);
3194 goto bad;
3195 }
3196 rc = next_entry(newgenfs->fstype, fp, len);
3197 if (rc < 0) {
3198 free(newgenfs->fstype);
3199 free(newgenfs);
3200 goto bad;
3201 }
3202 newgenfs->fstype[len] = 0;
3203 for (genfs_p = NULL, genfs = p->genfs; genfs;
3204 genfs_p = genfs, genfs = genfs->next) {
3205 if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
3206 ERR(fp->handle, "dup genfs fstype %s",
3207 newgenfs->fstype);
3208 free(newgenfs->fstype);
3209 free(newgenfs);
3210 goto bad;
3211 }
3212 if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
3213 break;
3214 }
3215 newgenfs->next = genfs;
3216 if (genfs_p)
3217 genfs_p->next = newgenfs;
3218 else
3219 p->genfs = newgenfs;
3220 rc = next_entry(buf, fp, sizeof(uint32_t));
3221 if (rc < 0)
3222 goto bad;
3223 nel2 = le32_to_cpu(buf[0]);
3224 for (j = 0; j < nel2; j++) {
3225 newc = calloc(1, sizeof(ocontext_t));
3226 if (!newc) {
3227 goto bad;
3228 }
3229 rc = next_entry(buf, fp, sizeof(uint32_t));
3230 if (rc < 0)
3231 goto bad;
3232 len = le32_to_cpu(buf[0]);
3233 if (zero_or_saturated(len))
3234 goto bad;
3235 newc->u.name = malloc(len + 1);
3236 if (!newc->u.name) {
3237 goto bad;
3238 }
3239 rc = next_entry(newc->u.name, fp, len);
3240 if (rc < 0)
3241 goto bad;
3242 newc->u.name[len] = 0;
3243 rc = next_entry(buf, fp, sizeof(uint32_t));
3244 if (rc < 0)
3245 goto bad;
3246 newc->v.sclass = le32_to_cpu(buf[0]);
3247 if (context_read_and_validate(&newc->context[0], p, fp))
3248 goto bad;
3249 for (l = NULL, c = newgenfs->head; c;
3250 l = c, c = c->next) {
3251 if (!strcmp(newc->u.name, c->u.name) &&
3252 (!c->v.sclass || !newc->v.sclass ||
3253 newc->v.sclass == c->v.sclass)) {
3254 ERR(fp->handle, "dup genfs entry "
3255 "(%s,%s)", newgenfs->fstype,
3256 c->u.name);
3257 goto bad;
3258 }
3259 len = strlen(newc->u.name);
3260 len2 = strlen(c->u.name);
3261 if (len > len2)
3262 break;
3263 }
3264 newc->next = c;
3265 if (l)
3266 l->next = newc;
3267 else
3268 newgenfs->head = newc;
3269 /* clear newc after a new owner has the pointer */
3270 newc = NULL;
3271 }
3272 }
3273
3274 return 0;
3275
3276 bad:
3277 if (newc) {
3278 context_destroy(&newc->context[0]);
3279 context_destroy(&newc->context[1]);
3280 free(newc->u.name);
3281 free(newc);
3282 }
3283 return -1;
3284 }
3285
3286 /*
3287 * Read a MLS level structure from a policydb binary
3288 * representation file.
3289 */
mls_read_level(mls_level_t * lp,struct policy_file * fp)3290 static int mls_read_level(mls_level_t * lp, struct policy_file *fp)
3291 {
3292 uint32_t buf[1];
3293 int rc;
3294
3295 mls_level_init(lp);
3296
3297 rc = next_entry(buf, fp, sizeof(uint32_t));
3298 if (rc < 0) {
3299 ERR(fp->handle, "truncated level");
3300 goto bad;
3301 }
3302 lp->sens = le32_to_cpu(buf[0]);
3303
3304 if (ebitmap_read(&lp->cat, fp)) {
3305 ERR(fp->handle, "error reading level categories");
3306 goto bad;
3307 }
3308 return 0;
3309
3310 bad:
3311 return -EINVAL;
3312 }
3313
user_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3314 static int user_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
3315 {
3316 char *key = 0;
3317 user_datum_t *usrdatum;
3318 uint32_t buf[3];
3319 size_t len;
3320 int rc, to_read = 2;
3321
3322 usrdatum = calloc(1, sizeof(user_datum_t));
3323 if (!usrdatum)
3324 return -1;
3325
3326 if (policydb_has_boundary_feature(p))
3327 to_read = 3;
3328
3329 rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
3330 if (rc < 0)
3331 goto bad;
3332
3333 len = le32_to_cpu(buf[0]);
3334 if (zero_or_saturated(len))
3335 goto bad;
3336
3337 usrdatum->s.value = le32_to_cpu(buf[1]);
3338 if (policydb_has_boundary_feature(p))
3339 usrdatum->bounds = le32_to_cpu(buf[2]);
3340
3341 key = malloc(len + 1);
3342 if (!key)
3343 goto bad;
3344 rc = next_entry(key, fp, len);
3345 if (rc < 0)
3346 goto bad;
3347 key[len] = 0;
3348
3349 if (p->policy_type == POLICY_KERN) {
3350 if (ebitmap_read(&usrdatum->roles.roles, fp))
3351 goto bad;
3352 } else {
3353 if (role_set_read(&usrdatum->roles, fp))
3354 goto bad;
3355 }
3356
3357 /* users were not allowed in mls modules before version
3358 * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
3359 * required - the mls fields will be empty. user declarations in
3360 * non-mls modules will also have empty mls fields */
3361 if ((p->policy_type == POLICY_KERN
3362 && p->policyvers >= POLICYDB_VERSION_MLS)
3363 || (p->policy_type == POLICY_MOD
3364 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3365 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
3366 || (p->policy_type == POLICY_BASE
3367 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
3368 && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
3369 if (mls_read_range_helper(&usrdatum->exp_range, fp))
3370 goto bad;
3371 if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
3372 goto bad;
3373 if (p->policy_type != POLICY_KERN) {
3374 if (mls_range_to_semantic(&usrdatum->exp_range,
3375 &usrdatum->range))
3376 goto bad;
3377 if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
3378 &usrdatum->dfltlevel))
3379 goto bad;
3380 }
3381 } else if ((p->policy_type == POLICY_MOD
3382 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
3383 || (p->policy_type == POLICY_BASE
3384 && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
3385 if (mls_read_semantic_range_helper(&usrdatum->range, fp))
3386 goto bad;
3387 if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
3388 goto bad;
3389 }
3390
3391 if (hashtab_insert(h, key, usrdatum))
3392 goto bad;
3393
3394 return 0;
3395
3396 bad:
3397 user_destroy(key, usrdatum, NULL);
3398 return -1;
3399 }
3400
sens_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3401 static int sens_read(policydb_t * p
3402 __attribute__ ((unused)), hashtab_t h,
3403 struct policy_file *fp)
3404 {
3405 char *key = 0;
3406 level_datum_t *levdatum;
3407 uint32_t buf[2], len;
3408 int rc;
3409
3410 levdatum = malloc(sizeof(level_datum_t));
3411 if (!levdatum)
3412 return -1;
3413 level_datum_init(levdatum);
3414
3415 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3416 if (rc < 0)
3417 goto bad;
3418
3419 len = le32_to_cpu(buf[0]);
3420 if (zero_or_saturated(len))
3421 goto bad;
3422
3423 levdatum->isalias = le32_to_cpu(buf[1]);
3424
3425 key = malloc(len + 1);
3426 if (!key)
3427 goto bad;
3428 rc = next_entry(key, fp, len);
3429 if (rc < 0)
3430 goto bad;
3431 key[len] = 0;
3432
3433 levdatum->level = malloc(sizeof(mls_level_t));
3434 if (!levdatum->level || mls_read_level(levdatum->level, fp))
3435 goto bad;
3436
3437 if (hashtab_insert(h, key, levdatum))
3438 goto bad;
3439
3440 return 0;
3441
3442 bad:
3443 sens_destroy(key, levdatum, NULL);
3444 return -1;
3445 }
3446
cat_read(policydb_t * p,hashtab_t h,struct policy_file * fp)3447 static int cat_read(policydb_t * p
3448 __attribute__ ((unused)), hashtab_t h,
3449 struct policy_file *fp)
3450 {
3451 char *key = 0;
3452 cat_datum_t *catdatum;
3453 uint32_t buf[3], len;
3454 int rc;
3455
3456 catdatum = malloc(sizeof(cat_datum_t));
3457 if (!catdatum)
3458 return -1;
3459 cat_datum_init(catdatum);
3460
3461 rc = next_entry(buf, fp, (sizeof(uint32_t) * 3));
3462 if (rc < 0)
3463 goto bad;
3464
3465 len = le32_to_cpu(buf[0]);
3466 if(zero_or_saturated(len))
3467 goto bad;
3468
3469 catdatum->s.value = le32_to_cpu(buf[1]);
3470 catdatum->isalias = le32_to_cpu(buf[2]);
3471
3472 key = malloc(len + 1);
3473 if (!key)
3474 goto bad;
3475 rc = next_entry(key, fp, len);
3476 if (rc < 0)
3477 goto bad;
3478 key[len] = 0;
3479
3480 if (hashtab_insert(h, key, catdatum))
3481 goto bad;
3482
3483 return 0;
3484
3485 bad:
3486 cat_destroy(key, catdatum, NULL);
3487 return -1;
3488 }
3489
3490 static int (*read_f[SYM_NUM]) (policydb_t * p, hashtab_t h,
3491 struct policy_file * fp) = {
3492 common_read, class_read, role_read, type_read, user_read,
3493 cond_read_bool, sens_read, cat_read,};
3494
3495 /************** module reading functions below **************/
3496
avrule_read(policydb_t * p,struct policy_file * fp)3497 static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp)
3498 {
3499 unsigned int i;
3500 uint32_t buf[2], len;
3501 class_perm_node_t *cur, *tail = NULL;
3502 avrule_t *avrule;
3503 int rc;
3504
3505 avrule = (avrule_t *) malloc(sizeof(avrule_t));
3506 if (!avrule)
3507 return NULL;
3508
3509 avrule_init(avrule);
3510
3511 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3512 if (rc < 0)
3513 goto bad;
3514
3515 avrule->specified = le32_to_cpu(buf[0]);
3516 avrule->flags = le32_to_cpu(buf[1]);
3517
3518 if (type_set_read(&avrule->stypes, fp))
3519 goto bad;
3520
3521 if (type_set_read(&avrule->ttypes, fp))
3522 goto bad;
3523
3524 rc = next_entry(buf, fp, sizeof(uint32_t));
3525 if (rc < 0)
3526 goto bad;
3527 len = le32_to_cpu(buf[0]);
3528
3529 for (i = 0; i < len; i++) {
3530 cur = (class_perm_node_t *) malloc(sizeof(class_perm_node_t));
3531 if (!cur)
3532 goto bad;
3533 class_perm_node_init(cur);
3534
3535 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3536 if (rc < 0) {
3537 free(cur);
3538 goto bad;
3539 }
3540
3541 cur->tclass = le32_to_cpu(buf[0]);
3542 cur->data = le32_to_cpu(buf[1]);
3543
3544 if (!tail) {
3545 avrule->perms = cur;
3546 } else {
3547 tail->next = cur;
3548 }
3549 tail = cur;
3550 }
3551
3552 if (avrule->specified & AVRULE_XPERMS) {
3553 uint8_t buf8;
3554 size_t nel = ARRAY_SIZE(avrule->xperms->perms);
3555 uint32_t buf32[nel];
3556
3557 if (p->policyvers < MOD_POLICYDB_VERSION_XPERMS_IOCTL) {
3558 ERR(fp->handle,
3559 "module policy version %u does not support ioctl"
3560 " extended permissions rules and one was specified",
3561 p->policyvers);
3562 goto bad;
3563 }
3564
3565 if (p->target_platform != SEPOL_TARGET_SELINUX) {
3566 ERR(fp->handle,
3567 "Target platform %s does not support ioctl"
3568 " extended permissions rules and one was specified",
3569 policydb_target_strings[p->target_platform]);
3570 goto bad;
3571 }
3572
3573 avrule->xperms = calloc(1, sizeof(*avrule->xperms));
3574 if (!avrule->xperms)
3575 goto bad;
3576
3577 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3578 if (rc < 0) {
3579 ERR(fp->handle, "truncated entry");
3580 goto bad;
3581 }
3582 avrule->xperms->specified = buf8;
3583 rc = next_entry(&buf8, fp, sizeof(uint8_t));
3584 if (rc < 0) {
3585 ERR(fp->handle, "truncated entry");
3586 goto bad;
3587 }
3588 avrule->xperms->driver = buf8;
3589 rc = next_entry(buf32, fp, sizeof(uint32_t)*nel);
3590 if (rc < 0) {
3591 ERR(fp->handle, "truncated entry");
3592 goto bad;
3593 }
3594 for (i = 0; i < nel; i++)
3595 avrule->xperms->perms[i] = le32_to_cpu(buf32[i]);
3596 }
3597
3598 return avrule;
3599 bad:
3600 if (avrule) {
3601 avrule_destroy(avrule);
3602 free(avrule);
3603 }
3604 return NULL;
3605 }
3606
range_read(policydb_t * p,struct policy_file * fp)3607 static int range_read(policydb_t * p, struct policy_file *fp)
3608 {
3609 uint32_t buf[2], nel;
3610 range_trans_t *rt = NULL;
3611 struct mls_range *r = NULL;
3612 range_trans_rule_t *rtr = NULL, *lrtr = NULL;
3613 unsigned int i;
3614 int new_rangetr = (p->policy_type == POLICY_KERN &&
3615 p->policyvers >= POLICYDB_VERSION_RANGETRANS);
3616 int rc;
3617
3618 rc = next_entry(buf, fp, sizeof(uint32_t));
3619 if (rc < 0)
3620 return -1;
3621 nel = le32_to_cpu(buf[0]);
3622 for (i = 0; i < nel; i++) {
3623 rt = calloc(1, sizeof(range_trans_t));
3624 if (!rt)
3625 return -1;
3626 rc = next_entry(buf, fp, (sizeof(uint32_t) * 2));
3627 if (rc < 0)
3628 goto err;
3629 rt->source_type = le32_to_cpu(buf[0]);
3630 if (!value_isvalid(rt->source_type, p->p_types.nprim))
3631 goto err;
3632 rt->target_type = le32_to_cpu(buf[1]);
3633 if (!value_isvalid(rt->target_type, p->p_types.nprim))
3634 goto err;
3635 if (new_rangetr) {
3636 rc = next_entry(buf, fp, (sizeof(uint32_t)));
3637 if (rc < 0)
3638 goto err;
3639 rt->target_class = le32_to_cpu(buf[0]);
3640 if (!value_isvalid(rt->target_class, p->p_classes.nprim))
3641 goto err;
3642 } else
3643 rt->target_class = p->process_class;
3644 r = calloc(1, sizeof(*r));
3645 if (!r)
3646 goto err;
3647 if (mls_read_range_helper(r, fp))
3648 goto err;
3649
3650 if (p->policy_type == POLICY_KERN) {
3651 rc = hashtab_insert(p->range_tr, (hashtab_key_t)rt, r);
3652 if (rc)
3653 goto err;
3654 rt = NULL;
3655 r = NULL;
3656 continue;
3657 }
3658
3659 /* Module policy: convert to range_trans_rule and discard. */
3660 rtr = malloc(sizeof(range_trans_rule_t));
3661 if (!rtr)
3662 goto err;
3663 range_trans_rule_init(rtr);
3664
3665 if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
3666 goto err;
3667
3668 if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
3669 goto err;
3670
3671 if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
3672 goto err;
3673
3674 if (mls_range_to_semantic(r, &rtr->trange))
3675 goto err;
3676
3677 if (lrtr)
3678 lrtr->next = rtr;
3679 else
3680 p->global->enabled->range_tr_rules = rtr;
3681
3682 free(rt);
3683 rt = NULL;
3684 free(r);
3685 r = NULL;
3686 lrtr = rtr;
3687 }
3688
3689 return 0;
3690 err:
3691 free(rt);
3692 if (r) {
3693 mls_range_destroy(r);
3694 free(r);
3695 }
3696 if (rtr) {
3697 range_trans_rule_destroy(rtr);
3698 free(rtr);
3699 }
3700 return -1;
3701 }
3702
avrule_read_list(policydb_t * p,avrule_t ** avrules,struct policy_file * fp)3703 int avrule_read_list(policydb_t * p, avrule_t ** avrules,
3704 struct policy_file *fp)
3705 {
3706 unsigned int i;
3707 avrule_t *cur, *tail;
3708 uint32_t buf[1], len;
3709 int rc;
3710
3711 *avrules = tail = NULL;
3712
3713 rc = next_entry(buf, fp, sizeof(uint32_t));
3714 if (rc < 0) {
3715 return -1;
3716 }
3717 len = le32_to_cpu(buf[0]);
3718
3719 for (i = 0; i < len; i++) {
3720 cur = avrule_read(p, fp);
3721 if (!cur) {
3722 return -1;
3723 }
3724
3725 if (!tail) {
3726 *avrules = cur;
3727 } else {
3728 tail->next = cur;
3729 }
3730 tail = cur;
3731 }
3732
3733 return 0;
3734 }
3735
role_trans_rule_read(policydb_t * p,role_trans_rule_t ** r,struct policy_file * fp)3736 static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
3737 struct policy_file *fp)
3738 {
3739 uint32_t buf[1], nel;
3740 unsigned int i;
3741 role_trans_rule_t *tr, *ltr;
3742 int rc;
3743
3744 rc = next_entry(buf, fp, sizeof(uint32_t));
3745 if (rc < 0)
3746 return -1;
3747 nel = le32_to_cpu(buf[0]);
3748 ltr = NULL;
3749 for (i = 0; i < nel; i++) {
3750 tr = malloc(sizeof(role_trans_rule_t));
3751 if (!tr) {
3752 return -1;
3753 }
3754 role_trans_rule_init(tr);
3755
3756 if (ltr) {
3757 ltr->next = tr;
3758 } else {
3759 *r = tr;
3760 }
3761
3762 if (role_set_read(&tr->roles, fp))
3763 return -1;
3764
3765 if (type_set_read(&tr->types, fp))
3766 return -1;
3767
3768 if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS) {
3769 if (ebitmap_read(&tr->classes, fp))
3770 return -1;
3771 } else {
3772 if (!p->process_class)
3773 return -1;
3774 if (ebitmap_set_bit(&tr->classes, p->process_class - 1, 1))
3775 return -1;
3776 }
3777
3778 rc = next_entry(buf, fp, sizeof(uint32_t));
3779 if (rc < 0)
3780 return -1;
3781 tr->new_role = le32_to_cpu(buf[0]);
3782 ltr = tr;
3783 }
3784
3785 return 0;
3786 }
3787
role_allow_rule_read(role_allow_rule_t ** r,struct policy_file * fp)3788 static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
3789 {
3790 unsigned int i;
3791 uint32_t buf[1], nel;
3792 role_allow_rule_t *ra, *lra;
3793 int rc;
3794
3795 rc = next_entry(buf, fp, sizeof(uint32_t));
3796 if (rc < 0)
3797 return -1;
3798 nel = le32_to_cpu(buf[0]);
3799 lra = NULL;
3800 for (i = 0; i < nel; i++) {
3801 ra = malloc(sizeof(role_allow_rule_t));
3802 if (!ra) {
3803 return -1;
3804 }
3805 role_allow_rule_init(ra);
3806
3807 if (lra) {
3808 lra->next = ra;
3809 } else {
3810 *r = ra;
3811 }
3812
3813 if (role_set_read(&ra->roles, fp))
3814 return -1;
3815
3816 if (role_set_read(&ra->new_roles, fp))
3817 return -1;
3818
3819 lra = ra;
3820 }
3821 return 0;
3822 }
3823
filename_trans_rule_read(filename_trans_rule_t ** r,struct policy_file * fp)3824 static int filename_trans_rule_read(filename_trans_rule_t ** r, struct policy_file *fp)
3825 {
3826 uint32_t buf[2], nel;
3827 unsigned int i, len;
3828 filename_trans_rule_t *ftr, *lftr;
3829 int rc;
3830
3831 rc = next_entry(buf, fp, sizeof(uint32_t));
3832 if (rc < 0)
3833 return -1;
3834 nel = le32_to_cpu(buf[0]);
3835 lftr = NULL;
3836 for (i = 0; i < nel; i++) {
3837 ftr = malloc(sizeof(*ftr));
3838 if (!ftr)
3839 return -1;
3840
3841 filename_trans_rule_init(ftr);
3842
3843 if (lftr)
3844 lftr->next = ftr;
3845 else
3846 *r = ftr;
3847 lftr = ftr;
3848
3849 rc = next_entry(buf, fp, sizeof(uint32_t));
3850 if (rc < 0)
3851 return -1;
3852
3853 len = le32_to_cpu(buf[0]);
3854 if (zero_or_saturated(len))
3855 return -1;
3856
3857 ftr->name = malloc(len + 1);
3858 if (!ftr->name)
3859 return -1;
3860
3861 rc = next_entry(ftr->name, fp, len);
3862 if (rc)
3863 return -1;
3864 ftr->name[len] = 0;
3865
3866 if (type_set_read(&ftr->stypes, fp))
3867 return -1;
3868
3869 if (type_set_read(&ftr->ttypes, fp))
3870 return -1;
3871
3872 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3873 if (rc < 0)
3874 return -1;
3875 ftr->tclass = le32_to_cpu(buf[0]);
3876 ftr->otype = le32_to_cpu(buf[1]);
3877 }
3878
3879 return 0;
3880 }
3881
range_trans_rule_read(range_trans_rule_t ** r,struct policy_file * fp)3882 static int range_trans_rule_read(range_trans_rule_t ** r,
3883 struct policy_file *fp)
3884 {
3885 uint32_t buf[1], nel;
3886 unsigned int i;
3887 range_trans_rule_t *rt, *lrt = NULL;
3888 int rc;
3889
3890 rc = next_entry(buf, fp, sizeof(uint32_t));
3891 if (rc < 0)
3892 return -1;
3893 nel = le32_to_cpu(buf[0]);
3894 for (i = 0; i < nel; i++) {
3895 rt = malloc(sizeof(range_trans_rule_t));
3896 if (!rt) {
3897 return -1;
3898 }
3899 range_trans_rule_init(rt);
3900
3901 if (lrt)
3902 lrt->next = rt;
3903 else
3904 *r = rt;
3905
3906 if (type_set_read(&rt->stypes, fp))
3907 return -1;
3908
3909 if (type_set_read(&rt->ttypes, fp))
3910 return -1;
3911
3912 if (ebitmap_read(&rt->tclasses, fp))
3913 return -1;
3914
3915 if (mls_read_semantic_range_helper(&rt->trange, fp))
3916 return -1;
3917
3918 lrt = rt;
3919 }
3920
3921 return 0;
3922 }
3923
scope_index_read(scope_index_t * scope_index,unsigned int num_scope_syms,struct policy_file * fp)3924 static int scope_index_read(scope_index_t * scope_index,
3925 unsigned int num_scope_syms, struct policy_file *fp)
3926 {
3927 unsigned int i;
3928 uint32_t buf[1];
3929 int rc;
3930
3931 for (i = 0; i < num_scope_syms; i++) {
3932 if (ebitmap_read(scope_index->scope + i, fp) < 0) {
3933 return -1;
3934 }
3935 }
3936 rc = next_entry(buf, fp, sizeof(uint32_t));
3937 if (rc < 0)
3938 return -1;
3939 scope_index->class_perms_len = le32_to_cpu(buf[0]);
3940 if (is_saturated(scope_index->class_perms_len))
3941 return -1;
3942 if (scope_index->class_perms_len == 0) {
3943 scope_index->class_perms_map = NULL;
3944 return 0;
3945 }
3946 if ((scope_index->class_perms_map =
3947 calloc(scope_index->class_perms_len,
3948 sizeof(*scope_index->class_perms_map))) == NULL) {
3949 return -1;
3950 }
3951 for (i = 0; i < scope_index->class_perms_len; i++) {
3952 if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
3953 return -1;
3954 }
3955 }
3956 return 0;
3957 }
3958
avrule_decl_read(policydb_t * p,avrule_decl_t * decl,unsigned int num_scope_syms,struct policy_file * fp)3959 static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
3960 unsigned int num_scope_syms, struct policy_file *fp)
3961 {
3962 uint32_t buf[2], nprim, nel;
3963 unsigned int i, j;
3964 int rc;
3965
3966 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3967 if (rc < 0)
3968 return -1;
3969 decl->decl_id = le32_to_cpu(buf[0]);
3970 decl->enabled = le32_to_cpu(buf[1]);
3971 if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
3972 avrule_read_list(p, &decl->avrules, fp) == -1 ||
3973 role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
3974 role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
3975 return -1;
3976 }
3977
3978 if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS &&
3979 filename_trans_rule_read(&decl->filename_trans_rules, fp))
3980 return -1;
3981
3982 if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
3983 range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
3984 return -1;
3985 }
3986 if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
3987 scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
3988 return -1;
3989 }
3990
3991 for (i = 0; i < num_scope_syms; i++) {
3992 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
3993 if (rc < 0)
3994 return -1;
3995 nprim = le32_to_cpu(buf[0]);
3996 if (is_saturated(nprim))
3997 return -1;
3998 nel = le32_to_cpu(buf[1]);
3999 for (j = 0; j < nel; j++) {
4000 if (read_f[i] (p, decl->symtab[i].table, fp)) {
4001 return -1;
4002 }
4003 }
4004 decl->symtab[i].nprim = nprim;
4005 }
4006 return 0;
4007 }
4008
avrule_block_read(policydb_t * p,avrule_block_t ** block,unsigned int num_scope_syms,struct policy_file * fp)4009 static int avrule_block_read(policydb_t * p,
4010 avrule_block_t ** block,
4011 unsigned int num_scope_syms,
4012 struct policy_file *fp)
4013 {
4014 avrule_block_t *last_block = NULL, *curblock;
4015 uint32_t buf[1], num_blocks, nel;
4016 int rc;
4017
4018 assert(*block == NULL);
4019
4020 rc = next_entry(buf, fp, sizeof(uint32_t));
4021 if (rc < 0)
4022 return -1;
4023 num_blocks = le32_to_cpu(buf[0]);
4024 nel = num_blocks;
4025 while (num_blocks > 0) {
4026 avrule_decl_t *last_decl = NULL, *curdecl;
4027 uint32_t num_decls;
4028 if ((curblock = calloc(1, sizeof(*curblock))) == NULL) {
4029 return -1;
4030 }
4031 rc = next_entry(buf, fp, sizeof(uint32_t));
4032 if (rc < 0) {
4033 free(curblock);
4034 return -1;
4035 }
4036 /* if this is the first block its non-optional, else its optional */
4037 if (num_blocks != nel)
4038 curblock->flags |= AVRULE_OPTIONAL;
4039
4040 num_decls = le32_to_cpu(buf[0]);
4041 while (num_decls > 0) {
4042 if ((curdecl = avrule_decl_create(0)) == NULL) {
4043 avrule_block_destroy(curblock);
4044 return -1;
4045 }
4046 if (avrule_decl_read(p, curdecl, num_scope_syms, fp) ==
4047 -1) {
4048 avrule_decl_destroy(curdecl);
4049 avrule_block_destroy(curblock);
4050 return -1;
4051 }
4052 if (curdecl->enabled) {
4053 if (curblock->enabled != NULL) {
4054 /* probably a corrupt file */
4055 avrule_decl_destroy(curdecl);
4056 avrule_block_destroy(curblock);
4057 return -1;
4058 }
4059 curblock->enabled = curdecl;
4060 }
4061 /* one must be careful to reconstruct the
4062 * decl chain in its correct order */
4063 if (curblock->branch_list == NULL) {
4064 curblock->branch_list = curdecl;
4065 } else {
4066 assert(last_decl);
4067 last_decl->next = curdecl;
4068 }
4069 last_decl = curdecl;
4070 num_decls--;
4071 }
4072
4073 if (*block == NULL) {
4074 *block = curblock;
4075 } else {
4076 assert(last_block);
4077 last_block->next = curblock;
4078 }
4079 last_block = curblock;
4080
4081 num_blocks--;
4082 }
4083
4084 return 0;
4085 }
4086
scope_read(policydb_t * p,int symnum,struct policy_file * fp)4087 static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
4088 {
4089 scope_datum_t *scope = NULL;
4090 uint32_t buf[2];
4091 char *key = NULL;
4092 size_t key_len;
4093 unsigned int i;
4094 hashtab_t h = p->scope[symnum].table;
4095 int rc;
4096
4097 rc = next_entry(buf, fp, sizeof(uint32_t));
4098 if (rc < 0)
4099 goto cleanup;
4100 key_len = le32_to_cpu(buf[0]);
4101 if (zero_or_saturated(key_len))
4102 goto cleanup;
4103 key = malloc(key_len + 1);
4104 if (!key)
4105 goto cleanup;
4106 rc = next_entry(key, fp, key_len);
4107 if (rc < 0)
4108 goto cleanup;
4109 key[key_len] = '\0';
4110
4111 /* ensure that there already exists a symbol with this key */
4112 if (hashtab_search(p->symtab[symnum].table, key) == NULL) {
4113 goto cleanup;
4114 }
4115
4116 if ((scope = calloc(1, sizeof(*scope))) == NULL) {
4117 goto cleanup;
4118 }
4119 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4120 if (rc < 0)
4121 goto cleanup;
4122 scope->scope = le32_to_cpu(buf[0]);
4123 scope->decl_ids_len = le32_to_cpu(buf[1]);
4124 if (zero_or_saturated(scope->decl_ids_len)) {
4125 ERR(fp->handle, "invalid scope with no declaration");
4126 goto cleanup;
4127 }
4128 if ((scope->decl_ids =
4129 mallocarray(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
4130 goto cleanup;
4131 }
4132 rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
4133 if (rc < 0)
4134 goto cleanup;
4135 for (i = 0; i < scope->decl_ids_len; i++) {
4136 scope->decl_ids[i] = le32_to_cpu(scope->decl_ids[i]);
4137 }
4138
4139 if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
4140 /* object_r was already added to this table in roles_init() */
4141 scope_destroy(key, scope, NULL);
4142 } else {
4143 if (hashtab_insert(h, key, scope)) {
4144 goto cleanup;
4145 }
4146 }
4147
4148 return 0;
4149
4150 cleanup:
4151 scope_destroy(key, scope, NULL);
4152 return -1;
4153 }
4154
policydb_string_to_security_class(struct policydb * policydb,const char * class_name)4155 static sepol_security_class_t policydb_string_to_security_class(
4156 struct policydb *policydb,
4157 const char *class_name)
4158 {
4159 class_datum_t *tclass_datum;
4160
4161 tclass_datum = hashtab_search(policydb->p_classes.table,
4162 (hashtab_key_t) class_name);
4163 if (!tclass_datum)
4164 return 0;
4165 return tclass_datum->s.value;
4166 }
4167
policydb_string_to_av_perm(struct policydb * policydb,sepol_security_class_t tclass,const char * perm_name)4168 static sepol_access_vector_t policydb_string_to_av_perm(
4169 struct policydb *policydb,
4170 sepol_security_class_t tclass,
4171 const char *perm_name)
4172 {
4173 class_datum_t *tclass_datum;
4174 perm_datum_t *perm_datum;
4175
4176 if (!tclass || tclass > policydb->p_classes.nprim)
4177 return 0;
4178 tclass_datum = policydb->class_val_to_struct[tclass - 1];
4179
4180 perm_datum = (perm_datum_t *)
4181 hashtab_search(tclass_datum->permissions.table,
4182 (hashtab_key_t)perm_name);
4183 if (perm_datum != NULL)
4184 return UINT32_C(1) << (perm_datum->s.value - 1);
4185
4186 if (tclass_datum->comdatum == NULL)
4187 return 0;
4188
4189 perm_datum = (perm_datum_t *)
4190 hashtab_search(tclass_datum->comdatum->permissions.table,
4191 (hashtab_key_t)perm_name);
4192
4193 if (perm_datum != NULL)
4194 return UINT32_C(1) << (perm_datum->s.value - 1);
4195
4196 return 0;
4197 }
4198
4199
4200 /*
4201 * Read the configuration data from a policy database binary
4202 * representation file into a policy database structure.
4203 */
policydb_read(policydb_t * p,struct policy_file * fp,unsigned verbose)4204 int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
4205 {
4206
4207 unsigned int i, j, r_policyvers;
4208 uint32_t buf[5];
4209 size_t len, nprim, nel;
4210 char *policydb_str;
4211 const struct policydb_compat_info *info;
4212 unsigned int policy_type, bufindex;
4213 ebitmap_node_t *tnode;
4214 int rc;
4215
4216 /* Read the magic number and string length. */
4217 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4218 if (rc < 0)
4219 return POLICYDB_ERROR;
4220 for (i = 0; i < 2; i++)
4221 buf[i] = le32_to_cpu(buf[i]);
4222
4223 if (buf[0] == POLICYDB_MAGIC) {
4224 policy_type = POLICY_KERN;
4225 } else if (buf[0] == POLICYDB_MOD_MAGIC) {
4226 policy_type = POLICY_MOD;
4227 } else {
4228 ERR(fp->handle, "policydb magic number %#08x does not "
4229 "match expected magic number %#08x or %#08x",
4230 buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
4231 return POLICYDB_ERROR;
4232 }
4233
4234 len = buf[1];
4235 if (len == 0 || len > POLICYDB_STRING_MAX_LENGTH) {
4236 ERR(fp->handle, "policydb string length %s ", len ? "too long" : "zero");
4237 return POLICYDB_ERROR;
4238 }
4239
4240 policydb_str = malloc(len + 1);
4241 if (!policydb_str) {
4242 ERR(fp->handle, "unable to allocate memory for policydb "
4243 "string of length %zu", len);
4244 return POLICYDB_ERROR;
4245 }
4246 rc = next_entry(policydb_str, fp, len);
4247 if (rc < 0) {
4248 ERR(fp->handle, "truncated policydb string identifier");
4249 free(policydb_str);
4250 return POLICYDB_ERROR;
4251 }
4252 policydb_str[len] = 0;
4253
4254 if (policy_type == POLICY_KERN) {
4255 for (i = 0; i < POLICYDB_TARGET_SZ; i++) {
4256 if ((strcmp(policydb_str, policydb_target_strings[i])
4257 == 0)) {
4258 policydb_set_target_platform(p, i);
4259 break;
4260 }
4261 }
4262
4263 if (i == POLICYDB_TARGET_SZ) {
4264 ERR(fp->handle, "cannot find a valid target for policy "
4265 "string %s", policydb_str);
4266 free(policydb_str);
4267 return POLICYDB_ERROR;
4268 }
4269 } else {
4270 if (strcmp(policydb_str, POLICYDB_MOD_STRING)) {
4271 ERR(fp->handle, "invalid string identifier %s",
4272 policydb_str);
4273 free(policydb_str);
4274 return POLICYDB_ERROR;
4275 }
4276 }
4277
4278 /* Done with policydb_str. */
4279 free(policydb_str);
4280 policydb_str = NULL;
4281
4282 /* Read the version, config, and table sizes (and policy type if it's a module). */
4283 if (policy_type == POLICY_KERN)
4284 nel = 4;
4285 else
4286 nel = 5;
4287
4288 rc = next_entry(buf, fp, sizeof(uint32_t) * nel);
4289 if (rc < 0)
4290 return POLICYDB_ERROR;
4291 for (i = 0; i < nel; i++)
4292 buf[i] = le32_to_cpu(buf[i]);
4293
4294 bufindex = 0;
4295
4296 if (policy_type == POLICY_MOD) {
4297 /* We know it's a module but not whether it's a base
4298 module or regular binary policy module. buf[0]
4299 tells us which. */
4300 policy_type = buf[bufindex];
4301 if (policy_type != POLICY_MOD && policy_type != POLICY_BASE) {
4302 ERR(fp->handle, "unknown module type: %#08x",
4303 policy_type);
4304 return POLICYDB_ERROR;
4305 }
4306 bufindex++;
4307 }
4308
4309 r_policyvers = buf[bufindex];
4310 if (policy_type == POLICY_KERN) {
4311 if (r_policyvers < POLICYDB_VERSION_MIN ||
4312 r_policyvers > POLICYDB_VERSION_MAX) {
4313 ERR(fp->handle, "policydb version %d does not match "
4314 "my version range %d-%d", buf[bufindex],
4315 POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
4316 return POLICYDB_ERROR;
4317 }
4318 } else if (policy_type == POLICY_BASE || policy_type == POLICY_MOD) {
4319 if (r_policyvers < MOD_POLICYDB_VERSION_MIN ||
4320 r_policyvers > MOD_POLICYDB_VERSION_MAX) {
4321 ERR(fp->handle, "policydb module version %d does "
4322 "not match my version range %d-%d",
4323 buf[bufindex], MOD_POLICYDB_VERSION_MIN,
4324 MOD_POLICYDB_VERSION_MAX);
4325 return POLICYDB_ERROR;
4326 }
4327 } else {
4328 assert(0);
4329 }
4330 bufindex++;
4331
4332 /* Set the policy type and version from the read values. */
4333 p->policy_type = policy_type;
4334 p->policyvers = r_policyvers;
4335
4336 if (buf[bufindex] & POLICYDB_CONFIG_MLS) {
4337 p->mls = 1;
4338 } else {
4339 p->mls = 0;
4340 }
4341
4342 p->handle_unknown = buf[bufindex] & POLICYDB_CONFIG_UNKNOWN_MASK;
4343
4344 bufindex++;
4345
4346 info = policydb_lookup_compat(r_policyvers, policy_type,
4347 p->target_platform);
4348 if (!info) {
4349 ERR(fp->handle, "unable to find policy compat info "
4350 "for version %d", r_policyvers);
4351 goto bad;
4352 }
4353
4354 if (buf[bufindex] != info->sym_num
4355 || buf[bufindex + 1] != info->ocon_num) {
4356 ERR(fp->handle,
4357 "policydb table sizes (%d,%d) do not " "match mine (%d,%d)",
4358 buf[bufindex], buf[bufindex + 1], info->sym_num,
4359 info->ocon_num);
4360 goto bad;
4361 }
4362
4363 if (p->policy_type == POLICY_MOD) {
4364 /* Get the module name and version */
4365 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4366 goto bad;
4367 }
4368 len = le32_to_cpu(buf[0]);
4369 if (zero_or_saturated(len))
4370 goto bad;
4371 if ((p->name = malloc(len + 1)) == NULL) {
4372 goto bad;
4373 }
4374 if ((rc = next_entry(p->name, fp, len)) < 0) {
4375 goto bad;
4376 }
4377 p->name[len] = '\0';
4378 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4379 goto bad;
4380 }
4381 len = le32_to_cpu(buf[0]);
4382 if (zero_or_saturated(len))
4383 goto bad;
4384 if ((p->version = malloc(len + 1)) == NULL) {
4385 goto bad;
4386 }
4387 if ((rc = next_entry(p->version, fp, len)) < 0) {
4388 goto bad;
4389 }
4390 p->version[len] = '\0';
4391 }
4392
4393 if ((p->policyvers >= POLICYDB_VERSION_POLCAP &&
4394 p->policy_type == POLICY_KERN) ||
4395 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4396 p->policy_type == POLICY_BASE) ||
4397 (p->policyvers >= MOD_POLICYDB_VERSION_POLCAP &&
4398 p->policy_type == POLICY_MOD)) {
4399 if (ebitmap_read(&p->policycaps, fp))
4400 goto bad;
4401 }
4402
4403 if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
4404 p->policy_type == POLICY_KERN) {
4405 if (ebitmap_read(&p->permissive_map, fp))
4406 goto bad;
4407 }
4408
4409 for (i = 0; i < info->sym_num; i++) {
4410 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
4411 if (rc < 0)
4412 goto bad;
4413 nprim = le32_to_cpu(buf[0]);
4414 if (is_saturated(nprim))
4415 goto bad;
4416 nel = le32_to_cpu(buf[1]);
4417 if (nel && !nprim) {
4418 ERR(fp->handle, "unexpected items in symbol table with no symbol");
4419 goto bad;
4420 }
4421 for (j = 0; j < nel; j++) {
4422 if (read_f[i] (p, p->symtab[i].table, fp))
4423 goto bad;
4424 }
4425
4426 p->symtab[i].nprim = nprim;
4427 }
4428
4429 switch (p->target_platform) {
4430 case SEPOL_TARGET_SELINUX:
4431 p->process_class = policydb_string_to_security_class(p, "process");
4432 p->dir_class = policydb_string_to_security_class(p, "dir");
4433 break;
4434 case SEPOL_TARGET_XEN:
4435 p->process_class = policydb_string_to_security_class(p, "domain");
4436 break;
4437 default:
4438 break;
4439 }
4440
4441 if (policy_type == POLICY_KERN) {
4442 if (avtab_read(&p->te_avtab, fp, r_policyvers))
4443 goto bad;
4444 if (r_policyvers >= POLICYDB_VERSION_BOOL)
4445 if (cond_read_list(p, &p->cond_list, fp))
4446 goto bad;
4447 if (role_trans_read(p, fp))
4448 goto bad;
4449 if (role_allow_read(&p->role_allow, fp))
4450 goto bad;
4451 if (r_policyvers >= POLICYDB_VERSION_FILENAME_TRANS &&
4452 filename_trans_read(p, fp))
4453 goto bad;
4454 } else {
4455 /* first read the AV rule blocks, then the scope tables */
4456 avrule_block_destroy(p->global);
4457 p->global = NULL;
4458 if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
4459 goto bad;
4460 }
4461 if (p->global == NULL) {
4462 ERR(fp->handle, "no avrule block in policy");
4463 goto bad;
4464 }
4465 for (i = 0; i < info->sym_num; i++) {
4466 if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
4467 goto bad;
4468 }
4469 nel = le32_to_cpu(buf[0]);
4470 for (j = 0; j < nel; j++) {
4471 if (scope_read(p, i, fp))
4472 goto bad;
4473 }
4474 }
4475
4476 }
4477
4478 if (policydb_index_decls(fp->handle, p))
4479 goto bad;
4480
4481 if (policydb_index_classes(p))
4482 goto bad;
4483
4484 switch (p->target_platform) {
4485 case SEPOL_TARGET_SELINUX:
4486 /* fall through */
4487 case SEPOL_TARGET_XEN:
4488 p->process_trans = policydb_string_to_av_perm(p, p->process_class,
4489 "transition");
4490 p->process_trans_dyntrans = p->process_trans |
4491 policydb_string_to_av_perm(p, p->process_class,
4492 "dyntransition");
4493 break;
4494 default:
4495 break;
4496 }
4497
4498 if (policydb_index_others(fp->handle, p, verbose))
4499 goto bad;
4500
4501 if (ocontext_read(info, p, fp) == -1) {
4502 goto bad;
4503 }
4504
4505 if (genfs_read(p, fp) == -1) {
4506 goto bad;
4507 }
4508
4509 if ((p->policy_type == POLICY_KERN
4510 && p->policyvers >= POLICYDB_VERSION_MLS)
4511 || (p->policy_type == POLICY_BASE
4512 && p->policyvers >= MOD_POLICYDB_VERSION_MLS
4513 && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
4514 if (range_read(p, fp)) {
4515 goto bad;
4516 }
4517 }
4518
4519 if (policy_type == POLICY_KERN) {
4520 p->type_attr_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
4521 p->attr_type_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
4522 if (!p->type_attr_map || !p->attr_type_map)
4523 goto bad;
4524 for (i = 0; i < p->p_types.nprim; i++) {
4525 ebitmap_init(&p->type_attr_map[i]);
4526 ebitmap_init(&p->attr_type_map[i]);
4527 }
4528 for (i = 0; i < p->p_types.nprim; i++) {
4529 if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
4530 if (ebitmap_read(&p->type_attr_map[i], fp))
4531 goto bad;
4532 ebitmap_for_each_positive_bit(&p->type_attr_map[i],
4533 tnode, j) {
4534 if (i == j)
4535 continue;
4536
4537 if (j >= p->p_types.nprim)
4538 goto bad;
4539
4540 if (ebitmap_set_bit
4541 (&p->attr_type_map[j], i, 1))
4542 goto bad;
4543 }
4544 }
4545 /* add the type itself as the degenerate case */
4546 if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
4547 goto bad;
4548 if (p->type_val_to_struct[i] && p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
4549 if (ebitmap_set_bit(&p->attr_type_map[i], i, 1))
4550 goto bad;
4551 }
4552 }
4553 }
4554
4555 if (validate_policydb(fp->handle, p))
4556 goto bad;
4557
4558 return POLICYDB_SUCCESS;
4559 bad:
4560 return POLICYDB_ERROR;
4561 }
4562
policydb_reindex_users(policydb_t * p)4563 int policydb_reindex_users(policydb_t * p)
4564 {
4565 unsigned int i = SYM_USERS;
4566
4567 if (p->user_val_to_struct)
4568 free(p->user_val_to_struct);
4569 if (p->sym_val_to_name[i])
4570 free(p->sym_val_to_name[i]);
4571
4572 p->user_val_to_struct = (user_datum_t **)
4573 calloc(p->p_users.nprim, sizeof(user_datum_t *));
4574 if (!p->user_val_to_struct)
4575 return -1;
4576
4577 p->sym_val_to_name[i] = (char **)
4578 calloc(p->symtab[i].nprim, sizeof(char *));
4579 if (!p->sym_val_to_name[i])
4580 return -1;
4581
4582 if (hashtab_map(p->symtab[i].table, index_f[i], p))
4583 return -1;
4584
4585 /* Expand user roles for context validity checking */
4586 if (hashtab_map(p->p_users.table, policydb_user_cache, p))
4587 return -1;
4588
4589 return 0;
4590 }
4591
policy_file_init(policy_file_t * pf)4592 void policy_file_init(policy_file_t *pf)
4593 {
4594 memset(pf, 0, sizeof(policy_file_t));
4595 }
4596
policydb_set_target_platform(policydb_t * p,int platform)4597 int policydb_set_target_platform(policydb_t *p, int platform)
4598 {
4599 if (platform == SEPOL_TARGET_SELINUX)
4600 p->target_platform = SEPOL_TARGET_SELINUX;
4601 else if (platform == SEPOL_TARGET_XEN)
4602 p->target_platform = SEPOL_TARGET_XEN;
4603 else
4604 return -1;
4605
4606 return 0;
4607 }
4608
policydb_sort_ocontexts(policydb_t * p)4609 int policydb_sort_ocontexts(policydb_t *p)
4610 {
4611 return sort_ocontexts(p);
4612 }
4613